The May issue of Hakin9 Magazine is out!

hakin9 May 2014The may issue of Hakin9 Magazine is out!

This month’s magazine includes my article, “Detecting and Exploiting the OpenSSL-Heartbleed Vulnerability”:

“In this article we will discuss how to detect systems that are vulnerable to the OpenSSL-Heartbleed vulnerability and learn how to exploit them using Metasploit on Kali Linux.”

It is a step-by-step tutorial that shows how to detect systems that are vulnerable to the Heartbleed exploit in your organization and also shows how to exploit the bug.

Check out the intro to the article here.

Also in this issue:

What is Reverse Engineering

by Aman Singh

Reverse engineering as this article will discuss it is simply the act of figuring out what software that you have no source code for does in a particular feature or function to the degree that you can either modify this code, or reproduce it in another independent work.

Write Your Own Debugger

by Amr Thabet

Do you want to write your own debugger? Do you have a new technology and see the already known products like OllyDbg or IDA Pro don’t have this technology? … Do you write plugins in OllyDbg and IDA Pro but you need to convert it into a separate application? …

The Logic Breaks Logic

by Raheel Ahmad

People – Process – Technology, your Internet industry is based on these three words as a base of everything including the software market. Think for a second and you will realize that the Software industry is actually driven from the keyboard of a programmer and in reality it’s the logic design by the programmer.

Playing with the Ports Redirection 49

by Davide Peruzzi

Whether you are performing a penetration test or that your goal is to debug an error in your complicated corporate network or, why not, to bypass control of a very restrictive firewall that does not allows to display web pages categorized as “hacking”, the port redirection is a technique as basic as it is powerful.

And much more, check it out!

OpenSSL “Heartbleed” – Whose Vulnerable and How to Check

** Updated 4/9/14 9pm **

The internet is plastered with news about the OpenSSL heartbeat “Heartbleed” (CVE-2014-0160) vulnerability that some say effects up to 2/3 of the internet. Everything from servers to routers to smart phones could be tricked to give up encrypted data in plain text. Let’s take a quick look at the vulnerability, see who’s affected by it and how you can check.

What is Heartbleed?

Basically, OpenSSL is an encryption library used in HTTPS communication – You know the online stores and banking websites that give you that little lock icon in your browser bar when you visit them.

OpenSSL uses a “heartbeat” message to echo back data to verify what was received was correct. In OpenSSL 1.0.1 to 1.0.1f, a hacker can trick OpenSSL by sending a single byte of information but telling the server that it sent 64K bytes of data.

And the server will respond with 64K bytes of information – from it’s memory!

The Register has a nice image of the process:

OpenSSL heartbleed

The data returned is randomly pulled from the server’s memory and can include anything from Usernames, account passwords or sensitive data.

The vulnerability is remedied in the latest update of OpenSSL, but the problem is it could take years for all the affected devices to be found and patched. And some embedded and proprietary devices may never be patched!

There are a plethora of tools and exploits flooding the internet right now to check for and exploit Heartbleed.

Who is Vulnerable?

Yesterday the top 10,000 websites on the web were scanned for the vulnerability and the results can be found here. Many big named websites (as of yesterday) are vulnerable. But many listed, including Yahoo! have already fixed the vulnerability.

But if you read down the list you will see familiar websites including technology sites, financial institutions, game websites and popular forum/ social media sites.

But it just not limited to these sites.

Many home routers and even smart devices use OpenSSL.

How to Exploit/ Check?

I received a note today from Tenable (see Blog Post Here) that Nessus will now detect the Heartbeat vulnerability:

“Tenable Network Security® released plugins for the detection of the OpenSSL heartbeat vulnerability (aka the “Heartbleed Vulnerability”) on the 8th of April for Nessus® and the Passive Vulnerability Scanner™ (PVS™). A plugin for detecting the vulnerability in Apache web server logs has also been added to the Log Correlation Engine™ (LCE™) and available for reporting in SecurityCenter™ and SecurityCenter Continuous View™.”

And a quick Google search will return multiple different ways to check to see if websites are vulnerable to the attack. I have even seen a Firefox add in floating around:


There are a couple exploit programs available on the web. Rapid7 has created an exploit module for Metasploit and it is available on Github:

heartbleed ruby

I didn’t see it available in the latest msfupdate, but I am sure it will be added to Metasploit Framework very soon.

As always, use any Heartbleed tools at your own risk, use extreme caution when using random programs to check for vulnerabilities, and never use these tools to check websites that you do not own or have permission to test or to access.

Update any of your systems that are using the old version of OpenSSL, and change your passwords on any effected servers.