The Heartbleed bug is a serious vulnerability that was discovered to exist on web-servers using the OpenSSL cryptographic library, a popular implementation of the TLS protocol for web-servers. This exploit will work on any unpatched web-servers running an OpenSSL instance in either client or server mode.
The vulnerability was disclosed in 2014, although the bug was found to have been present since a software patch in September 2012. It allows attackers to perform a "buffer over-read" attack, where they can read more information than they should be allowed to and can be used in order to read the entire contents of a web-server's memory buffer, an area where the server stores data ready for processing or that is yet to be overwritten by other processes.
It could include passwords, key strings, hashes and all manner of other sensitive information that other users are inputting onto the server during normal use.
You will exploit the Heartbleed bug in this lab.
This lab is part of a series on cyber network security.
Learning Objectives
Upon completion of this lab you will be able to:
-
Demonstrate how to perform the Heartbleed attack using the MetaSploit Framework
Intended Audience
This lab is intended for:
- Cyber and network security specialists
Prerequisites
You should possess:
- A basic understanding of Windows operating system environments
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.