hands-on lab

Exploiting the Heartbleed Bug using MetaSploit

Intermediate
Up to 2h
28
5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

The Heartbleed bug is a serious vulnerability that was discovered to exist on web-servers using the OpenSSL cryptographic library, a popular implementation of the TLS protocol for web-servers. This exploit will work on any unpatched web-servers running an OpenSSL instance in either client or server mode.

The vulnerability was disclosed in 2014, although the bug was found to have been present since a software patch in September 2012. It allows attackers to perform a "buffer over-read" attack, where they can read more information than they should be allowed to and can be used in order to read the entire contents of a web-server's memory buffer, an area where the server stores data ready for processing or that is yet to be overwritten by other processes.

It could include passwords, key strings, hashes and all manner of other sensitive information that other users are inputting onto the server during normal use.

You will exploit the Heartbleed bug in this lab.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Demonstrate how to perform the Heartbleed attack using the MetaSploit Framework

Intended Audience

This lab is intended for:

  • Cyber and network security specialists

Prerequisites

You should possess:

  • A basic understanding of Windows operating system environments

About the author

Avatar
QA, opens in a new tab
Training Provider
Students
54,271
Labs
189
Courses
2,721
Learning paths
51

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Covered topics

Lab steps

Starting the Cyber Network Security Lab Exercise