hands-on lab

Exploiting the Heartbleed Bug using MetaSploit

Intermediate
2h
28
5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

The Heartbleed bug is a serious vulnerability that was discovered to exist on web-servers using the OpenSSL cryptographic library, a popular implementation of the TLS protocol for web-servers. This exploit will work on any unpatched web-servers running an OpenSSL instance in either client or server mode.

The vulnerability was disclosed in 2014, although the bug was found to have been present since a software patch in September 2012. It allows attackers to perform a "buffer over-read" attack, where they can read more information than they should be allowed to and can be used in order to read the entire contents of a web-server's memory buffer, an area where the server stores data ready for processing or that is yet to be overwritten by other processes.

It could include passwords, key strings, hashes and all manner of other sensitive information that other users are inputting onto the server during normal use.

You will exploit the Heartbleed bug in this lab.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

  • Demonstrate how to perform the Heartbleed attack using the MetaSploit Framework

Intended Audience

This lab is intended for:

  • Cyber and network security specialists

Prerequisites

You should possess:

  • A basic understanding of Windows operating system environments
About the author
Avatar
QA
Training Provider
Students
49,092
Labs
182
Courses
2,308
Learning paths
47

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Covered topics
Lab steps
Starting the Cyber Network Security Lab Exercise