# HeartBleed

![](/files/-McZp0CAaFddF737kWJZ)

## Background Information

![](/files/-McZoL0JRLdC_sD2fDdW)

![](/files/-McZoQud1wzg55GXQNvX)

## Reconnaissance

Initial nmap scan to find open ports , using the flag "treat all hosts as alive" (**-Pn**)

```
nmap -Pn 34.253.197.133
```

![](/files/-McZpc2JPkWVo7PSxC7E)

Detailed Nmap Scan : 

Command Breakdown: 

* (**-sV):** Service version
* (**-sC**): Default nmap scripts
* (**-p):** Specifying ports 22,111,135,139,443,445,593
* (**-oN nmap**): Saving it into a file called nmap

```
nmap -sV -sC -p 22,111,135,139,443,445,593 -oN nmap 34.253.197.133
```

![](/files/-McZpf_6cccYk4cXKjzc)

## Enumeration

Lets visit the page on the https port 443

![](/files/-McZrA_tzcNMfdl2b59S)

I did not see anything interesting here or in the source code, so I went to google to look for exploits on `HeartBleed`. I found this [exploit](https://www.exploit-db.com/exploits/32745).

## Exploitation

 Lets download the exploit and rename it to `exploit.py`. Also make the exploit script a executable

![](/files/-McZt5TVEFejr6xGD7Mj)

Now lets run the exploit on port 443

![](/files/-McZtU4gs2LQRfchHTYd)

We have the flag in the output.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://writeups.adityadindi.com/tryhackme/untitled/heartbleed.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.