HeartBleed

Background Information

Reconnaissance

Initial nmap scan to find open ports , using the flag "treat all hosts as alive" (-Pn)

nmap -Pn 34.253.197.133

Detailed Nmap Scan :

Command Breakdown:

• (-sV): Service version

• (-sC): Default nmap scripts

• (-p): Specifying ports 22,111,135,139,443,445,593

• (-oN nmap): Saving it into a file called nmap

nmap -sV -sC -p 22,111,135,139,443,445,593 -oN nmap 34.253.197.133

Enumeration

Lets visit the page on the https port 443

I did not see anything interesting here or in the source code, so I went to google to look for exploits on HeartBleed. I found this exploit.

Exploitation

Lets download the exploit and rename it to exploit.py. Also make the exploit script a executable

Now lets run the exploit on port 443

We have the flag in the output.