Thread subject: Security Override :: exploit example

Posted by Cyber Wizard on 04/14/2014 01:26:35

The Heartbleed issue is actually worse than it might immediately seem (and it seems pretty bad already).

In case youíve been out of the loop, Heartbleed (CVE-2014-0160) is a vulnerability in OpenSSL that allows any remote user to dump some of the contents of the serverís memory. And yes, thatís really bad. The major concern is that a skilled user could craft an exploit that could dump the RSA private key that the server is using to communicate with its clients. The level of knowledge / skill required to craft this attack isnít particularly high, but likely out of reach for the average script kiddie user.

So why is Heartbleed worse than you think? Itís simple: the currently-available proof-of-concept scripts allow any client, anywhere in the world, to perform a session hijacking attack of a logged in user.

As of this morning, the most widely-shared proof-of-concept is this simple Python script: With this script, anyone in the world can dump a bit of RAM from a vulnerable server.

Letís have a look at the output of this utility against a vulnerable server running the JIRA ticket tracking system. The hex output has been removed to improve readability.

[matt@laptop ~]# python
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 3239
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
.@..GET /browse/
(lots of garbage)
cept-Encoding: g
e: en-US,en;q=0.
8..Cookie: atlas
WARNING: server returned more data than it should - server is vulnerable!

Posted by PythonB on 04/14/2014 23:27:07

the gist.github link doesn't work however.

Posted by Cyber Wizard on 04/19/2014 15:14:21

script is uploaded by override! in code section name

Posted by PythonB on 04/20/2014 16:29:35

Could you elaborate on how to session hijack with heartbleed?

Posted by PythonB on 04/20/2014 16:29:56

Not server hijacking. I meant using heartbleed and the information you get from it to perform a session hijack to a user somewhere in the world.