Heartbleed Testing

With all the attention Heartbleed is getting right now, I wanted to test out my client’s servers and network devices. One of the easiest ways to check hosts and networks for vulnerabilities is with nmap. There is a new script for scanning for Heartbleed, but it requires LUA scripts, and a recent nmap version. 

Here is how to get everything working on an out-of-the box Unbutu 12.04 Desktop.

If you don’t have Ubuntu 12.04 Desktop, download it and install it using one of these methods:

  • Dual boot your computer
  • Replace your OS
  • Install to flash drive
  • Install on VirtualBox (my preferred solution, be sure to install the VirtualBox Extensions for both the host and guest)

If you don’t have a recent nmap, download requirements and install nmap from svn:

sudo apt-get update

sudo apt-get dist-upgrade

sudo reboot

sudo apt-get install build-essential autoconf checkinstall

sudo apt-get install subversion

svn co https://svn.nmap.org/nmap

cd nmap

./configure

make

sudo checkinstall

 

If you have a recent nmap, you can try to just download the latest requirements and heartbleed script

cd [install-path]/nmap/nselib/
sudo wget https://svn.nmap.org/nmap/nselib/tls.lua
cd [install-path]/nmap/scripts/
sudo wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
sudo nmap –script-updatedb

 

Run nmap with the Heartbleed script:

nmap –datadir [install-path] -sV -p 443 –script ssl-heartbleed [server/network]

 

Example of a vulnerable system:

[snip]
443/tcp open https
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| Description:
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| http://cvedetails.com/cve/2014-0160/
| http://www.openssl.org/news/secadv_20140407.txt
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s