Select Page

Wondering if you have anything vulnerable to heartbleed on your network? Luckily the heartbleed module in Metasploit makes checking (and exploiting) it very easy.

Since we will be using Metasploit you will need to start the postgresql and metasploit services first if they are not already running. To do so run

If you have started these services in the past and want to confirm they are still running simply run

service status

Once these services are running you can start metasploit in console mode by running

msfconsole-running

Now that metasploit is up and running and assuming you are connected to your network you wish to scan you need to confirm your target IP address range. There’s plenty of ways to do this but the easiest for the sake of simplicity for this article is to run an nmap ping scan from the metasploit console.

Run ifconfig to confirm your connected to your target network. Then use nmap to scan for live hosts. If your familiar you can use db_nmap to add the hosts into metasploit to make things easier. Check out this guide for db_nmap if your interested.

As you can see my network is 192.168.1.*. The IP address of my kali linux machine is 192.168.1.182.

ifconfig

The heartbleed module in metasploit is found at  auxiliary/scanner/ssl/openssl_heartbleed. If you cant remember where to find this don’t forget about the “search” function. Typing “search heartbleed” will locate the module for you also. To load the module run

loaded-hb-module

You can run “show options” to show all of the settings for the module. In “Actions” you have

hb-actions

Set the action to scan

hb-set-to-scan

Next set your RHOST to the ip range of the network you are scanning. For me that is 192.168.1.*. There is a better way to do this. Ideally it would be to scan only active hosts on the network but for the sake of simplicity we will just scan the entire network.

hb-rhosts

And you will get back something to the nature of …

heartbleed-found-vuln-machines

If you find any vulnerable machines you can change the “Action” again by running either

Enjoy!

Links

Heartbleed – http://heartbleed.com/
2014-0160 – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160