The Heartbleed bug is a serious vulnerability that was discovered to exist on web-servers using the OpenSSL cryptographic library, a popular implementation of the TLS protocol for web-servers. This exploit will work on any unpatched web-servers running an OpenSSL instance in either client or server mode.

The vulnerability was disclosed in 2014, although the bug was found to have been present since a software patch in September 2012. It allows attackers to perform a "buffer over-read" attack, where they can read more information than they should be allowed to and can be used in order to read the entire contents of a web-server's memory buffer, an area where the server stores data ready for processing or that is yet to be overwritten by other processes.

It could include passwords, key strings, hashes and all manner of other sensitive information that other users are inputting onto the server during normal use.

You will exploit the Heartbleed bug in this lab.

This lab is part of a series on cyber network security.

Learning Objectives

Upon completion of this lab you will be able to:

• Demonstrate how to perform the Heartbleed attack using the MetaSploit Framework

Intended Audience

This lab is intended for:

• Cyber and network security specialists

Prerequisites

You should possess:

• A basic understanding of Windows operating system environments