Discovering CVE-2014-0160 “HeartBleed”

No doubt you guy’s haven’t heard about Heartbleed yet, the critical vulnerability in OpenSSL. I am not going to go into the specifics of the vulnerability but if you so wish, read the following:
http://heartbleed.com/

However, I am going to talk about  a neat little addition to NMAP that has surfaced today. NSE or Nmap Scripting Engine allows the use of pre-compiled scripts and utilises the NMAP scanner to carry out pretty much anything you can imagine from advanced reconnaissance techniques all the way through to vulnerability assessment and exploitation.

Now included in the NSE library is a script named ssl-heartbleed which can be used to identify whether a target host is vulnerable to CVE-2014-0160.

It seems the updated NSE scripts aren’t included with the latest packages on the NMAP site (or at least with the Windows installer), I had to manually download the NSE script from the NMAP SVN.

Heres how to get the script:
1. Download: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
2. Move the downloaded .nse to the scripts folder in the NMAP install directory.

After downloading the script, it’s as simple as issuing the following in the terminal:

> nmap -p 443 —script *path to script* *target IP / hostname*

If the target host is vulnerable, NMAP will show the vulnerability details, if not, NMAP will simply show that 443 is open and no other significant information will be shown.

This was just a quick & dirty way of getting the heartbleed script up and running when I needed it, I’m sure there are cleaner ways of installing, but this works nonetheless.

J

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s