Heartbleed

SSL issues are still lurking in the wild. Can you exploit this web servers OpenSSL?


Knowing this box was related to the Heartbleed exploit and having the tag of metasploit on it, I figured Id skip enumerating with Nmap on this and dive straight into Metasploit.

So lets go ahead and launch!

We are going to go with the openssl_heartbleed information leak module for this exploit. Lets go ahead and check the available options

I set the remote host and attempting to exploit. It appears to have run successfully but we didnt get any data back

I then set the Verbose options to TRUE so we could see the output

Checking through the data we get our flag!