Exploiting Heartbleed vulnerability
In this recipe, we will use our previously compiled Heartbleed exploit to extract information about the vulnerable Bee-box server (https://192.168.56.103:8443/
in this recipe).
The Bee-box virtual machine can be downloaded from https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/ and the installation instructions are there too.
Getting ready
In the previous recipe, we generated an executable from the Heartbleed exploit; we will now use that to exploit the vulnerability on the server.
As Heartbleed is a vulnerability that extracts information from the server's memory, it may be necessary to browse and send requests to the server's HTTPS pages on port 8443 (https://192.168.56.103:8443/
) before attempting the exploit ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.