Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

About BadPorn

  • Birthday 09/17/1989

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

BadPorn's Achievements


Newbie (1/14)



  1. Ten pulele noastre cu tot cu site-ul si contul tau de merchant!
  2. BadPorn


    Pe chat ziceai ca sti sa programezi in mysql.. daca rezisti pana luni esti tare! ON: Bun venit!
  3. Vad ca oficiali nu mai zic nimic, se mai tine?
  4. https://www.facebook.com/pages/Unofficial-Romania/733351430042695 Merci.
  5. Background The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). This guide is specifically designed to show how to detect exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords. Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160. Contents [hide] Detect Exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux Background Discovery and Naming Affected and non-affected OpenSSL versions Affected operating systems? This attack in UNDETECTABLE [*]What we are going to do in this guide? [*]Our setup Target System: Attacking System [*]Setup Target system Enable SSL Module Create a SSL Key Setup Apache web server to use SSL certificate Activate Virtual Host and reload Apache configuration Test Apache SSL certificate from browser [*]Exploit openSSL Heartbleed vulnerability from attacking system Detecting Heartbleed vulnerable system using Nmap on Kali Linux Attack and Exploit Heartbleed vulnerable system using MetaSploit [*]Conclusion Related Links Google+ Discovery and Naming The bug was named by an engineer at the firm Codenomicon, a Finnish cybersecurity company, which also created the bleeding heart logo, and launched the domain Heartbleed.com to explain the bug to the public. According to Codenomicon, Neel Mehta first reported the bug to OpenSSL, but both Google and Codenomicon discovered it independently. Codenomicon reports April 3 as their date of discovery of the bug and as their date of notification of NCSC-FI (formerly known as CERT-FI) for vulnerability coordination. Affected and non-affected OpenSSL versions Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS. Affected operating systems? Some operating system distributions that have shipped with potentially vulnerable OpenSSL version: Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013 NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c) Operating system distribution with versions that are not vulnerable: Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14 SUSE Linux Enterprise Server FreeBSD 8.4 – OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 9.2 – OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 10.0p1 – OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC) FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC) That’s a lot of system’s that are vulnerable. We all thought Linux is secured and open source being the bearer of security flag, apparently not anymore! This attack in UNDETECTABLE Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. Some Intrusion detection and Intrusion prevention systems can pick up this attack but they need to have specific rules. With SSL deemed safe, not many organization would actually implement that. That means many secured system vulnerable. It affects 32 bit and 64 bit systems alike. There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed. This means, an attacker can attack both 32 and 64 bit systems alike, can repeat this attack as many times they want and no one will know as the connection is deemed safe and no logs will be generated about an attack. This is PROBABLY the worst bug that was discovered in any system. It is also speculated that NSA, CIA and many security organizations were aware of this vulnerability and abused this till now. While this can not be confirmed, but the possibilities are really scary! What we are going to do in this guide? This guide will demonstrate the following: How to setup a openSSL Heartbleed vulnerable system with Apache and SSL. How to scan for openSSL Heartbleed vulnerable system with Nmap. How to exploit openSSL Heartbleed vulnerability with MetaSploit on Kali Linux. Scanning is quite easy, you just need to find a target and use Nmap to scan it. Offensive Security’s MetaSploit is another fantastic tool to use to exploit this vulnerability. Together, they can be used to exploit any vulnerable system. Our setup Because I can’t directly show how to exploit a live target (and most common target’s are already being patched).. I will demonstrate this using the following method: Target System: Freshly installed Kali Linux version 1.0.6 (it is vulnerable). OpenSSL version 1.0.1e built before April 7 2014. (that’s when the fix was released) Setup Apache Web server. Enable SSL support on Apache Web server. Attacking System Kali 1.0.6 fully updated and upgraded (specifically MetaSploit and Nmap) Setup Target system Login to target Kali Linux box (running a freshly installed Kali Linux 1.0.6) without any update or upgrade. Enable SSL Module Enable SSL module and restart apache as directed: a2enmod ssl service apache2 restart Create a SSL Key Change directory to /etc/apache2 cd /etc/apache2 Create a SSL directory mkdir ssl Go into that directory cd ssl Now run the following command to create a SSL file with 2048 bit encryption openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout blackmoreops.key -out blackmoreops.crt As highlighted, type in the followings Country Name (2 letter code) [AU]:AU State or Province Name (full name) [some-State]:ACT Locality Name (eg, city) []:Canberra Organization Name (eg, company) [internet Widgits Pty Ltd]:blackMORE Operations Organizational Unit Name (eg, section) []: LEAVE EMPTY and PRESS Enter Common Name (e.g. server FQDN or YOUR name) []:kali.blackmoreops.com Email Address []: LEAVE EMPTY and PRESS Enter Once done check out your certificate and key with list command: ls Setup Apache web server to use SSL certificate Now we need to configure Apache web server to use the SSL certificate. To do that, we need to edit /etc/apache2/sites-available/default-ssl file. First of all, let’s find out what’s our IP Address. To do that, type in the following command. ifconfig As you can see, IP address on my Vulnerable Kali Linux machine is We will use this IP address to setup our Vulnerable Apache web server with SSL support. vi /etc/apache2/sites-available/default-ssl As highlighted in the image above, add the ServerName just after ServerAdmin line. In your case, Change to your Vulnerable Kali Linux’s IP. <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost ServerName Scroll down this document and ensure Next, ensure that SSLEngine is ON. See screenshot above. SSLEngine on You also need to change SSLCertificateFile and SSLCertificateKeyFile to point to your newly created SSL certificate and key file. In my case, the name of the SSL was blackmoreops.crt and KEY file was blackmoreops.key. # SSLCertificateFile directive is needed. SSLCertificateFile /etc/apache2/ssl/blackmoreops.crt SSLCertificateKeyFile /etc/apache2/ssl/blackmoreops.key Save and exit the file. Activate Virtual Host and reload Apache configuration Now activate your newly created the Apache Web server Virtual Host and reload Apache configuration a2ensite default-ssl service apache2 reload Test Apache SSL certificate from browser Open IceWeasel and browse to Now that the SSL is self-signed (well, why would anyone trust US, we are trying to hack anyway!) we get a security warning in IceWeasel. Click on I Understand the Risks button and then Add Exception button. Just out of curiosity, click on View Button on Next window. This will show us the actual certificate. Here’s the certificate. Well, that’s good then. We can now accept this certificate. Click on Confirm Security Exception and following is what you’ll get Awesome! Our vulnerable target Kali Linux, Apache Web Server and SSL certificate .. everything is working as expected. Exploit openSSL Heartbleed vulnerability from attacking system Now log to your Attack machine running Kali Linux 1.0.6 with fully upgraded till date. Detecting Heartbleed vulnerable system using Nmap on Kali Linux Run the following command from your Attacking Kali Linux machine to confirm if your target machine is vulnerable to SSL HeartBleed bug: nmap -sV --script=ssl-heartbleed ssl-heartbleed script is part of the new Nmap update. This makes scanning very easy. From the output below, we can see that the target machine (which is running a freshly installed Kali Linux 1.0.6 with no updates) is vulnerable. Now let’s move on to the fun part, how to attack and Exploit openSSL Heartbleed vulnerability using Metasploit on Kali Linux. Attack and Exploit Heartbleed vulnerable system using MetaSploit Metasploit was created by HD Moore in 2003 as a portable network tool. Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Ensure your Attacking Kali Linux machine is fully updated and upgraded. That’s enough taking, lets start MetaSploit. In case those who are not familiar, you also need to start the following two services before you start MetaSploit: service postgresql start service metasploit start Once these two services are up and running start MetaSploit using the following command: msfconsole Now load openssl_heartbleed module using the following command: use auxiliary/scanner/ssl/openssl_heartbleed Use show options command to see configurable options show options Set the following two options: set RHOSTS RHOSTS: It is the target machines IP range. In my case, it was Set your own target machine’s IP here. We are not setting RPORT cause it’s already set to 443 (which is what our target system Apache HTTPS server is running on). Here’ I will set another flag which is not presented in show options windows. Enable verbose mode by typing in the following command: set verbose true I am setting verbose because I want to see what goes on when I attack my target machine. Now let’s attack the target machine. Type in the following command to start the attack process: exploit And we have some Printable info leaked from SSL session. Play around with the options to get familiar with it. Conclusion This is just the tip of the iceberg. You need to repeat this attack many many many times and the more you attack the more information will be leaked. How many times you need to attack? Let’s look into the Heartbleed challenge set up by CloudFlare. The first was submitted at 4:22:01PST by Fedor Indutny (@indutny). He sent at least 2.5 million requests over the span of the challenge, this was approximately 30% of all the requests we saw. The second was submitted at 5:12:19PST by Ilkka Mattila of NCSC-FI using around 100 thousand requests. Well, 2.5 million and 100 thousand requests will get you private key for the SSL. Once you have the private key, you can decrypt every messages (username, password, anything! that was encrypted with the SSL certificate). Though 2.5 million requests seems absurd, for a busy server it’s nothing and like I said before, it’s undetectable. You can keep doing it from behind a proxy server or a TOR network without revealing your true identity. Thanks for reading. Please share this article and like/follow us on Facebook and Twitter. Sursa: http://www.blackmoreops.com/2014/05/03/detect-exploit-openssl-heartbleed-vulnerability-using-nmap-metasploit-kali-linux/
  6. For every friend you invite to Coinbase, we'll send both you and them $5 worth of bitcoin when they complete a buy or sell of at least $100 worth of bitcoin!
  7. Bai vere tu ai ceva in cap dar nu sti cum sa te exprimi.. oricum nu asculta la hateri pentru ca ei o sa fie aia care o sa o suga mai tarziu. Zi ceva si de biciclisti.. daca tot esti nationalist! PS: Din moment ce ofera ceva la schimb nu putem numi aceasta actiunea ca fiind "cerseala" si nici "donatie" mai mult un schimb.
  8. Daca o sa se mai faca multe thread-uri despre ei o sa ajunga la 50k like-uri numai cu utilizatori din RST.. baietii au share si likejacking pe fiecare pagina..
  9. Deci ai o parola de 100 biti pe un site, sa presupunem ca un cont bancar ascuns, 2 persoane si 3 parti. Vrei sa imparti parola aia intre cele doua persoane dar in acelasi timp vrei ca ei sa nu poata accesa acel cont pana nu mori tu.. pai e foarte simplu, imparti parola la 3, 1 parte primei persoane, o parte celei de a doua persoane si a cu a 3-a parte faci un schedule sa le trimita in fiecare an/luna cate o parte din a 3-a parte..
  10. Ai dat prea multe detalii si o intrebare am.. cum de ti-ai permis sa iti faci mailu rstforums@gmail.com? Cu alte cuvinte.. bun venit si bafta!
  11. Atata tot ca nu e forum romanesc.. doar ca are speakeri din Romania.
  12. Eu zic sa dea un moderator TC pana nu strica baietii combinatiile.. de la petitie am ajuns la dealeri, locuri si preturi.. topicu asta mere inspre off-topic si inca rau de tot..
  13. So what if I'm smoking weed, its not me shooting nobody, killing nobody, stabbing nobody, it's a paceful gesture and they gave to respect that and apreciate that! - Snoop dogg Si inca ceva, sa dovedit stiintific ca iarba e mult mai sanatoasa ca tabacu (si prin iarba ma refer doar la iarba adevarata, nu amestecata cu toate cacaturile) problema e ca mai sunt si unii cocalari care nu pot sa stea acasa cand sunt fumati aia e toata chestia cu iarba.. nu e vorba de decese si rahaturi..
  14. Pana la sfarsitu zilei o sa aiba cel putin 100k semnaturi!
  15. Probabil pentru ca multi nu ii stiu numele real a lu tinky si probabil pentru ca tex nu a vrut sa se prezinte cu tex ci cu numele lui real si atat. Nu vad care ar fi problema.. conteaza cine prezinta si despre ce se vorbeste nu despre pseudonimele prezentatoriilor.. ON: O sa fiu si eu prezent.
  • Create New...