Wednesday, April 9, 2014

OpenSSL Heartbleed Vulnerable Server Testing

It seems that the OpenSSL heartbeat vulnerability (heartbleed) has not caused that many issues so far, and many servers are patched already. I believe there's a lot of hype behind it. However, time will tell if it causes any impact. Also we may never know what exactly is leaked, we can only know that a hack was attempted by using snort or another IDS/IPS. The version command doesn't really say if you're running 1.0.1[a-f], but it's safe to say that if your version is 1.0.1.[anything] and it's timestamp is older than April 2014, then that version is vulnerable.

These services may be vulnerable:
Any service that runs OpenSSL and uses the STARTTLS method
The TOR client
Android OS
Postgres database
The Salt Stack cluster execution manager

Here's the original vulnerability:

Here's the OpenSSL patch to the vulnerable portion of code:

Here's a google search for all mentions of heartbeat (but not heartbleed) under

This is a search of for heartbleed:

Here is a quick tool in Python to test for the vulnerability,

There's a great writeup at which goes into detail about the issue. To quote their website:
We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
There is a metasploit script available for use:

You can type this OpenSSL command (tested with gnuwin32 openssl binary version, dated 1/14/2014). By the way, this version does not have the -tlsextdebug parameter, perhaps it was compiled by the gnuwin32 team without this option.

s_client -connect -debug -state

Once connected type B and you'll see on a vulnerable host and you won't be disconnected:

write to 0x801c17160 [0x801cbc003] (66 bytes => 66 (0x42))
0000 - 18 03 03 00 3d 8f 6f 3c-52 11 83 20 9c a2 c0 49   ....=.o 5 (0x5))
0000 - 18 03 03 00 3d    ....=
read from 0x801c17160 [0x801cb7008] (61 bytes => 61 (0x3D))
0000 - 05 4d f5 c0 db 96 d1 f5-c7 07 e5 17 1f 3b 48 34   .M...........;H4
0010 - 6e 11 9d ba 10 0c 3a 34-eb 7b a5 7c c4 b6 c0 c0   n.....:4.{.|....
0020 - b0 75 0e fe b7 fa 9e 04-e9 4e 4a 7d 51 d3 11 1f   .u.......NJ}Q...
0030 - e2 23 16 77 cb a6 e1 8e-77 84 2b f8 7f    .#.w....w.+..
read R BLOCK

You will get a heartbeat response that looks similar to this one.

On a patched host, you will see a response similar to below and you'll be disconnected:

Enter B

write to 0x801818160 [0x8019d5803] (101 bytes => 101 (0x65))
0000 - 18 03 03 00 60 9c a3 1e-fc 3b 3f 1f 0e 3a fe 4c   ....`....;?..:.L
0010 - a9 33 08 cc 3d 43 54 75-44 7d 2c 7b f3 47 b9 56   .3..=CTuD},{.G.V
0020 - 89 37 c1 43 1c 80 7b 87-66 ff cb 55 5f 8d 1a 95   .7.C..{.f..U_...
0030 - 1b 4c 65 14 21 a1 95 ac-7a 70 79 fc cc a0 cf 51   .Le.!...zpy....Q
0040 - 0f 7e c5 56 14 c8 37 c1-40 0b b8 cb 43 96 8a e6   .~.V..7.@...C...
0050 - 21 42 64 58 62 15 fb 51-82 e6 7f ef 21 1b 6f 87   !BdXb..Q....!.o.
0060 - b9 c2 04 c8 47    ....G

Here's my source for the OpenSSL s_client command above:

There's also these tools:

Web based:

Test results of Alex top 1000 websites:

Conspiracy Theory Mode
Perhaps NSA introduced this bug into OpenSSL to be able to crack users of The Onion Router?
/Conspiracy Theory Mode

Update: Here's another tool which is supposedly more accurate:

Update (10:37pm est 2014/04/09)
Packetstorm's files related to the vulnerability: