Wednesday, April 9, 2014

OpenSSL Heartbleed Vulnerable Server Testing

It seems that the OpenSSL heartbeat vulnerability (heartbleed) has not caused that many issues so far, and many servers are patched already. I believe there's a lot of hype behind it. However, time will tell if it causes any impact. Also we may never know what exactly is leaked, we can only know that a hack was attempted by using snort or another IDS/IPS. The version command doesn't really say if you're running 1.0.1[a-f], but it's safe to say that if your version is 1.0.1.[anything] and it's timestamp is older than April 2014, then that version is vulnerable.

These services may be vulnerable:
Any service that runs OpenSSL and uses the STARTTLS method
The TOR client
SMTPS
IMAPS
Android OS
Postgres database
The Salt Stack cluster execution manager


Here's the original vulnerability:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Here's the OpenSSL patch to the vulnerable portion of code:
https://github.com/openssl/openssl/commit/731f431497f463f3a2a97236fe0187b11c44aead

Here's a google search for all mentions of heartbeat (but not heartbleed) under github.com/openssl:
https://www.google.com/search?q=site%3Agithub.com%2Fopenssl+heartbeat&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

This is a search of github.com for heartbleed:
https://www.google.com/search?safe=off&q=site%3Agithub.com+heartbleed&oq=site%3Agithub.com+heartbleed

Here is a quick tool in Python to test for the vulnerability,
http://www.exploit-db.com/exploits/32745/

There's a great writeup at heartbleed.com which goes into detail about the issue. To quote their website:
We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
There is a metasploit script available for use:

https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssl

You can type this OpenSSL command (tested with gnuwin32 openssl binary version 1.0.1.6, dated 1/14/2014). By the way, this version does not have the -tlsextdebug parameter, perhaps it was compiled by the gnuwin32 team without this option.

s_client -connect a23-75-248-141.deploy.static.akamaitechnologies.com:443 -debug -state

Once connected type B and you'll see on a vulnerable host and you won't be disconnected:


B
HEARTBEATING
write to 0x801c17160 [0x801cbc003] (66 bytes => 66 (0x42))
0000 - 18 03 03 00 3d 8f 6f 3c-52 11 83 20 9c a2 c0 49   ....=.o 5 (0x5))
0000 - 18 03 03 00 3d    ....=
read from 0x801c17160 [0x801cb7008] (61 bytes => 61 (0x3D))
0000 - 05 4d f5 c0 db 96 d1 f5-c7 07 e5 17 1f 3b 48 34   .M...........;H4
0010 - 6e 11 9d ba 10 0c 3a 34-eb 7b a5 7c c4 b6 c0 c0   n.....:4.{.|....
0020 - b0 75 0e fe b7 fa 9e 04-e9 4e 4a 7d 51 d3 11 1f   .u.......NJ}Q...
0030 - e2 23 16 77 cb a6 e1 8e-77 84 2b f8 7f    .#.w....w.+..
read R BLOCK


You will get a heartbeat response that looks similar to this one.


On a patched host, you will see a response similar to below and you'll be disconnected:

Enter B

HEARTBEATING
write to 0x801818160 [0x8019d5803] (101 bytes => 101 (0x65))
0000 - 18 03 03 00 60 9c a3 1e-fc 3b 3f 1f 0e 3a fe 4c   ....`....;?..:.L
0010 - a9 33 08 cc 3d 43 54 75-44 7d 2c 7b f3 47 b9 56   .3..=CTuD},{.G.V
0020 - 89 37 c1 43 1c 80 7b 87-66 ff cb 55 5f 8d 1a 95   .7.C..{.f..U_...
0030 - 1b 4c 65 14 21 a1 95 ac-7a 70 79 fc cc a0 cf 51   .Le.!...zpy....Q
0040 - 0f 7e c5 56 14 c8 37 c1-40 0b b8 cb 43 96 8a e6   .~.V..7.@...C...
0050 - 21 42 64 58 62 15 fb 51-82 e6 7f ef 21 1b 6f 87   !BdXb..Q....!.o.
0060 - b9 c2 04 c8 47    ....G



Here's my source for the OpenSSL s_client command above:

https://blog.ipredator.se/2014/04/how-to-test-if-your-openssl-heartbleeds.html

There's also these tools:

https://github.com/titanous/heartbleeder

Web based:
http://filippo.io/Heartbleed/

Test results of Alex top 1000 websites:
https://github.com/musalbas/heartbleed-masstest

Conspiracy Theory Mode
Perhaps NSA introduced this bug into OpenSSL to be able to crack users of The Onion Router?
/Conspiracy Theory Mode

Update: Here's another tool which is supposedly more accurate:
http://possible.lv/tools/hb/

Update (10:37pm est 2014/04/09)
Packetstorm's files related to the vulnerability:
http://packetstormsecurity.com/files/cve/CVE-2014-0160