NST Heartbleed Detection: Difference between revisions
Line 87: | Line 87: | ||
<div class="screen"> | <div class="screen"> | ||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>cd /usr/share/nmap;</div> | <div class="userInput"><span class="prompt">[root@probe ~]# </span>cd /usr/share/nmap;</div> | ||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>cp nse_main.lua nse_main.lua.orig</div> | <div class="userInput"><span class="prompt">[root@probe ~]# </span>cp nse_main.lua nse_main.lua.orig;</div> | ||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>wget https://svn.nmap.org/nmap/nse_main.lua</div> | <div class="userInput"><span class="prompt">[root@probe ~]# </span>wget https://svn.nmap.org/nmap/nse_main.lua;</div> | ||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>cd /usr/share/nmap/nselib;</div> | |||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>wget https://svn.nmap.org/nmap/nselib/tls.lua;</div> | |||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>cd /usr/share/nmap/scripts;</div> | |||
<div class="userInput"><span class="prompt">[root@probe ~]# </span>wget https://svn.nmap.org/nmap/cripts/ssl-heartbleed.nse;</div> | |||
<pre class="computerOutput"> | <pre class="computerOutput"> | ||
</pre> | </pre> | ||
</div> | </div> | ||
Revision as of 19:32, 11 April 2014
Overview
This page shows how to use NST and nmap to detect the heartbleed vulnerability. Heartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.
See the following sites for technical details on this vulnerability:
- CVE (Common Vulnerabilities and Exposures) CVE-2014-0160
- OpenSSL Security Advisory 20140407
- CVE Details
Heartbleed Detection - NST Pro System
NST Pro users need to first update their NST system to get the latest version of nmap (i.e., v6.45 or greater) from the NST Pro repository. This release contains the nmap NSE (Nmap Scripting Engine) script: "/usr/share/nmap/scripts/ssl-heartbleed.nse" written by Patrik Karlsson which is based on code authored by Jared Stafford.
. . . ==================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================== Updating: nmap i686 2:6.45-32817.10.nst20 NstPro 3.9 M Updating for dependencies: nmap-frontend noarch 2:6.45-32817.10.nst20 NstPro 685 k nmap-ncat i686 2:6.45-32817.10.nst20 NstPro 124 k Transaction Summary ==================================================================================================================================== . . .
Command Line
The following is an example nmap command for the detection of the "Heartbleed" vulnerability on host: "10.21.23.19" port: "443 (https)"
Starting Nmap 6.45 ( http://nmap.org ) at 2014-04-11 19:07 EDT Nmap scan report for 10.21.23.19 Host is up (0.00024s latency). PORT STATE SERVICE 443/tcp open https | ssl-heartbleed: | VULNERABLE: | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption. | State: VULNERABLE | Risk factor: High | Description: | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves. | | References: | http://cvedetails.com/cve/2014-0160/ | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 |_ http://www.openssl.org/news/secadv_20140407.txt MAC Address: 08:00:27:70:D5:9B (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
NST WUI
Heartbleed Detection - NST Public System
NST Public users will first need to manually update their NST 20 system from the nmap site: "https://svn.nmap.org". The following command sequence shows the necessary steps to allow the nmap version shipped with NST 20 to run the heartbleed nmap NSE script: "/usr/share/nmap/scripts/ssl-heartbleed.nse". Backups are created for all nmap files updated just in case of any errors that may occur.