Difference between revisions of "NST Heartbleed Detection"

From NST Wiki
Jump to navigationJump to search
(Heartbleed Detection - NST Public System)
(Heartbleed Detection - NST Public System)
Line 83: Line 83:
  
 
==  '''Heartbleed Detection - NST Public System''' ==
 
==  '''Heartbleed Detection - NST Public System''' ==
NST Public users will first need to manually ''patch'' and ''update'' their NST system from the '''nmap''' site: "'''[https://svn.nmap.org https://svn.nmap.org]'''"
+
NST Public users will first need to manually '''update'' their '''NST 20''' system from the '''nmap''' site: "'''[https://svn.nmap.org https://svn.nmap.org]'''". The following command sequence shows the necessary steps to allow the nmap version shipped with '''NST 20''' to run the
  
 +
<div class="screen">
 +
<div class="userInput"><span class="prompt">[root@probe ~]# </span>nmap -p 443 --script ssl-heartbleed 10.21.23.19;</div>
 +
<pre class="computerOutput">
 +
cd /usr/share/nmap;
 +
cp
 +
</pre>
 +
<div class="userInput"><span class="prompt">[root@probe ~]# </span></div>
 +
</div>
 
  wget https://svn.nmap.org/nmap/nse_main.lua
 
  wget https://svn.nmap.org/nmap/nse_main.lua
 
  wget https://svn.nmap.org/nmap/nselib/tls.lua
 
  wget https://svn.nmap.org/nmap/nselib/tls.lua
 
  wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
 
  wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Revision as of 19:22, 11 April 2014

Overview

Heartbleed.png This page shows how to use NST and nmap to detect the heartbleed vulnerability. Heartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.

See the following sites for technical details on this vulnerability:

Heartbleed Detection - NST Pro System

NST Pro users need to first update their NST system to get the latest version of nmap (i.e., v6.45 or greater) from the NST Pro repository. This release contains the nmap NSE (Nmap Scripting Engine) script: "/usr/share/nmap/scripts/ssl-heartbleed.nse" written by Patrik Karlsson which is based on code authored by Jared Stafford.



   


[root@probe ~]# yum update nmap;
.
.
.
====================================================================================================================================
 Package                         Arch                     Version                                    Repository                Size
====================================================================================================================================
Updating:
 nmap                            i686                     2:6.45-32817.10.nst20                      NstPro                   3.9 M
Updating for dependencies:
 nmap-frontend                   noarch                   2:6.45-32817.10.nst20                      NstPro                   685 k
 nmap-ncat                       i686                     2:6.45-32817.10.nst20                      NstPro                   124 k

Transaction Summary
====================================================================================================================================
.
.
.
[root@probe ~]#

Command Line

The following is an example nmap command for the detection of the "Heartbleed" vulnerability on host: "10.21.23.19" port: "443 (https)"

[root@probe ~]# nmap -p 443 --script ssl-heartbleed 10.21.23.19;

Starting Nmap 6.45 ( http://nmap.org ) at 2014-04-11 19:07 EDT
Nmap scan report for 10.21.23.19
Host is up (0.00024s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-heartbleed: 
|   VULNERABLE:
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows
for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected
by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions
and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys
themselves.
|           
|     References:
|       http://cvedetails.com/cve/2014-0160/
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_      http://www.openssl.org/news/secadv_20140407.txt 
MAC Address: 08:00:27:70:D5:9B (Cadmus Computer Systems)

Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds
[root@probe ~]#

NST WUI

Heartbleed Detection - NST Public System

NST Public users will first need to manually update their NST 20 system from the nmap site: "'https://svn.nmap.org". The following command sequence shows the necessary steps to allow the nmap version shipped with NST 20 to run the

[root@probe ~]# nmap -p 443 --script ssl-heartbleed 10.21.23.19;
cd /usr/share/nmap;
cp 
[root@probe ~]#
wget https://svn.nmap.org/nmap/nse_main.lua
wget https://svn.nmap.org/nmap/nselib/tls.lua
wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse