Book Image

Kali Linux CTF Blueprints

By : Cameron Buchanan
Book Image

Kali Linux CTF Blueprints

By: Cameron Buchanan

Overview of this book

Table of Contents (14 chapters)
Kali Linux CTF Blueprints
About the Author
About the Reviewers

Scenario 5 – because Heartbleed didn't get enough publicity as it is

During the writing of this book, something pretty crazy happened. A vulnerability in OpenSSL was disclosed to the community, and the Internet was proven to have a great deal of sites vulnerable. When I say, "a great deal", I mean roughly 66 percent. That's a lot of patching needed.

The vulnerability was dubbed Heartbleed and was found to be really easy to exploit. I mean really easy. Despite its ease of exploitation, it's a great example of an SSL solution vulnerability with a memory read exploit. This makes it an excellent inclusion option for your assault course. It's recent, it's relatively easy to set up, there's a truckload of exploits out there that can be used, and it demonstrates one of the core elements of SSL testing: the vulnerabilities are usually in the implementation and not in the algorithms themselves.

We're going to set up an SSL server vulnerable to a Heartbleed attack, generate some activity on it, and...