Exploiting Heartbleed vulnerability
In this recipe, we will use our previously compiled Heartbleed exploit to extract information about the vulnerable Bee-box server (https://192.168.56.103:8443/ in this recipe).
The Bee-box virtual machine can be downloaded from https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/ and the installation instructions are there too.
Getting ready
In the previous recipe, we generated an executable from the Heartbleed exploit; we will now use that to exploit the vulnerability on the server.
As Heartbleed is a vulnerability that extracts information from the server's memory, it may be necessary to browse and send requests to the server's HTTPS pages on port 8443 (https://192.168.56.103:8443/) before attempting the exploit in order to have some information to extract.
How to do it...
If we check the TCP port 8443 on Bee-box, we will find it is vulnerable to Heartbleed.
sslscan 192.168.56.103:8443
Now, let's move on to the exploit. Firstly, we move to the folder that contains...
