In this post, i will tell you "How to Test HeartBleed". oh yeah. Nowadays this bug is so mainstream in this cyberworld. Now i'll show you how easy to check this vulnerability. :D
You need this:
How to Download it? you can use manual copy-paste that script to your vim/gedit/ some text editor that you used in linux. In this tutorial i used Kali Linux as my Operating System. Save that script with the same name as i type up there!. And save it into dir:
usr/share/nmap/scripts/ >> save ssl-hearbleed.nse at here.
usr/share/nmap/nselib/ >> save tls.lua at here.
or all of you can use another options with command in linux terminal:
$ cd /usr/share/nmap/scripts/
$ wget wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nseand
$ cd ../
$ cd nselib
$ wget wget https://svn.nmap.org/nmap/nselib/tls.luaThen the final of preparing tools, if you've done that, you must to update your nmap dbase with this command:
$ nmap --script-updatedbOk, then "It should begin" :D
Let's go!!
Open your terminal, and then type this
$ nmap -sV -p 443 --script=ssl-heartbleed.nse IP_TargetIf the result like this:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-24 22:51 PDT
Nmap scan report for mail.bppt.go.id (202.151.11.202)
Host is up (0.27s latency).
rDNS record for 202.151.11.202: zsmtp-out1.bppt.go.id
PORT STATE SERVICE VERSION
443/tcp open http nginx
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.63 secondsIt means it is not vuln. :D
But if you see like this image below:
it means the site that you entered is vulnerable with Heartbleed Bug. Congratulation. :D
Ok, i think you can explore more then me. So, i must to say "See you again" in the different tutorial/post :D
Assalamualaikum :D
.Jaster .
0 comments:
Post a Comment