Forum

Challenge "Heartbleed — Part 1 "

Challenge "Heartbleed — Part 1 "  

  By: admin on Aug. 28, 2014, 2:32 p.m.

This challenge is based on the Heartbleed Bug in OpenSSL discovered in April 2014. Attack a server provided by the group for Privacy and Compliance with the Research Institute Cyber Defence (CODE) at Bundeswehr University Munich, which is specifically prepared to be vulnerable to the Heartbleed bug.
Read more...

 Last edited by: admin on Oct. 31, 2021, 3:05 a.m., edited 1 time in total.

Re: Challenge  

  By: Veselovský on Sept. 1, 2014, 7:02 p.m.

I am not sure whether this is a problem or I just do it wrong…
but what if somebody is continuously performing a login with incorrect/random/trial password (and perhaps he/she does it more frequently then the "script in the background")?
I can see lots of different "passwords" that somebody was trying to login with, I tried several of them and none of them was correct.
I can spent hours on it this way…

Re: Challenge  

  By: Veselovský on Sept. 1, 2014, 9:05 p.m.

Probably, the problem I mentioned above was not a problem, as I have just solved part 1.

But I still miss the logic of the challenge and its three parts. At the moment I consider it a bit messy, because I first had to login into part 2 of the challenge to see whether I am on the right track and only then was able to solve the first part.

Re: Challenge  

  By: Veselovský on Sept. 1, 2014, 9:21 p.m.

…also I do not understand why we have to provide as a codeword a password of Alice that is nowhere accepted on the "https://heartbleed.ais.uni-kassel.de" site. Since it is nowhere accepted, how should I have known that it is a correct codeword to provide? I have not known, I just did trial and error.

Re: Challenge  

  By: wackerao on Sept. 3, 2014, 3:45 p.m.

Please see my response to part 2, as it applies here too.

Re: Challenge  

  By: stegi on April 15, 2015, 6:02 p.m.

Hey,

I found this site by accident yesterday and already had some fun solving the first challenges.
I wanted to try this challenge but I don't have any prior experience doing 'stuff like that' on a computer. So when I went on the projects page I didn't have a single clue what to do :(

So I wanted to ask, if anyone could give me a hint or link how I can learn to get startet with that.

Thanks in andvance :)

Re: Challenge  

  By: madness on June 18, 2021, 5:37 a.m.

"No heartbeat response received, server likely not vulnerable"

Re: Challenge  

  By: Fountain on Oct. 15, 2021, 12:47 a.m.

Perhaps I'm late to the party. As best I can tell, the target server is no longer vulnerable to Heartbleed. Has the server been patched or am I missing something?


Currently 18 guests and 0 members are online.
Powered by the CrypTool project
© 2009-2021 MysteryTwister team