Forum

Challenge "Heartbleed — Part 1 "

Challenge "Heartbleed — Part 1 "  

  By: admin on Aug. 28, 2014, 2:32 p.m.

This challenge is based on the Heartbleed Bug in OpenSSL discovered in April 2014. Attack a server provided by the group for Privacy and Compliance with the Research Institute Cyber Defence (CODE) at Bundeswehr University Munich, which is specifically prepared to be vulnerable to the Heartbleed bug.

!!! We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. !!!
Read more...

 Last edited by: admin on May 17, 2022, 6:31 p.m., edited 1 time in total.

Re: Challenge  

  By: Veselovský on Sept. 1, 2014, 7:02 p.m.

I am not sure whether this is a problem or I just do it wrong…
but what if somebody is continuously performing a login with incorrect/random/trial password (and perhaps he/she does it more frequently then the "script in the background")?
I can see lots of different "passwords" that somebody was trying to login with, I tried several of them and none of them was correct.
I can spent hours on it this way…

Re: Challenge  

  By: Veselovský on Sept. 1, 2014, 9:05 p.m.

Probably, the problem I mentioned above was not a problem, as I have just solved part 1.

But I still miss the logic of the challenge and its three parts. At the moment I consider it a bit messy, because I first had to login into part 2 of the challenge to see whether I am on the right track and only then was able to solve the first part.

Re: Challenge  

  By: Veselovský on Sept. 1, 2014, 9:21 p.m.

…also I do not understand why we have to provide as a codeword a password of Alice that is nowhere accepted on the "https://heartbleed.ais.uni-kassel.de" site. Since it is nowhere accepted, how should I have known that it is a correct codeword to provide? I have not known, I just did trial and error.

Re: Challenge  

  By: wackerao on Sept. 3, 2014, 3:45 p.m.

Please see my response to part 2, as it applies here too.

Re: Challenge  

  By: stegi on April 15, 2015, 6:02 p.m.

Hey,

I found this site by accident yesterday and already had some fun solving the first challenges.
I wanted to try this challenge but I don't have any prior experience doing 'stuff like that' on a computer. So when I went on the projects page I didn't have a single clue what to do :(

So I wanted to ask, if anyone could give me a hint or link how I can learn to get startet with that.

Thanks in andvance :)

Re: Challenge  

  By: madness on June 18, 2021, 5:37 a.m.

"No heartbeat response received, server likely not vulnerable"

Re: Challenge  

  By: Fountain on Oct. 15, 2021, 12:47 a.m.

Perhaps I'm late to the party. As best I can tell, the target server is no longer vulnerable to Heartbleed. Has the server been patched or am I missing something?

Re: Challenge "Heartbleed — Part 1 "  

  By: Konubixe on April 10, 2022, 6:04 p.m.

Want to go with meaning of Fountain: At a first glance the tools say vulnerable but no result after the exploit. Same reaction as can be seen in YT-Video https://www.youtube.com/watch?v=PaAKek4WvyY after hardening a system with TrendMIcro.

May be by accident?

Re: Challenge "Heartbleed — Part 1 "  

  By: robot.txt on May 17, 2022, 8:43 a.m.

We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. Sry for the inconvenience. Greetings


Currently 6 guests and 0 members are online.
Powered by the CrypTool project
Contact | Privacy | Imprint
© 2009-2022 MysteryTwister team