Forum

Challenge "Heartbleed — Part 3"  

  By: admin on Aug. 28, 2014, 2:35 p.m.

This challenge is based on the Heartbleed Bug in OpenSSL discovered in April 2014. Attack a server which is specifically prepared to be vulnerable to the Heartbleed bug. Please note that it is necessary to solve Part 1 and 2 at first.

!!! We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. !!!
Read more...

Re: Challenge  

  By: Veselovský on Sept. 3, 2014, 1:56 p.m.

Is the information needed to solve this part still hidden in data received using Heartbleed bug or the information gathered in part 1 and part 2 are enough and we do not need to use Heartbleed bug anymore but to do something different?

Re: Challenge  

  By: wackerao on Sept. 3, 2014, 3:42 p.m.

All three parts require exploiting the heartbleed bug. In this part, you need some data from the server which you did not need for part 1 or 2. Of course, you might have it already if you collected many MB of data in the first parts and the required piece is already in there. Although, this is unlikely.

Re: Challenge  

  By: D3d4lu5 on July 10, 2017, 9:30 p.m.

I had to dump 0.5 TB (!) to finally find the private key.

Although I knew the openssl implementation, for safety's sake my self-written program scanned for all word and byte orders both for x86 and x64 systems and that really took a long time…

So be patient. [HTML_REMOVED]

Re: Challenge  

  By: wackerao on July 11, 2017, 9:51 a.m.

[HTML_REMOVED] .thumbs up

Re: Challenge "Heartbleed — Part 3"  

  By: robot.txt on May 17, 2022, 8:46 a.m.

We had to take off this challenge, as our firewall doesn't allow flawed servers any more -- even if this flaw was offered by will for training and within a sandbox. Sry for the inconvenience. Greetings


Currently 25 guests and 0 members are online.
Powered by the CrypTool project
Contact | Privacy | Imprint
© 2009-2024 MysteryTwister team