You can now quickly detect the OpenSSL-Heartbleed vulnerability very quickly on a network using the ever popular nmap command, and with the latest modules from Metasploit you can quickly see the exploit in action.
For this tutorial I will be using a WordPress server and Kali Linux running in two separate VMWare virtual machines.
For a vulnerable server, I used one of Turnkey Linux WordPress VMs. There are security updates available for Turnkey’s WordPress, but during the VM setup, and for this tutorial, I purposefully told the VM NOT to install the security updates so I could test for the OpenSSL vulnerability.
Once the WordPress VM was configured (just answer a few simple questions) I then fired up my Kali Linux VM.
Nmap has created a Heartbleed script that does a great job of detecting vulnerable servers. The script may not be available in your version of Kali, so…
View original post 426 more words