HeartBleed luck or hack?

Yesterday i decided to test the “HeartBleed”  attack against my personal web page hosted on shared host. I grab the POC script from https://github.com/musalbas/heartbleed-masstest/blob/master/ssltest.py and started to play. After a 10-15 tries i got the BINGO the COOKIE of a web site hosted on same web server. The web site is famous online news portal and the COOKIE is from the administrator. So i was lucky because you can try for a lot of time and you will not receive a confidential data.

Screen Shot of the retrieved data containing the confidential information.

Screen Shot 2014-04-10 at 23.41.50

Here is the whole COOKIE retrieved them the web server affected with HeartBleed flaw.

Screen Shot 2014-04-10 at 23.46.01

 

So with a luck and simple script you can retrieve a sensitive data needed to perform illegal hacks.

Source : http://heartbleed.com

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: