.png)
1 year ago
68 BOOK THIS SPACE FOR AD
ARTICLE ADHello everyone 👋
I’m back with another vulnerability in the Indian government website.
if you didn’t read my last blind SQL injection vulnerability, then you can check it here : https://medium.com/@kartikhunt3r/blind-time-based-sql-injection-vulnerability-in-an-indian-government-website-6bf3bb7daf25
In this blog, I’m gonna tell you about how I found a heart bleed bug in an Indian government server.
I started hunting on Indian government websites a few weeks ago. and already found my first bug on my first day. now I thought let’s play with some more sites.
so I decided to start with my own state Gujarat.
we will assume the government site as target.gov.in
as I got to the target site, I noticed that there is no Cloud-flare or any other protection. so, the first thing I done is
ping target.gov.inand I got IP of that website’s server.
As a normal routine, I started a Nmap scan in my terminal. first, it blocked my IP, so I used -Pn. and it worked.
while it finishes, I started exploring the site for some common bugs.
after 5–6 mins, I got the result of the Nmap scan. there are a total 7 open ports, one of them is 443/TCP.
I started enumerating each port. I used -sV to get the service version of SSL. and surprisingly it’s 1.0.1. BINGO!!
Description:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and took encrypts the traffic, the names, and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and impersonate services and users.
impact:
An attacker can read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
I’m 90% sure that this web will be vulnerable to heart bleed bug. still, I want to verify it, so I used nmap’s inbuilt scan script to verify the bug.
i executed this command to ensure there is a bug:
Nmap -p 443 --script SSL-heartbleedI got this result:
PORT STATE SERVICE443/TCP open HTTPS
| SSL-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
Now it’s time for exploitation 💣.
I quickly fired up my msfconsole, selected heart bleed exploit, I have remote host, and other required details.
after selecting all info, I run the exploit, and it gave me the last 64kb server conversation.
I reported this bug to NCIIPC and after a few days, I got an acknowledgment letter from them.
I hope you liked this blog. thanks for reading.
Bengali (Bangladesh) · 
English (United States) ·