We used HackTheBox Valentine machine to demonstrate HeartBleed Vulnerability and privilege escalation through tmux terminal multiplexer. Valentine is a very unique medium difficulty machine which focuses on the Heartbleed vulnerability, which had devastating impact on systems across the globe.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Highlights

HeartBleed Vulnerability:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Heartbleed exploit can be looked up using the below command

searchsploit -x 32764.py

In the scenario of this video, we can use the exploit relevant to the challenge by executing this command

searchsploit -x 32764.py

Exploit link is here

The exploit can be then executed using the below command

python2 heartbleed.py target-IP

What is Tmux?

tmux is an open-source terminal multiplexer for Unix-like operating systems. It allows multiple terminal sessions to be accessed simultaneously in a single window. It is useful for running more than one command-line program at the same time. It can also be used to detach processes from their controlling terminals, allowing remote sessions to remain active without being visible

Source: Wikipedia

We can connect to a tmux session using the below command

tmux -S /.devs/dev_sess

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles