This was patched recently in openssl1.0.1g, but the Kali Linux machines you got on the DVD in class have an older, vulnerable version :)
The version number appears, as shown below. If the version is 1.0.1, 1.0.1f, or 1.0.1 followed by any letter before g, your server is likely to be vulnerable.
Kali Linux uses a vulnerable version!
TroubleshootingIf you have a later version of openssl, which is not vulnerable, re-extract a new Kali virtual machine from the DVDs handed out in class to get a vulnerable machine.
You should see a "pacemaker.py" file, as shown below.
git clone https://github.com/Lekensteyn/pacemaker.git
TroubleshootingIf that git repository is unavailable for some reason, you can get a copy from my server with these commands:
mv pacemaker.pyx pacemaker.py
In the Terminal window, execute this command:
Pacemaker starts listening, as shown below. Leave this window open.
Open a new Terminal window and resize it to use the other half of the Kali desktop, as shown below.
In the new Terminal window, execute this command:
Curl will show a connection error, but that doesn't matter because the RAM was stolen before that happened.
The pacemaker window fills with stolen RAM data, as shown below. The exploit worked!
In the pacemaker window, use the mouse to carefully scroll back up to see the start of the stolen RAM. Find the "Client returned 65517 (0xffed) bytes" message, as shown below. (Some versions of pacemaker show a slightly different number of bytes.)
At the top left of the Kali Linux desktop, click the round blue icon to open IceWeasel, which forked from Firefox.
Move IceWeasel to use only the lower portion of the desktop, as shown below.
In IceWeasel, type in this address and press Enter:
The pacemaker window shows one or messages saying "Not vulnerable!", as shown below.
This means IceWeasel is not vulnerable--that's just a normal heartbeat.
Email the image to email@example.com with a subject of "Project 11 from YOUR NAME".