Heartbleed RSA Key

Question

I'm currently a student doing some research into the Heartbleed Vulnerability and I'm having difficulty retrieving the correct RSA private keys.

Here is my setup environment in VirtualBox:

Kali Linux 2.0 Host Only Network with ip address 192.168.2.200/24
Turnkey OpenLDAP Server Host Only Network with ip address 192.168.2.202/24

The openLDAP server is using OpenSSL version 1.0.1e and I have managed to get usernames and passwords of users when they login using HTTPS.

However in my Kali 2.0 when I run the heartleech program

root@kali~#heartleech 192.168.2.202 -a

it returns an RSA private key. I then run Wireshark to generate some traffic (logging in and out as a user in the web browser https://192.168.2.202) I manage to get an encrypted alert and when I add the RSA key that heartleech produced it still does not decrypt the traffic.

What I was wondering is, where do you suppose this key is being generated from? As I cannot find this key on my OpenLDAP Server, any suggestions or a point in the right direction would be much appreciated.

You are really asking where could an RSA key come from in a OpenLDAP server? — Stone True, Nov 21 '15 at 16:03

score 3 · Answer 1 · edited Jun 16 '20 at 09:49

3

Forward secrecy?

After the fact decryption will not work if client and server have negotiated a forward secure cipher suite. (Anything with DHE or ECDHE in the name.)

Check with WireShark. Selected suite name is in clear text.

Does key match cert?

Check if key and cert belong together.

edited Jun 16 '20 at 09:49

Community

1

answered Nov 21 '15 at 15:49

StackzOfZtuff

17,783
1
50
86

Heartbleed RSA Key

1 Answers1

Forward secrecy?

Does key match cert?