
22 ssh OpenSSH 5.9.p1 5ubuntu1.10
80 http Apache 2.2.22
443 https Apache 2.2.22










Vulnerabilities related with heartbleed has been detected, better zommed screen-shot:

Links mentioned by nmap:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://www.openssl.org/news/secadv_20140407.txt
http://cvedetails.com/cve/2014-0160/

Now I am sure that this site is vulnerable to heart bleed. I need to find a way to make use of it

Amazing website with simple explanation of it security things:

It means if someone requests for word: HAT, answer outputs HAT and next data which is after HAT(depending on how many letters user requested).

I have run a few times this script and then I notice a change in the output:


Since then password for ssh key has not been cracked, so I decided to try use this string as a password





There is an available tmux session, which is accessible by my user, because it belongs to group hype and I have read/write perm.



Thanks to this I can attach to the session with root privileges
