Thursday, April 6, 2017

Fixing and troubleshooting OpenFuck Exploit

In a previous post I had went over a walk through for Kioptrix Level 1. I had some issues and wanted to document them for anyone else that may run into those issues. I'll admit that my first problem was getting ahead of myself and trying to compile the source code before doing anything else. Finally googling gave the answer that was right smack dab in front of my face which is looking at the first 8 lines of the source

/*
 * E-DB Note: Updating OpenFuck Exploit ~ http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/
 *
 * OF version r00t VERY PRIV8 spabam
 * Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto
 * objdump -R /usr/sbin/httpd|grep free to get more targets
 * #hackarena irc.brasnet.org
 */

Beyond doing what is outlined on paulsec.github.io I had done a dist-upgrade to kali which seemed to have mess with some other settings. On top of installing libssl-dev it appeared I was missing some more ssl libraries and i'll be honest in saying i'm not sure which one it was that fixed my issue but I ended up installing libssl1.0-dev, libssl1.0.2, libssl1.1 as outlined below

root@kali:~# apt-cache search libssl
cl-plus-ssl - Common Lisp interface to OpenSSL
dcmtk - OFFIS DICOM toolkit command line utilities
dlang-openssl - D version of the C headers for openssl
libdcmtk-dev - OFFIS DICOM toolkit development libraries and headers
libdcmtk8 - OFFIS DICOM toolkit runtime libraries
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl-ocaml - OCaml bindings for OpenSSL (runtime)
libssl-ocaml-dev - OCaml bindings for OpenSSL
libssl1.0-dev - Secure Sockets Layer toolkit - development files
libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
libssl1.1 - Secure Sockets Layer toolkit - shared libraries
perl-openssl-defaults - version compatibility baseline for Perl OpenSSL packages
r-cran-openssl - GNU R toolkit for encryption, signatures and certificates based on OpenSSL

The point of this is that you may have some missing libraries and trying to compile the source with these missing libraries doesn't exactly tell you that you're missing it or which ones. So if you are still getting errors when compiling after following what is outlined in paulsec.github.io you may want to try to install those other ssl libraries like I had to.

1 comment:

  1. Thank you so much for this, out of all the sites, yours was the only solution that worked, I may reach out to the exploit author and let him know.

    ReplyDelete