Thursday, April 6, 2017

Fixing and troubleshooting OpenFuck Exploit

In a previous post I had went over a walk through for Kioptrix Level 1. I had some issues and wanted to document them for anyone else that may run into those issues. I'll admit that my first problem was getting ahead of myself and trying to compile the source code before doing anything else. Finally googling gave the answer that was right smack dab in front of my face which is looking at the first 8 lines of the source

 * E-DB Note: Updating OpenFuck Exploit ~
 * OF version r00t VERY PRIV8 spabam
 * Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto
 * objdump -R /usr/sbin/httpd|grep free to get more targets
 * #hackarena

Beyond doing what is outlined on I had done a dist-upgrade to kali which seemed to have mess with some other settings. On top of installing libssl-dev it appeared I was missing some more ssl libraries and i'll be honest in saying i'm not sure which one it was that fixed my issue but I ended up installing libssl1.0-dev, libssl1.0.2, libssl1.1 as outlined below

root@kali:~# apt-cache search libssl
cl-plus-ssl - Common Lisp interface to OpenSSL
dcmtk - OFFIS DICOM toolkit command line utilities
dlang-openssl - D version of the C headers for openssl
libdcmtk-dev - OFFIS DICOM toolkit development libraries and headers
libdcmtk8 - OFFIS DICOM toolkit runtime libraries
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl-ocaml - OCaml bindings for OpenSSL (runtime)
libssl-ocaml-dev - OCaml bindings for OpenSSL
libssl1.0-dev - Secure Sockets Layer toolkit - development files
libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
libssl1.1 - Secure Sockets Layer toolkit - shared libraries
perl-openssl-defaults - version compatibility baseline for Perl OpenSSL packages
r-cran-openssl - GNU R toolkit for encryption, signatures and certificates based on OpenSSL

The point of this is that you may have some missing libraries and trying to compile the source with these missing libraries doesn't exactly tell you that you're missing it or which ones. So if you are still getting errors when compiling after following what is outlined in you may want to try to install those other ssl libraries like I had to.


  1. Thank you so much for this, out of all the sites, yours was the only solution that worked, I may reach out to the exploit author and let him know.

  2. you are a gentlemen and a scholar, was beating my head off the desk over this

  3. Thank you so much my friend, that saved me A LOT of time fuzzling around with the exploit! Please keep continuing posting more of such helpful posts in the future!

  4. DUDE. You have no idea how grateful I am for this

  5. error: expected expression before ‘)’ token
    ssl->rc4_read_key = (RC4_KEY*) malloc(sizeof(RC4_KEY));

  6. You are AWESOME!!!!

  7. Yup, this worked. Thanks! FYI, for me it was libssl1.0-dev.

  8. Hey, I am facing the issue and was looking for such good solution. Thanks for sharing. I hope it will work for me too.

  9. THANK YOU SOOOOO MUCH. The version of Kali I'm having to work on was apparently designed not to work properly. This saved me a rage freakout.

  10. I was looking for something exactly like this since last week. I am really happy to have such a great solution to my problem regarding DICOM viewer. Thanks for sharing.
    dicom cloud storage