Rooting Kioptrix 1 Walkthrough


Kioptrix 1 B2R virtual machine designed for students to practice vulnerability analysis and exploitation. Objective is to root this virtual machine by exploiting possible vulnerabilities leading to full system compromise.

Vulnerabilities Exploited:

  • Apache mod_ssl < 2.8.7 OpenSSL Remote Buffer Overflow

Lab Setup:

  • VMWare workstation for Virtual Machines
  • Kali Linux VM in Bridge mode
  • Kioptrix 1 in Bridge mode

Tools Used:

  • Kali Linux VM
  • netdiscover
  • nmap
  • gcc



Target VM IP Address:


Lets scan target box with namp to find open ports.

#nmap -p- -A –webxml -oX nmap-kioptrix1.xml


Apache 1.3.20 seem out dated, lets search for exploit.

Looks straight forward, lets download exploit on kali linux machine,

wget -O openFuck2.c

and customize according to instructions given at top of exploit in this link.

These are cusomization steps.

Add these headers :

#include <openssl/rc4.h>

#include <openssl/md5.h>

2) Update the URL of the C file: Search for wget and replace the URL with this new one :

3) Install libssl-dev lib

apt-get install libssl-dev

4) Update declaration of variables

Line 961, change :

unsigned char *p, *end;

By adding const :

const unsigned char *p, *end;

5) Compile then code and you’re done

To compile :

gcc -o openFuck2 /usr/share/exploitdb/exploits/unix/remote/764.c -lcrypto

and execute exploit

We are root! Congratulations!


Update apache and mod ssl to latest version and apply available patches to latest version.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s