Activity With Ali - JadenGil/Jaden-Tech-Journal GitHub Wiki

To start I logged into both the Kali and Windows machines.

Now in the Windows machine, I went to downloads opened the directory with minihttpd in it and moved the contents into the tools directory located in C:

Then I Made the following changes to the .ini file:

Open admin CMD and cd into the minihttpd dir and in this dir run install.bat and you'll be given the following message:

Before changing into the Kali machine get the IP for the Windows box:

We also need to add port 80 to the firewall on Windows:

Then navigate to that IP on Kali:

Then go to exploit-db and install the following exploit:

Open the downloaded file and delete the shell code! (Never run the exploit as stock you never know what could happen) Then comment out the payload and change the IP to the IP of the Windows box.

Note: Anything beyond the return and newline feed is the HTTP

Before creating a fuzzer it is important to understand the protocol and application

Now on the Kali box open burp suite go to proxy and turn intercepted "on" and then open browser and in the search bar navigate to the IP address of the Windows box.

After making edits to the exploit file go back to the Windows box, make a temp dir in the minihttpd dir, and stop and start HTTPD Service

Then run the exploit again and you'll have access to the Log

Then on the desktop run the debugger as administrator (It is important that you run it as admin)

Now in the debugger do file > attach > select httpd service > attach and then you'll be presented with the following:

By hitting the "play" button on the top bar it'll run. Then go back to the Kali box and re-send the payload