Everyone may skip this section up to the docker pwnboxes section of this module. I have found a way around deprecated Linux exploits by using Docker, which may be more convenient. However, you should do both the Python3 and Python2 exercises because as a penetration tester, you are required to learn both (since many exploits before 2019 still is written in Python2

A lot has changed since the original 2019.2 i386 version of Kali Linux that I made this course on, and since then, there were changes in the kernel (I believe) that disrupted the exploitability of libhttpd 1.2. For one, the Extended Stack Pointer was misaligned by a single byte, which means that a direct JMP instruction would have ended up with a segmentation fault (if you paid attention, it wouldn't have landed in the buffer of C's anymore, and instead executed a invalid instruction).

You can download the older version of Kali Linux 2019.2 i386 here.

http://old.kali.org/kali-images/kali-2019.2/

Running the exploit works now

Update: Planned Phaseout of this Section

After testing the exploit against multiple Linux distributions, it appears that both the latest versions of Kali Linux, and Parrot OS have some sort of kernel changes that prevent the exploit from working. Penetration testing distros are known for utilizing bleeding edge kernels. Meanwhile, it seems the latest release of Ubuntu 20.04 LTS that I documented before, kernel version 5.13.0-51-generic, the exploit will still work. However, if your kernel version is 5.15.0-39-generic or above, the exploit taught in this section of the course will not work and will throw a segfault.

Now I am busy with a project with a terrible instructor in my course for UNLV for summer. So I'm trying to rush through it (my horrible class) but I will replace this module with another, likely something from vulnserver.exe, SyncBreeze, Savant 3.1, etc.