Added Setup Guide for Windows

vognik · vognik · commit b13f59128c61 · 2025-08-18T08:20:32.000+04:00
diff --git a/documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md b/documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md
@@ -19,6 +19,8 @@ The `hid_studyname` parameter serves as the identifier of the survey or test bei
 
 ## Testing
 
+### Setup a Linux Server to Host the Lighhouse Survey
+
 To set up a test environment:
 
 1. Download and Install Ubuntu 18.04.6 LTS
@@ -230,14 +232,16 @@ sudo systemctl restart apache2
 
 Now CGI scripts in /var/www/html/cgi-bin/ should be executable.
 
-11. Download and Install Windows (on Second VM)
+### Create the Lighthouse Survey
+
+1. Download and Install Windows (on Second VM)
 
 Download Windows 10 ISO from the official Microsoft site:
 https://www.microsoft.com/en-us/software-download/windows10
 
 Follow standard installation steps in your hypervisor (e.g., VirtualBox, VMware, etc.).
 
-12. Download and Install Vulnerable Lighthouse Studio
+2. Download and Install Vulnerable Lighthouse Studio
 
 This is the vulnerable application used to build and upload surveys.
 
@@ -248,7 +252,7 @@ https://sawtoothsoftware.com/resources/software-downloads/lighthouse-studio/vers
 
 Install Lighthouse Studio using default options.
 
-13. Create and Save a New Study
+3. Create and Save a New Study
 
 Use
 
@@ -259,7 +263,7 @@ File -> New Study
 and follow instructions.
 In the end save the study.
 
-14. Upload the Study to the Ubuntu VM
+4. Upload the Study to the Ubuntu VM
 
 To host your survey on the Ubuntu VM:
 
@@ -289,7 +293,7 @@ In the "Advanced" Tab
 
 Set the Database Server Host Name — enter the IP address of your Ubuntu VM.
 
-15. Upload the Survey to Server
+5. Upload the Survey to Server
 
 Click the "Upload Survey to Server" button.
 
@@ -303,6 +307,29 @@ OR (in case of any errors)
 
 Use this instruction to upload manually [Manual Upload to Server](https://sawtoothsoftware.com/help/lighthouse-studio/manual/manual-upload.html)
 
+## Setup a Windows Server to Host Lighthouse Survey
+
+1. Install xampp
+
+2. Place survey for manual upload in c:\xampp\htdocs\
+
+3. Install Perl 5.38
+
+- Avoid installing 5.40 as it's missing some essential MySQL libraries required to connect the Lighthouse survey to database which is required in order to exploit this vulnerability
+
+3. Either find and replace these with #!C:/Strawberry/perl/bin/perl.exe or edit the apache config such that Apache will always send these files to Strawberry Perl
+- The .pl and .cgi files LightHouse generates will start with #!/usr/bin/pearl which windows will fail to interpret
+
+4. Make the same edits to the Apache config as you would do on Linux to make the cgi scripts executable
+
+5. Install the same Perl modules as you would during the Linux install
+
+6. In phpMyAdmin, create the DB user and DB specified in the Survey you created in Lighthouse
+
+7. Ensure the user has the necessary privileges over the DB
+
+8. Navigate the to the /<SurveyName>/WebUpload/cgi-bin/admin.pl endpoint in the survey, authenticate with the admin credentials and ensure the the DB is connected and there were no errors durning setup
+
 ## Scenario
 
 ```
