🖥️Walkthrough / Kioptrix Level 1🖥️

in walkthrough •  8 years ago  (edited)

Im still experimenting with improving my post quality and learning steemit so you feedback is welcomed 😊🤓
A nice and easy one this time.

Kioptrix Level 1

#Vulnhub Description:

This #Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

Name: Kioptrix: Level 1 (#1)
Date release: 17 Feb 2010
Author: Kioptrix
Series: Kioptrix
Web page: http://www.kioptrix.com/blog/?page_id=135
Vulnhub : https://www.vulnhub.com/entry/kioptrix-level-1-1,22/

🔥HOST DISCOVERY🔥

Once the virtual machine has been downloaded we look for it using ARP

netdiscover

192.168.0.23 looks like our likely candidate. The MAC vendor is a bit of a giveaway💀

A quick ping check

ping 192.168.0.23

itsss ALLIiVVEE!!"1!

🔥PORT SCANNING🔥

Time to get our hand dirty starting off with port scans

TCP Ports

nmap -sS -n -oN 192.168.0.23.quick.nmap 192.168.0.23

UDP Ports

Decided to mix it up and use unicorncan here.

unicornscan -mU -r200-Iv -p 0-65535 -l 192.168.0.23_udp.unicorn 192.168.0.23

🔥SERVICE ENUMERATION🔥

Time to run some deeper nmap scans

SSH- 22

ssh 192.168.0.23

Not that easy. Default and silly credentials didnt work here (root:root, est)

HTTP - 80

http://192.168.0.23

Just some default content

nikto -h 192.168.0.23

Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE 
OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
OSVDB-682: /usage/: Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
OSVDB-3268: /manual/: Directory indexing found.
OSVDB-3092: /manual/: Web server manual found.
OSVDB-3268: /icons/: Directory indexing found.
OSVDB-3233: /icons/README: Apache default file found.
OSVDB-3092: /test.php: This might be interesting...

Not much else found here.

** Netbios - 139**

enum4linux 192.168.0.23 > enum4linux_192.168.0.23

we notice an old samba version

HTTP - 443

Same content found as HTTP 80.

🔥EXPLOITATION🔥

Exploit code: https://www.exploit-db.com/exploits/10/

We find an exploit which fits the information enumerated.

Compile the exploit

Start netcat listerner on the attcker

Run exploit

Get root shell on the target!😎😎😎

walkthrough kioptrix pentest infosec vulnhub
8 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.08
  • Past Payouts $0.08
  • - Author $0.08
  • - Curators $0.00
3 votes
1
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  8 years ago 

    Im still not sure on the format of these but I think a few more and I will have these down

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.07
    • Past Payouts $0.07
    • - Author $0.05
    • - Curators $0.02
    1 vote