Kioptrix Level 1

Michael Koczwara
3 min readFeb 2, 2020

--

Kioptrix Level 1 Walkthrough

Tools:

Nmap, Nikto, Dirb, Enum4Linux, Metasploit, Searchsploit, Github

Lab set up

Vulnerable Kioptrix VM

Check IP and discover Kioptrix IP in our virtual lab.

Recon

Nmap -sV -T4 -p- <IP> -vv

A quick scan to identify all possible open ports

Nmap -A -T4 -p22, 80, 111, 139, 443, 32768 <IP> -vv

Quick aggressive scan to grab more information from open ports identified in the previous scan.

Nikto

Nikto scan to find more information from the web app running on port 80.

Dirb

Brute-forcing directories in our target

Enum4Linux

Enumerating SMB identified from our nmap scans (port 139)our target machine.

Enumerating SMB/Connecting to our target machine (anonymous login)

Metasploit exploiting SMB

Running Metasploit scan to grab SMB port version

Samba 2.2.1a version identified.

Searchsploit

Finding information about samba 2.2/trans2open

Exploit

Metasploit/Searchsploit

Looking for exploits in the Metasploit database

Setting up the exploit

In order to make this exploit work, it is important to set up the correct payload:

Correct payload option

Shelling the target/Exploiting vulnerable Samba.

Metasploit exploiting Apache

Quick scan port 443 with Nmap

Searchsploit

In order to make this exploit works download the updated version from GitHub and follow the instructions:

Exploitation/Shelling the target

--

--