Kioptrix Level 1
Kioptrix Level 1 Walkthrough
Tools:
Nmap, Nikto, Dirb, Enum4Linux, Metasploit, Searchsploit, Github
Lab set up
Vulnerable Kioptrix VM
Check IP and discover Kioptrix IP in our virtual lab.
Recon
Nmap -sV -T4 -p- <IP> -vv
A quick scan to identify all possible open ports
Nmap -A -T4 -p22, 80, 111, 139, 443, 32768 <IP> -vv
Quick aggressive scan to grab more information from open ports identified in the previous scan.
Nikto
Nikto scan to find more information from the web app running on port 80.
Dirb
Brute-forcing directories in our target
Enum4Linux
Enumerating SMB identified from our nmap scans (port 139)our target machine.
Enumerating SMB/Connecting to our target machine (anonymous login)
Metasploit exploiting SMB
Running Metasploit scan to grab SMB port version
Samba 2.2.1a version identified.
Searchsploit
Finding information about samba 2.2/trans2open
Exploit
Metasploit/Searchsploit
Looking for exploits in the Metasploit database
Setting up the exploit
In order to make this exploit work, it is important to set up the correct payload:
Correct payload option
Shelling the target/Exploiting vulnerable Samba.
Metasploit exploiting Apache
Quick scan port 443 with Nmap
Searchsploit
In order to make this exploit works download the updated version from GitHub and follow the instructions:
Exploitation/Shelling the target