Kioptrix Level 1

Michael Koczwara
3 min readFeb 2, 2020


Kioptrix Level 1 Walkthrough


Nmap, Nikto, Dirb, Enum4Linux, Metasploit, Searchsploit, Github

Lab set up

Vulnerable Kioptrix VM

Check IP and discover Kioptrix IP in our virtual lab.


Nmap -sV -T4 -p- <IP> -vv

A quick scan to identify all possible open ports

Nmap -A -T4 -p22, 80, 111, 139, 443, 32768 <IP> -vv

Quick aggressive scan to grab more information from open ports identified in the previous scan.


Nikto scan to find more information from the web app running on port 80.


Brute-forcing directories in our target


Enumerating SMB identified from our nmap scans (port 139)our target machine.

Enumerating SMB/Connecting to our target machine (anonymous login)

Metasploit exploiting SMB

Running Metasploit scan to grab SMB port version

Samba 2.2.1a version identified.


Finding information about samba 2.2/trans2open



Looking for exploits in the Metasploit database

Setting up the exploit

In order to make this exploit work, it is important to set up the correct payload:

Correct payload option

Shelling the target/Exploiting vulnerable Samba.

Metasploit exploiting Apache

Quick scan port 443 with Nmap


In order to make this exploit works download the updated version from GitHub and follow the instructions:

Exploitation/Shelling the target