Kioptrix: level 1

Kioptrix: level 1

Hacker.jpg

This is my write up for Kioptrix 1. Kioptrix is a very fun series available on Vulnhub.

First I need to find the IP address of the machine, I run netdiscover

kali-linux-2017-08-08-18-11-45_orig.png

Once i get the IP address I run a NMAP scan to see what open ports and services are open which could be used to exploit
.nmap -sV -O 192.168.120.138

kali-linux-2017-08-08-18-12-17_orig.png

Ah yes, severely ports are open. I visit port 80 and 443 only to find the apache page. I decided to run some more enumeration.
I use searchsploit to see what exploits i can use on openssh and apache_mod_ssl

kali-linux-2017-08-08-18-15-15_orig.png
kali-linux-2017-08-08-18-20-28_orig.png

There are several exploits that can be of great uses, such as OpenFuck for OpenSSLBut for this write up I'm going to exploit Samba.
I used a tool call enum4linux to gather more information.
https://tools.kali.org/information-gathering/enum4linux

kali-linux-2017-08-08-18-13-58_orig.png

ONCE THE RESULTS RETURN, I PRESENTED WITH A LOT OF INFORMATION. wHEN LOOKING AT THE os INFORMATION I SEE WHAT VERSION OF sAMBA THE MACHINE IS RUNNING.
sAMBA 2.2.1

kali-linux-2017-08-13-18-44-47_orig.png

You can also find SMB information by using metasploit as shown above.
msf> use auxiliary/scanner/smb/smb_version  

 

After doing some research on Samba 2.2.1a i found some good information.
https://pen-testing.sans.org/resources/papers/gcih/0x333hatec-samba-remote-root-exploit-102967
This article then led me to the exploit 0x333hate

 

 

kali-linux-2017-08-13-19-00-14_orig.png

Once i downloaded and saved the exploit i then compiled it using the following commands
gcc -o 0x333hate 0x333hate.c
Information about gcc
https://www.safaribooksonline.com/library/view/linux-in-a/9780596806088/re146.html

kali-linux-2017-08-13-19-02-27_orig.png

Once complied, then its time to exploit so i can get root with the following command
../0x333hate -t 192.168.120.138 -p 139

kali-linux-2017-08-13-19-04-02_orig.png

Im in! Now i need to read the email and that will complete the chanllege
 /var/spool/mail/root

kali-linux-2017-08-13-19-05-21_orig.png
kali-linux-2017-08-13-19-06-30_orig.png