Kioptrix (level 1)
First I start with the Nmap scan of the vm
We found a bunch of services from the scan.
First, we can try our luck with ssh but it seems that it needs a key so that method is out of the question.
Method 1
Next, we can try the HTTP and HTTPS services.
So when I enter 192.168.1.104 in firefox we get this webpage.
And running a -sV scan with nmap we can see the versions that are running.
After some googling I for this version of SSL 2.8.4
https://www.exploit-db.com/exploits/764
After downloading the code and compiling it we can launch the exploit.
However, this shell sucks so let's create a bash one-liner to call our listener on my kali box.
Simple as that!! but there is another method that can get us root on this box.
Method 2
After some investigating on the samba service running on this box its version is 2.2.1a.
And after some googling, I found another exploit for this version
https://www.exploit-db.com/exploits/10
And I compiled and ran the exploit.
So there are 2 methods that I found to get root in this box!
Last updated