Scribd
Upload
21 views18 pages

Ensure Kioptrix Is Running in The VM

This document provides a step-by-step guide to exploit Kioptrix Level 1, starting with network discovery and enumeration of open ports and services using tools like arp-scan and nmap. It details the exploitation of a vulnerable Samba version 2.2.1a using searchsploit and compiling an exploit to gain root access. The walkthrough concludes by confirming root access and encouraging documentation of the techniques for future use in CTFs.

Uploaded by

Shahzad Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
21 views18 pages

Ensure Kioptrix Is Running in The VM

This document provides a step-by-step guide to exploit Kioptrix Level 1, starting with network discovery and enumeration of open ports and services using tools like arp-scan and nmap. It details the exploitation of a vulnerable Samba version 2.2.1a using searchsploit and compiling an exploit to gain root access. The walkthrough concludes by confirming root access and encouraging documentation of the techniques for future use in CTFs.

Uploaded by

Shahzad Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Ensure Kioptrix is running in the VM

Step 1: Reconnaissance
Network Discovery and Setup:
Execute arp-scan -l on your attack machine to check if Kioptrix Level 1 is on
the network. If its not in the network Troubleshoot and follow necessary
steps to install Kioptrix correctly.
Here we see that Kioptrix is running on ip address 192.168.10.171
Step 2: Enumeration
 Run nmap -A -p- -T4 192.168.10.171 against Kioptrix to identify open ports
and services.
 we see that port 80 is open and opening it on our browser it is just a test
page
 Observe the presence of Samba, which will be crucial for gaining root
access.So with nmap we see the presence of samba and that port 80 is open
and other ports.
Step 3: Samba Enumeration
Utilize Enum4linux and Smbclient to confirm the presence of Samba on the
remote host.
 Identify the Samba version using Metasploit's auxiliary/scannerwe start
metasploit by running msfconsole-
use twelfth module by issuing the use 12 command
Then show options
On running show options we see that RHOSTS is required and thus we use
the IP address of the Kioptrix machine by running set RHOST
192.168.10.171
Then we use the run command to run the module against Kioptrix.
The results show that it is running samba 2.2.1a which is vulnerable to alot
of exploits.
Step 4: Exploitation - Samba 2.2.1a:
We then use searchsploit command line tool to search for samba 2.2.1a
Use searchsploit to find exploits for Samba 2.2.1a, and select a suitable one
(e.g., multiple/remote/10.c).
The results shows all the existing exploits on the Exploit Database for Samba
2.2.1a. I will use the multiple/remote/10.c which will give us root access
privileges of the machine.
Download the chosen exploit using the command searchsploit -m
multiple/remote/10.c

From the ouput we see that the exploit has been downloaded to KIOptrix
Directory as 10.c.
We then compile the exploit with gcc -o sambaexploit 10.c
The -o option is to specify the desired file output name.

we see there's a new file called sambaexploit which is green meaning we can
execute it on the vulnerable machine.
Now we Execute the exploit with ./sambaexploit -b 192.168.10.171
option -b is for bruteforce and 0 for Linux
and we got the shell!!!
Verify Root Access:
After executing the exploit, run whoami to confirm root access.

Conclusion
You've successfully completed Kiotrix Level 1. This walkthrough aimed to
provide a comprehensive guide to solving the challenges. If you encountered
any issues or have questions, feel free to reach out to me [I may be able to
help] or the challenge creators.

Remember to document and understand the techniques used during this


walkthrough, as they may prove useful in future CTFs. Happy hacking!

You might also like