I am starting a series of post writing about
most important and useful Vulnhub challenges. In this post we can
take a look into Kioptrix vulnerable VM.
Kioptrix:
This Kioptrix VM Image are easy challenges.
The object of the game is to acquire
root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability
assessment and exploitation. There are more than one way to successfully complete the challenges.
root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability
assessment and exploitation. There are more than one way to successfully complete the challenges.
Steps:
Netdiscover
| arp
–n: To discover the vulnerable IP
Nmap : To
get all open ports and versions
Nikto :
Get a list of web based vulnerabilities.
Msfconsole:
Exploiting via metasploit
How it’s done:
Download the Kioptrix level 1 VM and import it
to the virtual box. Once it’s done and make sure the network has
enabled and configured properly.
Virtual box: https://www.virtualbox.org
Netdiscover | arp –n:
Once the VM is up and running we need to find
the IP of the vulnerable Linux OS. We can use Netdiscover and arp to
get the IP address. The same came be accomplished via nmap too.
Netdiscover finds all IP’s and its associative MAC address. We can
identify the target OS along with its MAC address assigned in the
VirtualBox.
>Netdiscover
>arp –a –n
>nmap
192.168.*.*/24 -n -sP | grep report | awk '{print $5}'
Nmap:
Once the IP has been discovered the attacker
needs to know the list of open ports and its associated services. We
can use nmap to achieve those. We can scan all ports and we can also
determine what the OS which is running in the target is. This will
help us to understand the different vulnerabilities and the security
weakness in the target.
Nikto:
Nikto is one of the awesome tool which helps
in finding the web based vulnerabilities in the target system. We can
see there is an open port for http, we can use Nikto to find apache
based vulnerability and try to exploit them. Nikto
-host 192.168.0.8
We can see there are lot of open
vulnerabilities suggested but we can take issues related to OpenSSL
(mod_ssl/2.8.4) and the samba services. Upon searching over the
internet I came to know that there are exploit available for the
OpenSSL (mod_ssl/2.8.4). Please follow the below steps to achieve it.
Download exploit at
https://www.exploit-db.com/exploits/764/
Once the openfuck.c has been compiled as per
the instruction, we can run the. /openfuck
compiled binary with the offset and the IP as its arguments.
As we already knew that Kioptirx is based on "Apache/1.3.20
(Unix) (Red-Hat/Linux)" from the above nikto binary and execute
it as below.
We can use the next attack Samba service
(139/tcp open netbios-ssn Samba smbd). Though we know the host has
samba vulnerability but it’s needed to know what the version of
samba server installed is. This can be achieved as below.
As they say there are always more than 1 way to
exploit, we can use the exploit available in the url
https://www.exploit-db.com/exploits/10/
if samba service is running in the remote host machine but as with
the present scenario, the service was not running so we choose a
different method to exploit.
Exploiting via
metasploit: