Today I am going to solve Kioptrix VM from vulnhub.com
First I need to find IP address of Target Machine; I will be using netdiscover command from Linux
Netdiscover -r 192.168.150.1/24
192.168.150.128 – Kali Linux (Attacker)
192.168.150.129 – Kioptrix VM (Vulnerable Machine)
Now I will perform port scan on Target Machine by using nmap to find the available open ports.
We can see two ports are open 80 and 8080
Now I run nikto scanner on target machine, but didn’t any fruitful information.
I opened IP in browser as it is running on port 80, and we can see text as “It Works”
Now I gone view-source in browser and found interesting URL in comments.
I accessed that URL and found it is running pChart2.1.3.
Searched if any exploits there for pChart2.1.3 and found directory traversal is there
I tried to access /etc/passwd, it worked
From Nmap we found target machine is running on Apache searched for httpd.conf file using directory traversal vulnerability
found Virtual Host supporting 8080 and “Mozilla4_browser”
I tried to access the host on port 8080, it throws a message “Forbidden”
I used the Tamper Data addon of firefox and change the useragent as Mozilla 4
On Changed useragent now I can access port 8080 and found phptax is running
Searched for phptax exploit in metasploit console and found an excellent Remote Code Injection exploit
Used Metasploit exploit and exploit the Target Machine, but here I am not the root
After getting shell I searched for on which version of kernel target is running and found FREEBSD 9.0
I used Netcat(Swiss Army Knife) to transfer file from Attacker Machine to Target Machine
Compiled exploit and run and we became the root user