Kioptrix: 2014 – Walkthrough

Hi Friends,

Today I am going to solve Kioptrix VM from vulnhub.com

First I need to find IP address of Target Machine; I will be using netdiscover command from Linux

Netdiscover -r 192.168.150.1/24

192.168.150.128 – Kali Linux (Attacker)

192.168.150.129 – Kioptrix VM (Vulnerable Machine)

Now I will perform port scan on Target Machine by using nmap to find the available open ports.

We can see two ports are open 80 and 8080

Now I run nikto scanner on target machine, but didn’t any fruitful information.

I opened IP in browser as it is running on port 80, and we can see text as “It Works

Now I gone view-source in browser and found interesting URL in comments.

I accessed that URL and found it is running pChart2.1.3.

Searched if any exploits there for pChart2.1.3 and found directory traversal is there

I tried to access /etc/passwd, it worked

From Nmap we found target machine is running on Apache searched for httpd.conf file using directory traversal vulnerability

http://192.168.150.129/pChart2.1.3/examples/index.php?Action=View&Script=%2f..%2f..%2fusr%2flocal%2fetc%2fapache22%2fhttpd.conf

found Virtual Host supporting 8080 and “Mozilla4_browser

I tried to access the host on port 8080, it throws a message “Forbidden”

I used the Tamper Data addon of firefox and change the useragent as Mozilla 4

On Changed useragent now I can access port 8080 and found phptax is running

Searched for phptax exploit in metasploit console and found an excellent Remote Code Injection exploit

Used Metasploit exploit and exploit the Target Machine, but here I am not the root

Privilege Escalation

After getting shell I searched for on which version of kernel target is running and found FREEBSD 9.0

I used Netcat(Swiss Army Knife) to transfer file from Attacker Machine to Target Machine

Compiled exploit and run and we became the root user

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

five − two =