Kioptrix 1 : Walkthrough

by Vince
in Blog
Hits: 465

You might be wondering what I'm doing with a super easy, circa 2010, vulnerable machine.  Recently, someone pointed me to a new certification and the very first vulnerable system to exploit is this box.  It turns out that I've never rooted, or written up, this box but I was curious as to how the current version of myself would take on this box.  So that's basically what this is about.  Moving on...

The description states:  This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

To quickly get some ports, I avoid all of the flags except for all ports:

Viewing the open web port:

With a list of ports, now we come in with the additional flags but only pointing to the ports we got from the previous scan.

Lately, I've been taking courses that don't limit tool use and so even though this is a beginner box, I fire up Nessus and treat this like it's an actual engagement.

Moving in parallel, always, we want to get the version of Samba which didn't get uncovered during our Nmap scan.

Using Searchsploit, we look for exploit related to Samba 2.2:

This is an old exploit that I've used numerous times, I'm familiar with it, and I know it works.

We get root.  And now we go for the flag:

We so some post exploitation hunting:

And we crack the hashes: