You might be wondering what I'm doing with a super easy, circa 2010, vulnerable machine.  Recently, someone pointed me to a new certification and the very first vulnerable system to exploit is this box.  It turns out that I've never rooted, or written up, this box but I was curious as to how the current version of myself would take on this box.  So that's basically what this is about.  Moving on...

The description states:  This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

The description states "Easy" and I think that pretty much sums it up.  A few moving parts, more than a lot of "Easy" rated boxes but nothing so challenging as to takes its rating any higher.

As always, we kick off with Nmap:

According to the description:  "The SoundStation IP 5000 boosts productivity and reduces listener fatigue by turning ordinary conference calls into crystal-clear interactive conversations."  Looks like you can still get them from CDW for about $500 although you can get them used for about $20-30.  With the latest firmware, this unit is vulnerable to cross site scripting and session hijacking.  Then again, the session hijacking part is not really required because of yet another issue but I'll get to that shortly.