Pages

Friday, May 29, 2020

Vulhub:Kioptrix level1 let's try

Hi All

Today we going to play with Kio1(Kioptrix1) First step in the road to OSCP certification :

My game start as always with nmap scanning :




so we have to explore each service to see if their s any way to get root of the Kioptrix1 VM

for the ssh service nothing found so il will move to the second service.

port 80 we have apache 1.3.29 we have also port 443 ssl_mode  :


so openfuck seems very interesting so let's give a try :

this how to use the C code :


Misson done :


we have root acces .

Let 's see explore the remaining port :

the rpc port are for file sharing via smb so version enumeration :


it 's vulnerable version so you can use this from exploitdb :





it's also done after compile and execute yes it s done i have root acces easly. :



for directory bruteforcing
so i have tested with many wordlist in wfuzz directory so i found as directory:
/cgi-bin/
/mrtg
/usage
/manual
as file
test.php : it contain just a php code for test nothing else and an href=resource://content-accessible/plaintext.css

Target: http://192.168.0.136/mrtg/FUZZ.html
Total requests: 45463

==================================================================
ID      Response   Lines      Word         Chars          Payload
==================================================================

017405:  C=200    130 L      511 W         4342 Ch        "forum"
021445:  C=200    423 L     1485 W        17318 Ch        "index"
033776:  C=200   1200 L     6038 W        48684 Ch        "reference"
038982:  C=200    109 L      463 W         4115 Ch        "squid"

Total requests: 3036

==================================================================
ID      Response   Lines      Word         Chars          Payload
==================================================================

001119:  C=200    130 L      511 W         4342 Ch        "forum"
001375:  C=200    423 L     1485 W        17318 Ch        "index"
001646:  C=200    123 L      431 W         3659 Ch        "logfile"

after visiting the /mrtg/index.html it s about MRTG 2.9.6 so i mgoing to look in that to see what i can get
i have inspected folder nothing and navigation in the wbesite nothing just documentation of the mrtg tool


Thank you for reading see in the next article Kioptrix 2

Kind regards

 Abdelmouhsine Bouaouda
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Offensive Lab : simple Format string challenge

 Hi All  Today i will write about a very easy challenge from Offensive LAB where you can solve it through using reverse engineering techniq...

  • Tryhackme : Dav
    Hi All I m trying to do Dav box in Tryhackme so here s my note during the process of pentesting : after a scan with nmap i found http port 8...
  • TryHackme : Boiler CTF
    HI All Lets play another box in tryhackme and learn something new today it will be Boiler CTF room I used to start any box  enumeration wi...