Vulhub : Kioptrix Level 2

 Hi all

 Today we are going to play with kioptrix level 2 from vulhub and try to explore differente way to get root access.

I used to start with nmaping the target :

For the SSH service i didn't see any thing that we can do with right now so i m going to explore the web server : 

 it's a login page and administrator can be as username so we have two way bruteforce or sql injection to bypass the authentication form the second one it will very quick so let's give a try :

Yes we have bypassed the login page this interface give us the possibility to run ping so the first thing that came to my mind is command injection so let's try : 

Now it's time to reverse shell (i used reverse shell cheat sheet from pentestmonky):

i fired the command nc -nlvp 1234 in my kali machine : 

That's greate i have shell now as apache user so it's time for privilege escalation enumeration : 

the kernel is vulnerable so i think we can exploit this part : 

  I m going to use this exploit for privilege escalation from exploit database : 

 i have set up and FTP server in my kali machine for file transfert into kioptrix 2 VM 

Now it's time to get root access : 

Mission achieved successfully

(I will update this article with other way to root this box)

Thank you for reading see you on another mission (kioptrix Level 3)

Abdelmouhsine Bouaouda

THM: Get Bounty Hacker

Hi All

Today we are going to play i new box the bounty hacker from Tryhackme

I used to start my enumeration process with nmap :

I discovered three services :

Nice let's see if we can access FTP with anonymous account :

Some juicy information :

here's a username the second file contain some password so i will try bruteforce ssh service :

Great i will access the server and get user flag :

Now i have to find the root flag :

Mission achieved it was simple with GTOFBIN.

I hope that you enjoyed reading.

Kind regards

Abdel