Pages

Saturday, August 8, 2020

Vulhub : Kioptrix Level 2

 Hi all

 Today we are going to play with kioptrix level 2 from vulhub and try to explore differente way to get root access.

I used to start with nmaping the target :

For the SSH service i didn't see any thing that we can do with right now so i m going to explore the web server : 

 it's a login page and administrator can be as username so we have two way bruteforce or sql injection to bypass the authentication form the second one it will very quick so let's give a try :


Yes we have bypassed the login page this interface give us the possibility to run ping so the first thing that came to my mind is command injection so let's try : 

Now it's time to reverse shell (i used reverse shell cheat sheet from pentestmonky):

i fired the command nc -nlvp 1234 in my kali machine : 

That's greate i have shell now as apache user so it's time for privilege escalation enumeration : 

the kernel is vulnerable so i think we can exploit this part : 

  I m going to use this exploit for privilege escalation from exploit database : 

 i have set up and FTP server in my kali machine for file transfert into kioptrix 2 VM 

Now it's time to get root access : 

Mission achieved successfully

(I will update this article with other way to root this box)

Thank you for reading see you on another mission (kioptrix Level 3)

Abdelmouhsine Bouaouda

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Offensive Lab : simple Format string challenge

 Hi All  Today i will write about a very easy challenge from Offensive LAB where you can solve it through using reverse engineering techniq...

  • Tryhackme : Dav
    Hi All I m trying to do Dav box in Tryhackme so here s my note during the process of pentesting : after a scan with nmap i found http port 8...
  • TryHackme : Boiler CTF
    HI All Lets play another box in tryhackme and learn something new today it will be Boiler CTF room I used to start any box  enumeration wi...