Friday, June 13, 2014

[WALKTHROUGH] KIOPTRIX Level 5 (2014)


Sorry guys...just noticed I have pending the post for Kioptrix 2014...

So, let's start with Nmap finding out the target host IP and continue with some reconnaissance steps...



Checking out their web page source code...


pChart vulnerable point enable for command execution...

Let's check on the apache config file so find out why we cant access to the webpage with port 8080...


Found the culprit who is controlling the access to the web page at port 8080...

Get the "User Agent Switcher" add-on in Firefox/Iceweasel and change our user agent to be able to access to the web page... :)


Another vulnerable phptax application... for more details, please Google it up... :))


Download the shell payload from our web hosting...

And execute it...


You must set a listener at your attacking host before you launch the payload...and we got a shell on the target host...


Next thing is to escalate our shell to root privilege...

Search for the local exploit and exploit it...


Just another root shell... XD





Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)