Kioptrix: Level 1

In this guide, I will be showing you how to gain root access in Kioptrix Level 1.

Let me be honest, this is quite an easy hack. This guide is designed so anyone can follow along. Happy Hacking!

Firstly, Download Kioptrix level 1.

https://www.vulnhub.com/entry/kioptrix-level-1-1,22/

The direct download did not work for me, so I downloaded the mirror link and unzipped it.

https://download.vulnhub.com/kioptrix/Kioptrix_Level_1.rar

You will know this is done when you have your Kioptrix machine showing in your VMware Workstation.

Go into the “Edit virtual machine settings” and make sure that the ‘Network Adapter’ is set to Bridged.

Do the same with your Kali Linux Machine.

Kioptrix is an old Linux machine, so you can set the ram quite low. Anything over 64 MB should be fine.

Secondly, let’s find the IP address of the machine.

Okay, the easiest way to do this is by cheating just a little bit. Let’s log in to Kioptrix ping anything random and make a note of the IP address you get.

There are a few other ways of doing this, but we are just trying to keep things as simple as possible.

The login we are going to use is:

Username: john

Password: TwoCows2

Log into kioptrix > ping a random IP

Now we know the IP of the Kioptrix machine, log out by typing exit, and then certainly, we can get to hacking.

Thirdly, we can start the hacking process.

There are 5 stages to hacking.

  • Reconnaissance.

  • Scanning.

  • Gaining Access.

  • Maintaining Access.

  • Covering Tracks.

In this guide, I will only show the essential parts of this specific hack. Hacking is very complex and cannot be summed up in this blog, in short, I will only show a small insight into Reconnaissance, Scanning and Gaining Access. Emphasis on SMALL INSIGHT!

Reconnaissance and Scanning

Run a Nessus Scan to begin with

Study the results

Run a nmap scan the syntax I used is below.

nmap -A -T4 -p- (Target IP address)

Few interesting finds here we get a lot of information.

Run a Nikto scan…

nikto -h http://192.168.0.23
nikto -h https://192.168.0.23

Using a few different scanning methods we can confirm information. Sometimes you get false positives, however, seeing something appear on more than one scan is very juicy.

So many different angles to go at this machine by the results, I have underlined a few.

After a lot of research, I found a few methods to get in. There are many more!

Method 1:

Metasploit: Using Metasploit I managed to find a module that exploited Samba (Running on port 139)

After some trial and error, with different modules and payloads eventually, I was able to get a root shell. Below are the exploit and the options set.

Method 2:

After some research, I found an exploit on GitHub. It came with instructions to install and compile and also instructions to run it.

Following this easy method I was able to get in.

Thank you for reading this guide. Hope you learnt something. I will do more in-depth guides in the future. Please watch my video on youtube on this.

PreviousBoxes - Write Ups

Last updated