# Kioptrix: Level 1 {% embed url="" %} In this guide, I will be showing you how to gain root access in Kioptrix Level 1. Let me be honest, this is quite an easy hack. This guide is designed so anyone can follow along. Happy Hacking! **Firstly, Download Kioptrix level 1.** The direct download did not work for me, so I downloaded the mirror link and unzipped it. You will know this is done when you have your Kioptrix machine showing in your VMware Workstation. Go into the “Edit virtual machine settings” and make sure that the ‘Network Adapter’ is set to Bridged. Do the same with your Kali Linux Machine. Kioptrix is an old Linux machine, so you can set the ram quite low. Anything over 64 MB should be fine. **Secondly, let’s find the IP address of the machine.** Okay, the easiest way to do this is by cheating just a little bit. Let’s log in to Kioptrix ping anything random and make a note of the IP address you get. There are a few other ways of doing this, but we are just trying to keep things as simple as possible. The login we are going to use is: Username: john Password: TwoCows2 Log into kioptrix > ping a random IP
Now we know the IP of the Kioptrix machine, log out by typing exit, and then certainly, we can get to hacking. **Thirdly, we can start the hacking process.** There are 5 stages to hacking. * Reconnaissance. * Scanning. * Gaining Access. * Maintaining Access. * Covering Tracks. In this guide, I will only show the essential parts of this specific hack. Hacking is very complex and cannot be summed up in this blog, in short, I will only show a small insight into Reconnaissance, Scanning and Gaining Access. Emphasis on SMALL INSIGHT! **Reconnaissance and Scanning** Run a Nessus Scan to begin with Study the results Run a nmap scan the syntax I used is below. ``` nmap -A -T4 -p- (Target IP address) ``` Few interesting finds here we get a lot of information. Run a Nikto scan… ``` nikto -h http://192.168.0.23 ``` ``` nikto -h https://192.168.0.23 ``` Using a few different scanning methods we can confirm information. Sometimes you get false positives, however, seeing something appear on more than one scan is very juicy. So many different angles to go at this machine by the results, I have underlined a few. After a lot of research, I found a few methods to get in. There are many more! **Method 1:** Metasploit: Using Metasploit I managed to find a module that exploited Samba (Running on port 139) After some trial and error, with different modules and payloads eventually, I was able to get a root shell. Below are the exploit and the options set. **Method 2:** After some research, I found an exploit on GitHub. It came with instructions to install and compile and also instructions to run it. Following this easy method I was able to get in. Thank you for reading this guide. Hope you learnt something. I will do more in-depth guides in the future. Please watch my video on youtube on this. {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cyber-salih.gitbook.io/cyber-salih/boxes-write-ups/kioptrix-level-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.