Kioptrix Level 1.2 Walkthrough
The first objective is to find the ip of the victim machine. The attacker begins with netdiscover to find the ip address of the new Kioptrix1.2 machine.
The ip of kioptrix 1.3 is listed as 172.16.158.130 as seen above. Next he uses nmap to see which ports are open and possibly see which services are running on those ports. Listing the ports and services will help the attacker identify any potential vulnerabilities.
He sees that port 80 is open and is running Apache. This means the target machine is most likely hosting a website. The attacker enters the ip of the target machine into his web browser for further evaluation.
There is a link labled login which brings him to a login field.
The attacker tries SQL injection on this page but it does not work this time. The attacker returns to the home page for further evaluation. He clicks on the link at the bottom of the page describing a new gallery.
The link brings him to a new page with several pictures. He then navigates to a page with a drop down menu. This drop down menu could potentially be vulnerable to an SQL injection attack.
The attacker uses sqlmap on the drop down menu to see if it is vulnerable to sql injection. He also uses the dump command.
Using sqlmap on the dropdown menu resulted with some log in credentials. The attacker attmempts to ssh into the target machine using the login name and password he found using sqlmap.
Not only do the credentials work, but sudo -l reveals that they are also root credentials. Better luck next time Kioptrix!