Kioptrix Level 1.2 Walkthrough

The first objective is to find the ip of the victim machine. The attacker begins with netdiscover to find the ip address of the new Kioptrix1.2 machine.

Image description

The ip of kioptrix 1.3 is listed as 172.16.158.130 as seen above. Next he uses nmap to see which ports are open and possibly see which services are running on those ports. Listing the ports and services will help the attacker identify any potential vulnerabilities.

Image description

He sees that port 80 is open and is running Apache. This means the target machine is most likely hosting a website. The attacker enters the ip of the target machine into his web browser for further evaluation.

Image description

There is a link labled login which brings him to a login field.

Image description

The attacker tries SQL injection on this page but it does not work this time. The attacker returns to the home page for further evaluation. He clicks on the link at the bottom of the page describing a new gallery. Image description

The link brings him to a new page with several pictures. He then navigates to a page with a drop down menu. This drop down menu could potentially be vulnerable to an SQL injection attack.

Image description

The attacker uses sqlmap on the drop down menu to see if it is vulnerable to sql injection. He also uses the dump command.

Image description Image description

Using sqlmap on the dropdown menu resulted with some log in credentials. The attacker attmempts to ssh into the target machine using the login name and password he found using sqlmap. Image description

Not only do the credentials work, but sudo -l reveals that they are also root credentials. Better luck next time Kioptrix!

Written on November 22, 2015