Kioptrix#4 exploitation POC
Hi Friends, this is my first blog and in this blog will look at Kioptrix level 4 exploitation and getting root access, I choose this because this is very simple and contains lot's of vulnerabilities through which we can learn proper pentest from scratch,
Forgive me in any kind of mistakes......
So let's get Started:
You can download its .vmdk file from here and install in your vmwere,
let's try find the IP address of target machine in our network.
netdiscover -r 192.168.43.0/24
Our target
machine is 192.168.43.55 let’s run a quick nmap to verify
Let’s open the
highlighted url in the browser
We got a
password of a user john.
Let’s try to
login in ssh with these credentials.
We are
successfully logged in with the john’s credentials now try to explore further
we can only run these commands try to get shell
with these commands
We got successfully a interactive ssh shell with echo command but we are not root yet somehow we have to be root.
After a lots of research i found the code of web application
And something
very interesting....
Let’s see mysql is running in which privileges,
Mysql in running
as root.
Let’s try to login
Then i found privilege acceleration blog using mysql here. let's try this out,
Successfully run
that command now exit from the mysql and try to be root,
hurrah.......... we got the root.............................!
let's explore it's Other
vulnerabilities:
SQL Injection:
put ' or 1=1-- - in the password field.
and we are here,
LFI:
XSS:
Thanks For Reading,
4 comments
Nicely explained..good keep posting
Great explanation