Kioptrix: Level 1.3 (#4) walkthrough


Kioptrix#4 exploitation POC

Hi Friends, this is my first blog and in this blog will look at Kioptrix level 4 exploitation and getting root access, I choose this because this is very simple and contains lot's of vulnerabilities through which we can learn proper pentest from scratch,
Forgive me in any kind of mistakes......

So let's get Started:

You can download its .vmdk file from here and install in your vmwere,


let's try find the IP address of target machine in our network.
 
netdiscover -r 192.168.43.0/24


Our target machine is 192.168.43.55 let’s run a quick nmap to verify


I am starting enumeration of port 80 run our best friend dirb in the target machine’s IP which gave us lot’s of juicy directories in result




Let’s open the highlighted url in the browser


We got a password of a user john.



Let’s try to login in ssh with these credentials.


We are successfully logged in with the john’s credentials now try to explore further


we can only run these commands try to get shell with these commands


We got successfully a interactive ssh shell with echo command but we are not root yet somehow we have to be root.

After a lots of research i found the code of web application


And something very interesting....


Let’s see mysql is running in which privileges,


Mysql in running as root.

Let’s try to login


Then i found privilege acceleration blog using mysql here. let's try this out,


Successfully run that command now exit from the mysql and try to be root,


hurrah.......... we got the root.............................!

let's explore it's Other vulnerabilities:

SQL Injection:


put ' or 1=1-- - in the password field.

and we are here,


LFI:

XSS:


Thanks For Reading,
Have a Good Day....
Reach me@ portfolio









4 comments

Author
avatar

Nicely explained..good keep posting

Reply
Author
avatar
Reply
Author
avatar
Reply
Author
avatar
Reply