Kioptrix 1.1(#2) Walkthrough

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Hello Everyone, the previous post was walkthrough of level 1 of Kioptrix series. In this blog, I am going to post walkthrough of Kioptrix 1.1 which is 2nd in the series.
So without wasting our time, let’s get started.
Screenshot 2018-12-05 at 2.28.16 PM
Just like the last machine, I was being greeted by this login page. First work was to find the IP Address of my target, Like always I used “netdiscover” and got target IP as 10.0.2.11.
Screenshot 2018-12-05 at 1.09.20 PM
After getting the IP address, next work was to scan the target. I scanned it with the help of “nmap“.
Screenshot 2018-12-05 at 1.10.09 PM
OK so port 80 was open, I browse the port and was greeted by a login page.
Screenshot 2018-12-05 at 1.14.37 PM.png
I tried blind SQL injection and it worked like charm.
Screenshot 2018-12-05 at 1.14.55 PM.png
After logging in, I was presented by the interface to Ping IP address which was vulnerable to code execution Vulnerability.

I got a Reverse shell with the help of this .
Screenshot 2018-12-05 at 1.20.06 PM.png
I started my enumeration and found that the target is vulnerable to this and exploit was also available in Kali.
Screenshot 2018-12-05 at 1.33.21 PMScreenshot 2018-12-05 at 1.57.14 PM
I compiled the exploit and executed it.
Screenshot 2018-12-05 at 2.26.59 PM.png
Screenshot 2018-12-05 at 2.27.08 PM.png
Tadaaaa,I am ROOT..!!
Happy Hunting:)
Visit: Azure Skynet
Visit: CosmicSkills
 
 

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top