Kioptrix: Level 1 (#1) Walkthrough

Siddhesh Parab
4 min readMay 10, 2020


Vulnhub is a platform that provides with VM(virtual machine) images,which are vulnerable by-design and help to gain practical hands-on experience in Pentesting.

Kioptrix is series of CTF(Capture The Flag) like VM’s ,where need to gain root privileges on the machine. Kioptrix is a boot2rooot machine.

Link to the image file:,22/


So,now we need to know the Internal IP address of the Kioptrix machine so we the command in the terminal:

The highlighted part is our Kioptrix machine

Nmap Scan:

nmap -sC -sV

Port 22:

We tried ssh but didn't succeed as its asking for password so lets enumerate further.Later we shall also try brute-forcing ssh using “Hydra”.

Port 80:

Visiting the webpage we see a default Apache Test page.

So,letz run Gobuster in the background and search for hidden directories.

gobuster dir -u -w /opt/DirBuster Lists/directory-list-2.3-medium.txt

but didn't find any interesting directories. :(

Port 443:

While vising the page it shows us:

As port 443 is used for HTTPS(Hyper Text Transfer Protocol Secure) we need to add “https://” in the URL section.

This is the normal test page

Searching on google for exploits of Apache:

We get an publicly available exploit on Exploit-db.

On seeing the note section(1st line) of the exploit it directs us to the updated exploit.

The link to the updated exploit:

But due to some reasons even the updated exploit has some corrections in the code.

We have have a working exploit on the github.


Letz git clone the repository.

git clone

Now we need to install the dependent library for the exploit.

apt-get install libssl-dev

After unpacking letz see the contents;

cd OpenFuck/

Its Compile Time:

gcc -o exploit OpenFuck.c -lcrypto

gcc : GNU Compiler Collections is used to compile the programs written in C and C++

o : the file name to place the output into

Its time to run the exploit:


Now the exploit shows the various versions of Apache Server and the Operating system.From our nmap scan we get to know our OS and the Apache service version.

Corresponding to each version we have a label for it.

So our label on the given services is “0x6b”

Let run the exploit with specified label:

./exploit 0x6b 443 -c 40

Huraay ! we got the shell


And we already are the root.

So, this was a beginner boot2root machine of the Kioptrix series.Gaining a root on the machine releases “dopamine” which makes you happy and you feel motivated for solving the next VM’s too.This kind of spirit and motivation is needed everyday inorder to grow in this Infosec field.As this field is all about learning each-day.



Siddhesh Parab

Cyber Security | n00b | Learner