In the first Stapler walkthrough, we managed a very easy path to a shell by enumerating usernames over SMB and brute-forcing a password with Hydra. From there, some quick digging through the home directories revealed a plain-text password to an account with complete sudo privileges. Root was trivial. In this article, we will take a look at a different route to rooting this box through a "hidden" WordPress blog and a kernel exploit.
Kioptrix 2014 is the fifth and final machine in the Kioptrix series of vulnerable virtual machines from VulnHub. The box is running FreeBSD and has only two ports open to the outside world. In this walkthrough, we will work our way from a simple port scan to gaining root access to this machine.
In my previous Kioptrix Level 4 write-up, we went from boot to root on the Kioptrix 4 machine by exploiting password reuse. Along the way, we found a local file inclusion vulnerability that allowed us to gather some valuable information used in owning the box. In this article, we'll take a deeper look at the LFI bug and learn how to use only the LFI to get a reverse shell on the target.
In this write-up, we will walk through rooting Kioptrix Level 1.3 - also known as Kioptrix Level 4. This was a fun box that proved to be a decent challenge as I was not familiar with the privilege escalation vector.
Kioptrix Level 1.2 (also known as Kioptrix Level 3) is the third in the Kioptrix line of vulnerable virtual machines. It is a beginner-level box designed for aspiring penetration testers to learn the ropes. This machine offers several different paths to root. We will go over a few of them in this write-up.
So you've successfully gotten root on Kioptrix Level 1 using the mod_ssl exploit outlined in Part 1. What next? It turns out there is another attack vector we can use to compromise the Kioptrix Level 1 machine. In this walkthrough, we will examine how to gain root access to the Kioptrix machine using an SMB exploit.
The Kioptrix line of vulnerable virtual machines from VulnHub are beginner-friendly boxes that provide novices a gentle introduction to the world of penetration testing. Kioptrix Level 1 is the first in this series and explores the very basics of scanning, enumeration, vulnerability discovery, and exploitation.
The first Kioptrix machine was released all the way back in 2010. Due to its age, users who are trying to work with Kioptrix today will run into a few headaches. In particular, getting networking to work correctly can be troublesome.