Posts

Showing posts from July, 2019

Kioptrix Level 4 Walkthrough (OSCP friendly)

By -
Image
Kioptrix level 4 walkthrough. (OSCP Friendly) Starting with Enumeration and finding low hanging fruits , but since its level 4 it is expected to not have a quick root exploit. So Nmap tells us the following info, I am not going to write the basic nmap commands go with default scripts , enumerate versions , top port scan , udp scan, in case you couldn’t find any service in top ports scan go with full port scan (-p-). Services- 22 SSH-                OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)                No exploit for this version using searchsploit.                80 Web Server                Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch)   ...
Post a Comment
Read more

Kioptrix 3 Walkthrough (OSCP friendly)

By -
Image
Kioptrix level 3 Walkthrough OSCP friendly. Lets start the VM, the welcome screen has initial useful info. We need to update the /etc/hosts file with the ip of the VM and kioptrix3.com. Operating System is Ubuntu 8.04.3. Nmap show us Multiple ports and services open. Lets quickly check ssh and webserver for low hanging fruits. Upon Enumeration of ssh, no exploits was found for OpenSSH 4.7p1. Checking web server, no exploits were found for Apache 2.2.8. Browsing through kioptrix3.com , we found some useful information. The gallery app and username. Lets check both of these further. Since we have the username now , lets do a bruteforcing attack on ssh in the background. Using medusa for brute forcing ssh, reason its reliable for ssh bruteforce. medusa -h 192.168.78.141 -u loneferret -P /usr/share/wordlists/fasttrack.txt   -M ssh In Web application the login page URL seems suspicious, looks like it is using the page name as argument. http...
Post a Comment
Read more

Kioptrix level 2 Walkthrough

By -
Image
Kioptrix is a series of vulnhub machines. Below is the walkthrough of the second machine of this series. The walkthrough is oscp friendly. Kioptrix level 2 Lets Start with Nmap Command used : nmap -sC -sV 192.168.78.140 We’ve got a number of ports open. I started with openssh 3.9p1, searched for an exploit on exploit-db but couldn’t found a version specific. Moving on to port 80 ,The WebServer. We are greeted by the following screen. A login page, lets do a bruteforce on it in the background and try basic sql injection on the authorization system. Upon giving username as test and Password as   test’or 1=1#-- - We got in. What do we have here… a program to run ping command. But ping command is a system command. Lets try if it can run multiple system commands with ; YES , we execute the following commands for system enumeration for a shell. Whoami;hostname;cat /etc/passwd Which nc Which python The results told us there is no netc...
Post a Comment
Read more