This is a straight-forward box that has been well documented before I even started down my ‘hacking’ path. So, I will more a less cut to the chase here as the main things you need to learn is:
1. How to Scan
2. How to Enumerate Ports
3. How to Search Google for Exploits
My Setup that I have used:
Assuming you have set this up in your home environment in either VMWare Workstation / Fusion, or Virtual Box, your home DHCP server gave it an IP address. Or you were smart and set it up as a host-only interface and or did not give it internet access at all. Either way, never have these machines running on your home network unless you are hacking away at it, ALWAYS SHUT IT OFF WHEN YOU ARE DONE! Safer than sorry!
There’s really two ways you can go about doing this, 1.) just look for newly leased IP address from your router or 2.) NMAP scan / run netdiscovery — I personally used netdiscover
The IP Address for my instance of Kioptrix is 192.168.1.104.
We run – Nmap -sC –sV –oA nmap 192.168.1.104
We can see that this is running several old and out of date services. The first one I am going to look for exploits is Apache as web servers are always a great way in. But, just make sure you search for exploits based on service and version, check google and exploitdb.
Looks like there is an exploit with possible remote code execution. The exploit OpenFuck takes advantage of an OpenSSL Buffer Overflow Vulnerability. We’ll grab the source code from ExploitDB with wget, compile it, and run it against the vulnerable machine:
From root Sat Sep 26 11:42:10 2009
Return-Path: <[email protected]>
Received: (from root@localhost)
by kioptix.level1 (8.11.6/8.11.6) id n8QFgAZ01831
for [email protected]; Sat, 26 Sep 2009 11:42:10 -0400
Date: Sat, 26 Sep 2009 11:42:10 -0400
From: root <[email protected]>
Message-Id: <[email protected]>
Subject: About Level 2
If you are reading this, you got root. Congratulations.
Level 2 won’t be as easy…