Kioptrix Level 1

Vulnhub Kioptrix Level 1 Gain Root

So this is my first solo vulnerable box I have completed outside of TryHackMe and any other CTF site, I seen this whilst going through my Practical Ethical Hackers Course from TCM Security. When i first seen it I didn't have a clue what to do so i binned it off and went back to THM - Couple months later I'm aware of Reverse Shells, msfconsole, vulnerabilities etc etc so i decided to give it another go and today i got it. So here's the walk through.

Load up Kioptrix Level 1 in a VM. Head over to Kali and search for networks 'netdiscover'

I had these displayed but done a quick nmap -sV on 192.168.121.130 and discovered it was my Kioptrix.

Nmap

No you have your results from NMAP search for Vulnerabilities. I am using mod_ssl/2.8.4

Red-Hat mod-ssl/2.8.4 Exploit

Searching for Mod_ssl 2.8.4 on Google brings up OpenFu*k/OpenLuck Exploit, You will have to install this on your attack machine in order for it to work. Now as newly discovering this I'm not wanting to teach anyone to suck eggs but changing into the directory helps alot! since I found out. :-)

Installation details below

git clone https://github.com/heltonWernik/OpenFuck.git
apt-get install libssl-dev
cd /OpenFuck
gcc -o OpenFuck OpenFuck.c -lcrypto
./OpenFuck

Running OF with Machine IP to attack cd/OpenFuck ./OpenFuck 0x6b 192.168.121.130 < I tried this one first but also tried the second and both worked ./OpenFuck 0x6b 192.168.121.130 -c N

./OpenFuck IP

We've now gained access to the Machine and via root In the terminal type whoami and you will be presented with root.

Root

Now I know we have root access it's time to explore, cd .. (Change Directory)

cd ..

Have a play around and search the system for files, image or anything you need however i wanted access and a password to the machine. cd /etc and then dir then we are going to open passwd

type passwd in the console

As this was my first attempt i was thinking surely this isn't it and all i have to do is change the password but I was surprised.

Initially i was faced with bad password and it's based on a dictionary word but i continued to type and it just spat out all authentication tokens updated successfully. Now Head over to Kioptrix and login as root using our new password.

It worked.

And there we go, gained root on Kioptrix Level 1 - Not going to say it was easy for me because it took some time especially during the hunt for vulnerabilities. There's a millions and one rabbit holes to fall down and sometimes a little nudge in the right direction helps. So i hope this helps others gain root and even if its to just look up one keyword to trigger you brain then it's all good.

Let me know if you've managed to gain root especially beginners. Find me on Twitter or add me as a friend on TryHackMe Downloads: Kioptrix