CTF - Kioptrix 1

Home Blog


This was in the list of my VMs to pop, and a colleague was in the middle of cracking this so we decided to offer our help and managed to completed it. I decided to do it again at home to further sharpen my blade.

Wesley Snipes Horror GIF - Find & Share on GIPHY

The more time I invest in this, the more I get better!!

SETUP

Took ages for me to set up the machine as it faced a lot of problems. I ended up disabling Audio / USB /Turning my advance settings for network card to PCnet and it worked perfectly.

NETCAT / NETDICOVER

NMAP scan gives me a couple of ports that are opened which looks interesting. Source tells me that when we see a Samba Port opened (139) we should immediately have a look at it. This was the first time doing a Samba port, so it was interesting because I didn’t understand a couple of things.

I immediately typed in searchsploit samba to see if there are any exploits that i could use for samba. Firstly I didn’t find the version so I was going in blind. So I should actually try to enumerate the version.

It gave me a list of exploits to use, but what we chose is below

To use this, I typed in cp /usr/share/exploitdb/platforms/multiple/remote/10.c

This copies the file from the above directory in my current folder. All these files are stored locally and searchsploit searches the database for these exploits.

After this, I compile the exploit by typing in gcc 10.c -o exploit. This compiles the exploit and directs it to an output file called exploit

I typed in ./exploit -bv 192.168.56.3. This brute forces and uses the verbose option on the victim IP.

Managed to get root!

THOUGHTS: