Welcome to my attempt at the CTF Kioptrix Level 1 created by Kioptrix available at vuln hub here
As always lets discover the target ip with netdiscover, which we do.
killer, now lets run nmap on that address to enumerate all the details about our target.
After running our standard nmap scan we can see the following applications and services running.
So that Apache server looks like it could be the go as it looks out of date. I fired up searchsploit and looked up apache/openssl in an attempt to find the easiest way in (cause im lazy) and got a hit.
Ok great, i copied that to my desktop using my 1337 hacker skills and this helpful guide
After running it i ran into a most unrighteous error
I did a bunch of research and found out i needed to install an openssl library for the exploit to run, so after installing libssl with the following command i tried again.
I ran the exploit again we are given a list of options to use depending on the system architecture being attacked, in this instance our system is
0x6b – RedHat Linux 7.2 (apache-1.3.20-16)
so we use that as the operatorand violin (thats a meme i know its really Voila) Shell-town-USA
There are most likely other ways into this box, but as we have root through this exploit i will move on to another.
Thanks for coming along.