Writeup-Vulnhub-Kioptrix #5

The exploitation of a vulnerable FreeBSD OS machine, rooting it by escalating privileges

Muhammad Luqman
InfoSec Write-ups
Published in
6 min readSep 20, 2020

--

Ninja Cyber by Anggara Ts

This writeup goes through exploiting outdated services/applications to get a root shell on the machine. The Target machine being used in Kioptrix 2014 available on Vulnhub.

Objective:

  1. Find Hidden Directories
  2. Exploit outdated versions of web application services
  3. Intercept traffic via burp suit and replay to get restricted access to URL paths

Getting Started

To get started download the ova file available on Vulnhub. Open the file on your VMware or Virtual Box. Fire up you Kali-Linux or Parrot distribution for attacking the target machine

Recon & Scanning Phase

Use netdiscover to know the IP of our target machine. Since we don’t know the IP we will scan the whole range of the network using the following command

netdiscover -r 192.168.0.0/16

So we have our target IP now as seen below

Target Machine IP discovered via netdiscover

Now that we have our target machine’s IP address lets do a Nmap scan to find out what services are running on the target machine

Nmap scan

From the scan above following two ports are open

  1. Port 80
  2. Port 8080

Enumeration

Both Ports are running Apache httpd 2.2.21 server. Let’s dig a little deep and navigate to the target machine IP addresses using these ports in the URL

Target Machine using Port 80

--

--

Information Security Enthusiast | MS InfoSec | CEH | Cybersecurity Writer