SlideShare a Scribd company logo

Kioptrix 2014 5

OSCP Exam Preparation Documents. In This document, we download one vulnerable machine VM image and start analysis on the machine and get root privileged.

1 of 21
Download to read offline
Jayesh Patel
Information Security Specialist
jay.net.in@gmail.com
Kioptrix: 2014 (#5)
This is Vulnhub Vulnerable machine series, In this session we find the root access of this machine.
Download VM :
https://www.vulnhub.com/entry/kioptrix-2014-5,62/
About :
As usual, this vulnerable machine is targeted at the beginner. It's not meant for the seasoned pentester or
security geek that's been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is
help in that regard.
Also, before powering on the VM I suggest you remove the network card and re-add it. For some oddball
reason it doesn't get its IP (well I do kinda know why but don't want to give any details away). So just add the
VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should
be good to go.
This was created using ESX 5.0 and tested on Fusion, but shouldn't be much of a problem on other platforms.
Kioptrix VM 2014 download 825Megs
MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a
SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432
Waist line 32"
p.s.: Don't forget to read my disclaimer..
Hacking Step :
How to get VM IP :
Use “netdiscover -r 192.168.2.89” Command in your Kali linux box
Note : Check Screen shot Tab
Enumeration :
Get Open ports information in target machine, for that we used nmap command for enumerate
open port details and running services with version number. We also get running OS detail.
Note : Check Screen shot Tab
Web Server Port :
We found web server port 80 and 8080, Now we open running web server in our kali machine. with
80 port we get “it Works” web server but when we use 8080 port, it give error like 403.
Now we open web server of target machine with “80” port, and check source information of page.
we can see following lines,
<META HTTP-EQUIV="refresh"
CONTENT="5;URL=pChart2.1.3/index.php">
In this lines you can see “pchart2.1.3” word. Now you can check this word with “searchsploit” and
find any vulnerability available in this application.
http://192.168/pChart2.1.3/examples/index.php?
Action=View&Script=%2f..%2f..%2fetc/passwd
We found above LFI vulnerability in this application, using this vulnerability we can get system details.
with above command we ca get system /etc/passwd file information.
But Now we want to get 8080 port virtual host hosting details, which details available
in /usr/local/etc/apache22/httpd.conf file.
Open this file with LFI vulnerability. like
http://192.168.2.89/pChart2.1.3/examples/index.php?
Action=View&Script=%2f..%2f..
%2fusr/local/etc/apache22/httpd.conf
We found the server running on 8080 with different user-agent. “User-Agent:Mozilla/4.0"
Note : Check Screen shot Tab
Access 8080 hosted web server :
Use following command for access 8080 hosted web server with specific user-agent.
curl -H "User-Agent:Mozilla/4.0" http://192.168.1.68:8080
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul><li><a href="phptax/"> phptax/</a></li>
</ul>
</body></html>
Finally we get above output, In this output you can see one line “href=“phptax”. you can search
exploit for this phptax application using searchsploit command. and found one metasploit exploit.
Note : Check Screen shot Tab
Get Shell using Metasploit :
Now we have shell with web-root user permission. But our goal is to get root access. Using uname
command you can get running operating system and version and patch details.
Note : Check Screen shot Tab
Get Root Privilege Access :
Now we have some of target machine information, like In target machine “FreeBSD” OS running and
version is 9.0. Now use searchsploit command to find root privilege access exploit details.
Now found one exploit “28718.c” using searchsploit command.
Note : Check Screen shot Tab
Screenshot :
Kioptrix 2014 5
Kioptrix 2014 5
Kioptrix 2014 5
Ad

Recommended

[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
How to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesHow to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesMohammed A. Imran
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practicesNeoito
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данныхPositive Hack Days
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияPositive Hack Days
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
Big problems with big data – Hadoop interfaces security
Big problems with big data – Hadoop interfaces securityBig problems with big data – Hadoop interfaces security
Big problems with big data – Hadoop interfaces securitySecuRing
 

More Related Content

What's hot

Ten Commandments of Secure Coding
Ten Commandments of Secure CodingTen Commandments of Secure Coding
Ten Commandments of Secure CodingMateusz Olejarka
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh  - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh  - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado
 
10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to Make10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to MakeJoe Kutner
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL:  Busting Buzzwords & Building BetterPlatform Security IRL:  Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterEqual Experts
 
MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...
MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...
MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...MITRE - ATT&CKcon
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In PhpAkash Mahajan
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...DevDay.org
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Alexander Leonov
 
PHP SuperGlobals: Supersized Trouble
PHP SuperGlobals: Supersized TroublePHP SuperGlobals: Supersized Trouble
PHP SuperGlobals: Supersized TroubleImperva
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 

What's hot (20)

Ten Commandments of Secure Coding
Ten Commandments of Secure CodingTen Commandments of Secure Coding
Ten Commandments of Secure Coding
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh  - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh  - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
 
10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to Make10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to Make
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomware
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL:  Busting Buzzwords & Building BetterPlatform Security IRL:  Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building Better
 
Secure coding in C#
Secure coding in C#Secure coding in C#
Secure coding in C#
 
MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...
MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...
MITRE ATT&CKcon 2018: From Technique to Detection, Paul Ewing and Ross Wolf, ...
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In Php
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
[DevDay2018] Hacking for fun and profit - By: Dennis Stötzel, Head of Securit...
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
 
PHP SuperGlobals: Supersized Trouble
PHP SuperGlobals: Supersized TroublePHP SuperGlobals: Supersized Trouble
PHP SuperGlobals: Supersized Trouble
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10
 

Viewers also liked

Аналитический отчёт LiveInternet.Ru для сайта «Открытой» газеты
Аналитический отчёт LiveInternet.Ru для сайта «Открытой» газетыАналитический отчёт LiveInternet.Ru для сайта «Открытой» газеты
Аналитический отчёт LiveInternet.Ru для сайта «Открытой» газетыOpennewspaper
 
Art sanctuary catalogue 2016
Art sanctuary catalogue 2016Art sanctuary catalogue 2016
Art sanctuary catalogue 2016ToneAa
 
методична розробка урокуменю
методична розробка урокуменюметодична розробка урокуменю
методична розробка урокуменюAnatoliy Movchan
 
A final year research project -part 3 (Literature Review,Results& Conclusion)
A final year research project -part 3 (Literature Review,Results& Conclusion)A final year research project -part 3 (Literature Review,Results& Conclusion)
A final year research project -part 3 (Literature Review,Results& Conclusion)Genesis Akau
 
A final year research project -part 2 (Pre..)
A final year research project -part 2 (Pre..)A final year research project -part 2 (Pre..)
A final year research project -part 2 (Pre..)Genesis Akau
 
YOGA ASANA (YASHIKA GUPTA) PPT
YOGA ASANA (YASHIKA GUPTA) PPTYOGA ASANA (YASHIKA GUPTA) PPT
YOGA ASANA (YASHIKA GUPTA) PPTYashika Gupta
 
3Com 21-0173-003
3Com 21-0173-0033Com 21-0173-003
3Com 21-0173-003savomir
 
Text Animation
Text AnimationText Animation
Text Animationmxsephan
 
3Com 3C906CX-TXM ASSY 03
3Com 3C906CX-TXM ASSY 033Com 3C906CX-TXM ASSY 03
3Com 3C906CX-TXM ASSY 03savomir
 
ALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOS
ALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOSALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOS
ALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOSAdilson Carvalho
 
Hay que enseñar a hacer ensayos
Hay que enseñar a hacer ensayosHay que enseñar a hacer ensayos
Hay que enseñar a hacer ensayosTeresita Alzate
 

Viewers also liked (20)

ABA TECHSHOW 2017: 60 tips in 60 minutes
ABA TECHSHOW 2017: 60 tips in 60 minutesABA TECHSHOW 2017: 60 tips in 60 minutes
ABA TECHSHOW 2017: 60 tips in 60 minutes
 
Bourdreaux
BourdreauxBourdreaux
Bourdreaux
 
VT 04 2017 TWESSENCIAL
VT 04 2017 TWESSENCIALVT 04 2017 TWESSENCIAL
VT 04 2017 TWESSENCIAL
 
Аналитический отчёт LiveInternet.Ru для сайта «Открытой» газеты
Аналитический отчёт LiveInternet.Ru для сайта «Открытой» газетыАналитический отчёт LiveInternet.Ru для сайта «Открытой» газеты
Аналитический отчёт LiveInternet.Ru для сайта «Открытой» газеты
 
Art sanctuary catalogue 2016
Art sanctuary catalogue 2016Art sanctuary catalogue 2016
Art sanctuary catalogue 2016
 
методична розробка урокуменю
методична розробка урокуменюметодична розробка урокуменю
методична розробка урокуменю
 
A final year research project -part 3 (Literature Review,Results& Conclusion)
A final year research project -part 3 (Literature Review,Results& Conclusion)A final year research project -part 3 (Literature Review,Results& Conclusion)
A final year research project -part 3 (Literature Review,Results& Conclusion)
 
A final year research project -part 2 (Pre..)
A final year research project -part 2 (Pre..)A final year research project -part 2 (Pre..)
A final year research project -part 2 (Pre..)
 
Conozcachinameca segunda edicion
Conozcachinameca segunda edicionConozcachinameca segunda edicion
Conozcachinameca segunda edicion
 
Validadores
ValidadoresValidadores
Validadores
 
YOGA ASANA (YASHIKA GUPTA) PPT
YOGA ASANA (YASHIKA GUPTA) PPTYOGA ASANA (YASHIKA GUPTA) PPT
YOGA ASANA (YASHIKA GUPTA) PPT
 
3Com 21-0173-003
3Com 21-0173-0033Com 21-0173-003
3Com 21-0173-003
 
Text Animation
Text AnimationText Animation
Text Animation
 
Viviane lopes
Viviane lopesViviane lopes
Viviane lopes
 
Conheça emilly
Conheça emillyConheça emilly
Conheça emilly
 
3Com 3C906CX-TXM ASSY 03
3Com 3C906CX-TXM ASSY 033Com 3C906CX-TXM ASSY 03
3Com 3C906CX-TXM ASSY 03
 
Tema7 b1b2p3
Tema7 b1b2p3Tema7 b1b2p3
Tema7 b1b2p3
 
Necesidades tecnológicas en colombia
Necesidades tecnológicas en colombiaNecesidades tecnológicas en colombia
Necesidades tecnológicas en colombia
 
ALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOS
ALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOSALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOS
ALIBRAZ SOLUÇÕES EM ALIMENTAÇÃO E SERVIÇOS
 
Hay que enseñar a hacer ensayos
Hay que enseñar a hacer ensayosHay que enseñar a hacer ensayos
Hay que enseñar a hacer ensayos
 

Similar to Kioptrix 2014 5

How to install Vertica in a single node.
How to install Vertica in a single node.How to install Vertica in a single node.
How to install Vertica in a single node.Anil Maharjan
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE
 
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsEffizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsDECK36
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
MySQL Database Service Webinar - Installing WordPress in OCI with MDS
MySQL Database Service Webinar - Installing WordPress in OCI with MDSMySQL Database Service Webinar - Installing WordPress in OCI with MDS
MySQL Database Service Webinar - Installing WordPress in OCI with MDSFrederic Descamps
 
Setting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntuSetting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntukesavan N B
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Workshop MSF4J - Getting Started with Microservices and Java
Workshop MSF4J - Getting Started with Microservices and JavaWorkshop MSF4J - Getting Started with Microservices and Java
Workshop MSF4J - Getting Started with Microservices and JavaEdgar Silva
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesEran Goldstein
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
Programming Server side with Sevlet
 Programming Server side with Sevlet  Programming Server side with Sevlet
Programming Server side with Sevlet backdoor
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsJim Jeffers
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 

Similar to Kioptrix 2014 5 (20)

How to install Vertica in a single node.
How to install Vertica in a single node.How to install Vertica in a single node.
How to install Vertica in a single node.
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
 
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsEffizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
MySQL Database Service Webinar - Installing WordPress in OCI with MDS
MySQL Database Service Webinar - Installing WordPress in OCI with MDSMySQL Database Service Webinar - Installing WordPress in OCI with MDS
MySQL Database Service Webinar - Installing WordPress in OCI with MDS
 
Setting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntuSetting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntu
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rules
 
Workshop MSF4J - Getting Started with Microservices and Java
Workshop MSF4J - Getting Started with Microservices and JavaWorkshop MSF4J - Getting Started with Microservices and Java
Workshop MSF4J - Getting Started with Microservices and Java
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178
 
Virtually Pwned
Virtually PwnedVirtually Pwned
Virtually Pwned
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniques
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
Programming Server side with Sevlet
 Programming Server side with Sevlet  Programming Server side with Sevlet
Programming Server side with Sevlet
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 

Recently uploaded

Augmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & DefenseAugmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & Defensethirdeyegen65
 
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS  Clarify, Feature Store, Hyper parameter TuningAWS Overview of AWS  Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS Clarify, Feature Store, Hyper parameter TuningVarun Garg
 
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical ProfessionalsAugmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical Professionalsthirdeyegen65
 
UGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptxUGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptxRitesh Sahu
 
Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Damar Juniarto
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfgalfinprihardiputra0
 
Red shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's CyberspaceRed shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's Cyberspacesttyk
 
Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...ssuser7b7f4e
 

Recently uploaded (9)

Augmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & DefenseAugmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & Defense
 
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS  Clarify, Feature Store, Hyper parameter TuningAWS Overview of AWS  Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
 
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical ProfessionalsAugmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
 
UGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptxUGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptx
 
Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdf
 
Red shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's CyberspaceRed shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's Cyberspace
 
Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...
 

Kioptrix 2014 5

  • 1. Jayesh Patel Information Security Specialist jay.net.in@gmail.com Kioptrix: 2014 (#5) This is Vulnhub Vulnerable machine series, In this session we find the root access of this machine. Download VM : https://www.vulnhub.com/entry/kioptrix-2014-5,62/ About : As usual, this vulnerable machine is targeted at the beginner. It's not meant for the seasoned pentester or security geek that's been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard. Also, before powering on the VM I suggest you remove the network card and re-add it. For some oddball reason it doesn't get its IP (well I do kinda know why but don't want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go. This was created using ESX 5.0 and tested on Fusion, but shouldn't be much of a problem on other platforms. Kioptrix VM 2014 download 825Megs MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432 Waist line 32" p.s.: Don't forget to read my disclaimer.. Hacking Step : How to get VM IP : Use “netdiscover -r 192.168.2.89” Command in your Kali linux box Note : Check Screen shot Tab Enumeration : Get Open ports information in target machine, for that we used nmap command for enumerate open port details and running services with version number. We also get running OS detail. Note : Check Screen shot Tab Web Server Port : We found web server port 80 and 8080, Now we open running web server in our kali machine. with 80 port we get “it Works” web server but when we use 8080 port, it give error like 403. Now we open web server of target machine with “80” port, and check source information of page. we can see following lines,
  • 2. <META HTTP-EQUIV="refresh" CONTENT="5;URL=pChart2.1.3/index.php"> In this lines you can see “pchart2.1.3” word. Now you can check this word with “searchsploit” and find any vulnerability available in this application. http://192.168/pChart2.1.3/examples/index.php? Action=View&Script=%2f..%2f..%2fetc/passwd We found above LFI vulnerability in this application, using this vulnerability we can get system details. with above command we ca get system /etc/passwd file information. But Now we want to get 8080 port virtual host hosting details, which details available in /usr/local/etc/apache22/httpd.conf file. Open this file with LFI vulnerability. like http://192.168.2.89/pChart2.1.3/examples/index.php? Action=View&Script=%2f..%2f.. %2fusr/local/etc/apache22/httpd.conf We found the server running on 8080 with different user-agent. “User-Agent:Mozilla/4.0" Note : Check Screen shot Tab Access 8080 hosted web server : Use following command for access 8080 hosted web server with specific user-agent. curl -H "User-Agent:Mozilla/4.0" http://192.168.1.68:8080 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /</title> </head> <body> <h1>Index of /</h1> <ul><li><a href="phptax/"> phptax/</a></li> </ul> </body></html> Finally we get above output, In this output you can see one line “href=“phptax”. you can search exploit for this phptax application using searchsploit command. and found one metasploit exploit. Note : Check Screen shot Tab Get Shell using Metasploit :
  • 3. Now we have shell with web-root user permission. But our goal is to get root access. Using uname command you can get running operating system and version and patch details. Note : Check Screen shot Tab Get Root Privilege Access : Now we have some of target machine information, like In target machine “FreeBSD” OS running and version is 9.0. Now use searchsploit command to find root privilege access exploit details. Now found one exploit “28718.c” using searchsploit command. Note : Check Screen shot Tab Screenshot :