The document discusses the kioptrix level 1 boot-to-root challenge on Vulnhub, which aims to teach users basic tools and techniques for vulnerability assessment and exploitation. It outlines the steps to discover the vulnerable IP using netdiscover and nmap, identify open ports, and exploit vulnerabilities using tools like nikto and Metasploit. The author provides helpful resources and links for downloading the kioptrix VM and required exploits.

1. Boot-To-Root KIOPTRIXLevel -1
I am starting a series of post writing about most important and useful Vulnhub
challenges. In this post we can take a look into Kioptrix vulnerable VM.
Kioptrix:
This Kioptrix VM Image are easy challenges. The object of the game is to acquire
root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability
assessment and exploitation. There are more than one way to successfully complete the
challenges.
Source: http://www.kioptrix.com/blog/test-page/
Steps:
Netdiscover | arp –n: To discover the vulnerable IP
Nmap : To get all open ports and versions
Nikto : Get a list of web based vulnerabilities.
Msfconsole: Exploiting via metasploit
How it’s done:
Download the Kioptrix level 1 VM and import it to the virtual box. Once it’s done
and make sure the network has enabled and configured properly.
Kioptirx VM: http://www.kioptrix.com/blog/dlvm/Kioptrix_Level_1.rar
Virtual box: https://www.virtualbox.org
Netdiscover | arp –n:
Once the VM is up and running we need to find the IP of the vulnerable Linux OS.
We can use Netdiscover and arp to get the IP address. The same came be accomplished
via nmap too. Netdiscover finds all IP’s and its associative MAC address. We can identify
the target OS along with its MAC address assigned in the VirtualBox.
>Netdiscover
>arp –a –n
>nmap 192.168.*.*/24 -n -sP | grep report | awk '{print $5}'

2. Boot-To-Root KIOPTRIXLevel -1
Nmap:
Once the IP has been discovered the attacker needs to know the list of open ports
and its associated services. We can use nmap to achieve those. We can scan all ports and
we can also determine what the OS which is running in the target is. This will help us to
understand the different vulnerabilities and the security weakness in the target.
Nikto:
Nikto is one of the awesome tool which helps in finding the web based
vulnerabilities in the target system. We can see there is an open port for http, we can use
Nikto to find apache based vulnerability and try to exploit them. Nikto -host 192.168.0.8

3. Boot-To-Root KIOPTRIXLevel -1
We can see there are lot of open vulnerabilities suggested but we can take issues related
to OpenSSL (mod_ssl/2.8.4) and the samba services. Upon searching over the internet I
came to know that there are exploit available for the OpenSSL (mod_ssl/2.8.4). Please
follow the below steps to achieve it.
Download exploit at https://www.exploit-db.com/exploits/764/
Once the openfuck.c has been compiled as per the instruction, we can run the. /openfuck
compiled binary with the offset and the IP as its arguments. As we already knew that
Kioptirx is based on "Apache/1.3.20 (Unix) (Red-Hat/Linux)" from the above nikto binary
and execute it as below.
We can use the next attack Samba service (139/tcp open netbios-ssn Samba smbd).
Though we know the host has samba vulnerability but it’s needed to know what the
version of samba server installed is. This can be achieved as below.

4. Boot-To-Root KIOPTRIXLevel -1
As they say there are always more than 1 way to exploit, we can use the exploit available
in the url https://www.exploit-db.com/exploits/10/ if samba service is running in the
remote host machine but as with the present scenario, the service was not running so we
choose a different method to exploit.
Exploiting via metasploit:

5. Boot-To-Root KIOPTRIXLevel -1