This Walkthrough is on Kioptrix: Level 1 (#1) Vulnhub Machine made by Author Kioptrix. This VM image Challenge has the objective of acquiring root access in any possible way and the goal is to learn the essential tools and techniques in vulnerability assessment and exploitations. For more details or to download the machine go here.
After download of the machine and setup, Then started to scan the entire network with nmap by using ping scan to find the target machine in the network.
My Target IP Address was “192.168.245.124”, I’ll use Nmap to enumerate more information about my target.
So found as 6 ports are opened, First I will go for HTTP service.
It was a Test page that is running the Apache service and there is nothing interesting that has a hint for us, So I check into the page source but here is the same.
I will go for the subdirectories of the target by using dirbuster tool, After a couple of minutes found nothing important.
So, I’ve noticed port number 139 is open, Which runs the samba service for File and Printing sharing across the network and its open source implementation of (Server Message Block) SMB protocol.
Now, I’ve gone through the online resources to find any exploit available on the Samba service, After some movement surfing of internet have got an exploit Samba trans2open Overflow (Linux X86)
This Exploit is a buffer overflow in samba version 2.2.0 to 2.2.8, Which may allow a remote shell.
So, I used Metasploit to search and exploit this vulnerability.
by search query as “search samba platform:linux”.
The exploit that I used is “exploit/linux/samba/trans2open”.
Here I view the required information needed to configure for proceeding with the exploitations, by command “show options”.
After, setting up the required information and set to go by running “exploit”.
Boooom!!! Successfully acquired the root access and able to execute arbitrary commands as the root user.
I hope you’ve learned and enjoyed this Walkthrough.
We believe that these Practices will educate everyone about ethical hacking, and We do not promote, encourage, support, or excite any illegal activity or hacking.
We will not be responsible for your illegal actions.