watch the HD video online: http://vimeo.com/f4l13n5now/kioptrixlevel3
"This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges. "
--------- Kioptrix team
Backtrack 5 R2
IP: 192.168.1.2/24
Holynix level 2
IP: 192.168.1.18/24
vulnerability & exploit:
1, GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection
2, Remote File Traversal & Local File Inclusion Exploit
3, Arbitrary File Upload Exploit
Attacking tools:
1, nmap
2, SQLMAP
3, Exploit-DB
4, John The Ripper
5, Metasploit
Attacking process:
1, Reconnaissance & Enumeration:
use nmap to sweep the active hosts in the network:
nmap -n 192.168.1.0/24
use NMAP to probe the opening ports and services:
found the following services:
[1] HTTP service running on port 80
[2] SSH service running on port 22
2, exploit vulnerable services:
[1] exploit the Remote Directory Traversal vulnerability to get users ("/etc/passwd")
[2] exploit the GALLARIFIC PHP Photo Gallery Script (gallery.php) SQL Injection to get users and hashed password
[3] use JTR to crack those passwords
[4] login as administrator and upload php attacking payload and reverse connect to attacker machine (got low privilege)
or
[5] use cracked account to login to the server via SSH (upgrade to user privilege)
[6] broswering the server system directories and collect information (found the file "CompanyPolicy.README")
[7] change file "/etc/sudoers" to get root privilege ("allocate loneferret with ALL priviliege")
Reference: