Pages

Sunday, May 27, 2012

[Learning] Kioptrix level two -- injection


Links:
watch the HD video online: http://vimeo.com/f4l13n5now/kioptrix2
Description:
"This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges."
                                                                                                                                 --------- Kioptrix team
Attacker:
Backtrack 5 R2
IP: 192.168.1.15/24
Victim:
Kioptrix level 2
IP: 192.168.1.102/24
vulnerability & exploit:
1, SQL Injection & Command Injection
2, ip_append_data() ring0 Root Exploit

Attacking process:
1, discover the vulnerable services:
use NMAP to probe the opening ports and services
nmap -sS -sV -O 192.168.1.102 -v
found the following services:
[1] HTTP service running on port 80
2, exploit vulnerable services:
[1] exploit SQL & Command injection vulnerability to get remote shell
[2] exploit ip_append_data() ring0 Root Exploit to get root privilege

Reference:
[1] Kioptrix download link
[2] Tutorial on g0tmi1k's Blog

Posted by at

3 comments:

  1. UnknownJanuary 31, 2021 at 7:52 AM

    Thanks for this paragraph. Its seems like more help peoples
    https://sattaguruji.in

    ReplyDelete
  2. UnknownJanuary 31, 2021 at 7:53 AM

    Thanks for this paragraph... Its seems like more help peoples
    https://sattaguruji.in

    ReplyDelete
  3. UnknownFebruary 14, 2021 at 6:57 AM

    http://sattakingbaba.com is the no. 1 amd trusted indian satta gambling website. Here you find the fastest result of satta king games direct from satta market.

    ReplyDelete

Subscribe to: Post Comments (Atom)