Jump to content
alien

Hacking Kioptrix #4 using BT5 - LFI, SQLI, Shell

By alien, in Tutoriale video

Recommended Posts

alien Newbie

alien

Posted
Posted (edited)

Kioptrix Challenge #4 is a special system designed specially with weaknesses build into it. The goal is to gain highest privilege access(root).

The VM image can be downloaded here: Kioptrix ? Challenge VM #4 finally done

Videos:

Limited Shell

Method

Scanned network for the target [Netdiscover]

Port scanned the target [unicornScan]

Banner grabbed the services running on the open port(s) [NMap]

Interacted with the web server & logged into the system anonymously [Firefox & Burp Proxy]

Discovered & exploited an local file inclusion vulnerably to enumerate possible users [burp Proxy]

Logged into the Web UI as each user to discover their password in plain text [Firefox & Burp Proxy]

Remotely connected to as a user and broke out of the limited shell [sSH]

Enumerated the system environment to identifying limiting factors. [iPTables]

Escalated privileges via a vulnerable kernel version [sock_sendpage]

Accessed the 'flag' [Text file]

SQL Injection

Method

Scanned network for the target [Netdiscover]

Port scanned the target [unicornScan]

Banner grabbed the services running on the open port(s) [NMap]

Interacted with the web server & discovered a the web application that is possibly subject to a SQL injection vulnerability [Firefox]

Exploited the SQL injection and enumerated database [sqlMap]

Uploaded a web shell backdoor [sqlMap & Netcat] (Limited user)

Manually performed SQL injection injection to dump database [burp Proxy]

Created a web shell on the target [burp Proxy & Netcat] (Limited user)

Created a backdoor shell via a cron job [burp Proxy & Netcat] (Superuser)

Accessed the 'flag' [Text file]

Created a backdoor shell via a cron job [burp Proxy & Metasploit] (Superuser)

Local file inclusion

Method

Scanned network for the target [Netdiscover]

Port scanned the target [unicornScan]

Banner grabbed the services running on the open port(s) [NMap]

Interacted with the web server & logged into the system anonymously [Firefox & Burp Proxy]

Discovered & exploited an local file inclusion vulnerably to enumerate possible users. [burp Proxy]

Exploited the same local file inclusion to fingerprint the web service & inject code into the PHP session data [burp Proxy]

Created a web shell on the target [burp Proxy & Netcat] (Limited user)

Created a shell and to escalated privileges executed it from a service running as superuser [burp Proxy & Metasploit]

Accessed the 'flag' [Text file]

Credits and thanks to g0tmi1k

Edited by alien

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...