Kioptrix: Level 1.2 (#3)

Vulnhub level3 Kioptrix Complete Walkthrough

Both Level 1,2 are solved with the links below:-

Level1:-https://tinyurl.com/jmnyj9h3

Level2:-https://tinyurl.com/f5jhkpyp

Lets get into Level 3!!!!

Starting out with recon, not much but yea i got port 80.

Directing to the page looks like this,

Enumerating hidden web directories shows some cool results as shown, i used dirb http://192.168.230.135

Redirecting to different options making the url suspecious.So i tried SQLi and yes, its vulnerable, firing up sqlmap gaves the following result

I fired up my burp,captured the request as shown and directed it to sqlimap for futhur enumeration as i got a proof that this webpage is vulnerable from above image.

The SQLimap results are as shown and from that i run again sqlimap but with a command :-

sqlmap -r burp_kioptrix3 — risk=3 — level=5 -D gallery -T dev_accounts — dump — batch

And with that i got credentials of both of them, since from port scan results port 21 was open. SSH was successful, in the loneferret login, after reading out the CompanyPolicy.README, it’s saying to run sudo ht, but i got an error of Error opening terminal:xterm-256color. After googling the error it came with the solution with the command export TERM=xterm. As per the text, user is allowed to edit files ;-) .So after hoping to /etc/sudoers edit the file with the command /bin/su which will provide root priviliges

And YEAAA!!!! we are root, this was all about this machine to become root.

Until Next Time,

Stay Curious!!!

— — — — — — — — — — — -