VulnHub | Kioptrix Level 1

Kioptrix Level 1
sudo netdiscover -r
So our IP which hostname called VMware, Inc (
#!/bin/bashnmap -sP | grep "for" | cut -d " " -f 5
live hosts
sudo nmap -sV -o nmap_scan
sudo dirsearch -u --full-url --exclude-status=404,403,401,500

#Enumerating HTTP

I used nikto vulnerability scanning with the help of the following command -> nikto -h


#Exploiting HTTP

After scanning i noticed that the server version is Apache/1.3.20 mod_ssl/2.8.4

openfuck exploit
root access
scanning rpc

#Enumerating Samba

I will use smbclient , it’s a command line tool similar to a ftp connection while smbfs allows you to mount a SMB file share

smbclient scan
smbclient scan
samba 2.2.1a

#Exploiting Samba

This version may be vulnerable to trust this , i searched about samba 2.2.1a exploits on google and i found it has a CVE-2003–0201

samba exploits
root access
login with username = root and my new password
I passed kioptrix level 1



Cyber security engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store