Tuesday, 7 February 2017

Kioptrix Level 1 (Via SMB)

Round 2 of Kioptrix!!

As we saw from the initial NMap scan port 139 was open.












It's time to start prodding that beast.  I use SMBClient to see if anonymous logins are allowed:














I will take that as a yes!

The SMB version running is 2.2.1a so it's time to start looking for exploits!

Using searchsploit I found 2 possibilities for manual execution (I want to stay away from Metasploit):

7.pl & 10.c

I had a look at 10.c exploit Exploit-DB

This seemed to be a good exploit to look at.

Time to grab and compile!!

gcc -o smb 10.c 

So lets run this little beast.


Looks like I need to choose -B0, -c (My IP),  














So there we have it! Kioptrix 1 #tangodown

No comments:

Post a Comment