KIOPTRIX: 2014 (#5) Walkthrough
As usual, this vulnerable machine is targeted at the beginners. It’s not meant for seasoned pentesters or security geeks who have been at…
As usual, this vulnerable machine is targeted at the beginners. It’s not meant for seasoned pentesters or security geeks who have been at this sort of stuff for 10+ years. https://www.vulnhub.com/entry/kioptrix-2014-5,62/
Hacking is a mindset. Hence, i would like to reference some powerful quotes here:
“So in war, the way is to avoid what is strong, and strike at what is weak.”
― Sun Tzu, The Art of War
Enumeration
Let’s start with enumeration.
sudo nmap -p- -T4 -A ‘192.168.103.187’
Brooding🤔:
SSH is filtered -> Some firewall🛡 mechanism is in Place.
Web Server on 80 and 8080. Only way to get into the system through web server. If the web server does not have any explicit exploits 💣. Then, it must be through SQLi, LFI, RFI -> RCE🛠🔧🔨.
More Enumeration…🎯
- Port 80
- Manual Viewing + robots.txt + source code
📌 URL=pChart2.1.3/index.php
No robots.txt
- Nikto Scan
📍 We do have the mod_ssl module but it it not exploitable for this version of apache on FreeBSD platform.
- GoBuster
2. Port 8080
Finding POI (Point Of Intrusion)
Found a directory traversal vulnerability and started exploring.
Payload: hxxp://localhost/examples/index.php?Action=View&Script=%2f..%2f..%2fetc/passwd
Using the same logic, had a look into the apache config file. Surprisingly found out the reason why it was not allowing us on port 8080. [/usr/local/etc/apache22/httpd.conf]