Krioptrix Level-3 Walkthrough
It’s a Basic level machine you can find it on Vulnhub
Machine Info:
Difficulty: Easy
Goal: Gain root access
Before starting, add an entry for kioptrix3.com in the /etc/hosts file.
As usual the first thing to do would be to run an nmap scan and check through the browser if some webpage is hosted over there. The results from nmap are like.
On port 80 we got the webpage
here i got the login page on this webpage and this is powered by a CMS — Lotus which is also vulnerable to RCE
After exploring this webpage i got a path — http://krioptrix3.com/gallery
Here i found that this is vulnerable to sql injection-
you can try it on the id parameter of the photo
so after knowing site is sqli vulnerable i moved towards sql injection
command used — sqlmap — url http://kioptrix3.com/gallery/gallery.php?id=1 dev_accounts — dump
And i got the ssh login credentials
Let’s login with ssh
Here after login i got two files :
checksuc.sh and
CompanyPolicy.README
i got some usefull info after doing — cat CompanyPolicy.README
it says to use command sudo ht , which is in /usr/local/bin/ht
when we try to run this you’ll get and error , to solve this error i took help from google and used this commands as you can see in the pic
command — export TERM=xterm
after that when i run sudo ht — i got a blue screen its like a windows bios,
not like its actually a windows bios i think
with alt+f i opened the file tab and opened the file
after opening search for /etc/sudoers
here edit loneferret — !usr/bin/su → /bin/su , with this , i’ll be able to get root shell with sudo su command
after saving it just press ctrl+c and get back to terminal and type sudo su
and BOOM 🎊🍾
Follow for more walkthroughs
connect me on:-
Linkdin: www.linkedin.com/in/vivekgoswmii
github:https://github.com/Richunt3r
HAPPY HACKING
