➰Scanning & Enumeration (Kioptrix)
Scanning and Enumerating the Kioptrix Machine
VulnHub is a platform that provides various vulnerable virtual machines (VMs) for cybersecurity enthusiasts and professionals to practice and enhance their penetration testing skills. One of the popular series of VMs available on VulnHub is Kioptrix, created by a security professional named "Kioptrix." These VMs are intentionally designed with security vulnerabilities, allowing users to identify, exploit, and patch them in a controlled environment.
Kioptrix VM Information
Download Link: Kioptrix VM
Credentials:
Username: john
Password: TwoCows2
Target IP Address
To determine the IP address of the Kioptrix machine, we can perform a ping to a known IP, such as 8.8.8.8, and observe the response. In this case, let's assume the IP address is 192.168.179.129
.
Response:
Network Discovery with Netdiscover
Use the netdiscover
tool to scan the local network and identify hosts.
Result:
The Kioptrix machine is likely at IP 192.168.179.129
.
Enumerating Open Ports
Perform an initial port scan using Nmap to identify open ports and services.
Results:
Web Server Enumeration
Use Nikto to perform a web server scan and gather information about potential vulnerabilities.
Review the Nikto scan results for information on the web server and identified vulnerabilities.
Directory Brute-Forcing
Use DirBuster or another directory brute-forcing tool to discover hidden directories and files on the web server.
Explore the discovered directories for potential entry points and vulnerabilities.
SMB Enumeration
Enumerate SMB shares using the smbclient
tool to gather information about the Samba server.
Explore the available shares, and attempt to connect to them for further investigation.
SSH Version
Identify the version of the SSH service using the following command:
Note the SSH version for potential research on vulnerabilities associated with that version.
Potential Vulnerabilities
Research potential vulnerabilities associated with the identified versions of services, including:
Apache httpd 1.3.20 with mod_ssl/2.8.4 OpenSSL/0.9.6b
Samba smbd 2.2.1a
OpenSSH 2.9p2
Explore known exploits and vulnerabilities associated with these versions to plan further penetration testing activities.
Proceed with caution, and always ensure you have the necessary permissions to perform penetration testing on the target system.
Last updated