Kioptrix level 3 Walkthrough

Continuing the kioptrix series, we have Kipotrix level 3 walkthrough. This machine is not so simple like the last 2. It requires the pentester to poke around a bit.




I found the ip address of the machine using netdiscover.

I did a nmap scan on it.

If you see, we have a website here. So, I decided to take at the website.

I looked around the website and found this:


LotusCMS looks interesting. Let's if there is any exploit for it.

Looks like I need to use metasploit for this exploit.

 Set the options in meterpreter and it will look like this:
     

Running this exploit and I got the shell. After getting the shell, I decide to just look around and see if I can find anything interesting.

Checking out the gallery file, I found a config file. From that file, we got the root password.


Now, since I have the root login and password, let's see if I can login into the phpmyadmin portal. The portal is located at kioptrix3.com/phpmyadmin and logging and going through the dev account, we found this:





Comments

Popular posts from this blog

Loading GootLoader

AUDI SQLi Labs Lesson 1 walkthrough

Lokibot Campaign