The objective was to break into and read the flag kept under /root/7d03aaa2bf93d80040f3f22ec6ad9d5a.txt Attacker’s IP is 192.168.56.101 So lets start !!! 1. Started with netdiscover to locate the victim IP address. Victim was at 192.168.56.102 2. Scanned for open ports using nmap and found port 22 and 80 open. A lighttpd web server is running on port 80.

on here. 1. First I tried checking the IP address using netdiscover. The victim appears to be sitting at 10.0.2.9. The attacker machine is at 10.0.2.11 2. Next nmap helped us in checking the open ports and the respective services running.

Unlike other walk-throughs, this will be a crisp manual. Without wasting much time I’d be showing the final steps and not go into the details of reconnaissance and failure steps. The VMs were hosted/setup up back in 2010 and while solving challenge 1, I ran into a couple of issues which I was able to eventually resolve. I downloaded the VM from here and using Virtual Box 4.3.36 on an Ubuntu host. Both victim machine (Kioptrix 1 VM) and attacker machine (Kali 2.0) are kept on “Host Only” network configuration. Attacker’s IP : 192.168.56.101 In order to find the victim within the local network, we’ll be using netdiscover utility. Victim appears to be sitting at 192.168.56.102

While available shelf penetration programs/tools are used widely, there can be situations when certain tools might fail. Security Professionals love to automate pentesting tasks and write their own set of tools while testing. For example one can write his/her own port scanner program when nmap fails. Here a custom script would send packets to the static host and gives out result but how about the case when we are trying to attack an interactive service such as SSH, FTP, TELNET etc. Lets say we wish to bruteforce the ssh service on the remote machine and there are a series of prompts that are expected depending upon the interaction between client and ssh server. Lets check out some of the prompts ssh service sends to a connecting client – 1. When connecting to a ssh server for the first time, a yes/no prompt gets introduced. 2. While trying password.