In this blog, we’re going walkthrough how to get root shell on Kioptrix Level 1 VM. First things first, after downloading/importing VM, make sure that its network settings set to host-only as well as; your Kali box. without further ado, let’s get right to it.
Fire up nmap and kick-off an intensive scan
Looks like its running apache test webpage on port 80 & 443, ssh on port 22, NetBIOS-ssn on port 139, and rpcbind on port 111
Fire up dirb and see if we can get anything interesting
Well, turns out there is nothing useful on the webpage.
Tried to look for any mountable shares with no luck, but then I threw enum4linux at it and got bunch of interesting information. The one that stuck out for me was VM is using Samba 2.2.1a which I know for a fact there is metasploit module for it (CVE-2003-201).
Fire up metasploit and use samba exploit