In preparation of my eCPPT and OSCP course i am trying to solve some boot2root machines. Today i am working on Kioptrix level 1.
- Name: Kioptrix: Level 1 (#1)
- Date release: 17 Feb 2010
After starting the machine i did some enumeration
Samba port is open so i did an enumeration on it
What triggered me is the version of Samba (2.2.1a).
Searching in searchsploit shows a remote root exploit
After copying and compiling the code i run the exploit.
As you can see this gave me root access.
The flag mentioned email so i searched for it and found it at /var/mail/root