Kioptrix Level 1 Guide (Beginner-Friendly)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to another video from black herb in this video i'm going to be showing you guys how to hack we're going to be hacking a machine called chaotrix we're going to be doing the level one version um so keoptrex is a really old linux machine like over 10 years old 12 years i don't know an old machine there's quite a few ways of getting into the machine i'm going to be showing you two different ways we can get in um first thing we're gonna need to do is when i need to install this machine um it runs in vmware so we're gonna run it alongside our kylie linux um and then we're gonna figure out ip address so we've got our target which is our scope and then we're going to attack it and try and get into it so yeah if you like this video please like comment share and subscribe i have written a blog slash guide walkthrough about this so yeah i will link that in the description so please also check that out hope you like the video right so the first thing we're going to need to do is actually download it so in my blog there is a link that'll take you straight to the download page of this so if you just click on that well it automatically started to download in the bottom corner as you can see right there kind of thing yeah yeah you guys can see that presumably okay so let's just get this back there we go okay so while we're just quickly waiting for that to download i'll show you a different way of just getting it so chaotrix level one oh no it's bing oh gosh no i'm not gonna be a traitor to google let's do this a proper way there we go keatrix level one we get it off of volume hub so volume hub is really cool because you have quite a few different machines so if it was to go on to vol mob's website as you can see there are a few different machines and that we can hack which i will be making some more videos in the future um so you can just type in chaotrix here i guess and yeah there are different levels difficulties of them and so yeah we're going to pick up this one as you can see it's released in february 2010 um just give you some information the direct download didn't work for me so i had to use the dot raw file that's now that's ready i'm gonna be showing you guys what that looks like okay so if i open my download folder on my second screen i've got kali linux ready it's right here so as you can see i've got it here in this little file what first thing we're going to do is we're going to unzip it there we go it's unzipped there so this is kind of what it looks like when you open it but you don't need to worry too much about that what we're gonna do is we're gonna open an instance of vmware over here and we're going to click open a virtual machine um scroll to our desktop find it get about the same way we do with cali and now it's ready and up and running um the first thing we need to do is we need to assign it some ram so i give it around 512 exactly 512 megabytes and one of the most important things that you guys need to remember is this has to be set to bridged okay so unlike our kind linux machine in our first installation that also will need to be set to bridged so it's connected directly to it otherwise this is not gonna work we need them to be on the same physical network for this hack to work okay so if we just double check our kali linux machine i have got it open so it's literally okay let me just close this quickly power off there we go let's go to our car linux machine settings just double check yes i have got that set on bridge as well which is great so yeah we need to first get our kind of links up and running uh ignore the little warning oopsie and then we'll get this up and running as well so let's play this virtual machine just select i copied it it just starts loading up sign in to cali while that's doing that we'll just put remind me later okay so we're in our kali linux machine great and we're just waiting for this to just finish off so i don't think i can make that bigger right so here we go as you can see let's just make this a little bit bigger all right there you go so it says welcome to cartrix level 1 penetration and assessment environment the objective of this game acquire root access to this machine there are many ways this can be done try and find more than one way to appreciate this exercise disclaimer the object is not responsible for any damages blah blah installing using their warning this is a vulnerable system they'll not run this western production warnings disclaimers ignore that good look and have fun right so the first thing we're going to do is we're going to actually find the ip address of this machine because we need a target um so we're going to cheat a little bit here by actually signing into a user i've already got promise this is the only cheating we're going to do there are other ways to find the ip address but just to keep things simple i just wanted to use the simplest way just to kind of yeah be able to do this so i do have the sign information on my blog here there we go so we're gonna need signing with the username john and the password two cows two yeah capital c capital t and then number two at the end so what we're gonna do is we're gonna do john capital t okay so now we're signed in as john now we're just going to ping anything literally that's just like a random ip address um press ctrl c to stop as you can see this ip here is ip spat out so it's pinging ipr typed in there and it's saying it is from 192.168.0.28 so that is the ip address of our kali linux machine you need to make a note of that and remember that because that is our target our scope that's what we're going to be scanning against and that is what we're going to be targeting right so let's just quickly sign out pretend that never happened we now have our ip address um so yeah okay next part of the video okay i'm not going to go into too much depth about this path but um there are actually five stages of hacking so you've got your reconnaissance your scanning also known as active scanning gaining access maintaining access and covering your tracks we're not really going to be using every single phase in this hack um because this is quite a small simple hack um we're going to be doing a little bit of scanning um we're obviously going to gain access we don't really need to maintain access or cover our tracks you're only really going to see these two parts in this hack but generally when you're hacking someone you go out on the internet you find out as much information as you can soft searches go on the social media visit the website scroll through that's what known as reconnaissance where you're not actually scanning the target you're just looking at what's already available online scanning is only actually running your end map your actively scanning the network the ip the website whatever it may be gaining access is when you're actually exploiting and getting into the machine maintaining access is just keeping that maybe creating some sort of back door or whatever covering tracks is just cleaning up and make sure that you don't get detected if needs be but in a lot of penetration tests you don't really need to worry about covering your tracks um so yeah those are the five stages i just wanted to quickly highlight that just so you guys have an idea of what an hack kind of looks like before going into this okay um with that in mind let's open up our kali linux machine so our ip address was if i just open this with 192.16 so first thing we want to do is actually ping it um the reason we ping it is we need to just kind of make sure we've actually got access and that we can kind of get to it it's reachable to the network um which is what we've just done so as you can see when you get the 62 bytes from that is good news that means you're receiving it there's it's essentially bouncing back to you so you're sending the ping ping's coming back you're receiving it back good good news if i was to ping something random like this and then press that as you can see we sent five packets we received zero there's not 64 bytes received you can see the difference between pinging something that's actually accessible and paying something that doesn't exist or is not on your network okay so um we're going to be using nessus for our first can i've already run this scan just to save some time but what nessus is is it's a vulnerability scanner so if you just open up a browser quickly um just google nexus um you see this tenable it's from turnerball.com it's one of their products you get the free version you get 16 free scans a month obviously the paid version you get unlimited and whatnot so yeah essentially you would download it um sign up run through this um and you know what guys i might do another video on actually how to install and use nessus but for this one try and follow it through or try and find a guide online but it is pretty straightforward you literally fill out your name get an activation call type it in um when it's installed on your kali system you will need to use this command which starts the nexus service so asking for authentication because i'm not in route i'll just use my password is a bad four character one just for the sake of simplicity so yeah when you've done your nexus scan um sorry when you've started your next service you then need to navigate to nexus yeah um we're gonna need to sorry now the service has started we're gonna actually need to navigate to nessus so you do this by opening a browser uh i've got it in my clipboard but i'll show you what you need to navigate to so it's just going to be this https colon slash cali colon 8834 boom there we go let's take me to nessus you just sign in um now to run the scan this is what you do you go back you just click on new scan in the top corner here um there are so many different types of scans and even within each scan there's like different settings that will do completely different things but we're going to just run a basic network scan so i'm just waiting for that to load what you essentially need to kind of have ready is your ip address just so that you've got your scope so in this target bit you're going to type in your ip address 0.0.28 um you can you need to give you know your thing a name so we can just call this like keoptrix scan but yeah let's see you can have a description so obviously through your work you know you can have if you're doing a penetration test you can name this the company scan or if it's like a specific web app you can use that whatever it will put it into folders as you can see here i'm not going to run through every single thing just to save on time but one thing i will change is i want to scan to all ports so it scans every single port instead of the most common um so um you can scan for only normal vulnerabilities you can scan for all which is complex depending on how long you want to do your scan and if you go to report this kind of controls the output of your report so how you want to see your results is basically controlled with these tick boxes and here's more settings for your scan type there are other things you can also schedule your scans to run at a certain time so let's say you let a company know i'm going to be scanning you at 10 am tomorrow you can wake up at 9 55 knowing that your scans are automatically going to start when that's done at half 10 or 11 or whatever it is um you can then kind of view the results when you're ready which is a really good feature so once you've got all the thing all the settings done then you literally click launch which is here and launch is basically started the scan as you can see it's running um to save on time i didn't do one um earlier on um literally exactly the same type of settings um it was a different ip address but it's still cheap tricks it was just yeah don't worry about that so as you can see this is what the output looks like there are different filters you can mess with so you can have um [Music] the most critical kind of vulnerabilities first more information disclosure stuff towards the bottom you know like higher vulnerabilities type at the top so you'd kind of assess this information and this is a bit that can take a while because this is you essentially your information gathering at this point you're looking at them and you're thinking okay they're running mod mod ssl um their version is older than 2.8.18 so you might go on google and see what version is out now how old is that version and as you can see it says version 1.24 older than that so this seems like a really old version um published in 2004 so yeah that's almost definitely vulnerable just by looking at the date um so yeah that's one of the vulnerabilities we've looked at which is the mod ssl ones um those are the higher ones um it's not always 100 accurate sometimes you do get false positives and stuff but that's why you do multiple scans so some scans confirm other scans like if i do an nmap scan for example and i see open ssl again i know that that's almost definitely a vulnerability because i not only have a significant nessus i've also seen an end map i might have seen it on another type of scanner so doing multiple scans from different products slash tools does confirm um your assessment and gives you more information so yeah we're not going to go through everything bit by bit because i've already kind of gathered the information i need um before this video but as you can see there's another one here where it's running an old version of apache multiple vulnerabilities and the severity is obviously high you know we do research it even tells you about ports they're vulnerable too so yeah you can do a lot of research and basically here's all the different vulnerabilities um info tends to be information disclosure for those who don't know obviously low medium and high curricular self-explanatory info is just information disclosure that kind of tells you what environment they're running what products they might be using what they've got basically information they should not be given out because with this information we can piece it together we know what their setup looks like from the inside of their company or website whatever it is a network and we can use that information to then exploit them so yeah that's neces um so yeah yeah so let's just give us some nice juicy information we send some open ssl we send some old version of apache keep that in mind um realistically you would probably be taking notes about all of this you can open a basic text editor or so yeah you've got your text editor your cherry tree keep now the microsoft one no notion notions really good um there's a lot of different ways you can take notes but yeah you should be taking notes copying and pasting the information you get or you can even set it up so it directly outputs that into a text file there are different ways to do it or you can just do screenshots or a combination of notes and screenshots which is probably the best it looks smart especially on a report so yeah um next thing we're going to be doing is we're going to actually be doing a ground this that's for after actually we can do that first let's do a nicotine scan so i did a nicot scan here um if i just zoom in as you can see i've done a h for the https um colon slash our target ip and there's no web server found now i'm guessing this is because this is a very old machine so they never had https because that's quite more of a recent secure thing but trying the http without the secure little padlock oh already getting some information beautiful it's just coming and coming okay so just by having a quick little look um as you can see it's telling us what server it's running we've got apache 1.3.2 we're seeing red hat linux mod ssl open ssl we've seen this as well in the nester scan um seeing more confirmation of this openness of cell and apache here um the current version of apache is at least 2.4.37 even tells you just takes a good guess at it and we're running 1.3.2 so it's quite a few versions behind which indicate it is more slightly very very vulnerable um so yeah quite a lot of information on that niktor scan pretty interesting um and last but definitely not least is our nmap scan so for our end map scan i'm going to do nmap dash a dash t 4 p dash 1 2.168.0 0.28 run that um i'm just going to stop that a second because i've already got one over here but i ran earlier just to save time i'm just going to quickly explain the dash a gives us um operating system information um version detection quite a few different things actually that dashi is pretty cool before i go to the silly me there we go the shades right here enable all this detection version detection and trace around blah blah blah blah blah you get the point clear there we go okay dash p dash t4 is a timings um there's i think five different timings one to five fives really fast and i kind of sometimes miss things one is super slow um four normally does a job for me sometimes i'll do three just depending if i want to be really thorough i do three um one is really slow so yeah never do one unless you have to but yeah um dash p dash is basically all ports so it's cutting every single port of that which is 65 000 mark ports so yeah there's a lot to scan um and obviously a target at the end so this is a results we received from that scan so if you're following along you should see ssh key you should see apache again which we've seen on the nikto you've got mod ssl open ssl red hat again blah blah blah and it's also showing you what ports are open um which is really good also see some cyphers down here um and yeah this has given us a lot of different information we also see samba there so yeah very useful information in all of this um so yeah this has kind of confirmed that we definitely have a vulnerable version of open ssl patchy possibly samba as well [Music] so yeah a lot of information from there um yeah so now we're actually gonna get to the actual exploitation part of the video so the bit we've all been waiting for how are we gonna get in um so as you can see we've got our little chaotrix sitting nice here um we can't get in quite anything um we have all the information from here so the next bit is google google is a hacker's best friend trust me you're going to be on here looking up googling all of these um vulnerabilities things you think you can get in trying to find potential exploits you might also use well you most likely will also use mess for it to search for exploits that already exist for this um if you don't find anything you'll enumerate scan some more try dig a little deeper and get what you need so we're going to skip all that i will be doing another video separately later on down the line more about the research part of this but for now i'm just going to show you directly the exploit that i found that does work for this so go to google and just type in open lock and it's this one so you've got this exploit from hilton wernick shout out to hilton um all we're gonna do is it shows you the usage so i mean it's pretty self-explanatory um there are five steps um and it literally tells us exactly what to do so i'm in my music folder because there's nothing in there so we'll do is clone it ls there we go let's move into it clear that off next thing we're going to do is install the ssl dev library are you rude no i'm not thanks for reminding me let's try that again boom i already had it on there so i didn't need to next thing we're going to do is actually compile it so if we list we can see there to compile it as you can see it's a copy and paste job we just here we go that's done um as you can see it's glowing up so if you remember from our previous videos we did the ls-l as you can see we've got read write and execute um privilege on this which if we didn't have we would have had to use ch plus i like to use 777 open and free ls shell that would have give it the privileges but they gave it extra little one but yeah it would have give it you know kind of the privileges that we needed if it didn't have it but it did in this time so yeah now that's done let's actually run it on the target so to run it you do this open multi word 0-6 it does say a here so we'll start off with 6a but from what i remember when last time i did this testing for this video i don't think that worked um dash 40 so yeah as you can see target ip we don't really need to do the port because it automatically runs it uh just before we do this if i open a quick another one and then i navigate into music navigate and then you will cut the read me out it does actually give you instructions here and if we were to cut the i can't really make up much from here but yeah just to kind of show you the read me an actual photo but no mind all right so now we're ready to go let's run it we just press enter fire it off oh it's trying to connect establishing ssl connections boring show oh it's very interesting so we got in and then it just kicked us straight back out so this is what i was saying to you guys earlier where i had to change it to version b and a lot of it is just trial and error with these things so a didn't work now this is work spawning shell okay um this looks interesting so and i'll wait for switch shell so i think we are in so if we type in who am i oh root so that's it we're in we've hacked it we've got into the machine um so print working directory is in a tmp folder um so from here we're actually in the machine that was just if we clear this off and we'll just show you guys if i type in the who am i command by showing this route that gives us a lot of information and we have a lot of access ls we can see a dash p we can try and navigate into that it's not a directory let's try cutting it okay here um go back where can i get to home see what's here in home clear yeah as you can see we've got different accounts harold john lost and found blah blah blah so yeah from here it would just be about basically rubbing whatever we need to take out of the machine taking all the information finding the flag or whatever it is you are doing with this machine ethically only of course um and yeah we're in so that is confirmed by the who are my root and we know we're in the target that exploit worked so let's try a different way so let's exit out exit out um tells us what type of shell we had but yeah let's clear that off another one okay so we're going to use metasploit for the next exploit here um so we have got in through exploit we downloaded online called open lock so you can try that for key up tricks which definitely does work um and another way is using the famous metasploit my exploit is so cool honestly there's just yeah i can't even get into why and how because i could talk all day but it's a huge tool that has so many different exploits scanners auxiliary scanners it's just too much too much i don't even know it all like you could spend a year studying at exploit and probably still not learn everything there is about net exploit but what is cool about it is um you can actually use something called search surfsploit here where we can search for samba for example um and as just a quick search point we seen samba earlier um you can basically search open ssl whatever it is and give you a big list of kind of exploits different ways of getting in information text files yeah surf supply really really cool now for the sake of saving time i'm not actually gonna go through what i found through this um i will just show you what to use so type in use linux slash samba slash trans to open okay now you might have seen that was a trance to open at the top of the search employee samba but yeah once we use this we can type in options so our hosts here is a target so we need to set our hosts to 192.168.0 0.28 options just to double check yes that's been set there um what else do we need to see the listening port listening our host our port this important host is cool that's automatically been set for us in this occasion um the one thing i'd say is with this payload option it doesn't actually work for us i'm not going to get into too many details about staged and non-staged payloads but what i will say is you will need to set it to this one here so just type in set payload linux x86 shell reverse would help if that's under score reverse tcp clear that off options so yeah we've got our payload actually works um we've got our target set we've got our exploit running um in the exploit now there are two things you can do you can type in run which will run the hack or you can type in exploit i like exploit i feel a bit cooler doing it just look away from the keyboard while you're doing it in a little cool way all right so trying to return address shell session opened so are we in boom yes we're in who am i root again print working directory blah blah blah so as you can see we've got into chaotrix level one um one through metasploit two through a open look hack we found online which we did some research together so yeah i will do this is quite a quick overview on what goes into hacking and i would just like to say this is very very simple this is not something you will actually kind of really often see um normally that's a bit harder than this and they're a little bit more secure um this is an old machine very vulnerable but to be completely honest with you some clients do run really really old software and really out-of-date services so it is possible for hacking to be this easy but generally it is not so there's a lot more breakdown and a lot more to it so please don't think this is all there is to it because it does get a lot harder than this but this is just a quick insight into what it looks like so you can figure out if this is for you and if this is something you can see yourself doing um so i hope you enjoyed the video please like comment share and subscribe and hopefully my next video i think i'm going to do one on installing nessus and we might actually run a few scans on hack the box or whatever something we'll find some targets to run um our scans on and we'll just do a few different nasa scans so yeah look out for that um as always have a nice day and yes stay safe
Info
Channel: Salih Matsemela
Views: 454
Rating: undefined out of 5
Keywords: cyber, cyber security, exploit, hack, hacking, how to hack, how to start hacking, first thing to hack, kali, kali linux, infosec, nessus, nikto, nmap, security, internet security, internet, kioptrix, kioptrix level 1, how to hack kioptrix, how to hack kioptrix level 1, vmware, computer, hardware, software
Id: DAUP6aV734s
Channel Id: undefined
Length: 37min 8sec (2228 seconds)
Published: Thu Apr 08 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.