After you find the vulnerabilities inside Kioptrix Level 1, the path to root should arrive quickly. Here are two methods to root the machine, remote code execution and remote buffer overflow (samba trans2open).

Get the IP address:

$ netdiscover -r 10.0.2.1/24                            
 Currently scanning: Finished!   |   Screen View: Unique Hosts
 4 Captured ARP Req/Rep packets, from 4 hosts.   Total size: 240
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname
 -----------------------------------------------------------------------------
 10.0.2.1        52:54:00:12:35:00      1      60  Unknown vendor
 10.0.2.2        52:54:00:12:35:00      1      60  Unknown vendor
 10.0.2.3        08:00:27:1f:b8:8b      1      60  PCS Systemtechnik GmbH
 10.0.2.11       08:00:27:a8:3b:ba      1      60  PCS Systemtechnik GmbH
$ ping -c 1 10.0.2.11 
PING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.
64 bytes from 10.0.2.11: icmp_seq=1 ttl=255 time=2.15 ms
--- 10.0.2.11 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.154/2.154/2.154/0.000 ms

Scan with nmap:

...