Kioptrix Level 1
After you find the vulnerabilities inside Kioptrix Level 1, the path to root should arrive quickly. Here are two methods to root the machine, remote code execution and remote buffer overflow (samba trans2open).
Get the IP address:
$ netdiscover -r 10.0.2.1/24
Currently scanning: Finished! | Screen View: Unique Hosts
4 Captured ARP Req/Rep packets, from 4 hosts. Total size: 240
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
10.0.2.1 52:54:00:12:35:00 1 60 Unknown vendor
10.0.2.2 52:54:00:12:35:00 1 60 Unknown vendor
10.0.2.3 08:00:27:1f:b8:8b 1 60 PCS Systemtechnik GmbH
10.0.2.11 08:00:27:a8:3b:ba 1 60 PCS Systemtechnik GmbH
$ ping -c 1 10.0.2.11
PING 10.0.2.11 (10.0.2.11) 56(84) bytes of data.
64 bytes from 10.0.2.11: icmp_seq=1 ttl=255 time=2.15 ms
--- 10.0.2.11 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.154/2.154/2.154/0.000 ms
Scan with nmap:
...