We have source code for this level as well in level04.c:

This is the source code for level03.c:

For level 2, there are two programs that can be used to advance, and we have access to source code! Let’s check the first one.

There are different wargames hosted on http://smashthestack.org/ , with IO being the most popular of them. The missions revolve around debugging and reversing binaries in order to exploit some software vulnerabilities and gain enough privileges to read the password for the next level.

Right when I thought I was finished with the Kioptrix vulnerable machines, I discovered there is a new addition to the series! This is great, because I really enjoyed the Kioptrix challenges! So let’s dive in!

This is the final vulnerable machine in the Kioptrix series. To set it up in VMware, create a new virtual machine with the advanced options and use existing virtual disk, pointing it at the Kioptrix 4 virtual disk.

Next in the Kioptrix series is level 3.

Important

With the VM there is a README.txt file that says you should update your hosts file with the VM’s IP and hostname, which is kioptrix3.com. I initially ignored it and on the gallery page, all I could see were some broken images and links that didn’t work. I went back and added the entry to my /etc/hosts file, and everything worked fine afterwards.

Today I will walk through exploiting level 2 in the Kioptrix series.

For today’s pentest lab, I will use the Kioptrix Level 1 virtual machine as the target. Kioptrix Level 1 is the first in a series of vulnerable machines for beginner penetration testing practice.

Netstat is a very important tool for gathering information about the connections on a machine or troubleshooting network problems. It’s a default utility for both Windows and Linux, thus there is no excuse in not getting familiar with it, it’s very useful for any system admin, network guy or good old home user that would like to know what really is coming and going to and from his computer.