Kioptrix: Level 1.2 (#3)

  • Name: Kioptrix: Level 1.2 (#3)
  • Date release: 18 Apr 2011


(Size: 442 MB)

It's been a while since the last Kioptrix VM challenge. Life keeps getting the way of these things you know.

After the seeing the number of downloads for the last two, and the numerous videos showing ways to beat these challenges. I felt that 1.2 (or just level 3) needed to come out. Thank you to all that downloaded and played the first two. And thank you to the ones that took the time to produce video solutions of them. Greatly appreciated.

As with the other two, this challenge is geared towards the beginner. It is however different. Added a few more steps and a new skill set is required. Still being the realm of the beginner I must add. The same as the others, there’s more then one way to “pwn” this one. There’s easy and not so easy. Remember… the sense of “easy” or “difficult” is always relative to ones own skill level. I never said these things were exceptionally hard or difficult, but we all need to start somewhere. And let me tell you, making these vulnerable VMs is not as easy as it looks…

Important thing with this challenge. Once you find the IP (DHCP Client) edit your hosts file and point it to

Under Windows, you would edit C:\Windows\System32\drivers\etc\hosts to look something like this:

# localhost name resolution is handled within DNS itself.
# localhost
#   ::1 localhost127.0.0.1

Under Linux that would be /etc/hosts

There’s a web application involved, so to have everything nice and properly displayed you really need to this.

Hope you enjoy Kioptrix VM Level 1.2 challenge.

452 Megs

MD5 Hash : d324ffadd8e3efc1f96447eec51901f2

Have fun


  • Filename: KVM3.rar
  • File size: 442 MB
  • MD5: D324FFADD8E3EFC1F96447EEC51901F2
  • SHA1: 121348AA8DD5F83640145D4F8E042C8DE0A78F3F

  • Format: Virtual Machine (VMware)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign

  • Apache
  • MySQL
  • OpenSSH
  • PHP

Text flag

  • Remote Vulnerability
  • Web Application

  • File Inclusion
  • Improper Access Control
  • Reused Credentials
  • SQL Injection
  • Unrestricted Upload of File with Dangerous Type
  • Weak Credentials