Rooting Kioptrix Level 1

I performed a black-box penetration test against Kioptrix Level 1, a deliberately vulnerable Linux VM, with the objective of gaining root access; after exhaustive enumeration using Nmap to identify exposed services and versions, I uncovered an outdated Apache/PHP stack and exploitable input-validation flaws, used SQL injection to bypass authentication and gain initial access, then chained a local privilege-escalation exploit to obtain root; post-exploitation activities included verifying full system control by accessing sensitive file documenting misconfigurations and vulnerable packages, and producing clear remediation recommendations regular patching, secure coding and input validation, and strict least-privilege controls to mitigate the discovered risks.