I finally found the time to play with loneferret's Kioptrix (www.kioptrix.com) challenges and thought I would post another solution of the 3rd challenge which does not pull the hash values from the database via SQLi. Instead I decided to leverage the Local File Inclusion vulnerability together with SQLi and the sucrack tool (http://labs.portcullis.co.uk/application/sucrack/)
not very exciting but a different approach.
not very exciting but a different approach.
Another Solution for Kioptrix 1.2 from T0X1C on Vimeo.