Lame Walkthrough
Hello Everyone! We have a new challenge from HackTheBox “Lame”, but before we get started let’s see the machine’s info
It’s easy, Linux OS and I think it’s the easiest machine on HTB, so it’s very good for beginners :) let’s get started…
Nmap scan
In this step we need to know some information about our target like open ports, OS version, service version, etc so we will use nmap to perform this tasks nmap -sV -O -T4 -oG lame.gnmap 10.10.10.3
sV → service version
O → OS detection
T4 → Increase the speed
oG → get the output in gnmap format (we will know later why we need this format)
You can use
-Ainstead of-sVand-O
The results:
From these results you should know some notes:
Anonymous FTP login allowed (FTP code 230)means that anyone without credentials can login to ftp server and then can upload, delete, etcthe services
vsftpdandsmbservices is vulnerable so we will work on themWe don’t have the
smbversion so we will work on it also
Let’s get started…
Getting SMB version
from metasploit we can get smb version by searching smb_version → search smb_version and use the auxiliary module which gives us the version and then show options to get the options, and then set RHOST <machine-ip> and finally run.It will give us the result samba 3.0.20
Gaining access
After we know the version of smb so now we will search for exploitation to use it by google. I’ve found this CVE which we will try to use it, or you can use searchsploit to search for exploitation, whatever we will use → exploit/multi/samba/usermap_script and set RHOSTS and LHOST
and then run
As you can see, you get access to the machine, type help to see more options and commands. I’ll type shell to open a shell and start searching for user.txt and root.txt and as you can see the root flag is in home/makis and the root flag is in /root
Try to find the root with the same privileges.
Congratulations ❤ Now you have the flags
Stay in touch :)
Last updated
