HackTheBox_Lame | w/ Metasploit
HTB - Lame
Overview
Lame is a beginner-friendly Linux machine on Hack The Box that introduces basic enumeration and exploitation techniques, focusing on well-known vulnerabilities.
Useful Skills and Tools
Nmap
Understanding how to perform detailed network scans and interpret the results is essential.
Metasploit
Basic usage of Metasploit for exploiting known vulnerabilities can speed up the exploitation process.
Enumeration
Nmap Scan
I started my enumeration with an nmap scan of 10.10.10.3. The options I regularly use are:
Flag | Purpose |
|---|---|
-sV | Does a service version scan |
-A | Gives very verbose output so I can see the results as they are found, and also includes some information not normally shown |
-Pn | Equivalent to --script=default and runs a collection of nmap enumeration scripts against the target |
nmap scan results:
Initial Foothold
Vulnerabilities
PORT 21/tcp
vsftpd 2.3.4 backdoor
PORT 445/tcp
samba smbd 3.0.20-Debian
CVE-2007-2447 25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the “username map script” smb.
Road to User
Exploitation
Using metasploit to execute the backdoor attack:
So apparently, the backdoor exploit does not work. We will now try another vulnerability that we had found.
The samba exploit works, now time to grab our flags.
Road to Root (Gaining Administrator Access)
No further steps required for root access as the samba exploit directly gives us the shell. The flag can be captured immediately after gaining access.
pwned.
Comments powered by Disqus.