In this post, I will walk through the hack the box machine called lame.
The machine difficulty is easy. The main point of this challenge is to utilize Metasploit.
I will share how to get the flags.
Let’s start it right away!
Scanning
As always, the first step is to scan a target machine.
I nmap the target. But, I will treat all hosts as online. Therefore, I disabled ping.
Otherwise, you will get an error message saying the host is down.
nmap -Pn -sC -sV -oN target 10.10.10.3Here, the -oN option is to make an output file of the nmap scan result.
The name of the file is set to target and the file format is nmap.
If we run the command, the result is shown as below.
The first thing that caught my eyes was ftp service.
Maybe we can find some hints from ftp directories.
Let’s give it a try! I connected to the ftp service with an anonymous account.
But unfortunately, I couldn’t find any interesting information from ftp.
As a next step, I moved on to the samba.
Since I know the version (3.0.20), I googled it if there’s any exploits.
There we go! I found the exploit that can be used for the samba version 3.0.20
Exploitation
In order to exploit the target service, I launched MS.
msfconsole
You can find the same exploit here as well.
We need to check and set up the options properly to exploit it.
Finish the settings which are required.
In this case, set the RHOSTS (the target machine), RPORT (the port number of the target), LHOST (my machine) and the LPORT (the port number I will use).
If we execute it, the connection to the target system is made.
We sneaked in as root!
It was so easy to exploit the target machine with MS.
Now we can find the flags in the home directory and root directory.
That’s all for the lame! Congrats!
