HackTheBox: Lame – Walkthrough

January 4, 2025
January 4, 2025 Jasper

Welcome! It is time to look at the Lame machine on HackTheBox. I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by playing HTB machines.

Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.

Machine URL: https://app.hackthebox.com/machines/Lame


Enumeration

Let’s get started. Let’s do a simple ICMP ping to see that the machine is running and that we have a connection:

We do. Let’s continue doing a nmap scan:

nmap -sC -sV 10.10.10.3

This gives a message that the host might be down, so we will add the -Pn flag, as the host is likely blocking our ping probes.

We see a FTP service, in addition to SSH and SMB.

We can try logging into the FTP service as “Anonymous” user, but this shows an empty folder.

We can also see the version of the SMB service(3.0.20).

Exploitation

Let’s search for some possible exploits by running:

searchsploit samba 3.0.20.

This shows some exploits. Let’s get some info on the first by running info 0.

This exactly mention version 3.0.20, so let’s select this module by entering use 0. Follow this by showing the options (show options).

We can see that we need to set the RHOSTS, as well as make sure the LHOST is set correctly.

set RHOSTS 10.10.10.3

Then we can run the module by entering run.

We get a shell straight away:

Find the user flag at /home/makis:

And the root flag at /root.

We are done! This was a very quick machine to hack! I hope you could use this walkthrough. Check back later for more HTB coverage 🙂


Like my articles?

You are welcome to give my article a clap or two 🙂
I would be so grateful if you support me by buying me a cup of coffee:

I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:

Leave a Reply

Your email address will not be published. Required fields are marked *