HackTheBox: Lame – Walkthrough

Welcome! It is time to look at the Lame machine on HackTheBox.

I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by playing HTB machines.
Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.

Machine URL: https://app.hackthebox.com/machines/Lame

Enumeration of Lame machine

Let’s get started. Let’s do a simple ICMP ping to see that the machine is running and that we have a connection:

Pinging the machine
Pinging the machine

We do. Let’s continue doing a nmap scan:

nmap -sC -sV 10.10.10.3

This gives a message that the host might be down, so we will add the -Pn flag, as the host is likely blocking our ping probes.

NMap results showing a variety of services
NMap results showing a variety of services

We see a FTP service, in addition to SSH and SMB.

We can try logging into the FTP service as “Anonymous” user, but this shows an empty folder.

Logging into the FTP server
Logging into the FTP server

We can also see the version of the SMB service(3.0.20).

Exploitation of Lame machine

Let’s search for some possible exploits by running:

searchsploit samba 3.0.2
Searchsploit results
Searchsploit results

This shows some exploits. Let’s get some info on the first by running info 0.

Reading info on the username_map_script
Reading info on the username_map_script

This exactly mention version 3.0.20, so let’s select this module by entering use 0. Follow this by showing the options (show options).

Showing options
Showing options

We can see that we need to set the RHOSTS, as well as make sure the LHOST is set correctly.

set RHOSTS 10.10.10.3

Then we can run the module by entering run.

We get a shell straight away:

Running the module
Running the module

Find the user flag at /home/makis:

We found the flag
We found the flag

And the root flag at /root.

Conclusion

We are done! This was a very quick machine to hack! I hope you could use this walkthrough. Check back later for more HTB coverage 🙂

Find more of my walkthroughs here.

Like my articles?

You are welcome to comment on this article, and please share it with friends.
I would be so grateful if you support me by buying me a cup of coffee:

Buy me a coffee
Buy me a coffee

I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:

https://referral.hackthebox.com/mzwwXlg

Tags

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *


Trending now

TryHackMe: Investigating with ELK 101 (SOC Level 1)
Background
Data Engineering from Scratch Part 0: Tasks & Tools