Hackthebox – Lame Writeup

clock-img 18 Jan, 2022 
cat-img HackTheBox Writeups

Hackthebox – Lame Writeup

Today we are gonna solve the Lame machine from hackthebox. Lame is a Linux machine released on 14 March 2017. In the difficulty level, it is rated as an easy machine. We exploit a vulnerability in the smb port to gain direct root access. Let’s get started.

HackTheBox – Lame Writeup

Connecting to HTB Vpn:

1. First download the vpn file from the access page of hackthebox.eu

2. Open the .ovpn file in your terminal with the following command

openvpn yourname.ovpn

3. Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network


1. Let’s begin by performing a nmap scan our target at

nmap -sV -A -p- –script vuln

-sV : to get the service versions on each port

-A : to get information such as os details, traceroutes, ports etc

-p- : to scan all 65535 ports

–script vuln : to check for most common vulnerabilities

We get the following details from our scan

Lame Writeup

Certified Ethical Hacking


1. From the nmap result there is a smb open port running samba smbd 3.x

2. But we don’t know the version of the service. Metasploit has an auxiliary module to find out smb versions, so let’s use that


3. Search for smb_version

search smb_version

4. Select the exploit

use auxiliary/scanner/smb/smb_version

Lame machine from hackthebox

5. View the options needed to be set using the show options command

show options

6. We have to set the rhosts as the remote machine’s IP

set rhosts

Lame machine
Lame machine from hackthebox

7. And now we run the exploit


8. From the results we got that the smb port is running samba 3.0

9. So let’s search in google for exploits on samba smb 3.0. After some searching we got to know that there is a metasploit module called usermap script which can be used to exploit samba smb 3.0.

Gaining access:

1. Search for usermap_script

search usermap_script

2. Select our exploit from the list by specifying the path

use exploit/multi/samba/usermap_script

3. View the options needed to be set using the show options command

show options

4. We have to set the rhosts to the remote machine address

set rhosts

5. Now lets exploit the machine


6. Ta da, we got a meterpreter shell

7. Let’s check who we are on the system


We are root !!!!

Don’t forget to check out our latest Blogs – HackTheBox  Legacy Writeup


Training Calender