HackTheBox – Lame – Walkthrough

First information gathering, Nmap is the great tool to get all the information about the services, ports and a lot more.

Command:

Nmap -sV -sC -A -oN name.txt ipaddress

From the Nmap scan we got to know that it is using vulnerable ftp service version vsftpd 2.3.4 and the port it is using is also open, it was also having ssh service but that was not vulnerable, there was a NetBIOS service and the samba software version was looking vulnerable.

we tried to use ftp and we managed to enter into the box.

Command:

ftp <ip-address>

it was not that much useful hence we moved forward with our other important information, we knew from the Nmap scan info that the ftp version is vulnerable hence we tried to search for the exploit for that version, we used searchsploit to suggest some good exploits.

Command:

searchsploit vsftpd 2.3.4

Searchsploit suggested some exploits, we looked for more exploits in Metasploit framework and we find a good exploit

exploit/unix/ftp/vsftpd_234_backdoor

To execute this exploit, we used simple Metasploit commands

use exploit/unix/vsftpd_234_backdoor

show options  // to see the options available for this exploit

set RHOST ipaddress

exploit

After trying this exploit quite a few times, we didn’t find anything useful hence we tried to look for other vulnerable software in the box, we did find the samba version vulnerable hence we checked that samba version for exploits in searchsploit.

Command:

searchsploit 3.0.20

We find some suggestions for exploits, we choose the one which is with Metasploit framework, we used

exploit/multi/samba/usermap_script

We used simple Metasploit commands to run this exploit,

use exploit/multi/samba/usermap_script

show options

set RHOST ipaddress

exploit

after a few seconds, we got our shell from where we find our flag in a text file called root.txt.

 

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *