Lame hackthebox walkthrough

I will start today publishing my own write-ups for retired machines on Lame hackthebox platform, which is one of the best online VPN-based platforms for Boot2Root CTF machines.
In this article you will learn the following:

Using nmap to find opened ports & running services.

Searching for public exploits for vulnerable services.

Download & installed required libraries to run exploit.

Getting nc reverse shell.

• The selected machine will be Lame which is a Linux based machine with IP address 10.10.10.3 (You can play with this machine if you are subscribed for VIP Labs only).
  Scanning the machine, I found that it has the following open ports and running services (21 ftp, 22 ssh, 139 & 445 samba).

Searching for the ftp service which runs vsftpd 2.3.4 I found that it’s vulnerable to RCE. After trying to exploit it I found that I can not get shell (even using metasploit).
So, I start trying the other services. By searching for samba 3.0.20, I found that it’s vulnerable to RCE. So, searching the web using the CVE code i found that someone wrote a python script to exploit this vulnerability. Actually, I don’t like to use the metasploit exploit to those who are trying to pass the OSCP exam to increase their skills.

I downloaded this exploit and installed the prerequisites and after that run the script and I got a reverse shell on my Kali Linux machine.

Actually, this machine is for noobs and beginners and has no complexity.
I hope you enjoyed and learn new thing in pen-testing field. If you have an question or comments, please write them down in the comments and wait for the next writeup 😀