Lame hackthebox walkthrough
I will start today publishing my own write-ups for retired machines on Lame hackthebox platform, which is one of the best online VPN-based platforms for Boot2Root CTF machines.
In this article you will learn the following:
Using nmap to find opened ports & running services.
Searching for public exploits for vulnerable services.
Download & installed required libraries to run exploit.
Getting nc reverse shell.
- The selected machine will be Lame which is a Linux based machine with IP address 10.10.10.3 (You can play with this machine if you are subscribed for VIP Labs only).
Scanning the machine, I found that it has the following open ports and running services (21 ftp, 22 ssh, 139 & 445 samba).
Searching for the ftp service which runs vsftpd 2.3.4 I found that it’s vulnerable to RCE. After trying to exploit it I found that I can not get shell (even using metasploit).
So, I start trying the other services. By searching for samba 3.0.20, I found that it’s vulnerable to RCE. So, searching the web using the CVE code i found that someone wrote a python script to exploit this vulnerability. Actually, I don’t like to use the metasploit exploit to those who are trying to pass the OSCP exam to increase their skills.
I downloaded this exploit and installed the prerequisites and after that run the script and I got a reverse shell on my Kali Linux machine.
Actually, this machine is for noobs and beginners and has no complexity.
I hope you enjoyed and learn new thing in pen-testing field. If you have an question or comments, please write them down in the comments and wait for the next writeup 😀