Hack The box Lame Walkthrough

The first step to gain access to a box is to perform enumeration to know what all services are running on the box

Run simple nmap command: nmap -sV -Pn -vvv 10.10.10.3

Running nmap we know that we got versions of all the services that are running on the box

On researching we found that vsftpd 2.3.4 version of ftp is vulnerable

We tried to use the exploit to gain shell. Set the Rhost to Lame Box IP 10.10.10.3

After exploiting the vulnerability we were not successful in getting the shell, Looks like the vulnerability is patched

After trying to exploit the vsftpd vulnerability now lets try to exploit the samba 3.0.20 vulnerable version

We selected the usermap_script and configured the Rhost to 10.10.10.3

We see an IP in the LHOST but we need to choose an IP which is in the tun0 interface

so we will use “set LHOST IP“

Now configuring the exploit is done we just need to run the exploit

After we got into the box we tried to know who is the user we have taken over. We need to get a bash shell in order to operate easily

python -c ‘import pty; pty.spawn(“/bin/bash”)’

We used command “ls -la” to list all the files with their access groups

we can see root.txt here which contains the root hash

Now we need to get user.txt we will switch to home directory and do a grep over there

We switched to the makis folder and found the user.txt file