Open in app

Sign in

Write

Sign in

Lame Box From HTB

Cyb0rgBytes
3 min readMar 4, 2020

--

Lame box was relatively an easy box, it’s considered one of the easiest boxes on HTB and was launched in the beginning of HTB.

Hack The Box :: Penetration Testing Labs

Login to the Hack The Box platform and take your pen-testing and cyber security skills to the next level!

www.hackthebox.eu

Tools we are gonna use in this box are :

ping

Nmap

Metasploit

SearchSploit

Starting with Any box and any penetration testing procedure we start with information gathering.

Information gathering : is as the title states it’s the process of hunting and scanning the target and gathering as much information as possible for future exploitation and penetration it’s vital step and crucial in every hacking flow.

PHASE #1 of the ATTACK: Info Gathering.

Lets first try if we can reach the box and communicate.

First of all lets ping the box with ping tool

Perfecto! we can reach it.

lets start with nmap scan :

nmap -sV -O -F — version-light 10.10.10.3

  • sV — Service / Version Detection : Probe open ports to determine service/version info
  • -O — OS Detection : Enable OS detection
  • -F Fast Mode: Scan fewer ports than the default scan
Interesting results..

By looking at the scan above we find multiple could-be vulnerable services that are worth checking out.

Open Ports

21 FTP

22 SSH

139 SAMBA netbios-ssn

445 SAMBA netbios-ssn

PHASE #2 of the ATTACK : Looking for vulnerable services to exploit.

Vulnerable services :

In this section we are gonna use Searchsploit for searching for vulnerabilites and exploits for the first open service and port 21 FTP

Lets use SearchSploit to search for the version :

Samba 3.0.20 has “username map script” vulnerability. Let us use this vulnerability to exploit this machine.

PHASE #3 of the ATTACK : exploiting Samba vulnerability we found

The vulnerability states thats module exploits a command execution vulnerability in Samba
versions 3.0.20 through 3.0.25rc3 when using the non-default
“username map script” configuration option. By specifying a username
containing shell meta characters, attackers can execute arbitrary
commands. No authentication is needed to exploit this vulnerability
since this option is used to map usernames prior to authentication!

Time to ROLL>

By using Metasploit we can search for either CVE or services and their corresponding vulnerabilities and exploits.

msf5 > use exploit/multi/samba/usermap_script

The moment of truth.
JACKPOT.

Lets check who are we on the system.

Mmmm That’s quite easy.

We directly got root from one exploit that’s pretty damn easy.

Lets get the flag and run away

BINGO !

Now user!

Lets run before the IT Admins come :P

Conclusion:

The box was relatively old and easy, that didn’t take much effort until next time tune in for more !

Thanks for Reading.

Security
Cybersecurity
Htb
Ctf
Penetration Testing

--

--

Cyb0rgBytes
Cyb0rgBytes

Written by Cyb0rgBytes

30 Followers
10 Following

A Passionate and Defensive Type of Ethical Hacker , booted and ready to secure the world

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams