Hack the Box Walkthrough - “Lame”

I know, I know…another write up on “Lame”. That retired machine on Hack the Box that acts as a rite of passage. Similar to printing “hello world”, I figured it would serve as a good starting point to get my feet wet. Armed with a list of legacy boxes to be pwned from a professor/mentor. I dove into this challenge well knowing of the countless write-ups and information I could pull from.

Platform: Hack the Box

Machine: Lame

OS: Linux

First, I started the attack by utilizing NMAP to port scan the machine in order to enumerate the target:

The specific command that I used was “nmap -sV -O {IP Address}”, this fed me back the open services on the machine. The first item that caught my eye was the FTP service running, “vsftpd 2.3.4”. “Could it be that easy?”, remembering back to going through Metasploitable 2. Shortly after I armed the Metasploit framework to attempt that module.

Did it let me in that easy? No. So then I turned to my NMAP output looking to the open SSH Service and attempted to brute force the SSH to no avail.

What did lame tell me…Hell Nah. I even tried brute-forcing the credentials with hydra.

Knowing that brute-forcing was not the ticket in. I turned to the Samba smbd 3.x — 4.x service, and conducted some research.

I then loaded and fired off the module “exploit/multi/samba/usermap_script”, got my shell, checked my user rights, and began looking for the flags. This exploit utilizes a vulnerable configuration option (“username map script”) in Samba versions 3.0.0 through 3.0.25rc3.

In all this box was very easy, but I feel it is a right of passage for those exploring the HTB network. I would definitely recommend my fellow newcomers to explore this challenge and go through the exercise without any outside help.

-Happy Hacking

-C1t0_ba5h