Lame — HackTheBox Write-up (L-E)

Lame is an easy Linux box released way back in March 2017 that involves exploiting a SMB vulnerability on the machine.


Let’s check for open ports and running services using nmap

We have 4 ports open; 21, 22, 139, and 445.

Exploring the allowed anonymous login via FTP doesn’t really give us much. The only other interesting ports are the two smb ports.

Exploitation and Privilege Escalation

Searching around, we’ll see that Samba smbd 3.0.20 has a username map script command execution vulnerability. Let’s use that on Metasploit.

It worked!

Let’s stabilized our connection by spawning a python interactive shell

Since we’re already a root user, finding both the user and root flag is just a matter of directly reading the files.

User Flag

Root Flag



Noob crypto boi

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store