Lame — HackTheBox Write-up (L-E)
Feb 28, 2021
Press enter or click to view image in full size![]()
Lame is an easy Linux box released way back in March 2017 that involves exploiting a SMB vulnerability on the machine.
Reconnaissance
Let’s check for open ports and running services using nmap
Press enter or click to view image in full size![]()
We have 4 ports open; 21, 22, 139, and 445.
Exploring the allowed anonymous login via FTP doesn’t really give us much. The only other interesting ports are the two smb ports.
Exploitation and Privilege Escalation
Searching around, we’ll see that Samba smbd 3.0.20 has a username map script command execution vulnerability. Let’s use that on Metasploit.
Press enter or click to view image in full size![]()
It worked!
Press enter or click to view image in full size![]()
Let’s stabilize our connection by spawning a python interactive shell
Press enter or click to view image in full size![]()
Since we’re already a root user, finding both the user and root flag is just a matter of directly reading the files.
User Flag
Press enter or click to view image in full size![]()
Root Flag
Press enter or click to view image in full size![]()
