Lame writeup without metasploit
Hello guys, Sarvan here. I’m publishing this write-up for a machine in Hack the box called LAME.
The Nmap scan result discovered
Ports 21, 139 are open, and the version of ftp running on port 21 is vsftpd 2.3.4. We have a backdoor execution for this version of vsftpd. Unfortunately, for this box the exploits for vsftpd weren’t working, and i even tried in metasploit which didn’t work
So i performed script scan on port 139 and got some juicy stuff. Which is samba version 3.0x and it is vulnerable for command execution.
I got this script after searching it on the internet. Which is samba usermap exploit script written in python.
In this script i modified the import statements like,
from smb import *
from smb.SMBConnection import SMBConnection
I modified it to make it work with python3 as the script was written in python2.
So basically this script has a function called exploit which needs rhost, rport, lhost, lport. Exploit function first creates payload, connects and executes it on target.
After this, i executed the modified script in this syntax => python3 <scriptname> <targ_ip> <targ_port> <local_ip> <local_port>
And simultaneously i started netcat listner on port 5555
Now i entered the machine as ROOT 😎
After exploring files, under home and makis, i got user.txt
And under root, i got root.txt
Voila, we’re done! It’s a pretty fun box and requires some version numbers and scripts scans to solve.
Thanks for reading this, hope you enjoyed it.
I’ll see you guys in the next one. Until then, BYE. Stay safe on the internet.