Lame writeup without metasploit

Hello guys, Sarvan here. I’m publishing this write-up for a machine in Hack the box called LAME.

The Nmap scan result discovered

Ports 21, 139 are open, and the version of ftp running on port 21 is vsftpd 2.3.4. We have a backdoor execution for this version of vsftpd. Unfortunately, for this box the exploits for vsftpd weren’t working, and i even tried in metasploit which didn’t work

So i performed script scan on port 139 and got some juicy stuff. Which is samba version 3.0x and it is vulnerable for command execution.

I got this script after searching it on the internet. Which is samba usermap exploit script written in python.

Script

In this script i modified the import statements like,

from smb import *

from smb.SMBConnection import SMBConnection

I modified it to make it work with python3 as the script was written in python2.

So basically this script has a function called exploit which needs rhost, rport, lhost, lport. Exploit function first creates payload, connects and executes it on target.

After this, i executed the modified script in this syntax => python3 <scriptname> <targ_ip> <targ_port> <local_ip> <local_port>

And simultaneously i started netcat listner on port 5555

Now i entered the machine as ROOT 😎

After exploring files, under home and makis, i got user.txt

And under root, i got root.txt

Voila, we’re done! It’s a pretty fun box and requires some version numbers and scripts scans to solve.

Thanks for reading this, hope you enjoyed it.

I’ll see you guys in the next one. Until then, BYE. Stay safe on the internet.