Hack The Box: Lame

HackTheBox

Box: Lame

IP: 10.10.10.3

Let’s fire off our NMAP scan of nmap -A -p- -T4 10.10.10.3 and see what we get.

We can see a couple of different services running.

Since we get the Samba version (Samba smbd 3.0.20-Debian) right away, let’s see what exploits there are for it out on the web.

By searching smbd 3.0.20-Debian exploit we can see Rapid7’s website pop up.

Open up the site.

And we can see that this exploit effects Samba version 3.0.20 through 3.0.25rc3.

The nice thing about Rapid7, is they can have the exploit location for metasploit already typed out for you. In this case the exploit is called usermap_script.

Let’s fire up metasploit and see what options we get for the exploit.

Looks like we just need to set the remote host and the local host.

If we run the exploit, we get a shell!

We have successfully rooted this machine! Thanks for reading!

Written on March 30, 2021