Hack The Box Write-Up : Lame

Info Card : Lame

1. Executive Summary

Based on enumeration, it is discovered that there are SMB services running in the host. Sever Message Block or in short SMB is a network protocol for communications on a Windows-based system. SMB attacks are the best known remote code execution attacks for Windows systems.

2. Description

Given IP address is 10.10.10.3. By using nmap, I scanned the host to check what port is open for the service.

And according to nmap scan result, there are four ports open : 21 (FTP), 22 (SSH), 139 and 445 (SMB).

Seeing a service using two ports is something worth to suspicious.

From the screenshot above, I discovered information about version of SMB that the host used.

Samba not simba..hehe

After discovering the version my next to do list is looking for the exploit. Using CVE-2007–2447, I used metasploit module named “/exploit/multi/samba/usermap_script” to exploit Samba to gain root shell.

As I manage to slide in myself inside the shell as root, I discovered user flag in /home/makis/user.txt and root flag in /root/root.txt

This is my expression after finishing this machine.

purple enthusiast