Hack The Box Write-Up : Lame

Info Card : Lame

1. Executive Summary

Based on enumeration, it is discovered that there are SMB services running in the host. Sever Message Block or in short SMB is a network protocol for communications on a Windows-based system. SMB attacks are the best known remote code execution attacks for Windows systems.

2. Description

2.1 Enumeration

Given IP address is By using nmap, I scanned the host to check what port is open for the service.

And according to nmap scan result, there are four ports open : 21 (FTP), 22 (SSH), 139 and 445 (SMB).

Seeing a service using two ports is something worth to suspicious.

2.2 Exploitation

From the screenshot above, I discovered information about version of SMB that the host used.

Samba not simba..hehe

After discovering the version my next to do list is looking for the exploit. Using CVE-2007–2447, I used metasploit module named “/exploit/multi/samba/usermap_script” to exploit Samba to gain root shell.

As I manage to slide in myself inside the shell as root, I discovered user flag in /home/makis/user.txt and root flag in /root/root.txt

This is my expression after finishing this machine.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store