HackTheBox – Walkthrough of LAME BOX

Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills. Lame is the first machine published on Hack The Box and is for beginners, requiring only one exploit to obtain root access.

Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills. Lame is the first machine published on Hack The Box and best for beginners, requiring only one exploit to obtain root access.

We will use the following tools to pawn the box on a Kali Linux box.

Step 1 – Scanning the network

As an initial step, before you exploit the machine, it you need scan and investigate.

This is important to determine what hackers can exploit afterwards. It is always better to spend time on this phase to extract maximum informatio.

Nmap (Network Mapper). Nmap is a free and open source utility for network discovery and security auditing. Raw IP packets are used to determine hosts available on the network, services offered by those hosts, operating systems running, packet filters, firewalls in use, and many other characteristics.

Use the following command to get a basic idea of what we are scanning

nmap -sV -sC -A 10.10.10.3

-sV: Probe open ports to determine service/version info

-sC: Default script sets

-A: Aggressive scan. Enable OS detection, version detection, script scanning, and traceroute

10.10.10.3: IP address of the Lame box

We can see that there is 4 open ports:

Port 21. File Transfer Protocol (FTP) control (command) where anonymous FTP login allowed.

Port 22. TCP

Port 139. netbios-ssn samba

Port  145. netbios-ssn samba

Box is samba vulnerable.

Step 2 – The Vulnerable samba

We will use Searchsploit to check if there’s any known vulnerability on samba 2.3.0. Searchsploit is a command line search tool for Exploit Database

I use the following command

searchsploit samba 2.3.0

It is found that there is a vulnerability – Backdoor Command Execution – let’s try to exploit it

As it is ruby based, Metasploit is used. It’s a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders.

samba

We can see there are several different exploits and axillaries. However, we are interested in 14, as that is what searchsploit gave us.

exploit/multi/samba/username_script

Following command is used for the exploit

use exploit/multi/samba/username_script

This will launch the exploit. This command displays the available options.

show options

You can see that the remote host (RHOSTS) is not yet set. RHOSTS will be the victim.

Following command sets the remote host using the IP address of HTB Lame box

set RHOSTS 10.10.10.3

The exploit can be run now.

Bingo! A command shell opened. Let’s see what we can be find 🙂

Step 3 – Looking for the root.txt flag

Following command is used to list all the files/folders

ls

Let’s move to the home folder and see what we can find.

cd home

To open an interactive python shell the following command is used.

shell

To check the location, following command is used.

pwd

Shell is opened. We find the root directory.

To read the content of the file the following command is used.

cat root.txt

Step 4 – Looking for the user.txt flag

Now look for flag user.txt

Get back to the root directory.

cd home

We found the user.txt file in makis folder! To read the content of the file following command is used.

cat user.txt

Congrats! You found both flags!

Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
1
Hello 👋
How can we help you?