Greetings everyone! We’re back with another HackTheBox machine to exploit. This one is called Lame! I’m sure there is nothing lame about this box. After all; we are still getting our hands dirty with some penetration testing action! Without further delay, let’s dive into it!
The machine Lame has an IP Address of 10.10.10.3. Let’s start an Nmap scan to see what it has for open ports and running services!
As we can see from the Nmap results, we have a few options to work with. Let’s start with trying to find an exploit for vsftpd 2.3.4, as we know from an earlier blog post that this can be easily exploited with Metasploit. So let’s fire it up!
Now let’s configure the exploit via the “show options” command, and enter the necessary information:
Pretty simple!
Wait, what? It looks like our exploit is failing! No biggie; let’s move on and try to exploit the machine another way. Looking back at our Nmap scan, we also see that the machine may be vulnerable to exploit via Samba. So let’s try that!
And success! The exploit works without any issue!
Once we have our shell, we can type “whoami” to see our current privileges. We are greeted with root privileges right away! Looks like there will be no privilege escalation this time, which is a shame because even though that can be frustrating, it is still a very good learning experience and we always seem to learn something new every time we do it!
Oh well, let’s hunt for our flags!
The first flag is located in the Makis user share:
Since we’re already root, we can just browse to the root directory and find that flag immediately:
So there you have it! A very simple box to exploit. Perhaps that is why the box is called Lame? Still, anytime we’re able to get full root access to a box we should be excited. I’m sure the next box we try will be more difficult, so stay tuned!
Thanks for reading!