Hack The Box (Lame)

By: Nicholas Werner

I started off with nmap. I used these two nmap scans because I wanted to complete them a bit quicker.

I see that port 21, 22, 139, 445, and 3632 are open.

I want to see what I can find in SMB first. I used the --option=’client min protocol=NT1' because it’s an old machine and it wasn’t allowing me to connect normally with smbclient -L \\\\10.10.10.3\\

This doesn’t really give me much so I look to enumerate further on the Samba version.

I chose the Rapid7 exploit and start up Metasploit.

I set rhosts to the victim machine (10.10.10.3) and lhost to tun0 (10.10.14.7).

I run exploit and I got a shell.

I typed whoami to see that I was root, hostname to make sure I was in the correct machine (lame), pwd to show our current directory, and ls to show the contents of that directory.

I then typed cd root and ls to view the contents of the root directory and cat root.txt to find the root flag.

Finally, I typed cd home and ls to view the contents of the home directory, cd makis and ls to view the contents of the makis directory, ls again, and cat user.txt to find the user flag.