Lame was a Linux machine made by ch4p
Testing Methodologies
We can start the enumeration process with an NMAP scan
The following output of the nmap scan shows a few ports are open
Now we have an outline of what all services are running in the machine .
Seems like there is nothing in FTP, Now the next thing is SMB by searching the Version number from the Nmap Scan on google there is a Code Execution Vulnerability on Samba when using the non-default "username map script" configuration option.By specifying a username containing shell meta characters we can execute code on the server.
Testing Methodologies
We can start the enumeration process with an NMAP scan
nmap -sC -sV 10.10.10.3
- 21 FTP which has anonymous login enabled which means that we can login to the FTP server by using the username anonymous and some random password of our choice.
- 22 Open SSH
- 139 NetBios (Samba 3.X)
- 445 SMB (Samba 3.0.20)
Now we have an outline of what all services are running in the machine .
Seems like SAMBA is running as root which makes everything easy
Comments
Post a comment