Skip to main content

Hack The Box Lame

Lame was a Linux machine made by ch4p

Testing Methodologies

We can start the enumeration process with an NMAP scan
nmap -sC -sV

 The following output of the nmap scan shows a few ports are open
  • 21 FTP which has anonymous login enabled which means that we can login to the FTP server by using the username anonymous  and some random password of our choice.
  • 22 Open SSH   
  • 139 NetBios (Samba 3.X)
  • 445 SMB (Samba 3.0.20)

Now we have an outline of what all services are running in the machine .

Seems like there is nothing in FTP, Now the next thing is SMB by searching the Version number from the Nmap Scan on google there is a Code Execution Vulnerability on Samba when using the non-default "username map script" configuration option.By specifying a username containing  shell meta characters we can execute code on the server.

Seems like SAMBA is running as root which makes everything easy