HTB Series #1 LAME

It has been quite a long time that I took out time and tried hands-on the vulnerable machines. I considered HTB to be the better place to resume my learning curve and here is the LAME machine and my write up about how I was able to find the flag. I am aware that there are multiple blog posts and videos already on the internet for guiding the novice pen testers like me. As I started this blog to ensure I write about things that I am learning so that sometimes a new perspective can be brought to any problem.

Target Machine:

I started with enumeration as it is a key for Penetration Testing. I started with nmap basic command to identify open ports and services running on the identified port. It identified that the target machine is running with port 21[vsftpd 2.3.4], 22[openssh 4.7p1], 139[smbd 3.x – 4.x] and 445[smbd 3.x – 4.x].

NMAP Result

I found that the current stable version of vsftp is 3.0.3, hence thought to check if any exploits available on Metasploit. I found a backdoor exploit available for the exact version which was identified i.e. 2.3.4. I tried to use the module and exploit the vulnerability but bad luck it prompted for a password despite anonymous ftp service is running.

VSFTPD Exploit

As I did know much, I thought to try samba as file service has been exploited quite easily. Not to disappoint, Metasploit suggested multiple exploits for samba services with few of them ranked as excellent.

Samba based MSF exploit

After reading a bit about the excellent ranked exploit, I decided to go ahead with the command execution exploit. Ahh! I had a shell after running the module. I navigated to the root folder and found the flag.

Exploiting Samba service using MSF
Finding the Flag

This is the first machine of HTB which I tried to own. The machine was easy from difficulty level and will be rating 3/10 as samba based exploit gave a direct entry to the root folder.

I will be back very soon with the next HTB machine writeup

Plagiarism Score: 0% Calculated fromĀ SmallSEOTools

Leave a Reply

Up ↑