HTB Series #1 LAME

It has been quite a long time that I took out time and tried hands-on the vulnerable machines. I considered HTB to be the better place to resume my learning curve and here is the LAME machine and my write up about how I was able to find the flag. I am aware that there are multiple blog posts and videos already on the internet for guiding the novice pen testers like me. As I started this blog to ensure I write about things that I am learning so that sometimes a new perspective can be brought to any problem.

Target Machine: 10.10.10.3

I started with enumeration as it is a key for Penetration Testing. I started with nmap basic command to identify open ports and services running on the identified port. It identified that the target machine is running with port 21[vsftpd 2.3.4], 22[openssh 4.7p1], 139[smbd 3.x – 4.x] and 445[smbd 3.x – 4.x].

Nmap_Output
NMAP Result

I found that the current stable version of vsftp is 3.0.3, hence thought to check if any exploits available on Metasploit. I found a backdoor exploit available for the exact version which was identified i.e. 2.3.4. I tried to use the module and exploit the vulnerability but bad luck it prompted for a password despite anonymous ftp service is running.

VSFTPD
VSFTPD Exploit

As I did know much, I thought to try samba as file service has been exploited quite easily. Not to disappoint, Metasploit suggested multiple exploits for samba services with few of them ranked as excellent.

Samba_Exploit
Samba based MSF exploit

After reading a bit about the excellent ranked exploit, I decided to go ahead with the command execution exploit. Ahh! I had a shell after running the module. I navigated to the root folder and found the flag.

Samba_Exploit2
Exploiting Samba service using MSF
Samba_Exploit3.png
Finding the Flag

This is the first machine of HTB which I tried to own. The machine was easy from difficulty level and will be rating 3/10 as samba based exploit gave a direct entry to the root folder.

I will be back very soon with the next HTB machine writeup

Plagiarism Score: 0% Calculated from SmallSEOTools

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: