A MOTION GRAPHICS WRITEUP FOR HACK THE BOX ROOM – LAME

Lame HTB writeup - Summary

INTRODUCTION

The Hack The Box machine “Lame” is an entry-level challenge designed for beginners in cybersecurity and penetration testing. It’s an ideal starting point for those new to the field, especially for individuals who want to practice using tools like Metasploit. The machine involves exploiting a vulnerability in a specific version of the Samba service, allowing for easy exploitation and gaining root access.

“Lame” is one of the first machines that many Hack The Box users may encounter.
It serves as a perfect introduction to basic enumeration, exploitation, and post-exploitation techniques. While the challenges it presents are not overly complex, they are fundamental, making “Lame” a great starting point for newcomers to cybersecurity.

Since This is a Beginner Friendly Machine from Hack The Box ,
This writeup would be explained Step-By-Step in Two ways :
One is would be based on manual enumeration and other using Metasploit
( Future References will land to this post ) **

Whoami ?

Machine Name : Lame
Author : ch4p [ Let’s add some respect to the Author & HTB Creator ]
Based on : Linux OS
Difficulty Level : Easy [ Beginner Friendly ✅ ]
Link – https://www.hackthebox.com/machines/Lame
Release Date : 14th March , 2017
Current Machine State : Retired
Access : Retired Free Machine [ Free Acess to Anyone with HTB account ]

HTB101 Recommends

Lame From Hack The Box is perfect for :

eJPT ( eLearnSecurity Junior Penetration Tester ) – INE (InterNetworkExpert )
PJPT ( Practical Junior Penetration Tester – TCM Security )
eCPPT ( eLearnSecurity Certified Professional Penetration Tester ) – INE (InterNetworkExpert )
PNPT ( Practical Network Penetration Tester – TCM Security )
OSCP ( OffSec Certified Professional )
CPTS ( Certified Penetration Testing Specialist ) – Hack The Box Academy
and other Practical Entry-Level & intermediate certification in Cybersecurity .

Objectives

Find the User Flag
Reconnaissance > Enumeration > Exploitation [ Samba ]
Find the Root Flag
Privilege Escalation using Metasploit

Initial Enumeration

Network Scanning (Nmap)

The first step in any penetration test is to gather information about the target. We start by using Nmap, a powerful network scanning tool, to enumerate open ports and services on the “Lame” machine.

Nmap scan is a crucial first step in identifying potential attack vectors. By employing Nmap, a widely-used network scanning tool, penetration testers can discover open ports, services, and versions running on the target machine.

Nmap Scan Command :

nmap -sV -sC -v3 10.10.10.3

Breakdown of the nmap CLI Command:

nmap ? : The command-line tool for network exploration and security auditing.
-sV : ( Version Detection ) – Attempts to determine the version of the services running on open ports.
-sC : (Script Scan ) – This option enables a set of scripts that are useful for enumeration and vulnerability detection.
-v3 : ( Verbose Mode ) – In Nmap, the -v option controls the verbosity level of the output, which determines how much information Nmap displays during its scan. The -v3 option would set the verbosity level to 3, providing a very detailed output.
10.10.10.3 : ( IP Address ) – The target IP address of the “Lame” machine.
[ Remains same for Everyone ]

Nmap scan Results ( CLI )

nmap scan results for Lame – Hack The Box Machine – HTB101.com

Scan Output

The scan reveals the following open ports and associated services:

PORT      STATE   SERVICE          VERSION
21/tcp    open    ftp              vsftpd 2.3.4
22/tcp    open    ssh              OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
139/tcp   open    netbios-ssn      Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp   open    netbios-ssn      Samba smbd 3.0.20-Debian (workgroup: WORKGROUP)

FTP (Port 21): Running vsftpd 2.3.4, which is known to be vulnerable.
SSH (Port 22): Running OpenSSH 4.7p1, with no immediate known vulnerabilities suitable for this scenario.
Samba (Ports 139 and 445): Running Samba version 3.0.20-Debian, a service with known vulnerabilities, notably related to remote code execution.

[simple-author-box]

Tags:

Posted BySunny Singh Verma

Hi, I’m Sunny – a Blogger and Cybersecurity enthusiast with a special focus on Ethical Hacking and Red Teaming. My journey in cybersecurity has been driven by a deep passion for exploring the intersection of technology and security. With internationally recognized certifications such as Security+, Certified Ethical Hacker Master, eJPT, eCPPT, CHFI, RHCSA, and C3SA, I continue to expand my knowledge and expertise in this ever-evolving field. Through this blog, I aim to share my insights, experiences, and ideas, combining my love for cybersecurity and writing. You’ll also find CTF writeups from my challenges on Hack The Box, where I delve into the tactics, techniques, and methodologies used in penetration testing and red teaming. Join me as I explore the exciting world of cybersecurity for following HTB101 !

Show Comments (1)

Spiderman

Spiderman

August 4, 2024 at 11:08 am

Hello !
You have a nice website and this has helped in my Hack The Box journey !
Thank you Spidey out

Warm regards
Your Friendly Neighborhood Spiderman 🕸️🕷️

Reply