LAME — OSCP LIKE HTB Machine

Image for post
Image for post

Lame is another easy Box from HackTheBox, based on Linux OS.

This is my third writeup in the series OSCP like Boxes.

This is the manual exploit of a retired box from “HackTheBox”.

Let’s start with our very first step to enumerate open ports using nmap scan.

Image for post
Image for post

From above scan we can deduce all the open ports and running services on those ports.

we’ve smb samba share.

Let’s list the shared drive/directories using smb share.

Tool used for smb is smbclient.

Image for post
Image for post

If you do further more enumeration, google search and all for smb exploits you will come across this CVE-2007–2447, usermap-scripts exploit.

Image for post
Image for post

Now, we got the exploit cloned from Github.

The exploit downloaded will look like below:

Image for post
Image for post

Let’s edit run the exploit, but before that we need to setup a netcat listener.

Image for post
Image for post

Let’s run the exploit and see if we get the reverse shell using the netcat listener setup to listen on any traffic coming to port 3344.

Image for post
Image for post

Now Let’s check the netcat listener for any incoming connection.

Image for post
Image for post

Bingo, this usermap _scripts exploit gives us root user directly.

Now traversing through the directories we can capture the user flag and root flag as below:

Image for post
Image for post

Cool, It was an easy machine on the format of OSCP, just required running one exploit and no privilege escalation or any enumerations as such.

Thanks for Reading, give me a clap if i was of any help.

Security researcher, Blogger, Bug Bounty hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store