HackTheBox Lame Writeup

Reconnaissance

Enumeration

Exploitation

Linux Privilege Escalation with Metasploit

________________________________________

Reconnaissance

Run the nmapAutomator.sh script to automate all of the process of recon/enumeration.

We can see there are 4 pots open port 21, 22, 139 & 445

Enumeration

After some try we found port 445 Samba 3.0.20 is Vulnerable. Simple Google search gives us python script to exploit this vulnerability.Lets download this scriptExploitation

Now run the script and get the root shell

We need to run python command to Spawn a tty shell. User Flag is in “/home/makis” directory and root flag is in “/” directory

Linux Privilege Escalation with Metasploit

We can exploit this vulnerability with Metasploit also, lets fire up msfconsole and search Samba 3.0.20 we will find this exploit “exploit/multi/samba/usermap_script”

lets configure it and run the exploit

Leave a Reply

Your email address will not be published. Required fields are marked *