Hack The Box: Lame Write-up

This is my first box to be spawned from HTB in reference to TJ_Null’s OSCP like VMs list. Its a retired VM

Reconnaissance

First lets scan the machine to find available vulnerabilities with nmap tool

run the following code:

From the above enumeration, We can see that Port 21(FTP vsftpd 2.3.4), Port 22(ssh), Port 139(netbios-ssn), Port 445(netbios-ssn) and Port 3632 are open.

Enumeration

Port 21:

Ftp port can be exploited by vsftpd 2.3.4 exploit via metaspoilt but this time I will use the manual way.

lets try to use the smbclient, mostly known where a common vuln can be noticed at tmp directory that is set to be accessed by anonymous access :

As seen below, the tmp directory has read and Write access , which is a vulnerability

Exploitation

Set Netcat listener on your attacker and set the shell interactive after obtaining access after the listener is connected to the target box:

python -c ‘import pty; pty.spawn(“/bin/bash”)’

once SMB shell is opened from a target box, set the reverse shell

Capture the Flag, woop woop,