Hack The Box: Lame
Synopsis: Lame was another relatively straight forward box, very similar to Blue. This time around I found a better way to correlate vulnerable services located with nmap to exploits in Metasploit. I also learned more about the idiosyncrasies of netcat and how exploits can potentially tip over a machine.
Started off with my usual nmap script. It is slow but very thorough. I noticed ftp was open but decided to take a shot at Samba first.
“searchsploit” is my new best friend. Its a very easy way to search if a service is vulnerable. Luckily there is a metasploit module which will make this easy.
A search in metasploit confirms its able to be used and I select it with the “use” command.
I set RHOST and LHOST and run the exploit creating a session. This is where I ran into some issues though. When I used my private IP I got very mixed results (very slow, non-responsive, no shell, …..). Undoubtedly there is networking I don’t fully understand. Using the tunnel seemed to do the trick though.
Once I got a shell getting the flags wasn’t an issue but manipulating an exploited shell proved to be a bit different and a little harder than I anticipated.
All and all Lame was a good learning experience that has made me more comfortable with how Metasploit works.