HackTheBox Legacy
Writeup of Legacy Machine From Hackthebox
Summary
Lame is a beginner level machine from hackthebox , this linux machine can be compromised by using only single level exploit which will directly jump into root user and can further get user flag
Inital Enumeration
Using nmap we can do a full port service scanning and identify that the following ports as open
nmap -sCV -p- -oN 10.10.10.3 -vv
- 21 - FTP ( vsftpd 2.3.4 )
- 22 - SSH ( OpenSSH 4.7p1 )
- 139,445 - CIFS,Samba ( 3.0.20 )
- 3632 - distccd v1
Exploitation
Upon searching for Samba with version (3.0.20) , The samba is vulnerable for CVE-2007-2447 and have a metasploit module called
usermap_script
Upon explotitation we got a direct root shell on the box
Enumeration on the root directory will provide the root flag and home directory will provide the user flag
