Skip to content

Hack the box – Lame writeup without Metasploit

Decided to do Lame today. I’m lame yes not a problem. Lame is a Linux easy box. By the way hack the box new theme rocks. Do check it out.

I did face a lot of trouble with SMB scripts, I think after the upgrade something must have been broken. Need to check on those issues.

Let’s start with Nmap and see which ports we can attack.

5 ports were open. 21,22,139,445 and 3632. I tried FTP couldn’t exploit. Tried SMB couldn’t exploit. The last one was distccd which was exploitable.

https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855

Can use the following link to get the exploit. Let’s fire the exploit against the box. Start netcat

We got a shell. Now we need to escalate privileges. I used both LinEnum and Linuxprivilegechecker for this box. LinEnum showed me MYSQL which I couldn’t exploit. But I am thinking about trying again after finishing the rest of the boxes. I would like to do escalate privileges using MYSQL.

Next downloaded linuxprivilegechecker and ran it in the box. This time found something interesting which reminded me about Beep from hack the box.

Nmap Related shell escape sequence. Let’s try that.

we got the root flag. In short euid was root now.

You can always follow me on twitter to get the latest updates https://twitter.com/far3y

Published inHackinghacktheboxOSCP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *