Decided to do Lame today. I’m lame yes not a problem. Lame is a Linux easy box. By the way hack the box new theme rocks. Do check it out.
I did face a lot of trouble with SMB scripts, I think after the upgrade something must have been broken. Need to check on those issues.
Let’s start with Nmap and see which ports we can attack.
5 ports were open. 21,22,139,445 and 3632. I tried FTP couldn’t exploit. Tried SMB couldn’t exploit. The last one was distccd which was exploitable.
Can use the following link to get the exploit. Let’s fire the exploit against the box. Start netcat
We got a shell. Now we need to escalate privileges. I used both LinEnum and Linuxprivilegechecker for this box. LinEnum showed me MYSQL which I couldn’t exploit. But I am thinking about trying again after finishing the rest of the boxes. I would like to do escalate privileges using MYSQL.
Next downloaded linuxprivilegechecker and ran it in the box. This time found something interesting which reminded me about Beep from hack the box.
Nmap Related shell escape sequence. Let’s try that.
we got the root flag. In short euid was root now.
You can always follow me on twitter to get the latest updates https://twitter.com/far3y