Hack the Box — Lame

HTB Tags: #Internal #Network #SAMBA #RCE #CVE-2007–2447 #PublicVulnerabilities #CVE-Exploitation

As part of my on-going development, I decided that having completed the HTB Starting Point series, I would work my way through the retired easy rated boxes, utilising what I had learnt so far. Lame is the first of these boxes. So let’s get started!


ping $IP -c 4

Now we have confirmation of a steady service we can continue enumeration.


nmap -sCV -Pn $IP

So from here we can confirm that we have a number of open, workable ports. With the HTB tags indicating RCE and CVE Exploitation, I jumped straight in the deep end and opened up metasploit.


As always a great splash screen. So reviewing each of the ports, with 21 first, showing vsftpd 2.3.4, let’s check for exploits.

Looks as though we have selection. Let’s use this and see what it gets us.

Setting the RHOSTS as my target IP we then run the exploit.

Although the exploit completed with no session, we can assume that the vulnerabilty was patched. On to the next one. Let’s look at Samba 3.0.20.

Another with a valid exploit. Let’s select and check/set options.

This time we need to provide our own IP address for a reverse netcat. Once completed we can now run the exploit.

So a session is created this time. Checking some basic commands we find we are root, and therefore have control of the whole box!

ls /home
ls /home/makis
cat /home/makis/user.txt
cat /root/root.txt


I really enjoyed this box as all the information came from the nmap report. I don’t normally use metasploit but it’s nice to check that I still remember how to use the tool.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store