This was my first time attempting a Hack The Box machine that’s not on the Starting Point. The machine offers two modes: Adventure Mode and Guided Mode. I first went for the Adventure Mode because I wanted to explore the box and solve it on my own. However, I hit a dead end and didn’t know how to proceed. So, I switched to Guided Mode, which was similar to the Starting Point boxes. With the help of Guided Mode and the questions, I was able to solve the box easily. Looking back, it wasn’t really that hard, but I felt stuck and had no clude what to do next. It takes a lot of trial and error to get better at this, and I’ve improved a lot over the past few months. I’m proud of my progress, but I know I have a long way to go. In the end, it’s so much fun, and that’s what really matters.
How many of the nmap top 1000 TCP ports are open on the remote host?
4
I scanned all 65535 ports so I found 5 open ports but the question was asking for the top 1000 TCP ports. Excluding the port 3632, the answer should be 4.
What version of VSFTPd is running on Lame?
2.3.4
There is a famous backdoor in VSFTPd version 2.3.4, and a Metasploit module to exploit it. Doe sthat exploit work here?
noI’ve set up the required RHOSTS and RPORT, then ran the exploit but didn’t seem to work.
What version of Samba is running on Lame? Give the numbers up to but not including “-Debian”.
3.0.20From the nmap scan, we can see that it’s running the version 3.0.20 of Samba.
What 2007 CVE allows for remote code execution in this version of Samba via shell metacharacters involving the SamrChangePassword function when the “username map script” option is enabled in smb.conf?
CVE-2007-2447
Exploiting CVE-2007-2447 returns a shell as which user?
root
Submit the flag located in the makis user’s home directory.
063d439bcae7f5e0ab82493bd8035243
Submit the flag located in root’s home directory.
910d82f873622fdf9e5abb95ba010832
