Lame HackTheBox Notes

Genius = https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

IP address: 10.10.10.3

Recon

nmap -v -sU -sS -p- -A -T4 target

Port 445/tcp: used for direct TCP/IP MS Networking access without the need for NetBIOS layer. SMB (Server Message Block) protocol is used among other things for file sharing. Used in Windows 2K/XP to run SMB directly over TCP/IP without the extra layer of NetBT. https://www.speedguide.net/port.php?port=445

Port 139: SMB (NETBIOS Session Service)

Smb enumerations are failing

Nmap -p 445 -A 10.10.10.3

Nmap -p 445 –script smb-vuln-* 10.10.10.3

Smbmap -H 10.10.10.3

Machine generated alternative text:
smbmap -H 10.10.10.3 
[+] Finding open SMB ports. 
[+] User SMB session establishd on 10.10.10.3.. 
[+] IP: 10.10.10.3:445 Name: 10.10.10.3 
Disk 
print$ 
tmp 
opt 
IPC$ 
ADMIN$ 
Permissions 
NO ACCESS 
READ, WRITE 
NO ACCESS 
NO ACCESS 
NO ACCESS

Smbclient -L \\10.10.10.3

Machine generated alternative text:
smbclient 
Enter WORKGROUP\root's password: 
Anonymous login successful 
Sharename 
print$ 
tmp 
opt 
IPC$ 
ADMIN$ 
Type 
Disk 
Disk 
Disk 
IPC 
IPC 
Comment 
Printer Drivers 
oh noes! 
IPC service 
IPC service 
(lame server 
(lame server 
(Samba 3.0.20-Debian)) 
(Samba 3.0.20-Debian)) 
Reconnecting with SMBI for workgroup listing. 
Anonymous login successful 
Server 
Wo rkgroup 
WORKGROUP 
Comment 
Master 
LAME

Now that we have the Samba version we can discover the critical vulns present on this system.

Port 21: ftp

Anonymous sign-in is enabled but there are no known files present

Port 22: SSH

Exploit

Easy Way

https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script

Real Way

https://linxz.co.uk/vulnerabilities/2018/11/14/Samba-username-map-script.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: