Lame (Hack The Box Writeup)


URL : https://app.hackthebox.eu/machines/Lame

IP : 10.129.197.50

Info gathering

  • Port Scanning
      • 21,22,139,445,3632
      • Anonymous FTP
      • SMB
      • 3632 Port distccd

File Protocol

  • Try anonymous login FTP
    • It’s empty
  • Try anonymous login SMB
    • There are tmp and opt folder
    • Access tmp folder
        • Download all file

Exploit Distccd

  • Distccd_rce_CVE-2004-2687
    • https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855
  • Run Reverse shell
  • Get User Flag

Privilege escalation

  • Run LinPEAS
      • NFS Exploit?
      • Eterm SGID Binary?
      • nmap SUID !!
  • Nmap GTFOBins
    • Shell (2) Interactive shell
      • https://gtfobins.github.io/gtfobins/nmap/#suid
      • nmap --interactive
      • nmap> !sh
  • Get Root Flag
,

發表迴響