URL : https://app.hackthebox.eu/machines/Lame

IP : 10.129.197.50

Info gathering

• Port Scanning
  • 
    • 21,22,139,445,3632
  • 
    • Anonymous FTP
    • SMB
    • 3632 Port distccd

File Protocol

• Try anonymous login FTP
  • 
  • It’s empty
• Try anonymous login SMB
  • 
  • There are tmp and opt folder
  • Access tmp folder
    • 
    • 
      • Download all file

Exploit Distccd

• Distccd_rce_CVE-2004-2687
  • https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855
  • 
• Run Reverse shell
  • 
  • 
• Get User Flag
  • 

Privilege escalation

• Run LinPEAS
  • 
    • NFS Exploit?
  • 
    • Eterm SGID Binary?
  • 
    • nmap SUID !!
• Nmap GTFOBins
  • Shell (2) Interactive shell
    • https://gtfobins.github.io/gtfobins/nmap/#suid
    • nmap --interactive
    • nmap> !sh
  • 
• Get Root Flag
  •