Help With Metasploit not working with Lame

edited October 2020 in Machines

Hi everyone,
Thank your for taking your time to help. i am working on the Lame box and I can ping and nmap the box and that leads to a samba exploit. when i load up metasploit and use exploit/multi/samba/usermap_script. once i do that it wants me to specify a payload. Ive seen someone sucesfully use cmd/unix/reverse so I used that one. I am sonnect to the vpn and using tun0 as my lhost. I set my rhost as the machine ip and the rport to 139. when I run this it says "Exploit completed, but no session was created." I feel like i have tried everything and it never works. I have disabled my ufw, I've messed with a ton of the options and tried different kinds of payloads. I feel like a bit of a failure cuz I'm stumped on this one and its supposed to be so easy. I am a US based vip + member. Does anyone have any advise?
Thank you
K

Comments

  • edited November 2020

    I experienced the same today... The version of SMB coming back is not the same version as what I see in the guides. This version doesn't seem to be vulnerable to the same exploit. What the hell! I even tried a different avenue by pwning user through another service but wasn't able to get a privesc working.

    I wonder if the box has been changed recently? Is that a thing? If so, why?

  • I am having same issue,

    the samba version of the nmap result is 3.0.28a.
    All the guides, walkthrough shows that it is 3.0.20. I thought someone else in the network exploited that machine and updated samba version so I have even reseted machine from HTB machine page, but it is still 3.0.28a.

    I am really new to this cyber security sector and bit confused.

  • Thanks for the replies! I think that the different version might have to do with it. I'm going to try that same route but using a python script. If that doesn't work its probably the version of samba, but if it does work then we might be doing something wrong in metasploit. I have been reading around and it seems like a lot of people avoid metasploit and recommend against it if you are going for your OSCP. Best of luck ya'll!

  • edited November 2020

    lol I tough it was just me, but obviously something is wrong with this machine I wasn't able to privesc either this box is not working at all , and just for the record I had to reboot a few times because the reverse shell wasn't responding .

  • edited November 2020

    There are another exploits on distccd and ftp, try more.
    but i have another issue.. i can't submit both user flag and root flag...

  • I got in touch support about this, the version was indeed wrong. It's been patched back to 3.0.20. Or should I say unpatched.

Sign In to comment.