Machine : Lame|Trying to understand how it works

400400
edited October 2019 in Machines

Hello everybody! i am new with the penetrations testing subject , but i fell With complete love with it , and i cant stop exploring and getting more and More into it , because i find it so much fun i bought the VIP sessions,
Now i have decided to start all over from scratch , and try to reverse analyse each Of the retired machines (from easy to insane starting with the easiest)
Now here comes the deal , i don`t understand how he picked out of all of The output gained from this machine the specific CVE and knew how to use It.
By any common scan i run i can find a least 5 vulnerabilities with CVE Number or MS number but when i search for the specif exploit i get noting ,
I scanned Lame machine for more vulnerabilities and found some im
For instance i found CVE-2010-4478 on port 22 (its SSH with CVE number Suppose to be gold)
Attaching pic :

https://imgur.com/IH8JbKa

So i made a quick research and got to rapid7 (i take them as a reliable Source)
https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-4478

Now comes the part i start to get annoyed , why from the outside it looks like The promised land , BUT when i get inside there is NOTHING useful in there
At all , but i never give up so i tried to look for another vulnerability beacuse There was nothing i already know the right exploit here was ms08-067,
So i went to look if there is any more known "ms" vulnerability
Guess what, i found there is! so i did the whole thing all over , and again got Into useless information, (just to rest my case im adding one more pic of it)
https://imgur.com/a/y7P2wJw

How did any of you knew what exploit to try and how?
It kills my mind i want to be good at it

Thank you for your time
Have a great day
400,

Comments

  • The samba version is clearly vulnerable here. This particular version, samba 3.0.20, is vulnerable to RCE. You could tell that by running searchsploit samba 3.0.20 and getting the resulting exploit.

    From there, one can obtain the exploit by navigating to its associated github page and cloning it from there. Some prerequisite packages may need installed beforehand –– once this is completed, run the script with python and it will output its intended usage syntax.

    Follow the outputted syntax, and you should be able to obtain a root shell directly after running the exploit with an open listener in the background.

    Hope this helps!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

Sign In to comment.