好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户已经提供了文章的详细内容,我需要先通读一遍,理解主要信息。 这篇文章讲的是一个叫做Lame的Hack The Box(HTB)靶机的渗透测试过程。作者使用了ping、nmap、Metasploit和SearchSploit这些工具。首先进行信息收集,通过ping确认靶机可达,然后用nmap扫描发现开放端口21(FTP)、22(SSH)、139和445(Samba)。接着用SearchSploit查找漏洞,发现Samba版本3.0.20存在username map script漏洞。利用Metasploit的exploit/multi/samba/usermap_script模块成功获取root权限,并拿到flag。 用户的要求是总结内容,不超过100字,不需要特定开头。所以我要提炼关键点:靶机名称、使用的工具、发现的漏洞、利用过程和结果。 现在组织语言:Lame靶机使用ping、nmap、Metasploit和SearchSploit进行渗透测试。通过扫描发现Samba漏洞,利用该漏洞获取root权限并获得flag。 检查字数是否在限制内,并确保信息准确无误。 </think> 文章描述了通过使用ping、nmap、Metasploit和SearchSploit等工具对Lame靶机进行渗透测试的过程。首先进行信息收集,发现开放端口并利用Samba漏洞获取root权限,最终获得flag。 2026-3-18 04:5:28 Author: infosecwriteups.com(查看原文) 阅读量:5 收藏
Press enter or click to view image in full size
Lame box was relatively an easy box, it’s considered one of the easiest boxes on HTB and was launched in the beginning of HTB.
Tools we are gonna use in this box are :
ping
Nmap
Metasploit
SearchSploit
Starting with Any box and any penetration testing procedure we start with information gathering.
Information gathering : is as the title states it’s the process of hunting and scanning the target and gathering as much information as possible for future exploitation and penetration it’s vital step and crucial in every hacking flow.
PHASE #1 of the ATTACK: Info Gathering.
Lets first try if we can reach the box and communicate.
First of all lets ping the box with ping tool
Press enter or click to view image in full size
lets start with nmap scan :
nmap -sV -O -F — version-light 10.10.10.3
- sV — Service / Version Detection : Probe open ports to determine service/version info
- -O — OS Detection : Enable OS detection
- -F Fast Mode: Scan fewer ports than the default scan
Press enter or click to view image in full size
By looking at the scan above we find multiple could-be vulnerable services that are worth checking out.
Open Ports
21 FTP
22 SSH
Get Cyb0rgBytes’s stories in your inbox
Join Medium for free to get updates from this writer.
139 SAMBA netbios-ssn
445 SAMBA netbios-ssn
PHASE #2 of the ATTACK : Looking for vulnerable services to exploit.
Vulnerable services :
In this section we are gonna use Searchsploit for searching for vulnerabilites and exploits for the first open service and port 21 FTP
Lets use SearchSploit to search for the version :
Press enter or click to view image in full size
Samba 3.0.20 has “username map script” vulnerability. Let us use this vulnerability to exploit this machine.
PHASE #3 of the ATTACK : exploiting Samba vulnerability we found
The vulnerability states thats module exploits a command execution vulnerability in Samba
versions 3.0.20 through 3.0.25rc3 when using the non-default
“username map script” configuration option. By specifying a username
containing shell meta characters, attackers can execute arbitrary
commands. No authentication is needed to exploit this vulnerability
since this option is used to map usernames prior to authentication!
Press enter or click to view image in full size
By using Metasploit we can search for either CVE or services and their corresponding vulnerabilities and exploits.
msf5 > use exploit/multi/samba/usermap_script
Press enter or click to view image in full size
Press enter or click to view image in full size
Lets check who are we on the system.
Press enter or click to view image in full size
We directly got root from one exploit that’s pretty damn easy.
Lets get the flag and run away
Press enter or click to view image in full size
Now user!
Press enter or click to view image in full size
Conclusion:
The box was relatively old and easy, that didn’t take much effort until next time tune in for more !
Thanks for Reading.
如有侵权请联系:admin#unsafe.sh