Lame

Leave a comment

Lame is a fun box which has the nice caveat of a “Red Herring” or rabbit hole. Just because you find a vulnerable version, does not mean it is easily exploitable. Start by scanning the host with nmap.

We have FTP, SSH, and SMB to look into. Note its a Debian OS

Looked into vsftpd exploits and found one in metasploit

Note the versions and message signing, Domain Name, etc.

Tried to exploit with no luck
Time to exploit samba shares
Using metasploit we were able to get a shell!
Access to both directories is allowed

Leave a comment