In this video walkthrough I'm going to demonstrate another vulnerable machine from hackthebox.eu.
For those of you who don't know, HackTheBox is a platform where cyber-security professionals can grow their defensive and offensive security skills in a safe and legal environment. They provide machines that vulnerable to different services and exploits.
This particular machine, was an easy one. As per the name suggests, it was kindof lame indeed :). So, after the initial enumeration and reconnaissance, the attack vector seemed pretty obvious: the Samba service.
Using the exploit "usermap script", this allowed remote root access on the server. This makes these servers running an outdated Samba very vulnerable for attacks. So, this should not be allowed under any type of scenario because leakage of important information can occur.
Anyhow, this was just running a couple of commands to pwn this machine. Lame was, in my view, one of the easiest to deal with. However, the really complex machines from hackthebox can take days and tremendous patience to pwn them. We'll be looking into them in future posts. For now, watch the walkthrough and leave with this message: If you use Samba on your machines, make sure you're up to date!
To stay in touch with me, follow @cristi
Cristi Vlad Self-Experimenter and Author