Hack The Box: Lame

This assumes the following:

  1. You’ve flashed Kali Linux/ParrotOS to a flash drive
  2. Installed/Livebooted Kali Linux/ParrotOS on your machine

Getting Started:

  1. In a terminal window, enter the following command: “sudo openvpn username.ovpn” where username.ovpn is the case sensitive name of your connection pack file.
  2. Login to your HackTheBox account here: www.hackthebox.eu/login
  3. Click the “Machines” tab under the Labs header and select All
  4. Select “Retired Machines” , find the machine labeled Lame, and click the the play button under the “Actions” header.
  5. Click the Lame machine link under the “Name” header. This should take you to a page with details about the machine
  6. Write down the Machine’s IP address in your notes, which should be in the form 10.x.x.x
  7. Back under the “Labs” header, click Access
  8. Copy your HTB Network IPv4 ip address in the form of 10.x.x.x in the HTB Lab Access Details box

Preliminary:

  1. Check the URL of the box you’re trying to root, in this case Lame.
  2. Enter the Machine’s IP address from your notes into your browser.
  3. In this instance, it returns nothing, but it’s always good practice to check.

Scanning:

  1. In a terminal window, enter the following command: “sudo nmap -v4 -sS --script vuln -p- -Pn -oN ~/Desktop/LameNMAPSS.txt 10.x.x.x” where 10.x.x.x is the Machine’s IP from your notes. This will run a SYN scan and write files named LameNMAPSS.txt to your desktop that contains the results. For more details visit the NMAP port scanning techniques & version detection page here and here.
  2. In another terminal tab or window, enter the following command:“sudo nmap -v4 -sV -p- -Pn -oN ~/Desktop/LameNMAPSV.txt 10.x.x.x” where 10.x.x.x is the Machine’s IP from your notes. This will run a version detection and write a file named LameNMAPSV.txt to your desktop.

Metasploit:

  1. In a new terminal window or tab, enter the following command: “sudo service postgresql start”
  2. If you haven’t initialized the MSF database, enter the following command in the same terminal window: “sudo msfdb init”
  3. Finally, start Metasploit by entering the following command: “msfconsole”

Finding The Flag: User

Finding The User: Root

  1. Now let’s background this session by using the “ctrl+z” command in the terminal. When it asks to background a session, just enter “y”.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store