📦
HTB
  • Machines
    • Starting Point Machines
      • Tier 0 Machines
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1 Machines
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2 Machines
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Easy Machines
      • Nibbles
      • Stocker
      • Lame
        • Findings
        • Recon
          • NMAP
          • FTP
          • SSH
          • SMB Client
        • Exploitation
          • FTP
          • Samba
      • Find the easy Pass
      • Weak RSA
      • Jerry (Windows)
        • Recon
        • Enumeration
        • Vulnerabilities
      • You know 0xDiablos
      • Netmon
      • Blue
      • Precious
      • Optimum
      • Cap
      • Knife
    • Medium Machines
      • Under Construction
  • Getting Started Notes
    • Getting Help
    • SSL/TLS Certificates
    • Tutorial Websites
    • Wayback Machine
    • Wappalyzer
    • Google Hacking/Dorking
    • Blogs
    • Youtube Resources
    • Vulnerable Machines
    • Challenges
    • Parrot
    • Common Terms
    • Common Ports
    • SecLists
    • Shells
    • Enumeration Scripts
    • Escalation
    • Downloading files from Target
    • Knowledge Check
Powered by GitBook
On this page
  1. Machines
  2. Easy Machines
  3. Lame
  4. Exploitation

Samba

PreviousFTPNextFind the easy Pass

Last updated 2 years ago

  • I first started by searching for exploits on Samba smbd 3.0.20-Debian.

  • It looks like and contain information for exploiting this.

  • I'll give the metasploit exploit a try out.

  • After starting up the metasploit console, I'll search for Samba related exploits.

search samba

  • I'll use exploit #8 in the list as that is the one that matches up with what I found online on Rapid7

  • I'll then verify the exploit is the correct one.

info

  • It looks like the description matches up with the version I found online.

  • Next is to check the options and set them.

  • Looks like all I need to do is set the RHOSTS to my Host IP. Also check the LHOSTS to make sure it is correct.

set rhosts [Target IP]

  • Then let's run the exploit.

exploit

  • It should be that easy. Redirect to /root to find the root.txt

cat /root/root.txt

The root flag is: 47b8ec8b36d966e1cde25938161b5334

exploit DB
metasploit