[HackTheBox]Lame

Siddharth Johri

Oct 6, 2021

So lets start HTB TJNull’s list with this.

Reconnaissance:

Initial scan

Initial impression gives three possible public CVEs that might give us a foothold. Namely:

vsftpd
samba
distccd

Enumeration:

Practically useless ftp

We can put stuff there, but not really useful stuff available here

This code gives us a distcc exploit which gives us a reverse shell as daemon.

Foothold:

After a super long time trying to look for a privilege escalation route, I decided to go back and see if ftp and samba services give me access as some other user.

FTP exploit didn’t work.

Damn. This worked, lets see what user we are.

Woah!!

PWNED!!!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Siddharth Johri

To hack the world, first you need to make coffee

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Recommended from Medium

Jeff Bezos Says the 1-Hour Rule Makes Him Smarter. New Neuroscience Says He’s Right

Jessica Stillman

Jeff Bezos Says the 1-Hour Rule Makes Him Smarter. New Neuroscience Says He’s Right

Jeff Bezos’s morning routine has long included the one-hour rule. New neuroscience says yours probably should too.

Oct 30, 2024

This Is How Tesla Will Die

In

Predict

by

Will Lockett

This Is How Tesla Will Die

The vultures are circling the tech giant.

5d ago

Lists

Staff picks

826 stories1649 saves

Stories to Help You Level-Up at Work

19 stories948 saves

Self-Improvement 101

20 stories3355 saves

Productivity 101

20 stories2818 saves

I Pretended to Be a Man on a Dating Site — And I Hate What I Discovered

Ginger

I Pretended to Be a Man on a Dating Site — And I Hate What I Discovered

As a 23-year-old woman fascinated by human behavior (and, let’s be honest, sometimes just bored and curious), I decided to conduct a…

Mar 2

The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

In

Level Up Coding

by

Jacob Bennett

The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

Tools I use that are cheaper than Netflix

Jan 7

How I Am Using a Lifetime 100% Free Server

Harendra

How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

Oct 26, 2024

I used OpenAI’s o1 model to develop a trading strategy. It is DESTROYING the market

In

DataDrivenInvestor

by

Austin Starks

I used OpenAI’s o1 model to develop a trading strategy. It is DESTROYING the market

It literally took one try. I was shocked.

Sep 15, 2024

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams