[HackTheBox]Lame

So lets start HTB TJNull’s list with this.

Reconnaissance:

Initial scan

Initial impression gives three possible public CVEs that might give us a foothold. Namely:

• vsftpd
• samba
• distccd

Enumeration:

Practically useless ftp

We can put stuff there, but not really useful stuff available here

This code gives us a distcc exploit which gives us a reverse shell as daemon.

Foothold:

After a super long time trying to look for a privilege escalation route, I decided to go back and see if ftp and samba services give me access as some other user.

FTP exploit didn’t work.

Damn. This worked, lets see what user we are.

Woah!!

PWNED!!!