Lame is a beginner level machine, requiring only one exploit to obtain root access. It was the first machine published on Hack The Box and was often the first machine for new users prior to its retirement.

First thing we are going to do on this machine is enumerate it using Nmap

Nmap shows that we have port 21 (ftp) open that allows anonymous access. POssible a good starting point.

We also can see 22 (ssh), 139/445 (samba) open. Samba indicates that this is a linux machine. Info possibly needed for later exploitation.

Anonymous login with FTP turned out to be a dead end

Next I tested the vsftpd service. The version is showing 2.3.4

Testing this, I decided to utilize Metasploit

Using the exploit listed (not aux), we can see our options

Attempting to exploit this appears to have failed

Moving on.

Next I checked into Samba. With the Samba versions listed in the nmap scan, there is a good chance the exploit multi/samba/usermap_script would work.

Setting our options and running, we get a shell!

We now just have to navigate to the user.txt file to get our first flag!

To get our root flag, we will def want to upgrade our current shell. Using the shell upgrade module we are able to accomplish this

And we now have the ability to retrieve our root flag!