# Lame! ## @author : M3tr1c_r00t Lame is a Retired Hack the box Easy Machine  Well, we start by enumarating the Machine:  We see that there is anonymous login but there is nothing important there. There is openssh though we need creds to login. Well, look at the smb Samba 3.0.20 - Debian in the host script discovery. So lets visit our good old friend google and see what goodies are there...  On clicking the samba vulnerabilities page, we can see on the public exploits page of the infosec website that we can use metasploit and try to see if we can gain access to the system  So lets try this... Run metasploit. on metasploit: use exploit/multi/samba/usermap_script then: show options Set the LHOST to the hackthebox machine's IP set RHOSTS to your IP NB :If you dont know your IP, type ifconfig on the terminal then check the inet of tun0 or tun1. Then set the RPORT to the port in which the smb server is open on the htb machine; which in our case according to the nmap scan is 445  After setting all that, type: 'run' or 'exploit'  after a while, type id to confirm the exploit works and you can see that you are root. NB: You can upgrade the shell to a bash shell by typing shell. lets find the user.txt flag cd into /home/makis and you find the user flag.  cd into /root and cat root.txt to get the root flag.  And done! My socials: <br>@ twitter: twitter.com/M3tr1c_root <br>@ instagram: instagram.com/m3tr1c_r00t/