HackTheBox Lame Walkthrough

                                                 -----               
                                                 /      \              
                                                 )      |              
          :================:                      "    )/              
         /||              ||                      )_ /*                
        / ||    System    ||                          *                
       |  ||     Down     ||                   (=====~*~======)        
        \ || Please wait  ||                  0      \ /       0       
          ==================                //   (====*====)   ||      
   ........... /      \.............       //         *         ||     
   :\        ############            \    ||    (=====*======)  ||     
   : ---------------------------------     V          *          V     
   : |  *   |__________|| ::::::::::  |    o   (======*=======) o      
   \ |      |          ||   .......   |    \\         *         ||     
     --------------------------------- 8   ||   (=====*======)  //     
                                        8   V         *         V      
     --------------------------------- 8   =|=;  (==/ * \==)   =|=     
     \   ###########################  \   / ! \     _ * __    / | \    
      \  +++++++++++++++++++++++++++   \  ! !  !  (__/ \__)  !  !  !   
       \ ++++++++++++++++++++++++++++   \        0 \ \V/ / 0           
        \________________________________\     ()   \o o/   ()         
         *********************************     ()           ()         
                                                                       
                                           EW                          
                                                                       
GET IT ?!?!?! THE GUY IS WAITING FOR THE MACHINE AND HE'S A SKELETON   
BECAUSE HE DIED AND DECAYED HE WAS WAITING SO LONG !!!! STILL DON'T    
GET IT ??? HERE LET ME DRAW A DIAGRAM :::                              
                                                                       
                                         _        _    __  __ _____    
     _____________________________|\    | |      / \  |  \/  | ____|   
    |                               \   | |     / _ \ | |\/| |  _|     
    |_____________________________  /   | |___ / ___ \| |  | | |___    
                                  |/    |_____/_/   \_\_|  |_|_____|   
                                                                    tQn
                                                                       

This box was pretty easy, even easier with using Metasploit.

Don’t go down the rabbit hole with Port 21.
There are some other writeups that use smbclient -L 10.10.10.3 to find an exploit. Back in the day I was able to find the user.txt by connecting //10.10.10.3/tmp using anonymous login, but it seems it has been patched, as now I am receiving an error:
```
protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED
```

1) Scanned and saw that on port 21 you are able to log into the FTP service using anonymous login. Also port 445 Samba smbd service specifies a version on which we will search for vulnerabilties. NMAP

2) Was able to FTP with the anonymous login (press enter for password), after looking through the directories I did not find anything special. FTP

3) Found an exploit for Samba smbd version 3.0.20 - be sure to install the required pysmb depenedencies. https://raw.githubusercontent.com/amriunix/CVE-2007-2447/master/usermap_script.py whoami

4) Ran the usermap_script.py exploit and was able to get a root reverse shell. Found the user.txt and root.txt.

Once connected with a reverse shell and if python is installed on the victim’s machine, you can make the shell interactive with the following command:

python -c 'import pty; pty.spawn("/bin/sh")'

reverseShell
user
root