This was in the list of my VMs to pop, and a colleague was in the middle of cracking this so we decided to offer our help and managed to completed it. I decided to do it again at home to further sharpen my blade.
The more time I invest in this, the more I get better!!
Took ages for me to set up the machine as it faced a lot of problems. I ended up disabling Audio / USB /Turning my advance settings for network card to PCnet and it worked perfectly.
NMAP scan gives me a couple of ports that are opened which looks interesting. Source tells me that when we see a Samba Port opened (139) we should immediately have a look at it. This was the first time doing a Samba port, so it was interesting because I didn’t understand a couple of things.
I immediately typed in searchsploit samba to see if there are any exploits that i could use for samba. Firstly I didn’t find the version so I was going in blind. So I should actually try to enumerate the version.
It gave me a list of exploits to use, but what we chose is below
To use this, I typed in cp /usr/share/exploitdb/platforms/multiple/remote/10.c
This copies the file from the above directory in my current folder. All these files are stored locally and searchsploit searches the database for these exploits.
After this, I compile the exploit by typing in gcc 10.c -o exploit. This compiles the exploit and directs it to an output file called exploit
I typed in ./exploit -bv 192.168.56.3. This brute forces and uses the verbose option on the victim IP.
Managed to get root!