Difficulty: Easy (LAME)
Machine Creator: ch4p
Let’s start with an NMAP scan of the server to see what ports are open.
The NMAP results returned 5 open ports lets do a more in-depth scan and see what services are running.
I’ve checked port 21 running vsFTPd 2.3.4, and this was not exploitable. Moving on to port 445 we see samba 3.0.20-Debian.
After checking on Exploit-DB, we can see 2 possible vulnerabilities.
Using Metasploit exploit multi/samba/usermap_script we now have a reverse shell with root.