Help With Metasploit not working with Lame

kab224 · October 31, 2020, 10:48pm

Hi everyone,
Thank your for taking your time to help. i am working on the Lame box and I can ping and nmap the box and that leads to a samba exploit. when i load up metasploit and use exploit/multi/samba/usermap_script. once i do that it wants me to specify a payload. Ive seen someone sucesfully use cmd/unix/reverse so I used that one. I am sonnect to the vpn and using tun0 as my lhost. I set my rhost as the machine ip and the rport to 139. when I run this it says “Exploit completed, but no session was created.” I feel like i have tried everything and it never works. I have disabled my ufw, I’ve messed with a ton of the options and tried different kinds of payloads. I feel like a bit of a failure cuz I’m stumped on this one and its supposed to be so easy. I am a US based vip + member. Does anyone have any advise?
Thank you
K

LPettay · November 1, 2020, 1:56am

I experienced the same today… The version of SMB coming back is not the same version as what I see in the guides. This version doesn’t seem to be vulnerable to the same exploit. What the ■■■■! I even tried a different avenue by pwning user through another service but wasn’t able to get a privesc working.

I wonder if the box has been changed recently? Is that a thing? If so, why?

dldbstjd123 · November 1, 2020, 5:08am

I am having same issue,

the samba version of the nmap result is 3.0.28a.
All the guides, walkthrough shows that it is 3.0.20. I thought someone else in the network exploited that machine and updated samba version so I have even reseted machine from HTB machine page, but it is still 3.0.28a.

I am really new to this cyber security sector and bit confused.

kab224 · November 1, 2020, 6:10am

Thanks for the replies! I think that the different version might have to do with it. I’m going to try that same route but using a python script. If that doesn’t work its probably the version of samba, but if it does work then we might be doing something wrong in metasploit. I have been reading around and it seems like a lot of people avoid metasploit and recommend against it if you are going for your OSCP. Best of luck ya’ll!

sigma4 · November 2, 2020, 1:41am

lol I tough it was just me, but obviously something is wrong with this machine I wasn’t able to privesc either this box is not working at all , and just for the record I had to reboot a few times because the reverse shell wasn’t responding .

sebsebv · November 2, 2020, 2:12pm

There are another exploits on distccd and ftp, try more.
but i have another issue… i can’t submit both user flag and root flag…

LPettay · November 4, 2020, 5:19pm

I got in touch support about this, the version was indeed wrong. It’s been patched back to 3.0.20. Or should I say unpatched.

rumcajz · August 7, 2022, 7:08am

Apologies to resurrecting an old thread just for sharing my experience.
I’ve got the same issue up to the RHOST, RPORT and LHOST were not set up properly.