Hey everybody, having some trouble with Lame.
After trying for a bit and getting the user flag another way, I read some write ups and they all seem to hinge on finding a public exploit for the specific version of “Brazilian dance” you find during a scan. However, my scans only provide a range of possible versions for both relevant ports (3.X - 4.X). I’ve tried updating and running nmap a few different ways, and connecting with a client with no credentials and watching the traffic (couldn’t connect).
Now having read write ups I know the exploit to use, but I don’t see how I could arrive at such an exploit with the information I have - the write ups showed scans yielding a specific version. I’m wondering if something with the machine or service has changed to not give up its version. I tried scanning both from my VM and from HTB pwnbox so I don’t think its a config issue on my end, but who knows.
I can give more details, just didn’t want to spoil anything.