Machine Name - Lame IP: 10.10.10.3

Nmap Scan Results -> The Open Ports are - 21 ftp - vsftpd 2.3.4 , 22 ssh OpenSSH 4.7p1 Debian 8ununtu1 (protocol 2.0), 139 Netbios-ssn Samba smbd 3.X, 445 Netbios-ssn Samba smbd 3.X, 3632 distccd distccd v1

Ennumerating -> Samba 3.0.20-Debian ftp - vsftpd 2.3.4

Exploits -> https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor multi/samba/usermap_script Metasploit Module

When you pop a shell you can use locate in htb for stuff like root.txt and user.txt

With a popped shell you can also use stuff like etc/passwd and etc/shadow file to get user and password and then use tools like unshadow and then use johntheripper or hashcat to unhash them

Flags-> User -> 69454a937d94f5f0225ea00acd2e84c5 Root -> 92caac3be140ef409e45721348a4e9df