I signed up for VIP and ordered the retired machines by owns, descending. I figured this was a reasonable proxy for difficulty, ignoring the user supplied ratings. That meant the first box was Lame. I have heard of it but I’ve never done it and I don’t know anything about it.
Ports
We’ve got FTP, SSH, and SMB on 139/445. It’s a Linux box.
FTP
We’ve got anonymous login. It’s VSFTPD 2.3.4 which was a version that got backdoored however some enumeration indicates we don’t have the vulnerable version. We don’t seem to be able to put files and there are no files available on the server. Let’s move on.
SMB
Really this is all we’ve got left. We can get some information:
Okay, we have a writeable share. We’ll go with Metasploit, even though I don’t usually: