I signed up for VIP and ordered the retired machines by owns, descending. I figured this was a reasonable proxy for difficulty, ignoring the user supplied ratings. That meant the first box was Lame. I have heard of it but I’ve never done it and I don’t know anything about it.
We’ve got FTP, SSH, and SMB on 139/445. It’s a Linux box.
We’ve got anonymous login. It’s VSFTPD 2.3.4 which was a version that got backdoored however some enumeration indicates we don’t have the vulnerable version. We don’t seem to be able to put files and there are no files available on the server. Let’s move on.
Really this is all we’ve got left. We can get some information:
Okay, we have a writeable share. We’ll go with Metasploit, even though I don’t usually: