Difficulty: ♦
Tags: Network | Protocols | SMB | Reconnaissance | Anonymous/Guest Access
Description: This will go aims to exploit a misconfigured SMB share. Nonetheless, an easy box but one that may seem complicated if you don’t know how to use the smbclient command
TASK 1
What does the 3-letter acronym SMB stand for?****** ******* ****k
- Server Message Block
TASK 2
What port does SMB use to operate at?***
- 445
TASK 3
What is the service name for port 445 that came up in our Nmap scan?*********-*s
- microsoft-ds
nmap -A <Target.Machine.Address>
OR
nmap -sV <Target.Machine.Address>
in the wild these options more than likely wouldn’t work.
TASK 4
What is the ‘flag’ or ‘switch’ we can use with the SMB tool to ‘list’ the contents of the share?**
- -L
TASK 5
How many shares are there on Dancing?*
- 4
Comand: smbcleint -L \\<Tagert.Machine.IP>
TASK 6
What is the name of the share we are able to access in the end with a blank password?*********s
- Workshares
Note in the snippet bellow how i tried to access each share until i was able spawn a shell
TASK 7
What is the command we can use within the SMB shell to download the files we find?***
- get
SUBMIT FLAG
Submit root flag********************************
- 5f61c10dffbc77a704d76016a22f1664
@ at your terminal
ls
cat flag.txt
