Enumeration
As usual let's start with nmap:
nmap -sV -sC IPReplace IP by the IP of your target machine (Tactics)
The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.
We get the error message "The hosts seems down".
Let's try to ping it to make sure:
ping IP
OK the ping tells us that it is well and truly alive.
Press Ctrl C to stop the ping from running over and over again
Perhaps, a firewall is blocking our nmap. Let's try -Pn then:
nmap -sC -Pn IP
This time it worked and we can see port 445 is open, which is the SMB port.
Foothold
smbclient -L IP -L : List all available shares on the target
When prompted for password just press enter and see if we can get in with no password.
OK this failed so we probably need to provide a username.
Let's try the username Administrator
smbclient -L IP -U Administrator-U stands for Username
When prompted to enter the password, let's try our luck and just press enter.
It worked! we are in, and can see a list of available shares for us to look at.
Let's look at the C$ share for instance:
smbclient \\\\IP\\C$ -U Administrator
Let's look around using cd and ls:
cd Userslscd Administratorlscd Desktopls
get flag.txt
The command get will automatically download a copy of the file flag.txt to your machine
Now go to your home directory and you can see the flag.txt file has been downloaded to your machine:
Open the file:
Congratulations! You got the flag!