top of page

Dancing


Enumeration


As usual let's start with nmap:

nmap -sV IP

Replace IP by the IP of the target machine (Dancing)


Note: The IP of our target machine will change all the time, make sure your replace IP in the command below by the target machine's IP. You can find the target's IP directly from your hack the box account.


SMB (Server Message Block) is used to provide shared access to files between endpoints on a network. Port 445 is usually associated with SMB. A SMB-enabled storage on a network is called a share. The share can be accessed by anyone with the address of the server and the credentials to access it.

Let's list the shares available on the server using:

smbclient -L 10.129.1.12

-L is used to list all the shares available

SMB authentication always require a username. If you don't specify one, it will use your VM username as default.

We do not know the password. Let's try our luck and just press enter

We can see 4 shares available!


Foothold


Let's try to connect to the first share called ADMIN$ using:

smbclient \\\\10.129.1.12\\ADMIN$S

Since we don't know the password, when prompted for a password, let's try our luck and just press enter

Ok it didn't work, access is Denied


Let's move on to the share C$

smbclient \\\\10.129.1.12\\C$

Access is denied.


Let's move on to the share Workshares

smbclient \\\\10.129.1.12\\WorkShares

When prompted for the password, just press enter

We got in! Looks like this was misconfigured, allowing us to login without credentials!



Let's list the files in the current directory using:

ls

There are 2 folders. One called Amy.J and one called James.P


Let's first check the folder Amy.J using the change directory command cd:

cd Amy.J
ls

There is a file called worknotes.txt

Let's download this file onto our VM using the get command:

get worknotes.txt

Now go to your home directory on your VM and the file worknotes.txt should be there


Open the file worknotes.txt

Ok that's not super helpful. Let's keep looking.


Let's get out of Amy.J directory by typing:

cd ..

Now list the files in this directory again using:

ls

Now let's check James.P directory:

cd James.P
ls

That's more interesting! There is a file called flag.txt

Let's download this file onto our VM using the get command:

get flag.txt

Now open your home directory on your VM and the file flag.txt should be there:

Open flag.txt


Congratulations! You got the flag!



6,151 views0 comments

Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page