Hacking Insights by Max Bautista

10.129.1.12

Task 1 –  What does the 3-letter acronym SMB stand for?

Previous knowledge

A: Server Message Block

Task 2 – What port does SMB use to operate at?

A: 445

Task 3 – What is the service name for port 445 that came up in our Nmap scan? 

Definitely don’t know this off the top of my head so I’ll scan it.

A: microsoft-ds

Task 4 – What is the ‘flag’ or ‘switch’ that we can use with the smbclient utility to ‘list’ the available shares on Dancing?

Back to some previous knowledge of already using these tools. Just remember though this switch needs to exist before the IP for it to work properly. That took me a bit to realize that I was messing up my commands.

Hitting enter twice I was able to log in anonymously.

A: -L

Task 5 – How many shares are there on Dancing?

A: 4

Task 6 – What is the name of the share we are able to access in the end with a blank password?

A: WorkShares

Task 7 – What is the command we can use within the SMB shell to download the files we find?

A: get

Submit Flag: 

Connected anonymously to this share and there are two directories in there.

Enumerated the directories and found a flag.txt and worknotes.txt.

 Using “”get”” I downloaded both files on my device and read them.

A: 5f61c10dffbc77a704d76016a22f1664