Hack the Box — Dancing (SMB) Solution

·

2 min read

Hello Everyone !!!

I will cover solution steps of the “Dancing” machine, which is part of the ‘Starting Point’ labs and has a difficulty rating of ‘Very Easy’.

DO whatever you want to connect to the lab 1) openvpn or 2) pwnbox virtual machine .use anything you want to use

open the terminal and perfom the nmap scan with the given ip of the lab nmap [ip]

upon complete scan of nmap we will get to see some output use any command you want to use whether -sv or normal command

here we get to know about the port .here we focus on 445 port as it is smb port

next use smb client to get the information smb -L [target ip]

this will list the available shares

Now we will try to connect to each of the shares (except IPC$) using our local machine’s username and a blank password.

On trying ADMIN$ and C$ using the following command:

smbclient \\\\{target_ip}\\{share_name}

6 shares.png

We get an error saying we don’t have the permission to access it.

Now, let’s try to log in to the custom WorkShares SMB share. Since this is human made, we might get lucky and gain access to the share.

7 logged in.png

🥳

Bingo! We got logged in.

We can use the help command to see what we can do in this shell.

8 smb help.png

9 smb list files.png

On typing the ls command, we can see that there are two files, Amy.J and James.P. The Amy.J directory contains a file called worknotes.txt and James.P contains a file called flag.txt, both can be downloaded using get command.

10 smb get files.png

After downloading both files, we can type exit and come out of the smb shell and check the downloaded files in the current directory of our local machine.

11 list files.png

The worknotes.txt file contains other services that could be exploited, in our case this is just a proof of concept. So, we will not need this file

The flag.txt file contains the flag for this machine. Copy the flag and paste it into the Starting Point lab’s page to complete your task.

12 submit flag.png

Congrats, you have just pwned Dancing!

👏