Hack the Box — Dancing (SMB) Solution
Hello Everyone !!!
I will cover solution steps of the “Dancing” machine, which is part of the ‘Starting Point’ labs and has a difficulty rating of ‘Very Easy’.
DO whatever you want to connect to the lab 1) openvpn or 2) pwnbox virtual machine .use anything you want to use
open the terminal and perfom the nmap scan with the given ip of the lab nmap [ip]
upon complete scan of nmap we will get to see some output use any command you want to use whether -sv or normal command
here we get to know about the port .here we focus on 445 port as it is smb port
next use smb client to get the information smb -L [target ip]
this will list the available shares
Now we will try to connect to each of the shares (except IPC$
) using our local machine’s username and a blank password.
On trying ADMIN$
and C$
using the following command:
smbclient \\\\{target_ip}\\{share_name}
We get an error saying we don’t have the permission to access it.
Now, let’s try to log in to the custom WorkShares
SMB share. Since this is human made, we might get lucky and gain access to the share.
Bingo! We got logged in.
We can use the help
command to see what we can do in this shell.
On typing the ls
command, we can see that there are two files, Amy.J
and James.P
. The Amy.J
directory contains a file called worknotes.txt
and James.P
contains a file called flag.txt
, both can be downloaded using get
command.
After downloading both files, we can type exit
and come out of the smb shell and check the downloaded files in the current directory of our local machine.
The worknotes.txt
file contains other services that could be exploited, in our case this is just a proof of concept. So, we will not need this file
The flag.txt
file contains the flag for this machine. Copy the flag and paste it into the Starting Point lab’s page to complete your task.
Congrats, you have just pwned Dancing!