This is a simple walkthrough for completing the Dancing target machine in Hackthebox.com.
Question: What does the 3-letter acronym SMB stand for?
Answer: Server Message Block
Question: What port does SMB use to operate at?
Question: What network communication model does SMB use, architecturally speaking?
Answer: Client-Server Model
Question: What is the service name for port 445 that came up in our nmap scan?
Question: What is the tool we use to connect to SMB shares from our Linux distribution?
Question: What is the ‘flag’ or ‘switch’ we can use with the SMB tool to ‘list’ the contents of the share?
Question: What is the name of the share we are able to access in the end?
Question: What is the command we can use within the SMB shell to download the files we find?
Since we already know we can connect to this SMB share through port 445, lets try to access the shares. The first thing we can do is to go through each share to see if any of them are available without a password by just pressing the ‘ENTER’ key on your keyboard when prompted to enter a password.
As you can see from the screenshot above, the share named workshares gives us access to the contents without a password. In this share, there are two directories that stand out, which include Amy.J and James.P.
You can search these files with the ls command to show their content inside the directory. To navigate inside the folder, use the cd command as shown in the screenshot below.
To download the file, use the get command followed by the file name as shown below.
The flag.txt file will be downloaded to your home folder.
smb: \> h ls dir lcd cd pwd get mget put mput rename more mask del rm mkdir md rmdir rd prompt recurse translate lowercase print printmode queue cancel stat quit q exit newer archive tar blocksize tarmode setmode help ? ! smb: \>