Hack the Box – Dancing

# Information:

Platform Name: Hack the Box

Machine Challenge: Dancing

Machine Status: Starting Point

Challenge Level: Very Easy

# Used Tools:

  • Windows
  • nmap
  • smb
  • terminal
  • cat
  • get

# Challenge Description:

This challenge has a list of questions that need to be answered in order to retrieve the flag. We will answer every question.

# Writeup:

Task 1:

What does the 3-letter acronym SMB stand for?

Answer: The 3-letter acronym SMB stand for Server Message Block. SMB is a client-server protocol that is used to share the access of files, and others, (Sheldon, R, & Scarpati, J., 2021).


Task 2:

What port does SMB use to operate at?

Answer: SMB operate at port 445.


Task 3:

What is the service name for port 445 that came up in our Nmap scan?

Answer: The service name for port 445 that came up in our Nmap scan is microsoft-ds.

In this task I performed an nmap scan and you can see, in image 1, what ports were open and the services running on them.

Image 1

Task 4:

What is the ‘flag’ or ‘switch’ that we can use with the smbclient utility to ‘list’ the available shares on Dancing?

Answer: To list the available shares on Dancing, we can use the ‘switch’ -L.

I did a bit of research and discovered that the command that I could use to list the available shares was the following:

smbclient -L \\\\<your_IP_here>

You can see this in image 2.

image 2

Note: You can see more about switches here. And if you want to know more about the fully command you can visit this page.


Task 5:

How many shares are there on Dancing?

Answer: In image 2 you can see that Dancing as 4 shares.


Task 6:

What is the name of the share we are able to access in the end with a blank password?

Answer: After trial error, the one that I was able to access in the end with a blank password was WorkShares.

So, I tried to access WorkShares with the following command:

smbclient \\\\<your_IP_here>\\WorkShares

You can see this in image 3.

Image 3

In image 3 you can see that I used the command ls to list the contents of WorkShares and we had 2 directories names Amy . J and James . P.

To see what was inside of this two directories I used the command cd.

There was nothing interesting inside of Amy directory. So, I changed to James directory. I listed the contents and there it was the flag.


Task 7:

What is the command we can use within the SMB shell to download the files we find?

Answer: The command to download files is get. We can use it like so:

get flag.txt

Image 4

Submit root flag:

I went to the directory to where I downloaded the flag and read it’s content with the following command:

cat flag.txt

Image 5

The flag is:

Show flag
5f61c10dffbc77a704d76016a22f1664


Bibliography:

  • Sheldon, R, & Scarpati, J., 2021. Server Message Block protocol (SMB protocol). Accessed in September, 2023, on: https://www.techtarget.com/searchnetworking/definition/Server-Message-Block-Protocol

Thank you very much for reading!

Cheers,

SoBatista


Leave a Reply

Your email address will not be published. Required fields are marked *