TryHackMe Network Services Walkthrough SMB Part 1/3

Task 1 Get Connected

Questions

• Ready? Let’s get going! – No answer needed, carry on.

Task 2 Understanding SMB

• What does SMB stand for? – Server Message Block
• What type of protocol is SMB? – response-request
• What do clients connect to servers using? – TCP/IP
• What systems does Samba run on? – Unix

Task 3 Enumerating SMB

Run nmap scan.

Run enum4linux scan.

Questions:

• Conduct an nmap scan of your choosing, How many ports are open? – 3
• What ports is SMB running on? – 139/445
• Let’s get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? – WORKGROUP
• What comes up as the name of the machine? – POLOSMB
• What operating system version is running? – 6.1
• What share sticks out as something we might want to investigate? – profiles

Task 4 Exploiting SMB

Connect using smbclient:

Use the more command, don’t forget the quotations!

Use get to copy the id_rsa file from the server to your machine:

Questions:

• What would be the correct syntax to access an SMB share called “secret” as user “suit” on a machine with the IP 10.10.10.2 on the default port? – smbclient //10.10.10.2/secret -U suit -p 445
• Great! Now you’ve got a hang of the syntax, let’s have a go at trying to exploit this vulnerability. You have a list of users, the name of the share (smb) and a suspected vulnerability. – No answer needed.
• Does the share allow anonymous access? Y/N? – Y
• Great! Have a look around for any interesting documents that could contain valuable information. Who can we assume this profile folder belongs to? – John Cactus
• What service has been configured to allow him to work from home? – ssh
• Okay! Now we know this, what directory on the share should we look in? – .ssh
• This directory contains authentication keys that allow a user to authenticate themselves on, and then access, a server. Which of these keys is most useful to us? – id_rsa
• What is the smb.txt flag? – THM{***********}

This is Day 40 of #100DaysOfHacking, subscribe to my newsletter to see the CyberSec journey! If you like, follow the Learning Path for yourself, happy hacking.