Task 1 Get Connected


  • Ready? Let’s get going! – No answer needed, carry on.

Offline checklist to track your learning path, become a great hacker and stay on task.

Task 2 Understanding SMB

  • What does SMB stand for? – Server Message Block
  • What type of protocol is SMB? – response-request
  • What do clients connect to servers using? – TCP/IP
  • What systems does Samba run on? – Unix

Task 3 Enumerating SMB

Run nmap scan.


Run enum4linux scan.



  • Conduct an nmap scan of your choosing, How many ports are open? – 3
  • What ports is SMB running on? – 139/445
  • Let’s get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? – WORKGROUP
  • What comes up as the name of the machine? – POLOSMB
  • What operating system version is running? – 6.1
  • What share sticks out as something we might want to investigate? – profiles

Task 4 Exploiting SMB

Connect using smbclient:


Use the more command, don’t forget the quotations!


Use get to copy the id_rsa file from the server to your machine:



  • What would be the correct syntax to access an SMB share called “secret” as user “suit” on a machine with the IP on the default port? – smbclient // -U suit -p 445
  • Great! Now you’ve got a hang of the syntax, let’s have a go at trying to exploit this vulnerability. You have a list of users, the name of the share (smb) and a suspected vulnerability. – No answer needed.
  • Does the share allow anonymous access? Y/N? – Y
  • Great! Have a look around for any interesting documents that could contain valuable information. Who can we assume this profile folder belongs to? – John Cactus
  • What service has been configured to allow him to work from home? – ssh
  • Okay! Now we know this, what directory on the share should we look in? – .ssh
  • This directory contains authentication keys that allow a user to authenticate themselves on, and then access, a server. Which of these keys is most useful to us? – id_rsa
  • What is the smb.txt flag? – THM{***********}

This is Day 40 of #100DaysOfHacking, subscribe to my newsletter to see the CyberSec journey! If you like, follow the Learning Path for yourself, happy hacking.