Tactics - A HackTheBox machine
Results:
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: -5s
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 7476/tcp): CLEAN (Timeout)
| Check 2 (port 63095/tcp): CLEAN (Timeout)
| Check 3 (port 16465/udp): CLEAN (Timeout)
| Check 4 (port 43695/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb2-security-mode:
| 311:
|_ Message signing enabled but not required
| smb2-time:
| date: 2023-05-02T10:26:04
|_ start_date: N/A
Interesting part here is
This will allow us to use smbclient share enumeration withouth the need of providing a password when signing into the shared folder. For that we will use a well known user in Windows: Administrator.
Results:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
Flag is located at:
Last update: 2023-05-03 Created: May 2, 2023 17:36:07