7 posts tagged with "SMB"

Red Teaming | Enumeration | Summary:​

This room is designed to introduce learners to post-exploitation enumeration techniques within unknown corporate environments.

It covers both Linux and Windows systems, detailing various methods for gathering system information, identifying users, understanding networking configurations, and listing running services.

The room also explores DNS, SMB, and SNMP protocols, along with additional tools like Sysinternals Suite, Process Hacker, and GhostPack Seatbelt, specifically for Windows enumeration.

Summary:​

We spawn a target machine, then perform reconnaissance to gather initial information about its services and vulnerabilities. We identify an SMB vulnerability, which we investigate further by searching for applicable exploits (specifically CVE-2017-0144).

Using this knowledge, we configure an exploit with Metasploit to take advantage of the discovered vulnerability. Next, we verify the vulnerability's presence using Metasploit's capabilities. With the exploit confirmed, we run it against the target machine, leveraging its SMB vulnerability to gain access. We then proceed to grab both the user flag and root flag, ultimately achieving System Own status once these tasks are accomplished.

Machine Name: Blue | Difficulty: Easy | OS: Windows

Summary:​

We start by identifying vulnerabilities through reconnaissance and exploiting a Samba vulnerability (CVE-2007-2447) using Metasploit. We then escalate privileges to achieve root access, retrieving both user and root flags in the process, demonstrating complete control over the system.

Machine Name: Lame | Difficulty: Easy | OS: Linux

Summary:​

This article guides users through completing the Archetype machine challenge on Hack The Box. We exploit vulnerabilities on a Microsoft SQL Server by enumerating SMB shares, finding clear text credentials, and using Impacket to authenticate and gain an authorized connection. We then escalate privileges and download Netcat to establish a reverse shell, grab the user flag, and eventually use Impacket's psexec tool to gain admin access and retrieve the root flag before terminating the connection.

Machine Name: Archetype | Difficulty: Easy | OS: Windows

Summary:​

This walkthrough provides step-by-step guidance on how to solve the Tactics machine challenge on Hack The Box, focusing on completing Tier 1 Starting Point challenges. The guide covers various tasks and techniques using Nmap, SMB protocols, and Impacket tools to ultimately obtain the root flag and "pwn" the target machine.

Machine Name: Tactics | Difficulty: Easy | OS: Windows

Summary:​

This walkthrough outlines the attack vector used to system access on the Responder machine on Hack The Box, where an attacker would exploit the NetBIOS vulnerability to capture NTLMv2 hashes, which are then cracked using John the Ripper to obtain valid credentials. These credentials can be leveraged to ultimately gain access to root flag on the target machine.

Machine Name: Responder | Difficulty: Easy | OS: Windows

Summary:​

This article guides users through completing the Dancing machine challenge on Hack The Box. It covers tasks related to SMB, such as listing shares, accessing shares with a blank password, and downloading files using the SMB shell. The final step is to find and submit the root flag.

Machine Name: Dancing | Difficulty: Easy | OS: Windows