# Dancing

![](https://667808901-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTdW22AGCceN8oUXfdlKI%2Fuploads%2FhqH4b1jxGdz6dlaiglcS%2Fimage.png?alt=media\&token=910e4ddc-c164-43f3-b98e-472269edefb0)

## Task 1

What does the 3-letter acronym SMB stand for? - `Server Message Block`

## Task 2

What port does SMB use to operate at? - `445`

## Task 3

What network communication model does SMB use, architecturally speaking? - `client-server model`

## Task 4

What is the service name for port 445 that came up in our nmap scan? - `microsoft-ds`

## Task 5

What is the tool we use to connect to SMB shares from our Linux distribution? - `smbclient`

## Task 6

What is the `flag` or `switch` we can use with the SMB tool to `list` the contents of the share? - `-L`

Using smbclient -h we can find the flag/switch

![](https://667808901-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTdW22AGCceN8oUXfdlKI%2Fuploads%2FpQg9Pi6hOsJH1tgY6JiA%2Fimage.png?alt=media\&token=bcc866db-2721-4000-8077-4482383b7202)

## Task 7

What is the name of the share we are able to access in the end? - `WorkShares`

Running `smbclient -L (IP)` will list the shares, using a empty password

![](https://667808901-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTdW22AGCceN8oUXfdlKI%2Fuploads%2F79iauZFppE52I2ababMa%2Fimage.png?alt=media\&token=0ba1d900-d97c-47ae-94d9-76df769945ea)

## Task 8

What is the command we can use within the SMB shell to download the files we find? - `get`

## Task 9

Submit root flag - `5f61c10dffbc77a704d76016a22f1664`

First connect to the machine via SMB, `smbclient '\\(IP)\WorkShares'`

![](https://667808901-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTdW22AGCceN8oUXfdlKI%2Fuploads%2FgcGwtt2FKuXJf0WozkUK%2Fimage.png?alt=media\&token=fd68a202-842e-4343-857d-44bca6c1ef2f)

We can see two directories, `Amy.J` and `James.P`, we can ls both directories and see James has our flag. We can `get` our flag.txt and cat it on our machine to see our flag.

![](https://667808901-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTdW22AGCceN8oUXfdlKI%2Fuploads%2F3sIVvEF25w1xjDHoXXgJ%2Fimage.png?alt=media\&token=4b3c81c6-f1cf-4f8b-8ea5-46f0cbf86649)