Tactics

Initial Scan

sudo nmap -T4 -Pn -sV -sC -v 10.129.123.121 -oA Tactics

Task 1

Which Nmap switch can we use to enumerate machines when our ping ICMP packets are blocked by the Windows firewall?

Answer: -Pn

Task 2

What does the 3-letter acronym SMB stand for?

Answer: Server Message Block

Task 3

What port does SMB use to operate at?

Answer: 445

Task 4

What command line argument do you give to smbclient to list available shares?

Answer: -L

Task 5

What character at the end of a share name indicates it's an administrative share?

Answer: $

Task 6

Which Administrative share is accessible on the box that allows users to view the whole file system?

Answer: C$

Task 7

What command can we use to download the files we find on the SMB Share?

Answer: get

Task 8

Which tool that is part of the Impacket collection can be used to get an interactive shell on the system?

Answer: psexec.py

Task 9

Submit root flag

Answer: f751c19eda8f61ce81827e6930a1f40c