Tactics
Initial Scan
sudo nmap -T4 -Pn -sV -sC -v 10.129.123.121 -oA Tactics
Task 1
Which Nmap switch can we use to enumerate machines when our ping ICMP packets are blocked by the Windows firewall?
Answer: -Pn
Task 2
What does the 3-letter acronym SMB stand for?
Answer: Server Message Block
Task 3
What port does SMB use to operate at?
Answer: 445
Task 4
What command line argument do you give to smbclient to list available shares?
Answer: -L
Task 5
What character at the end of a share name indicates it's an administrative share?
Answer: $
Task 6
Which Administrative share is accessible on the box that allows users to view the whole file system?
Answer: C$
Task 7
What command can we use to download the files we find on the SMB Share?
Answer: get
Task 8
Which tool that is part of the Impacket collection can be used to get an interactive shell on the system?
Answer: psexec.py
Task 9
Submit root flag
Answer: f751c19eda8f61ce81827e6930a1f40c
Last updated