# Tactics ## Initial Scan ```nmap sudo nmap -T4 -Pn -sV -sC -v 10.129.123.121 -oA Tactics ```

## Task 1 Which Nmap switch can we use to enumerate machines when our ping ICMP packets are blocked by the Windows firewall?

Answer: -Pn ## Task 2 What does the 3-letter acronym SMB stand for? Answer: Server Message Block ## Task 3 What port does SMB use to operate at? Answer: 445 ## Task 4 What command line argument do you give to `smbclient` to list available shares?

Answer: -L ## Task 5 What character at the end of a share name indicates it's an administrative share? Answer: $ ## Task 6 Which Administrative share is accessible on the box that allows users to view the whole file system?

Answer: C$ ## Task 7 What command can we use to download the files we find on the SMB Share? Answer: get ## Task 8 Which tool that is part of the Impacket collection can be used to get an interactive shell on the system? Answer: psexec.py ## Task 9 Submit root flag

Answer: f751c19eda8f61ce81827e6930a1f40c