Academy SMB footprinting (module/112/section/1067)

RUAH · October 28, 2022, 7:55am

Hi!

On the last 2 questions I’m struggling:

Find additional information about the specific share we found previously and submit the customized version of that specific share as the answer.
What is the full system path of that specific share?

I tried smbclient, rpcclient, nmap and enum4linux-ng on the target. I couldn’t find “additional information” that could lead to a “customized version of that specific share”. Maybe I don’t get the question… With the help of enum4linux-ng I found out that there are 2 possibilities to log in - as an anonymous user and as “xxxx” user with pas “”.

I tried to log in as that user (the name changes with every ip refresh) with no pass (as described) and it doesn’t work.

rpcclient -U xxxx ‘ip address’

rpcclient -U frmfmxzo 10.129.202.5
Enter WORKGROUP\frmfmxzo’s password:
Bad SMB2 signature for message
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 … …
[0000] CE F5 68 A0 FB AF DD 5E BC 7D EB 95 75 1B 43 22 …h…^ .}…u.C"

If anybody can help me understand the last 2 questions, I would be grateful.
Thank you!

RUAH · October 29, 2022, 7:42pm

It was SOLVED.

garr3ttmj · February 10, 2023, 11:45pm

I am having the same issue. How did you solved it?

koleademola · March 28, 2023, 11:52am

are.

koleademola · March 30, 2023, 8:09pm

pcclient $> netsharegetinfo sambashare
netname: sambashare
remark: InFreight SMB v3.1
path: C:\home\sambauser
password:
type: 0x0
perms: 0
max_uses: -1
num_uses: 1
the answer is InFreight SMB v3.1

koleademola · March 30, 2023, 8:13pm

for the systempath:

ertaku · September 20, 2023, 3:56pm

Thank you