ATTACKING COMMON SERVICES - Attacking SMB

Hello, guys!
I’m having trouble in the final question of this module, I already found jason’s password and now it asks me to connect to ssh and retrieve the flag.txt. However, when I try to connect to it, like I did for the topic before (Attacking FTP), I get a “Permission denied (publickey)” message.
I also found a id_rsa key in the smb attack, but it is empty

I actually managed to do it right now, I was typing ''GGJ\id_rsa" instead of “.\GGJ\id_rsa” in the --download flag and somehow it was downloading an empty file

Not sure whether you still need any advice on this box, but I guess it might still be helpful for others who come in the future :slight_smile:

  1. Check which door does the password fit into. The way to use the keys might not be as direct as in Attacking FTP.
  2. once you have the correct password, you can download the file with corresponding username. The format could be a little tricky but I believe you can find your way in a few attempts. (in fact, the material gives very nice examples)
  3. Empty file means that the download is not successful. If the file is successfully downloaded, it gives a pretty delightful sign as shown in the material.
  4. you might need to look around on the internet or other modules for the last step to completion. There are plenty of tutorials out there that shows how to use the “thing” you got correctly. Once you figured out what to do, you’ll find that it’s actually kind of straight forward.

Hope this helps and have a nice day!!! :stuck_out_tongue_closed_eyes:

I am stuck here probably because I am a morron.
I want to find out Jason his password, but when I try to do it with crackmapexec every username and password combination i use is correct. I believe this is because the share allows NULL sessions. How can I make is try to actually check for correct credentials?

1 Like

Oke yes I am a … I used the other services running to get the correct credentials…

Hello, how did you manage to find Jasons password?! Im bruteforcing with the resource password list but it`s not there…

Hello,

Can you provide a hint how to obtain password for Jason, please? I got the password.list file and used it with CME (-u jason, -p password.list) but no luck. Also, tried it with FTP - same deal. Any help is greatly appreciated. Thanks:)

Try using other services and applications with the supplied password list