Service Scanning Module

HTB Content
1

“List the SMB shares available on the target host. Connect to the available share as the bob user. Once connected, access the folder called ‘flag’ and submit the contents of the flag.txt file.”

I am having trouble with the smbclient command. I cant login with the given credentials (Bob:Welcome1).

I input < $ smbclient -N -L \\0.0.0.0 > followed by < $ smbclient -U bob \\0.0.0.0\users >
and then used “Welcome1” passkey but it is not going through and throwing an “NS_STATUS_ERROR_CODE” at me…

Anyone else having this issue or find a solution for this?

2

I tried using a different VPN server and even changing hostname to no avail…

3

It appears that the issue might be related to the authentication process or potentially incorrect credentials. Here are a few suggestions to troubleshoot the problem:

  1. Verify Credentials: Double-check that the credentials (username: Bob, password: Welcome1) are correct. Typos or case sensitivity issues might cause authentication failures.
  2. User Format: Ensure you are using the correct format for the username in the smbclient command. It should be -U Bob instead of -U bob.
  3. Use quotes for the Password: Try using quotes around the password, especially if it contains special characters. For example: -U Bob%Welcome1.
  4. Check SMB Version: Verify the SMB version compatibility. You can specify the SMB version with the -m flag. For example: -m SMB3.
  5. Review Permissions: Confirm that the user ‘Bob’ has the necessary permissions to access the specified share and folder. Insufficient permissions can result in authentication errors.
  6. Firewall Settings: Ensure that there are no firewall issues preventing the connection. Check if the required SMB ports (typically 139 and 445) are open.
  7. Debugging Mode: Add the -d flag to the smbclient command for debugging information. This might provide more details about the issue. For example: -d 3.
  8. Update smbclient: Ensure that your smbclient tool is up-to-date. An outdated version might have compatibility issues.

Example command:

$ smbclient -U Bob%Welcome1 -L \\0.0.0.0

Remember to replace 0.0.0.0 with the actual IP address or hostname of the target host.

If the issue persists, reviewing system logs on both the client and server sides may provide additional insights into the cause of the authentication failure.

4

Step-by-Step Instructions: :gear:

  • You should first run the command nmap -N -L 00.000.00.000 with the current IP.
  • If necessary, reload the target to get the current IP of the target.
  • This will allow you to check which directories are accessible.
  • In our case, this is the “users” directory.
  1. Go to bob’s host - smbclient -U bob \\10.129.207.42/users (with current IP)
  2. Enter a password - “Welcome1”, as shown in the module
  3. Check the list of existing directories - ls
  4. We need a flag - cd flag - Go to the flag directory
  5. Once again we use the ls command to check that the file we need is here
  6. Now we download the file - get flag.txt and execute exit to stop smbclient session
  7. Locate the downloaded file on our local machine and read its contents - cat flag.txt

RESULT: dceece590f3284c3866305eb2473d099 :white_check_mark:

Happy Learning :crazy_face:

1 Like
5

Which tool did you used to btureforce the password, as hydra is not working and others (Medusa, Crackmapexec, metasploit) are taking too much time…