smb: \cd Amy.J
─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$ get worknotes.txt
bash: get: command not found
┌─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$ cat worknotes.txt
-
start apache server on the linux machine
-
secure the ftp server
-
setup winrm on dancing ┌─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$ cat worknotes.txt -
start apache server on the linux machine
-
secure the ftp server
-
setup winrm on dancing ┌─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$ smbclient -L 10.129.29.118
Password for [WORKGROUP\laohu]:Sharename Type Comment
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
WorkShares Disk
SMB1 disabled – no workgroup available
┌─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$ smbclient \\10.129.29.118\WorkShares
Password for [WORKGROUP\laohu]:
Try “help” to get a list of possible commands.
smb: > help
? allinfo altname archive backup
blocksize cancel case_sensitive cd chmod
chown close del deltree dir
du echo exit get getfacl
geteas hardlink help history iosize
lcd link lock lowercase ls
l mask md mget mkdir
more mput newer notify open
posix posix_encrypt posix_open posix_mkdir posix_rmdir
posix_unlink posix_whoami print prompt put
pwd q queue quit readlink
rd recurse reget rename reput
rm rmdir showacls setea setmode
scopy stat symlink tar tarmode
timeout translate unlock volume vuid
wdel logon listconnect showconnect tcon
tdis tid utimes logoff …
!
smb: > ls
. D 0 Mon Mar 29 09:22:01 2021
… D 0 Mon Mar 29 09:22:01 2021
Amy.J D 0 Mon Mar 29 10:08:24 2021
James.P D 0 Thu Jun 3 09:38:03 20215114111 blocks of size 4096. 1753845 blocks available
smb: > cd Amy.J
smb: \Amy.J> ls
. D 0 Mon Mar 29 10:08:24 2021
… D 0 Mon Mar 29 10:08:24 2021
worknotes.txt A 94 Fri Mar 26 11:00:37 2021
5114111 blocks of size 4096. 1753828 blocks available
smb: \Amy.J> get worknotes.txt
getting file \Amy.J\worknotes.txt of size 94 as worknotes.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \Amy.J> cd …
smb: > ls
. D 0 Mon Mar 29 09:22:01 2021
… D 0 Mon Mar 29 09:22:01 2021
Amy.J D 0 Mon Mar 29 10:08:24 2021
James.P D 0 Thu Jun 3 09:38:03 2021
5114111 blocks of size 4096. 1753811 blocks available
smb: > cd James.P
smb: \James.P> ls
. D 0 Thu Jun 3 09:38:03 2021
… D 0 Thu Jun 3 09:38:03 2021
flag.txt A 32 Mon Mar 29 10:26:57 2021
5114111 blocks of size 4096. 1753795 blocks available
smb: \James.P> get flag.txt
getting file \James.P\flag.txt of size 32 as flag.txt (0.9 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \James.P> SMBecho failed (NT_STATUS_CONNECTION_RESET). The connection is disconnected now
┌─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$ smbclient \\10/129/29/118\WorkShares
Password for [WORKGROUP\laohu]:
do_connect: Connection to 10 failed (Error NT_STATUS_IO_TIMEOUT)
┌─[us-starting-point-1-dhcp]─[10.10.14.215]─[laohu@htb-6p1ielrnqb]─[~]
└──╼ [★]$
I managed to go thru all the steps successfully except the last step getting the flag. I cannot figure out how to exit the smbclient and get the flag. I hope that someone can make a suggestion ?
Thanks in advance