Hack The Box: Dancing Writeup
The DANCING machine is the third challenge in Tier 0 of Hack The Box’s Starting Point series.
To get started with the DANCING machine on Hack The Box, you just need to hit the “Spawn Machine” button. This will boot up the target system.
Once the target machine is up and running, the next step is to ensure we have a working connection to it. We can do this by pinging the target IP from our attack machine. This simple check confirms whether our machine can communicate with the target. In my case ping is successful so the connection is established.
Let’s begin with a nmap scan. Use following command to scan the target IP address.
nmap -A 10.129.78.8The above command initiates an aggressive scan of the target IP. In this scan, Nmap performs several actions:
- OS detection: Attempts to identify the operating system running on the target machine.
- Version detection: Determines the software versions of services running on open ports.
- Script scanning: Runs Nmap’s default scripts to gather additional information about vulnerabilities or configurations.
- Traceroute: Maps out the network path to the target.
Nmap scan results shows that the following ports are open:
- Port 135 (msrpc): This port is associated with Microsoft Windows RPC (Remote Procedure Call), indicating that the system likely supports various remote management and communication functionalities.
- Port 139 (netbios-ssn): This is used for NetBIOS Session Service, which is commonly found in Windows environments for file and printer sharing.
- Port 445 (microsoft-ds): This port is used for SMB (Server Message Block) protocol, crucial for sharing files and printers on Windows networks.
Since the SMB service is running on port 445, we can enumerate any available shares using the following command:
smbclient -L 10.129.78.8This allows us to discover shared resources on the target system.
The results indicate that there are four shared resources on the target machine. Let’s attempt to connect to each one individually to see if any allow access with a blank password. We can use the following command to connect to a specific share:
smbclient \\\\10.129.78.8\\workShares- smbclient: This is the command-line utility used to access SMB/CIFS resources on a network. It acts like an FTP client for SMB shares.
- \\\\10.129.78.8: This specifies the target IP address of the machine hosting the SMB service. In this case, it’s the IP address of the target system.
- \\workShares: This refers to the specific shared resource we are trying to access on the target machine. The name
workSharesindicates the shared folder or directory available for access.
We’ve successfully connected to the workShares resource using a blank password. After listing the files, we can see that there are two directories available within the share. Let’s look into them.
To navigate into the Amy.J directory, we can use the command cd Amy.J. Once inside, we can list the files again and confirm that we have located the worknotes.txt file.
Now, let’s enter the James.P directory using the command cd James.P. After listing the files there, we discover the desired file: flag.txt. Now, let’s download the flag.txt file to our system using the get command.
Now, let’s exit the smbclient session and verify that the flag.txt file has been successfully downloaded to our attack machine. We can do this by using the ls command to list the files in our current directory, and we should see flag.txt there.
We can use the cat command to display the contents of the flag.txt file.
Submit the captured flag and answer the questions on the box page. Since the questions are straightforward and we’ve already covered everything in the steps explained above so, there’s no need to provide detailed responses here. Simply refer back to our earlier findings, to complete the challenge successfully.
CONGRATULATIONS!!! The DANCING box is completed!
This walkthrough finishes here. Stay tuned for the next adventure! 🚀😊
Here is the link to the walkthrough for the fourth challenge in Tier 0 of Hack The Box:
