HTB: Fawn Walkthrough
A walkthrough of the Fawn room on Hack The Box.
A walkthrough of the Dancing room on Hack The Box.
Challenge Type: Offensive | OS: Windows | Difficulty: Very Easy
Question 1: What does the 3-letter acronym SMB stand for?
The answer to this question is Server Message Block
Question 2: What port does SMB use to operate at?
If you’re unsure, Google is your friend.
The answer to this question is 445
Question 3: What is the service name for port 445 that came up in our Nmap scan?
The answer to this is microsoft-ds
Question 4: What is the ‘flag’ or ‘switch’ we can use with smbclient to ‘list’ the the shares available over SMB?
The answer to this question is -L
Question 5: How many shares are there on Dancing?
The answer to this question is 4
Question 6: What is the name of the share we are able to access in the end with a blank password?
You can brute force this answer as there’s only 4 options. However, the answer is actually WorkShares, as this is a custom share made by an administartor during the configuration phrase.
Question 7: What is the command we can use within the SMB shell to download the files we find?
The answer to this question is get
Question 8: Submit the flag located on the SMB share.
You’ll have to connect to the server using SMBClient as hinted with the questions above. Then you can explore the directories on this share and find the flag.
The answer to this question is 5f61c10dffbc77a704d76016a22f1664. The file containg the flag can be found in James.P folder.
Written by: Jamie Ngo
Tagged as: Dancing, Hack The Box.
Courses Jamie Ngo
Courses Jamie Ngo
todayJuly 28, 2024
Cyber Security Jamie Ngo
Learn how to secure your MyGov account to ensure you don’t become a victim.
Copyright 2021
Post comments (0)