- Retrieving the flag from Samba SMB workgroup guest.
Challenge Points: 861
No. of solves: 119
Solved by: g4rud4
Can you share some secrets about this box?
nmap is allowed for this problem. However, you may only target
misc.utctf.live ports 8881 & 8882. Thank you.
Let us do a quick nmap and see what are the services open on the given ports.
$ nmap -sC -sV -p 8881-8882 misc.utctf.live
So we can see that both the ports are open and running on
Samba SMB. As it is running on SMB lets retrieve the workgroup for the SMB server.
Retrieving the SMB Workgroup
We can use the tool
smbclient for intracting with this given SMB(Server Message Block) server, and its is somewhat similar to FTP. SMB servers will be having a workgroup let us retrieve it.
$ smbclient -L misc.utctf.live -p 8881
We can see a workgroup/sharename guest. So lets connect to that and see what all files present in the guest.
Retrieving the Flag
As we already got the workgroup, we can connect to
guest workgroup using smbclient. Here is an example on how to connect to the smb server using smbclient.
$ smbclient \\\\<IP>\\<Workgroup>
As we know the IP as
misc.utctf.live and workgroup as
guest, let us connect to it and see what all files present in it.
smbclient \\\\misc.utctf.live\\guest -p 8881
As we can see
flag.txt is present on the guest workgroup, we can do
more flag.txt and retrieve the flag.