This content originally appeared on DEV Community and was authored by Adhishri Kothiyal
I will cover solution steps of the “Dancing” machine, which is part of the ‘Starting Point’ labs and has a difficulty rating of ‘Very Easy’.
Refresh the page in browser to see the new connection and then we can activate the machine by clicking the ‘Spawn Machine’ button. The machine is now active and showing a target IP address
TASK 1: What does the 3-letter acronym SMB stand for? Server Message Block
TASK 2: What port does SMB use to operate at? 445
TASK 3: What is the service name for port 445 that came up in our Nmap scan? microsoft-ds
TASK 4: What is the 'flag' or 'switch' that we can use with the smbclient utility to 'list' the available shares on Dancing? -L
TASK 5: How many shares are there on Dancing? 4
TASK 6: What is the name of the share we are able to access in the end with a blank password? WorkShares
TASK 7:What is the command we can use within the SMB shell to download the files we find? get
Submit root Flag:
Let's run nmap to find the open ports using the following command:
nmap -sV -sC {IP Address}
nmap -sV -sC 10.129.4.215
or
nmaap -p 137,139,445 10.129.4.215 -A
Alright, so we've got ourselves a Windows box here with three ports open. After a bit of sleuthing, it turns out Port 445 is running SMB (version 3.1.1).
smbclient -L <IP>
smbclient -L 10.129.4.215
Using the -L flag with the smbclient command, like smbclient -L {IP Address}, gives us a sneak peek into the shares hanging out on our target machine. We've got four sharenames staring back at us. Time to crack them open and see what goodies they've got stashed away. Let's dive in and explore each one!
Let's see if we can access any of these shares using the below commands:
smbclient //10.129.4.215/Admin$
smbclient //10.129.4.215/C$
smbclient //10.129.4.215/IP$
smbclient //10.129.4.215/Workshares
We wear able to access Ip but it had no files and finally we were able to access Workshares without a password. Workshares has 2 directories. I accessed James.P and found a flags.txt file. I downlaoded the file using the get command:
get flag.txt
And there we get the flag! On submitting it you will receive message as "Dancing has been Pwned" and Challenge solved successfully.
> Gentle Reader feel free to reach out for queries and feedback. 🥷
This content originally appeared on DEV Community and was authored by Adhishri Kothiyal
Adhishri Kothiyal | Sciencx (2025-08-27T20:39:38+00:00) Hack the box – Dancing (SMB). Retrieved from https://www.scien.cx/2025/08/27/hack-the-box-dancing-smb/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.