29 Dec 2022
Vulns like CVE-2017-7494 can allow RCE, but more likely to come across misconfigurations that allow access. One common misconfig allows gaining information that in turns allows shell access.
Gain access and gather infor to get more access, then get flag. For this task SMBClient is used to gain access. Syntax to access a remote SMB share is:
smbclient //[IP]/[SHARE] -U [name] -p [port] where U is username and p is smb port used. Information here is based on VM from last task.
Wasnât paying attention and ctrl+z-ed my way out of smbclient and got lost. Ended up going through a walkthrough before I realized my mistake. Now however, I need to look up how to download a file over smb. While in smbclient download with mget [filename].
Had to copy or move the downloaded file and couldnât remember that the destination (using mv) was folder/file, not /folder/file.
Finally got the flag, but I really shouldnât have had to do as much research as I did. Really need to get rid of some more dust on the old skillsâŚ