#readwise # Dancing Write-up  ## Metadata - Author: [[Hack The Box]] - Full Title: Dancing Write-up - Full Text: [[Dancing Write-up.pdf]] ## Highlights There are multiple ways to transfer a file between two hosts (computers) on the same network. One of these protocols is studied in this example, and that is SMB (Server Message Block). This communication protocol provides shared access to files, printers, and serial ports between endpoints on a network. We mostly see SMB services running on Windows machines. During scanning, we will typically see port 445 TCP open on the target, reserved for the SMB protocol. Usually, SMB runs at the Application or Presentation layers of the OSI model, pictured below. Due to this, it relies on lower-level protocols for transport. The Transport layer protocol that Microsoft SMB Protocol is most often used with is NetBIOS over TCP/IP (NBT). This is why, during scans, we will most likely see both protocols with open ports running on the target. (Page 1) --- An SMB-enabled storage on the network is called a share . (Page 3) --- Despite having the ability to secure access to the share, a network administrator can sometimes make mistakes and accidentaly allow logins without any valid credentials or using either guest accounts or anonymous log-ons. (Page 4) --- ### Enumeration `Smbclient` will attempt to connect to the remote host and check if there is any authentication required. If there is, it will ask you for a password for your local username. We should take note of this. **If we do not specify a specific username to `smbclient` when attempting to connect to the remote host, it will just use your local machine's username. That is the one you are currently logged into your Virtual Machine with. This is because SMB authentication always requires a username, so by not giving it one explicitly to try to login with, it will just have to pass your current local username to avoid throwing an error with the protocol.** (Page 5) ^n98gu9 ---