Find Roles
Hub
Find Talent

Dancing Walkthrough | HackTheBox

We’re a hub for tech professionals looking to advance & optimize their IT Infrastructure by finding the perfect product, tool, or role. Learn more about us. If you don’t see a product you are looking for on our website you can send us feedback 🙂

BACK TO HUB
CarlosRecruits Icon

This is a simple walkthrough for completing the Dancing target machine in Hackthebox.com.

Task 1

Question: What does the 3-letter acronym SMB stand for?

Answer: Server Message Block

Task 2

Question: What port does SMB use to operate at?

Answer: 445

Task 3

Question: What network communication model does SMB use, architecturally speaking?

Answer: Client-Server Model

Task 4

Question: What is the service name for port 445 that came up in our nmap scan?

Answer: microsoft-ds

Task 5

Question: What is the tool we use to connect to SMB shares from our Linux distribution?

Answer: smbclient

Task 6

Question: What is the ‘flag’ or ‘switch’ we can use with the SMB tool to ‘list’ the contents of the share?

Answer: -L

Task 7

Question: What is the name of the share we are able to access in the end?

Answer: workshares

Task 8

Question: What is the command we can use within the SMB shell to download the files we find?

Answer: get

Task 9

Submit Flag

Since we already know we can connect to this SMB share through port 445, lets try to access the shares. The first thing we can do is to go through each share to see if any of them are available without a password by just pressing the ‘ENTER’ key on your keyboard when prompted to enter a password.

As you can see from the screenshot above, the share named workshares gives us access to the contents without a password. In this share, there are two directories that stand out, which include Amy.J and James.P.

You can search these files with the ls command to show their content inside the directory. To navigate inside the folder, use the cd command as shown in the screenshot below.

To download the file, use the get command followed by the file name as shown below.

The flag.txt file will be downloaded to your home folder.

SMBCLIENT Commands

smb: \> h
ls             dir            lcd            cd             pwd            
get            mget           put            mput           rename         
more           mask           del            rm             mkdir          
md             rmdir          rd             prompt         recurse        
translate      lowercase      print          printmode      queue          
cancel         stat           quit           q              exit           
newer          archive        tar            blocksize      tarmode        
setmode        help           ?              !              
smb: \>

CarlosRecruits.com is an independent recruitment website launched in 2023 on a mission to match impactful people with meaningful organizations

Hi! My name is Carlos and I’ve been working in tech for the past 9 years.

I built this website to share my passion for recruitment and tech.

Clicking the heart tells me what you enjoy reading. Social sharing is appreciated (and always noticed).

That’s it. That is my pitch for you to stick around (or browse the site as you please).

If you want to get in contact with me, reach out to me via my socials 🙂

EXPLORE CAREERS

Network Security Engineer Information Systems Security Officer (ISSO) Information Systems Security Engineer (ISSE) Information Systems Security Manager (ISSM) Penetration Tester Incident Response Analyst Security Architect Security Operations Center (SOC) Analyst Malware Analyst Cloud Security Engineer Application Security Engineer Firewall Administrator Database Administrator Enterprise Architect Network Operations Specialist Technical Support Specialist Cyber Defense Analyst Cyber Defense Forensics Analyst Cyber Defense Incident Responder Secure Software Assessor Vulnerability Assessment Analyst Intelligence Analyst IT Program Manager DevSecOps Engineer

EXPLORE PRODUCTS

NMAP SN1PER HUNTER.IO SHODAN MALTENGO THEHARVESTER RECON-NG NETCRAFT WIRESHARK OPENVAS NIKTO TCPDUMP SNORT ARKIME NETWORKMINER SURICATA ZEEK TSHARK FIDDLER ETHER APE METASPLOIT EXPLOIT-DB SQLMAP JOHN HASHCAT NESSUS CORE IMPACT IMMUNITY DEBUGGER ZED ATTACK PROXY (ZAP) BURP SUITE INVICTI WEBINSPECT ACUNETIX HCL APPSCAN VERACODE QUALYS WAS W3AF AIRCRACK-NG KISMET AIRSNORT NETSPOT FORESCOUT EYESIGHT FORESCOUT EYEINSPECT FORESCOUT EYESEGMENT FORESCOUT EYECONTROL FORESCOUT EYEEXTEND FORESCOUT XDR JOHN THE RIPPER HASHCAT HYDRA CAIN & ABEL CRACKSTATION MEDUSA CHEF INFRA MANAGEMENT CHEF APP DELIVERY CHEF COMPLIANCE CHEF DESKTOP CHEF PREMIUM CONTENT CHEF CLOUD SECURITY CLOUDFLARE WAF SPIDERFOOT