This is a simple walkthrough for completing the Tactics target machine in Hackthebox.com.
Task 1
Question: Which Nmap switch can we use to enumerate machines when our packets are otherwise blocked by the Windows firewall?
Answer: -Pn
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0474-1024x768-1.webp)
Task 2
Question: What does the 3-letter acronym SMB stand for?
Answer: Server Message Block
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0475-1024x768-1.webp)
Task 3
Question: What port does SMB use to operate at?
Answer: 445
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0476-1024x768-1.webp)
Task 4
Question: What command line argument do you give to `smbclient` to list available shares?
Answer: -L
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0478-1024x768-1.webp)
Task 5
Question: What character at the end of a share name indicates it’s an administrative share?
Answer: $
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0479-1024x768-2.webp)
Task 6
Question: Which Administrative share is accessible on the box that allows users to view the whole file system?
Answer: C$
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0480-1024x768-1.webp)
Task 7
Question: What command can we use to download the files we find on the SMB Share?
Answer: get
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0481-1024x768-1.webp)
Task 8
Question: Which tool that is part of the Impacket collection can be used to get an interactive shell on the system?
Answer: psexec.py
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0482-1024x768-1.webp)
Task 9
Submit flag
We know from task 6 above that we are able to access the target via smbclient on the administrator account with no password. From here, we tried to access all three shares (ADMIN$, C$, and IPC$) and were able to view the files inside C$ using the dir command.
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0483-1024x768-1.webp)
If we type help, we can see a list of more actions we can use to navigate around. We can navigate around using the cd command. Fast forward looking around directories, we can find the flag.txt file in the administrators desktop. Using the get command, it will download the file to our home folder.
![](https://carlosrecruits.com/wp-content/uploads/2024/02/adytize-cyber-security-training-0484-1024x768-1.webp)
Mission accomplished.
CarlosRecruits.com is an independent recruitment website launched in 2023 on a mission to match impactful people with meaningful organizations
Hi! My name is Carlos and I’ve been working in tech for the past 9 years.
I built this website to share my passion for recruitment and tech.
Clicking the heart tells me what you enjoy reading. Social sharing is appreciated (and always noticed).
That’s it. That is my pitch for you to stick around (or browse the site as you please).
If you want to get in contact with me, reach out to me via my socials 🙂
![](https://carlosrecruits.com/wp-content/uploads/2024/03/signed.webp)
EXPLORE CAREERS
EXPLORE PRODUCTS
“Think of me as the ‘Consumer Reports’ for Impactful Talent.”
Exclusive insights on roles directly in your inbox.
![](https://carlosrecruits.com/wp-content/uploads/2024/01/ay-put-me-back-yo.webp)