xsspresso
xsspresso
Tags/ SMB

SMB

8 writeups tagged with SMB

MiscMediumLinux

VHL — Mantis

MantisBT bug tracker with Samba shares on Ubuntu. Enumeration of SMB reveals credentials reused for MantisBT admin access.

#MantisBT#Samba#SMB
Feb 12, 2025Virtual Hacking Labs
MiscEasyWindows

VHL — Aaron

Windows 10 Enterprise with SMB and RDP exposed. Credential brute-force via SMB leads to remote code execution and full system access.

#SMB#RDP#Brute Force
Feb 11, 2025Virtual Hacking Labs
ADEasyWindows

HTB — Cicada

SMB guest access reveals default password in HR note. User enumeration + password spray, SeBackupPrivilege abuse for NTDS.dit extraction.

#AD#SMB#SeBackupPrivilege
Jan 9, 2025HackTheBox
WebMediumWindows

HTB — Sniper

PHP RFI via language parameter loads SMB share for RCE. Lateral movement via credential in web config. CHM file drops reverse shell as Administrator.

#RFI#SMB#CHM
Nov 21, 2024HackTheBox
ADEasyWindows

HTB — Active

SMB anonymous access to SYSVOL leaks GPP-encrypted password. Kerberoasting the Administrator SPN cracks the hash for full domain access.

#AD#GPP#Kerberoasting
Jan 10, 2023HackTheBox
MiscEasyWindows

HTB — Blue

Demonstrates the full impact of EternalBlue (MS17-010). One Metasploit module gives SYSTEM on an unpatched Windows 7 SMB service.

#EternalBlue#MS17-010#SMB
May 6, 2022HackTheBox
MiscEasyWindows

HTB — Legacy

Classic beginner box. MS08-067 (Netapi) and MS17-010 (EternalBlue) both yield SYSTEM directly with no privilege escalation needed.

#SMB#MS08-067#EternalBlue
May 3, 2022HackTheBox
WebEasyLinux

HTB — Friendzone

DNS zone transfer reveals subdomains. SMB anonymous share leaks creds. LFI + PHP injection for RCE, Python lib hijack for root.

#SMB#LFI#DNS
Apr 23, 2022HackTheBox