📝 Final Report & Lessons Learned
1. Executive Summary
Dancing is a Tier 0 machine in the HTB Starting Point path. It demonstrates the vulnerability of SMB shares when they allow unauthenticated access. This is a common finding in many enterprise environments where legacy shares are left open.
2. Key Takeaways
- Technical takeaways: Null sessions (logging in without a password) are a major security risk for SMB. Use
smbclient -Lto find shares. - Strategic takeaways: Windows environments often have multiple discovery paths. SMB is frequently the easiest.
3. Remediation
- Disable Anonymous SMB Access: Enforce authentication for all shared resources.
- Review Permissions: Regularly audit share and NTFS permissions to ensure only authorized users have access.
- Turn off SMBv1: Ensure only secure versions of the SMB protocol are in use.
4. Skills Gained
- SMB Enumeration with
smbclient - Null Session Access
- Identifying Non-Standard Shares
- Recursive File Searching in SMB
Operations