Dancing Machine Checklist
1️⃣ Lab Setup & Scope
- HTB OpenVPN Connected
- Target machine spawned/running
- Target IP identified:
10.129.87.161 - PING check successful
- Legal HTB Lab session verified
2️⃣ Network Discovery
- Target IP confirmed:
10.129.87.161 - Local HTB IP identified
3️⃣ Port Scanning
- All 65535 ports scanned
- Service versions and default scripts detected (Ports 135, 139, 445, 5985)
4️⃣ Service Enumeration
SSH / FTP / SMB / RPC
- SMB shares listed & permissions checked (Null session allowed)
- WorkShares share identified
5️⃣ Vulnerability Identification
- Path identified (Unauthenticated access to sensitive share)
6️⃣ Initial Access (Foothold)
- SMB share accessed without credential
- Directory structure navigated
7️⃣ Post-Exploitation Enumeration
- Sensitive files searched (Found:
flag.txt&worknotes.txt)
8️⃣ Privilege Escalation
- Not Required (Flag accessible as guest)
9️⃣ Flags / Proof of Compromise
- Flag found & submitted:
5f61c10d... - Evidence captured (Screenshots organized)
🔟 Cleanup & Documentation
- Notes completed in Obsidian
- Screenshots organized in
evidence/
🏁 Machine Completion Status
- Pwned ✅
- Flags Submitted to HTB ✅
➡️ Machine SOLVED 🏆