SMB
Nmap discovered a Windows Directory service on the target ports 139 and 445
┌──(kali㉿kali)-[~/archive/htb/labs/ghost]
└─$ nmap -Pn --script smb-enum-shares -sV -p445 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-15 11:51 CEST
Nmap scan report for dc01.ghost.htb (10.10.11.24)
Host is up (0.072s latency).
PORT STATE SERVICE VERSION
445/tcp open microsoft-ds?
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.94 secondsAttempting to map the SMB shares fails likely due privileges-related issues
Null Session
┌──(kali㉿kali)-[~/archive/htb/labs/ghost]
└─$ smbclient -L //dc01.ghost.htb/
Password for [WORKGROUP\kali]:
Anonymous login successful
Sharename Type Comment
--------- ---- -------
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to dc01.ghost.htb failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup availableNothing