The following are exploitation guides for the scenarios created in this chapter. These are guidelines, and there are more ways to exploit the vulnerabilities.
First of all, we run NMAP to do host discovery against the network. If we run NMAP with the A parameter, it will actually connect to and profile any open file-sharing platforms. I'm not going to bore you with yet another NMAP output.
We should see that there are SMB shares open to guests. Let's go and have a look by using the SMB client,
smbclient <ip address>/<sharename>; so, in this case, it's
smbclient //192.168.0.6/squirtle. The following screenshot shows the contents of the key file: