The following are exploitation guides for the scenarios created in this chapter. These are guidelines, and there are more ways to exploit the vulnerabilities.
The brief provided for this exploitation guide is assumed to be: Find the key file in a shared location on the network. Perform the following steps for this scenario:
First of all, we run NMAP to do host discovery against the network. If we run NMAP with the A parameter, it will actually connect to and profile any open file-sharing platforms. I'm not going to bore you with yet another NMAP output.
We should see that there are SMB shares open to guests. Let's go and have a look by using the SMB client,
smbclient <ip address>/<sharename>; so, in this case, it'ssmbclient //192.168.0.6/squirtle. The following screenshot shows the contents of the key file:
Right, so there's our key file. You can see that I can't read it on the system, which means it's probably owned by root. What we...