1
00:00:00,390 --> 00:00:05,320
In this video, we are going to hack into Dancing Machine, which is the third machine on Hack the Box

2
00:00:05,370 --> 00:00:06,360
Starting Point.

3
00:00:07,590 --> 00:00:09,660
Just click on Connect to the Box.

4
00:00:10,420 --> 00:00:13,000
Download your open VPN credentials.

5
00:00:16,520 --> 00:00:17,540
And save them.

6
00:00:20,660 --> 00:00:22,340
Now open your download folder.

7
00:00:23,720 --> 00:00:27,230
Open the terminal in the same folder by right clicking in the folder.

8
00:00:30,900 --> 00:00:34,680
And use the command open VPN and your file name to start the VPN.

9
00:00:38,020 --> 00:00:38,630
It's an error.

10
00:00:38,650 --> 00:00:40,630
We need to start this with pseudo.

11
00:00:43,100 --> 00:00:44,840
Repeat the command with pseudo.

12
00:00:45,930 --> 00:00:47,640
Now to check whether we are connected.

13
00:00:47,640 --> 00:00:49,380
Give the command if config.

14
00:00:53,570 --> 00:00:56,660
And you can see that we are connected on Channel Zero interface.

15
00:00:59,530 --> 00:00:59,710
No.

16
00:00:59,770 --> 00:01:00,970
Spawn your machine.

17
00:01:04,040 --> 00:01:05,540
It will take a while to spawn.

18
00:01:10,820 --> 00:01:12,920
Node down the target IP address.

19
00:01:15,600 --> 00:01:17,370
No, let's just ping our machine.

20
00:01:18,640 --> 00:01:21,820
And we can confirm that our target machine is up and running.

21
00:01:22,800 --> 00:01:25,920
So let's first answer some questions on the box.

22
00:01:26,640 --> 00:01:30,960
So the first question is what does the three letter acronym stands for?

23
00:01:32,090 --> 00:01:36,140
Which is server message block to submit the answer.

24
00:01:38,060 --> 00:01:44,570
Now, the second question is what port does SMB use to operate it, which is four, four, five?

25
00:01:45,700 --> 00:01:51,160
So the next question is what is the service name for what, four or five that came up in our NMAP scan?

26
00:01:52,330 --> 00:01:54,580
So let's first start our NMAP scan.

27
00:01:55,580 --> 00:01:57,550
It was the command as shown on the screen.

28
00:01:58,100 --> 00:02:01,090
35 and minimum rate will speed up the process.

29
00:02:01,450 --> 00:02:04,840
The app will run scan on all available ports.

30
00:02:05,120 --> 00:02:07,240
Dash V is the verbose scan.

31
00:02:12,370 --> 00:02:13,780
So our scan is complete.

32
00:02:17,520 --> 00:02:18,090
Roll up.

33
00:02:19,180 --> 00:02:21,550
And you can see the service name is Microsoft.

34
00:02:22,030 --> 00:02:22,630
Yes.

35
00:02:23,440 --> 00:02:24,340
Just copy it.

36
00:02:25,230 --> 00:02:27,030
And paste it in the box.

37
00:02:33,630 --> 00:02:37,980
Well, the next question is what is the flag or switch that we can use with the assembly tool to list

38
00:02:37,980 --> 00:02:39,300
the contents of the share?

39
00:02:45,200 --> 00:02:46,430
Which is Dash L.

40
00:02:49,060 --> 00:02:50,920
Let's try that on our target.

41
00:02:55,230 --> 00:02:59,070
Use the command SNMP client with the IP address and flag.

42
00:03:05,760 --> 00:03:07,230
Use the blank password.

43
00:03:08,990 --> 00:03:12,230
And we can see that four shares are listed for our target.

44
00:03:18,440 --> 00:03:20,540
So let's just go back to the box.

45
00:03:22,590 --> 00:03:26,730
So the next question is how many chairs are there on dancing, which are for.

46
00:03:29,430 --> 00:03:34,530
The next question is what is the name of the share we are able to access in the end with a blank password?

47
00:03:36,640 --> 00:03:39,250
So let's just try to assess work, share, share.

48
00:03:41,350 --> 00:03:43,210
Use the command as shown on the screen.

49
00:03:44,630 --> 00:03:47,030
And we are able to gain access to the share.

50
00:03:49,870 --> 00:03:51,910
We can list the files with the list command.

51
00:03:55,770 --> 00:03:58,140
So let's just go back and answer the question.

52
00:03:59,740 --> 00:04:02,080
So we were able to access work shares folder.

53
00:04:08,500 --> 00:04:13,810
So the next question is what is the command we can use with SNMP shell to download the files we find?

54
00:04:14,590 --> 00:04:17,560
Let's just try to find and download the flag file.

55
00:04:22,730 --> 00:04:26,480
And we can see that we have our flagged text file in James folder.

56
00:04:30,510 --> 00:04:32,430
Use the get command to download it.

57
00:04:33,780 --> 00:04:35,880
And we have downgraded our flag file.

58
00:04:37,290 --> 00:04:38,910
So open a new terminal.

59
00:04:42,200 --> 00:04:44,900
And use the cat command to cat out the contents.

60
00:04:53,520 --> 00:04:55,980
Copy the flag and go back to check the box.

61
00:05:02,310 --> 00:05:03,630
And so I made the flag.

62
00:05:09,160 --> 00:05:12,160
And we have successfully hacked into Dancing Machine.