Reading the story it seems like Elf McSkidy set up a Samba file server. I wonder if we can possible abuse that port. Let’s run our Nmap scans and see what ports are open.
It looks like port 139 and port 445 are open. Let’s try to connect to them, maybe we can use a NULL session. This means that we won’t have to authenticate to be able to view the share contents and possible upload as well!
We can use smbclient in order to connect to the SMB shares. We will use the -N option for no pass. Then you use the -L option to list the shares. Just like in Windows you need to use backslashes to connect to the port. We can also answer the 2nd question.
We can attempt to connect to these shares using a blank username and the share name.
smbclient -U “” \\\\10.10.71.118\\SHARENAME
After a few tries we can log into tbfc-santa, which is the answer to the 3rd question.
We can use the ls command to show the directories and files. Then we can use mget to download the files we want. We can answer question 4 from the ls command shown below.
The note says Santa can put all his favorite jingles onto this share. Glad they left this share open.
Now we can jump back to question 1. There is a great tool we can use called enum4linux that allows you to enumerate information about a remote or local system through Samba shares. We can either do the -a option to run all simple enumeration or just use -U for the enumeration of the users list. Since question 1 just wants us to get how many users are on the machine, let’s just use the -U option.
Great we can see there are 3 users on the machine the answer to our 1st question.