03.DANCING (SMB)

Target Service:	                  SMB
Attack:                           Anonymous Access
Vulnerability:                    Anonymous Access
MITRE Tactics & Technques:	  

Summary: The target system exposed several SMB shares, accessible via anonymous access
         with no proper authentication hardening. A list of shares was retrieved using 
         showing several administrative and custom shares (ADMIN$, C$, IPC$, and 
         WorkShares). The WorkShares share was accessible, containing directories for 
         users.

root@oco:~$ sudo openvpn ~/Downloads/starting_point.ovpn

root@oco:~$ nmap -sV -T4 10.129.13.4 -p-
 PORT     STATE SERVICE       VERSION
 135/tcp   open  msrpc         Microsoft Windows RPC
 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
 445/tcp   open  microsoft-ds?
 5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
 47001/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
 49664/tcp open  msrpc         Microsoft Windows RPC
 49665/tcp open  msrpc         Microsoft Windows RPC
 49666/tcp open  msrpc         Microsoft Windows RPC
 49667/tcp open  msrpc         Microsoft Windows RPC
 49668/tcp open  msrpc         Microsoft Windows RPC
 49669/tcp open  msrpc         Microsoft Windows RPC
 Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

 * think of port 445 (smb) as an active share that can be accessed/explored if it is
   running on the target