Dancing: HTB
Port Scan:
Lets scan the machine first like always
Port 445 looks juicy. lets enumerate the service with -L to list shares. You can use other tools like nmaps smb-enum, enum4linux and SMBMap (I have never used this one, but wanted to share)
Initial Foothold:
Lets try ADMIN$ though expect that not to work.
Exploitation:
Oh no, can' believe we were right. Cant use that so lets try WorkShares instead which appears to be available
Two directories, lets read their contents
Grabbing contents from both to our local machine
Exfiltration:
Lets actually read it now. Congrats you got root
As always. Stay curious my friends.