HTB Starting Point — Dancing
Box info | OS: Windows 10 / Server 2019 Build 17763 x64 | Difficulty: Very Easy | Tier: 0 | Status: Starting Point Skills: SMB enumeration, null/guest session, smbclient, RID cycling Pwned: 2026-04-27 TL;DR Dancing is a Windows Server 2019 box with SMB null authentication enabled. A port scan reveals the usual Windows fingerprint: 135 (RPC), 139 (NetBIOS), 445 (SMB), and 5985 (WinRM). Guest login to SMB is accepted, and listing shares uncovers a non-standard share called WorkShares. Inside it, James.P/flag.txt contains the flag. Attempts to leverage the guest session further — WinRM, psexec, wmiexec — all fail cleanly. The lesson: null-session SMB gives you lateral information even when it can’t give you code execution. ...