Welcome to the Enumeration CTF 1 Lab of the eJPT course. Let’s get started!

Attacking IP: 192.210.183.2

Target IP: target.ine.local - 192.210.183.3

Lab Environment

A Linux machine is accessible at target.ine.local. Identify the services running on the machine and capture the flags. The flag is an md5 hash format.

• Flag 1: There is a samba share that allows anonymous access. Wonder what's in there!

I started enumerating in this room in metasploit because we’ll need to use their modules later. In the course we learned that we can also run nmap scans directly in metasploit and the results will automatically be placed in our current workspace for convenience.

We can start metasploit by running this command. The -q flag gives a cleaner start to your terminal which I prefer.

service postgresql start && msfconsole -q

Next we can run the db_nmap command below similar to how we would outside of metasploit. In the results below we see open ports 22, 139, and 445 running SSH and Samba services. For right now we’ll focus on those Samba shares but we’ll come back to port 22 later.

db_nmap -sV -sC target.ine.local

[*] Nmap: Starting Nmap 7.94SVN ( <https://nmap.org> ) at 2026-01-06 05:03 IST
[*] Nmap: Nmap scan report for target.ine.local (192.210.183.3)
[*] Nmap: Host is up (0.000026s latency).
[*] Nmap: Not shown: 997 closed tcp ports (reset)
[*] Nmap: PORT    STATE SERVICE     VERSION
[*] Nmap: 22/tcp  open  ssh         OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
[*] Nmap: | ssh-hostkey:
[*] Nmap: |   3072 bb:ca:49:7e:f5:5c:6e:bf:8a:55:a1:69:d9:c9:18:01 (RSA)
[*] Nmap: |   256 da:06:c1:ab:e7:6f:14:b9:50:d5:43:a7:47:ab:80:ce (ECDSA)
[*] Nmap: |_  256 a1:5c:ab:22:6b:c2:f1:5c:5a:7a:5a:d8:e7:81:e2:33 (ED25519)
[*] Nmap: 139/tcp open  netbios-ssn Samba smbd 4.6.2
[*] Nmap: 445/tcp open  netbios-ssn Samba smbd 4.6.2
[*] Nmap: MAC Address: 02:42:C0:D2:B7:03 (Unknown)
[*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
[*] Nmap: Host script results:
[*] Nmap: |_nbstat: NetBIOS name: TARGET, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
[*] Nmap: | smb2-security-mode:
[*] Nmap: |   3:1:1:
[*] Nmap: |_    Message signing enabled but not required
[*] Nmap: | smb2-time:
[*] Nmap: |   date: 2026-01-05T23:34:08
[*] Nmap: |_  start_date: N/A
[*] Nmap: Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 11.53 seconds

Seeing the Samba services we know they’re likely running on Linux and we can use a tool like enum4linux to try and enumerate further.

enum4linux -a target.ine.local