The narrator is discussing how they solved an online cybersecurity challenge known as the EJPT CTF-3 (Enumeration), which involves an SMB lab.
They used Nmap to scan the target, identifying that it runs SMB, PostgreSQL, and Metasploit.
Using Metasploit, they attempted to brute force SMB login credentials using common user names and passwords, successfuuly obtaining credentials for the administrator user.
They then used the Metasploit ‘enumusers’ module to enumerate additional users.
Using an SMB client, they accessed a share indicated as an anonymous share, obtaining the first flag.
review of the first flag revealed a clue about an FTP service,
They subsequently performed a full port Nmap scan, and identified the FTP service running on port 5554.
They added a new user discovered using the ‘enum4linux’ tool and then brute forced the FTP service using Hydra, obtaining the third flag.
They also obtained the fourth flag by logging into the machine and viewing a warning message intended to deter unauthorized users from logging in.