Net Sec Challenge

Use this challenge to test your mastery of the skills you have acquired in the Network Security module. All the questions in this challenge can be solved using only nmap, telnet, and hydra. — via TryHackMe.

via — secureworks

To save time, I started an nmap of the target IP before reading the tasks.

nmap -sV -p- 10.10.143.166 -oN

Task 1: Introduction

#1 Launch the AttackBox and the target VM.

No answer needed.

Task 2: Challenge Questions

#1 What is the highest port number being open less than 10,000?

8080

#2 There is an open port outside the common 1000 ports; it is above 10,000. What is it?

10021

#3 How many TCP ports are open?

6

#4 What is the flag hidden in the HTTP server header?

printf “HEAD / HTTP/1.0\r\n\r\n” |nc -n -i 1 10.10.143.166 80

THM{web_server_25352}

#5 What is the flag hidden in the SSH server header?

ssh -v 10.10.143.166 80

THM{946219583339}

#6 We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

vsftpd 3.0.3

#7 We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

The first step was to create a user-list document (users.txt). From here, I was able to login using FTP, a wordlist (rockyou.txt), the user list (users.txt) and the following Hydra command:

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt ftp://10.10.143.166: 10021

The following flag was revealed.

THM{321452667098}

#8 Browsing to http://MACHINE_IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?

nmap with -sN to prevent detection.

nmap -sN 10.10.143.166

THM{f7443f99}

Task 3: Summary

Congratulations. In this module, we have learned about passive reconnaissance, active reconnaissance, Nmap, protocols and services, and attacking logins with Hydra.

No answer needed