Net Sec Challenge
This guide contains the answer and steps necessary to get to them for the Net Sec Challenge room.
Challenge Questions
- What is the highest port number being open less than 10,000?
For this we can use nmap and specify the port range we want to use (1-10000).
Click for answer
8080
- There is an open port outside the common 1000 ports; it is above 10,000. What is it?
For this we can use a similar command, but this time we use the remaining ports as our range.
Click for answer
10021
- How many TCP ports are open?
Adding both answers together we get our total number of open TCP ports.
Click for answer
6
- What is the flag hidden in the HTTP server header?
To look at the server header information we can use telnet. We should also specify the required port.
Click for answer
THM{web_server_25352}
- What is the flag hidden in the SSH server header?
To find this information we can again use telnet.
Click for answer
THM{946219583339}
- We have an FTP server listening on a nonstandard port. What is the version of the FTP server?
The ftp service isn't listed on the first nmap scan, so we should perform the second one with version info enabled (this was disabled in our scan in question 3).
Click for answer
vsftpd 3.0.3
- We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?
We first create a file touch usernames.txt and add both usernames to it. Then we can craft our Hydra command:
This gives us passwords for both accounts. Looking through the files on the FTP server, we find the flag on the account for quinn.
Click for answer
THM{321452667098}
- Browsing to http://MACHINE_IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?
Visiting the weppage, we see we need to scan the machine with as little activity as possible.
After several tries (also using the Attackbox) the most effective scan type was the NULL scann -sN.
Click for answer
THM{f7443f99}