Host Discovery
Based on the last result, find out which operating system it belongs to. Submit the name of the operating system as result.
Windows
Host and Port Scanning
Find all TCP ports on your target. Submit the total number of found TCP ports as the answer.
7
Enumerate the hostname of your target and submit it as the answer. (case-sensitive)
NIX-NMAP-DEFAULT
Saving the Results
Perform a full TCP port scan on your target and create an HTML report. Submit the number of the highest port as the answer.
31337
Service Enumeration
Enumerate all ports and their services. One of the services contains the flag you have to submit as the answer.
HTB{pr0F7pDv3r510nb4nn3r}
Nmap Scripting Engine
Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.
If you execute this, you are going to find a lot of vulnerabilities. But when you look at the file robots.txt, you find the flag
nmap -sV -script vuln 10.129.101.226 -T5
HTB{873nniuc71bu6usbs1i96as6dsv26}
Firewall and IDS/IPS Evasion – Easy Lab
Our client wants to know if we can identify which operating system their provided machine is running on. Submit the OS name as the answer.
nmap -sV -sC 10.129.103.147 -T5
Ubuntu
Firewall and IDS/IPS Evasion – Medium Lab
After the configurations are transferred to the system, our client wants to know if it is possible to find out our target’s DNS server version. Submit the DNS server version of the target as the answer.
HTB{GoTtgUnyze9Psw4vGjcuMpHRp}
Firewall and IDS/IPS Evasion – Hard Lab
Now our client wants to know if it is possible to find out the version of the running services. Identify the version of service our client was talking about and submit the flag as the answer.
Let’s do a syn scan with nmap, source port 53 on all ports
Port 50000 seems have something. Let’s use Netcat on it with port 53
HTB{kjnsdf2n982n1827eh76238s98di1w6}