Practice the skills in a free you have learned in the Net Sec Challenge room. Learn how to use nmap and hydra and how to grab banners with Telnet, complete the Jr Penetration Tester and learn from enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.
NetSecMod Room 09 Challenge: TryHackMe Net Sec Challenge
Net Sec Challenge Writeup
Task 1 Introduction
Use this challenge to test your mastery of the skills you have acquired in the Network Security module. All the questions in this challenge can be solved using only
Task 2 Challenge Questions
You can answer the following questions using Nmap, Telnet, and Hydra.
Working with Nmap
Execute nmap with parameter -p- to scan all ports:
nmap -p- 10.10.230.119
What is the highest port number being open less than 10,000?
There is an open port outside the common 1000 ports; it is above 10,000. What is it?
How many TCP ports are open?
What is the flag hidden in the HTTP server header?
telnet 10.10.49.54 80
Trigger a HTTP GET request to our webserver
GET / HTTP\1.1 Host:localhost
What is the flag hidden in the SSH server header?
telnet 10.10.49.54 22
We have an FTP server listening on a nonstandard port. What is the version of the FTP server?
Working with Hydra
We learned two usernames using social engineering:
quinn. What is the flag hidden in one of these two account files and accessible via FTP?
To complete this challenge use hydra to brute force the FTP service running on port 10021
hydra -l eddie -P /usr/share/wordlists/rockyou.txt ftp://10.10.230.119:10021
hydra -l quinn -P /usr/share/wordlists/rockyou.txt ftp://10.10.230.119:10021
Nmap IDS Bypass
http://MACHINE_IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?
To be able to avoid the IDS this room focus on Null scan and fragmentation, execute the following command to get the last flag.
nmap 10.10.49.54 -f -sN
Task 3 Summary
Congratulations. In this module, we have learned about passive reconnaissance, active reconnaissance, Nmap, protocols and services, and attacking logins with Hydra.
tryhackme challenge updated version httpswuvelnet, writeup for tryhackme challenge updated, european cyber security challenge, businesses municipalities, resilient infrastructure assessment and adaptation