Net Sec Challenge by TryHackMe (Write-Up)


Net Sec Challenge is a VIP room on TryHackMe that can help you test your network security skills using Nmap, Telnet, and Hydra.

Task 1: Introduction
We need to start the target machine and deploy the attack box if we are using a browser to answer the questions.

Task 2: Challenge Questions
We are going to use Nmap to scan our target machine for open ports. We need to scan for all the ports to be able to answer the first three questions. As a result, the scan may take several minutes or more.

nmap -p- -T4 MACHINE_IP

-p-: scans all the ports
-T4: does scanning faster

The image below contains answers to the first two questions in the task. Also, we can see that there are 6 open TCP ports.

In order to find the flag hidden in the HTTP server header, we need to use Telnet.

telnet MACHINE_IP 80

The next question asks us to find the flag hidden in the SSH server header. We need to connect to the SSH port on our target machine.

telnet MACHINE_IP 22

To find the version of the FTP server, we are going to run the following command:

telnet MACHINE_IP 10021

We learned two usernames using social engineering: eddie and quinn. In order to get the flag hidden in one of these two account files, first of all, we need to save these usernames to a file. Then we are going to use Hydra and /usr/share/wordlists/rockyou.txt file to figure out their passwords.

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt ftp://MACHINE_IP:10021

-L: loads several logins from a file
-P: loads several passwords from a file

After getting the passwords, we need to log in using FTP to find the file that contains the flag. Then we are going to download the file to our machine and print out its content.

To answer the last question in the challenge we need to visit http://MACHINE_IP:8080.

To reduce the probability of being detected, we are going to run a NULL scan using Nmap. As you might remember, the null scan does not set any flag. And by sending requests which do not include the SYN flag, we can bypass the firewall.


I hope this write-up helped you to complete this challenge and refresh your network security skills.




Quality Engineer with a strong interest and passion in penetration testing | TryHackMe Top 1% | Test Automation Engineer (SET, SDET) | ISTQB Certified Tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

JOINT IDO — GotEM: Relying on Ordinary People to do Extraordinary Things

The Dark Net: Epicenter of all your Cyber Security Threats.. By- Utpal Chakraborty

Technology used in Fraud Detection

Algorithm, Law Enforcement, Technology, Social, Study, Investigative, Streamlined, Blockchain, Token Supply, Task Management, Low Crime Rate Grant

View Friends List of any users using “View as” | Facebook Bug bounty

Reverse Engineering Emotet

$1,500 XSS — what to consider during the bug bounty

Security doesn’t earn you anything until it costs you millions

Abdul Rehman of VPNRanks: 5 Things You Need To Know To Optimize Your Company’s Approach to Data…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Victoria Markosyan

Victoria Markosyan

Quality Engineer with a strong interest and passion in penetration testing | TryHackMe Top 1% | Test Automation Engineer (SET, SDET) | ISTQB Certified Tester

More from Medium

HTB Previse writeup

Attacktive Directory — THM

Basic Pentesting CTF Walkthrough

Driver — Hackthebox Walkthrough