Net Sec Challenge by TryHackMe (Write-Up)

Source: tryhackme.com

Net Sec Challenge is a VIP room on TryHackMe that can help you test your network security skills using Nmap, Telnet, and Hydra.

Task 1: Introduction
We need to start the target machine and deploy the attack box if we are using a browser to answer the questions.

Task 2: Challenge Questions
We are going to use Nmap to scan our target machine for open ports. We need to scan for all the ports to be able to answer the first three questions. As a result, the scan may take several minutes or more.

nmap -p- -T4 MACHINE_IP

-p-: scans all the ports
-T4: does scanning faster

The image below contains answers to the first two questions in the task. Also, we can see that there are 6 open TCP ports.

In order to find the flag hidden in the HTTP server header, we need to use Telnet.

telnet MACHINE_IP 80

The next question asks us to find the flag hidden in the SSH server header. We need to connect to the SSH port on our target machine.

telnet MACHINE_IP 22

To find the version of the FTP server, we are going to run the following command:

telnet MACHINE_IP 10021

We learned two usernames using social engineering: eddie and quinn. In order to get the flag hidden in one of these two account files, first of all, we need to save these usernames to a file. Then we are going to use Hydra and /usr/share/wordlists/rockyou.txt file to figure out their passwords.

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt ftp://MACHINE_IP:10021

-L: loads several logins from a file
-P: loads several passwords from a file

After getting the passwords, we need to log in using FTP to find the file that contains the flag. Then we are going to download the file to our machine and print out its content.

To answer the last question in the challenge we need to visit http://MACHINE_IP:8080.

To reduce the probability of being detected, we are going to run a NULL scan using Nmap. As you might remember, the null scan does not set any flag. And by sending requests which do not include the SYN flag, we can bypass the firewall.

nmap -sN MACHINE_IP

I hope this write-up helped you to complete this challenge and refresh your network security skills.

Quality Engineer with a strong interest and passion in penetration testing | TryHackMe Top 1% | Test Automation Engineer (SET, SDET) | ISTQB Certified Tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Spray and Pray: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets

{UPDATE} Jump'n'Run Hack Free Resources Generator

Tip of the Zuckerberg

What Are The Top AWS Security Features To Keep The Cloud Secured?

Data archival solutions with cloud replication

Rising to the Challenge — Data Security with Intel Confidential Computing

Earn Crypto Currency to your Coinbase wallet

Free CryptoCurrency to your Coinbase Account

iBG Finance

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Victoria Markosyan

Victoria Markosyan

Quality Engineer with a strong interest and passion in penetration testing | TryHackMe Top 1% | Test Automation Engineer (SET, SDET) | ISTQB Certified Tester

More from Medium

TryHackMe Net Sec Challenge

TryHackMe: Net Sec Challenge

HackerNote Try Hack Me (Write-Up/ Walkthrough)

Lame HTB Writeup