TryHackMe | Net Sec Challenge | Write up | MZS

This is Net Sec Challenge room available in Junior Penetration Tester path on TryHackMe.

We will use Nmap, Telnet, Curl, and Hydra in this room activity.

-What is the highest port number being open less than 10,000?
-There is an open port outside the common 1000 ports; it is above 10,000. What is it?
-How many TCP ports are open?

Lets enumerate the target’s all ports with Nmap.
nmap -p- 10.10.191.242 -v
-p- for all ports.
-v for verbosity.

What is the flag hidden in the HTTP server header?

Lets use curl for getting the HTTP header from the server. curl http://10.10.191.242 -v

What is the flag hidden in the SSH server header?

Now we have multiple options in order to get SSH server header. I have used nmap with -sv switch here.
nmap -sV -p 22 10.10.191.242 -v
-sV is used for service version information.

We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

Again i have used nmap here with -sV switch.

We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

Lets use Hydra to BruteForce FTP login.
we need to save these users into a TXT file.

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt ftp://10.10.191.242:10021

Browsing to http://MACHINE_IP:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?

You need to scan this target machine being undetected.

I have used Nmap with Decoy and host discovery only here or you can say this finally worked in this particular case.

Lets celebrate that you have completed the Net sec Challenge on TryHackMe.