Net Sec Challenge

# Net Sec Challenge ###### tags: `tryhackme` [TOC] target: 10.10.152.68 ![](https://i.imgur.com/uGsuNfQ.png) --- ## What is the highest port number being open less than 10,000? ![](https://i.imgur.com/7K6FFFq.png) Ans:8080 ## What is the flag hidden in the HTTP server header? ![](https://i.imgur.com/63taDfz.png) ## What is the flag hidden in the SSH server header? ``` nmap -sC -sV -p22 -Pn 10.10.152.68 -T4 ``` ![](https://i.imgur.com/ydAGc2q.png) ## We have an FTP server listening on a nonstandard port. What is the version of the FTP server? ``` nmap -p10021 -sC -sV -Pn 10.10.152.68 -T4 -v ``` ![](https://i.imgur.com/dsZ0J4k.png) --- ## We learned two usernames using social engineering: `eddie` and `quinn`. What is the flag hidden in one of these two account files and accessible via FTP? ``` echo "eddie\r\nquinn" >> username.txt ``` ``` hydra -L username.txt -P rockyou.txt 10.10.152.68 ftp -s 10021 -t 16 -vv ``` ![](https://i.imgur.com/hUjICvn.png) ``` telent 10.10.152.68 10021 ``` ![](https://i.imgur.com/aCyfz6i.png) ``` ftp 10.10.152.68 -P 10021 ``` ![](https://i.imgur.com/zlonanJ.png) Download file ``` ftp> get (filename) ``` ![](https://i.imgur.com/N8RhEnd.png) --- ![](https://i.imgur.com/rhpxCUR.png) ## Browsing to `http://10.10.152.68:8080` displays a small challenge that will give you a flag once you solve it. What is the flag? ![](https://i.imgur.com/rqK1FWh.png) By pass IDS ``` nmap -sN IP ``` flag = null