Firewall and IDS/IPS Evasion - Hard Lab

Now our client wants to know if it is possible to find out the version of the running services. Identify the version of service our client was talking about and submit the flag as the answer.

Nous effectuons un scan silencieux sur l'ensemble des ports de notre cible :

$ nmap 10.xx.xx.xx -p- -sSV -Pn -n --disable-arp-ping --source-port 53 --script=banner 
Starting Nmap 7.93 ( https://nmap.org ) at 2025-06-18 16:59 CEST

PORT      STATE SERVICE    VERSION
22/tcp    open  ssh        OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
|_banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
80/tcp    open  http       Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
50000/tcp open  tcpwrapped

Nmap done: 1 IP address (1 host up) scanned in 57.23 seconds

Nous observons la présence du port 50000, cependant, nous n'avons pas la version de ce dernier. Afin de trouver la version, nous affichons la bannière concernant ce poste sur le port 50000 via le port 53 :

$ nc -nv --source-port 53 10.xx.xx.xx 50000                                           
Ncat: Version 7.93 ( https://nmap.org/ncat )
Ncat: Connected to 10.xx.xx.xx:50000.
220 HTB{kjnsdf2n982n1827eh76238s98di1w6}

Nous observons donc la version, qui est le FLAG attendu :

HTB{kjnsdf2n982n1827eh76238s98di1w6}

PreviousFirewall and IDS/IPS Evasion - Medium Lab NextIntroduction

Last updated 7 months ago