Firewall and IDS/IPS Evasion - Medium Lab

After the configurations are transferred to the system, our client wants to know if it is possible to find out our target's DNS server version. Submit the DNS server version of the target as the answer.

Pour résoudre avec succès l'exercice, nous devons utiliser le protocole UDP sur le VPN.

Nous effectuons un scan discret SYN (-sS) avec un scan des versions (-sV)en utilisant UDP (-sU) :

$ nmap 10.129.125.12 -p 53 -sS -sV -Pn -n --disable-arp[Jun 18, 2025 - 15:19:34 (CEST)] exegol-htb nmap # nmap 10.129.125.12 -p 53 -sS -sV -sU -Pn -n --disable-arp-ping --packet-trace --source-port 53 -D RND:5
Starting Nmap 7.93 ( https://nmap.org ) at 2025-06-18 15:22 CEST
SENT (0.4001s) TCP 48.37.126.74:53 > 10.129.125.12:53 S ttl=48 id=61385 iplen=44  seq=3416305245 win=1024 <mss 1460>
SENT (0.4002s) TCP 117.110.119.245:53 > 10.129.125.12:53 S ttl=37 id=61385 iplen=44  seq=3416305245 win=1024 <mss 1460>
[...]

PORT   STATE    SERVICE VERSION
53/tcp filtered domain
53/udp open     domain  (unknown banner: HTB{GoTtgUnyze9Psw4vGjcuMpHRp})

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.51 seconds

Nous observons alors la ligne suivante :

PORT   STATE    SERVICE VERSION
53/udp open     domain  (unknown banner: HTB{GoTtgUnyze9Psw4vGjcuMpHRp})

La version associée au serveur DNS de notre cible est donc un FLAG :

HTB{GoTtgUnyze9Psw4vGjcuMpHRp}

PreviousFirewall and IDS/IPS Evasion - Easy Lab NextFirewall and IDS/IPS Evasion - Hard Lab

Last updated 7 months ago