nmap lab - service enum - htb

Questions

Answer the question(s) below to complete this Section and earn cubes!

Target: 10.129.168.221

Enumerate all ports and their services. One of the services contains the flag you have to submit as the answer.

Answer: HTB{pr0F7pDv3r510nb4nn3r}

sudo nmap -sV -sC -p- 10.129.168.221 -vv -Pn --disable-arp-ping --packet-trace
...
...
...
Scanned at 2023-11-24 06:26:47 CST for 216s
Not shown: 65528 closed tcp ports (reset)
PORT      STATE SERVICE     REASON         VERSION
22/tcp    open  ssh         syn-ack ttl 63 OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 71:c1:89:90:7f:fd:4f:60:e0:54:f3:85:e6:35:6c:2b (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDr2YB2/40YrrErlHXzWfgYCUcZCTpFeBnqVXue5uYqKAV961pye8zskJ4Sr9Mn9PYG6XPyb/nBWctn0cU0VSmN1QxVckCKGqyzoe205K4wtZl5Ce8E14HnxWBpPqvFJ/cAikVOfrxqKN/+t16izgC9KlwfGCxUvLIBHQ4WbvILh8P8SLH1yfFNwysixxs/uEhPazQk2jJSM8bVGjwpBQFmu4MknTEp8FopLc85YcE1+bUzfRWiCwGGkduqsXWA83d85xpEFGdyKLA7opNACF+Bu0JxMNCrzN7zjmBNA/AbR3qYxDFgoTIpXjiyKBaI+SAXmEc0qd4Y33KKiV1qCSuj
|   256 e1:8e:53:18:42:af:2a:de:c0:12:1e:2e:54:06:4f:70 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGv0sbrw1LxweleKPu4qQiS6C5snxYJx2or+LW1TTZ0Kua5+k/8gHggHB+THj1nWC24orC3Ho907AMxr5CAevAk=
|   256 1a:cc:ac:d4:94:5c:d6:1d:71:e7:39:de:14:27:3c:3c (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYSP2Z8qyfE4cFAGOW1XDnPnCPbw2MGkB25pCXsE3L/
80/tcp    open  http        syn-ack ttl 63 Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
| http-methods:
|_  Supported Methods: OPTIONS GET HEAD POST
|_http-server-header: Apache/2.4.18 (Ubuntu)
110/tcp   open  pop3        syn-ack ttl 63 Dovecot pop3d
|_pop3-capabilities: UIDL TOP RESP-CODES PIPELINING SASL AUTH-RESP-CODE CAPA
139/tcp   open  netbios-ssn syn-ack ttl 63 Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp   open  imap        syn-ack ttl 63 Dovecot imapd
|_imap-capabilities: LOGIN-REFERRALS LOGINDISABLEDA0001 LITERAL+ IMAP4rev1 more SASL-IR capabilities post-login Pre-login listed have ID OK IDLE ENABLE
445/tcp   open  netbios-ssn syn-ack ttl 63 Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
31337/tcp open  Elite?      syn-ack ttl 63
Service Info: Host: NIX-NMAP-DEFAULT; OS: Linux; CPE: cpe:/o:linux:linux_kernel
┌──(cscogin㉿SCOGIN-L7-WRKST)-[~]
└─$ sudo nc -v 10.129.168.221 31337
10.129.168.221: inverse host lookup failed: Unknown host
(UNKNOWN) [10.129.168.221] 31337 (?) open

220 HTB{pr0F7pDv3r510nb4nn3r}
500 Invalid command: try being more creative

After trying a manual connection to each open port via netcat just like seen directly above the only port to reply with a positive response was the 31337 port.

Previousnmap - Service EnumerationNextnmap - Scripting Engine

Last updated