Firewall and IDS/IPS Evasion - Hard Lab

Hi, I’ve discovered the hidden port with --source-port parameter. But couldn’t connect with ncat by using same port. Am I missing something? any suggestions?

Edit: I’ve solved it.

1 Like

I am in the same situation as you were. How did you discover all the enabled ports (except -p-)? I found also only 2, as you did in the beginning. Thank you for your time/suggestions!

i dont remember but 100% You must discovery more ports then 2. Maybe try other nmap scans ?
sudo -sS -Sn etc

1 Like

I did it! I used a trusted source port and the power of root. Thank you, @kit33k !

1 Like

you need to submit the flag.

The steps to solve is in the Firewall Evasion Lesson itself. For Hard Lab, Read the part where the lesson mention this –

“…Now that we have found out that the firewall accepts TCP port 53, it is very likely that IDS/IPS filters might also be configured much weaker than others…”

if you re-read that part of the lesson, you will realize the answer. Another Hint. You will need to use nmap and another tool to get the answer.

The hard lab is bypassing Firewall and then IDS/IPS. The lab is trying to teach us that

After Firewall is bypassed then it is likely that IDS/IPS is weak too. So, we can get the answer by using another tool.

NMAP alone will not give you the flag for the Hard lab. Just read the part of the lesson I mentioned above and you will realize it.

4 Likes

Basically came here to say what Cyberstorm has just said ^^^

Also, again, maybe been mentioned before but finding out what allows ports to be found as open and then go from there was a big help.

1 Like

I’m totally stumped with this. I’ve read and reread the module, but not sure what to do!
pulling my hair out.

Certain commands will require sudo to get the full capability out of them :wink:

1 Like

Thank you, Solved!

1 Like

Nice! Well done

1 Like

use sudo for the last ncat command. Thatll do

I stumbled across the answer by mistake not even following the Hack the Box guide.

I saw using nmap documentation the script for “dns-nsid”. You will find they use -sSU, and I used -T5 for this scan. Just follow the same format of the example on nmap documentation.

Then UDP appears in the results and you will be able to continue from there. looks like port 53 udp is interesting to help you finish the next lab wish is the hard lab using another tool (ncat). This is in the HTB

Firewall and IDS/IPS Evasion
https://academy.hackthebox.com/module/19/section/106

sudo is your friend

I can’t stress this enough please enumerate all ports (Yes all ports: 1-65535). Nmap alone will also not be sufficient to pass this challenge.

Hi, I understand this is an old issue, but for newcomers: if you’re using WSL on Windows and everything seems correct but it’s still not working, try switching to a virtual machine (VM) and attempt it again. Thanks.

there are more than two ports are open, learn from dns proxying
then use ncat to get flag by using source port

the answer is the service version right? or am i mistaking ,
i been geting three services back but none of them seem to be the correct answer.

Your comment saved me, thanks bro. <3

Yo guys, I have been having troubles with the Firewall and IDS/IPS Evasion - Hard Lab also. I understand what to do once I find the right port but the problem is that I just cant find it. I have been stuck on this for around a week already trying to enumerate all ports. I ran all kinds of scans(sS, sA, sT, sC, sU, sV) with all the options I could think of but all I got was 2 ports that give nothing(22 - ssh, 80 - http). I would realy appreciate some advice.

I know you have stated you scanned all the ports… but did you scan ALL the ports or just what nmap normally scans…