HTB Academy Network Enumeration nmap IDS/IPS Evasion

Does Anyone have any hints for the medium lab. I have been working on this for a few days now?

I am stuck on hard lab. Can’t find the answer

What have you tried so far on medium lab? it’s not that hard.

Have you finish the hard lab ?
You could press the Hit for more information, which said require large amounts of data indicating it might be Database Server. As previous chapter mentioned port 50000, this is ibm-db2 default port so you could try to scan this port with specific source port 53. Then you will get 50000 port state is open then you could use nc also with source port 53 connect to 50000. Just waiting for a while, the flag with appear.

Here are complete command:
# scan 50000 port
└─$ sudo nmap -p50000 -Pn -n --source-port 53 --packet-trace --disable-arp-ping

# connect 50000 port
└─$ nc -p 53 50000

Hope it will work properly to you.

1 Like

The medium lab is not easy for me too. Hopefully, I find a little trick to do so.
Here is what you might need to crack target DNS server:

$ nmap -sSU -p 53 --script dns-nsid

hey man. yes, i’ve already finished this module. medium one was tricky and the hard one was stubborn. it required some patience to receive the flag. cheers

Hi, any hints for hard lab? I have tried port 50000 with source port 53 whatever combination with -sSVAU -T1/2/3/4/5 all is not working to let the port display as open instead of “filtered”

These are the right steps but i’m still receive back TIMEOUT for port 50000

ncat -nv --source-port 53 [ip] 50000

I try by my kali machine and by box-htb, but the answer is the same: TIMEOUT

Anyone have a suggestion?

Hi, can someone help with medium lab? I tried the same script that was suggested above, the dns-nsid one, but didn’t work. I receive response from 53UDP but no matter what I do I can’t get the version.