HTB ACADEMY - Network Enumeration with Nmap

Hi everyone! I am stuck in the Service Enumeration module. “Enumerate all ports and their services. One of the services contains the flag you have to submit as the answer.” After performing a nmap scan with various tags (-A, -sV, -sU, -p-) I found port 80 open with a robots.txt containing a flag, which isn’t the right answer. Please help with a hint! (Is this doable with NMAP by itself?)

1 Like

Type your comment> @sh0m3r said: > Hi everyone! > > I am stuck in the Service Enumeration module. > > “Enumerate all ports and their services. One of the services contains the flag you have to submit as the answer.” > > After performing a nmap scan with various tags (-A, -sV, -sU, -p-) I found port 80 open with a robots.txt containing a flag, which isn’t the right answer. > > Please help with a hint! > > (Is this doable with NMAP by itself?) Hi,You can test other tools (like network tool)in order to “listen” the flag Good luck.

nc or Ncat to that URL path will open it up. Or just use a web browser to the robots.txt

Try to use also other tools explained in the section. After that, wait a few seconds and the flag will appear.

Well, first you have to scan to identify all ports . Then run nc command each port service one by one, that worked for me.
Example:
nc -nv IP 80

Somehow I did not get it. When I try nc -nv <IP> 80 i do not get something useful. Is it intended to use other tools than mentioned in this section?

1 Like

Do This Actually i Was Stuck Even i Got Two Flags.
Lesson → Please Check Properly That You Hvae Copied The Flag Without Spaces
i Got One Flag on http://10.129.205.143/robots.txt Probably This is Now Going To Work
→ nc -nv 10.129.205.143 31773
Please Wait For 2mins For Getting Flag ---->>> # Be Consistent

Thank you !

which ip are we using cuz all mine arent working for te first part were we need to find the os

you first need to enumerate and find the open ports on the target device. Remember enumerating all the ports -p- can take a very long time, maybe you first want to enumerate the first 1000 default port. After identifying the open ports, you can use a monitoring tool to capture packets being sent and received on different ports.You can use a tool such as tcpdump and earsdrop traffic, do this on each port/service discovered during enumeration. One of them will definitely help you capture the flag.

Using the following commands you will be able to get the Flag you are looking for.

nc -nv 10.129.2.49 31337