HTB Academy: Network Enumeration with NMAP

I’d really appreciate a nudge with the following question:

Nmap Scripting Engine

“Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer”

Web servers are among the most attacked services because they are made accessible to users and present a high attack potential.

What I’ve done:
We’ll I’ve enumerated both ports 80 and 31337, using every ‘default’ script category using the --script and all the categories, i.e., discovery, version, vuln, etc - none of them turn up the flag…

…I’d really appreciate a pointer if at all possible.

I had issues connecting to the machine the other night because the VM wouldn’t load (got a red box error from my htb) , now some of the ports that were previously open are now closed, I’ve respawned the target a few times. I’m wondering if theres an issue with it…

Got it now :::facepalm:::


1 Like

I had the same issue

Apologies if OT.
Have you been able to complete “Firewall and IDS/IPS Evasion - Hard Lab”?
I found the service, but can’t fingerprint the version without causing the firewall to close the connection

@MoeSyzslak could you throw a hint here, im stuck at the same :smile:


I never managed to complete the hard lab… ?

Hey. Did anyone solve this question? I’m stuck in this question too. Can someone give me a help to solve this?

You should look into a file that is given by one of the scans proposed into the section.


Thank you very much - saved my sanity today!

can anybody help me with this i have run all the scan and scanned port 80 with http-enum script but it doesn’t give me any flag or anything i am stuck please help

so i found the /robots.txt on port 80 but i cant figure out how to read it to find the flag. I’m on page 7 in nmap. please help