HTB Academy: Network Enumeration with NMAP

Jordan_HTB · October 7, 2023, 4:13pm

I am a bit disappointed with the Network Enumeration with Nmap: Nmap Scripting Engine Exercise.

The question prompts readers to: “Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.”

This prompt asks quite an ambiguous question from readers; once which could prompt an immeasurable amount of time from users for little gain:

The section opens with over ten scripts a user could with Nmap
- These scripts are time consumptive (especially in tandem with on another).
Previous exercises reveal the amount of ports is seven
- Seven is quite a time-extensive number of ports to scan, repeatedly.
The question does not state to read a file found within the script inclusive Nmap scan
- In fact, the question suggests a ‘flag’ will appear from a script search within Nmap.
  - A ‘flag’ does not appear from a script search within Nmap.
    - In this sense, the question is misleading.
The text-tutorial of Nmap Scripting Engine Exercise also does not mention the importance of the robot.txt file as well.
- The potential for the user to overlook the file, as I did, is quite high.
- I understand previous exercises within the Penetrator Tester Job Path Route underlie the significance of the robot.txt file; the Nmap Scripting Engine Exercise text-tutorial, however, does not state the potential significance of the file.
- Additionally, the question does not hint at the importance of the robots.txt file.
  - If the actual ‘Hint’ button provides some context to the port to scan, script to run on Nmap, or file to read, my points may be less consequential; still, my overall argument for disappointment, stands.

For this reason, I strongly recommend changes to the Network Enumeration with Nmap: Nmap Scripting Engine Exercise. My main gripe with the question is a very ambiguous prompt with almost no contextual clues for resolve. I see three potential solutions for the issue:

Add something about enumerating files from scans
- Could be in the question or in the textual walk-through
- Perhaps the solution to the question warrants an emphasis on the robots.txt file
Tell users which port to scan within the question
Tell users which script to use within the question

iamsurya · January 25, 2024, 12:12am

use sudo nmap --script vuln IP
Under port 80 you can find the robots.txt
to view the contents of the file you can use curl "IP/robots.txt | grep “HTB{”

Shankar01 · August 16, 2024, 5:36am

for the NSE script enumeration scan the network , you can find the open ports then scan the port 80 http for the robots.txt
Download it and open it with cat command you can now get the flag

CyberHawk01 · November 19, 2024, 8:36am

nmap ip addr -p port --script vuln
then you can use
curl http://ip:port/robots.txt

you will get your flag there

Topic		Replies	Views
HTB ACADEMY - Network Enumeration with Nmap Off-topic enumeration , nmap , htb-academy , academy-help	10	11020	August 19, 2024
NETWORK ENUMERATION WITH NMAP - Help Other	28	12260	September 8, 2023
Getting Started: Web enumeration Challenges	2	925	July 31, 2024
Firewall and IDS/IPS Evasion - Hard Lab Machines academy	46	17463	November 24, 2024
Nmap nse HTB Content help-me	1	231	June 6, 2023

HTB Academy: Network Enumeration with NMAP

Related topics