I am needing some help with my nmap academy lab for firewall evasion. I have done a full network scan to look at the other hosts that are on the network. I have also spoofed the source address as well as source port and disabled arp ping to try and find the DNS server version. Though I keep on getting a filtered port.I have also tried slowing down the scan to T1 and put in a -Pn -n -sA with nmap. So one of my commands looks like this Sudo nmap $ip-address -p 53 -Pn -sA -sV -n -S ip-address --source-port 53 -T 1. Is there another port that I should mask as so I can view the dns version.
Like so many of HTB Academy’s exercises, this question is completely misleading and has absolutely nothing to do with the content you just learned. All of the information you need to solve this can be found on the Host and Port scanning and Service Enumeration pages. You don’t need to use any of your Firewall/IDS/IPS evasion knowledge to answer this question
My first thought was can I just ask the DNS server about what version is running. But I gave up because of the question mention IDS/IPS. Lesson learnt: do not trust HTB
Did you have any progress on this? I am having a real hard time. I found the port but cant get the version with the -sV flag.
I try to use the “tcpdump + nc” trick but the command "nc -nv -p 53 "
always returns a “bind failed:address already in use”. I google about it and doesnt seem to make it work.
I am going for a wrong approach altogether?
I don’t know if this is of any help to you but maybe can be helpful for others that try solving the problem using this method. The error “bind failed:address already in use” pops up because the port 53 is already in use by your own host system for the DNS, so before proceeding you need to free it up in some way.
I used my own Ubuntu vm for this problem so my naive solution was just to temporarily disable the service using “systemctl disable systemd-resolved”, reboot, solve the htb challenge and then re-enable the dns using “systemctl enable systemd-resolved” and reboot. Probably there is a better way, but i don’t know it and this did the trick for me.
i need help ,i use all i learned but i cant find it’s version,others service version can be looked.