Nmap Firewall IDS/IPS Evasion Lab

there are 3 labs this is the script for the second lab I already found it, I was wondering if you had an idea about the last lab

Use netcat to connect to the discovered port 50000 with the source port 53 and wait for a bit to get the version.

ncat -nv --source-port 53 50000
Ncat: Version 7.93 ( Ncat - Netcat for the 21st Century )
libnsock mksock_bind_addr(): Bind to failed (IOD #1): Permission denied (13)


Maybe add ‘sudo’ at the beginning of the command, and if that doesn’t work try connecting from your own kali machine and doing the same command.

Have you managed to get the flag?

Ohhh… you should think of it this way. Assume you are the penetration tester. The machine that spawns is your attacking machine. The Target IP given by HTB is the IP address of the target machine which has services running on it.

You are trying to enumerate as much information as you can about the target on your attacking machine (the spawned machine)

Hope this clarifies.

1 Like

Thank you, I didn’t saw the “click here to spawn the target system”. I think I need glasses or a new brain haha.

Hi everyone,

I am stuck on the Firewall and IDS/IPS Evasion - Medium Lab. I have tried everything I could think of. Different discovery and version scripts with all sorts of parameters, via TCP & UDP. I tried everything mentioned in the forum. Unfortunately without success. I also tried whatever else I could find in blogs on the this specific lab, nothing worked.

The hint states: During the meeting, the administrators talked about the host we tested as a publicly accessible server that was not mentioned before. I am not sure what to make of that. I find it a bit confusing, as I am testing a different server now and I don’t have access to the one we tested already anymore!? But I guess I am misunderstanding the hint. Can anyone give me an additional hint?

To be clear my problem is not being detected, it is that I can not retrieve the dns version.


I found the solution here:

For some reason, it was necessary to re-download the VPN connection file and use that to connect. Once I did that, my scans showed the desired result!?