Nmap Firewall IDS/IPS Evasion Lab

HTB Content Machines
22

there are 3 labs this is the script for the second lab I already found it, I was wondering if you had an idea about the last lab

23

Use netcat to connect to the discovered port 50000 with the source port 53 and wait for a bit to get the version.

24

ncat -nv --source-port 53 10.129.255.181 50000
Ncat: Version 7.93 ( Ncat - Netcat for the 21st Century )
libnsock mksock_bind_addr(): Bind to 0.0.0.0:53 failed (IOD #1): Permission denied (13)

25

:smiling_face_with_tear:

26

Maybe add ‘sudo’ at the beginning of the command, and if that doesn’t work try connecting from your own kali machine and doing the same command.

27

Have you managed to get the flag?

32

Ohhh… you should think of it this way. Assume you are the penetration tester. The machine that spawns is your attacking machine. The Target IP given by HTB is the IP address of the target machine which has services running on it.

You are trying to enumerate as much information as you can about the target on your attacking machine (the spawned machine)

Hope this clarifies.

1 Like
33

Thank you, I didn’t saw the “click here to spawn the target system”. I think I need glasses or a new brain haha.

35

Hi everyone,

I am stuck on the Firewall and IDS/IPS Evasion - Medium Lab. I have tried everything I could think of. Different discovery and version scripts with all sorts of parameters, via TCP & UDP. I tried everything mentioned in the forum. Unfortunately without success. I also tried whatever else I could find in blogs on the this specific lab, nothing worked.

The hint states: During the meeting, the administrators talked about the host we tested as a publicly accessible server that was not mentioned before. I am not sure what to make of that. I find it a bit confusing, as I am testing a different server now and I don’t have access to the one we tested already anymore!? But I guess I am misunderstanding the hint. Can anyone give me an additional hint?

To be clear my problem is not being detected, it is that I can not retrieve the dns version.

Thanks!

36

I found the solution here:

For some reason, it was necessary to re-download the VPN connection file and use that to connect. Once I did that, my scans showed the desired result!?

1 Like
37

This worked for me with (medium)

-p 53 -sU -sV

-sU → UDP scan because they mentioned on the ‘Firewall and IDS/IPS Evasion’ Page

1 Like
38

You have no idea how much i thank you for this. I was stuck on a “query refused response” problem, tried hundreds of combinations, did lots of googles, saw write ups. Nothing worked and I couldn’t understand why. Once I re-downloaded the VPN file, all that I was trying before worked. Love you

39

Thank you So much!!!

40

For those having trouble. Just wanted to call something out to think about. When you downloaded your VPN file, did you pick TCP or UDP?