NETWORK ENUMERATION WITH NMAP - Help

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Nope. Need another hint from @tylerptl

Type your comment> @pulsefinder said:

Nope. Need another hint from @tylerptl

~~ " Ncat uses its default port 31337 " - look into how to make a connection w/ncat and you should be good ~~

Edit: im an idiot - misread your post.

I’d recommend reading through this stackexchange post and then tie that in with the ‘DNS Proxying’ part of the Firewall & IDS/IPS section.

Type your comment> @akinamon said:

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Type your comment> @akinamon said:

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Re-read the Firewall and IDS/IPS Evasion section (right before the labs). They pretty much give you the answer right near the end.

1 Like

Thanks to @tylerptl and @farstrider for their help. I finally got this one. The problem I was having is that the target port was not showing up on any of my nmap scans. for some reason if I used the default for ports to be scanned (top 1000), I only got output in summary form, not detail by port. so I was limiting my scans to the top 50 ports and the target port was not among them (so it didn’t jump out at me as tylerptl said it would). Never figured that out but I found a workaround. If you use the --open option, your output will show all open ports. Because of filters, you will initially only see the two unfiltered ports. But, if you work through the techniques suggested in the writeup (as hinted by farstrider), you will eventually use one that makes the target port visible as “open”. It really is straightforward from there as both helpers said. @akinamon @rpthomps

I have been stuck on this module as well but the new port is the key to success… DNS Proxy section is there which you can benefit.

when I use nc for the opened port i got this error
“nc: bind failed: Address already in use” what should I do? plus there no ncat in the system

@OjMambo that’s because DNS is already being used on the machine you are on. You will need to stop it before you can bind anything to port 53.

Can you give a hint on the firewall evasion-Medium Lab? Thanks in advance

Hi, Please how did u pass the firewall evasion -Medium Lab ?

1 Like

Exactly as described in the section Firewall and IDS IPS Evasion

1 Like

Thanks for prompt reply. My curiosity led me to try port 50000. I tried decoy, fragmentation, Syn scan from port 53, and sC on the filtered DNS port (53) but still remained filtered.

Don’t be confused by the word “filtred”. You want to know the version of the DNS server. An NSE script can help you. Also with a filtered port.

1 Like

You are trying to find the version of the DNS server, which typically runs on port 53 and is typically a UDP port but can also be a TCP port. A client using both might filter one but forget to filter the other.

1 Like

Ok, I will try this out. Thanks

Thanks so much for your help. I worked it out

1 Like

As is mentioned in another reply’s, the trick (if you can call it) it’s on the previous section, just before to start the labs, the hard lab it’s solved but keep trying to use all the scenarios mentioned in that section. :slight_smile:

Try to use also other tools explained in the section. After that, wait a few seconds and the flag will appear. Hope this answer will help somebody!

1 Like

bro how did you pass medium one ? i mean i am using nc : nc -nvu 10.129.95.91 53 and it gives me nothing, nmap doesnt help as well with NSE script, correct me what am i doing wrong?