TryHackMe: Advent of Cyber [Day 7] Skilling Up

Room: Advent of Cyber

Difficulty: Beginner

“Previously, we saw McSysadmin learning the basics of Linux. With the on-going crisis, McElferson has been very impressed and is looking to push McSysadmin to the security team. One of the first things they have to do is look at some strange machines that they found on their network.”

For this challenge you will have to deploy the VM from the question and then use either OpenVPN or the THM virtual Kali Machine (if you are a subscriber) to connect to it. If you need instructions for how to do that, click HERE.

Question #1 How many TCP ports under 1000 are open?

So let’s get to our attacking machine (OpenVPN or Kali) and scan the other deployed VM with Nmap. Nmap is a free, open-source network scanner which you can read all about HERE. It basically helps you discover useful things about a target network, such as what ports are open.

If you’re using Kali, Nmap should already be there, but if not, the link above will tell you how to get it.

In the syntax below, -p1–1000 tells Nmap to only scan these certain ports. -A combines a few commands that I noticed we will need for some upcoming questions, such as detecting the OS of the host and the version of SSH.

nmap -p1–1000 -A <target ip address>

It might look a bit confusing, but everything we need is right here.

Let’s zoom in on one section:

How many ports do you see open? That’s your answer for Question #1.

Question #2: What is the name of the OS of the host?

For this question, we will zoom in on another area:

In this case, Nmap is not able to tell exactly what OS the host is running, but if you look through that data, you will see it has made a guess.

Question #3: What version of SSH is running?

For this flag, we will zoom in just a bit further on the section we looked at earlier.

Question #4: What is the name of the file that is accessible on the server you found running?

Looking through our scan results, notice that there is an HTTP server running on port 999:

Let’s use our web browser to connect to it and see what we can find. Use the host IP address of your deployed VM, then :999 to signify the port:

You should see a web page pull up that looks like this:

There’s only one file listed there, but that’s all we need!

Well done. McSysadmin is skilling up quite nicely.

Happy Hacking! ❤



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store