Firewall and IDS/IPS Evasion Medium Lab

ℹ️ Informations¶

🌐 Website: HackTheBox
📚 Module: Network Enumeration With Nmap
🔗 Link: Firewall and IDS/IPS Evasion Medium Lab

❓Question¶

After the configurations are transferred to the system, our client wants to know if it is possible to find out our target's DNS server version. Submit the DNS server version of the target as the answer.

📋 Walkthrough¶

Let's do a nmap complete scan

nmap --min-rate=10000 10.129.2.48 -p-  

PORT    STATE    SERVICE
21/tcp  open     ftp
22/tcp  open     ssh
53/tcp  filtered domain
80/tcp  open     http
110/tcp open     pop3
139/tcp open     netbios-ssn
143/tcp open     imap
445/tcp filtered microsoft-ds

Now we can try to do a UDP scan (since DNS is on UDP)

sudo nmap -sU --min-rate=10000 10.129.2.48

PORT    STATE SERVICE
53/udp  open  domain
137/udp open  netbios-ns

Do a version and script scanning on 53

sudo nmap -sUVC 10.129.2.48 -p53

Output:

PORT   STATE SERVICE VERSION
53/udp open  domain  (unknown banner: HTB{GoTtgUnyze9Psw4vGjcuMpHRp})
| dns-nsid: 
|_  bind.version: HTB{*************************}
| fingerprint-strings: 
|   DNSVersionBindReq: 
|     version
|     bind
|     HTB{GoTtgUnyze9Psw4vGjcuMpHRp}
|   NBTStat: 
|     CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|_    ROOT-SERVERS
...

Answer

HTB{*************************}