Nmap Scripting Engine

ℹ️ Informations¶

🌐 Website: HackTheBox
📚 Module: Network Enumeration With Nmap
🔗 Link: Nmap Scripting Engine

---¶

❓Question¶

Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.

📋 Walkthrough¶

Run this command

sudo nmap [IP] -p 80 --script vuln

Output:

PORT   STATE SERVICE
80/tcp open  http
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum: 
|_  /robots.txt: Robots file
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

There's a robots.txt where flag is stored.

Answer

HTB{*****************************}