Intro
Welcome to another challenge, this time we are gonna solve a TryHackMe room that is very good for everyone who is starting learning nmap. We will have to do some port scanning with the tool and also use netcat to establish a connection to a service to retrieve some information.

This is a beginner level challenge, the link to the official room is here.

Whenever you feel ready, start the machine and connect via OpenVPN or using the AttackBox.



The Challenge
As it is an nmap challenge we have of course to begin by scanning for open ports and find if any interesting one appear. We also get an hint "The VM is listening on a high port if you connect to it it may give you some information you can use to connect to a lower port commonly used for remote access!" that might help us.

Ok let's begin:

nmap -Pn -p- MACHINE-IP

PORT     STATE    SERVICE
22/tcp   open     ssh
1027/tcp filtered IIS   (Internet Information Service by Microsoft)
2222/tcp  open|filtered EtherNetIP-1
31337/tcp open|filtered Elite

Let's connect to it with netcat:
nc MACHINE-IP 31337

Once we are connected a message get printed on the screen containing the user credentials in the format user:password -> REDACTED

It's time to use this credentials to access the machine via SSH as port 22 is open:
ssh ubuntu@MACHINE_IP

Now we are inside the machine, we need to find the flag, we can run this command:
find /-name flag.txt

We discover that is located in /home/user, let's see it:
cat /home/user

And here is the flag: REDACTED
 

This one was very quick and straight forward, good for starting with nmap.
Hope you have learned something or had the chance to practice after learning the tool in the theory module.
See you in the next challenge 😊