Nmap Lab 102
Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!
Start Your Challenge
Launch your dedicated machine to begin hacking
This solution is for Flags Mode
This walkthrough explains how to hack the lab and capture the flags. For help with Learning Mode questions, use the Request Hint button next to each question.
Learning Lab 102 - Walkthrough
A step-by-step guide to solving the challenge and capturing the flags.
Challenge Overview
This challenge simulates a real-world scenario where you'll exploit vulnerabilities in a Linux system.
- Platform: HackerDna
- Challenge Name: Learning Lab 102
- Target IP: Provided in your challenge environment
- Objective: Capture two flags:
- User Flag: Located in
/home/user/flag-user.txt - Root Flag: Located in
/root/flag-root.txt
- User Flag: Located in
Step 1: Reconnaissance with Nmap
Why Use Nmap? Nmap helps identify open ports and services on the target machine, revealing potential entry points.
Installing Nmap (if not already installed)
- Linux: Run the following command:
sudo apt update && sudo apt install nmap -y
- Windows: Download and install from the Nmap Download Page.
- MacOS: Use Homebrew:
brew install nmap
Running Nmap
Use Nmap to scan the target IP:
nmap -sV -Pn <target-ip>
Command Explanation:
-sV: Probes open ports to determine service/version info-Pn: Treats all hosts as online, skipping host discovery
Expected Output:
PORT STATE SERVICE VERSION 23/tcp open telnet
Analysis: This output indicates that port 23 is open and running Telnet, a potential entry point.
Step 2: Connecting via Telnet
Why Try Telnet? With port 23 open, we can attempt to establish a connection. Telnet is often insecure, transmitting data in plaintext.
Connect using:
telnet <target-ip>
You may notice that no password is required to log in as "user". The prompt might look like this:
login: user Welcome to Learning Lab 102! $
Security Implication: The lack of password authentication indicates a significant security weakness.
Step 3: Locating the User Flag
In Unix-like systems, user files are typically stored in their home directory. Check the contents of /home/user/:
ls /home/user/
Look for a file named "flag-user.txt". To view its contents, use:
cat /home/user/flag-user.txt
The output will be the user flag. Make sure to note it down.
Step 4: Privilege Escalation
To access root-level files, we need to escalate our privileges. Try switching to the root user:
su root
Deduction Process: In real-world scenarios, we might try common or default passwords. Here, try using "root" as the password.
If successful, your prompt will change to:
#
Security Implication: Weak or default root passwords are a critical vulnerability in any system.
Step 5: Capturing the Root Flag
The root user's files are typically in /root/. List the directory contents:
ls /root/
Look for "flag-root.txt". View its contents with:
cat /root/flag-root.txt
The output will be the root flag. Make sure to capture this flag.
Key Takeaways
- Always start with thorough reconnaissance to identify potential vulnerabilities.
- Be aware that default or weak credentials are common security flaws.
- Understanding system file structures is crucial for efficient information gathering.
- Privilege escalation often exploits misconfigurations or weak password policies.
Real-World Implications: While this challenge uses simplified scenarios, similar vulnerabilities can exist in poorly secured systems. Always prioritize robust security practices in real environments.