Network Recon

Difficulty: Beginner

Interpret a safe, static nmap output. Copy exact answers from the scan to capture flags.

New to recon? Read the Network Recon tutorial

Context

You’re helping inventory exposed services. A teammate ran a scan on a demo host. Review the results and extract key facts.

Task

Read the scan output below (static, safe example).
Identify the target IP, web server version, and any filtered port.
Copy those values as flags to complete the challenge.

Scan Output (nmap)

Answers are directly copy-pasteable from this block.

# Command (for illustration only): # nmap -sS -sV -Pn -p 22,80,443,3306 203.0.113.10 Starting Nmap 7.93 ( https://nmap.org ) at 2025-08-16 12:00 IST Nmap scan report for demo-host (203.0.113.10) Host is up (0.031s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9 (protocol 2.0) 80/tcp open http nginx 1.20.2 443/tcp open https nginx 1.20.2 (TLS 1.2) 3306/tcp filtered mysql Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Nmap done: 1 IP address (1 host up) scanned in 2.12 seconds

Note: Educational example — do not scan systems you don’t own or have permission to test.

Capture the Flags

Copy each answer directly from the scan above (or wrap it like CXA{...}). Case-insensitive.

0/3 flags captured

Flag 1 — What IP was scanned?

Question: Copy the target IP address shown in the scan report.

Flag 2 — Which web server/version is running?

Question: Copy the exact service + version for the web server.

Hint: Look at 80/tcp or NNN/xxx rows (HTTP/HTTPS). Copy the two-word value exactly.

Flag 3 — Which port is filtered?

Question: Copy the exact port/proto marked as filtered.

Hint: It’s the MySQL port; copy it in the format port/proto.

Back to Challenges

Network Recon

Flag 1 — What IP was scanned?

Flag 2 — Which web server/version is running?

Flag 3 — Which port is filtered?

Nice work — Challenge Complete! 🎉