Prompt

Can you interact with the strange server and see what information you can extract?

Walk-Through

This challenge requires you to interact with a provided server hostname and port. If you started this challenge using Nmap, you may identify what appears to be some strange behavior (especially if you are using an older version of Nmap).

After attempting to scan the target with nmap [hostname] -p [port number], Nmap will report the following output showing that the port is open:

PORT     STATE  SERVICE
8090/tcp open opsmessaging

However, attempting to scan the target with the -sV flag to enable the service detection feature (ex:nmap [hostname] -p [port number] -sV), Nmap will return the following output showing that the port is closed:

PORT     STATE  SERVICE      VERSION
8090/tcp closed opsmessaging

While at first this may seem like odd behavior, this is typical of Nmap. While using the basic scan, Nmap sends a SYN packet and receives a SYN-ACK back, thus marking the port as open. However, when using a service scan (-sV), Nmap needs to connect to the service to get more information. When receiving back a closed state, or anything other than a clear open state, Nmap is communicating is that it could not interact with the service to get more information.

You may be able to see the reason why Nmap returned certain information if you use the --reason flag. In this instance, the reason shows that a SYN-ACK response was given so the port is considered open. However, there is a fingerprint output given with this use of the -sV flag that shows some type of listener is available on the port.

Learn more about fingerprints here. You do not need to understand the fingerprint to proceed with this challenge, but understanding them can better help you comprehend unknown services you may interact with in the future.

Guide

To further probe the service, connecting to the port through means other than Nmap is a possibility. Command line tools such as nc (netcat) can be used to connect to the port (ex: nc [hostname] [port number]).

Once connected with nc, you will see something that appears to be a hung shell prompt. This is expected behavior.

Attempting to type anything into shell, like a simple “hello?”, will get the following response from the server:

Use help to get a list of supported commands

Type “ help”:

Here is a list of commands
version
list
get
help

These commands are executed on the remote server that you connected to using nc, much like how you can execute commands using tools like ssh (if you have used that to remotely access a server before).

The version command will communicate the name and version of the software running.

To find the flag, run the list command on the server to get the directory listing the filenames. Then use the get command with the syntax of get [filename]. Eventually, you will get one of the files has a flag stored in it.

Using the list and get commands you can output all the files on the server to determine the size of each file. Notice that you cannot use -la in order to get a list and the size of the files in the directory. Therefore, you must use another method.

Using the character count to estimate the file size is a possibility. Each character of a text file occupies 1 byte when stored. For example, a 10 character file uses 10 bytes on the disk. Count the number of characters used in each file and convert that to bytes.

A UTF-8 string length & byte counter can be useful to help get an accurate count (examples of byte counter websites: https://mothereff.in/byte-counter or https://charactercounter.com/byte-counter)

Questions

1. What is the name and version of the software?

2. What is the flag?

3. What is the size of the largest file in bytes?

©️ 2026 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.