Network Hunt

Let’s go Network hunting!

Challenge Overview

Terminal-based game in which you will use common network attack vectors and penetration testing methods to analyze and compromise a virtual network.

Involves Network Security challenges designed to educate users on packet manipulation and common network attacks.

The whole challenge happens over sort of a software defined network(SDN).

Originally created by James Sullivan (MIT License), modified by us for the workshop.

Network Hunt

  • The network hunt is a simple Software Defined Network
  • The network is completely defined by handcrafted packets using Scapy/Python which simulates a typical network setup.

The Goal

There is an FTP server some where on the network containing a document:

  • Locate the FTP server
  • Connect to the service &
  • Retrieve the secret file!


  • Bash terminal-fu
  • Packet capture and manipulation in Scapy
  • Packet analysis in Wireshark
  • Router modes of operation
  • Network topography, gateways
  • Basic telnet/nc commands


  • You may need to find a way to see all of the traffic on the network
  • Other clients on the network might give you useful clues, if you can coerce them
  • The target will most likely be isolated from the immediate local network, and will have some preferred clients



  • Run the script & find the details about the new interface(ipconfig, route).


Understand the network.

  • Is there any traffic on the network?
  • Are there devices connected to the network? Perform a network sweep?


How to gain access to traffic beyond a switch?

Think about exploiting the way layer 2 switches operate?

Scapy tips:

  • RandMAC() - Generates random MAC addresses.
  • RandIP() - Generates random IP addresses.


Were you able to gain access to traffic beyond switch? If so, is there something interesting about the traffic? Is there some strange pattern in the traffic?

Hint: Port knocking. (Reference docs has more details on what port knocking is)


Did you manage to get access to some service on some machine? try some standard commands for that service to get more hints.


The target is not in the same sub-network and also accepts connections from only specific machines.How do you compromise the machine?

Hint: ARP MitM


Retrive the payload using standard FTP commands.