FREE link HERE!

Introduction

There’s something uniquely intriguing about CTFs that lean away from the familiar world of typical web or binary exploitation and instead drop you headfirst into industrial control systems. When I stumbled on the “Industrial Intrusion” warm-up challenge on TryHackMe, I was hooked by its promise of mixing OT/ICS flavor with classic hacking methodology. I decided to chronicle my process, not just as a simple write-up, but as a reflection of the mindset and pivots that a real-world pentester might experience outside the safety net of standard CTFs.

Step 1: All About Recon

I always start with reconnaissance, and in CTFs like this, the value of a thorough scan can’t be overstated. The challenge description made it clear that open ports would be key, so my first instinct was to run a full port and service scan with Nmap.

nmap -sV -p- 10.10.169.126

When the scan finished, I had a table of open ports that felt both familiar and a little mysterious:

- 22/tcp (SSH) — Always a staple.
- 80/tcp (HTTP) — The front door.
- 102/tcp (Siemens S7 PLC) — Now we’re talking industrial.
- 502/tcp (likely Modbus) — A protocol I’ve seen in SCADA networks.
- 1880/tcp (vsat-control?) — Not your everyday web port. My mind immediately jumped to Node-RED, which often runs here.
- 8080/tcp (HTTP-proxy) — Another web server, maybe an admin…