I knew the approach to this CTF would be different from those in the past based on the instructions.
In years past, the directions instructed you on which devices you were NOT to touch and which devices were the targets. This year, participants were simply directed which devices were off-limits. These off-limit devices were identified either by subnet or IP Address.
The first thing I did was copy the contents of these addresses/subnets into a file I would use as my “exclusion” file during any network or vulnerability scans I would run. This was the contents of my “exclude.txt” file:
From here, I kicked off a series of nmap scans. I started a rather large one using the command:
nmap -sn --excludefile /root/Desktop/CTF/exclude.txt -oG /root/Desktop/CTF/nmap_10.10.0.0.txt 10.10.0.0/16
But between the network latency/downtime, it became pretty apparent that it would take forever, if at all, for this scan to finish — so I broke it up into smaller chunks.