Whoibrar Blog

TryHackMe: Nmap Walkthrough

TryHackMe: Nmap Walkthrough

By whoibrar

ibrar ibrahim's photo
ibrar ibrahim
ยท

5 min read

Questions List

  • Task 1 : Deploy VM No Questions Here
  • Task 2 : Intro
    What networking constructs are used to direct traffic to the right application on a server?ports
    How many of these are available on any network-enabled computer?65535
    How many of these are considered "well-known"?1024
  • Task 3 : Nmap Switches
    What is the first switch listed in the help menu for a 'Syn Scan' ?
    man nmap | grep -i syn-sS
    Which switch would you use for a "UDP scan"?
    man nmap | grep -i udp-sU
    If you wanted to detect which operating system the target is running on, which switch would you use?
    man nmap | grep -i os-O
    switch to detect the version of the services running on the target. What is this switch?
    man nmap | grep -i version-sV
    How would you increase the verbosity?
    man nmap | grep -i verbosity-v
    How would you set the verbosity level to two?
    man nmap | grep -i verbosity -vv
    What switch would you use to save the nmap results in three major formats?
    man nmap | grep -i format -oA
    What switch would you use to save the nmap results in a "normal" format?
    man nmap | grep -i format-oN
    how would you save results in a "grepable" format?
    man nmap | grep -i grepable-oG
    How would you activate this aggressive mode?
    man nmap | grep -i aggressive-A
    How would you set the timing template to level 5?
    man nmap | grep -i timing-T5
    How would you tell nmap to only scan port 80?
    man nmap | grep -i port | grep -i scan-p 80
    How would you tell nmap to scan ports 1000-1500?
    man nmap | grep -i port | grep -i range -p 1000-1500
    How would you tell nmap to scan all ports?
    man nmap | grep -i port | grep -i scan-p-
    How would you activate a script from the nmap scripting library ?
    man nmap | grep -i script--script
    How would you activate all of the scripts in the "vuln" category?
    man nmap | grep -i script--script=vuln
  • Task 4 : Scan Types Overview No Questions Here
  • Task 5 : Scan Types TCP Connect Scans
    Which RFC defines the appropriate behaviour for the TCP protocol?RFC 793
    If a port is closed, which flag should the server send back to indicate this?rst
  • Task 6 : Scan Types SYN Scans
    There are two other names for a SYN scan, what are they?half-open stealth
    Can Nmap use a SYN scan without Sudo permissions (Y/N)?n
  • Task 7 : Scan Types UDP Scans
    If a UDP port doesn't respond to an Nmap scan, what will it be marked as?open|filtered
    When a UDP port is closed, by convention the target should send back a "port unreachable" message. Which protocol would it use to do so?ICMP
  • Task 8 : Scan Types NULL, FIN and Xmas
    Which of the three shown scan types uses the URG flag?xmas
    Why are NULL, FIN and Xmas scans generally used?firewall evasion
    Which common OS may respond to a NULL, FIN or Xmas scan with a RST for every port?microsoft windows
  • Task 9 : Scan Types ICMP Network Scanning
    How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation) Target Specification Nmap Network Scanning
    CIDR notation Nmap
    The answernmap -sn 172.16.0.0/16
  • Task 10 : NSE Scripts Overview
    What language are NSE scripts written in?lua
    Which category of scripts would be a very bad idea to run in a production environment?intrusive
  • Task 11 : NSE Scripts Working with the NSE
    What optional argument can the ftp-anon.nse script take?
    ftp-anon NSE Scriptmaxlist
  • Task 12 : NSE Scripts Searching for Scripts
    What is the filename of the script which determines the underlying OS of the SMB server?
    grep "smb" /usr/share/nmap/scripts/script.bd | grep -i os smb-os-discovery.nse
    what does it depend on
    cat smb-os-discovery.nse | grep -i dependsmb-brute
  • Task 13 : Firewall Evasion
    Which simple (and frequently relied upon) protocol is often blocked, requiring the use of the -Pn switch?ICMP
    Which Nmap switch allows you to append an arbitrary length of random data to the end of packets?
    man nmap | grep -i append | grep -i random--data-length
  • Task 14 : Practical
    Does the target (IP_Address)respond to ICMP (ping) requests (Y/N)?ping IP_Address โ†’ Wait for response
    Perform an Xmas scan on the first 999 ports of the target -how many ports are shown to be open or filtered? nmap -sX IP_Address -p 1-999
    nmap -sX IP_Address -p 1-999 -vv
    There is a reason given for this -what is it?no response
    a TCP SYN scan on the first 5000 ports of the target -how many ports are shown to be open? nmap -sS IP_Address -p 1-5000 -vv
    perform a TCP Connect scan against port 80 on the target, monitoring the results nmap -sT IP_Address -p 80
    Deploy the ftp-anon script against the box. Can Nmap login successfully to the FTP server on port 21? (Y/N) nmap --script=ftp-anon IP_Address
  • Task 15 : Conclusion No Questions Here

Did you find this article valuable?

Support ibrar ibrahim by becoming a sponsor. Any amount is appreciated!

tryhackmenmap#walkthrough