TryHackMe - NMAP 101 PART - 1

The most amazing tool NMAP basics are here enjoy the process of learning. Have fun!! and Stay strong.

This is a Free lab in TryHackMe for users I hope you enjoy this blog. Soon you will have new blogs with awesome security learning. 

Introduction :

1. What networking constructs are used to direct traffic to the right application on a server?

Answer: Ports

2. How many of these are available on any network-enabled computer?

Answer: 65535

3. [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task)

Answer: 1024

NMAP Switches:

1. What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)?

Answer: -sS

2. Which switch would you use for a "UDP scan"?

Answer: -sU

3. If you wanted to detect which operating system the target is running on, which switch would you use?

Answer: -O

4. Nmap provides a switch to detect the version of the services running on the target. What is this switch?

Answer: -sV

5. The default output provided by nmap often does not provide enough information for a pentester. How would you increase the verbosity?

Answer: -v

6. Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?(Note: it's highly advisable to always use at least this option)

Answer: -vv

7. What switch would you use to save the nmap results in three major formats?

Answer: -oA

8. What switch would you use to save the nmap results in a "normal" format?

Answer: -oN

9. A very useful output format: how would you save results in a "grepable" format?

Answer: -oG

10. Sometimes the results we're getting just aren't enough. If we don't care about how loud  we are, we can enable "aggressive" mode. This is a shorthand switch that activates service detection, operating system detection, a traceroute and common script scanning.

How would you activate this setting?

Answer: -A

11. Nmap offers five levels of "timing" template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

How would you set the timing template to level 5?

Answer: -T5

12. We can also choose which port(s) to scan. How would you tell nmap to only scan port 80?

Answer: -p 80

13. How would you tell nmap to scan ports 1000-1500?

Answer: -p 1000 - 1500

14. A very useful option that should not be ignored: How would you tell nmap to scan all ports?

Answer: -p-

15. How would you activate a script from the nmap scripting library (lots more on this later!)?

Answer: --script

16. How would you activate all of the scripts in the "vuln" category?

Answer: --script=vuln

TCP Scans

1. Which RFC defines the appropriate behaviour for the TCP protocol?

Answer: RFC 793

2. If a port is closed, which flag should the server send back to indicate this?

Answer: RST

SYN Scans

1. There are two other names for a SYN scan, what are they?

Answer: Half-Open, Stealth 

2. Can Nmap use a SYN scan without Sudo permissions (Y/N)?

Answer: N

UDP Scans

1. If a UDP port doesn't respond to an Nmap scan, what will it be marked as?

Answer: Open|Closed

2. When a UDP port is closed, by convention the target should send back a "port unreachable" message. Which protocol would it use to do so?

Answer: ICMP

NULL, FIN and Xmas

1. Which of the three shown scan types uses the URG flag?

Answer: xmas

2. Why are NULL, FIN and Xmas scans generally used?

Answer: Firewall evasion

3. Which common OS may respond to a NULL, FIN or Xmas scan with a RST for every port?

Answer: Microsoft Windows

Please click on the link provided for the NMAP basics part 2