If this your first visit to my blogs than please go through the first blog NMAP Basics 101 Part -1 which will help you to cover up some other basic topics too.
ICMP Scanning
The -sn switch tells Nmap not to scan any ports -- forcing it to rely primarily on ICMP echo packets (or ARP requests on a local network, if run with sudo or directly as the root user) to identify targets.
1. How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation)
NSE Scripts
1. What language are NSE scripts written in?
Answer: Lua
2. Which category of scripts would be a very bad idea to run in a production environment?
Answer: Intrusive
Working with the NSE
1. What optional argument can the ftp-anon.nse script take?
Answer: maxlist
Searching for Scripts
1. Search for "smb" scripts in the /usr/share/nmap/scripts/ directory using either of the demonstrated methods.
What is the filename of the script which determines the underlying OS of the SMB server?
Answer: smb-os-discovery.nse
2. Read through this script. What does it depend on?
Answer: smb-brute
Firewall Evasion
1. Which simple (and frequently relied upon) protocol is often blocked, requiring the use of the -Pn switch?
Answer: ICMP
2. [Research] Which Nmap switch allows you to append an arbitrary length of random data to the end of packets?
Answer: --data-length
Practical
1. Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)?
Answer: N
2. Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?
Answer: 999
3. There is a reason given for this -- what is it?
Note: The answer will be in your scan results. Think carefully about which switches to use -- and read the hint before asking for help!
Answer: No Response
4. Perform a TCP SYN scan on the first 5000 ports of the target -- how many ports are shown to be open?
Answer: 5
5. The answer for the 5 is not required
6.Deploy the ftp-anon script against the box. Can Nmap login successfully to the FTP server on port 21? (Y/N)
Answer: Y
This covers the NMAP cheatsheet for THM nmap labs. Very soon I will be providing a detailed walkthrough of the NMAP lab.
This covers the NMAP cheatsheet for THM nmap labs. Very soon I will be providing a detailed walkthrough of the NMAP lab.
No comments:
Post a Comment