Nmap TryHackMe Room Walkthrough [level 1 — level 7]

Click here for part 2 in Nmap link

Task 2 → Introduction

What networking constructs are used to direct traffic to the right application on a server?

ports

How many of these are available on any network-enabled computer?

65535

[Research] How many of these are considered “well-known”? (These are the “standard” numbers mentioned in the task)

1024

Task 3 → Nmap Switches

What is the first switch listed in the help menu for a ‘Syn Scan’ (more on this later!)?

-ss

Which switch would you use for a “UDP scan”?

-su

If you wanted to detect which operating system the target is running on, which switch would you use?

-o

Nmap provides a switch to detect the version of the services running on the target. What is this switch?

-sv

The default output provided by nmap often does not provide enough information for a pentester. How would you increase the verbosity?

-v

Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?

-vv

What switch would you use to save the nmap results in three major formats?

-oA

What switch would you use to save the nmap results in a “normal” format?

-oN

A very useful output format: how would you save results in a “grepable” format?

-oG

Sometimes the results we’re getting just aren’t enough. If we don’t care about how loud we are, we can enable “aggressive” mode. This is a shorthand switch that activates service detection, operating system detection, a traceroute and common script scanning.

How would you activate this setting?

-A

Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors!

How would you set the timing template to level 5?

-T5

We can also choose which port(s) to scan.
How would you tell nmap to only scan port 80?

-p 80

How would you tell nmap to scan ports 1000–1500?

-p 1000–1500

A very useful option that should not be ignored:
How would you tell nmap to scan all ports?

-p-

How would you activate a script from the nmap scripting library (lots more on this later!)?

“- — script”

How would you activate all of the scripts in the “vuln” category?

“ — — script=vuln”

Task 5→ TCP Connect Scan

Which RFC defines the appropriate behaviour for the TCP protocol?

RFC 793

If a port is closed, which flag should the server send back to indicate this?

RST

Task 6 → SYN Scan

There are two other names for a SYN scan, what are they?

Half-Open, Stealth\

Can Nmap use a SYN scan without Sudo permissions (Y/N)?

N

Task 7 → UDP Scan

If a UDP port doesn’t respond to an Nmap scan, what will it be marked as?

open|filtered

When a UDP port is closed, by convention the target should send back a “port unreachable” message. Which protocol would it use to do so?

ICMP

I will see you in part 2 see you!!!!!!!!