One of my previous blog I did my Nmap room level 1 to level 7 click here to get to the blog. So now lets do the rest of the room..!!!!
Task 8 →NULL, FIN, Xmas
Which of the three shown scan types uses the URG flag?
Why are NULL, FIN and Xmas scans generally used?
Which common OS may respond to a NULL, FIN or Xmas scan with a RST for every port?
Task 9 → ICMP Network Scanning
How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation)
nmap -sn 172.16.0.0/16
Task 10 → Working With The NSE
What language are NSE scripts written in?
Which category of scripts would be a very bad idea to run in a production environment?
Task 11 → Overview
What optional argument can the
in this DOC you can see it take arg call maxlist
Task 12 → Searching for script
What is the filename of the script which determines the underlying OS of the SMB server?
If you run the above command you will get a list like this and highlighted one is the OS discovery.
Read through this script. What does it depend on?
This is how you can see the scorce code of smb-os-discovery.nse
first you need to type locate smb-os-discovery.nse and copy that location and use cat <file_location> the you will be able to get this
So answer is smb-brute
Task 13 →Firewall Evasion
Which simple (and frequently relied upon) protocol is often blocked, requiring the use of the
[Research] Which Nmap switch allows you to append an arbitrary length of random data to the end of packets?
To find this you can type man nmap and go to Firewall evasion tab and you can see this to your self.
Task 14 → Practical
Does the target (
MACHINE_IP)respond to ICMP (ping) requests (Y/N)?
Perform an Xmas scan on the first 999 ports of the target — how many ports are shown to be open or filtered?
you can see 999 are open and filtered
There is a reason given for this — what is it?
Note: The answer will be in your scan results. Think carefully about which switches to use — and read the hint before asking for help!
Perform a TCP SYN scan on the first 10000 ports of the target — how many ports are shown to be open?
If you run this above command you will be able see there are 5 ports are open
ftp-anonscript against the box. Can Nmap login successfully to the FTP server on port 21? (Y/N)
this is how you have to use scripts in Nmap so in the result you can see anonymous login is allowed now lets try to login
This is how you have to log in to the FTP session
so I hope you learned how to do these task see you in another blog see you………………