Tryhackme Nmap - walkthrough

NMAP – Walkthrough #tryhackme @tryhackme

Page - 1

           Deploy the machine….

Page - 2

Q1) First, how do you access the help menu?

           Ans= -h

Q2) Often referred to as a stealth scan, what is the first switch listed for a 'Syn Scan'?

           Ans = -sS

Q3) Not quite as useful but how about a 'UDP Scan'?

           Ans = -sU

Q4) What about operating system detection?

           Ans = -O

Q5) How about service version detection? 

           Ans = -sV

Q6) Most people like to see some output to know that their scan is doing things, what is the verbosity flag?

           Ans = -v

Q7) What about 'very verbose'? (A personal favorite)

           Ans = -vv

Q8) Sometimes saving the output in a common document format can be really handy for reporting, how do we save the output in XML format?

           Ans = -oX

Q9) Aggressive scans can be nice when other scans just aren't getting the output that you want and you don't care how 'loud' you are, what is the switch for enabling this? (HINT = UNDER MISC)

           Ans = -A

Q10) How do I set the timing to the max level, sometimes called 'Insane'?

           Ans = -T5

Q11) What about if I want to scan a specific port?

           Ans = -p

Q12) How about if I want to scan every port?

           Ans = -p-

Q13) What if I want to enable using a script from the Nmap scripting engine? For this, just include the first part of the switch without the specification of what script to run.

           Ans = --script

@14) What if I want to run all scripts out of the vulnerability category? 

           Ans = --script vuln

Q15) What switch should I include if I don't want to ping the host?

           Ans = -Pn

Page-3

Q1) Let's go ahead and start with the basics and perform a syn scan on the box provided. What will this command be without the host IP address?

           Ans = nmap -sS

Q2) After scanning this, how many ports do we find open under 1000?

           Ans = 2

Q3) What communication protocol is given for these ports following the port number?

           Ans = tcp

Q4) Perform a service version detection scan, what is the version of the software running on port 22?

           Ans = 6.6.1p1

Q7) Perform an aggressive scan, what flag isn't set under the results for port 80?

           Ans = httponly

Q8) Perform a script scan of vulnerabilities associated with this box, what denial of service (DOS) attack is this box susceptible to? Answer with the name for the vulnerability that is given as the section title in the scan output. A vuln scan can take a while to complete. In case you get stuck, the answer to this question has been provided in the hint, however, it's good to still run this scan and get used to using it as it can be invaluable

Ans = http-slowloris-check.