TryHackMe: NMAP: Practical
#1 Does the target (MACHINE_IP
)respond to ICMP (ping) requests (Y/N)?
N
Some interesting findings to share:
If you specify nmap -sn option, it will indicate that the host is up as it receives arp-response.
This happens when a privileged user tries to run a scan on LAN network where ARP requests will be used.
To see if the host is responding to ICMP ping, you would need to specify --send-ip option.
#2 Perform an Xmas scan on the first 999 ports of the target — how many ports are shown to be open or filtered?
999
#3 There is a reason given for this — what is it?
Note: The answer will be in your scan results. Think carefully about which switches to use — and read the hint before asking for help!
No Response
#4 Perform a TCP SYN scan on the first 5000 ports of the target — how many ports are shown to be open?
5
*Just a reminder, -p1–5000 and --top-ports 5000 will return different results as -p1–5000 will scan for the first 5000 ports and the latter will scan for the top well known 5000 TCP and UDP ports.
#5 Open Wireshark (see Cryillic’s Wireshark Room for instructions) and perform a TCP Connect scan against port 80 on the target, monitoring the results. Make sure you understand what’s going on.
#6 Deploy the ftp-anon
script against the box. Can Nmap login successfully to the FTP server on port 21? (Y/N)
Y
To understand more about NMAP, check out the full series: Part 1: Port Scanning Responses, Part 2: Basic Port Scanning Types, Part 3: Other Port Scanning Types, Part 4: Network Scanning, Part 5: Firewall Evasion Options and Part 6: NSE Scripts!