TryHackMe | Nmap | Walkthrough


 



Welcome to my writeup on the Nmap room from TryHackMe! This machine is designed specifically to help you understand and master Nmap, one of the most essential tools in a hacker’s arsenal.

Task 2: Introduction

What networking constructs are used to direct traffic to the right application on a server?
 Ports

 How many of these are available on any network-enabled computer?
65535

 How many of these are considered “well-known”?
1024

 Task 3: Nmap Switches

 What is the first switch listed in the help menu for a ‘Syn Scan’?
 -sS

 Which switch would you use for a “UDP scan”?
-sU

 Which switch detects the target’s OS?
 -O

 Which switch detects the version of services?
 -sV

 How to increase verbosity?
 -v

 Set verbosity level 2?
-vv

 Save results in three major formats?
-oA

 Save in normal format?
 -oN

Save in grepable format?
-oG

 Enable aggressive mode (OS detection, scripts, traceroute)?
-A

Set timing template to 5 (fastest)?
-T5

 Scan only port 80?
 -p 80

 Scan ports 1000–1500?
 -p 1000–1500

 Scan all ports?
 -p-

Activate a script from the NSE library?
--script

Run all vuln category scripts?
--script=vuln

 Task 5: TCP Connect Scans

 Which RFC defines TCP protocol behavior?
 RFC 793

 If a port is closed, which flag is returned?
 RST

 Task 6: SYN Scans

 Alternate names for SYN scan?
 Half-open, Stealth

 Can Nmap use SYN scan without sudo? (Y/N)
 N

 Task 7: UDP Scans

 If a UDP port doesn’t respond, how is it marked? 
open|filtered

 Which protocol signals a closed UDP port?
 ICMP

 Task 8: NULL, FIN, Xmas Scans

 Which scan type uses the URG flag?
 Xmas

 Why use NULL, FIN, and Xmas scans?
 Firewall evasion

 Which OS responds with RST for every port?
 Microsoft Windows

 Task 9: ICMP Network Scanning

 How to perform a ping sweep on 172.16.x.x (Netmask: 255.255.0.0)?
 nmap -sn 172.16.0.0/16

 Task 10: NSE Scripts Overview

 What language are NSE scripts written in?
 Lua

 Which script category is dangerous in production?
 intrusive

 Task 11: Working with the NSE

 Optional argument for ftp-anon.nse?
 maxlist
🔗 Official NSE Doc

 Task 12: Searching for Scripts

 Filename of the script to determine OS via SMB?
 smb-os-discovery.nse

What does it depend on?
 smb-brute

 Task 13: Firewall Evasion

 Which protocol is often blocked, requiring -Pn?
 ICMP

 Switch to append random data to packets?
 --data-length
 Nmap Firewall Evasion Guide

 Task 14: Practical

 Does the target respond to ICMP (ping)? (Y/N)
 N

 Xmas scan on ports 1-999 — How many are open|filtered?
999

 Why?
 No Response

TCP SYN scan on ports 1–5000 — How many are open?
 5

Can Nmap login to FTP on port 21 using ftp-anon? (Y/N)
 Y

Final Thoughts

That wraps up the Nmap Room on TryHackMe! 
I hope this walkthrough helped clarify how to wield Nmap like a pro.


Comments

Post a Comment

Popular Posts