https://tryhackme.com/room/nmap03
Task 1 Introduction
Keine Fragen in diesem Task.
Task 2 TCP Null Scan, FIN Scan, and Xmas Scan
Frage 1:
In a null scan, how many flags are set to 1?
In einem null scan werden keine Flags aktiviert.
Antwort 1:
0
Frage 2:
In a FIN scan, how many flags are set to 1?
Während einem FIN scan ist nur FIN aktiviert.
Antwort 2:
1
Frage 3:
In a Xmas scan, how many flags are set to 1?
Während einem Xmas scan sind FIN, PSH und URG aktiv.
Antwort 3:
3
Frage 4:
Start the VM and load the AttackBox. Once both are ready, open the terminal on the AttackBox and use nmap to launch a FIN scan against the target VM. How many ports appear as open|filtered?
└─$ sudo nmap -sF 10.10.61.246
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-11 18:48 CEST
Nmap scan report for 10.10.61.246
Host is up (0.061s latency).
Not shown: 993 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open|filtered ssh
25/tcp open|filtered smtp
53/tcp open|filtered domain
80/tcp open|filtered http
110/tcp open|filtered pop3
111/tcp open|filtered rpcbind
143/tcp open|filtered imap
Nmap done: 1 IP address (1 host up) scanned in 2.35 secondsAntwort 4:
7
Frage 5:
Repeat your scan launching a null scan against the target VM. How many ports appear as open|filtered?
└─$ sudo nmap -sN 10.10.61.246
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-11 18:49 CEST
Nmap scan report for 10.10.61.246
Host is up (0.066s latency).
Not shown: 993 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open|filtered ssh
25/tcp open|filtered smtp
53/tcp open|filtered domain
80/tcp open|filtered http
110/tcp open|filtered pop3
111/tcp open|filtered rpcbind
143/tcp open|filtered imap
Nmap done: 1 IP address (1 host up) scanned in 3.52 secondsAntwort 5:
7
Task 3 TCP Maimon Scan
Frage 1:
In the Maimon scan, how many flags are set?
Der Maimon Scan benutzt FIN und ACK.
Antwort 1:
2
Task 4 TCP ACK, Window, and Custom Scan
Frage 1:
In TCP Window scan, how many flags are set?
Der Window Scan benutzt ACK.
Antwort 1:
1
Frage 2:
You decided to experiment with a custom TCP scan that has the reset flag set. What would you add after --scanflags?
Reset nutzt die RST Flag.
Antwort 2:
RST
Frage 3:
The VM received an update to its firewall ruleset. A new port is now allowed by the firewall. After you make sure that you have terminated the VM from Task 2, start the VM for this task. Launch the AttackBox if you haven’t done that already. Once both are ready, open the terminal on the AttackBox and use Nmap to launch an ACK scan against the target VM. How many ports appear unfiltered?
└─$ sudo nmap -sA 10.10.28.228
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-11 19:00 CEST
Nmap scan report for 10.10.28.228
Host is up (0.066s latency).
Not shown: 985 filtered tcp ports (no-response), 11 filtered tcp ports (host-prohibited)
PORT STATE SERVICE
22/tcp unfiltered ssh
25/tcp unfiltered smtp
80/tcp unfiltered http
443/tcp unfiltered https
Nmap done: 1 IP address (1 host up) scanned in 6.28 secondsAntwort 3:
4
Frage 4:
What is the new port number that appeared?
Hier müssen wir wieder mit dem Beispiel vergleichen, Wir stellen fest, dass Port 443 neu ist.
Antwort 4:
443
Frage 5:
Is there any service behind the newly discovered port number? (Y/N)
Nmap vermutet, dass sich https hinter dem neuen Port versteckt. Öffnen wir in unserem Browser also die https-Seite unserer Machine mit https://10.10.28.228
Wir können nicht verbinden, also steht kein Service dahinter.
Antwort 5:
n
Task 5 Spoofing and Decoys
Frage 1:
What do you need to add to the command sudo nmap 10.10.28.228 to make the scan appear as if coming from the source IP address 10.10.10.11 instead of your IP address?
Antwort 1:
-S 10.10.10.11
Frage 2:
What do you need to add to the command sudo nmap 10.10.28.228 to make the scan appear as if coming from the source IP addresses 10.10.20.21 and 10.10.20.28 in addition to your IP address?
Antwort 2:
-D 10.10.20.21,10.10.20.28
Task 6 Fragmented Packets
Frage 1:
If the TCP segment has a size of 64, and -ff option is being used, how many IP fragments will you get?
-ff splittet den Header in 16 Bytes große Fragmente. 64/16= 4
Antwort 1:
4
Task 7 Idle/Zombie Scan
Frage 1:
You discovered a rarely-used network printer with the IP address 10.10.5.5, and you decide to use it as a zombie in your idle scan. What argument should you add to your Nmap command?
Antwort 1:
-sI 10.10.5.5
Task 8 Getting More Details
Frage 1:
Launch the AttackBox if you haven’t done so already. After you make sure that you have terminated the VM from Task 4, start the VM for this task. Wait for it to load completely, then open the terminal on the AttackBox and use Nmap with nmap -sS -F --reason 10.10.217.231 to scan the VM. What is the reason provided for the stated port(s) being open?
└─$ sudo nmap -sS -F --reason 10.10.217.231
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-11 19:25 CEST
Nmap scan report for 10.10.217.231
Host is up, received reset ttl 63 (0.071s latency).
Not shown: 94 closed tcp ports (reset)
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 63
25/tcp open smtp syn-ack ttl 63
80/tcp open http syn-ack ttl 63
110/tcp open pop3 syn-ack ttl 63
111/tcp open rpcbind syn-ack ttl 63
143/tcp open imap syn-ack ttl 63
Nmap done: 1 IP address (1 host up) scanned in 0.54 secondsAntwort 1:
syn-ack
Task 9 Summary
Keine Fragen in diesem Task