TryHackMe Nmap解答

これは何？

TryHackMeのNmapに記載されている問題と答えを記載します。

Introduction

What networking constructs are used to direct traffic to the right application on a server?

Ports

How many of these are available on any network-enabled computer?

65535

[Research]How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task)

1024

Scan Types TCP Connect Scans

Which RFC defines the appropriate behaviour for the TCP protocol?

RFC 793

If a port is closed, which flag should the server send back to indicate this?

RST

Scan Types SYN Scans

There are two other names for a SYN scan, what are they?

Half-Open, Stealth

Can Nmap use a SYN scan without Sudo permissions (Y/N)?

N

Scan Type UDP Scans

If a UDP port doesn't respond to an Nmap scan, what will it be marked as?

open|filtered

When a UDP port is closed, by convention the target should send back a "port unreachable" message. Which protocol would it use to do so?

ICMP

Scan Types NULL, FIN and Xmas

Which of the three shown scan types uses the URG flag?

xmas

Why are NULL, FIN and Xmas scans generally used?

Firewall Evasion

Which common OS may respond to a NULL, FIN or Xmas scan with a RST for every port?

Microsoft Windows

Scan Types ICMP Networking scanning

How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation)

nmap -sn 172.16.0.0/16

NSE Scripts Overview

What language are NSE scripts written in?

Lua

Which category of scripts would be a very bad idea to run in a production environment?

intrusive

NSE Working with the NSE

What optional argument can the ftp-anon.nse script take?

maxlist

NSE Scripts Searching for Scripts

Search for "smb" scripts in the /usr/share/nmap/scripts/ directory using either of the demonstrated methods.
What is the filename of the script which determines the underlying OS of the SMB server?

smb-os-discovery.nse

Read through this script. What does it depend on?

smb-brute

Firewall Evasion

Which simple (and frequently relied upon) protocol is often blocked, requiring the use of the -Pn switch?

ICMP

[Research] Which Nmap switch allows you to append an arbitrary length of random data to the end of packets?

--data-length

Practical

Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)?

N

Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?

999

There is a reason given for this -- what is it?
Note: The answer will be in your scan results. Think carefully about which switches to use -- and read the hint before asking for help!

No Response

Perform a TCP SYN scan on the first 5000 ports of the target -- how many ports are shown to be open?

5

Open Wireshark (see Cryillic's Wireshark Room for instructions) and perform a TCP Connect scan against port 80 on the target, monitoring the results. Make sure you understand what's going on.

No answer needed

Deploy the ftp-anon script against the box. Can Nmap login successfully to the FTP server on port 21? (Y/N)

Y