Scanning with nmap

scanning with nmap

I don't solve this box yet, I'll go further with nmap command line scanner

nmap -v 10.10.10.28

-v stands for verbose (that we see some output)

In that case nmap sends ping packets to the target host. We can verify that with tcpdump:

sudo tcpdump -i tun0 -p icmp

listening for icmp packets on tun0 while doing a nmap scan

sudo nmap 10.10.10.28 -v -Pn -sV -O

no icmp packets detected

If we use the paramater -Pn nmap doesn't send ping packets. -sV stands for Version detection and -O for OS detection.

-A enables OS detection, version detection, script scan and traceroute

-p is for specific ports (example -p22,80,443)

-T can be used for timing options (4 is default, 5 is maximum) --> Can be used to evade firewall and IDS detection

-sS stand for stealth scan or syn scan

-oA scan_results writes an output file

-iL targets.txt Input list of ip addresses to scan

-F scan top 100 ports (fastscan)

-sU -p U:53 performs UDP scan on port 53

-sC or --script use a specific NSE script

sudo nmap --script smb-enum-users.nse -p 445 10.10.10.27

NSE scripts are located in /usr/share/nmap/scripts

some smb nse scripts

NSE Scripts extends the core functionality of nmap. You can find more informations about them inside the help of nmap or the NSE reference: https://nmap.org/nsedoc/