Networking: Nmap: The Basics (TryHackMe)

In this article, I will write a write-up for Nmap: The Basics that covers Host Discovery: Who is Online, Port Scanning: Who is Listening, Version Detection: Extract More Information, Timing: How Fast is Fast, and Output: Controlling What You See.

1. What is the last IP address that will be scanned when your scan target is 192.168.0.1/27? 192.168.0.31

   

2. How many TCP ports are open on the target system at 10.10.235.198? 6

   

3. Find the listening web server on 10.10.235.198 and access it with your browser. What is the flag that appears on its main page? THM{SECRET_PAGE_38B9P6}

   to start there’s a hint on the question that you should access via http://ip_address:port_number. Remember the computer has 65535 ports so I tried to use common ports like 80, 8080, etc, and the browser didn’t open. I ran a command nmap -sV -A 10.10.235.198 that gave us a comprehensive overview of our target machine IP which included open ports, 8008 showed 8008/tcp open http lighttpd/1.4.74. On opening the browser http://ip_address:8008 I got the flag

   

   

4. What is the name and detected version of the web server running on 10.10.235.198? lighttpd 1.4.74

running nmap -A ip_address brings it up notice that our attack machine uses lighttpd and not the web servers like nginx so that a hint too

5. What is the non-numeric equivalent of -T4? -T aggressive

6. What option must you add to your nmap command to enable debugging? -d

7. What kind of scan will Nmap use if you run nmap MACHINE_IP with local user privileges? Connect Scan

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.