TryHackMe(THM) : Nmap

shiv shankar yadav
3 min readAug 2, 2021

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Task 1. Introduction to Port Scanning

  1. What networking constructs are used to direct traffic to the right application on a server?

Answer: ports

2. How many of these are available on any network-enabled computer?

Answer: 65535

3. [Research] How many of these are considered “well-known”? (These are the “standard” numbers mentioned in the task)

Answer: 1024

Task 2. Deploy !

  1. Deploy the machine!

Answer : no answer

Task 3. Nmap Quiz

Nmap is installed by default on Kali Linux, as well as the TryHackMe Attack Box. It can be accessed by typing nmap in a terminal, followed by some of the switches which will be covered below.

1. First, how do you access the help menu?

Answer : -h

2. Often referred to as a stealth scan, what is the first switch listed for a 'Syn Scan'?

Answer : -sS

3. What about operating system detection?

Answer : -O

4. How about service version detection?

Answer : -sV

5. Most people like to see some output to know that their scan is actually doing things, what is the verbosity flag?

Answer : -v

6. What about ‘very verbose’?(A personal favorite)

Answer : -vv

7. Sometimes saving output in a common document format can be really handy for reporting, how do we save output in xml format?

Answer : -oX

8. Aggressive scans can be nice when other scans just aren’t getting the output that you want and you really don’t care how ‘loud’ you are, what is the switch for enabling this?

Answer : -A

9. How do I set the timing to the max level, sometimes called ‘Insane’?

Answer : -T5

10. What about if I want to scan a specific port?

Answer : -p

11. How about if I want to scan every port?

Answer : -p-

12. What if I want to enable using a script from the nmap scripting engine? For this, just include the first part of the switch without the specification of what script to run.

Answer : — script

13. What if I want to run all scripts out of the vulnerability category?

Answer: — script vuln

14. What switch should I include if I don’t want to ping the host?

Answer : -Pn

Task 4 : Nmap Scanning

  1. Let’s go ahead and start with the basics and perform a syn scan on the box provided. What will this command be without the host IP address?

Answer : -sS

2. After scanning this, how many ports do we find open under 1000?

Answer : 2

3. Perform a service version detection scan, what is the version of the software running on port 22?

Answer : 6.6.1p1

4. Perform an aggressive scan, what flag isn’t set under the results for port 80?

Answer : httponly

5. Perform a script scan of vulnerabilities associated with this box, what denial of service (DOS) attack is this box susceptible to? Answer with the name for the vulnerability that is given as the section title in the scan output. A vuln scan can take a while to complete. In case you get stuck, the answer for this question has been provided in the hint, however, it’s good to still run this scan and get used to using it as it can be invaluable.

Answer : http-slowloris-check

Thanks for reading !



shiv shankar yadav

I am a certified ethical hacker (CEH) and a certified red team professional (CRTP) with a strong background in active directory and web penetration testing.