HTB Upcoming Features

Didn’t see a post about this on here and just noticed it on the HTB twitter page:

Whilst its titled “Year in review”, it mainly focuses on upcoming features for this year

Nice one - never saw that post.

I did see Starting Point though - only after I couldn’t work out what people were talking about with the questions :smile:

Had a brief play, seems fun and useful to bring people in. Sadly it forced me to regenerate all my connection packs though :lol:

I had a quick look at starting point and was weirded out by the way they tell people to do port scans lol seemed way over complicated for a beginner tutorial, but yeah overall it seems like a good addition to the site

Like wtf is this first line about:

ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)
nmap -sC -sV -p$ports 10.10.10.27

when you can just type the number of ports you want to scan instead

lol yeah - I’ve seen that in a few write ups as a “quicker” way - you do a super-fast full scan of all ports then focus on the ones which appear open.

I am not a fan though. I’d rather scan them all rather than assume closed based on nmap’s reading of the response.

I tried that on a couple of boxes and the time difference is fairly minimal - obviously it depends on the box and its configuration.

they should at least explain that’s what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I’d be pretty put off

Type your comment> @VbScrub said:

they should at least explain that’s what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I’d be pretty put off

Yup, thats how I felt. All that didn’t even work for me.

@Buttersauce said:

@VbScrub said:

they should at least explain that’s what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I’d be pretty put off

Yup, thats how I felt. All that didn’t even work for me.

I’ve found it does generate errors sometimes with map complaining that the ports specified on the second part are invalid.

this is all I run, and I’ve never had any errors:

nmap 10.10.10.100 -p1-6000 -T4

I feel like that would be a much better example especially for beginner tutorial. Fair enough if they want to change the port numbers, I only scan the first 6000 ports to start with and if I get stuck after that I scan the rest with “-p-6000-65535”

Heard, I appreciate that tip. I’ve seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.

@Buttersauce said:

Heard, I appreciate that tip. I’ve seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.

I don’t think there is a best. It is entirely down to what you want to achieve, what you are comfortable with and what output you want.

Use the tool in a way which works for you.

For example, I like to get visual feedback so I almost always use -vvvvv (or more v’s depending on my mood).

I like to get a copy of the output, so again, unless I have a burning reason not to, I use -oA all_tcp

I like to know why nmap thinks a port is open or closed, so --reason is a part of my regular use.

If I am not in a rush, I’d use -sC -sV in the initial scan, just to save the effort of going back and rescanning the open ports. Sometimes I get lazy and use -A -p-.

In a nutshell, it all depends on what I am trying to do with nmap. (–script vulns is occasionally useful)

also if you want to know what a parameter does that you’ve seen someone use, just look it up here: Command-line Flags | Nmap Network Scanning