Didn’t see a post about this on here and just noticed it on the HTB twitter page:
Whilst its titled “Year in review”, it mainly focuses on upcoming features for this year
Nice one - never saw that post.
I did see Starting Point though - only after I couldn’t work out what people were talking about with the questions 
Had a brief play, seems fun and useful to bring people in. Sadly it forced me to regenerate all my connection packs though :lol:
I had a quick look at starting point and was weirded out by the way they tell people to do port scans lol seemed way over complicated for a beginner tutorial, but yeah overall it seems like a good addition to the site
Like wtf is this first line about:
ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep [1] | cut -d ‘/’ -f 1 | tr ‘\n’ ‘,’ | sed s/,$//)
nmap -sC -sV -p$ports 10.10.10.27
when you can just type the number of ports you want to scan instead
0-9 ↩︎
lol yeah - I’ve seen that in a few write ups as a “quicker” way - you do a super-fast full scan of all ports then focus on the ones which appear open.
I am not a fan though. I’d rather scan them all rather than assume closed based on nmap’s reading of the response.
I tried that on a couple of boxes and the time difference is fairly minimal - obviously it depends on the box and its configuration.
they should at least explain that’s what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I’d be pretty put off
Type your comment> @VbScrub said:
they should at least explain that’s what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I’d be pretty put off
Yup, thats how I felt. All that didn’t even work for me.
@Buttersauce said:
@VbScrub said:
they should at least explain that’s what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I’d be pretty put off
Yup, thats how I felt. All that didn’t even work for me.
I’ve found it does generate errors sometimes with map complaining that the ports specified on the second part are invalid.
this is all I run, and I’ve never had any errors:
nmap 10.10.10.100 -p1-6000 -T4
I feel like that would be a much better example especially for beginner tutorial. Fair enough if they want to change the port numbers, I only scan the first 6000 ports to start with and if I get stuck after that I scan the rest with “-p-6000-65535”
Heard, I appreciate that tip. I’ve seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.
@Buttersauce said:
Heard, I appreciate that tip. I’ve seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.
I don’t think there is a best. It is entirely down to what you want to achieve, what you are comfortable with and what output you want.
Use the tool in a way which works for you.
For example, I like to get visual feedback so I almost always use -vvvvv (or more v’s depending on my mood).
I like to get a copy of the output, so again, unless I have a burning reason not to, I use -oA all_tcp
I like to know why nmap thinks a port is open or closed, so --reason is a part of my regular use.
If I am not in a rush, I’d use -sC -sV in the initial scan, just to save the effort of going back and rescanning the open ports. Sometimes I get lazy and use -A -p-.
In a nutshell, it all depends on what I am trying to do with nmap. (–script vulns is occasionally useful)
also if you want to know what a parameter does that you’ve seen someone use, just look it up here: Command-line Flags | Nmap Network Scanning