NETWORK ENUMERATION WITH NMAP - Help

Hi there. I am working on the education module for NMAP, specifically I am on the service enumeration section and I cannot find the flag related to the service. I have tried different flags while running NMAP. Any help would be appreciated.

2 Likes

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

Type your comment> @rpthomps said:

Hi there. I am working on the education module for NMAP, specifically I am on the service enumeration section and I cannot find the flag related to the service. I have tried different flags while running NMAP. Any help would be appreciated.

Take a look through these nmap docs - one port in particular should stand out. From there its fairly straight forward.

1 Like

@rpthomps , I also need help with Firewall and IDS/IPS Evasion - Hard Lab.
Did you pass it?

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Nope. Need another hint from @tylerptl

Type your comment> @pulsefinder said:

Nope. Need another hint from @tylerptl

~~ " Ncat uses its default port 31337 " - look into how to make a connection w/ncat and you should be good ~~

Edit: im an idiot - misread your post.

I’d recommend reading through this stackexchange post and then tie that in with the ‘DNS Proxying’ part of the Firewall & IDS/IPS section.

Type your comment> @akinamon said:

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Type your comment> @akinamon said:

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Re-read the Firewall and IDS/IPS Evasion section (right before the labs). They pretty much give you the answer right near the end.

1 Like

Thanks to @tylerptl and @farstrider for their help. I finally got this one. The problem I was having is that the target port was not showing up on any of my nmap scans. for some reason if I used the default for ports to be scanned (top 1000), I only got output in summary form, not detail by port. so I was limiting my scans to the top 50 ports and the target port was not among them (so it didn’t jump out at me as tylerptl said it would). Never figured that out but I found a workaround. If you use the --open option, your output will show all open ports. Because of filters, you will initially only see the two unfiltered ports. But, if you work through the techniques suggested in the writeup (as hinted by farstrider), you will eventually use one that makes the target port visible as “open”. It really is straightforward from there as both helpers said. @akinamon @rpthomps

I have been stuck on this module as well but the new port is the key to success… DNS Proxy section is there which you can benefit.

when I use nc for the opened port i got this error
“nc: bind failed: Address already in use” what should I do? plus there no ncat in the system

@OjMambo that’s because DNS is already being used on the machine you are on. You will need to stop it before you can bind anything to port 53.

Can you give a hint on the firewall evasion-Medium Lab? Thanks in advance

Hi, Please how did u pass the firewall evasion -Medium Lab ?

1 Like

Exactly as described in the section Firewall and IDS IPS Evasion

1 Like

Thanks for prompt reply. My curiosity led me to try port 50000. I tried decoy, fragmentation, Syn scan from port 53, and sC on the filtered DNS port (53) but still remained filtered.

Don’t be confused by the word “filtred”. You want to know the version of the DNS server. An NSE script can help you. Also with a filtered port.

1 Like

You are trying to find the version of the DNS server, which typically runs on port 53 and is typically a UDP port but can also be a TCP port. A client using both might filter one but forget to filter the other.

1 Like

Ok, I will try this out. Thanks