NETWORK ENUMERATION WITH NMAP - Help

Hi there. I am working on the education module for NMAP, specifically I am on the service enumeration section and I cannot find the flag related to the service. I have tried different flags while running NMAP. Any help would be appreciated.

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

Type your comment> @rpthomps said:

Hi there. I am working on the education module for NMAP, specifically I am on the service enumeration section and I cannot find the flag related to the service. I have tried different flags while running NMAP. Any help would be appreciated.

Take a look through these nmap docs - one port in particular should stand out. From there its fairly straight forward.

1 Like

@rpthomps , I also need help with Firewall and IDS/IPS Evasion - Hard Lab.
Did you pass it?

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Nope. Need another hint from @tylerptl

Type your comment> @pulsefinder said:

Nope. Need another hint from @tylerptl

~~ " Ncat uses its default port 31337 " - look into how to make a connection w/ncat and you should be good ~~

Edit: im an idiot - misread your post.

I’d recommend reading through this stackexchange post and then tie that in with the ‘DNS Proxying’ part of the Firewall & IDS/IPS section.

Type your comment> @akinamon said:

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Type your comment> @akinamon said:

Type your comment> @pulsefinder said:

which lab did you get stuck on? I have made it all the way to the very last lab (firewall-hard) and am stuck there. looking for help as well.

@pulsefinder , I am also stuck with the last lab firewall-hard. Did you pass it?

Re-read the Firewall and IDS/IPS Evasion section (right before the labs). They pretty much give you the answer right near the end.

1 Like

Thanks to @tylerptl and @farstrider for their help. I finally got this one. The problem I was having is that the target port was not showing up on any of my nmap scans. for some reason if I used the default for ports to be scanned (top 1000), I only got output in summary form, not detail by port. so I was limiting my scans to the top 50 ports and the target port was not among them (so it didn’t jump out at me as tylerptl said it would). Never figured that out but I found a workaround. If you use the --open option, your output will show all open ports. Because of filters, you will initially only see the two unfiltered ports. But, if you work through the techniques suggested in the writeup (as hinted by farstrider), you will eventually use one that makes the target port visible as “open”. It really is straightforward from there as both helpers said. @akinamon @rpthomps

I have been stuck on this module as well but the new port is the key to success… DNS Proxy section is there which you can benefit.

when I use nc for the opened port i got this error
“nc: bind failed: Address already in use” what should I do? plus there no ncat in the system

@OjMambo that’s because DNS is already being used on the machine you are on. You will need to stop it before you can bind anything to port 53.

Can you give a hint on the firewall evasion-Medium Lab? Thanks in advance

Hi, Please how did u pass the firewall evasion -Medium Lab ?

Exactly as described in the section Firewall and IDS IPS Evasion

1 Like

I am getting something different. Can it be the the firewall has blocked my IP? Even when I use “sudo nmap 10.129.249.228 -p50000 -sS -Pn -n --disable-arp-ping --packet-trace --source-port 53” as used in the section, the port status is closed and not open as it is in the module example. Could you please help further?

Are you in the medium or hard lab?
In the Medium Lab: Port 50000 has nothing to do with the medium Lab. The task is to find out the version of the DNS server. Think about the possibilities of NSE Scripts and read the “Decoys” section one more time.

1 Like

Thanks for prompt reply. My curiosity led me to try port 50000. I tried decoy, fragmentation, Syn scan from port 53, and sC on the filtered DNS port (53) but still remained filtered.

Don’t be confused by the word “filtred”. You want to know the version of the DNS server. An NSE script can help you. Also with a filtered port.

1 Like