Solution: The -A switch is very useful…
I’m working on this HTB Academy module, and the second question is “Enumerate the hostname of your target and submit it as the answer.”
However, no nmap scan I’ve run returns a hostname. Just the target IP. I’ve also tried using nslookup, arp, and dig. Nothing I’ve tried works and it really looks like the target doesn’t have a hostname. Am I missing something?
hi how do you solve it? any hints
I am also having trouble with this. The device we are scanning is not on the local network so nslookup won’t work. I don’t know which DNS servers to specify in an nmap scan either.
EDIT Saw edited initial post. Kind of weird the update was at the beginning, but thanks.
Thanks for posting a great clue. Just wanted to add that I was not expecting how long the -A would take. I would guess close to 5 minutes on PWN Box. Also, I read this article, 10 nmap Commands Every Sysadmin Should Know - Benjamin Cane, it is also really useful if you are a sysadmin. I would recommend reading all of it and not just the bit about -A. It was for me, a much easier read than the nmap official site.
This command work for me.
map --script smb-os-discovery IPTARGET
That is really good. Faster option than -A. Thanks.
use the -sC flag for the default scripts they are some scripts available by default in nmap for more details about the host
Also this works
sudo nmap -sV
sudo nmap -sC
I ran nmap --script smb-os-discovery IPTARGET and the result showed computer name as nix-nmap-default. It happened to be the correct answer
-sV (Version detection) can or will get the hostname, although it does take a bit long.
to detect everything , nmap -sS -O -A ip addr -Pn