I am currently solving 25 days of the Advent of Cyber 3 on TryHackMe.com where each day they give a lab on a dedicated topic. Day10 is based on the Nmap tool. To solve the lab you need to find flags. Following my previous blog on NMAP, I thought it is good to exercise memory muscle by doing some practical exercises in this lab.
Note: To get a refresher on what is Nmap and how to use it, you can refer to my previous blog here.
Before we crack on the exercise part of the day, let’s understand a few networking terminologies such as IP address, Protocols, Servers, and Ports. If you’re into Networking Domain, you will be majorly using these terms only.
IP addresses:
IP stands for Internet protocol. It is a unique logical address assigned to every machine/host which is connected to the internet. Use ‘ipconfig‘ in the command prompt to find your system IP address in the Windows OS. If using the Linux terminal, use ‘ifconfig‘ command.
There are 2 versions of Internet protocol that coexist in the global internet: IP version 4(IPv4) and IP version 6 (IPv6). To keep things simple for the beginner, IPv4 is referenced in the THM lab. IPv4 uses 32 bits decimal addresses which limit the address space to 232 addresses (i.e. 4294967296).
IPv4 uses dot-decimal notation which consists of 4 octets of the addresses and their values lay in between 0-255.
There are 5 classes in IPv4: A, B, C, D, & E. Each class has a limit on the number of devices you can have on your network. Some IP addresses hold a special place such as 127.0.0.1 is a loopback address which means if you will ping on 127.0.0.1, the outgoing signals will come to your computer only (localhost). Just like that 1.1.1.1 is the public IP address that is assigned to Cloudflare.
Protocols and Servers:
To allow your website to be accessible on the Internet you will need a public IP address. A server is a host or a program that listens for incoming connections, usually from web browsers, and responds to their requests. A server usually refers to a computer system that provides services to other clients, i.e. other computers, over a network. Example services include serving webpages, delivering email, and facilitating video conferencing. Client and Servers interact with each other on a strictly defined protocol. A few of them are:
- Hypertext Transfer Protocol (HTTP) for serving webpages
- Domain Name System (DNS) for resolving hostnames to IP addresses
- Post Office Protocol version 3 (POP3) for delivering email
- Simple Mail Transfer Protocol (SMTP) for sending email
- Telnet for remote login
- Secure Shell (SSH) for secure remote login
To read more about these protocols, read RFC.
Port Numbers:
Since there are multiple processes are running on a host simultaneously. For a host to find out which data packet will deliver where it is crucial to have a unique number for each of these processes. It is like the house number in the home address. For e.g. –
- For packets of type TCP with port number 22, the destination process is the SSH server.
- For packets of type TCP with port number 80, the destination process is the HTTP server.
- For packets of type UDP (or TCP) with port number 53, the destination process is the DNS server.
There are 65535 ports numbers and the most commonly used are below:
Day 10 Challenge & My learnings:
Day 10 challenge was fairly simple. We were asked to run TCP Connect (-sT) and TCP SYN (-sS) scans on Terminal and compare their results. They have also covered how to scan the first 1000 ports, or certain ports using ‘-p’ or all ports either defining the port range using ‘-p range’ or ‘-p-‘ option.
I have also learned how to use ‘-sV’ to identify the services and their versions. Outside of Nmap, there was a question on locating a CVE of Apache webserver. Overall, I enjoyed solving the lab and it was good learning about Nmap and how to refer common vulnerabilities and exposures repositories for the pre-existing exploits.