12/20/22, 10:26 AM NMAP: Note My Abstract Ports!

- HACKLIDO

 ❆ 1 of 2 posts  
(

 Ethical Hacking (/t/ethical-hacking) ❆

 Network Security (/t/network-security)

OSCP (/t/oscp) nmap (/t/nmap)

NMAP: Note My Abstract Ports!

❅ ❅

 Share

⚡ Sponsored by: Learn Reverse Engineering at guidedhacking.com  (https://guidedhacking.com)

⚡ Sponsored by: DM hacklido in twitter to talk about sponsorships!  (https://twitter.com/hacklido)

❅ Level 1
thexssrat (/u/thexssrat) 2 days ago Edited

 ❅  ❆
Home Tags 
(/) (/tags) Log In

https://hacklido.com/d/128-nmap-note-my-abstract-ports 1/7
12/20/22, 10:26 AM NMAP: Note My Abstract Ports! - HACKLIDO

 ❆
(

❅ ❅

Introduction
Nmap= network mapper
❅
Nmap is a free and open source tool that many hackers keep handy in their tool belts. It’s often our first weapon of choice as recon is very
important and we can’t know what to investigate if we don’t even know what ports are open on our server.

Ports
❅talk about both UDP and TCP ports. There is a big difference between
When i talk about ports, i can
  ❆ these two protocols but to keep it
simple, TCP packages always give a confirmation making it so that every
Tagspackage surely gets delivers. This takes time as the server has to
Home
(/)
wait for the confirmation for every single package. UDP tries to get(/tags)
rid of that by simply sending the packages and not waiting for
https://hacklido.com/d/128-nmap-note-my-abstract-ports 2/7
12/20/22, 10:26 AM NMAP: Note My Abstract Ports! - HACKLIDO

confirmation.
 ❆
( TCP is often used in applications where it’s very important all packages get delivered in the exact order. For example if you download a file,
that will probably be done in the TCP protocol whereas a youtube video will probably be sent through a port via UDP.

I keep talking about everything but Nmap it seems but to understand what it does, we need to understand these basic concepts first. It’s ❆
really important to know there are 65,535 ports that a server can have in use.

Status of the ports

These ports can have different statuses, just like ports in real life. They can be opened which is pretty self explanatory, it would be like an
open gate where all the foot traffic would be allowed to go through as long as they follow the protocol that is bound to that port.
❅ ❅
Open
Every open port is going to form a risk in terms of attackers like us. We are trying to find open ports so we can possible find out what is
running on that ports (For example a webserver or ssh) and then possibly try to find an exploit for it. Our biggest attack surface is going to
be web in most cases which will be running on port 80 and/or 443. Don’t be fooled though, webservers can be configured to run on any port
and both on the TCP/UDP protocols. More on this later in the “flags” chapter.

Closed
A closed port is pretty useless to us as hackers, we can access it but there is nothing running it, basically an empty pit that we can stuff
too. ❅

Filtered
A filtered port is mostly a mystery to us. How Nmap works is it sends a probe to a port and waits for a reply but in case of a filtered port,
a package filter is preventing our probe from reaching our target. These ports are very frustrating to an attacked because they provide
very little information.

 ❅  ❆
Home Tags
(/) (/tags)

https://hacklido.com/d/128-nmap-note-my-abstract-ports 3/7
12/20/22, 10:26 AM NMAP: Note My Abstract Ports! - HACKLIDO

 Others ❆
(
There are some other statuses as well but they are less prevalent while pentesting and can be found in the Nmap documentation or the help
pages.

Unfiltered ❆
open|filtered
closed|filtered

https://nmap.org/book/man-port-scanning-basics.html (https://nmap.org/book/man-port-scanning-basics.html)

Basic nmap scan

❅ ❅
If we combine all this we can execute several useful nmap commands. Right now we have the basics ready where we can scan an IP adres or
website(As these URLs also resolve to an IP, they can also be scanned but be mindful of things like loadbalancers here).

nmap 10.10.10.10

Show me your secrets

Knowing whether or not a port is open or closed is ofcourse useful information but what we really need to know is what software is listening
on that port. This is where nmap starts to get interesting because we can work with flags.
❅
nmap -sV 10.10.10.10

When we add the -sV flag, Nmap will automatically try to grab the banners wherever possible. Every application that runs on a network port
broadcasts a banner unless the administrators disabled it. Nmap will also try to grab the version of the software running to give you a
better overview of where to look and how to exploit it possibly. We can use this data and go to exploit-db to find our exploit and execute a
PoC.
 ❅  ❆
Home Tags
(/) (/tags)

https://hacklido.com/d/128-nmap-note-my-abstract-ports 4/7
12/20/22, 10:26 AM NMAP: Note My Abstract Ports! - HACKLIDO

 ❆
nmap -sV --version-intensity 9 10.10.10.10
(

If we add the –version-intensity flag, we can make Nmap’s version identifying probes either more or less likely to identify the correct
version of software but ofcourse a higher level of intensity will take a lot longer.
❆

Scripting the night away

Nmap also comes with a bunch of pre-installed scripts that you can run. By default it will not run these scripts but if we add the -sV flag,
Nmap will execute the scripts that match the port it’s found. For example if it finds port 80 and then it will run all the scripts it has
available for a webserver.

❅ ❅
nmap -sC 10.10.10.10

Expanding our scans

By default nmap will scan only the top 1000 most popular post but there are so many more. It will also just scan UDP ports by default. If we
want to add TCP we need to add another flag as well.

 4 Reply 

⚡ Sponsored by: Hackerats - Play Learn Earn!  (https://hackerats.com/)

❅

⚡ Sponsored by: DM hacklido in twitter to talk about sponsorships!  (https://twitter.com/hacklido)

Home for infosec writers and readers.

Create your account today and explore more content on this platform. You can also start blogging and be inspiration for others 😎

 ❅  ❆
Signup
Home Tags
(/) (/tags)

https://hacklido.com/d/128-nmap-note-my-abstract-ports 5/7
12/20/22, 10:26 AM NMAP: Note My Abstract Ports! - HACKLIDO

Level 0
King_Leviathan (/u/King_Leviathan) 2 days ❆

(
K ago

Thanks

Reply 
❆

Write a Reply...

❅ ❅

Blogpost that you may like!

My Recon methodology and tools for bug bounty and web 2.1K

(/u/0xManan) security
 Web Security  CTFs $ Bug Bounty
 0xManan replied 4 days ago
tips&tricks
❅
Whoami??? Greetings, Amazing People. I’m Manan Patel, and I’m an Indian security researcher (Gujarat). In this blog, I’ll discuss My
Recon Tools, which were a great aid to me ...
(/d/110-my-recon-methodology-and-tools-for-bug-bounty-and-web-security)

Writing Build script to setup our VM 490

(/u/jopraveen)  Ethical Hacking  CTFs  Scripting  usr2r00t replied 15 Nov

You can❅run vagrant status to check the status of your
Status
 boxes Let’s start this with❆vagrant up Build script Ok what is a build
Home
script? Build script is used to setup the ... Tags
(/) (/tags)

https://hacklido.com/d/128-nmap-note-my-abstract-ports 6/7
12/20/22, 10:26 AM NMAP: Note My Abstract Ports! - HACKLIDO

(/d/40-writing-build-script-to-setup-our-vm)
 ❆
(
How I Got My First Reflected XSS Bug Bounty! 1.0K

(/u/WhiteFight18)  Web Security XSS burpsuite  WhiteFight18 replied 2 days ago ❆

Recently, I got engaged with another cybersecurity project: bug hunting on openbugbounty. In this write-up, I’ll do a simple
walkthrough, and hopefully you’ll learn something ...
(/d/123-how-i-got-my-first-reflected-xss-bug-bounty)

How I found my first RCE! 1.3K

(/u/302Found) ❅Web Security $ Bug Bounty tips&tricks ❅

 Khafagy replied 7 days ago
Writreup
Remote code executions (RCEs) are dreams of all, but only some of them have found it. This story is about how I was able to find
my RCE using simple fuzzing techniques and a l...
(/d/101-how-i-found-my-first-rce)

How to start learning Ethical Hacking | A Roadmap for new 566

(/u/dheerajydv19) learners in Cybersecurity

 Ethical Hacking  Linux Certifications
❅
tips&tricks

 dheerajydv19 replied 21 days ago

This blog will introduce you to the best resources that are freely available on the internet to start your career in cybersecurity.
This blog will be only for beginners who do...
(/d/80-how-to-start-learning-ethical-hacking-a-roadmap-for-new-learners-in-cybersecurity)
 ❅  ❆
Home Tags
(/) (/tags)

https://hacklido.com/d/128-nmap-note-my-abstract-ports 7/7