| Lab/Room | TryHackMe - Pentester |
|---|---|
| Type | Challenge |
| Statut | Done |
| Date | 07/03/2026 |
Learn about active recon, web app attacks and privilege escalation.
Teaching how to use the basic recon tools, shell access and priv escalation.
Nmap is a network scanning tool widely used in cybersecurity, system administration, and penetration testing to discover hosts, identify open ports, and enumerate services running on a target machine. During the reconnaissance phase of a security assessment, Nmap helps map the attack surface by revealing which services are accessible and potentially vulnerable.
A typical Nmap scan works by sending specially crafted packets to a target host and analyzing the responses. From these responses, Nmap can determine whether ports are open, closed, or filtered, and in many cases identify the service and its version.
Several flags allow the scanner to adjust the depth and behavior of the scan:
sV attempts to determine the version of the services running on open ports. This is important for vulnerability identification because exploits often target specific service versions.p <x> scans a specific port, while p- scans all 65,535 ports, ensuring that no uncommon service is missed.Pn disables host discovery. Instead of first checking whether the host responds to ping probes, Nmap assumes the host is up and proceeds directly with the port scan. This is useful when ICMP requests are blocked by firewalls.A enables aggressive scanning, which combines multiple enumeration techniques including OS detection, version detection, traceroute, and script scanning.sC runs the default set of Nmap scripts from the Nmap Scripting Engine (NSE), allowing automated service enumeration and basic vulnerability checks.v activates verbose mode, providing more detailed output during the scan.sU performs a UDP port scan, useful for identifying services such as DNS, SNMP, or NTP that operate over UDP.sS performs a TCP SYN scan (also called a half-open scan), which is fast and stealthier than a full TCP connection scan because it does not complete the handshake.Nmap also provides operating system detection using the -O flag. This feature analyzes network characteristics such as TCP/IP stack behavior and packet responses to infer the likely operating system running on the target host.
In practice, penetration testers often combine multiple flags in a single command to perform efficient enumeration. For example, combining service detection, default scripts, and verbose output allows the tester to quickly gather detailed information about the target system while monitoring the scan progress.