Exam PT0-002 topic 1 question 56 discussion

nmap 192.168.2.2 -O -sV --top-ports=100 and SMB vulns for sure

Part 1: nmap -O -sV 192.168.2.2 --top-ports=100 Part 2: SMB vuln and Null session. Reason for both of them is because it's obvious port 139 and 445 is open, so that leave SMB vulnerable to weak file permission. This allows for a null session attack to occur. Just my opinion from my reasearch https://www.blumira.com/glossary/null-session/

1. nmap -O -sV 192.168.2.2 --top-ports=100 <--96(96 closed ports )+4(88, 139, 389, 445)=100 2. Null Session Enumeration <--port 139 (NetBIOS) and 445 (SMB) are open Weak SMB File Permissions <--port 445 (SMB) is open

Part 1: the command should be: nmap -sV -O 192.168.2.2 I would have included --top-port=100, however it's invalid. The correct flag would be --top-ports(plural)=100

If yall asked any ai “can nmap top ports command use the equal sign option?” it’ll tell you it doesn’t support it. So imma go with the answer with it

nmap -O -sV -p 1-1023 192.168.2.2 is the correct one look at the time it took to scan, 26 sec, the top 100 would be much faster.

Part 1: nmap -O -sV 192.168.1.176 --top-ports=100 Or nmap -O -sV -p 1-1023 192.168.1.176 (This one makes more sense) Part 2: Null session enumeration and Weak SMB file permissions

I would say nmap 192.168.2.2 -O ---top-port=100. I don't see the results of -sV, only a rough guessing of service based on port number. For the second part (SMB) Null session enumeration.

nmap 192.168.2.2 -O -sV --top-ports=100 SMB vuln and null session

FYI, that is not an Oracle MAC addy. Belongs to PCS Systemtechnik GmbH, so I'd prob add ARP spoofing.

PBQ: You are a penetration tester running port scans on a server. • Part 1: nmap 192.168.2.2 -O -sV --top-ports=100 • Part 2: Weak SMB file permissions & Null Session Enumeration

nmap -O -sV -p 1-1023 192.168.2.2 null session + smb exploit

If you used --top-ports=1000 or 1000, you are already wrong. Yes the concept is correct but the syntax is wrong. THERE IS NO EQUAL SIGN with the top ports command. It is either --top-ports 1000 or --top-ports 100. https://danielmiessler.com/blog/nmap-use-the-top-ports-option-for-both-tcp-and-udp-simultaneously/. The correct answer is the suggested answer.

This is also null session with both ports 139 and 445 being open. https://www.skillset.com/questions/the-null-session-attack-occurs-at-which-port

I don't know how many right answers the second part of the question has but 4 out 8 are vulnerabilities that need to further investigate. These are: Port 88/tcp: Kerberos-sec: This may be vulnerable to a Kerberos authentication bypass attack or password brute-forcing. Port 139/tcp: NetBIOS-ssn: This may be vulnerable to a NetBIOS-based attack, such as brute-forcing, relay attacks, or SMB exploits. Port 389/tcp: LDAP: This may be vulnerable to LDAP injection attacks, which can allow an attacker to modify, add, or delete data in the directory or perform unauthorized searches. Port 445/tcp: Microsoft-ds: This may be vulnerable to SMB exploits, such as EternalBlue, SMBGhost, or SMBRelay attacks.

Let's look at this: nmap -sV -O 192.168.2.2 --top-ports=100

Ran this on my tryhackme VM (diff IP of course) and the output is correct: Part 1: nmap 192.168.2.2 -O -sV --top-ports=100 Part 2: I wanna say SMB vulnerability. For more context see: https://www.examtopics.com/discussions/comptia/view/66556-exam-pt1-002-topic-1-question-12-discussion/