Skip to content

Intro to Nmap⚓︎

Intro to Nmap

Difficulty:
Direct link: Intro to Nmap
Area: Hotel parking lot
In-game avatar: Eric Pursley

Objective⚓︎

Request

Meet Eric in the hotel parking lot for Nmap know-how and scanning secrets. Help him connect to the wardriving rig on his motorcycle!

Eric Pursley

Hey, I'm Eric. As you can see, I'm an avid motorcyclist. And I love traveling the world with my wife.
I enjoy being creative and making things. For example, a cybersecurity tool called Zero-E that I'm quite proud of, and the Baldur's Gate 3 mod called Manaflare. I'm even in the BG3 credits!
I also make tools, ranges, and HHC worlds for Counter Hack. Yup, including the one you're in right now.
But most of the time, I'm helping organizations in the real world be more secure. I do a bunch of different kinds of pentesting, but speciailize in network and physical.
Some advice: stay laser-focused on your goals and don't let the distractions life throws at you lead you astray. That's how I ended up at Counter Hack!

High-Level Steps⚓︎

  1. Scan – Discover open ports using Nmap.
  2. Identify – Enumerate services and versions on discovered ports.
  3. Interact – Connect to services to verify access and complete the challenge.
flowchart TD

  subgraph Row1["Scan"]
    direction LR
    A[Default TCP scan]
    B[Full port scan]
    C[IP range scan]
    A --> B --> C
  end

  subgraph Row2["Identify"]
    direction LR
    D[Locate open port]
    E[Service and version detection]
    D --> E
  end

  subgraph Row3["Interact"]
    direction LR
    F[Connect with Ncat]
    G[Read service banner]
    H[Objective completed]
    F --> G --> H
  end

  Row1 --> Row2
  Row2 --> Row3

Solution⚓︎

The initial prompt
Intro to Nmap

Goal 1 :⚓︎

When run without any options, nmap performs a TCP port scan of the top 1000 ports. Run a default nmap scan of 127.0.12.25 and see which port is open.

 nmap 127.0.12.25
Output :
Intro to Nmap

Goal 2 :⚓︎

Sometimes the top 1000 ports are not enough. Run an nmap scan of all TCP ports on 127.0.12.25 and see which port is open. 

 nmap -p- 127.0.12.25
Output :
Intro to Nmap

Goal 3 :⚓︎

Nmap can also scan a range of IP addresses. Scan the range 127.0.12.20 - 127.0.12.28 and see which has a port open. 

nmap -p- 127.0.12.20-28
Output :
We see a port 8080 open.
Intro to Nmap

Goal 5 :⚓︎

Nmap has a version detection engine, to help determine what services are running on a given port. What service is running on 127.0.12.25 TCP port 8080? 

nmap -p 8080 -sV 127.0.12.25
Output :
Intro to Nmap

Goal 6 :⚓︎

Sometimes you just want to interact with a port, which is a perfect job for Ncat!
Use the ncat tool to connect to TCP port 24601 on 127.0.12.25 and view the banner returned. 

nc 127.0.12.25 24601
Output :
After connecting to the port 24601 via ncat, the objective is completed. Intro to Nmap

Answer

Completed in the game.

Response⚓︎

Eric Pursley

Excellent! You stayed laser-focused and didn't let any distractions lead you astray - that's exactly how you reach your goals!

Learnings⚓︎

  1. Start with Nmap.
  2. After identifying the open port, check the service and interact with it.

Prevention & Hardening Notes⚓︎

  1. Scan from the outside so you see what attackers see.
  2. Only expose what’s needed, on the interfaces and ports you actually intend to use.