A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A . nmap192.168.1.1-5CPU22-25,80
B. nmap192.168.1.1-5CPA22-25,80
C. nmap192.168.1.1-5CPS22-25,80
D. nmap192.168.1.1-5CSs22-25,80
Answer: D
Explanation:
The -sS option in nmap is for SYN scan, also known as half-open scanning. It’s the most popular scan option because it can scan thousands of ports per second on a fast network not hampered by restrictive firewalls. A SYN scan can help the penetration tester discover open ports which might be potentially vulnerable.
Option A with -PU indicates UDP Ping, which is not relevant in this case as we’re looking for TCP services that might be vulnerable.
Option B with -PA indicates TCP ACK ping. This won’t help in identifying open or vulnerable ports; it’s typically used to determine if a host is online.
Option C with -PS indicates TCP SYN ping. This also won’t help in identifying open or vulnerable ports; it’s typically used to determine if a host is online.
Remember, the syntax of the nmap command should be: nmap -sS 192.168.1.1-5 -p22-25,80. The ‘-p’ option is used to specify the port range.
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund