Exam PT0-001 topic 1 question 140 discussion

nmap -sV -O --top-ports 100 192.168.2.2 Looking at the output you can see ports 139 and 445 are opened. This is wide open for a Null session attack.

Im going with: nmap -sV -O --top-ports 100 192.168.2.2 Tried scanning 1 host on my machine. without -sV you will not get question marks in your port services. we can also clearly see only 100 ports are being scanned. Commander123 is correct.

The correct answer is nmap 192.168.2.2 sV -O. You place it in this order because it is how the output was display in the shell. But placing sV and -O before the ip address is fine as well. What isn't correct are the syntaxes --top-ports=1000 or --top-ports=100 it is stated as ---top-ports 100 or --top-ports 1000. Be carful of those gotchas

my 2 cents: nmap -sV -O --top-ports 100 192.168.2.2 Null Session & weak SMB

It was on the exam

I believe the potential attack vectors for the second part are: Null session enumeration Weak SMB file permissions ARP spoofing

how about this? nmap --top-ports=100 -Pn -O -sV 192.168.2.2 is this correct?

for sure is nmap -sV -O --top-ports 100 192.168.2.2 So you can see in the output it says "OS and Service detection performed" ( aka -sV and -O) by default nmap scans the top 1000 ports so they had to specifiy --top-ports 100, it shows 4 ports and at the top of the output says 96 closed ports. Second part: I agree that this is wide open for a Null session attack, but also we should look into weak smb file permissions. If they are just read they cant do much with this, but if its write we can do quite a bit. -- https://care.qumulo.com/hc/en-us/articles/360011328533-SMB-Share-Permissions

For the Second part i would go Null session. Once we identify the Netbios port being up we can use commands such as nbtstat to identify any null sessions.

The command should include top-ports=100 since the number of closed ports is 96. By default nmap scans for 1000 ports