The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?
To conduct a host discovery and write the results to files without returning results of the attack machine, the most suitable command is: nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt. The -sn option performs a ping sweep to discover live hosts without scanning their ports, the -n option skips DNS resolution for faster results, and the -exclude option ensures the attacker's machine (10.1.1.15) is not included in the scan. The -oA option writes the results to files in three formats (normal, XML, and grepable) under the base name target_txt. This combination meets all the specified requirements effectively.
https://subscription.packtpub.com/book/networking-and-servers/9781849517485/2/ch02lvl1sec31/excluding-hosts-from-your-scans
In the given scenario where the attacking machine is on the same LAN segment as the target host, and the goal is to conduct host discovery (referred to as "host delivery" in the question) and write the discovery to files without returning results of the attack machine, option A is the most suitable command: A. nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt Explanation: -sn: Performs a ping sweep to discover hosts without scanning ports. -n: Prevents DNS resolution, so only IP addresses will be displayed. -exclude 10.1.1.15: Excludes the specified IP address (presumably the attacking machine) from the scan. 10.1.1.0/24: Specifies the subnet to scan. -oA target_txt: Writes the results to files in three different formats (normal, XML, and grepable) with the base name "target_txt." The other options do not meet the requirements as described:
Going with A. More context. https://www.examtopics.com/discussions/comptia/view/89597-exam-pt0-002-topic-1-question-223-discussion/
Option A (-sn) will perform a "ping sweep" to discover live hosts on the network without running port scans, and the "-n" option will skip DNS resolution to speed up the scan. The "-exclude" option can be used to exclude a specific IP address from the scan, and the "-oA" option is used to output the results to a set of files with a user-specified prefix.
-O is for Host OS discovery and -iL is for writing output to a file
-O: Enable OS detection -iL <inputfilename>: Input from list of hosts/networks -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename. -oA <basename>: Output in the three major formats at once. This was pulled directly from - https://nmap.org/book/man-briefoptions.html
The command "nmap -Pn -sV -O -iL target.txt -oA target_text_Service" (option C) will BEST enable the attacker to conduct host discovery and write the results to a file without returning results to the attack machine. The options -Pn and -sV specify that the attacker wants to conduct a ping scan and version detection, and the option -O specifies that the attacker wants to conduct OS detection. The option -iL reads the targets from a file, which helps to avoid returning results to the attacker machine, and the option -oA specifies that the results should be written to a file in multiple formats.
answer A is correct
A. nmap -sn -n --exclude 10.1.1.15 10.1.1.0/24 -oA target_txt Explanation: • -sn: This option tells Nmap to perform a ping scan, which will discover hosts without doing a port scan. • -n: This option skips DNS resolution, making the scan faster. • --exclude 10.1.1.15: This option excludes the specified IP address (the attacker’s machine) from the scan. • 10.1.1.0/24: This specifies the IP range to scan. • -oA target_txt: This option outputs the results in three formats: normal, XML, and grepable, all with the base name target_txt.
A will exclude machine and return output in 3 most used formats
isn't A missing part of the correct command Is there an old nmap version that allowed only -exclude? -exclude-hosts (missing -hosts).
Option A would exclude the IP address 10.1.1.15 and scan the entire 10.1.1.0/24 network, but it does not specify any additional options that would enable host discovery or write the discovery results to files. The -sn option used in option A instructs nmap to perform a "ping scan" to determine which hosts are up, but it does not perform port scanning or service enumeration, which are typically necessary for a comprehensive host discovery. Option D, on the other hand, uses the -sS option to perform a SYN scan, which allows for host discovery and port scanning, and the -oA option to write the results to files in several formats. These features make option D a better choice for conducting host discovery and writing the discovery results to files.
Scratch that, as someone already stated: All the other commands would return the results to the attack machine. Option A is the only command that does not return the results to the attack machine, but it is not the best option because it is not relevant to the requirement of "conducting host discovery and writing the discovery to files".
The best command to enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine would be B. nmap -iR 10 -n -oX out.xml | grep "Nmap" | cut -d "" -f5 > live-hosts.txt. This command performs a reverse DNS lookup to generate up to 10 targets for Nmap to scan, then outputs the results to an XML file and filters out any results from the attacking machine before redirecting the remaining hostnames to a text file.
A is for sure correct
Doing the commands myself B is the only one that does not return results to host......
Nope Definitely Not, Changing to A
A is correct
dddddddddddddd
A is correct
B seems to be correct, Question says "write the discovery to files without returning results of the attack machine" All other option returns results. The only issue I have is the -iR 10 , so just 10 random addresses, but can change this to -iR 100