Suppose you have gained access to a Windows machine through hacking and discovered that it is connected to an internal network. In this situation, you may want to run nmap directly from the compromised Windows machine, as scanning with Kali using proxychains can be slow and scanning with an sshuttle connection can be unreliable.
However, nmap on Windows may generate errors about missing DLL files. This is because of missing visual studio files. This post provides a solution to this problem without downloading visual studio.
This post provides step-by-step instructions on how to install nmap on Windows from a Pentester’s perspective. Everything will be done entirely from a shell, as it is unlikely that you have access to a GUI on a compromised machine. These instructions have been tested on Windows 10 and have worked without issue, but the outcome may vary depending on the version you are using.
Install NMAP
First, you’ll need to install the nmap zip file for Windows. I’m going to install this zip file and all the DLLs directly on the Kali. From there we can put combine them in a folder and bring it to the Windows machine.
Lets install the zip file for nmap
wget https://nmap.org/dist/nmap-7.91-win32.zip
Then, we extract the zip file
unzip nmap-7.91-win32.zip
Install DLLs
Now we need to install the DLL files. This site is a great place to find DLLs. Open Firefox and go to the links below to download them.
This is the link to download msvcp120.dll (the download automatically starts):
https://www.dll-files.com/download/854fb5751985d6d40fa12bc9c3e82be5/msvcp120.dll.html?c=THVJVTlvZS84K1VzRGdkaGdlSG1IZz09Second DLL file you’ll need is the msvcr120.dll file. This is the link to download msvcr120.dll (the download automatically starts):
https://www.dll-files.com/download/7dabb11da67d32c5dc917839fcbeb16d/msvcr120.dll.html?c=N2VxRk9FMkxEZGNCOHhNTUQ0VmNFZz09Extract the files once they’re downloaded.
Put these DLL files in the same directory as the NMAP files.
mv *.dll <directory_where_you_unzipped_nmap>
Now the nmap folder should have the two dll files
Transferring the folder to Windows
This example will show nmap scanning the ip 192.168.5.5 from a compromised Windows machine.
First, lets zip up the nmap folder.
Now lets set up a python webserver on Kali so we can download the zip file on Windows
python3 -m http.server 80
Now lets download the zip file on the Windows machine
We need to unzip the file now. Lets use tar since it comes installed in C:\Windows\System32
Check the nmap directory to see if the files are there.
We can now switch to that directory and run nmap
Be sure to share this post if you enjoyed it. Thank you!
