WEBVTT 00:00.720 --> 00:05.950 Active information gathering with Metasploit scanning is an active information gathering technique, 00:06.150 --> 00:11.280 each which in which we will now start dealing with the target directly. 00:11.760 --> 00:17.340 So port scanning is an interesting process of information gathering, so it involves a deeper search 00:17.340 --> 00:18.420 of the target machine. 00:18.600 --> 00:22.830 But science active for scanning involves reaching out to the target systems. 00:23.430 --> 00:27.450 These activities can be detected by firewalls and intrusion preventing systems. 00:28.080 --> 00:35.940 So there are a variety of scanners available to us within the Metasploit Framework to allow A. to properly 00:35.940 --> 00:39.900 enumerate and the trigger systems to list all the available ports. 00:39.900 --> 00:41.160 Airports can mid-Wales. 00:41.160 --> 00:48.520 You can use the search command like that, for example, search ports, scout ops. 00:48.840 --> 00:52.440 We have to start Metasploit first immersive console. 00:53.800 --> 01:01.350 And then, uh, use search command to search Potiskum go. 01:02.330 --> 01:06.590 Unless you can see we have a serious here that's going to support. 01:07.760 --> 01:15.680 So we will use TPM ports, guns so we can start by doing a basic thesepeople scan within the TCP, ports 01:15.700 --> 01:16.720 can actually remodel. 01:16.740 --> 01:20.480 So, uh, see what we can find sensitive zipper ports can. 01:20.480 --> 01:24.260 That actually model doesn't need administrative privileges on the source machine. 01:24.560 --> 01:31.400 It can be extremely useful when piloting saw to run the DC ports are going to result in axillary module. 01:31.670 --> 01:38.750 We need to set them up, uh, our host to get to a target range of here. 01:39.230 --> 01:44.090 So now, actually, now I will start our year of. 01:46.160 --> 01:50.780 Sure, let's set the resolution a bit higher resolution. 01:53.690 --> 01:54.290 Yes. 02:01.990 --> 02:05.080 This configuration here and then. 02:06.050 --> 02:06.310 Yes. 02:09.800 --> 02:10.130 So. 02:12.040 --> 02:17.450 Now I will of I will open our target machine. 02:17.470 --> 02:19.360 This is Metasploit about here. 02:20.060 --> 02:26.550 Uh, this is just an exploitable Linux machine for, uh, penetration testing here. 02:27.020 --> 02:28.450 Uh, so let's open it. 02:29.200 --> 02:30.700 Uh, Metasploit about. 02:32.050 --> 02:39.070 And I think this is it's ingenious name Metasploit able. 02:40.620 --> 02:42.270 Here and play. 02:43.790 --> 02:44.300 Yes. 02:45.020 --> 02:45.530 Yes. 02:46.910 --> 02:51.830 And it's the Windows Capture Window Capture, Metasploit Tumble. 02:53.990 --> 02:55.370 Support very much trying to. 03:00.150 --> 03:03.990 Yes, this is our greatest political machine here. 03:09.710 --> 03:15.080 Properties automatic windows on this Metasploit A. 03:15.740 --> 03:18.350 That's decrease the size a little bit. 03:19.970 --> 03:21.650 So I will look in here. 03:21.890 --> 03:31.530 Actually, they are in the, uh, same net network here, so, uh, emissive admin and admin and password 03:31.530 --> 03:32.970 this massive item in here. 03:33.860 --> 03:34.180 Oh. 03:36.030 --> 03:36.880 You can see here. 03:42.310 --> 03:44.050 Then we will use. 03:45.160 --> 03:52.810 Let's open up the next machine here now, and we will use axillary that scans Typekit port, so uh, 03:52.810 --> 03:56.710 actually he has to A.C. proportionate. 03:56.710 --> 04:06.010 As you can see, there's a description here, so use a auxiliary scanner, UM port scan or scan and 04:06.570 --> 04:14.800 ECP it you can see here with, uh, used it and we have to set some properties to it. 04:14.810 --> 04:18.040 So as you can see here, uh, options start. 04:18.280 --> 04:24.430 So the concurrency, this isn't the number of concurrent ports to check per host delay. 04:24.430 --> 04:27.160 The delay between connections pushed through in milliseconds. 04:27.370 --> 04:32.950 So how much your delay is, the much, uh, your, uh, scan will not be less noticeable. 04:33.400 --> 04:40.600 So now we have thread the number of concurrent threads max run per host and time out, and we have rehearsed 04:40.840 --> 04:43.960 so we can determine the source, uh, here, as you can see here. 04:44.380 --> 04:47.320 So we will edit our hosts here. 04:47.800 --> 04:51.010 So the set up costs. 04:51.340 --> 04:54.880 So as you know, we opened our, uh, machine. 04:54.970 --> 05:00.280 Um, we opened our Metasploit, uh, virtual machine in the same network. 05:00.280 --> 05:03.880 So carry the main exploitable is on the same network. 05:03.880 --> 05:13.600 So let's let's uh, well, let's see what um is our uh, lan ip IP actually ifconfig ifconfig. 05:14.020 --> 05:15.490 And as you can see it here. 05:15.670 --> 05:23.860 So now, uh, then uh, we will enter, uh, here, our IP here. 05:28.330 --> 05:28.690 Yes. 05:32.570 --> 05:41.540 And zero, 24, because as you can see here, this is three times 255 and because this is 24, so we 05:41.540 --> 05:44.330 will search only these changeable eyepiece. 05:44.780 --> 05:51.800 So I appear engines zero to 24 broadcast here, as you can see political stripes here. 05:52.340 --> 06:00.440 So now we will set the threads 200 cent rates, who said threads? 06:00.860 --> 06:02.060 Uh, two hundred. 06:03.760 --> 06:05.170 Upstart's, thanks a lot. 06:06.430 --> 06:08.140 And let's see what we have done. 06:08.410 --> 06:13.540 Three hundred and Typekit and just, uh, from zero to 255 55. 06:14.020 --> 06:18.910 And um, so now, uh, we can start here. 06:18.910 --> 06:19.270 So. 06:20.900 --> 06:21.410 All right. 06:24.400 --> 06:25.840 Hillary is running, no. 06:26.020 --> 06:28.660 It might take some time, but we are. 06:28.810 --> 06:31.210 We increased our threats here. 08:25.420 --> 08:30.580 As you can see here, we found some more compounds in this IP address. 08:30.610 --> 08:37.150 And as you can see, three three eight nine is open uh, seven five eight zero is open. 08:37.420 --> 08:41.980 And this may take some time for it to find open ports. 08:42.340 --> 08:49.240 Uh, which is axillary, but there is a bairstow's such as, uh, any map to find open ports, uh, 08:49.240 --> 08:50.470 faster than this.