1 1 00:00:00,388 --> 00:00:02,791 Now that we're in phase two, scanning and enumeration 2 2 00:00:02,791 --> 00:00:05,317 we've gotta find a hole in the network in order to break in. 3 3 00:00:05,317 --> 00:00:08,249 Since this is an introductory course, we're gonna use ZenMap 4 4 00:00:08,249 --> 00:00:10,007 which is a graphical user interface 5 5 00:00:10,007 --> 00:00:12,731 for the world's most popular scanning tool Nmap. 6 6 00:00:12,731 --> 00:00:15,133 Zenmap is truly powerful because it uses Nmap 7 7 00:00:15,133 --> 00:00:17,126 as its workhorse to do all the scanning, 8 8 00:00:17,126 --> 00:00:19,489 but provides us with the easy to use graphical interface 9 9 00:00:19,489 --> 00:00:21,604 that makes setting up our scans simple, 10 10 00:00:21,604 --> 00:00:24,294 and consolidates all of our text based output from Nmap 11 11 00:00:24,294 --> 00:00:27,349 into a nice, concise format for us to read. 12 12 00:00:27,349 --> 00:00:29,425 Another great feature of Zenmap is the ability 13 13 00:00:29,425 --> 00:00:30,967 to customize the scan parameters, 14 14 00:00:30,967 --> 00:00:32,801 it provides us the command line syntax 15 15 00:00:32,801 --> 00:00:34,880 that would be required by Nmap to perform the scan 16 16 00:00:34,880 --> 00:00:36,957 but then allows us to add or change those parameters 17 17 00:00:36,957 --> 00:00:38,743 to make it a more refined scan. 18 18 00:00:38,743 --> 00:00:41,146 The final benefit of Zenmap is that it also creates 19 19 00:00:41,146 --> 00:00:43,014 a database of the past scans. 20 20 00:00:43,014 --> 00:00:44,683 Which can be saved for future reference. 21 21 00:00:44,683 --> 00:00:45,865 This is a wonderful feature 22 22 00:00:45,865 --> 00:00:47,454 to aid in your documentation of the network, 23 23 00:00:47,454 --> 00:00:48,953 and allows us to go back to those details 24 24 00:00:48,953 --> 00:00:50,603 in the future if we need em. 25 25 00:00:50,603 --> 00:00:52,648 So what kind of information do we need to get started? 26 26 00:00:52,648 --> 00:00:53,788 And what kind of information 27 27 00:00:53,788 --> 00:00:55,130 are we going to find during our scanning? 28 28 00:00:55,130 --> 00:00:57,127 Well to get started, we're gonna need either an IP address, 29 29 00:00:57,127 --> 00:00:59,411 or a range of IPs, we should have that information though 30 30 00:00:59,411 --> 00:01:00,874 from our reconnaissance phase. 31 31 00:01:00,874 --> 00:01:03,073 Using that information we're gonna perform different scans 32 32 00:01:03,073 --> 00:01:05,108 to determine different levels of information. 33 33 00:01:05,108 --> 00:01:07,346 Our most basic scan are simply pings, 34 34 00:01:07,346 --> 00:01:08,483 to determine if the machines are up 35 35 00:01:08,483 --> 00:01:09,911 and responding on the network. 36 36 00:01:09,911 --> 00:01:11,754 This certainly falls into our scanning category 37 37 00:01:11,754 --> 00:01:13,465 in our scanning and enumeration phase. 38 38 00:01:13,465 --> 00:01:15,428 Next, we're gonna begin scanning for open ports 39 39 00:01:15,428 --> 00:01:17,706 then we'll finally move into more in-depth scans 40 40 00:01:17,706 --> 00:01:19,911 where we can use that information received to perform 41 41 00:01:19,911 --> 00:01:22,189 a basic enumeration of the host to determine 42 42 00:01:22,189 --> 00:01:25,819 the Operating System, the version of the software, and more. 43 43 00:01:25,819 --> 00:01:29,562 So lets get started tryin to find those holes. 44 44 00:01:29,562 --> 00:01:31,186 Now before we begin scanning our network, 45 45 00:01:31,186 --> 00:01:32,204 we need to set up our network 46 46 00:01:32,204 --> 00:01:34,325 to make sure they're all still on an isolated net. 47 47 00:01:34,325 --> 00:01:37,905 To do this we're gonna open up Virtual Box. 48 48 00:01:37,905 --> 00:01:41,635 From Virtual Box we're gonna go to preferences, 49 49 00:01:41,635 --> 00:01:44,037 and then we're gonna click on network. 50 50 00:01:44,037 --> 00:01:45,991 Then we're gonna click on host only network, 51 51 00:01:45,991 --> 00:01:49,811 to create a network just for our virtual machines to use. 52 52 00:01:49,811 --> 00:01:52,332 We're going to click on the adapter to add, 53 53 00:01:52,332 --> 00:01:53,915 with the plus sign. 54 54 00:01:55,342 --> 00:01:59,425 And you'll see you now have Virtual Box net zero. 55 55 00:02:00,969 --> 00:02:03,456 We're gonna click on the screw driver icon 56 56 00:02:03,456 --> 00:02:05,328 which is gonna allow us to configure it, 57 57 00:02:05,328 --> 00:02:09,559 and it has by default 192.168.56.1 that's fine, 58 58 00:02:09,559 --> 00:02:12,169 we can use that but we do want to set up a DHCP server. 59 59 00:02:12,169 --> 00:02:15,474 So we'll click on that, and say enable server. 60 60 00:02:15,474 --> 00:02:19,057 We're gonna use 192.168.56.1 as our server. 61 61 00:02:20,718 --> 00:02:24,885 Our mask will be a standard class C 225.255.255.0. 62 62 00:02:26,227 --> 00:02:28,743 Our lower bound we'll hand out IPs starting at 100, 63 63 00:02:28,743 --> 00:02:32,910 so 192.168.56.100 and our upper bound we'll use as 50. 64 64 00:02:34,827 --> 00:02:38,077 192.168.56.150 this will give us 50 IPS 65 65 00:02:41,590 --> 00:02:43,906 that can be handed out to our virtual machines. 66 66 00:02:43,906 --> 00:02:46,395 Since we only have three, that will be plenty for us. 67 67 00:02:46,395 --> 00:02:49,693 We'll hit okay, and then hit okay again. 68 68 00:02:49,693 --> 00:02:52,295 Now we need to set up each machine in network to use them. 69 69 00:02:52,295 --> 00:02:56,116 So we'll click on Kali, and then click network 70 70 00:02:56,116 --> 00:02:58,597 go to network, and select from internal network, 71 71 00:02:58,597 --> 00:03:01,564 to Host-only Adapter, and again we use the same one 72 72 00:03:01,564 --> 00:03:04,397 we used before vboxnet0. Hit okay. 73 73 00:03:05,916 --> 00:03:08,237 We'll go to windows, we'll do the same thing, 74 74 00:03:08,237 --> 00:03:11,737 click on network, go to host only adapter, 75 75 00:03:12,747 --> 00:03:15,152 vboxnet0 and hit okay. 76 76 00:03:15,152 --> 00:03:17,753 And then metaspolitable click on network, 77 77 00:03:17,753 --> 00:03:20,920 and go to host-only adapter, vboxnet0. 78 78 00:03:22,276 --> 00:03:23,215 At this point we're gonna start 79 79 00:03:23,215 --> 00:03:25,824 launching our virtual machines, 80 80 00:03:25,824 --> 00:03:28,515 to do that we'll simply left click on the name Kali 81 81 00:03:28,515 --> 00:03:32,094 and then start, we're gonna go back while that's booting up 82 82 00:03:32,094 --> 00:03:36,202 and start up my windows, and I'm going to go back again 83 83 00:03:36,202 --> 00:03:38,535 and start up metasploitable. 84 84 00:03:42,878 --> 00:03:44,624 So now we can cycle through those machines, 85 85 00:03:44,624 --> 00:03:46,493 and see where they are in the boot process. 86 86 00:03:46,493 --> 00:03:48,011 Once they boot up they're gonna be able to 87 87 00:03:48,011 --> 00:03:51,522 pick up their own IP address using that DHCP. 88 88 00:03:51,522 --> 00:03:55,689 So we'll click on Kali, and then we're gonna cycle over 89 89 00:03:57,116 --> 00:04:00,289 to our metasploitable machine, and then we're gonna 90 90 00:04:00,289 --> 00:04:02,932 cycle over to our windows machine. 91 91 00:04:02,932 --> 00:04:04,764 Now, just to verify that they've actually picked up 92 92 00:04:04,764 --> 00:04:08,680 the IP address, lets go head and do an IPconfig on windows. 93 93 00:04:08,680 --> 00:04:12,099 Open up the command prompt, and do Ipconfig. 94 94 00:04:12,099 --> 00:04:14,012 And you can see that it got the first IP address, 95 95 00:04:14,012 --> 00:04:18,179 192.168.56.100, at this point we can cycle over to 96 96 00:04:20,407 --> 00:04:22,488 our metasplotable machine. 97 97 00:04:22,488 --> 00:04:25,090 We're gonna log in again with, msfadmin, 98 98 00:04:25,090 --> 00:04:27,496 msfadmin for the password 99 99 00:04:27,496 --> 00:04:30,182 and we can do ifconfig since this is linux. 100 100 00:04:30,182 --> 00:04:33,515 And you can verify here, 192.168.56.101, 101 101 00:04:34,372 --> 00:04:35,554 now in the real world, 102 102 00:04:35,554 --> 00:04:37,671 your machines are already gonna be online. 103 103 00:04:37,671 --> 00:04:39,217 This is just because of our simulation 104 104 00:04:39,217 --> 00:04:40,599 that we have access to them. 105 105 00:04:40,599 --> 00:04:42,224 We just want to know what we're looking at. 106 106 00:04:42,224 --> 00:04:45,557 We're gonna go back to our Kali machine, 107 107 00:04:47,728 --> 00:04:49,236 and this is where we're gonna do all of our work 108 108 00:04:49,236 --> 00:04:50,457 for the rest of this lesson.