1
00:00:02,230 --> 00:00:08,350
In this lecture I will give a brief introduction about in map and how to work with it.

2
00:00:09,010 --> 00:00:16,210
So in map easy free and open source scanner that can be used to discover or map the hosts on surfaces

3
00:00:16,240 --> 00:00:19,810
only computer network to build a map of that network

4
00:00:22,500 --> 00:00:29,580
to map in at work and map since specially crafted brackets to the target host and then analyzes the

5
00:00:29,700 --> 00:00:37,220
responses these responses deduce information about the target including Operating Systems and Software

6
00:00:37,220 --> 00:00:38,070
variance.

7
00:00:38,300 --> 00:00:46,310
Since targets can respond differently depending on their type for example or fingerprinting can be done

8
00:00:46,550 --> 00:00:53,390
by looking at the TCB window size and time to leave in the eye be hit out of the first bracket in a

9
00:00:53,450 --> 00:00:55,400
TCB session.

10
00:00:55,490 --> 00:01:01,790
Some Microsoft Windows operating systems have detail value and deceive you into size of one hundred

11
00:01:02,150 --> 00:01:10,310
and twenty eight and eight thousand one hundred ninety two respectively while just court orders have

12
00:01:10,310 --> 00:01:20,550
Ttl value of two hundred and fifty five and TCB when the size of four thousand one hundred and twenty

13
00:01:20,550 --> 00:01:30,590
eight Linux operating systems have Ttl value of 64 at most of them have TCB window size of five thousand

14
00:01:31,430 --> 00:01:33,460
eight hundred and forty.

15
00:01:33,980 --> 00:01:48,830
And examples of scan types that we can use within map are these we scan using the S as option the agent

16
00:01:48,820 --> 00:01:59,430
scan using the as the option operating system scan using the option target port scan using the P option

17
00:02:01,420 --> 00:02:08,590
and we can use evasion techniques to evade firewalls and intrusion detection systems so we can adjust

18
00:02:08,590 --> 00:02:17,050
timing which controls the balance between the performance and accuracy and there are six timing templates

19
00:02:17,140 --> 00:02:28,870
that can be used to zero or paranoid which is very slow and used for ideas evasion T1 or sneaky which

20
00:02:28,870 --> 00:02:38,250
is quite slow and used also for ideas evasion D2 or polite which slows down to consume less bandwidth

21
00:02:38,910 --> 00:02:48,810
it runs 10 times slower than default T3 or normal which is the default it uses dynamic timing model

22
00:02:49,080 --> 00:02:57,780
based on target responsiveness to 4 or aggressive which assumes a fast and reliable network and may

23
00:02:57,930 --> 00:03:06,700
overwhelm Target's to 5 or insane which is very aggressive and will likely overwhelm targets or miss

24
00:03:06,760 --> 00:03:16,350
open bots and we have you call using EDI option which makes it appear to the remote host that the hosts

25
00:03:16,500 --> 00:03:25,300
you specify as decoys are scanning the target network too so it hides the real attacking IP among other

26
00:03:25,300 --> 00:03:32,960
spoofed once using too many decoys may slow your scan and can make it less accurate.

27
00:03:32,960 --> 00:03:42,800
In addition some ice piece might filter out your spoofed packets but many might not do that at all also

28
00:03:42,800 --> 00:03:48,980
there is fragmentation using the F option to evade intrusion detection systems and bucket filters by

29
00:03:48,980 --> 00:03:55,520
splitting up the TCB head out over several buckets to make it harder for them to detect what you are

30
00:03:55,520 --> 00:03:59,800
doing Idol or zombie scan.

31
00:03:59,800 --> 00:04:08,470
Using the as I option which takes advantage of an ideal system by employing it to scan our target it

32
00:04:08,470 --> 00:04:17,500
monitors the I.V. ideas of the responses and itemize the board status from that I scan is considered

33
00:04:17,560 --> 00:04:27,130
to be the ultimate stealth scan that trick some using the that some option which sends packets with

34
00:04:27,250 --> 00:04:36,030
invalid TCB UDP or a CTV check some to find back its filters and intrusion detection systems if the

35
00:04:36,030 --> 00:04:37,430
target responded.

36
00:04:37,530 --> 00:04:43,590
Then it is likely one of those are likely the case is with hosts that will drop those packets

37
00:04:46,210 --> 00:04:57,610
and we have an E or n map scripting engine which is one of N maps most powerful and flexible features.

38
00:04:57,690 --> 00:05:04,560
It allows users to write and share simple scripts to automate a wide variety of networking tasks with

39
00:05:04,560 --> 00:05:12,340
speed and efficiency it extends in maps functionality in five different ways.

40
00:05:12,560 --> 00:05:20,270
Network discovery more sophisticated version detection vulnerability detection backdoor detection and

41
00:05:20,270 --> 00:05:21,890
vulnerability exploitation

42
00:05:26,030 --> 00:05:33,560
when working with scripts you can execute group of scripts using categories boolean expressions or wildcards

43
00:05:35,570 --> 00:05:39,690
and we have hundreds of scripts included within map.

44
00:05:39,830 --> 00:05:45,570
And here are a few examples at CTV site map generator.

45
00:05:45,800 --> 00:05:55,850
My squirrel Dan patches at CTV is fuel injection and broadcast e.g. Javi discovery so this lecture I

46
00:05:55,850 --> 00:06:01,790
have given you a brief introduction about in map and how to work with it and in the next lecture you

47
00:06:01,790 --> 00:06:03,530
will see that in practice.