1
00:00:00,830 --> 00:00:04,860
We mentioned fragmented packets and creating decoys in the previous video.

2
00:00:05,210 --> 00:00:08,150
Right now we're going to mention a few more options.

3
00:00:08,150 --> 00:00:12,570
And even though they are not that important, it is good to know they exist.

4
00:00:12,680 --> 00:00:14,670
So let's go through them real fast.

5
00:00:15,110 --> 00:00:18,770
I will not be running these options, but you can test them out if you want.

6
00:00:18,890 --> 00:00:22,180
I will just mention them so you know what else you can use.

7
00:00:22,970 --> 00:00:25,450
The first thing we got is option Eshe.

8
00:00:25,520 --> 00:00:25,940
S.

9
00:00:26,920 --> 00:00:35,280
And you run it like this pseudo Anne-Mette Dash s and this option is used to spoof your IP address,

10
00:00:35,620 --> 00:00:39,100
it will make your target think that someone else is scanning them.

11
00:00:39,640 --> 00:00:45,130
The problem with this is that you will not get results of a scan back since they will be sent to the

12
00:00:45,130 --> 00:00:47,350
IP address that you're trying to impersonate.

13
00:00:47,920 --> 00:00:55,810
So, for example, you can be trying to impersonate eight, eight eight and your target will be scanned

14
00:00:55,840 --> 00:01:01,450
with this IP address, or at least it will seem that the scan is coming from this IP address.

15
00:01:01,720 --> 00:01:03,000
For this option to work.

16
00:01:03,310 --> 00:01:05,700
You must also specify Deshpande.

17
00:01:06,250 --> 00:01:12,520
And the reason why you might specify Deshpande is first of all, the is used to assume that all hosts

18
00:01:12,520 --> 00:01:13,330
are online.

19
00:01:13,840 --> 00:01:20,380
She doesn't perform the ping scan to discover whether a host is up and running without the dashboard.

20
00:01:20,440 --> 00:01:26,800
This option would not work, and the reason is because your target will be scanned with this IP address.

21
00:01:27,790 --> 00:01:33,440
And we will not be able to get the packets back and see whether the target is on or off.

22
00:01:33,850 --> 00:01:40,410
That's why we will just assume that the target is online so we can scan them with a different IP address.

23
00:01:40,750 --> 00:01:44,560
Otherwise, we will never get the result, whether they are online.

24
00:01:44,980 --> 00:01:52,940
And sometimes with these two options, you must also run that she is used to specify a network interface.

25
00:01:53,500 --> 00:01:59,380
So you would simply just type I have config check out what network interface you are using and you would

26
00:01:59,380 --> 00:02:00,940
specify it right here.

27
00:02:01,210 --> 00:02:03,780
In my case, that would be ETJ zero.

28
00:02:04,180 --> 00:02:12,280
Another cool option besides this that my is you can specify the source port with dash g option.

29
00:02:13,190 --> 00:02:19,130
This can sometimes help bypass the firewall, for example, a network administrator may set up a firewall

30
00:02:19,280 --> 00:02:23,010
and set the rule where all the traffic from a certain port is allowed.

31
00:02:23,450 --> 00:02:29,060
And with that, he's probably thinking that attackers won't be able to figure out from which port exactly.

32
00:02:29,870 --> 00:02:37,400
And if you perform a scan and send packets from the port that's allowed in the firewall rule, you successfully

33
00:02:37,400 --> 00:02:38,600
bypassed firewall.

34
00:02:38,960 --> 00:02:40,610
So it specified for Dashty.

35
00:02:40,790 --> 00:02:42,980
And then random phone number.

36
00:02:43,400 --> 00:02:49,550
And one less thing that we will mention that could help you in bypassing firewall is changing different

37
00:02:49,550 --> 00:02:50,420
skin types.

38
00:02:50,960 --> 00:02:56,470
We already covered some skin types and any of them could be useful to you sometimes.

39
00:02:56,900 --> 00:03:06,680
For example, in case you perform a scan on a target machine and in case the skin is blocked by the

40
00:03:06,680 --> 00:03:13,070
target's fireball, which would mean that they drop all scene requests that try to initiate this connection.

41
00:03:13,250 --> 00:03:19,510
We could try to perform our thin skin and thin skin is labeled like this, that S.F..

42
00:03:19,970 --> 00:03:24,100
Now, you're probably confused because there are a lot of scans that we can do.

43
00:03:24,320 --> 00:03:29,770
And in case you don't have any networking background, you're probably wondering what scan even means.

44
00:03:30,140 --> 00:03:34,310
Well, thin scan is just sending a fin packet without any other flags.

45
00:03:34,430 --> 00:03:40,400
And this flags and flags can be confusing sometimes, but with practice you will catch everything up.

46
00:03:40,730 --> 00:03:46,310
Just one advice I have is that every time you don't fully understand something, just Google it.

47
00:03:46,610 --> 00:03:48,110
That is how I learned as well.

48
00:03:48,620 --> 00:03:54,590
And all of these options that we covered can be combined with something called timing template.

49
00:03:55,250 --> 00:04:02,060
And to show you what timing template really is, I opened up my and my manual right here and I scrolled

50
00:04:02,060 --> 00:04:06,530
to this option right here, which says Dashty timing template.

51
00:04:06,920 --> 00:04:11,070
And if you also open up and map manual, this will be all the way down.

52
00:04:11,210 --> 00:04:15,950
So there are about one or two minutes of scrolling until you reach this option.

53
00:04:16,280 --> 00:04:23,240
Here in the manual, we can see the Dashty comes with six different options or six different modes.

54
00:04:23,900 --> 00:04:31,760
And what's interesting for us regarding security vision are the first towboats which are zero and one

55
00:04:32,180 --> 00:04:35,480
also called paranoid and sneaky.

56
00:04:35,990 --> 00:04:40,270
These two are used for ideas, evasion, as it says right here.

57
00:04:41,030 --> 00:04:48,050
Now, the problem with T zero and T one or the first two options is since they are trying to avoid IDRs

58
00:04:48,050 --> 00:04:50,990
alerts, they will take a lot longer to finish.

59
00:04:51,350 --> 00:04:57,380
So once you're scanning more machines or more networks, this might not be the most reasonable approach

60
00:04:57,380 --> 00:05:04,550
to take, since this scan will take a lot of time with specifying dash zero or dash one.

61
00:05:05,090 --> 00:05:10,310
And all of this, including the options that we covered in the last video, will help you in security,

62
00:05:10,310 --> 00:05:11,660
evasion and spoofing.

63
00:05:11,930 --> 00:05:17,780
What I would advise you to do is also read about other options as well that we didn't cover just to

64
00:05:17,780 --> 00:05:20,670
see what else can you do in the next video?

65
00:05:20,870 --> 00:05:22,250
Big things are happening.

66
00:05:22,700 --> 00:05:26,470
We're going to create our first tool used for penetration testing.

67
00:05:26,480 --> 00:05:27,110
Let's do it.