1 00:00:00,450 --> 00:00:01,517 -: In this small section, 2 00:00:01,517 --> 00:00:05,970 we are going to cover how we can use Nmap in our advantage 3 00:00:05,970 --> 00:00:09,030 to be able to bypass some of the security measures 4 00:00:09,030 --> 00:00:13,800 that the target might have, such as firewalls and IDS. 5 00:00:13,800 --> 00:00:15,990 These options that we will use in Nmap 6 00:00:15,990 --> 00:00:17,310 can be considered advanced, 7 00:00:17,310 --> 00:00:20,160 so don't worry if you don't fully understand everything 8 00:00:20,160 --> 00:00:22,920 that we talked about in the next few videos. 9 00:00:22,920 --> 00:00:25,140 Just make sure that in case there is something that you 10 00:00:25,140 --> 00:00:28,020 didn't understand, re-watch the video a few times 11 00:00:28,020 --> 00:00:29,880 and you will get it. 12 00:00:29,880 --> 00:00:34,880 But wait Alexa, I don't even know what firewall or IDS is. 13 00:00:35,400 --> 00:00:36,903 So what are they? 14 00:00:37,830 --> 00:00:41,250 Well, firewall is a network security system 15 00:00:41,250 --> 00:00:44,760 that monitors network traffic, and it is based on 16 00:00:44,760 --> 00:00:47,103 the security rules that are predetermined. 17 00:00:48,240 --> 00:00:50,160 There are two types of firewalls: 18 00:00:50,160 --> 00:00:53,253 Network firewalls and host-based firewalls. 19 00:00:54,120 --> 00:00:56,280 Network firewalls filter traffic 20 00:00:56,280 --> 00:00:58,710 between two or more networks, 21 00:00:58,710 --> 00:01:01,830 while host-based firewalls only filter traffic 22 00:01:01,830 --> 00:01:06,030 that is going in or out from that specific machine. 23 00:01:06,030 --> 00:01:11,030 And what IDS is, is intrusion detection system. 24 00:01:12,300 --> 00:01:14,190 It is usually a software application 25 00:01:14,190 --> 00:01:17,820 that monitors network for any malicious activity. 26 00:01:17,820 --> 00:01:20,100 For example, some of the Nmap scans 27 00:01:20,100 --> 00:01:22,620 that we did in the previous section 28 00:01:22,620 --> 00:01:26,310 can get caught by intrusion detection system. 29 00:01:26,310 --> 00:01:27,930 So in this section, 30 00:01:27,930 --> 00:01:29,790 we will check out a few options 31 00:01:29,790 --> 00:01:32,190 that could help us bypass that. 32 00:01:32,190 --> 00:01:35,520 All in all, firewall and IDS helps us 33 00:01:35,520 --> 00:01:38,460 secure our network or machine. 34 00:01:38,460 --> 00:01:39,780 In the previous section, 35 00:01:39,780 --> 00:01:42,210 where we covered Nmap basics, 36 00:01:42,210 --> 00:01:44,460 we used our Kali Linux machine 37 00:01:44,460 --> 00:01:47,670 and we scanned our metasploitable target. 38 00:01:47,670 --> 00:01:49,530 We scanned different ports, 39 00:01:49,530 --> 00:01:51,600 and with the scans that we did, 40 00:01:51,600 --> 00:01:54,210 we managed to figure out what ports are open 41 00:01:54,210 --> 00:01:56,520 and what ports are closed. 42 00:01:56,520 --> 00:01:59,340 But some of our targets might host services 43 00:01:59,340 --> 00:02:02,460 on ports hiding behind the firewall, 44 00:02:02,460 --> 00:02:04,230 and once we scan them 45 00:02:04,230 --> 00:02:07,140 it will tell us those ports are filtered, 46 00:02:07,140 --> 00:02:10,018 which we know that it means Nmap can't figure out 47 00:02:10,018 --> 00:02:13,320 whether that port is open or closed. 48 00:02:13,320 --> 00:02:17,640 What this means is that we're sending packets to the target, 49 00:02:17,640 --> 00:02:21,360 but their firewall keeps dropping those packets. 50 00:02:21,360 --> 00:02:22,710 And in this section, 51 00:02:22,710 --> 00:02:26,070 we're going to see what Nmap options can help us 52 00:02:26,070 --> 00:02:27,630 in bypassing this. 53 00:02:27,630 --> 00:02:29,253 Let's get straight into it.