1

00:00:00,240 --> 00:00:08,880

All right, folks, so the wait is finally over, we are ready to scan our first host, our first machine.



2

00:00:10,110 --> 00:00:14,040

The scan is about a complete horse scan.



3

00:00:14,850 --> 00:00:16,270

What is our target for this?



4

00:00:16,710 --> 00:00:23,190

We are going to make our US profitable spy machine as our target host.



5

00:00:23,670 --> 00:00:30,600

The reason we are actually going to get a lot, just like with Nesson next Nessus, we are expected



6

00:00:30,600 --> 00:00:32,520

to see a lot of vulnerabilities.



7

00:00:32,880 --> 00:00:40,100

And that that also gives us a better understanding about, you know, what you can really see when a



8

00:00:40,110 --> 00:00:44,420

one, a vulnerable system comes across your scanning.



9

00:00:44,880 --> 00:00:45,220

All right.



10

00:00:45,270 --> 00:00:50,310

So without taking much time, let's go to your DBM.



11

00:00:51,240 --> 00:00:51,650

All right.



12

00:00:51,840 --> 00:00:55,330

It's all start with configuring douget.



13

00:00:55,380 --> 00:00:58,280

OK, so let's go to the douget.



14

00:00:59,130 --> 00:00:59,550

All right.



15

00:01:00,090 --> 00:01:03,750

And over here, the first step is to create the.



16

00:01:05,220 --> 00:01:05,660

Machine.



17

00:01:05,800 --> 00:01:06,170

OK.



18

00:01:07,460 --> 00:01:13,430

So let me put a name made exploitable.



19

00:01:14,430 --> 00:01:20,310

All right, what's the IP address, the IP address, if I remember correctly, the standard.



20

00:01:21,360 --> 00:01:22,130

Zetterlund.



21

00:01:23,640 --> 00:01:25,320

One point one forty one.



22

00:01:26,210 --> 00:01:34,590

OK, if you have a list of holes that you want to target, you can even browse it, or probably you



23

00:01:34,590 --> 00:01:36,560

can have a network as well.



24

00:01:36,920 --> 00:01:39,030

You can define the entire subnet as well.



25

00:01:39,810 --> 00:01:44,110

You can even exclude it if you have multiple targets.



26

00:01:44,110 --> 00:01:51,900

So you can have a feudalist next comes in the portals and there are sixty five thousand ports available.



27

00:01:52,750 --> 00:02:01,590

You can allow us to scan for all those ports, but including all of them might take a whole lot of time.



28

00:02:01,950 --> 00:02:06,440

But leaving one anyone can lead to a problem as well.



29

00:02:06,450 --> 00:02:06,750

Right?



30

00:02:06,990 --> 00:02:13,960

So that's why the best practices to or I would say the best solution is to go with the open mass default.



31

00:02:14,520 --> 00:02:16,260

This is basically a best practice.



32

00:02:16,310 --> 00:02:20,640

The most popular ports are already being included.



33

00:02:21,450 --> 00:02:24,360

Now, there is another option called like this.



34

00:02:24,780 --> 00:02:31,260

This is nothing but an option where you can customize what kind of a scan of what kind of a probe you



35

00:02:31,260 --> 00:02:34,530

want your open sky open mass to send.



36

00:02:35,370 --> 00:02:38,950

Usually by default, it can make use of ICMP go.



37

00:02:39,300 --> 00:02:46,910

But if the target hose doesn't really allow the ICMP to respond, you can even make use of DCPI Echo



38

00:02:46,920 --> 00:02:47,430

as well.



39

00:02:47,580 --> 00:02:49,650

OK, so there are variety of options.



40

00:02:49,650 --> 00:02:51,270

You can probably make use of those.



41

00:02:51,570 --> 00:02:59,040

When we start learning about the and map we get to know about, there are DCP and BCB, you know, DCB



42

00:02:59,430 --> 00:03:06,810

scan and multiple other stuff where we form either half open session or complete three way handshake.



43

00:03:07,110 --> 00:03:09,860

And of course the DCP goes to put those.



44

00:03:09,860 --> 00:03:10,970

This will keep it defined.



45

00:03:11,740 --> 00:03:17,390

Now the next Gamson, the credential for authenticated check.



46

00:03:17,700 --> 00:03:19,310

This is very, very important.



47

00:03:19,320 --> 00:03:25,310

If you make use of it, then only you will get to know the entire inside of the target host.



48

00:03:25,920 --> 00:03:33,210

OK, you once you drag and drop, you can, you know, get to know about the list of credentials that



49

00:03:33,210 --> 00:03:34,080

you have stored.



50

00:03:34,470 --> 00:03:41,550

You can possibly I already have a list of know credential available.



51

00:03:41,550 --> 00:03:45,240

You can create your own username password the way you want it.



52

00:03:45,240 --> 00:03:51,180

You can go to the configuration, Dowbiggin, and under that you will select the option of credentials



53

00:03:51,180 --> 00:03:59,700

and you can make a file of your all credentials or you get even created out of cohered so that if I



54

00:03:59,700 --> 00:04:02,430

don't have any, the first thing I can just click on it.



55

00:04:03,200 --> 00:04:07,230

I can just like a machine.



56

00:04:08,650 --> 00:04:15,460

Let's say I take machine and they use a password, the default password admin.



57

00:04:19,100 --> 00:04:19,580

Wonderful.



58

00:04:19,610 --> 00:04:26,320

So we have selected the credentials as well, we can simply save it one if we can see that.



59

00:04:26,630 --> 00:04:29,120

Now let's go to this can create task.



60

00:04:30,430 --> 00:04:34,240

Click on the new task over here on the dot and.



61

00:04:35,870 --> 00:04:40,010

Let's give a name and scan maybe.



62

00:04:41,480 --> 00:04:47,780

OK, now let's select your target, you can select the most profitable as your target, which you just



63

00:04:47,780 --> 00:04:48,230

created.



64

00:04:49,280 --> 00:04:56,690

You can skip the alerts, should you, if you want, it will cover the cover that in, you know, special



65

00:04:56,690 --> 00:04:58,940

lecture altogether, then.



66

00:05:00,350 --> 00:05:03,150

You get an option of defining your scanner.



67

00:05:04,560 --> 00:05:12,610

Let's keep it default as it is our community lights, we can then come to the scan config.



68

00:05:12,630 --> 00:05:14,310

Now, this is very interesting point.



69

00:05:14,670 --> 00:05:17,530

Scan configures nothing but your scan profile.



70

00:05:18,510 --> 00:05:26,660

We have seen a whole lot of, you know, and which are over network availability test for every menders



71

00:05:26,970 --> 00:05:34,260

like there are more than thousands and thousands of plug ins are I would say the NYPD is getting installed



72

00:05:34,290 --> 00:05:36,300

on open mass similar to the Nessa's.



73

00:05:36,300 --> 00:05:41,890

Nessa's plugin is equivalent to the NYPD of Greenlawn security or open mass.



74

00:05:42,420 --> 00:05:50,040

So what happens is every scan config, every scan config consists of a list of entities.



75

00:05:50,090 --> 00:05:57,630

OK, so just to you know, there are multiple options available like Discovery based Hoh's discovery.



76

00:05:57,630 --> 00:06:01,380

But that's just to you don't know about the host and all this stuff.



77

00:06:01,380 --> 00:06:01,750

Right.



78

00:06:02,010 --> 00:06:02,760

Very basic.



79

00:06:03,510 --> 00:06:11,400

To get more clarity on what all vulnerabilities we have, just like what we do in the real world, really



80

00:06:11,400 --> 00:06:15,770

scanning for and is pretty good.



81

00:06:15,780 --> 00:06:16,650

It's good.



82

00:06:16,710 --> 00:06:19,920

Give it perform the complete scanning at the same time.



83

00:06:20,220 --> 00:06:26,970

It's quick as well if you really want to go very deep inside and cover all the unknowns and possible



84

00:06:26,970 --> 00:06:33,870

unknowns as well, you can go for very deep, ultimate and very deep ASBA for for now we can just select



85

00:06:33,870 --> 00:06:34,920

people full and fast.



86

00:06:35,110 --> 00:06:40,110

This is to keep in mind that we need these scanning to be done a couple of minutes.



87

00:06:40,140 --> 00:06:40,470

All right.



88

00:06:41,400 --> 00:06:42,510

So let's save it.



89

00:06:42,900 --> 00:06:49,200

Once this has been saved, you can see this scan available for you and you can just click on start.



90

00:06:49,500 --> 00:06:49,880

All right.



91

00:06:50,250 --> 00:06:52,020

So let's get started.



92

00:06:52,020 --> 00:06:54,360

And the first phase is the requestor.



93

00:06:54,720 --> 00:06:58,200

Then your START scan will start working.



94

00:06:58,620 --> 00:07:06,420

It might take a couple of minutes to complete the scan and you would see the status on the dashboard



95

00:07:06,420 --> 00:07:09,090

itself about number of tasks we have.



96

00:07:09,180 --> 00:07:12,580

Let's say you have created multiple scans and what are the results?



97

00:07:12,620 --> 00:07:19,770

Do we have, you know, tasked with the most high results for our host and all the star status of your



98

00:07:19,770 --> 00:07:20,470

task as well.



99

00:07:21,000 --> 00:07:24,500

So it's going to take a couple of minutes.



100

00:07:24,840 --> 00:07:27,620

So what we can do is we can post the video for now.



101

00:07:27,630 --> 00:07:28,980

And but it's getting a little bit.



102

00:07:29,970 --> 00:07:36,290

So to be very honest, I mean, it took it took more time than expected.



103

00:07:36,870 --> 00:07:42,810

And the reason is there are really, you know, because it is already infected machine.



104

00:07:43,230 --> 00:07:47,330

So you can definitely expect a whole lot of vulnerabilities into the system.



105

00:07:47,700 --> 00:07:57,030

So you see there are you know, we have found the scanner has found around 163.



106

00:07:57,030 --> 00:07:58,520

One is OK.



107

00:07:58,800 --> 00:08:05,160

And because the numbers are large, you see it's still loading up OK.



108

00:08:05,730 --> 00:08:13,790

And once that is there, once we get to know all the vulnerabilities, we get the details about it,



109

00:08:14,100 --> 00:08:20,570

you know, when we get to see all the details and then to look like most of them are of high risk again.



110

00:08:21,090 --> 00:08:23,370

So let's see if we open any one of them.



111

00:08:23,820 --> 00:08:25,800

Let's say this one lets a second one.



112

00:08:26,160 --> 00:08:35,190

This is Jianyu Bash Bash stacked redirects, also known as redirected back MEMRI corruption vulnerabilities.



113

00:08:35,400 --> 00:08:36,810

OK, let's see if I go there.



114

00:08:37,380 --> 00:08:39,370

It's give me the summary of it.



115

00:08:41,060 --> 00:08:49,240

Product detection results in site detection method affect affected, softer impact solution as well,



116

00:08:49,490 --> 00:08:57,430

and therefore references the reference goes to the CBD just exactly the way we have analyzed, you know,



117

00:08:57,470 --> 00:08:58,400

the nexus as well.



118

00:08:58,520 --> 00:09:00,710

OK, so this is really wonderful.



119

00:09:01,040 --> 00:09:07,170

What do you again, do you know, once you have the all these scan report, you can even, you know,



120

00:09:07,220 --> 00:09:09,500

download the report, you can download it this way.



121

00:09:09,860 --> 00:09:14,810

You can get the do the equipment file and then download it all.



122

00:09:14,810 --> 00:09:19,670

You can even make a PDF file and then download it as well.



123

00:09:20,630 --> 00:09:28,030

So once this is done, you can download the entire report on your system and then you can share it with



124

00:09:28,040 --> 00:09:29,810

the content in the way you want it.



125

00:09:32,810 --> 00:09:34,430

Let's skip it for a while.



126

00:09:36,080 --> 00:09:42,710

Let's go to the other barometers of what is the hottest detail, what are the ports that has been scanned?



127

00:09:43,100 --> 00:09:48,470

So if you remember, we have selected the open very default ports.



128

00:09:48,620 --> 00:09:53,180

These are the most popular ports on which this scanning need to be done.



129

00:09:54,800 --> 00:10:01,340

And in fact, if you remember, we can also make our customizable list, then we can call it under the



130

00:10:01,340 --> 00:10:04,100

desk as a number of applications.



131

00:10:04,130 --> 00:10:11,120

These are the applications which are already prison on the metal exploitable host and you see it actually



132

00:10:11,120 --> 00:10:11,830

scanned.



133

00:10:12,050 --> 00:10:18,630

OK, so this is actually scanning for asking to save the file that we performed earlier.



134

00:10:19,220 --> 00:10:25,840

So this is actually this has actually scanned for all the, you know, application into the metal exploitable.



135

00:10:25,850 --> 00:10:39,090

My school post, great school, Sambor BHB, Zip, Firefox, everything, Kerberos, everything again.



136

00:10:39,110 --> 00:10:48,230

And you can even get to know about the CB information, what other the has been triggered and all this



137

00:10:48,230 --> 00:10:48,650

stuff.



138

00:10:49,060 --> 00:10:50,040

All the good stuff.



139

00:10:50,060 --> 00:10:59,540

OK, so this is all about the you know this does and this gives all the information about, you know,



140

00:10:59,810 --> 00:11:04,130

the report of activity and it is highly customizable as well.



141

00:11:04,550 --> 00:11:08,240

So this is all about scanning, scanning the complete host.



142

00:11:09,260 --> 00:11:12,690

In our case, we have we have selected the metastable.



143

00:11:13,100 --> 00:11:14,630

You can go for any one of them.



144

00:11:14,930 --> 00:11:19,790

And the next lecture will scan will be scanning the, you know, of windows.



145

00:11:20,370 --> 00:11:22,220

So is the Web application.



146

00:11:22,220 --> 00:11:26,150

So everyone will get to see what are the vulnerabilities we come across.