1 00:00:00,180 --> 00:00:06,990 All right, everyone, thank you so much for joining me for the next lecture, and the session will 2 00:00:06,990 --> 00:00:08,940 be talking about watching that action. 3 00:00:09,180 --> 00:00:10,860 Now, what is watching detection? 4 00:00:10,890 --> 00:00:12,750 This is very, very interesting. 5 00:00:13,020 --> 00:00:20,640 And this is very, very useful for penetration testing as well, because you know the application. 6 00:00:20,910 --> 00:00:30,800 But if you even know the version of, let's say, deep version, Diesel's version or maybe any database 7 00:00:30,990 --> 00:00:39,480 version, that's well, it gives you a very clear indication which volubility the software will be impacted. 8 00:00:39,490 --> 00:00:47,940 But what I mean I mean that they're the one abilities that has been reported by the vendors like, you 9 00:00:47,940 --> 00:00:56,640 know, Cisco, Juniper, Sequoia, my Oracle, Adobe, any any all the all these players. 10 00:00:56,790 --> 00:01:00,750 These are specific for a specific version of a software. 11 00:01:00,990 --> 00:01:08,430 Right after identifying those vulnerabilities, once it has been reported, they deliver, they share 12 00:01:08,430 --> 00:01:11,310 some hotfix and we get a new release. 13 00:01:11,310 --> 00:01:13,230 We update our system and we are good. 14 00:01:13,410 --> 00:01:22,260 You know, everything is good now, but there are some of the system which don't get updated very often. 15 00:01:22,690 --> 00:01:25,020 What are those enterprises? 16 00:01:25,860 --> 00:01:34,950 They they tend to not upgrade the system very often, although we have Patch Tuesday and on the on the 17 00:01:34,950 --> 00:01:35,760 other events. 18 00:01:35,760 --> 00:01:43,170 But still there, they can't really do that because of difficulty in getting down, dying from multiple 19 00:01:43,170 --> 00:01:44,090 stakeholders. 20 00:01:44,670 --> 00:01:52,590 So we, you know, be still while doing the penetration testing, official penetration testing we might 21 00:01:52,590 --> 00:01:55,080 find might find a system. 22 00:01:55,080 --> 00:02:00,090 But the, you know, Washington software, what is your number which might be impacted, which might 23 00:02:00,090 --> 00:02:04,860 be vulnerable for some of the, you know, attacks or something. 24 00:02:05,850 --> 00:02:11,970 But if we with the the scanning that we have done so far with the port scanning and everything, we 25 00:02:11,970 --> 00:02:14,360 just get to know what service are we running. 26 00:02:15,000 --> 00:02:16,200 But here's the good news. 27 00:02:16,200 --> 00:02:17,550 But it wasn't detection. 28 00:02:17,790 --> 00:02:22,270 We also get to know what is the software version is a good. 29 00:02:23,010 --> 00:02:24,510 Let me show you how it works. 30 00:02:25,770 --> 00:02:26,190 All right. 31 00:02:26,190 --> 00:02:31,200 So we just have to go to the and map and will execute the command. 32 00:02:31,620 --> 00:02:34,230 The format of the command is, again, smallest. 33 00:02:34,230 --> 00:02:36,480 That's simply to get it to scan. 34 00:02:36,960 --> 00:02:38,190 What is the type of scan? 35 00:02:38,190 --> 00:02:41,290 It's the version that has to be captured. 36 00:02:41,360 --> 00:02:45,810 And we know once it is done, you specify your target. 37 00:02:46,470 --> 00:02:48,300 So I specify my target. 38 00:02:48,540 --> 00:02:51,510 Standard zero one one forty one. 39 00:02:52,290 --> 00:02:53,130 That's pretty quick. 40 00:02:53,130 --> 00:02:59,280 Let's presenter and we are we are supposed to get the list of all the service. 41 00:02:59,460 --> 00:03:01,080 There's the corresponding version. 42 00:03:01,080 --> 00:03:01,500 Number. 43 00:03:03,000 --> 00:03:05,910 That's great for a while and. 44 00:03:10,120 --> 00:03:11,180 See what happens. 45 00:03:14,250 --> 00:03:14,850 Wonderful. 46 00:03:15,450 --> 00:03:24,300 Now, in the earlier scan in the airport scanning, we were only getting this service, the diversion 47 00:03:24,300 --> 00:03:31,470 detection scan, we also get to know the portion of each of those software to this domain. 48 00:03:31,500 --> 00:03:34,220 We also get to know it's a by nine point four point two. 49 00:03:34,830 --> 00:03:43,410 We also get to nine to Sambor three point four so we can look up for on the Exploit DB or any other 50 00:03:43,410 --> 00:03:51,810 KBE information database to understand if somebody has to understand in this specific version is being 51 00:03:51,810 --> 00:03:52,610 impacted. 52 00:03:53,340 --> 00:03:57,760 But any, you know, attack or something, is this vulnerable? 53 00:03:57,780 --> 00:03:59,730 Do we have any KBE attached to it? 54 00:04:00,120 --> 00:04:05,140 If we have any you know, let's say this is the prophy, OK? 55 00:04:05,550 --> 00:04:15,600 And we can log in to and we can possibly try to get to know if the PostgreSQL eight point 3.0 is having 56 00:04:15,600 --> 00:04:16,770 some more liberties. 57 00:04:16,820 --> 00:04:24,360 OK, if it is if it has, then we should get the one vulnerability information and that could be some 58 00:04:24,360 --> 00:04:25,980 exploit available as well. 59 00:04:25,980 --> 00:04:29,820 And this can be used for further penetration testing. 60 00:04:30,330 --> 00:04:32,610 Now, let's get a bit more ahead. 61 00:04:33,090 --> 00:04:41,220 What happened is usually while performing the scanning and while performing this version detection and 62 00:04:41,220 --> 00:04:47,160 map, you make use of some six more than 6000 patterns. 63 00:04:47,610 --> 00:04:54,440 That matches four of for more than 650 protocol like S&P, FTB, WPP and many more. 64 00:04:55,020 --> 00:04:58,950 But there are some ports which know never include. 65 00:04:59,290 --> 00:05:03,720 So in that case, we might miss those certain parameters. 66 00:05:03,960 --> 00:05:05,490 So what are those photos? 67 00:05:05,910 --> 00:05:08,160 Some DCB borders with ninety one hundred. 68 00:05:08,640 --> 00:05:15,980 And it's because that creates some necessary and necessary trouble while accessing through the account. 69 00:05:16,050 --> 00:05:17,760 That takes a lot of time. 70 00:05:17,770 --> 00:05:23,460 But I mean when you don't get sufficient, sufficient information you can make use of it. 71 00:05:23,490 --> 00:05:30,810 So what you should do is you just explicitly to the end map to include all the board, don't exclude 72 00:05:30,810 --> 00:05:33,920 any board while performing the abortion detection. 73 00:05:34,320 --> 00:05:40,470 And once you do that, possibly in our case, it won't give us more different. 74 00:05:40,530 --> 00:05:47,460 But yes, 90 100 is the board, which is but by default, don't include. 75 00:05:47,670 --> 00:05:49,720 So, yeah, but we don't see any. 76 00:05:50,190 --> 00:05:51,180 So we are good with it. 77 00:05:51,300 --> 00:05:52,530 Now there's one more thing. 78 00:05:52,530 --> 00:06:00,270 If you, you know, if you run the unmap and you know you don't get the revision, no information very 79 00:06:00,270 --> 00:06:00,840 easily. 80 00:06:00,840 --> 00:06:03,640 There depends on the complexity of the software as well. 81 00:06:03,660 --> 00:06:08,260 These are some widely adopted open source software and pretty old software as well. 82 00:06:08,280 --> 00:06:10,170 So we are good to see that. 83 00:06:10,530 --> 00:06:12,860 But there are some complex software as well. 84 00:06:12,870 --> 00:06:20,780 I can name some of them, maybe Skype for business application, which and in those cases you it becomes 85 00:06:20,850 --> 00:06:23,910 difficult to identify the watch a number of those software. 86 00:06:24,060 --> 00:06:33,690 OK, so in that case you can make use of motion and density in what is expected. 87 00:06:33,750 --> 00:06:41,940 Basically, it's the level of intensity that your unmap keep sending the props and the higher the number, 88 00:06:42,120 --> 00:06:47,820 higher the intensity of the props by default or the seven if you don't mention it's going to make use 89 00:06:47,820 --> 00:06:48,360 of seven. 90 00:06:48,360 --> 00:06:53,500 But if you mentioned nine, so nine is the highest one zero, it's just starting. 91 00:06:54,060 --> 00:07:00,000 But if you mention nine as the starting green, that it's going to be sending some high intensity probe, 92 00:07:00,300 --> 00:07:02,610 trying to gather more and more information. 93 00:07:02,910 --> 00:07:06,300 And let's say if you specify abortion intensity. 94 00:07:07,740 --> 00:07:17,730 And city as maybe eight, so it will be more intense and as a as a as a downside, it's also take a 95 00:07:17,730 --> 00:07:22,580 whole lot of time and then the normal case by default is seven. 96 00:07:22,740 --> 00:07:27,350 But if we are making use of it, then it's definitely going to take a longer time. 97 00:07:27,360 --> 00:07:33,380 But it all depends on what our vulnerabilities or what our ports that are being open. 98 00:07:33,780 --> 00:07:42,120 OK, so even you can make it quick by making use of words like Blinder's allows to watch an intensity 99 00:07:42,480 --> 00:07:43,390 of two. 100 00:07:43,410 --> 00:07:46,910 So it's pretty light and it's going to be quick as well. 101 00:07:47,010 --> 00:07:49,780 So you should be getting information pretty quick. 102 00:07:50,310 --> 00:07:54,680 That could be a possibility that you might miss some of the information. 103 00:07:54,690 --> 00:07:59,160 But it all depends on what kind of involvement you have to we need. 104 00:07:59,160 --> 00:08:07,230 Do we need are we looking for some old application or complex application or is there a late application? 105 00:08:07,650 --> 00:08:08,380 All the stuff. 106 00:08:08,790 --> 00:08:10,180 So this is all about it. 107 00:08:10,230 --> 00:08:17,160 This is very, very important for when it comes to the penetration testing, this is where the moment 108 00:08:17,160 --> 00:08:22,350 you you know, you get the vulnerabilities, but the help of this, you get ability. 109 00:08:22,360 --> 00:08:29,020 You try to find out the information on sites like Exploit Beebee and Civilities as well. 110 00:08:29,280 --> 00:08:32,690 And then from there, you get to know if there's any exploit available. 111 00:08:32,700 --> 00:08:40,170 And then you can get those exploit and you don't go to your mother's point and then target the machine 112 00:08:40,680 --> 00:08:44,760 keeping by making use of those exploit and you get into it. 113 00:08:45,030 --> 00:08:47,250 And that's how the penetration testing works. 114 00:08:47,550 --> 00:08:53,670 And that's why the motion detection detection plays are very, very, very important role into it. 115 00:08:54,150 --> 00:08:54,560 All right. 116 00:08:54,810 --> 00:08:56,210 So I hope you'll like this video. 117 00:08:56,220 --> 00:08:57,300 We'll catch you in the next one.