1
00:00:00,090 --> 00:00:01,740
Hello everybody and welcome back.

2
00:00:01,740 --> 00:00:07,950
And now in this lecture we will cover our second tool for the foot printing which is called Nickel now

3
00:00:08,010 --> 00:00:15,630
nickel can also be used for evil penetration testing which basically scans for the Web site and it prints

4
00:00:15,630 --> 00:00:22,410
out if there is only any possible vulnerability on the Web site or if there is any outdated version.

5
00:00:22,590 --> 00:00:27,460
For example the Apache too could be outdated and the though will show us that.

6
00:00:27,510 --> 00:00:35,850
Now this can be put into the active interaction since we are scanning the Web site and you should not

7
00:00:35,850 --> 00:00:37,650
be doing that on a Web site.

8
00:00:37,650 --> 00:00:39,030
You do not own.

9
00:00:39,030 --> 00:00:40,330
So I'll just.

10
00:00:40,330 --> 00:00:43,860
Can the Web site that they put out on my laptop.

11
00:00:43,860 --> 00:00:45,090
A lot of upside web server.

12
00:00:45,090 --> 00:00:50,060
It is a better web server and it doesn't really have anything on it but it's running currently.

13
00:00:50,080 --> 00:00:56,940
So we should be able to see the IP address and the version of the Apache and also maybe some of the

14
00:00:56,940 --> 00:01:03,920
errors it could possibly have so let me just enlarge this a little bit.

15
00:01:03,920 --> 00:01:08,080
Now in order to run though you basically just type your nickel.

16
00:01:08,420 --> 00:01:11,200
It will show you the usage of the command.

17
00:01:11,210 --> 00:01:17,150
Now these are some of the basic options that you can see right here if we want to we could bring the

18
00:01:17,240 --> 00:01:23,720
Senate version this help as it says right here yeah this will be the extended version of the need to

19
00:01:23,750 --> 00:01:24,740
help.

20
00:01:25,040 --> 00:01:29,870
And we can see there are a bunch of the options right here for this program.

21
00:01:29,900 --> 00:01:36,260
Now we won't be covering all of these since that will take a lot of time but we will cover some basically

22
00:01:36,260 --> 00:01:38,160
the most important one would be the.

23
00:01:38,310 --> 00:01:40,430
Let me just find it DeCosta.

24
00:01:40,490 --> 00:01:41,360
Here it is.

25
00:01:41,420 --> 00:01:42,670
Target host.

26
00:01:42,890 --> 00:01:46,880
So in order for you to scan website you need to provide a target host.

27
00:01:47,630 --> 00:01:53,870
Now that target host can be either a domain name or basically are IP address.

28
00:01:53,870 --> 00:02:00,620
Now in my case I will use my IP address since my laptop is on my local network and its IP addresses

29
00:02:00,680 --> 00:02:02,310
one night to that 168.

30
00:02:02,330 --> 00:02:05,240
That one that 15.

31
00:02:05,390 --> 00:02:11,150
Now if you have any available Web site or any other virtual machine you can test it on that one and

32
00:02:11,150 --> 00:02:18,140
you can check out if your local Web site is memorable or something or possibly could be vulnerable to

33
00:02:18,140 --> 00:02:19,570
something.

34
00:02:19,580 --> 00:02:21,680
Now let me just show you this tape here.

35
00:02:21,680 --> 00:02:22,190
Nicole

36
00:02:25,490 --> 00:02:33,020
and basically will specify first of H for the coast and then 192 that 160 that the 15th.

37
00:02:33,130 --> 00:02:37,100
Now did you print out some of the errors it might find such as.

38
00:02:37,170 --> 00:02:41,540
Here we have the A.P. checking extreme options header is not present.

39
00:02:41,820 --> 00:02:44,580
The exercise protection header is not defined.

40
00:02:44,580 --> 00:02:47,390
Now this could be a problem.

41
00:02:47,460 --> 00:02:55,370
It is opening us to an across site scripting attack but it also could be just a false alarm.

42
00:02:55,380 --> 00:03:02,610
See here we can see these allowed HDP methods on the Apache Web site which is get head post and options

43
00:03:03,330 --> 00:03:11,920
and this will take a few seconds to finish basically if it takes a lot of time we will just close it

44
00:03:12,490 --> 00:03:20,230
so I can show you some of the other options that Nico has.

45
00:03:20,610 --> 00:03:29,010
Here we have log in that BHP admin log in page section found portions of this service headers are not

46
00:03:29,010 --> 00:03:33,800
in the database or our newer than the known string OK.

47
00:03:33,810 --> 00:03:35,730
Would you like to submit this information.

48
00:03:35,730 --> 00:03:38,370
We do not want to submit it now.

49
00:03:38,370 --> 00:03:46,560
Now you might be asking uh what kind of logging page or my posting on my laptop.

50
00:03:46,560 --> 00:03:50,420
Well basically I just have a fake Instagram page right there.

51
00:03:50,550 --> 00:03:51,210
I JUST MADE IT.

52
00:03:51,210 --> 00:03:56,030
SO IF WE TAPE My laptop's IP address we just open this up.

53
00:03:56,250 --> 00:04:01,050
It will lead us to a fake Instagram page.

54
00:04:01,050 --> 00:04:06,670
As you can see right here it is not a real Instagram it's basically just my IP address which I.

55
00:04:06,790 --> 00:04:14,670
Which we will use for some of the attacks later on but for now on well we'll just use the unique though

56
00:04:14,670 --> 00:04:20,370
in order to scan this page and as we can see it has finished it printed out a bunch of the options which

57
00:04:20,370 --> 00:04:22,050
could be useful or not for you.

58
00:04:22,050 --> 00:04:29,190
Depending on the website and depending on the errors but let's check out some of these other examples

59
00:04:29,400 --> 00:04:30,500
of this command.

60
00:04:30,510 --> 00:04:38,250
So you just type your H and you can see the shock command once again we can see our options

61
00:04:41,330 --> 00:04:51,020
decency display format hosts evasion encoding technique for example you can use the evasion.

62
00:04:51,210 --> 00:04:54,710
I believe it is tagged as a minus E in the command.

63
00:04:54,770 --> 00:05:01,980
We can use the minus E and specify any of these numbers if we want to for example pick barometer directory

64
00:05:01,980 --> 00:05:09,190
self reference or any other we can write here we will use number 1 random encoding on UTF 8.

65
00:05:09,260 --> 00:05:16,280
OK so we will basically run the same command for the ad that said before that.

66
00:05:19,510 --> 00:05:22,700
Now I believe that this will print out the same output.

67
00:05:22,710 --> 00:05:27,910
So we are not really interested right now in waiting for this finish.

68
00:05:27,960 --> 00:05:34,820
So one more thing I want to show you is that you can specify a port on which you want to scan.

69
00:05:35,010 --> 00:05:38,430
Now most likely that port will always be port 80.

70
00:05:38,430 --> 00:05:47,720
So it is not really needed but in case you want to for example scan import for 4 3 which is the CPS

71
00:05:47,790 --> 00:05:53,850
usual port you can change that with the minus B option as we can see.

72
00:05:53,850 --> 00:06:01,510
Default is 80 so you will just type here Nico and then the coast which in my case wanted to then about

73
00:06:01,510 --> 00:06:03,160
68 at one 15.

74
00:06:03,420 --> 00:06:10,080
And then you specify a port and type your 80 or 440 or any other port you want but most likely it will

75
00:06:10,080 --> 00:06:11,920
be one of those two.

76
00:06:11,940 --> 00:06:18,570
Now let's say for example we want to scan port 80 since my Apache web server is running on port 80 on

77
00:06:18,570 --> 00:06:23,150
my laptop and we want to save that into a file.

78
00:06:23,160 --> 00:06:30,980
Now how we do that with be minus 0 command but they just check here if it really is minus so I'm not

79
00:06:30,980 --> 00:06:32,450
seeing it right here.

80
00:06:32,450 --> 00:06:35,590
I believe it is yes it is output.

81
00:06:35,630 --> 00:06:39,710
So just type here minus 0 dash 0 and we will name a file.

82
00:06:39,710 --> 00:06:45,240
Basically we can name it anything you want you we will name it right here result.

83
00:06:45,520 --> 00:06:53,610
And you also need to specify the file type which I believe is the capital F which is format save file

84
00:06:53,880 --> 00:06:54,480
format.

85
00:06:54,480 --> 00:07:01,530
OK so format which just type your basic 60 we want to say it into a text file and we can run the same

86
00:07:01,530 --> 00:07:03,120
client once again.

87
00:07:03,120 --> 00:07:08,610
And basically right here once it finishes we will have a file with all this stuff written to it.

88
00:07:09,030 --> 00:07:11,700
So don't have to write it manually.

89
00:07:11,700 --> 00:07:17,830
The output to option can be used if you need to provide to someone scan results.

90
00:07:18,150 --> 00:07:21,860
So you can just put that into any file type.

91
00:07:22,050 --> 00:07:28,090
I just decided it to be too for this example and you can just send the file to someone.

92
00:07:28,270 --> 00:07:35,040
Now let's just wait for this to finish so we can check out our file here to ask us again if we want

93
00:07:35,070 --> 00:07:39,640
to report something to the website that leave.

94
00:07:39,750 --> 00:07:43,530
Let me just read once again not to include that the base on your.

95
00:07:43,530 --> 00:07:48,780
Would you like to submit this information all into one do not want to snipe what I care less I should

96
00:07:48,780 --> 00:07:52,590
have a pretty good file as we can see right here.

97
00:07:52,770 --> 00:07:55,370
Now we now know there is a file on the research.

98
00:07:55,440 --> 00:07:57,750
Let's just get it resolved.

99
00:07:57,780 --> 00:08:02,310
We should see all of our output right there as we can see.

100
00:08:02,310 --> 00:08:03,300
Target hostname.

101
00:08:03,300 --> 00:08:10,810
Target port is right here and there are some of the we'll try truly sure why it didn't put all of them

102
00:08:10,960 --> 00:08:11,500
in here.

103
00:08:11,500 --> 00:08:12,520
Or maybe it did.

104
00:08:12,570 --> 00:08:14,020
I just can't see them.

105
00:08:14,650 --> 00:08:22,070
But that's the example of righty writing and output in a file.

106
00:08:22,170 --> 00:08:31,170
Now if you want to run nickel to produce the latest fire for now if you want to run nickel can see that

107
00:08:31,170 --> 00:08:37,160
there is an option to run it over a proxy as you can see.

108
00:08:37,170 --> 00:08:42,780
Use proxy use the proxy defined in the nick that corner of file.

109
00:08:43,020 --> 00:08:47,790
Now in order for you to do this you need to link in that file and the proxy one.

110
00:08:47,790 --> 00:08:52,500
Basically you have one I will show you how to put it there.

111
00:08:52,530 --> 00:08:59,760
I don't really have one at the moment to cover proxy and VPN later on but for now and let me just locate

112
00:08:59,820 --> 00:09:01,770
a nickel that compile.

113
00:09:01,800 --> 00:09:03,610
We covered this command so you step here.

114
00:09:03,750 --> 00:09:04,230
OK.

115
00:09:04,260 --> 00:09:08,940
And then the name of the file and will show us all of the files that are named like this.

116
00:09:08,940 --> 00:09:11,870
And where are they stored.

117
00:09:11,920 --> 00:09:19,580
Now we are interested in the first one which is which is in deep at sea and the Nano to the decoder

118
00:09:19,610 --> 00:09:20,360
compile.

119
00:09:20,820 --> 00:09:23,150
We can see a bunch of options right here.

120
00:09:23,280 --> 00:09:28,120
Let us navigate and find the proxy option.

121
00:09:29,710 --> 00:09:31,910
Let me just check where it is.

122
00:09:31,910 --> 00:09:32,530
Here we go.

123
00:09:32,530 --> 00:09:35,860
Proxy settings still must be enabled by use proxy.

124
00:09:35,890 --> 00:09:43,300
So basically if you wanted to use proxy in the nickel program you would specify use proxy in the command.

125
00:09:43,300 --> 00:09:48,540
And here you would specify the proxy and the proxy proxy coast and the proxy board.

126
00:09:49,030 --> 00:09:55,090
So if you had a proxy with specified proxy IP address right here which for me is just a local host at

127
00:09:55,090 --> 00:09:57,130
the moment in here you will specify the port.

128
00:09:57,760 --> 00:10:03,900
And also one more thing you will need to do is remove the hash in order for this to be configured.

129
00:10:03,970 --> 00:10:12,010
And after that you would just type control all save enter control X to exit and then you could use your

130
00:10:12,010 --> 00:10:13,670
proxy an anecdote.

131
00:10:14,020 --> 00:10:20,830
But since I don't really need it at the moment I will just put the hash back.

132
00:10:21,820 --> 00:10:23,270
So we don't use it.

133
00:10:23,790 --> 00:10:25,850
And I will say once again.

134
00:10:26,980 --> 00:10:31,030
So basically just remember that the file is located in the seat.

135
00:10:31,030 --> 00:10:33,850
You can also find it we do locate command.

136
00:10:35,020 --> 00:10:38,250
So that will be about it for the nickel program.

137
00:10:38,560 --> 00:10:41,500
If you want to you can check other options as well.

138
00:10:41,500 --> 00:10:49,160
I don't find them useful at the moment but if you want to could check out all the other options and

139
00:10:49,160 --> 00:10:55,270
we will continue in the next lecture we do whois program and I hope I see you there and take care.