1 00:00:00,180 --> 00:00:02,280 Hello everybody and welcome back. 2 00:00:02,280 --> 00:00:08,490 And this tutorial will finally start covering some of the basics of the MFA program. 3 00:00:08,490 --> 00:00:13,990 Now as I said before the end map is a really important tool that you will use all the time. 4 00:00:14,220 --> 00:00:20,790 So it is essential for you to at least talk to some of the basics of the program. 5 00:00:20,850 --> 00:00:26,770 Now before we begin I want to say that and map it is our network mapper. 6 00:00:26,770 --> 00:00:34,560 It is basically a free and open source tool mostly used for vulnerability scanning and discovery. 7 00:00:34,810 --> 00:00:41,080 You can also use the map to identify some of these devices or all of the devices that are running on 8 00:00:41,080 --> 00:00:42,730 your local network. 9 00:00:42,820 --> 00:00:48,880 Also as discovering hosts that are on or off line at the moment and discovering services they offer 10 00:00:48,880 --> 00:00:57,010 on some of the ports that they have opened and also you can go as far as discovering what version of 11 00:00:57,010 --> 00:01:06,020 software are they running on the open ports now and map can be used to scan multiple hosts. 12 00:01:06,060 --> 00:01:08,940 She doesn't have to be only one host that you can. 13 00:01:08,950 --> 00:01:14,250 It's basically working by just sending the raw packets to the system ports. 14 00:01:14,400 --> 00:01:20,290 Now as it does that it basically listens to responses and determines whether the ports are closed or 15 00:01:20,290 --> 00:01:22,420 open or filtered in some way. 16 00:01:22,420 --> 00:01:25,910 For example with the firewall. 17 00:01:25,990 --> 00:01:30,390 Now you can use different types of protocols in map. 18 00:01:30,580 --> 00:01:36,190 You can use DCP UDP ICMP and as CTP. 19 00:01:36,190 --> 00:01:39,310 Now as I said before and map is a network mapper. 20 00:01:39,430 --> 00:01:45,550 It can also be used to be to detect the operating system that is running on and the machine that you're 21 00:01:45,550 --> 00:01:52,600 scanning and also discover the vulnerabilities if there are for that particular version of the software 22 00:01:52,680 --> 00:02:02,280 they're running on an open port now a system your and my PC you can have sixty five thousand five hundred 23 00:02:02,280 --> 00:02:10,830 thirty five disappear UDP ports but net and Matt will by default only scan the most commonly used 1000 24 00:02:10,830 --> 00:02:11,700 ports. 25 00:02:11,700 --> 00:02:13,110 Now you can change that as well. 26 00:02:13,110 --> 00:02:21,140 So you can scan the all the 65000 ports but it will probably take a lot longer than the regular 1000 27 00:02:21,150 --> 00:02:21,570 ports 28 00:02:25,150 --> 00:02:28,260 now before we begin using a map. 29 00:02:28,270 --> 00:02:32,850 I just want to show you first of all how you can run it which is basically just open your terminal in 30 00:02:32,860 --> 00:02:33,610 clinics. 31 00:02:33,640 --> 00:02:38,290 It is already pre installed in it and you can just type here and map. 32 00:02:38,830 --> 00:02:44,980 Now you will see that it will print out a bunch of the options that we will cover. 33 00:02:44,980 --> 00:02:53,140 But before we do that we I just want to give you a more detailed explanation on the IP addresses because 34 00:02:53,140 --> 00:02:57,820 you will be using them extensively in here. 35 00:02:57,820 --> 00:03:04,090 Now with an IP address if you know someone's IP address you can basically do a lot with it. 36 00:03:04,130 --> 00:03:07,490 For example let's open up our Firefox 37 00:03:11,690 --> 00:03:13,370 and let us type right here. 38 00:03:13,510 --> 00:03:21,050 The major IP you will click on the first Web site that this one opens and we basically just copy and 39 00:03:21,100 --> 00:03:29,600 the IP address that we find and we will try to find out the most information we can about that IP so 40 00:03:29,600 --> 00:03:32,600 let me just load up the website. 41 00:03:32,600 --> 00:03:33,350 Here we go. 42 00:03:33,350 --> 00:03:38,540 Now click on the first one which is major IP addresses blocked by country. 43 00:03:38,650 --> 00:03:40,640 Uh dash near soft. 44 00:03:40,730 --> 00:03:42,740 So it is only in your support website. 45 00:03:42,830 --> 00:03:44,840 You here you can basically click any. 46 00:03:44,870 --> 00:03:46,370 Any country want. 47 00:03:46,460 --> 00:03:48,790 Let's go with the Australia 48 00:03:51,460 --> 00:04:00,080 not really a smart choice since it is the most far away country for me but here just pick any IP address 49 00:04:00,080 --> 00:04:00,600 you want. 50 00:04:00,680 --> 00:04:08,200 Let's say let's say I pick this one which is 14 that one to do that one sixty zero. 51 00:04:08,370 --> 00:04:13,310 I copy this IP address and they go to my terminal. 52 00:04:13,310 --> 00:04:15,140 Let me just clear the screen right here 53 00:04:17,910 --> 00:04:19,240 and they use it to code. 54 00:04:19,530 --> 00:04:28,500 And as look up you can see with this tool I will need to specify the IP address I just copied which 55 00:04:28,500 --> 00:04:34,320 is this one and it should return the name of that web server in return. 56 00:04:34,320 --> 00:04:37,820 So if I type here right here it will say server can find. 57 00:04:37,990 --> 00:04:40,520 OK so it cannot find that one. 58 00:04:40,890 --> 00:04:41,620 Not a big deal. 59 00:04:41,620 --> 00:04:48,990 Let us just copy the other one and check that one works instead. 60 00:04:48,990 --> 00:04:53,360 So we just basically other IP address and wont work. 61 00:04:53,440 --> 00:04:57,450 Now let me just show you on the IP address that will work for sure. 62 00:04:57,450 --> 00:05:05,390 So if you type here and look up Google dot com it will return to Google's IP address with this command. 63 00:05:05,490 --> 00:05:11,410 As you can see right here the address of Google will be 172 dot on that. 64 00:05:11,470 --> 00:05:16,100 Two hundred and seventeen that 19 that one hundred and ten. 65 00:05:16,150 --> 00:05:18,080 Now you can do the same in reverse. 66 00:05:18,090 --> 00:05:26,850 So if you type here and look up the lookup and instead of the typing the Google dot com you type here 67 00:05:26,850 --> 00:05:35,820 the IP address of Google dot com you will see in return what is the name of that IP address. 68 00:05:35,850 --> 00:05:42,570 Now this taking some time but I'll just wait a little bit before we close it 69 00:05:45,700 --> 00:05:46,640 this time out. 70 00:05:46,650 --> 00:05:48,660 So let me try it once again. 71 00:05:48,660 --> 00:05:57,640 So this look up and then I pay you the IP address Google it probably time out once again. 72 00:05:57,640 --> 00:06:02,730 So let me just type here and look up and let's try Facebook dot com. 73 00:06:03,160 --> 00:06:10,280 Here we can see that the Facebook IP address is 32 the 13 that 84 the 36. 74 00:06:10,370 --> 00:06:13,180 So let's try in reverse. 75 00:06:13,180 --> 00:06:22,810 So let me just type here and look up and then Facebook is IP address and hopefully it will return the 76 00:06:23,320 --> 00:06:28,470 Facebook dot com in the output. 77 00:06:29,070 --> 00:06:32,140 Now weird because it says no servers could be reached. 78 00:06:32,140 --> 00:06:39,250 Let me just try to ping it maybe but we are on the internet so it should work. 79 00:06:39,250 --> 00:06:42,940 Not really sure why it doesn't work at the moment but it doesn't really matter. 80 00:06:42,940 --> 00:06:53,840 Instead we can try other command which can be also used to get some of the informations from an IP address. 81 00:06:53,860 --> 00:06:57,900 Now that's some that tool that we will use is called Call. 82 00:06:58,160 --> 00:07:04,620 Now for example let me show you if you take your call IP info that you see. 83 00:07:04,650 --> 00:07:04,980 Yes. 84 00:07:05,030 --> 00:07:05,760 Dot I. 85 00:07:05,780 --> 00:07:06,100 Oh. 86 00:07:06,550 --> 00:07:12,370 And then slash it just find the slash where is it. 87 00:07:12,370 --> 00:07:13,450 There it is. 88 00:07:13,450 --> 00:07:19,480 And then you paste it Facebook the IP address right here and you click on it you press Enter basically 89 00:07:19,540 --> 00:07:26,500 it will say that the IP that we type here whose name is Facebook dot com city not specified region region 90 00:07:26,500 --> 00:07:34,030 not specified country is specified and location is also given coordinates organization as it says right 91 00:07:34,030 --> 00:07:35,860 here is Facebook. 92 00:07:36,010 --> 00:07:40,360 So since and lookup didn't work we will use chrome. 93 00:07:40,360 --> 00:07:48,540 So let me just look up the Google's IP address once again so we can see the CO command with Google's 94 00:07:48,640 --> 00:07:57,940 IP address so I can just type your call IP info that type O and then slash and then you type here the 95 00:07:57,970 --> 00:07:59,050 Google's IP address 96 00:08:02,860 --> 00:08:09,090 and as you can see we also get the hostname we also get the organization Google location also given 97 00:08:09,090 --> 00:08:13,530 in the coordinates and the country US. 98 00:08:13,530 --> 00:08:19,840 So let us just not choose any of these IP addresses right here but let's now go with Australia. 99 00:08:19,920 --> 00:08:21,950 Let's go with these Belgium. 100 00:08:22,200 --> 00:08:25,070 And here we just copy any IP address. 101 00:08:25,080 --> 00:08:28,020 Let's copy this one. 102 00:08:28,050 --> 00:08:29,530 Let me try the NSA lookup. 103 00:08:29,550 --> 00:08:31,680 Maybe it will work right now. 104 00:08:31,800 --> 00:08:34,590 Probably not but let's give it one more try. 105 00:08:34,590 --> 00:08:35,430 Server can find. 106 00:08:35,460 --> 00:08:35,810 OK. 107 00:08:35,820 --> 00:08:38,270 Does it matter a little go on with the clock. 108 00:08:38,280 --> 00:08:42,120 So we copy the random IP address that we do not know anything about. 109 00:08:42,210 --> 00:08:49,680 And we just type your IP info that I owe slash and then we paste the IP address that we copied which 110 00:08:49,680 --> 00:08:51,290 should belong to him. 111 00:08:51,540 --> 00:08:58,860 So as we see right here we are giving the IP the city the region the country location also given in 112 00:08:58,860 --> 00:09:06,600 the coordinates postal code organization which we can confirm since it says for this IP address right 113 00:09:06,600 --> 00:09:15,510 here that the Met Max telecom and we get the same result right here no. 114 00:09:15,710 --> 00:09:21,620 You can see that you can find a lot of stuff with simply just looking up the IP address and there is 115 00:09:21,620 --> 00:09:24,610 also one more thing you can do in the search engine. 116 00:09:24,620 --> 00:09:31,250 You can just type your IP locator and we can use the same IP address that we copied from here which 117 00:09:31,250 --> 00:09:31,790 is this one. 118 00:09:31,830 --> 00:09:41,450 80 that 91 that 144 to zero and we will just pick the first site which will hopefully locate our IP 119 00:09:41,450 --> 00:09:41,890 address. 120 00:09:41,930 --> 00:09:45,980 If we type here paste and we go on the IP lookup 121 00:09:48,840 --> 00:09:55,950 we can see right here that we get the location of the IP which is Belgium and it is correct. 122 00:09:55,980 --> 00:10:02,990 We also get the latitude and longitude which we can check if it if it matches this one. 123 00:10:03,030 --> 00:10:06,120 So let's just go down here. 124 00:10:06,180 --> 00:10:07,650 It is the same. 125 00:10:07,650 --> 00:10:10,350 Basically it is the same in every decimal. 126 00:10:10,710 --> 00:10:20,160 So this program is working so let me just see if we can check out on the map where it is located but 127 00:10:20,160 --> 00:10:25,560 we can just simply go on any Google map and just type here this coordinates and we will find out where 128 00:10:25,560 --> 00:10:28,070 this IP address is physically located. 129 00:10:31,220 --> 00:10:38,710 Now now that we saw what we can do with the IP addresses we can open up our map for now on. 130 00:10:39,040 --> 00:10:44,770 So if you just type here and map you will see again bunch of those options but we will start off with 131 00:10:44,770 --> 00:10:46,600 these examples right here. 132 00:10:46,630 --> 00:10:54,140 So as you can see right here they put an example and map minus three minus A's can meet that and map. 133 00:10:54,140 --> 00:10:55,260 Dot org. 134 00:10:55,270 --> 00:11:01,210 Now it is important to mention that and map scanning on the device you don't know you do not own or 135 00:11:01,210 --> 00:11:05,710 do not have permission to scan is illegal in most of the countries I believe. 136 00:11:06,160 --> 00:11:13,120 So you should not be scanning any website or any device that you do not have permission to scan and 137 00:11:13,150 --> 00:11:15,880 it can also be very noisy. 138 00:11:15,880 --> 00:11:17,810 So you can be called by firewall. 139 00:11:18,010 --> 00:11:22,180 So you are not anonymous with this especially not with the basic commands. 140 00:11:22,180 --> 00:11:29,080 Now later on we can cover how to be more quiet while using a map and scanning but you should only be 141 00:11:29,080 --> 00:11:32,310 doing it if you have permission to scan to. 142 00:11:32,350 --> 00:11:40,390 Now if you go on to this Web site you will notice that if we copied that we just opened Firefox once 143 00:11:40,390 --> 00:11:47,740 again and we will page that Web site you will see the day give us the permission to use that Web site 144 00:11:47,860 --> 00:11:49,570 in order to practice with and map. 145 00:11:50,080 --> 00:11:56,320 So let us just wait for this to load up and it should be prompting us with the message that will basically 146 00:11:56,320 --> 00:12:00,500 said go ahead and scan me as you can see right here. 147 00:12:00,520 --> 00:12:06,670 So here it says Hello and welcome to scan me and that org we set up this machine to help folks learn 148 00:12:06,730 --> 00:12:12,130 about and map and also to test and make sure that their n map installation is working properly you are 149 00:12:12,130 --> 00:12:16,270 authorized to scan this machine with any map or other port scanners. 150 00:12:16,270 --> 00:12:18,250 Try not to hammer on the servers too hard. 151 00:12:18,250 --> 00:12:24,160 Few scans in a day is fine but don't scan 100 times a day or use this site to test your asset a brute 152 00:12:24,160 --> 00:12:26,020 force password cracking tool. 153 00:12:26,110 --> 00:12:28,700 So we basically have permission to scan this. 154 00:12:28,720 --> 00:12:30,780 Now don't talk or scan it as it says right here. 155 00:12:30,790 --> 00:12:32,980 Don't scan it over 100 times a day. 156 00:12:32,980 --> 00:12:35,850 Basically you can send a few times a day. 157 00:12:35,920 --> 00:12:44,090 So we will just step here and map minus the minus K scan me and map. 158 00:12:44,180 --> 00:12:53,460 Talk but before we run this comment I just want to check out or to show you what does minus fee and 159 00:12:53,460 --> 00:13:01,650 minus a do now minus a as we can see right here enable always detection vision detection script scanning 160 00:13:02,070 --> 00:13:09,570 and trace wrote while minus B measure if it is even listed here possibly and possibly not 161 00:13:15,000 --> 00:13:21,400 here it is increased verbosity level basically means to print out what it is doing in the process of 162 00:13:21,400 --> 00:13:21,880 scanning. 163 00:13:22,630 --> 00:13:29,760 So if you type here minus VB It will print out even more information in the process of scanning. 164 00:13:29,770 --> 00:13:36,990 Now we won't be using any of these options at the moment we will just type here and maps can meet that 165 00:13:37,030 --> 00:13:45,510 and map the pork and this can take time and it can can take time from few seconds to multiple hours 166 00:13:45,720 --> 00:13:51,560 depending of multiple things such as to the speed of your connection and also the location of the target 167 00:13:51,560 --> 00:13:54,890 that you're scanning and also the number of targets that you're scanning. 168 00:13:54,900 --> 00:14:00,510 As we said before you can scan multiple targets with a map and that will take longer than scanning just 169 00:14:00,510 --> 00:14:04,070 one target if you just press the arrow upwards. 170 00:14:04,080 --> 00:14:08,580 Right here we can see how many what percentage of scan is finished. 171 00:14:08,600 --> 00:14:12,940 So we can see that seven point four percent is done. 172 00:14:13,200 --> 00:14:16,720 And here it will give us an information that one hosted. 173 00:14:17,310 --> 00:14:23,430 So for example if you were to scan a hundred hosts and here it says twenty two hosts up it means that 174 00:14:23,430 --> 00:14:30,370 the map retrieved twenty two hosts to be online or up and working. 175 00:14:30,960 --> 00:14:36,590 Now as you can see the end maps can result it's finished and here we see a bunch of boards. 176 00:14:36,720 --> 00:14:39,230 Some of them are filtered and some of them are open. 177 00:14:39,270 --> 00:14:45,930 As we said the filtered ones could be protected in some of the way such as with a firewall while the 178 00:14:45,930 --> 00:14:53,540 open ones are basically just open such as HDP as we saw basically when we visited this website. 179 00:14:53,580 --> 00:14:56,960 We basically use the ETP port which is open. 180 00:14:57,090 --> 00:15:03,200 So we were able to connect to this website and there are other ports that are also open such as as a 181 00:15:03,200 --> 00:15:13,110 stage port which is the 22 always DCP port can see some of the high ports open such as 9 9 2 9 and 3 182 00:15:13,110 --> 00:15:24,070 1 3 3 7 which is for Allied and pink Tash echo and other ports are just filtered. 183 00:15:24,180 --> 00:15:26,180 So this is just a basic scan with a map. 184 00:15:26,190 --> 00:15:31,020 We will continue with some of the more advanced scans in the next lecture and I hope I see you there 185 00:15:31,260 --> 00:15:31,500 by.