1
00:00:00,150 --> 00:00:02,120
Hello everybody and welcome back to the.

2
00:00:02,160 --> 00:00:04,710
Part Three tutorial of a map.

3
00:00:04,750 --> 00:00:11,400
Now we will cover some of the more advanced scans that we will use in order to figure out for example

4
00:00:11,460 --> 00:00:15,090
depression or process running on a particular open port.

5
00:00:15,150 --> 00:00:21,900
So let's just type here once again and map in order to see our available options and let us for example

6
00:00:21,930 --> 00:00:26,370
try to detect the operating system running on my vendor's machine.

7
00:00:26,430 --> 00:00:33,050
Now as in the previous video the IP address of my windows machine is 192 that 168 that one that for

8
00:00:33,870 --> 00:00:39,420
so we will find here the option for the operating system which is I believe minus.

9
00:00:39,430 --> 00:00:40,520
Oh here we go.

10
00:00:40,650 --> 00:00:43,760
Says enable always detection.

11
00:00:43,770 --> 00:00:48,960
Now you can add some of these specific options as it says right here or says scan limit.

12
00:00:48,960 --> 00:00:53,700
Limit those detection to promising targets or a guess or is more aggressively.

13
00:00:53,700 --> 00:00:55,220
So we will just type here.

14
00:00:55,230 --> 00:00:57,870
The basic math which is just minus.

15
00:00:57,880 --> 00:01:05,860
Oh so here we just type here and map minus 0 and then the 182 that 168 that one for which is my window

16
00:01:05,860 --> 00:01:07,620
stat machine.

17
00:01:07,620 --> 00:01:12,700
Now we can press the upper arrow in order to see how long it will take.

18
00:01:12,750 --> 00:01:19,110
And it should finish any second right now and we can see right here.

19
00:01:19,300 --> 00:01:21,820
These are the open ports the MAC address right here.

20
00:01:21,820 --> 00:01:27,160
Warning always results may be unreliable because we could not find at least one open and one closed

21
00:01:27,160 --> 00:01:29,680
port device type general purpose.

22
00:01:29,680 --> 00:01:32,610
And it is just saying right here running.

23
00:01:32,710 --> 00:01:35,720
Just guessing Microsoft Windows XP.

24
00:01:35,740 --> 00:01:37,840
Now as you can see this is wrong right here.

25
00:01:37,900 --> 00:01:40,110
I am not running the XP.

26
00:01:40,110 --> 00:01:41,710
I am running Windows 10.

27
00:01:41,740 --> 00:01:49,550
So this scan can be wrong and sometimes it doesn't get 100 percent every time you scan it.

28
00:01:49,570 --> 00:01:51,370
Now it does gets most of the time.

29
00:01:51,400 --> 00:01:54,540
But as we can see right here it didn't get it right now.

30
00:01:54,550 --> 00:02:01,300
Now we can see the that it keeps us some of the other options as well such as aggressive always guesses

31
00:02:01,330 --> 00:02:08,700
which is Microsoft Windows XP XP to Microsoft Windows Server or Microsoft Windows in 2008.

32
00:02:08,800 --> 00:02:13,340
We can see that none of this is true so this scan didn't work for us.

33
00:02:13,360 --> 00:02:21,610
Let me just clear right here but let us just try to for example scan the operating system of my own

34
00:02:21,610 --> 00:02:24,040
Linux machine which is on my laptop.

35
00:02:24,130 --> 00:02:29,660
The IP address of my laptop is ninety 92 that on 68 that on the 15th.

36
00:02:30,010 --> 00:02:31,570
Let's just paste that right here

37
00:02:34,460 --> 00:02:35,130
here.

38
00:02:35,560 --> 00:02:43,660
Yes we forgot to specify the minus 0 which stands for the operating system scan.

39
00:02:43,730 --> 00:02:45,400
So let's just see right here.

40
00:02:45,410 --> 00:02:50,240
And as we can see it says it is running Linux which is correct.

41
00:02:50,240 --> 00:02:57,890
So basically it will just print to the open ports the MAC address and the guess of the operating system

42
00:02:57,920 --> 00:02:59,820
that the target is running.

43
00:03:00,590 --> 00:03:05,430
Now you can also do as we can see right here we can try to candy.

44
00:03:05,450 --> 00:03:06,680
Can we talk about that.

45
00:03:06,750 --> 00:03:07,970
OK.

46
00:03:07,970 --> 00:03:10,600
Or we can also try to scan the metals printable.

47
00:03:10,670 --> 00:03:15,350
So basically once you open limitless collectible since you don't have it open right now just type here

48
00:03:15,380 --> 00:03:16,370
in the command line.

49
00:03:16,370 --> 00:03:22,640
Once you logged in with the user name and password MSF admin and NSF admin just type there I have config

50
00:03:23,180 --> 00:03:29,120
and basically find out what the IP addresses on the methods potable and just use it from your clinic's

51
00:03:29,120 --> 00:03:31,790
machine in the net and scan.

52
00:03:32,540 --> 00:03:39,040
So right here let me just check out the site name once again since I was can this one which is copied

53
00:03:39,380 --> 00:03:44,940
it will type here and map minus 0 and then we paste the site name.

54
00:03:45,030 --> 00:03:49,210
Well let's find out what operating system is running on that Web site

55
00:03:53,310 --> 00:03:55,910
now since this is not in my local network.

56
00:03:55,930 --> 00:04:02,580
This will take longer to finish as you notice right here but not too long.

57
00:04:02,650 --> 00:04:05,720
It should finish any second right now.

58
00:04:06,210 --> 00:04:13,170
But that is just wait for this to finish so we can see our output and the scan has finished.

59
00:04:13,180 --> 00:04:15,090
This can mean that and that org.

60
00:04:15,190 --> 00:04:22,030
We also got all these ports open which we also saw in the previous videos and we got the operating system

61
00:04:22,300 --> 00:04:24,780
and it says just guessing Linux.

62
00:04:25,180 --> 00:04:31,420
Now it is probably running Linux but we cannot that with 100 percent since I don't own that machine

63
00:04:31,510 --> 00:04:37,050
and I don't know what type of Linux does it have as it says right here aggressive always guesses.

64
00:04:37,060 --> 00:04:43,180
Linux 4.0 for 89 percent now let's see some of the other options.

65
00:04:43,180 --> 00:04:50,590
We can also use instead of the operating system we can cover the minus as sweet as we can see it is

66
00:04:50,590 --> 00:04:56,770
the service and version detection as we probe open ports to determine service version info.

67
00:04:56,770 --> 00:05:04,150
There are also some of the other options right here for the SB for the S3 option but we go for now on

68
00:05:04,150 --> 00:05:06,400
just use D minus XP.

69
00:05:06,430 --> 00:05:18,200
So let me scan once again my Windows 10 machine so minus Asli will also type here D minus 40 verbosity

70
00:05:18,590 --> 00:05:26,570
and we will take you 190 to that 168 that one that for which is the IP address of my windows time machine.

71
00:05:26,570 --> 00:05:33,260
Now as I said before you can either scan their website candidate and talk your host machine or your

72
00:05:33,260 --> 00:05:37,670
methods portable in order to check out the output of this again.

73
00:05:37,760 --> 00:05:39,340
So let us see right here.

74
00:05:39,380 --> 00:05:47,300
It prints us the open port as we remember those are these three and hopefully it will print out the

75
00:05:47,330 --> 00:05:50,020
version of these services running there.

76
00:05:50,210 --> 00:05:51,870
And as we can see it does.

77
00:05:51,890 --> 00:05:57,940
And right here we have on the open port Microsoft the S which is the service the version is Microsoft

78
00:05:57,940 --> 00:06:07,920
Windows 7 minus 10 Microsoft the s workgroup workgroup diversion for the Net bias minus 5 percent is

79
00:06:07,920 --> 00:06:08,930
Microsoft Windows.

80
00:06:08,940 --> 00:06:18,350
Net bias minus a percent so as we previously saw the we can't even get some of the information from

81
00:06:18,350 --> 00:06:26,250
the bullshit scan as we saw in the previous scan the operating system scan it said For my window 10

82
00:06:26,330 --> 00:06:32,210
machine that it was XP and right here when we kept the invasion we can see Microsoft Windows 7 minus

83
00:06:32,210 --> 00:06:34,300
10 Microsoft.

84
00:06:34,330 --> 00:06:42,040
So basically we can notice from that that some of the operating system scans are not really correct.

85
00:06:42,190 --> 00:06:48,120
And you can use the common sense which says Well most of the people today don't even use Windows XP

86
00:06:48,130 --> 00:06:53,240
since you since it is basically an open machine.

87
00:06:53,280 --> 00:07:00,600
So now that we checked out the version of services running on my windows hosts let's check out the service

88
00:07:01,470 --> 00:07:04,710
and versions running on this can meet and map dot org.

89
00:07:04,710 --> 00:07:10,830
So we will type once again minus a suite for scanning the versions and then the name of the website

90
00:07:13,120 --> 00:07:20,440
as you may have noticed the map can take the website name and the IP address as well.

91
00:07:20,450 --> 00:07:22,120
Doesn't just have to be the IP address.

92
00:07:22,120 --> 00:07:31,040
We can also type here the domain name as you can see and it will work properly so let's just see what

93
00:07:31,040 --> 00:07:35,460
percentage is this currently it doesn't want to show us.

94
00:07:35,480 --> 00:07:37,720
But it should be over soon

95
00:07:41,680 --> 00:07:47,890
and scan has finished for these can mean that and up the talk and we can see that only the open ports

96
00:07:48,100 --> 00:07:55,810
got the version which is normal since in the filter ports they have probably a firewall that is blocking

97
00:07:55,930 --> 00:08:03,010
our packets in order to find out what version they're running so we can see on open ports which is 22

98
00:08:03,100 --> 00:08:09,100
and 80 which is for the SSA which we can see the diversion they're running is open a say six six point

99
00:08:09,100 --> 00:08:11,950
six point one two one two.

100
00:08:11,950 --> 00:08:22,660
And on the 80 DCP open port we can see the Apache two point four point seven on the open to so as we

101
00:08:22,660 --> 00:08:29,350
did in previous video if you for example wanted to write that into a file just type here two arrows

102
00:08:29,440 --> 00:08:32,340
and then results topped the same.

103
00:08:32,790 --> 00:08:36,390
Now we won't be doing that since I already showed you how to do that.

104
00:08:36,850 --> 00:08:44,140
We can cover one more option in this tutorial which will be D minus a option as we can see it basically

105
00:08:44,140 --> 00:08:51,770
does multiple things such as enable or is detection vision detection script scanning and Trace throughout.

106
00:08:51,850 --> 00:08:58,930
So this will and this will enable the detection to also print out the vision of the services and it

107
00:08:58,930 --> 00:09:07,180
will also scan for some of the scripts and we can see right here if we type here and map minus three

108
00:09:07,330 --> 00:09:17,840
minus capital eight and then scan me and map the org we can see if the results from this can will differ

109
00:09:18,200 --> 00:09:25,600
from the result of the previous scan now this game can take a little bit longer since it is scanning

110
00:09:25,870 --> 00:09:32,830
for the for multiple stuff instead of just a single star such as for example the operating system scan.

111
00:09:33,110 --> 00:09:37,120
This is scanning operating system and version and script and trace right.

112
00:09:37,130 --> 00:09:44,380
So it will take a little bit longer as we can see it is discovering ports at the moment.

113
00:09:44,480 --> 00:09:52,130
And now the scanning services basically determining what version are they running.

114
00:09:52,130 --> 00:09:55,070
And now it is ignition code detection as we can see right here.

115
00:09:55,100 --> 00:09:56,980
Try one trade too OK.

116
00:09:57,020 --> 00:10:02,580
It should be finishing soon enough.

117
00:10:02,950 --> 00:10:07,280
It says that the only 37 percent has finished

118
00:10:12,160 --> 00:10:14,760
OK it should finish right here.

119
00:10:14,870 --> 00:10:15,670
Yeah it's finished.

120
00:10:16,210 --> 00:10:21,610
So with you can see that this print printed out a bunch of the options.

121
00:10:21,700 --> 00:10:31,750
For example here under the DCP SS each port we see the SSA Jakosky which is right here I think that

122
00:10:31,750 --> 00:10:39,940
in the previous in the previous scan we even saw the 25 DCP port which is checkout doesn't even matter.

123
00:10:39,940 --> 00:10:40,870
I can't remember it.

124
00:10:40,870 --> 00:10:48,880
It was probably there and under the open SDP Apache port we can also see the version and also here under

125
00:10:48,880 --> 00:10:57,010
the port 80 which is the Apache P two point four point seven a one two we can see these supported methods

126
00:10:57,070 --> 00:11:00,310
on the website which are options get set post.

127
00:11:00,420 --> 00:11:07,010
Now these are this is the information that we didn't really see in any of the previous scans so let

128
00:11:07,010 --> 00:11:10,550
me just check out what else we have here as well as the.

129
00:11:11,660 --> 00:11:20,060
So here we have the standard always detection which is Linux four point four on the eighty nine percent.

130
00:11:20,060 --> 00:11:26,840
And here we have the trace right now Chris Stroud is basically the path that my vector machine took

131
00:11:26,930 --> 00:11:34,760
in order to connect to the end map so we can see that we are familiar with the first ip address that

132
00:11:34,760 --> 00:11:36,600
it took which is my router.

133
00:11:36,770 --> 00:11:43,880
So basically it is normal to have your writer router as a first starting point in the trace route and

134
00:11:43,880 --> 00:11:49,840
then it proceeded to other DNS servers in order to find out the IP address on the end map.

135
00:11:49,880 --> 00:11:57,860
So Trace rank can be useful sometimes mostly in troubleshooting but it can be used for other things

136
00:11:57,950 --> 00:11:58,520
as well.

137
00:11:58,520 --> 00:12:05,510
We can see that the end may have finished one IP address in seventy four seconds which is pretty good.

138
00:12:05,600 --> 00:12:09,560
Most of the map scans can take a lot longer.

139
00:12:09,830 --> 00:12:17,710
Even a few hours so from now on we will just finish that story right here and I will see you in the

140
00:12:17,970 --> 00:12:22,050
end map for tutorial in the next lecture.

141
00:12:22,250 --> 00:12:24,830
Now I hope you're having a great day and take care.