1
00:00:00,720 --> 00:00:05,950
Active information gathering with Metasploit scanning is an active information gathering technique,

2
00:00:06,150 --> 00:00:11,280
each which in which we will now start dealing with the target directly.

3
00:00:11,760 --> 00:00:17,340
So port scanning is an interesting process of information gathering, so it involves a deeper search

4
00:00:17,340 --> 00:00:18,420
of the target machine.

5
00:00:18,600 --> 00:00:22,830
But science active for scanning involves reaching out to the target systems.

6
00:00:23,430 --> 00:00:27,450
These activities can be detected by firewalls and intrusion preventing systems.

7
00:00:28,080 --> 00:00:35,940
So there are a variety of scanners available to us within the Metasploit Framework to allow A. to properly

8
00:00:35,940 --> 00:00:39,900
enumerate and the trigger systems to list all the available ports.

9
00:00:39,900 --> 00:00:41,160
Airports can mid-Wales.

10
00:00:41,160 --> 00:00:48,520
You can use the search command like that, for example, search ports, scout ops.

11
00:00:48,840 --> 00:00:52,440
We have to start Metasploit first immersive console.

12
00:00:53,800 --> 00:01:01,350
And then, uh, use search command to search Potiskum go.

13
00:01:02,330 --> 00:01:06,590
Unless you can see we have a serious here that's going to support.

14
00:01:07,760 --> 00:01:15,680
So we will use TPM ports, guns so we can start by doing a basic thesepeople scan within the TCP, ports

15
00:01:15,700 --> 00:01:16,720
can actually remodel.

16
00:01:16,740 --> 00:01:20,480
So, uh, see what we can find sensitive zipper ports can.

17
00:01:20,480 --> 00:01:24,260
That actually model doesn't need administrative privileges on the source machine.

18
00:01:24,560 --> 00:01:31,400
It can be extremely useful when piloting saw to run the DC ports are going to result in axillary module.

19
00:01:31,670 --> 00:01:38,750
We need to set them up, uh, our host to get to a target range of here.

20
00:01:39,230 --> 00:01:44,090
So now, actually, now I will start our year of.

21
00:01:46,160 --> 00:01:50,780
Sure, let's set the resolution a bit higher resolution.

22
00:01:53,690 --> 00:01:54,290
Yes.

23
00:02:01,990 --> 00:02:05,080
This configuration here and then.

24
00:02:06,050 --> 00:02:06,310
Yes.

25
00:02:09,800 --> 00:02:10,130
So.

26
00:02:12,040 --> 00:02:17,450
Now I will of I will open our target machine.

27
00:02:17,470 --> 00:02:19,360
This is Metasploit about here.

28
00:02:20,060 --> 00:02:26,550
Uh, this is just an exploitable Linux machine for, uh, penetration testing here.

29
00:02:27,020 --> 00:02:28,450
Uh, so let's open it.

30
00:02:29,200 --> 00:02:30,700
Uh, Metasploit about.

31
00:02:32,050 --> 00:02:39,070
And I think this is it's ingenious name Metasploit able.

32
00:02:40,620 --> 00:02:42,270
Here and play.

33
00:02:43,790 --> 00:02:44,300
Yes.

34
00:02:45,020 --> 00:02:45,530
Yes.

35
00:02:46,910 --> 00:02:51,830
And it's the Windows Capture Window Capture, Metasploit Tumble.

36
00:02:53,990 --> 00:02:55,370
Support very much trying to.

37
00:03:00,150 --> 00:03:03,990
Yes, this is our greatest political machine here.

38
00:03:09,710 --> 00:03:15,080
Properties automatic windows on this Metasploit A.

39
00:03:15,740 --> 00:03:18,350
That's decrease the size a little bit.

40
00:03:19,970 --> 00:03:21,650
So I will look in here.

41
00:03:21,890 --> 00:03:31,530
Actually, they are in the, uh, same net network here, so, uh, emissive admin and admin and password

42
00:03:31,530 --> 00:03:32,970
this massive item in here.

43
00:03:33,860 --> 00:03:34,180
Oh.

44
00:03:36,030 --> 00:03:36,880
You can see here.

45
00:03:42,310 --> 00:03:44,050
Then we will use.

46
00:03:45,160 --> 00:03:52,810
Let's open up the next machine here now, and we will use axillary that scans Typekit port, so uh,

47
00:03:52,810 --> 00:03:56,710
actually he has to A.C. proportionate.

48
00:03:56,710 --> 00:04:06,010
As you can see, there's a description here, so use a auxiliary scanner, UM port scan or scan and

49
00:04:06,570 --> 00:04:14,800
ECP it you can see here with, uh, used it and we have to set some properties to it.

50
00:04:14,810 --> 00:04:18,040
So as you can see here, uh, options start.

51
00:04:18,280 --> 00:04:24,430
So the concurrency, this isn't the number of concurrent ports to check per host delay.

52
00:04:24,430 --> 00:04:27,160
The delay between connections pushed through in milliseconds.

53
00:04:27,370 --> 00:04:32,950
So how much your delay is, the much, uh, your, uh, scan will not be less noticeable.

54
00:04:33,400 --> 00:04:40,600
So now we have thread the number of concurrent threads max run per host and time out, and we have rehearsed

55
00:04:40,840 --> 00:04:43,960
so we can determine the source, uh, here, as you can see here.

56
00:04:44,380 --> 00:04:47,320
So we will edit our hosts here.

57
00:04:47,800 --> 00:04:51,010
So the set up costs.

58
00:04:51,340 --> 00:04:54,880
So as you know, we opened our, uh, machine.

59
00:04:54,970 --> 00:05:00,280
Um, we opened our Metasploit, uh, virtual machine in the same network.

60
00:05:00,280 --> 00:05:03,880
So carry the main exploitable is on the same network.

61
00:05:03,880 --> 00:05:13,600
So let's let's uh, well, let's see what um is our uh, lan ip IP actually ifconfig ifconfig.

62
00:05:14,020 --> 00:05:15,490
And as you can see it here.

63
00:05:15,670 --> 00:05:23,860
So now, uh, then uh, we will enter, uh, here, our IP here.

64
00:05:28,330 --> 00:05:28,690
Yes.

65
00:05:32,570 --> 00:05:41,540
And zero, 24, because as you can see here, this is three times 255 and because this is 24, so we

66
00:05:41,540 --> 00:05:44,330
will search only these changeable eyepiece.

67
00:05:44,780 --> 00:05:51,800
So I appear engines zero to 24 broadcast here, as you can see political stripes here.

68
00:05:52,340 --> 00:06:00,440
So now we will set the threads 200 cent rates, who said threads?

69
00:06:00,860 --> 00:06:02,060
Uh, two hundred.

70
00:06:03,760 --> 00:06:05,170
Upstart's, thanks a lot.

71
00:06:06,430 --> 00:06:08,140
And let's see what we have done.

72
00:06:08,410 --> 00:06:13,540
Three hundred and Typekit and just, uh, from zero to 255 55.

73
00:06:14,020 --> 00:06:18,910
And um, so now, uh, we can start here.

74
00:06:18,910 --> 00:06:19,270
So.

75
00:06:20,900 --> 00:06:21,410
All right.

76
00:06:24,400 --> 00:06:25,840
Hillary is running, no.

77
00:06:26,020 --> 00:06:28,660
It might take some time, but we are.

78
00:06:28,810 --> 00:06:31,210
We increased our threats here.

79
00:08:25,420 --> 00:08:30,580
As you can see here, we found some more compounds in this IP address.

80
00:08:30,610 --> 00:08:37,150
And as you can see, three three eight nine is open uh, seven five eight zero is open.

81
00:08:37,420 --> 00:08:41,980
And this may take some time for it to find open ports.

82
00:08:42,340 --> 00:08:49,240
Uh, which is axillary, but there is a bairstow's such as, uh, any map to find open ports, uh,

83
00:08:49,240 --> 00:08:50,470
faster than this.