1
00:00:00,600 --> 00:00:02,850
Welcome to part four of this module

2
00:00:05,520 --> 00:00:06,310
in this video.

3
00:00:06,330 --> 00:00:09,730
We're going to be taking a look at Sparta.

4
00:00:09,750 --> 00:00:15,880
Sparta is a network infrastructure penetration testing tool that was designed by Leo needs.

5
00:00:15,890 --> 00:00:24,390
Stanley Otis it is in fact a kind of all in one Swiss army knife of a program which contains several

6
00:00:24,390 --> 00:00:29,410
other tools and even provides the option of adding more tools to it.

7
00:00:29,430 --> 00:00:34,510
Sparta is designed to run many of these programs more or less back to back.

8
00:00:34,530 --> 00:00:41,820
And all in one place for convenience it is meant to help penetration testers during the scanning and

9
00:00:41,820 --> 00:00:44,580
enumeration phases of pen test.

10
00:00:44,580 --> 00:00:50,190
When you give it a host to scan it runs many of its programs in the background and displays the information

11
00:00:50,640 --> 00:00:59,850
in a single user interface as was the case with Dimitri I was at something of a loss to know just where

12
00:00:59,850 --> 00:01:05,910
to put this module within the progression of this class because while Sparta uses many information gathering

13
00:01:05,910 --> 00:01:11,680
utilities such as and map it also uses several hacking tools.

14
00:01:11,820 --> 00:01:17,820
I intend to cover individual tools and dedicated modules so there's really nowhere I can present this

15
00:01:17,820 --> 00:01:22,820
particular module where each piece will have been previously explained.

16
00:01:23,100 --> 00:01:29,730
So if there is a particular program mentioned in the course of this module that you wish to know more

17
00:01:29,730 --> 00:01:38,800
about Please look through the sections until you find the module that corresponds to that tool since

18
00:01:38,800 --> 00:01:46,000
the creators of Kelly 2.0 have classified Sparta as an information gathering tool under that category.

19
00:01:46,030 --> 00:01:52,240
That is where I have placed this this module within the class progression.

20
00:01:52,240 --> 00:01:59,530
Sparta requires updated Python libraries to run and these should be included with any up to date version

21
00:01:59,530 --> 00:02:01,120
of Kelly Linux.

22
00:02:01,150 --> 00:02:05,890
If not it will be necessary to install two dependencies.

23
00:02:05,890 --> 00:02:15,100
Python elixir and Python Kuti for Sparta also requires and map Hydra and Kuti capped to be installed

24
00:02:15,130 --> 00:02:17,140
in order to function properly.

25
00:02:17,170 --> 00:02:20,520
These also come prepackaged with.

26
00:02:20,830 --> 00:02:27,040
It is possible to include additional tools into Sparta to do this you would need to edit the configuration

27
00:02:27,040 --> 00:02:35,860
file for example if you wish to add the use of an NSC script to the use of n map scans you could simply

28
00:02:35,860 --> 00:02:41,680
set that in the config file and Sparta will use those settings when it utilizes the end map utility

29
00:02:42,190 --> 00:02:45,580
on all of its future runs to add new tools.

30
00:02:45,580 --> 00:02:49,570
You simply need to add its information to the config file.

31
00:02:49,600 --> 00:02:54,550
The same goes for any changes you wish to make to house said tool operates.

32
00:02:54,550 --> 00:03:00,370
The authors of Sparta have stated that they plan to add a settings menu within the program to allow

33
00:03:00,370 --> 00:03:05,970
you to make these changes without having to mess with the configuration file and potentially damage

34
00:03:05,970 --> 00:03:07,940
a program if you make a mistake.

35
00:03:08,020 --> 00:03:11,470
So keep an eye out for that option within future versions.

36
00:03:12,820 --> 00:03:24,180
To load Sparta we just go to applications information gathering and click on Sparta.

37
00:03:24,190 --> 00:03:29,620
It is also possible to load directly from the terminal window by typing Sparta.

38
00:03:29,740 --> 00:03:35,260
In either case a small terminal window will open in the background which acts kind of like a running

39
00:03:35,260 --> 00:03:41,360
a log file that will display the actions you are taking within Sparta as they are happening.

40
00:03:41,470 --> 00:03:46,330
The main window for Sparta is a graphical interface seen right here.

41
00:03:49,010 --> 00:03:53,190
So we'll go through this step by step starting from the top.

42
00:03:53,360 --> 00:04:02,930
The final menu new will allow you to create a new project open will let you open any saved Sparta projects

43
00:04:02,930 --> 00:04:13,110
you might have save and save as are obvious add hosts to scope allows you to add either a target IP

44
00:04:13,110 --> 00:04:21,930
address or a range of eyepiece import and map will allow you to import and map excel file.

45
00:04:22,110 --> 00:04:27,900
So for example if you already ran a scan using and map against a target and saved the results as an

46
00:04:27,900 --> 00:04:34,260
Excel file you can then import that file into Sparta and then still be able to run all the other tests

47
00:04:34,260 --> 00:04:35,730
that come with Sparta.

48
00:04:35,730 --> 00:04:41,130
This can be a time saver in the case of a very large network.

49
00:04:41,560 --> 00:04:48,700
Unfortunately with regards to the help option this button doesn't seem to work.

50
00:04:48,700 --> 00:04:54,160
I'm honestly not certain if it is a compatibility issue or a glitch.

51
00:04:54,160 --> 00:05:00,280
The option used to work with older versions of Cali and backtrack so my suspicion is it is a problem

52
00:05:00,280 --> 00:05:06,620
specific to Cali 2.0 and something that the designers will eventually fix.

53
00:05:06,730 --> 00:05:12,510
By all means try the button yourself but if nothing comes up then your guess is as good as mine.

54
00:05:12,520 --> 00:05:17,990
There is however plenty of help and documentation that can be found online through a simple search.

55
00:05:18,220 --> 00:05:21,790
So if you run into problems it shouldn't really matter.

56
00:05:21,790 --> 00:05:25,060
Still it would be nice if this glitch was corrected in future versions.

57
00:05:27,510 --> 00:05:29,640
Now we'll move down to the scan tab.

58
00:05:31,050 --> 00:05:41,180
You can see under it that it has three sub tabs it has hosts which you can click on here to add your

59
00:05:41,180 --> 00:05:45,500
target IP address that Sparta will scan.

60
00:05:45,560 --> 00:05:53,570
It shows you the various format options for how you can enter the IP such as for example a range such

61
00:05:53,570 --> 00:05:58,820
as for example a range of IP addresses or you could just enter a single host in there which is what

62
00:05:58,820 --> 00:06:01,450
we will be doing in this demonstration.

63
00:06:01,460 --> 00:06:11,050
You can also set to run and map hosted discovery as well as in map staged scans.

64
00:06:11,060 --> 00:06:15,490
I'll talk a little bit more about this as we get into running them.

65
00:06:15,500 --> 00:06:21,340
This is the default behavior with Sparta and it makes it run more quickly and smoothly.

66
00:06:21,560 --> 00:06:27,110
Whenever you're running a staged scan so closing out of this we go to the services tab

67
00:06:29,990 --> 00:06:35,210
there isn't going to be anything here yet but this is where your discovered services of your target

68
00:06:35,240 --> 00:06:43,000
are going to be listed after running your scans you'll hopefully see a list of maybe each GDP or FCP

69
00:06:43,030 --> 00:06:52,060
or SS H or anything else found in your target host as your scans are running your tools tab is a window

70
00:06:52,060 --> 00:06:59,170
that shows which tools are currently in operation such as any map or Hydra you can click on each one

71
00:06:59,170 --> 00:07:06,980
and the individual results of each tool will show up in these windows if we go over to the brute.

72
00:07:06,980 --> 00:07:16,530
Tab this is where we can setup the brute force password settings you would give it the IP address of

73
00:07:16,530 --> 00:07:23,060
your hosts and the port that you are going against and the service.

74
00:07:23,070 --> 00:07:29,020
You can see that it has a rather lengthy list of services you can attack in the drag down menu.

75
00:07:29,160 --> 00:07:30,870
For example

76
00:07:33,560 --> 00:07:35,210
if you wish to brute force

77
00:07:38,540 --> 00:07:44,780
FCP service you could just set it and then for the rest of these services just leave them as default

78
00:07:47,510 --> 00:07:50,020
with regards to the user name and password.

79
00:07:50,030 --> 00:07:55,060
You actually have three different options about how to proceed.

80
00:07:55,100 --> 00:08:02,780
The first grouping that is to say these two right here root and password is for situations where you

81
00:08:02,780 --> 00:08:07,780
already know the user name or you already know the password or both.

82
00:08:07,790 --> 00:08:15,120
You can specify them here by changing the default options if you click the radial buttons

83
00:08:18,370 --> 00:08:20,720
and don't specify anything sport.

84
00:08:20,780 --> 00:08:26,680
It will automatically use root and password as default username and password.

85
00:08:26,680 --> 00:08:35,130
The second grouping over here is to set a username and password list.

86
00:08:35,150 --> 00:08:42,440
This would be a text file containing letters words numbers which you would select by clicking the browse

87
00:08:42,440 --> 00:08:42,920
button.

88
00:08:45,080 --> 00:08:51,720
And then navigating to it Sparta will then attempt to brute force usernames and passwords using these

89
00:08:51,720 --> 00:08:54,930
lists.

90
00:08:55,160 --> 00:08:59,630
You can use common dictionary word which you can use made from downloaded off the Internet.

91
00:08:59,900 --> 00:09:06,990
You could use Sparta as somewhat limited built enlist or you can create your own list.

92
00:09:07,020 --> 00:09:13,460
This last option is particularly useful if you already know something about your target and if you already

93
00:09:13,460 --> 00:09:22,530
know some of the targets usernames and passwords from other compromised systems you can also use certain

94
00:09:22,530 --> 00:09:30,390
applications within Cali such as Cupp and cool to custom build word lists that are tailored to a specific

95
00:09:30,390 --> 00:09:34,160
target based on information you give them.

96
00:09:34,350 --> 00:09:38,850
More on this in future modules.

97
00:09:38,900 --> 00:09:44,170
The second option would be to select your options from two different groups.

98
00:09:46,780 --> 00:09:50,520
For example if you know the user name but you don't know the password.

99
00:09:50,650 --> 00:09:52,270
You can set the user name

100
00:09:58,880 --> 00:10:05,760
and then click the second password entry and use a word list to try to guess the password.

101
00:10:05,870 --> 00:10:11,380
The success or failure of this method is dependent upon what type of system you're running.

102
00:10:11,540 --> 00:10:15,990
How much time you want to spend and the security practices of your target.

103
00:10:16,040 --> 00:10:22,640
Functionally speaking a single word password is very easy to crack as is a simple password containing

104
00:10:22,640 --> 00:10:24,200
just a couple of numbers.

105
00:10:24,450 --> 00:10:30,770
The longer and more complex the password though the harder it is to crack a word from a dictionary might

106
00:10:30,770 --> 00:10:37,310
take 10 seconds while a string of letters and numbers of varying capitalization with symbols included

107
00:10:37,310 --> 00:10:43,430
would be practically impossible if you devoted thousands of years to the activity.

108
00:10:43,520 --> 00:10:50,030
Unfortunately where most ports are concerned you would be amazed at how often default passwords are

109
00:10:50,030 --> 00:10:56,120
used since the average person simply doesn't think to defend against this kind of a cyber attack by

110
00:10:56,120 --> 00:10:59,690
setting up strong passwords.

111
00:10:59,750 --> 00:11:08,840
So for example if we browse we'll go to the desktop and I've already set up a word list here so I'll

112
00:11:08,840 --> 00:11:16,580
click open and now it would use the user name I specify which in this case was user name and the word

113
00:11:16,580 --> 00:11:17,810
list I specified

114
00:11:20,200 --> 00:11:21,660
finally.

115
00:11:21,790 --> 00:11:26,380
You can select found usernames and passwords as your third option.

116
00:11:26,380 --> 00:11:32,290
In which case the tool will use any user names or passwords that it has already found to brute force

117
00:11:32,320 --> 00:11:35,470
subsequent accounts that it comes across.

118
00:11:35,530 --> 00:11:40,270
Once you have everything set you would just click Run to begin brute forcing these password accounts

119
00:11:40,660 --> 00:11:45,120
as it's running everything is going to show up in the log window at the bottom of the screen.

120
00:11:45,190 --> 00:11:49,370
That's pretty much it as far as the basic options that are available to you.

121
00:11:52,540 --> 00:11:57,370
So let's now dive into doing actual scans with the tool before we begin though.

122
00:11:57,370 --> 00:12:04,050
There's one option I would like to change and it strongly recommended that you do the same.

123
00:12:04,060 --> 00:12:09,160
There is one change that I want to make to the config file for Sparta by default.

124
00:12:09,160 --> 00:12:15,760
When you add a host it will automatically start running all of its pre configured tools against that

125
00:12:15,760 --> 00:12:16,920
host.

126
00:12:17,020 --> 00:12:22,060
All of these tools will fire up more or less at the same time and start their processes against the

127
00:12:22,060 --> 00:12:23,290
target.

128
00:12:23,290 --> 00:12:30,280
This is probably not a good idea though it needs to be remembered that this is an active scan and you

129
00:12:30,280 --> 00:12:32,790
are actually going against a target.

130
00:12:32,920 --> 00:12:39,040
So if you're running all of this stuff at the same time it's not exactly going to be stealthy on your

131
00:12:39,040 --> 00:12:40,850
target's network.

132
00:12:41,050 --> 00:12:49,080
You may just want to break it up and do one at a time and only run one or two of these tools at a time.

133
00:12:49,310 --> 00:12:55,360
So to change this behavior we need to open up the Sparta configuration file which is located under a

134
00:12:55,360 --> 00:12:58,180
user shared Sparta

135
00:13:02,000 --> 00:13:02,940
right here.

136
00:13:07,170 --> 00:13:11,070
If we open it up here and scroll up to the general settings

137
00:13:16,610 --> 00:13:21,350
this enables scheduler setting is what we want to change from true to false

138
00:13:30,750 --> 00:13:32,430
make sure that you save the file

139
00:13:35,620 --> 00:13:39,820
and make doubly sure that you close Sparta down and restarted

140
00:13:46,020 --> 00:13:48,330
this holds true of any time you make a change.

141
00:13:48,330 --> 00:13:52,400
The Sparta config file otherwise it will not work the way you set it up

142
00:13:56,560 --> 00:14:00,270
so we reload Sparta and we're back.

143
00:14:03,060 --> 00:14:08,680
Setting the scheduler like that just gives you more control over how your scans are going to take place.

144
00:14:08,730 --> 00:14:13,830
It will still run its and map scan by default but your other tools are not going to launch until you

145
00:14:13,830 --> 00:14:14,920
tell them to.

146
00:14:15,240 --> 00:14:19,800
At the end of this module I will do a quick demonstration of what it looks like when you run against

147
00:14:19,800 --> 00:14:22,790
a target without having changed the setting.

148
00:14:22,860 --> 00:14:27,810
It is ultimately up to you of course and you can always change it back to true if you prefer it that

149
00:14:27,810 --> 00:14:28,560
way.

150
00:14:29,470 --> 00:14:32,760
All right to get started with the scan.

151
00:14:32,760 --> 00:14:37,650
The only thing that we need to do is add our target for this demonstration.

152
00:14:37,650 --> 00:14:43,920
I've set up a meet a splitter Bill VM here in the office and that is what I'm going to be running against

153
00:14:43,950 --> 00:14:45,960
for all of my scans.

154
00:14:45,990 --> 00:14:49,300
You can select any target that you have available in your lab.

155
00:14:49,330 --> 00:14:51,680
Once again a word of caution.

156
00:14:51,750 --> 00:14:53,860
This is not a passive scanning tool.

157
00:14:57,320 --> 00:15:03,320
Never run this program against any computer that you do not either own or have written permission from

158
00:15:03,320 --> 00:15:05,120
the owner to pen test.

159
00:15:05,120 --> 00:15:07,980
Otherwise you could be in violation of the law.

160
00:15:08,030 --> 00:15:22,610
So I'm going to enter that network I address of my older scintillating tools like Hydra.

161
00:15:22,910 --> 00:15:29,740
I'm going to leave the default settings checked and then we'll just click Add to scope.

162
00:15:29,950 --> 00:15:36,140
You can see that as soon as I do that the end map starts its scan it shows us a staged scan

163
00:15:38,910 --> 00:15:41,060
you can actually see this in the config file.

164
00:15:41,070 --> 00:15:48,510
If you open it back up under staged and map settings you can see the type of scan that and map is going

165
00:15:48,510 --> 00:15:51,510
to run on each stage of its scan.

166
00:15:51,510 --> 00:15:55,520
Stage one only does ports 80 and 443.

167
00:15:55,560 --> 00:15:58,110
Stage 2 as additional ports.

168
00:15:58,110 --> 00:16:02,160
Stage 3 adds a few more ports and so on.

169
00:16:02,160 --> 00:16:09,120
Doing it this way actually gets you results back faster rather than scanning through all sixty five

170
00:16:09,120 --> 00:16:16,260
thousand five hundred and thirty five ports at one time so we'll just close this out again at each step

171
00:16:16,320 --> 00:16:19,990
it gives you the status of if the stage has been finished or not.

172
00:16:20,220 --> 00:16:23,890
And here it shows all the ports and services that we have available.

173
00:16:24,180 --> 00:16:29,740
Of course with metal splitter Bill you can expect there to be a great many open and exploitable ports.

174
00:16:29,820 --> 00:16:31,670
We'll let this run for just a minute

175
00:16:36,020 --> 00:16:40,430
the way that you get additional tools to run is to go to one of the services

176
00:16:45,470 --> 00:16:52,720
right click on it and this will give you a context menu with a list of options available for each service.

177
00:16:53,000 --> 00:16:57,400
Each menu is therefore going to be slightly different depending on the service.

178
00:16:57,530 --> 00:17:11,530
For instance port 25 gives you the option to enumerate S.M. T.P. if we click another one you can see

179
00:17:11,530 --> 00:17:18,630
that the settings have actually changed.

180
00:17:18,720 --> 00:17:22,130
We're going to take a look at this for port 80.

181
00:17:22,380 --> 00:17:28,680
Each TTP you right click on it and you can see the options that we now have.

182
00:17:28,680 --> 00:17:35,580
We can open it take a screenshot with Kutty capped run what web.

183
00:17:35,680 --> 00:17:43,730
Nick Toh one thing I want to note here however is that there is an issue with web Slayer in Cali 2.0.

184
00:17:43,770 --> 00:17:50,650
It simply isn't installed and as far as I can determine it is not present in the Cali repositories either.

185
00:17:50,880 --> 00:17:57,000
Web Slayer did work with previous versions of Cali and backtrack but much like the Sparta help button

186
00:17:57,540 --> 00:18:01,020
it just didn't survive being ported over to 2.0.

187
00:18:01,290 --> 00:18:06,540
For the moment this option is unavailable even though it is listed and if you try to run it it will

188
00:18:06,540 --> 00:18:09,030
crash sparked it out completely.

189
00:18:09,120 --> 00:18:14,580
Hopefully future versions of either Sparta or Cali will once again include this bit of functionality

190
00:18:15,480 --> 00:18:19,180
what we're actually going to do is run Nick to against it.

191
00:18:19,180 --> 00:18:20,330
Just click on that.

192
00:18:21,170 --> 00:18:24,070
And we can see that a new process is started for Nick to

193
00:18:28,450 --> 00:18:33,510
and if we click on it we can see the information that is being brought back.

194
00:18:33,560 --> 00:18:36,200
It shows you which ports it is going against

195
00:18:39,530 --> 00:18:41,110
and what we're waiting for this to run.

196
00:18:41,120 --> 00:18:44,680
I'll just show you what the terminal window looks like right now.

197
00:18:44,720 --> 00:18:50,270
I mentioned that the terminal window stays open while you're running Sparta and it functions rather

198
00:18:50,270 --> 00:18:53,240
like a log file of everything that you've been doing

199
00:19:02,810 --> 00:19:06,310
so here we can see the information Nic too is discovered.

200
00:19:06,470 --> 00:19:14,280
We can click on the tools tab which shows the targets that it went against.

201
00:19:14,630 --> 00:19:19,940
And the results on the far right of course in this case it was just one target but you could be doing

202
00:19:19,940 --> 00:19:21,860
this against a range of targets.

203
00:19:21,980 --> 00:19:29,690
In addition to being able to run something like Nic to we can go back and launch a net cat session on

204
00:19:29,690 --> 00:19:38,420
port 80 we could even do a telnet as well if we do open browser.

205
00:19:38,420 --> 00:19:46,560
It's just going to open a browser to our target host so as you can see it's a pretty nice tool to use.

206
00:19:46,560 --> 00:19:49,670
Let's go ahead and get rid of this.

207
00:19:49,740 --> 00:19:56,060
Let's go ahead and select.

208
00:19:56,100 --> 00:19:59,250
First off I'm going to actually kill this because it's taking too long

209
00:20:02,400 --> 00:20:05,300
so sport is a pretty nice tool to use.

210
00:20:05,310 --> 00:20:12,280
Let's go ahead and select one of these FCP services we can see the options we have here.

211
00:20:12,280 --> 00:20:20,280
We could do various things but we're going to use the brute forcing method to see what we can get out

212
00:20:20,280 --> 00:20:24,140
of this to try to break into the account information.

213
00:20:24,270 --> 00:20:35,260
If we click send to brute and then come over to the brute tab we can set our options.

214
00:20:35,410 --> 00:20:38,530
You can see that it already has our target address set.

215
00:20:38,830 --> 00:20:45,960
I'm going to set this to a user name and password list that I have prepay pre prepared.

216
00:20:45,980 --> 00:20:51,350
These are just lists that I created for this specific demonstration and they will of course brute force

217
00:20:51,350 --> 00:20:57,190
their way in very quickly your own mileage may vary depending on the security practices of your target

218
00:20:57,230 --> 00:21:00,580
and the strength of your list when you try this yourself

219
00:21:11,960 --> 00:21:15,110
so in this case I have my list on the desktop.

220
00:21:15,110 --> 00:21:16,340
Once you have these things set.

221
00:21:16,370 --> 00:21:23,840
All you need to do is click Run it uses Hydra to do the brute force password cracking.

222
00:21:23,960 --> 00:21:27,170
We can see here that it did find the account

223
00:21:30,460 --> 00:21:37,330
which was the default log in MSF admin password MSF admin.

224
00:21:37,460 --> 00:21:43,490
That's a default for the A Boyd console and we can do the same thing against any of the services that

225
00:21:43,490 --> 00:21:51,320
allow you to brute force their passwords after you've collected all of your data using Sparta.

226
00:21:51,320 --> 00:21:55,160
You're going to want to save your file and your Sparta session.

227
00:21:55,310 --> 00:21:57,890
We can do that by clicking file

228
00:22:00,880 --> 00:22:05,440
save as and name it whatever you wish

229
00:22:12,370 --> 00:22:18,100
click Save it will save everything as a Sparta logic file.

230
00:22:18,110 --> 00:22:19,900
I'll show you what that looks like.

231
00:22:22,250 --> 00:22:23,960
Since I chose to save the desktop

232
00:22:29,610 --> 00:22:31,140
now if we go to the folder here

233
00:22:34,190 --> 00:22:37,000
it created two different objects.

234
00:22:37,090 --> 00:22:43,120
The main Sparta project file and it also created this folder which contains additional folders for each

235
00:22:43,120 --> 00:22:46,500
of the tools that were run during this session.

236
00:22:46,540 --> 00:22:52,140
If we go into these files we can see the particular results from that particular tool

237
00:23:02,380 --> 00:23:06,560
all this information is contained within the Sparta configuration file.

238
00:23:06,610 --> 00:23:12,190
Once you have everything saved if you need to come back to it later you can reload it and just go to

239
00:23:12,190 --> 00:23:13,420
the file.

240
00:23:13,450 --> 00:23:18,830
Actually let me show you I'll close out of this in this.

241
00:23:18,890 --> 00:23:20,080
This is what I'm talking about.

242
00:23:24,180 --> 00:23:35,230
So if we come up here to file open and then we open up our session file as you can see everything is

243
00:23:35,230 --> 00:23:38,630
restored to exactly this point.

244
00:23:38,920 --> 00:23:41,140
One last thing to point out.

245
00:23:41,350 --> 00:23:47,860
If you decide to modify the config file to add your own tools the tool in question must not be one that

246
00:23:47,860 --> 00:23:49,960
requires user input.

247
00:23:49,960 --> 00:23:54,950
What I mean is it must be able to run from start to finish all on its own.

248
00:23:54,950 --> 00:24:01,930
Just keep that in mind as you mess around with this aspect of Sparta Sparta won't allow you to add a

249
00:24:01,930 --> 00:24:09,560
tool that requires user input because the the graphical interface simply won't support it.

250
00:24:09,610 --> 00:24:15,130
So before I end this module I will quickly re edit my configuration file and show you what it looks

251
00:24:15,130 --> 00:24:18,310
like when you run Sparta with the option set to true

252
00:24:22,450 --> 00:24:24,730
so we'll change this option back to true

253
00:24:27,390 --> 00:24:28,260
save the file

254
00:24:34,050 --> 00:24:36,030
and we'll close out of Sparta and reload it

255
00:24:40,160 --> 00:24:43,120
so here we've got a fresh Sparta window open.

256
00:24:43,290 --> 00:24:46,080
I'm going to rehab mine met a split level post.

257
00:24:49,330 --> 00:24:53,470
Add to scope and it will immediately begin to run.

258
00:24:53,470 --> 00:24:56,610
All tools starting with the unmapped scan.

259
00:24:56,770 --> 00:25:02,230
This can be kind of handy if you're 100 percent sure of the legality of what you're doing as it is less

260
00:25:02,230 --> 00:25:07,300
likely that you'll forget to run a particular tool against a particular target.

261
00:25:07,300 --> 00:25:11,870
This is especially true when dealing with a large range of targets.

262
00:25:11,920 --> 00:25:16,960
You can also see that each module runs a new tab is created.

263
00:25:16,960 --> 00:25:23,610
These are the same results you'd see if you ran these on their own and a terminal outside of Sparta.

264
00:25:23,710 --> 00:25:31,230
For example here we can see that it grabbed a screenshot with Kuti capped and we can see the Nick 2

265
00:25:31,230 --> 00:25:37,950
results are being collected but you can also see that this has suddenly become very slow in fact it

266
00:25:37,950 --> 00:25:40,010
almost looks like it's locking up.

267
00:25:40,020 --> 00:25:45,000
That's because all of these tools running simultaneously can be quite a drain on your system.

268
00:25:45,030 --> 00:25:48,690
They don't always compliment each other in terms of efficiency

269
00:25:54,210 --> 00:25:56,200
this is S.M. A.P. enumeration

270
00:26:02,050 --> 00:26:09,490
and I should also add that because I'm using all the default settings Sparta is using its own default

271
00:26:09,490 --> 00:26:12,950
word list for all brute force attacks.

272
00:26:13,000 --> 00:26:22,490
Here we have my askew El one password was found it's identified the log in as root for that host

273
00:26:26,780 --> 00:26:34,970
and the range of tabs is increasing so I'm going to scroll over post graphs one valid password found

274
00:26:35,920 --> 00:26:43,470
log in post dress password post grass and of course it's probably not going to be that easy against

275
00:26:43,470 --> 00:26:48,600
a real target a real target will have security practices one would hope

276
00:26:53,330 --> 00:26:56,480
and here we have FTC scans against different ports.

277
00:26:56,600 --> 00:27:00,370
Here we found that the log in is anonymous and the password.

278
00:27:00,380 --> 00:27:05,270
His Sparta with an ampersand.

279
00:27:05,340 --> 00:27:12,540
This is a good example of the fact that the password cracker can in fact crack passwords and account

280
00:27:12,540 --> 00:27:14,280
names that contain symbols

281
00:27:17,020 --> 00:27:23,530
so simply having a symbol in your password or a user name is not enough to foil the brute force attack

282
00:27:23,530 --> 00:27:24,310
method.

283
00:27:24,310 --> 00:27:30,140
It'll slow it down in the vast majority of cases but it's not enough by itself.

284
00:27:30,160 --> 00:27:32,890
We found zero passwords for this port.

285
00:27:32,920 --> 00:27:34,150
That's interesting.

286
00:27:35,410 --> 00:27:36,490
It appears that this.

287
00:27:36,790 --> 00:27:41,440
This tool x eleven screen was unsuccessful in grabbing a screen capture.

288
00:27:41,440 --> 00:27:42,010
That's OK

289
00:27:47,750 --> 00:27:53,870
in 2 4 8 1 8 0 T.C. P has pulled up a great deal of information

290
00:27:57,920 --> 00:27:59,210
another screenshot.

291
00:27:59,390 --> 00:28:09,400
This one of Port 8 1 8 0 TCE and as you can see these tools are still running down here so it's still

292
00:28:09,400 --> 00:28:11,360
collecting results.

293
00:28:11,410 --> 00:28:16,420
Now the system than it's scanning as I said is a highly vulnerable men a spoil system.

294
00:28:16,420 --> 00:28:22,570
If you were scanning a range of targets this could take a very long time and you'd have a lot of tabs

295
00:28:22,600 --> 00:28:25,930
and keeping them all straight can be a bit of a chore.

296
00:28:25,930 --> 00:28:30,100
That's the one downside of Sparta.

297
00:28:30,160 --> 00:28:32,010
Here we have the services tab.

298
00:28:32,170 --> 00:28:35,180
It's just a reorganization of what you're already looking at.

299
00:28:40,240 --> 00:28:53,680
And the tools tab.

300
00:28:54,000 --> 00:29:00,850
In any case this will continue for all of the various ports and services that it has found.

301
00:29:01,000 --> 00:29:07,590
It will run all tools that it has available against a particular port or service and display the results.

302
00:29:07,600 --> 00:29:14,060
As you can see so that's Sparta in a nutshell really is a very cool tool.

303
00:29:14,120 --> 00:29:19,960
And just remember that while the creators of Cali may have classified Sparta under the information gathering

304
00:29:19,960 --> 00:29:20,680
category

305
00:29:25,310 --> 00:29:28,250
and the scans it performs are active.

306
00:29:28,250 --> 00:29:31,960
So always be lawful and ethical when you use it.

307
00:29:31,970 --> 00:29:35,990
I hope you enjoyed this look at Sparta and that you now feel more confident about using it.

308
00:29:37,090 --> 00:29:40,810
Does contain acting contesting tools such as Hydra.