1
00:00:08,100 --> 00:00:10,260
The last lecture we talked about through a handshake.

2
00:00:10,290 --> 00:00:12,330
Now we just want to get it to support, right?

3
00:00:12,400 --> 00:00:21,330
So let's say you've got some observers here and you have two applications ready to applications, just

4
00:00:21,540 --> 00:00:28,570
let's call it, let's say, the Windows Windows Server 2019.

5
00:00:29,290 --> 00:00:37,740
And you've got eyes listening on Port City.

6
00:00:39,450 --> 00:00:45,240
And you also have, as I say, listening on port to.

7
00:00:45,990 --> 00:00:46,260
Right.

8
00:00:46,920 --> 00:00:48,690
So far, so good to me.

9
00:00:48,900 --> 00:00:51,330
So, you know, this is this is not uncommon, actually.

10
00:00:51,740 --> 00:00:52,080
All right.

11
00:00:52,410 --> 00:00:56,630
So you're running I ask you this in the port 80 and you also have associates that you can monitor your

12
00:00:56,670 --> 00:00:57,050
server.

13
00:00:57,360 --> 00:01:03,360
Now, you've got this client up here, user wants to access a Web page on the server.

14
00:01:03,530 --> 00:01:05,150
How exactly is that going to happen?

15
00:01:05,610 --> 00:01:05,900
Right.

16
00:01:06,300 --> 00:01:08,250
How are we going to get access over here?

17
00:01:08,970 --> 00:01:10,830
Well, it's a couple of things, right?

18
00:01:11,640 --> 00:01:17,520
First, the client need to tell the server which application it wants to access.

19
00:01:18,420 --> 00:01:20,060
How does the client tell the server what it wants?

20
00:01:20,390 --> 00:01:21,390
Do I want SSA to do?

21
00:01:21,390 --> 00:01:23,010
And what is what does that what?

22
00:01:23,010 --> 00:01:23,400
The ports.

23
00:01:23,910 --> 00:01:28,170
So you can have multiple ports, listening, multiple applications, listening for incoming requests

24
00:01:28,170 --> 00:01:29,010
on a single server.

25
00:01:29,280 --> 00:01:35,100
And the port just tells the incoming application request which applications are processed that request

26
00:01:35,610 --> 00:01:38,700
the way the client does that is by specifying a destination.

27
00:01:38,700 --> 00:01:43,950
Port in this case would be 80 because it wants to access the Web application.

28
00:01:44,280 --> 00:01:46,440
Now, the interesting thing here is that.

29
00:01:47,340 --> 00:01:49,980
When the server wants to respond to the client, how how's it going to do that?

30
00:01:49,980 --> 00:01:55,690
Because there's no port on the site, or is there if there is and this is what ephemeral ports are.

31
00:01:56,370 --> 00:02:02,190
So this application over here would randomize a port that's greater than 10, 20 for it's called an

32
00:02:02,190 --> 00:02:07,050
ephemeral port in Murro Port.

33
00:02:08,130 --> 00:02:09,900
It's greater than 10 24.

34
00:02:10,830 --> 00:02:14,720
Let's say that port is six five, one, two.

35
00:02:15,210 --> 00:02:16,550
OK, that's different port.

36
00:02:17,190 --> 00:02:19,200
So that's going to become the source.

37
00:02:20,290 --> 00:02:21,120
You can't really see that.

38
00:02:21,790 --> 00:02:24,360
That's basically going to become the source port.

39
00:02:25,440 --> 00:02:29,580
Change that to white sauce, part of the sauce part.

40
00:02:30,030 --> 00:02:35,790
Now, when the Web server wants to return the page that was requested, it can now reverse the communication

41
00:02:35,790 --> 00:02:36,130
stream.

42
00:02:36,210 --> 00:02:36,540
Right.

43
00:02:37,260 --> 00:02:39,390
So now when the response comes back.

44
00:02:40,450 --> 00:02:40,870
The.

45
00:02:42,730 --> 00:02:45,370
Support is going to be.

46
00:02:46,330 --> 00:02:53,380
Eighty and the dust is going to be six, five, one, two, and now the application can process the

47
00:02:53,380 --> 00:02:53,800
request.

48
00:02:54,340 --> 00:02:55,570
That's basically how that works.

49
00:02:56,200 --> 00:02:59,650
Now, if there are a couple of common points that everyone should know, let's look at these really

50
00:02:59,650 --> 00:03:03,370
fast, because, you know, you're going to see this come up a lot.

51
00:03:04,300 --> 00:03:07,990
So here are some thoughts that everyone needs to know in this field where.

52
00:03:08,310 --> 00:03:15,160
Is one of them each and each step as its GDP is point eighty 80.

53
00:03:15,960 --> 00:03:21,370
IDP's is four, four, three and sometimes eight four four three.

54
00:03:21,880 --> 00:03:24,010
This is Web traffic standard web traffic.

55
00:03:24,040 --> 00:03:24,250
Right.

56
00:03:24,250 --> 00:03:24,640
That right.

57
00:03:25,270 --> 00:03:26,650
Nothing too surprising there.

58
00:03:27,790 --> 00:03:30,400
Let's keep going down the list of other things you need to know, OK?

59
00:03:31,940 --> 00:03:34,210
There is also Tonette.

60
00:03:36,900 --> 00:03:42,130
And SNH, the both of these protocols that you or you know, someone else, a network administrator

61
00:03:42,130 --> 00:03:48,210
or network engineer, manager device, Tonette is 23, but the traffic is unencrypted.

62
00:03:48,690 --> 00:03:54,330
Credentials are exposed in clear text message, six point twenty two, but it is encrypted.

63
00:03:55,020 --> 00:04:05,610
OK, so let's just drive that point home by saying this is encrypted, an encrypted and this is encrypted.

64
00:04:08,120 --> 00:04:09,830
That is the major difference between these two.

65
00:04:13,390 --> 00:04:18,820
What other ports do we need to know was a few others there is we mentioned this once DNS.

66
00:04:19,970 --> 00:04:29,090
And you have d.H, copy that, so Dinesh uses UDP point fifty three to translate domain names into IP

67
00:04:29,090 --> 00:04:33,770
addresses and DCP uses UDP ports sixty seven and sixty eight.

68
00:04:34,310 --> 00:04:37,820
And what DCB does the dynamic host configuration protocol?

69
00:04:37,940 --> 00:04:43,340
It is the protocol that's responsible for dynamically assigning IP addresses to a computer so you don't

70
00:04:43,340 --> 00:04:44,900
have to physically type in an IP address.

71
00:04:45,110 --> 00:04:51,200
DCP does that for you based on a pool of administratively assigned addresses and it uses different ports

72
00:04:51,590 --> 00:04:55,700
depending on the client sending to the server or the server sending to the client.

73
00:04:56,810 --> 00:04:59,750
It will determine which port to use for the source port kirsanow.

74
00:05:01,150 --> 00:05:02,330
What else do we have here?

75
00:05:02,350 --> 00:05:03,190
What else should you know about?

76
00:05:03,640 --> 00:05:04,820
Well, let's see.

77
00:05:04,870 --> 00:05:06,910
You should also know about FTB.

78
00:05:08,540 --> 00:05:12,600
FTP is the TCP Port 21 for moving files.

79
00:05:13,270 --> 00:05:13,660
All right.

80
00:05:14,800 --> 00:05:17,260
We also can talk about.

81
00:05:18,660 --> 00:05:29,790
SMTP and IMAP, so S&amp;P uses two point twenty five, this is for sending emails between different email

82
00:05:29,790 --> 00:05:33,900
servers or sending those emails out, they go out on Tsipi for 25.

83
00:05:34,410 --> 00:05:37,800
IMAP uses one for three with the unencrypted version.

84
00:05:38,160 --> 00:05:41,010
And that's for getting emails like in Gmail or something similar.

85
00:05:41,010 --> 00:05:44,030
But DeMott actually doesn't use IMAP overreport one for three.

86
00:05:44,130 --> 00:05:45,480
It uses the encrypted version of it.

87
00:05:46,410 --> 00:05:48,600
OK, we can talk about RTP.

88
00:05:49,470 --> 00:05:53,160
If you're doing a fantastic RTP, you see a server listing and RTP.

89
00:05:53,160 --> 00:05:59,520
That might mean that you can remotely, you know, connect to the device and see what an administrator

90
00:05:59,520 --> 00:05:59,850
would say.

91
00:06:00,570 --> 00:06:03,150
That's already PITAs remote desktop protocol.

92
00:06:03,600 --> 00:06:07,480
This uses three three eight nine TCP.

93
00:06:08,190 --> 00:06:10,800
And then of course you have SMB server message block.

94
00:06:11,280 --> 00:06:20,400
This uses port four for five, member for four, three is Tlas, SSL or IDP's for four or five is the

95
00:06:20,400 --> 00:06:21,810
TCP server message block.

96
00:06:21,810 --> 00:06:25,950
And this is for FoW shares and printers and things like that in the last port.

97
00:06:25,950 --> 00:06:31,110
I think it's really important that ports so there is held up.

98
00:06:33,010 --> 00:06:39,910
Which lessons are important, three eight nine Tsipi When you have eldership s, which is the encrypted

99
00:06:39,910 --> 00:06:44,810
version of that but it listens important six thirty six.

100
00:06:45,490 --> 00:06:49,030
So really what you need to know here is that one is encrypted or what is it.

101
00:06:49,060 --> 00:06:54,740
So this is unencrypted on encrypted and elderberries is encrypted.

102
00:06:56,620 --> 00:07:01,020
And again, this is used for Acad Rectory, the lightweight directory access protocol.

103
00:07:01,540 --> 00:07:03,510
So we're going to get into active directory a lot later.

104
00:07:03,670 --> 00:07:07,270
And of course, we set up our lab and we do our red team engagements and we run all our tests.

105
00:07:07,690 --> 00:07:11,320
But it's really important that, you know the difference between so you can understand the attack surface

106
00:07:11,320 --> 00:07:12,070
of your target.

107
00:07:12,580 --> 00:07:13,000
All right.

108
00:07:13,450 --> 00:07:15,670
So that's all we want to get into in this lecture.

109
00:07:15,670 --> 00:07:19,510
We just talked about some of the ports, but you need to know, oh, there's one more I think I should

110
00:07:19,510 --> 00:07:21,160
mention before we wrap this up.

111
00:07:21,160 --> 00:07:22,680
And that would be A.P..

112
00:07:25,950 --> 00:07:37,440
So in the network time protocol and this protocol in tpy he says UDP one to three, very easy to remember.

113
00:07:37,440 --> 00:07:38,570
Right UDP.

114
00:07:39,840 --> 00:07:45,780
And that's obviously for that allows the computer to get the time from a remote server so it can synchronize

115
00:07:45,930 --> 00:07:49,420
its local time to limit service time and have accurate time clock.

116
00:07:50,510 --> 00:07:56,590
So that's it in the next hour, should we be taking to the other protocols and stuff specifically?

117
00:07:57,120 --> 00:07:59,270
Never see in that as.