WEBVTT

00:07.340 --> 00:08.090
All right.

00:08.120 --> 00:09.050
Good afternoon.

00:09.050 --> 00:11.450
We are going to mess around with dough today.

00:11.480 --> 00:13.130
Kind of a precursor.

00:13.280 --> 00:17.060
The very first thing I need to realize is that dough is a command line interface tool, which means

00:17.060 --> 00:19.730
I need to open up a terminal and blow that up for you.

00:20.000 --> 00:21.740
And let's just get a sense of nishto.

00:21.770 --> 00:23.690
Nishto is nicto.

00:23.720 --> 00:30.440
I'm going to do a dash h or a tac h that's going to give me this basic manual of how to perform different

00:30.440 --> 00:31.220
attacks.

00:31.250 --> 00:32.750
I really don't want to say attacks.

00:32.750 --> 00:34.370
Attacks is a wrong word.

00:34.400 --> 00:41.420
Uh, we're going to do some different scans against the, uh, server that I've got in my virtual system.

00:41.420 --> 00:50.120
So I am currently running a, uh, Archaeopteryx two system in the background, which my tally box is,

00:50.120 --> 00:51.110
has direct access to.

00:51.140 --> 00:51.290
Right.

00:51.320 --> 00:53.210
So we already did the scan.

00:53.210 --> 00:56.300
We've already identified the IP address for this specific machine.

00:56.300 --> 01:01.040
So now we just need to run Nicto against it to find some vulnerabilities So the very first thing I want

01:01.070 --> 01:06.140
to do is I want to do an nicto dash h, and I need to hit the IP address.

01:06.140 --> 01:08.570
In my case, it's ten .0.2.5.

01:08.570 --> 01:13.340
I want to remind you this IP address could be different depending on how you have your network set up,

01:13.340 --> 01:17.000
depending on what you scanned for that Archaeopteryx machine.

01:17.000 --> 01:18.770
So be aware of that IP address.

01:18.770 --> 01:20.180
You need to scan for it.

01:20.300 --> 01:23.840
I'm gonna hit enter and it's going to give me some basic information.

01:23.840 --> 01:26.510
It's going to say hey here's the target IP address.

01:26.510 --> 01:29.390
Here's the hostname operating on port 80.

01:29.420 --> 01:32.030
The time that I did the scan.

01:32.030 --> 01:35.780
And it's going to say it's running Apache right there.

01:35.780 --> 01:38.330
It's removed and it's seen a little bit.

01:38.360 --> 01:40.940
It's seen a little bit of problems.

01:40.970 --> 01:41.210
Right.

01:41.210 --> 01:43.460
It sees anti clickjacking is not there.

01:43.460 --> 01:49.490
And it's going through and it's just looking for different aspects or different vulnerabilities that

01:49.490 --> 01:50.270
it might find.

01:50.270 --> 01:55.220
And it's just going to continue to run in the background until it's found everything or until it's completed

01:55.220 --> 01:56.090
its scan.

01:56.090 --> 02:01.790
We can see here that PHP reveals potentially sensitive information, so on and so forth.

02:01.820 --> 02:02.210
Right.

02:02.240 --> 02:06.530
And we can start to see the Apache default file bound, which is not good.

02:06.530 --> 02:09.170
So it provided me with all these different items.

02:09.170 --> 02:13.730
And when it's done it says that it reported 17 items and it had one error.

02:14.540 --> 02:17.690
If you scroll up you can see the error right there.

02:17.690 --> 02:18.350
Right.

02:18.380 --> 02:22.100
So that's just checking out that I want to show you one other scan.

02:22.130 --> 02:22.310
Right.

02:22.310 --> 02:23.870
We're going to do a Nicto.

02:25.160 --> 02:25.760
Nicto.

02:25.760 --> 02:30.770
And then again that dash eight the IP address like so.

02:30.800 --> 02:33.830
But then we're going to do a basic scan for SSL.

02:33.860 --> 02:36.110
We want to look for SSL vulnerabilities.

02:36.110 --> 02:38.300
So I'm going to hit that little tack right there.

02:38.300 --> 02:39.020
Hit enter.

02:39.020 --> 02:42.620
And now it's going to start scanning for SSL vulnerabilities.

02:42.620 --> 02:45.350
And it's going to do pretty much the same thing it did before.

02:45.380 --> 02:51.800
Except now we've said hey I want you to concentrate specifically on those SSL vulnerabilities okay.

02:52.760 --> 02:55.010
So it's going to go through and continue scanning.

02:56.150 --> 03:02.480
I also want to point out that it changed its port when I did SSL, it went from port 80, which is http

03:02.510 --> 03:06.590
over to port 443, which is Https.

03:06.620 --> 03:08.480
And there's a reason for that, right?

03:08.510 --> 03:14.870
The SSL points out that, hey, I'm looking specifically for that Https point.

03:15.890 --> 03:19.670
However, we are seeing a lot of the same errors as before, right?

03:19.700 --> 03:26.960
Anti Clickjacking not present uses TLS strict transport layer not defined.

03:26.960 --> 03:29.150
That's an issue we're seeing.

03:29.240 --> 03:31.340
Content type header is not set.

03:31.340 --> 03:32.600
That's a problem.

03:32.750 --> 03:33.230
All right.

03:33.230 --> 03:35.870
So that is Nicto in a nutshell.

03:35.900 --> 03:38.780
Feel free to uh mess around with it.

03:38.780 --> 03:42.680
The best way to learn these tools, all these tools we're showing you the best way to learn it is to

03:42.710 --> 03:48.530
actually mess around with them, start diving into it, use those virtual machines and learn these tools.

03:48.530 --> 03:53.120
Uh, that's the best way to get a good handle on what you're doing, how the tool works, and how it

03:53.120 --> 03:57.740
interfaces with you as a security analyst are going to be dealing with in the future.

03:57.920 --> 04:00.200
I hope this helps and we'll see you next time.