1
00:00:10,140 --> 00:00:16,320
In the last two lectures, we studied the networking concepts and the different types of scans.

2
00:00:16,920 --> 00:00:21,930
Now it's time to actually see how scanning does and what is scanning.

3
00:00:22,800 --> 00:00:27,410
So in this lecture, we will scan a target using Zenab DUI.

4
00:00:27,990 --> 00:00:30,860
Then we will trace all the send and receive packets.

5
00:00:31,590 --> 00:00:38,610
We will perform a slow, comprehensive scan, create a new profile to perform an old scan and analyze

6
00:00:38,610 --> 00:00:39,890
the scan results.

7
00:00:40,830 --> 00:00:45,460
So without wasting any much time, let us directly get started.

8
00:00:46,200 --> 00:00:48,750
First, we need to download the then map.

9
00:00:49,380 --> 00:00:55,640
Then MAP is actually the UI for any map that we have used in Cali.

10
00:00:56,250 --> 00:00:58,010
So what do you have to do?

11
00:00:59,490 --> 00:01:06,570
You have to open the browser, go to Google and then you have to type download then map.

12
00:01:10,190 --> 00:01:13,300
Click on the first link, that is a map dot org.

13
00:01:13,340 --> 00:01:14,830
It is the official platform.

14
00:01:14,870 --> 00:01:18,290
Download the map, go to the download section.

15
00:01:20,480 --> 00:01:28,300
Then you have to download the two softwares and map and pick up and pick up is the support for the Nagwa.

16
00:01:28,760 --> 00:01:33,620
So download all the two setups and wait till the download completes.

17
00:01:34,130 --> 00:01:38,060
The files have been downloaded and I have installed both the files.

18
00:01:38,510 --> 00:01:41,720
But you have to do is just open the files and run both of them.

19
00:01:42,890 --> 00:01:43,880
This is the Zen map.

20
00:01:44,540 --> 00:01:50,360
You can see we have to enter the target IP address there, then commands.

21
00:01:50,360 --> 00:01:51,470
We have to enter there.

22
00:01:52,280 --> 00:01:54,830
The profile tells us with scan.

23
00:01:54,830 --> 00:02:02,300
It is so for first, since we're using certified hacker dot com, we need to find the IP address of

24
00:02:02,300 --> 00:02:02,630
that.

25
00:02:03,510 --> 00:02:05,820
So let us find IP address.

26
00:02:06,750 --> 00:02:12,860
We know how to find the IP address using Pinkman, we have seen it in the networking codes, so typing

27
00:02:13,320 --> 00:02:22,140
certified hacker dot com, we get the IP address, 162 point to forty one point two one six point eleven.

28
00:02:23,380 --> 00:02:32,710
So take that IP address and then navigate to the map based the IP address there you can see automatically

29
00:02:32,920 --> 00:02:35,830
the IP address appears in the command prompt.

30
00:02:37,790 --> 00:02:42,120
Now we have to select the type of the scan which we want to do.

31
00:02:42,860 --> 00:02:47,360
So these are all the different scans, intense can UDP scan.

32
00:02:47,360 --> 00:02:49,890
We will see each one of them hit the start.

33
00:02:49,910 --> 00:02:53,090
But first they're going to do the intense scan.

34
00:02:54,590 --> 00:03:02,630
Now, this can take a lot of time for all the scans, I have fast forwarded the videos so that I can

35
00:03:02,630 --> 00:03:05,030
explain what is happening on the screen.

36
00:03:06,710 --> 00:03:14,920
You can see this scan has discovered the open port 53, open port 143, 995 and all those things.

37
00:03:15,500 --> 00:03:18,550
So we have got the result completed as well.

38
00:03:18,560 --> 00:03:24,220
And Stiltskin, in the last lecture, we had seen an example of Stiltskin.

39
00:03:24,800 --> 00:03:30,530
And in this lecture we are seeing the use of that scan in the command section.

40
00:03:30,530 --> 00:03:34,550
You might have wondering what is Dashty for Dashty?

41
00:03:34,550 --> 00:03:36,980
Food stands for the maximum level.

42
00:03:37,550 --> 00:03:41,690
You want the map scan to reach from zero to five.

43
00:03:42,230 --> 00:03:46,020
Dash A stands for all the data to be displayed.

44
00:03:46,040 --> 00:03:49,870
That is, while scanning the entire information should be displayed.

45
00:03:50,360 --> 00:03:57,260
That is can Vergence can scan everything and Batsheva stands for verbosity.

46
00:03:57,290 --> 00:03:59,530
That is more deep information.

47
00:04:00,050 --> 00:04:04,850
So we have completed the scan and now we can see the open ports.

48
00:04:07,490 --> 00:04:10,340
The open ports are displayed in green color.

49
00:04:10,520 --> 00:04:19,700
We can see for twenty one is open, Port 22 is open, Port 26 is open for 25.

50
00:04:19,700 --> 00:04:24,320
Might be open, but our scan detected it as a filter.

51
00:04:24,380 --> 00:04:28,580
But we also find out the vergence.

52
00:04:28,580 --> 00:04:37,190
As you can see, Port three to zero six is a minuscule port using the word five point six point forty

53
00:04:37,190 --> 00:04:38,720
one to eight forty one.

54
00:04:40,460 --> 00:04:43,960
These are disservices Microsoft Maisky will pop.

55
00:04:44,870 --> 00:04:48,220
So by clicking on these services, you can get the entire information.

56
00:04:48,890 --> 00:04:53,750
Now, what is the use of the and why do we require that virgin?

57
00:04:54,260 --> 00:04:58,310
I will demonstrate to you, why do we require that virgin no.

58
00:04:58,310 --> 00:05:03,380
Down the Virgin and go to Google and just type the name of that virgin.

59
00:05:03,710 --> 00:05:15,110
My squirrel exploits so exploit for my esquibel and the Virgin is five point six point forward and then

60
00:05:15,110 --> 00:05:16,010
hit enter.

61
00:05:19,260 --> 00:05:21,970
My bad, the spelling is hard.

62
00:05:23,220 --> 00:05:27,510
So, yes, we found out the exploits for my school version.

63
00:05:29,360 --> 00:05:30,070
There you go.

64
00:05:32,210 --> 00:05:34,890
These are the total exploits that were available.

65
00:05:35,000 --> 00:05:38,550
It is the score is not so good, though.

66
00:05:38,570 --> 00:05:40,430
These are not civil liberties.

67
00:05:40,430 --> 00:05:43,510
But yes, there are vulnerabilities present.

68
00:05:43,520 --> 00:05:50,330
So hackers use such information to find out which one their abilities can exist on the system.

69
00:05:50,840 --> 00:06:00,800
You can see the Virgin is Apache, HTP is open, FTB is open and the domain is I see BitTorrent one

70
00:06:00,800 --> 00:06:08,590
is filter network topology or topology that just tells you how earth can reached the destination.

71
00:06:08,600 --> 00:06:10,730
That is the target IP address.

72
00:06:12,990 --> 00:06:20,800
We can see different forms of topology, you can explore it here and there and just try then the whole

73
00:06:20,970 --> 00:06:22,330
detail and scans.

74
00:06:22,770 --> 00:06:24,240
This was the first scan.

75
00:06:26,080 --> 00:06:27,910
Let us see a different type of scat.

76
00:06:30,160 --> 00:06:38,710
Again, open and map and face the same target certified Hadco, but in this case, we are going to use

77
00:06:38,710 --> 00:06:39,610
a different carmin.

78
00:06:42,040 --> 00:06:44,620
What we are going to type is a map.

79
00:06:46,020 --> 00:06:55,850
Dash, dash, backtrace, followed by the IP address by issuing the packet to trace command and map,

80
00:06:55,860 --> 00:07:03,270
sends some packets to the intended machine and receives the packet, the sent packets.

81
00:07:03,810 --> 00:07:08,310
It prints the summary of every packet it sends and receives.

82
00:07:09,480 --> 00:07:16,170
The dash dash packet resorption causes Inmet to print a summary of every packet it sends and receives.

83
00:07:16,680 --> 00:07:23,220
It can be, as this can be, extremely useful for debugging or understanding and maps behavior.

84
00:07:26,350 --> 00:07:32,890
So you can see on the screen the packets are sent from host to target and the packets received from

85
00:07:32,890 --> 00:07:36,390
target to host, consider one example.

86
00:07:36,910 --> 00:07:40,000
Each line in the output contains several fields.

87
00:07:40,750 --> 00:07:44,200
The first is whether the packages sent or received.

88
00:07:44,770 --> 00:07:50,830
The second is the second is a timer counter providing the elapsed time started.

89
00:07:51,310 --> 00:07:53,320
Third one is the protocol that is used.

90
00:07:53,830 --> 00:08:01,000
The Ford Field stands for the IP address of the source and the fifth wheel stands for the appearance

91
00:08:01,000 --> 00:08:07,390
of the destination, which in our case is the IP address of certified hacker dot com.

92
00:08:10,280 --> 00:08:16,820
It also gives the idea and you can see there are numerous buckets which have been sent and received

93
00:08:16,820 --> 00:08:20,930
in this process, the scan is still going on.

94
00:08:23,840 --> 00:08:32,030
Our cruelty stands for received packet's and the stands for sandbaggers, you can see again, we can

95
00:08:32,030 --> 00:08:38,030
see the number of open ports and airports once the scan is performed.

96
00:08:38,930 --> 00:08:40,050
We can see that again.

97
00:08:40,050 --> 00:08:44,660
We can see the services, then host open ports and etc..

98
00:08:44,660 --> 00:08:52,490
As we have seen in the first scan itself, the host of Detailed Tabs allows the user to see the details

99
00:08:52,490 --> 00:08:59,960
of all the hosts discovered during the intense profile that apology tabs help us to view the topology

100
00:08:59,960 --> 00:09:07,010
of the target network that contains the provided IP address click fisheye option to do the topology

101
00:09:07,010 --> 00:09:08,020
in a clear way.

102
00:09:12,330 --> 00:09:18,570
There you have this, a map screen again based the IP address.

103
00:09:22,220 --> 00:09:29,180
The next one is a slow, comprehensive scan look, comprehensive scan uses three different protocols,

104
00:09:29,660 --> 00:09:39,350
TCP, UDP and is this and helps in determining which operating system services and Vergence, the host,

105
00:09:39,350 --> 00:09:43,840
are running according to the most common TCP and UDP services.

106
00:09:44,630 --> 00:09:51,120
It is simply an intense scan using UDP protocol, in addition with some more scanning options.

107
00:09:51,800 --> 00:09:56,820
Now, one thing that I want to tell you that these scans take a very long time.

108
00:09:57,380 --> 00:10:03,470
My scan, it almost took around 20 minutes to scan the complete network.

109
00:10:03,860 --> 00:10:10,610
So make sure you have patience while using such scanning tools and while using and map tools.

110
00:10:14,560 --> 00:10:24,090
Now, after scanning, you can see on the bottom that it is now it is still initiating a UDP scan already

111
00:10:24,100 --> 00:10:32,470
nine seconds having elapsed, and it is really taking a lot of time to actually conduct the whole comprehensive

112
00:10:32,470 --> 00:10:32,910
scan.

113
00:10:33,460 --> 00:10:37,420
So make sure that you use more.

114
00:10:37,420 --> 00:10:43,690
You used to get more patients to such scans because you won't get results in just two to three minutes.

115
00:10:43,720 --> 00:10:52,480
You have to wait for almost half an hour, attack us, scan large networks and wait to get results for

116
00:10:52,480 --> 00:10:54,060
almost two to three days.

117
00:10:54,070 --> 00:10:55,270
So it's that huge.

118
00:10:55,570 --> 00:10:58,570
And you should have patience to wait for such scans.

119
00:10:59,080 --> 00:11:08,730
So you can see after eight minutes, it's only five point ninety six has done and it's a lot to go.

120
00:11:09,190 --> 00:11:11,230
So we'll see.

121
00:11:11,620 --> 00:11:14,860
I will explain everything once the scan is completed.

122
00:11:18,650 --> 00:11:26,570
Estimated time completion is still 20 minutes, so I hope you have got the idea of how these huge scans

123
00:11:26,570 --> 00:11:27,980
are, the results are.

124
00:11:28,440 --> 00:11:35,690
We can see it has discovered some open ports, a four to one, forty three point twenty two point nine,

125
00:11:35,690 --> 00:11:37,390
ninety three and many more.

126
00:11:39,800 --> 00:11:42,310
Now, let us wait till scan can finished.

127
00:11:44,840 --> 00:11:53,390
Finally, we have completed the Europe scan and now it is initiating a service scan to complete the

128
00:11:53,390 --> 00:11:54,290
whole scan.

129
00:11:54,690 --> 00:11:57,140
It will really take a lot of time.

130
00:12:00,960 --> 00:12:03,600
Now initiating any ethics scan.

131
00:12:09,490 --> 00:12:16,570
Vola, after a lot of weight, we have finally completed the scan in around, you can see one, four,

132
00:12:16,570 --> 00:12:17,770
five, seven seconds.

133
00:12:17,770 --> 00:12:23,100
That is almost 22 minutes to complete the whole scan.

134
00:12:23,860 --> 00:12:27,580
But this time we have got all the ports that are open.

135
00:12:28,090 --> 00:12:33,790
This is a slow, comprehensive scan which scans through the entire network have you can see there are

136
00:12:33,790 --> 00:12:38,320
different services open, different versions are open, few ports are filtered.

137
00:12:38,320 --> 00:12:39,520
A few boards are open.

138
00:12:39,850 --> 00:12:47,050
We can try this on any website because this is this is not actually interacting with the website.

139
00:12:47,050 --> 00:12:48,460
It just sends packets.

140
00:12:48,910 --> 00:12:53,020
But we do take prior information before scanning any website.

141
00:12:53,770 --> 00:12:57,220
You can see the signature algorithm is S.A.G. 256.

142
00:12:57,220 --> 00:12:59,320
That is secured hash algorithm.

143
00:12:59,320 --> 00:13:05,410
We will see all the algorithms in details in the last last two or three sections.

144
00:13:06,040 --> 00:13:10,810
Then you can see they have used encryption algorithm algorithms.

145
00:13:11,830 --> 00:13:19,360
So you can see using the dash of DAB has actually revealed us with a lot of information in detail.

146
00:13:19,360 --> 00:13:21,430
Everything is available in detail.

147
00:13:21,430 --> 00:13:28,660
And if you really have patience to wait for the scan, you can find each and everything which are used.

148
00:13:28,660 --> 00:13:33,580
What keys are used, what is the number of bits that keys are using for cryptography.

149
00:13:33,990 --> 00:13:41,710
Then you can see the topology, the fisheye in which form our network was scanned and everything.

150
00:13:47,490 --> 00:13:50,080
In order to learn any tool, you just have to explore.

151
00:13:50,100 --> 00:13:51,390
Keep on exploring the tools.

152
00:13:51,810 --> 00:13:53,100
These are the hosts scans.

153
00:13:53,130 --> 00:13:55,570
Accuracy is 99 percent accurate.

154
00:13:55,920 --> 00:13:58,460
The results are 99 percent accurate, though.

155
00:13:58,530 --> 00:14:06,870
Then we have found IPV for then closed ports, open ports and much more.

156
00:14:09,920 --> 00:14:15,440
Now, let's close this and let us start the last type of scan.

157
00:14:17,860 --> 00:14:22,630
So, again, open then map and start to get.

158
00:14:30,410 --> 00:14:32,910
Yes, the map has opened.

159
00:14:34,850 --> 00:14:43,100
Now let's go to profile and will now create a new profile and low profile, as we have discussed in

160
00:14:43,100 --> 00:14:44,450
the starting of this lecture.

161
00:14:44,990 --> 00:14:46,230
So what are you supposed to do?

162
00:14:47,960 --> 00:14:49,790
So we have to go to regular can.

163
00:14:55,690 --> 00:15:04,180
Then they have to go to profile new profile, then you can enter the name and order under the profile

164
00:15:04,180 --> 00:15:06,570
name, you can enter whatever money.

165
00:15:06,580 --> 00:15:09,890
I will give it a null scan.

166
00:15:11,520 --> 00:15:17,380
Up to that, I will go to the scan tab, which is just close to the profile.

167
00:15:19,960 --> 00:15:26,440
Then I will select a PCP's scan as that is, and that is the null scan.

168
00:15:27,250 --> 00:15:32,410
Then timing template is aggressive that we have discussed before.

169
00:15:38,740 --> 00:15:45,160
Then we have to enable all advanced aggressive options, that is E, which will give us more reserves

170
00:15:45,160 --> 00:15:46,150
and then save.

171
00:15:46,610 --> 00:15:53,380
And whenever you apply these changes to a particular website or a scanning network, you can find the

172
00:15:53,380 --> 00:15:53,840
results.

173
00:15:54,430 --> 00:15:58,120
So let us find out this scan on certified hacker.

174
00:16:07,090 --> 00:16:10,600
So we will bring certified hacker dot com.

175
00:16:11,840 --> 00:16:19,910
And then we will get the IP address and then try the scan on certified hacker, dot com certified hacker

176
00:16:19,910 --> 00:16:22,470
dot com is a website provided by U.S. counsel.

177
00:16:22,790 --> 00:16:29,420
So we have no harm in using the website for testing purposes because it is intentionally meant for testing

178
00:16:29,420 --> 00:16:29,810
only.

179
00:16:31,160 --> 00:16:36,650
You can even try the scans on the dam and the level of the applications which we have seen in the first

180
00:16:36,650 --> 00:16:37,100
section.

181
00:16:38,840 --> 00:16:44,570
So again, it has started and you have to wait for this scan to finish it.

182
00:16:44,780 --> 00:16:50,050
It would again take 20 to 30 minutes, but we will get the results as seem it's still going.

183
00:16:50,480 --> 00:16:53,420
So make sure you wait till the scan gets completed.

184
00:16:53,780 --> 00:17:00,860
So let us have a quick recap again where we learn how to scan the target using then map the bizarre

185
00:17:00,920 --> 00:17:04,430
different tools and techniques we analyzed and create holes.

186
00:17:04,430 --> 00:17:08,510
And in the next lecture we will use and map in Linux.