1
00:00:00,390 --> 00:00:01,140
Welcome back.

2
00:00:01,710 --> 00:00:07,910
So we can say that we covered some of the most known commands that are commonly used inside of a terminal,

3
00:00:08,580 --> 00:00:15,840
but what is important for us as penetration testers are also the comments that are more aimed at networking,

4
00:00:16,410 --> 00:00:22,890
for example, throughout the course will constantly be checking IP addresses, whether it being our

5
00:00:22,890 --> 00:00:25,100
IP address or target IP address.

6
00:00:25,110 --> 00:00:25,930
It doesn't matter.

7
00:00:26,250 --> 00:00:27,910
We will check it through the terminal.

8
00:00:28,530 --> 00:00:33,030
The most important comment that we use to do this is called I config.

9
00:00:33,750 --> 00:00:41,640
Now I have config gives us an output of all our networking interfaces as well as their IP addresses.

10
00:00:41,640 --> 00:00:43,990
If they have one, let's give it a try.

11
00:00:44,370 --> 00:00:48,870
So if I open my terminal and I type, I have config.

12
00:00:50,670 --> 00:00:54,400
Usually most of you will get rather the same output.

13
00:00:54,420 --> 00:01:01,560
Now, some of you might have an interface more or less, but usually in clinics we will have these two

14
00:01:01,710 --> 00:01:06,630
main interfaces, H0 and Lobach interface.

15
00:01:07,630 --> 00:01:15,370
Now it is where I connect over the Internet and we can actually find our IP address under the Internet,

16
00:01:15,380 --> 00:01:22,450
Pappe, it's usually going to be in the second row and we can see that my local IP address is one point

17
00:01:22,460 --> 00:01:24,160
to that 168.

18
00:01:24,160 --> 00:01:25,450
That one dot 10.

19
00:01:26,880 --> 00:01:32,790
Now, more about IP addresses you can read from our networking PDF file, where we actually explain

20
00:01:32,790 --> 00:01:37,700
different types of IP addresses, how they look like and between which ranges do they go.

21
00:01:38,490 --> 00:01:44,160
But if you want to check your own IP address or your Celtics machine, you can just type of config comment

22
00:01:44,160 --> 00:01:46,850
and it will be under one of the interfaces.

23
00:01:46,860 --> 00:01:48,930
Usually it will be under zero.

24
00:01:49,410 --> 00:01:53,370
And this is how we actually discover the IP address of our own device.

25
00:01:54,210 --> 00:01:59,980
However, to discover an IP address of another device, such as, for example, an IP address of a website.

26
00:02:00,360 --> 00:02:02,450
Well, we can use different tools for this.

27
00:02:02,880 --> 00:02:08,910
One of the most known one is called Annetts Lookup, but for some of you, the end is lookup.

28
00:02:08,910 --> 00:02:10,949
Tool might not be installed.

29
00:02:11,070 --> 00:02:17,130
And this is a perfect moment to show you how you can install different missing packages or tools with

30
00:02:17,130 --> 00:02:18,240
the help of terminal.

31
00:02:19,380 --> 00:02:25,470
So let's first clear our screen and install our next look up to.

32
00:02:26,410 --> 00:02:35,200
The command that we usually use to install a package or a tool is called APT get installed after Apte

33
00:02:35,200 --> 00:02:37,360
get installed comes the tool.

34
00:02:38,470 --> 00:02:45,550
In this case, since we wantonness, lookup and lookup comes in a package called DNS utils, we want

35
00:02:45,550 --> 00:02:50,020
to type Atget instant DNS utils.

36
00:02:51,580 --> 00:02:57,460
Now, keep in mind that these commands must be ran with the privileges, at least in this current version

37
00:02:57,460 --> 00:02:58,240
of Linux.

38
00:02:58,240 --> 00:03:04,810
So let's add pseudo before the entire comment and let's press enter.

39
00:03:05,440 --> 00:03:11,530
It will ask us for our password or just put it right here and it has finished.

40
00:03:12,500 --> 00:03:18,470
And there are two outputs that you will get, either it will install the tool or you will get the similar

41
00:03:18,470 --> 00:03:25,130
output to mine right here in case the tool is already installed, which in my case, it is already installed.

42
00:03:26,060 --> 00:03:32,090
So now that we have it installed, let's try to run it, let's say we want to discover one of the IP

43
00:03:32,090 --> 00:03:39,650
addresses of Google, we can type and look up and then Google dot com.

44
00:03:40,910 --> 00:03:45,110
We press enter and in less than a second we'll get an output.

45
00:03:46,100 --> 00:03:52,190
You can try this on any website in order to get their IP addresses or one of their IP addresses, which

46
00:03:52,190 --> 00:03:53,540
is the case that we got right here.

47
00:03:53,960 --> 00:03:56,680
So we performed and spoke up on Google dot com.

48
00:03:57,110 --> 00:04:03,170
It gave us the output that the name that we search for is Google dot com and that the IP address is

49
00:04:03,170 --> 00:04:04,490
this one right here.

50
00:04:04,820 --> 00:04:06,490
Now, this is not the only Google address.

51
00:04:06,500 --> 00:04:07,760
This is just one of them.

52
00:04:07,770 --> 00:04:09,560
So you might get a different response.

53
00:04:09,740 --> 00:04:14,870
It might be that if you scan this multiple times during the day that you will be getting a different

54
00:04:15,260 --> 00:04:16,779
IP address for Google.

55
00:04:17,390 --> 00:04:23,960
You can also do something like this for Facebook or any other site whatsoever.

56
00:04:24,320 --> 00:04:30,300
And you will be getting their IP address as well as their IP six address that we can see right here.

57
00:04:31,160 --> 00:04:32,430
OK, awesome.

58
00:04:33,050 --> 00:04:35,510
Now, same thing that we did right here.

59
00:04:35,600 --> 00:04:41,090
We can do with the command called host, for example, if I type host.

60
00:04:41,450 --> 00:04:43,250
But let me just clear the screen first.

61
00:04:43,790 --> 00:04:45,590
Host, Google dot com.

62
00:04:47,070 --> 00:04:53,100
It will give me a slightly different output, but more or less, it gives us the same thing as we can

63
00:04:53,100 --> 00:04:58,680
see, it gives us the IP address of Google and we can already see that it is different than the previous

64
00:04:58,680 --> 00:04:58,920
one.

65
00:04:58,980 --> 00:05:05,640
This is the IP before address we got for Google IPV six address that we got for Google is this one.

66
00:05:05,910 --> 00:05:10,380
And we also get by which domain our mailing services handle.

67
00:05:11,290 --> 00:05:17,350
OK, this is how we can discover an IP address of a website, but let's say that you want to, for example,

68
00:05:17,350 --> 00:05:22,180
discover IP addresses of all the devices that are online inside of your network.

69
00:05:22,810 --> 00:05:28,440
For this, we're going to go a little bit more advanced and touch on a tool called Net Discover.

70
00:05:28,930 --> 00:05:34,160
Now, this tool will also mention during the course, but let's just take a peek at it right now.

71
00:05:34,750 --> 00:05:39,920
It should be installed in Caledonia's by default, but if it isn't, you can use the previous command

72
00:05:39,920 --> 00:05:44,140
of cover it, which is apt, get installed to install net discover, too.

73
00:05:44,920 --> 00:05:51,720
Now, in order to run it after you have it installed, all you have to do is type net discovery.

74
00:05:51,910 --> 00:05:59,230
But once again, this being a tool that requires pseudo, we must add pseudo prefix to our comment if

75
00:05:59,230 --> 00:06:00,520
I press enter.

76
00:06:02,250 --> 00:06:09,450
Well, that's it now we just leave it for a couple of minutes, it will scan all ranges of local IP

77
00:06:09,450 --> 00:06:12,330
addresses until it gets to your network range.

78
00:06:12,900 --> 00:06:18,800
Once it gets there, it will output all active IP addresses that are on your local network.

79
00:06:19,530 --> 00:06:20,310
All right.

80
00:06:21,150 --> 00:06:24,960
You can say that we just covered our first useful tool.

81
00:06:25,920 --> 00:06:31,110
Nonetheless, you get the point, we have many useful comments and tools that we can run inside the

82
00:06:31,110 --> 00:06:35,830
terminal and during the course we will discover much more that you will use a lot.

83
00:06:36,390 --> 00:06:42,660
My advice would be that you spend a couple minutes every day practicing these comments that we covered,

84
00:06:42,660 --> 00:06:45,850
as well as researching some new comments that might interest you.

85
00:06:46,590 --> 00:06:52,500
For example, you can say, hmm, I wonder how I can discover what version of Linux am I running?

86
00:06:53,220 --> 00:06:56,520
Then you Google that exact question and you should find the comment.

87
00:06:56,700 --> 00:07:00,630
You name Desh are for discovering Linux kernel version.

88
00:07:01,260 --> 00:07:03,050
And let's just give it a try just for fun.

89
00:07:03,330 --> 00:07:07,650
You can see these are all the active devices on my network so we can control see this.

90
00:07:08,040 --> 00:07:13,500
We no longer needed to scan the network and to discover the kernel version of Linux.

91
00:07:13,500 --> 00:07:17,580
We type the comment unnamed ECHA and we get the output.

92
00:07:18,030 --> 00:07:20,850
And this is how you learn anyway.

93
00:07:21,150 --> 00:07:26,480
If you have any questions regarding terminal or the comments that you covered, feel free to ask.

94
00:07:26,910 --> 00:07:31,080
In the meantime, we are one step closer to our goal of becoming a penetration test.

95
00:07:31,950 --> 00:07:33,390
Let's continue to the next lecture.