Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,390 --> 00:00:01,050
Welcome back.
2
00:00:01,440 --> 00:00:03,570
Let's continue with our what we took.
3
00:00:04,890 --> 00:00:10,950
So in the previous video, we only saw how we can perform the basic stealth scan on a certain website.
4
00:00:11,790 --> 00:00:18,060
Another thing that we can do with Fastweb besides testing a website, is to test a range of IP addresses
5
00:00:18,210 --> 00:00:19,020
all at once.
6
00:00:20,040 --> 00:00:21,810
So if I open up my terminal.
7
00:00:23,320 --> 00:00:32,110
And I type what would that help once again to list out all of the available options and scroll all the
8
00:00:32,110 --> 00:00:32,590
way up?
9
00:00:35,570 --> 00:00:42,110
Here under the targets, we can see that we can specify your host names, IP addresses, but we can
10
00:00:42,110 --> 00:00:48,920
also specify IP ranges, we can specify them like this or like this.
11
00:00:50,380 --> 00:00:57,910
Now, to test this out, I'm going to scan my entire home network and to know what range of IP addresses
12
00:00:57,910 --> 00:01:06,040
should I scan for my home network, I could type down here, command I've config or pseudo config since.
13
00:01:06,430 --> 00:01:08,980
Remember, this requires route privileges.
14
00:01:09,670 --> 00:01:12,550
Press, enter, enter our password.
15
00:01:13,600 --> 00:01:20,500
And we can see that my IP addresses what I did to that 168 that found that four and what's more important
16
00:01:20,500 --> 00:01:23,320
than the IP address in this case is the net mask.
17
00:01:23,950 --> 00:01:30,340
And my net mask is two fifty five to fifty five to fifty five dot zero.
18
00:01:31,250 --> 00:01:39,380
The subnet mask right here means that only the last octet of my IP address is changeable, which is
19
00:01:39,380 --> 00:01:40,560
this last number.
20
00:01:41,060 --> 00:01:47,330
So these first three octets or these first three numbers never change in my whole network.
21
00:01:48,260 --> 00:01:55,220
This also means that the range of IP addresses that belong to my network are going to be from zero to.
22
00:01:58,500 --> 00:02:04,960
So basically, the range of the IP addresses that my network can have is this one eighty two do sixty
23
00:02:04,980 --> 00:02:06,900
eight that one dot zero.
24
00:02:08,440 --> 00:02:11,050
To 190 to that 168.
25
00:02:11,170 --> 00:02:13,060
Not one, not two fifty five.
26
00:02:13,870 --> 00:02:16,420
This is the range of my home network.
27
00:02:17,760 --> 00:02:19,980
So let me scan it now for you.
28
00:02:20,160 --> 00:02:26,100
It might be different based on what type of network you got, but in most home networks, the subnet
29
00:02:26,100 --> 00:02:28,170
mask is going to be this one.
30
00:02:29,140 --> 00:02:32,770
Therefore, just the last octet will be changeable for you.
31
00:02:33,490 --> 00:02:40,660
Now, before I actually run the scan, I don't have any websites hosted in my home network, but I do
32
00:02:40,660 --> 00:02:41,920
got some devices running.
33
00:02:41,920 --> 00:02:48,040
Something on Port 80 and Port 80 is in deep port that websites used to host their pages.
34
00:02:48,820 --> 00:02:52,300
So we should still get some result from scanning my network.
35
00:02:53,440 --> 00:02:57,340
Let go delete this and type what one.
36
00:02:59,300 --> 00:03:01,880
And then the French, all my whole network.
37
00:03:02,990 --> 00:03:08,560
Let us go with one to one idea to that 168 dot one two fifty five.
38
00:03:08,960 --> 00:03:13,790
So this is the range of IP addresses that I want to scan and all of them belong to my home network.
39
00:03:14,600 --> 00:03:21,050
And the good thing right here is that I can use whichever aggression level I want since it is my own
40
00:03:21,050 --> 00:03:21,570
network.
41
00:03:22,250 --> 00:03:24,560
Let's test out aggression level three.
42
00:03:25,370 --> 00:03:31,040
To do that, we can specify dash, dash aggression and then three.
43
00:03:32,020 --> 00:03:39,280
After it, we can also specify the dash of option to better output all of this and let's press enter.
44
00:03:42,150 --> 00:03:47,400
You will notice we are getting some of the results, but there is a lot of this error happening on the
45
00:03:47,400 --> 00:03:54,210
screen now for this area right here is let me just control C, since we're not going to wait for this
46
00:03:54,210 --> 00:03:54,750
to finish.
47
00:03:55,080 --> 00:04:01,530
And what this error is, is all of the hosts that it tried to scan but couldn't manage to.
48
00:04:02,040 --> 00:04:06,590
And the reason why it couldn't manage to scan these hosts is because they do not exist.
49
00:04:07,020 --> 00:04:13,380
I currently only have around two or three devices on my home network and all of these other IP addresses
50
00:04:13,380 --> 00:04:14,340
are out of use.
51
00:04:15,500 --> 00:04:21,350
So let me go up here to see what it found, it found the result for the IP address, 192, that 168
52
00:04:21,350 --> 00:04:22,060
that found that one.
53
00:04:22,220 --> 00:04:25,070
And this is my router down here.
54
00:04:25,070 --> 00:04:29,060
We can see all of the plug ins that it managed to detect for my router.
55
00:04:30,370 --> 00:04:35,500
We can see an interesting plugin which is password filled, this is something that we would write down
56
00:04:35,500 --> 00:04:41,470
since any password that we find we can use later on in something like a brute force attack to try to
57
00:04:41,470 --> 00:04:45,180
guess the password and try to brute force the login credentials.
58
00:04:46,030 --> 00:04:51,070
But nonetheless, this is just a router, so we're not really interested in it at the moment.
59
00:04:51,430 --> 00:04:54,280
This is just an example of a test of how it would look like.
60
00:04:54,490 --> 00:04:58,730
And since I don't have any website on my home network, it didn't really give much result.
61
00:04:58,870 --> 00:04:59,890
We can see right here.
62
00:05:00,130 --> 00:05:02,260
Here is another IP address that is active.
63
00:05:02,500 --> 00:05:04,870
It is 192 DOT 168 at 110.
64
00:05:04,870 --> 00:05:08,440
And this is an IP address on my laptop, which is currently up and running.
65
00:05:09,250 --> 00:05:17,080
It detected this FTP server on it, but it got this status code of four or three forbidden so it is
66
00:05:17,080 --> 00:05:18,440
not allowed to visit that page.
67
00:05:18,910 --> 00:05:25,420
Therefore, this is as much information as it's managed to get and all the other ones down here are
68
00:05:25,420 --> 00:05:26,620
simply just offline.
69
00:05:27,550 --> 00:05:34,780
Now, if you don't want this outputted, this text, you can use the same comment and at the end at
70
00:05:34,900 --> 00:05:44,170
Dash Dash, no errors, but this no errors option does is it simply just doesn't print these offline
71
00:05:44,200 --> 00:05:45,010
IP addresses?
72
00:05:45,730 --> 00:05:46,660
Let's test it out.
73
00:05:46,690 --> 00:05:53,220
If I run the same comment just with no errors, you will see we are not going to get any red text anymore.
74
00:05:53,590 --> 00:05:59,290
It will only scan these to live IP addresses, which is my home router and the laptop.
75
00:05:59,470 --> 00:06:01,510
And that is basically it.
76
00:06:01,520 --> 00:06:03,100
That is everything that it will output.
77
00:06:04,050 --> 00:06:09,690
OK, so it took just a few seconds to finish and keep in mind that since we are running level three
78
00:06:09,690 --> 00:06:16,200
of aggressions, can it will take a little bit more time to scan something then with level one, since
79
00:06:16,200 --> 00:06:20,580
it is performing a deeper scan than just did level one stealthy scan.
80
00:06:21,310 --> 00:06:28,770
OK, so if we ran this comment and we use the aggression level three, we use that to output all the
81
00:06:28,770 --> 00:06:31,080
detected plugins as well as their description.
82
00:06:32,020 --> 00:06:40,000
And we use no errors to not print out these offline IP addresses, but what if we, for example, wanted
83
00:06:40,000 --> 00:06:45,730
to save this output that we got in a file for some future references?
84
00:06:46,960 --> 00:06:52,570
Well, if I type the comment, what web does this help?
85
00:06:54,350 --> 00:07:00,320
And I go through this health plan once again, I will get to this part, which is logging.
86
00:07:01,660 --> 00:07:09,100
And down here, we can see that there are a bunch of options that we can use to log our file or to save
87
00:07:09,150 --> 00:07:15,280
our file, so let's just go with the first one, or we can even use the second one, which is to log
88
00:07:15,340 --> 00:07:16,300
verbose output.
89
00:07:17,350 --> 00:07:23,200
To do that, we use this option right here and then equals and then the file name that we wanted to
90
00:07:23,200 --> 00:07:23,470
save.
91
00:07:24,460 --> 00:07:31,090
So if I go down here and another useful comment, once you have a bunch of things happening in your
92
00:07:31,090 --> 00:07:36,970
terminal and buy a bunch of things, I mean, just a bunch of text printed out, what we can do to get
93
00:07:36,970 --> 00:07:39,220
rid of this is run the command, clear.
94
00:07:39,940 --> 00:07:42,630
This will clear our terminal so we get much cleaner.
95
00:07:42,640 --> 00:07:50,410
Look, now you press our Pereiro to find the comment that we ran previously and at the end I add lock
96
00:07:50,410 --> 00:07:53,170
and then dash for both equals.
97
00:07:53,500 --> 00:07:56,950
And here I can call the results, for example.
98
00:07:58,180 --> 00:08:05,200
If I press here, enter now, you will notice that both sides of this are putting it to the terminal.
99
00:08:05,500 --> 00:08:07,820
It will also save it inside of a file.
100
00:08:08,050 --> 00:08:10,780
Let's wait for this to finish to check out the file that we got.
101
00:08:12,100 --> 00:08:18,910
OK, so it finished let us clear the screen once again, and if we type s right here, we will see our
102
00:08:19,060 --> 00:08:19,960
results file.
103
00:08:20,840 --> 00:08:27,740
Let's lower the terminal and open this file to see what it got saved and find a logit, we will see
104
00:08:27,740 --> 00:08:35,690
that we got our results saved for both IP addresses, for my laptop IP address and for my route right
105
00:08:36,920 --> 00:08:38,510
now, for your scan.
106
00:08:38,510 --> 00:08:44,270
If you send your whole network, you will probably have more devices or less devices or you might not
107
00:08:44,270 --> 00:08:50,990
get any result in case none of your devices is having an open port 80 or in case none of your devices
108
00:08:50,990 --> 00:08:52,840
is running in HTP server.
109
00:08:53,480 --> 00:08:55,490
So don't worry if you didn't get any device.
110
00:08:56,000 --> 00:09:02,960
This is just an example to see that we can even run the ranges of IP addresses and to test out this
111
00:09:02,960 --> 00:09:07,850
aggression level triscuit since we can only do it on the websites that we own or have permission to
112
00:09:07,850 --> 00:09:08,180
scan.
113
00:09:09,200 --> 00:09:09,770
OK, great.
114
00:09:09,800 --> 00:09:14,930
So look at all of the commands that we crafted with all of these options right here.
115
00:09:15,910 --> 00:09:22,930
And this is just a part of this, what you don't need to be learning all of these comments, you can
116
00:09:22,930 --> 00:09:28,210
always just from the health comment and read through its help menu to discover what you want to run.
117
00:09:28,990 --> 00:09:34,150
We will be going through all of these options in what we do, since there is too much of them.
118
00:09:34,420 --> 00:09:39,550
But I encourage you to play with it a little bit and see if it has any other interesting options.
119
00:09:40,270 --> 00:09:40,660
Great.
120
00:09:41,260 --> 00:09:47,230
In the next video, we're going to see how we can harvest or gather as much emails as possible from
121
00:09:47,230 --> 00:09:48,820
just knowing a domain.
122
00:09:49,360 --> 00:09:49,950
See you there.
12639
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.