Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,710 --> 00:00:06,580
And map script engine or NSC.
2
00:00:06,630 --> 00:00:14,880
So what do you suppose script scanning would be so and map is indeed a software for Port scanning purposes
3
00:00:14,880 --> 00:00:15,950
right.
4
00:00:15,960 --> 00:00:23,490
It can also be used for pen test purposes using its advanced features and map has started to be developed
5
00:00:23,490 --> 00:00:30,210
as a port scanning tool and today it has exceeded itself with its vulnerability and exploitation features
6
00:00:32,130 --> 00:00:40,450
so the in map scripting engine or NFC is one of N maps more powerful and flexible features so it allows
7
00:00:40,450 --> 00:00:48,040
users to write and share simple scripts to automate a wide range of network scanning tasks these scripts
8
00:00:48,040 --> 00:00:54,010
are then executed in parallel with the speed and efficiency that we would expect from any map.
9
00:00:55,830 --> 00:01:02,690
Users can use scripts distributed within map or write themselves to meet their specific needs
10
00:01:05,350 --> 00:01:16,570
NSC consist of scripts in these following categories defined categories of broadcast brute default discovery
11
00:01:17,080 --> 00:01:30,940
dos exploit external fuzzier intrusive malware safe version and Von so the category names are not case
12
00:01:30,940 --> 00:01:40,840
sensitive and well let me just briefly describe each category so these scripts handle authentication
13
00:01:40,840 --> 00:01:49,060
information or bypasses it on the target system instead of scripts that use brute force attacks to identify
14
00:01:49,060 --> 00:01:52,560
credentials they are placed in this brute category.
15
00:01:56,080 --> 00:02:03,320
Broadcast scripts in this category typically discover hosts that are not listed on the command line
16
00:02:03,330 --> 00:02:11,190
by publishing to the local network use the new target script variable to allow these scripts to automatically
17
00:02:11,310 --> 00:02:14,360
add hosts that they discovered to the end map scan.
18
00:02:14,360 --> 00:02:14,700
Q
19
00:02:17,990 --> 00:02:24,570
So these scripts use brute force attacks to estimate the authentication information of a remote server
20
00:02:25,500 --> 00:02:33,720
and map HDP brute Oracle brute as an MP brute etc. including many scripts that enforce the protocol
21
00:02:35,630 --> 00:02:43,820
discovery these scripts attempt to discover more about the network by querying global records as an
22
00:02:43,820 --> 00:02:48,260
MP enabled devices directory services and so on and so forth.
23
00:02:49,980 --> 00:03:00,980
So D OS scripts in this category can cause denial of service sometimes it is done to test the vulnerability
24
00:03:00,980 --> 00:03:02,500
for denial of service method.
25
00:03:02,530 --> 00:03:09,980
But more generally it is undesirable because of the side effect required to test a conventional vulnerability.
26
00:03:11,310 --> 00:03:14,580
In other words these test sometimes crash sensitive services
27
00:03:17,300 --> 00:03:27,470
exploit these scripts are intended to actively exploit a vulnerability external scripts in this category
28
00:03:27,470 --> 00:03:31,910
can send data to a third party database or another network resource.
29
00:03:32,910 --> 00:03:40,260
For example who is IP establishes a connection to the WHO is servers to obtain information about the
30
00:03:40,260 --> 00:03:41,290
destinations.
31
00:03:41,300 --> 00:03:48,940
Address the operators of the third party database probably record everything that comes into them.
32
00:03:49,010 --> 00:03:56,980
So this will log your IP address and the destination address most scripts that do not fall into this
33
00:03:56,980 --> 00:04:02,500
category contain absolute traffic between the scanning computer and the client
34
00:04:05,620 --> 00:04:13,520
fuzzier scripts in this category are designed to send unexpected or random fields by the server software
35
00:04:13,550 --> 00:04:21,150
and each package although the technique is useful for finding undiscovered errors and vulnerabilities
36
00:04:21,150 --> 00:04:22,180
in software.
37
00:04:22,440 --> 00:04:28,700
It runs both slowly and uses a lot of bandwidth.
38
00:04:28,720 --> 00:04:35,350
An example of a script in this category is DNS Fuzz which slightly bombs a DNS server with incorrect
39
00:04:35,350 --> 00:04:40,770
domain requests until the server crashes or a user defined time limit expires.
40
00:04:42,360 --> 00:04:52,150
Intrusive these scripts cannot be classified into a secure category because the risks may be high enough
41
00:04:52,150 --> 00:04:55,570
to destroy the target system.
42
00:04:55,680 --> 00:05:04,220
It can fully exploit the resources that means bandwidth CPE you ram of the target system therefore they
43
00:05:04,220 --> 00:05:09,400
are perceived as unwanted processes by system administrators.
44
00:05:09,530 --> 00:05:19,520
As you may very well imagine malware these scripts test whether the target platform is affected by malware
45
00:05:19,610 --> 00:05:21,710
or back doors.
46
00:05:21,710 --> 00:05:29,750
For example S.M. T.P. strange port which monitors as MTBE servers running on unusual port numbers and
47
00:05:29,870 --> 00:05:33,520
off spoof which identifies similar fraud numbers.
48
00:05:33,680 --> 00:05:42,850
It give a fake answer before receiving a query both of these behaviors are usually caused by malware
49
00:05:42,850 --> 00:05:49,080
infection safe scripts that are not designed to crash.
50
00:05:49,080 --> 00:05:55,800
Services use large amounts of bandwidth or other resources or exploit vulnerabilities.
51
00:05:56,890 --> 00:06:03,850
They're are less likely to harm remote administrators but we cannot guarantee that they will never cause
52
00:06:03,850 --> 00:06:05,340
adverse reactions.
53
00:06:05,410 --> 00:06:13,240
As with other and map features so most of them are performing general network discovery scripts in this
54
00:06:13,240 --> 00:06:19,930
category are not classified for security but all other unsafe scripts should be placed as intrusive
55
00:06:21,820 --> 00:06:28,810
version so scripts in this particular category aren't extension of the version detection feature and
56
00:06:28,810 --> 00:06:33,650
cannot be explicitly selected their selected run.
57
00:06:33,710 --> 00:06:41,950
Only when version detection as a V is requested outputs are indistinguishable from version detection
58
00:06:41,950 --> 00:06:46,250
output and do not generate servers or hosts script results.
59
00:06:49,220 --> 00:06:58,070
Vollmann these scripts check for specific known vulnerabilities and typically report results only if
60
00:06:58,070 --> 00:06:58,880
they are found.
61
00:07:00,730 --> 00:07:11,000
Default so this is used with a C or the a parameter scripts defined in the default category are speed
62
00:07:11,300 --> 00:07:22,050
usefulness verbosity reliability intrusiveness privacy script equals can be used with a default parameter
63
00:07:25,870 --> 00:07:35,330
so in map script files in the scripts folder if you don't know the folder name you can list all the
64
00:07:35,330 --> 00:07:41,080
scripts when you run locate NSC on the command line.
65
00:07:41,290 --> 00:07:48,550
If you're looking for a specific script for a specific topic then just type it into the command line
66
00:07:50,370 --> 00:07:50,910
if you want to.
67
00:07:50,900 --> 00:07:52,490
You can always edit the scripts.
68
00:07:52,500 --> 00:07:54,730
You can review them make change it.
69
00:07:54,940 --> 00:08:02,600
For example if we are looking for DNS related scripts we just need to type in the command line.
70
00:08:42,800 --> 00:08:47,160
Current NSC scripts are available at any map dot org.
71
00:08:48,510 --> 00:08:55,790
You can view all scripts and usage patterns at this address and that dot org.
72
00:08:55,910 --> 00:09:05,570
And as a doc so in map since NSC is open source it's constantly updated.
73
00:09:05,600 --> 00:09:10,690
Therefore it is necessary to update the script database before scanning with scripts.
74
00:09:10,690 --> 00:09:10,880
Yeah
75
00:09:46,310 --> 00:09:50,200
so to do this you just run the command script update.
76
00:09:52,770 --> 00:09:56,360
Now there are a few parameters to use in the script within map.
77
00:09:58,110 --> 00:10:01,480
And I'll show you a few of them and map.
78
00:10:01,490 --> 00:10:09,940
See if we only use the SC parameter and map scans for each IP in port with scripts defined in the default
79
00:10:09,940 --> 00:10:12,380
category and map.
80
00:10:12,420 --> 00:10:12,850
Script.
81
00:10:12,860 --> 00:10:14,170
Script name target.
82
00:10:15,010 --> 00:10:22,200
So in this case and map will scan with the specified script so if you want to get help with a script
83
00:10:22,890 --> 00:10:25,640
we can use and map script help.
84
00:10:25,740 --> 00:10:33,390
Script name and map scripts can be used with other parameters as well with a script that we use here
85
00:10:33,420 --> 00:10:42,570
must be compatible with the service that we scan might not seem obvious but so let's write a few examples
86
00:10:42,570 --> 00:10:44,370
of any map commands.
9969
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.