Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,910 --> 00:00:06,280
So now that I've figured out what the IP address of my target is the next step is to figure out what
2
00:00:06,280 --> 00:00:10,330
services are running or what ports are open on my target machine.
3
00:00:10,840 --> 00:00:17,090
And we've seen one of our favorite tools before that we can use to do that which is unmap and I'm going
4
00:00:17,090 --> 00:00:23,870
to be introducing you now to a couple new options and unmap the first one is the minus minus V is for
5
00:00:23,900 --> 00:00:28,490
their boats which means give me more detailed output showed me what's going on in the background.
6
00:00:28,520 --> 00:00:29,760
Don't leave me in the dark.
7
00:00:29,960 --> 00:00:34,940
If you're on unmap without the verbose option you'll find yourself staring at the blank screen quite
8
00:00:34,940 --> 00:00:35,690
often.
9
00:00:36,080 --> 00:00:38,860
If you're like me you just want to know what's going on.
10
00:00:38,870 --> 00:00:41,030
Every second of this can't.
11
00:00:41,060 --> 00:00:46,740
Then you want to use the minus v option or you can use the minus Vee-Vee or minus.
12
00:00:46,820 --> 00:00:49,900
The more ways you use the more verbose it will be.
13
00:00:50,300 --> 00:00:51,820
So I'm going to do my A.V..
14
00:00:51,860 --> 00:00:55,080
The second option is minus B minus.
15
00:00:55,340 --> 00:01:03,740
And this is the same as saying minus a.p 0 6 5 5 3 5 which tells unmap that I would like it to scan
16
00:01:03,770 --> 00:01:14,090
every single report of and then minus capital A so unmap has additional options more than or in addition
17
00:01:14,090 --> 00:01:14,890
to port scanning.
18
00:01:14,900 --> 00:01:20,840
It does other inspections or scans such as what operating system is being used.
19
00:01:20,840 --> 00:01:25,400
What version of the operating system what's the patch level of the operating system.
20
00:01:25,400 --> 00:01:27,320
The service that is detected.
21
00:01:27,410 --> 00:01:28,640
What kind of service is it.
22
00:01:28,640 --> 00:01:29,710
What version is it.
23
00:01:29,710 --> 00:01:33,640
Is it vulnerable to any known attacks and so on.
24
00:01:33,740 --> 00:01:40,940
So it does a lot more probing than just auto scanning and if we want to combine all these probings together
25
00:01:41,180 --> 00:01:43,990
we use the minus 8 option.
26
00:01:44,000 --> 00:01:50,200
Now keep in mind that the minus option would take a lot more time than just a regular CT scan.
27
00:01:51,160 --> 00:01:55,660
And because now we're trying to hack this machine we want to know as much information as we possibly
28
00:01:55,660 --> 00:01:56,620
can about it.
29
00:01:56,620 --> 00:01:59,100
So I am going to be using the NSA option.
30
00:01:59,260 --> 00:02:06,630
Next I will specify the IP address of my target and last but not least I want to specify the outputs.
31
00:02:06,670 --> 00:02:12,130
I do not want to just display the output on the screen I want it to be saved to a file.
32
00:02:12,640 --> 00:02:17,710
And as we have discussed before and map has three different types of output there is the regular and
33
00:02:17,710 --> 00:02:23,880
mapped output which is very similar to a text file and it is just a copy of the output of the screen.
34
00:02:24,040 --> 00:02:28,120
There is the Geonim up file output which is the grab the bull and map.
35
00:02:28,120 --> 00:02:30,530
We talked about this in previous videos.
36
00:02:30,880 --> 00:02:36,640
And lastly there's the X output and that is used to be fed into other tools which is something we talk
37
00:02:36,640 --> 00:02:38,770
about in other courses.
38
00:02:38,770 --> 00:02:43,840
For now what I want to do is I want to save the three formats of this output.
39
00:02:43,840 --> 00:02:51,370
The map and map and the XML file and to do that I do minus OFL output and minus capital A For all which
40
00:02:51,370 --> 00:02:57,100
means save the output and all the different file formats and I named the output file.
41
00:02:57,220 --> 00:03:01,400
In this case I'm calling it methods too and I enter.
42
00:03:01,410 --> 00:03:07,630
You'll notice that and that immediately starts to discover open ports but because I am going to be scanning
43
00:03:07,660 --> 00:03:14,290
every single port plus doing the version scanning and the one ability scans and so on which I'm doing
44
00:03:14,290 --> 00:03:16,120
using the minus option.
45
00:03:16,290 --> 00:03:19,000
This is going to be taking a significant amount of time.
46
00:03:19,090 --> 00:03:23,830
You can see it on the screen and map telling me there's five minutes remaining and then that jump to
47
00:03:23,830 --> 00:03:24,760
9 and 14.
48
00:03:24,760 --> 00:03:27,900
And now I'm stopping at 37 minutes remaining.
49
00:03:27,940 --> 00:03:31,030
That's 37 minutes to scan one IP address.
50
00:03:31,030 --> 00:03:32,700
That's a lot of time.
51
00:03:32,710 --> 00:03:38,840
Imagine if you're doing that against 20 or 50 or 100 IP addresses and a penetration testing.
52
00:03:38,850 --> 00:03:45,250
What I think a hacking project so I stopped the scan here using the keyboard shortcuts to see which
53
00:03:45,250 --> 00:03:47,430
we talked about in previous videos as well.
54
00:03:47,680 --> 00:03:53,170
And I'm going to introduce you to another option in a map which has the timing option and this is the
55
00:03:53,170 --> 00:03:56,680
minus capital-T followed by a number.
56
00:03:56,920 --> 00:04:00,870
The number can be anything from 1 to 5 one being the slowest.
57
00:04:00,880 --> 00:04:08,680
And this is used to avoid intrusion detection systems for example but that can be very very slow and
58
00:04:08,680 --> 00:04:12,020
minus 5 is the insane scan which is insane.
59
00:04:12,070 --> 00:04:16,960
First the problem with insanely fast though is that it's not extremely reliable.
60
00:04:16,960 --> 00:04:24,130
Obviously Bacos and map just blasts out packets scanning packets and waits for a very limited amount
61
00:04:24,130 --> 00:04:30,160
of time for the response so we can only use that if we know for sure that the network that we're using
62
00:04:30,160 --> 00:04:31,930
is extremely reliable.
63
00:04:32,290 --> 00:04:38,020
Because I am using a virtual environment and both machines are in my computer I know that the network
64
00:04:38,020 --> 00:04:39,090
is very reliable.
65
00:04:39,100 --> 00:04:46,610
I'm going to go with the minus the option the scan will start running and you can immediately see a
66
00:04:46,610 --> 00:04:52,110
warning that says and map is giving up on scanning one point because there's a transmission cap hit
67
00:04:52,110 --> 00:04:52,680
so.
68
00:04:52,790 --> 00:04:56,780
So this is one of the liability issues that I talked about.
69
00:04:56,810 --> 00:05:03,560
However on the positive side you can see that the scan is considerably faster it it's going to take
70
00:05:03,560 --> 00:05:07,250
another one minute or half a minute to finish.
71
00:05:07,250 --> 00:05:08,510
And now the scan is done.
72
00:05:08,540 --> 00:05:13,140
You can see that and map scans 6 5 5 3 6 sports in total.
73
00:05:13,580 --> 00:05:16,820
And the next step now and map is doing is a service scan.
74
00:05:16,880 --> 00:05:22,950
So it's going to be scanning every single service that it's found running on the open ports.
75
00:05:23,000 --> 00:05:25,360
This is part of the minus Kapatid a option
76
00:05:30,320 --> 00:05:31,720
now that the scan is complete.
77
00:05:31,730 --> 00:05:37,340
I can scroll up and down to have a very quick look but obviously that's not a very convenient way to
78
00:05:37,340 --> 00:05:38,120
look at it.
79
00:05:39,060 --> 00:05:44,670
I'll do a quick s and you can see that the files were stored where I'm working in the current directory.
80
00:05:44,850 --> 00:05:47,000
So I want to tidy things up a little bit.
81
00:05:47,100 --> 00:05:53,520
Let me create a directory called Target and then I want to move all the maps and files into the target
82
00:05:53,520 --> 00:05:54,450
directory.
83
00:05:54,780 --> 00:05:57,930
And we learn how to do that using the M.V. commands.
84
00:05:59,350 --> 00:06:06,840
And the name of the file with a wildcard if you're unfamiliar with what that means go back to the wild
85
00:06:06,840 --> 00:06:07,870
card videos.
86
00:06:08,940 --> 00:06:14,640
Now if I do a listing of the target activate I can see that the map upload files have been successfully
87
00:06:14,640 --> 00:06:17,790
moved that now to view the content of the output file.
88
00:06:17,850 --> 00:06:21,990
I have one option which we've seen which is the cat commands.
89
00:06:22,260 --> 00:06:27,240
What that outputs the entire file on my screen which is not very convenient.
90
00:06:27,240 --> 00:06:29,460
It's a big file with a lot of output.
91
00:06:29,820 --> 00:06:34,530
And I want to be able to go through that by bit and to do that I'm going to be using another command
92
00:06:34,530 --> 00:06:37,800
that we talked about which is the less commands.
93
00:06:37,800 --> 00:06:44,050
And now I can use my keyboard to navigate slowly through this file and go through it bit by bit.
94
00:06:44,070 --> 00:06:49,130
So this covers the scanning bit as you can see there's a lot of what's open on the target machine.
95
00:06:49,140 --> 00:06:51,900
There's a lot of services running on the target machine.
96
00:06:52,080 --> 00:06:58,230
And now we get to the exciting part of trying to hack these services and get our weight end and hopefully
97
00:06:58,230 --> 00:06:59,530
get through Access AXS.
10466
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.