Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,910 --> 00:00:06,280 So now that I've figured out what the IP address of my target is the next step is to figure out what 2 00:00:06,280 --> 00:00:10,330 services are running or what ports are open on my target machine. 3 00:00:10,840 --> 00:00:17,090 And we've seen one of our favorite tools before that we can use to do that which is unmap and I'm going 4 00:00:17,090 --> 00:00:23,870 to be introducing you now to a couple new options and unmap the first one is the minus minus V is for 5 00:00:23,900 --> 00:00:28,490 their boats which means give me more detailed output showed me what's going on in the background. 6 00:00:28,520 --> 00:00:29,760 Don't leave me in the dark. 7 00:00:29,960 --> 00:00:34,940 If you're on unmap without the verbose option you'll find yourself staring at the blank screen quite 8 00:00:34,940 --> 00:00:35,690 often. 9 00:00:36,080 --> 00:00:38,860 If you're like me you just want to know what's going on. 10 00:00:38,870 --> 00:00:41,030 Every second of this can't. 11 00:00:41,060 --> 00:00:46,740 Then you want to use the minus v option or you can use the minus Vee-Vee or minus. 12 00:00:46,820 --> 00:00:49,900 The more ways you use the more verbose it will be. 13 00:00:50,300 --> 00:00:51,820 So I'm going to do my A.V.. 14 00:00:51,860 --> 00:00:55,080 The second option is minus B minus. 15 00:00:55,340 --> 00:01:03,740 And this is the same as saying minus a.p 0 6 5 5 3 5 which tells unmap that I would like it to scan 16 00:01:03,770 --> 00:01:14,090 every single report of and then minus capital A so unmap has additional options more than or in addition 17 00:01:14,090 --> 00:01:14,890 to port scanning. 18 00:01:14,900 --> 00:01:20,840 It does other inspections or scans such as what operating system is being used. 19 00:01:20,840 --> 00:01:25,400 What version of the operating system what's the patch level of the operating system. 20 00:01:25,400 --> 00:01:27,320 The service that is detected. 21 00:01:27,410 --> 00:01:28,640 What kind of service is it. 22 00:01:28,640 --> 00:01:29,710 What version is it. 23 00:01:29,710 --> 00:01:33,640 Is it vulnerable to any known attacks and so on. 24 00:01:33,740 --> 00:01:40,940 So it does a lot more probing than just auto scanning and if we want to combine all these probings together 25 00:01:41,180 --> 00:01:43,990 we use the minus 8 option. 26 00:01:44,000 --> 00:01:50,200 Now keep in mind that the minus option would take a lot more time than just a regular CT scan. 27 00:01:51,160 --> 00:01:55,660 And because now we're trying to hack this machine we want to know as much information as we possibly 28 00:01:55,660 --> 00:01:56,620 can about it. 29 00:01:56,620 --> 00:01:59,100 So I am going to be using the NSA option. 30 00:01:59,260 --> 00:02:06,630 Next I will specify the IP address of my target and last but not least I want to specify the outputs. 31 00:02:06,670 --> 00:02:12,130 I do not want to just display the output on the screen I want it to be saved to a file. 32 00:02:12,640 --> 00:02:17,710 And as we have discussed before and map has three different types of output there is the regular and 33 00:02:17,710 --> 00:02:23,880 mapped output which is very similar to a text file and it is just a copy of the output of the screen. 34 00:02:24,040 --> 00:02:28,120 There is the Geonim up file output which is the grab the bull and map. 35 00:02:28,120 --> 00:02:30,530 We talked about this in previous videos. 36 00:02:30,880 --> 00:02:36,640 And lastly there's the X output and that is used to be fed into other tools which is something we talk 37 00:02:36,640 --> 00:02:38,770 about in other courses. 38 00:02:38,770 --> 00:02:43,840 For now what I want to do is I want to save the three formats of this output. 39 00:02:43,840 --> 00:02:51,370 The map and map and the XML file and to do that I do minus OFL output and minus capital A For all which 40 00:02:51,370 --> 00:02:57,100 means save the output and all the different file formats and I named the output file. 41 00:02:57,220 --> 00:03:01,400 In this case I'm calling it methods too and I enter. 42 00:03:01,410 --> 00:03:07,630 You'll notice that and that immediately starts to discover open ports but because I am going to be scanning 43 00:03:07,660 --> 00:03:14,290 every single port plus doing the version scanning and the one ability scans and so on which I'm doing 44 00:03:14,290 --> 00:03:16,120 using the minus option. 45 00:03:16,290 --> 00:03:19,000 This is going to be taking a significant amount of time. 46 00:03:19,090 --> 00:03:23,830 You can see it on the screen and map telling me there's five minutes remaining and then that jump to 47 00:03:23,830 --> 00:03:24,760 9 and 14. 48 00:03:24,760 --> 00:03:27,900 And now I'm stopping at 37 minutes remaining. 49 00:03:27,940 --> 00:03:31,030 That's 37 minutes to scan one IP address. 50 00:03:31,030 --> 00:03:32,700 That's a lot of time. 51 00:03:32,710 --> 00:03:38,840 Imagine if you're doing that against 20 or 50 or 100 IP addresses and a penetration testing. 52 00:03:38,850 --> 00:03:45,250 What I think a hacking project so I stopped the scan here using the keyboard shortcuts to see which 53 00:03:45,250 --> 00:03:47,430 we talked about in previous videos as well. 54 00:03:47,680 --> 00:03:53,170 And I'm going to introduce you to another option in a map which has the timing option and this is the 55 00:03:53,170 --> 00:03:56,680 minus capital-T followed by a number. 56 00:03:56,920 --> 00:04:00,870 The number can be anything from 1 to 5 one being the slowest. 57 00:04:00,880 --> 00:04:08,680 And this is used to avoid intrusion detection systems for example but that can be very very slow and 58 00:04:08,680 --> 00:04:12,020 minus 5 is the insane scan which is insane. 59 00:04:12,070 --> 00:04:16,960 First the problem with insanely fast though is that it's not extremely reliable. 60 00:04:16,960 --> 00:04:24,130 Obviously Bacos and map just blasts out packets scanning packets and waits for a very limited amount 61 00:04:24,130 --> 00:04:30,160 of time for the response so we can only use that if we know for sure that the network that we're using 62 00:04:30,160 --> 00:04:31,930 is extremely reliable. 63 00:04:32,290 --> 00:04:38,020 Because I am using a virtual environment and both machines are in my computer I know that the network 64 00:04:38,020 --> 00:04:39,090 is very reliable. 65 00:04:39,100 --> 00:04:46,610 I'm going to go with the minus the option the scan will start running and you can immediately see a 66 00:04:46,610 --> 00:04:52,110 warning that says and map is giving up on scanning one point because there's a transmission cap hit 67 00:04:52,110 --> 00:04:52,680 so. 68 00:04:52,790 --> 00:04:56,780 So this is one of the liability issues that I talked about. 69 00:04:56,810 --> 00:05:03,560 However on the positive side you can see that the scan is considerably faster it it's going to take 70 00:05:03,560 --> 00:05:07,250 another one minute or half a minute to finish. 71 00:05:07,250 --> 00:05:08,510 And now the scan is done. 72 00:05:08,540 --> 00:05:13,140 You can see that and map scans 6 5 5 3 6 sports in total. 73 00:05:13,580 --> 00:05:16,820 And the next step now and map is doing is a service scan. 74 00:05:16,880 --> 00:05:22,950 So it's going to be scanning every single service that it's found running on the open ports. 75 00:05:23,000 --> 00:05:25,360 This is part of the minus Kapatid a option 76 00:05:30,320 --> 00:05:31,720 now that the scan is complete. 77 00:05:31,730 --> 00:05:37,340 I can scroll up and down to have a very quick look but obviously that's not a very convenient way to 78 00:05:37,340 --> 00:05:38,120 look at it. 79 00:05:39,060 --> 00:05:44,670 I'll do a quick s and you can see that the files were stored where I'm working in the current directory. 80 00:05:44,850 --> 00:05:47,000 So I want to tidy things up a little bit. 81 00:05:47,100 --> 00:05:53,520 Let me create a directory called Target and then I want to move all the maps and files into the target 82 00:05:53,520 --> 00:05:54,450 directory. 83 00:05:54,780 --> 00:05:57,930 And we learn how to do that using the M.V. commands. 84 00:05:59,350 --> 00:06:06,840 And the name of the file with a wildcard if you're unfamiliar with what that means go back to the wild 85 00:06:06,840 --> 00:06:07,870 card videos. 86 00:06:08,940 --> 00:06:14,640 Now if I do a listing of the target activate I can see that the map upload files have been successfully 87 00:06:14,640 --> 00:06:17,790 moved that now to view the content of the output file. 88 00:06:17,850 --> 00:06:21,990 I have one option which we've seen which is the cat commands. 89 00:06:22,260 --> 00:06:27,240 What that outputs the entire file on my screen which is not very convenient. 90 00:06:27,240 --> 00:06:29,460 It's a big file with a lot of output. 91 00:06:29,820 --> 00:06:34,530 And I want to be able to go through that by bit and to do that I'm going to be using another command 92 00:06:34,530 --> 00:06:37,800 that we talked about which is the less commands. 93 00:06:37,800 --> 00:06:44,050 And now I can use my keyboard to navigate slowly through this file and go through it bit by bit. 94 00:06:44,070 --> 00:06:49,130 So this covers the scanning bit as you can see there's a lot of what's open on the target machine. 95 00:06:49,140 --> 00:06:51,900 There's a lot of services running on the target machine. 96 00:06:52,080 --> 00:06:58,230 And now we get to the exciting part of trying to hack these services and get our weight end and hopefully 97 00:06:58,230 --> 00:06:59,530 get through Access AXS. 10466