Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,090 --> 00:00:01,740 Hello everybody and welcome back. 2 00:00:01,740 --> 00:00:07,950 And now in this lecture we will cover our second tool for the foot printing which is called Nickel now 3 00:00:08,010 --> 00:00:15,630 nickel can also be used for evil penetration testing which basically scans for the Web site and it prints 4 00:00:15,630 --> 00:00:22,410 out if there is only any possible vulnerability on the Web site or if there is any outdated version. 5 00:00:22,590 --> 00:00:27,460 For example the Apache too could be outdated and the though will show us that. 6 00:00:27,510 --> 00:00:35,850 Now this can be put into the active interaction since we are scanning the Web site and you should not 7 00:00:35,850 --> 00:00:37,650 be doing that on a Web site. 8 00:00:37,650 --> 00:00:39,030 You do not own. 9 00:00:39,030 --> 00:00:40,330 So I'll just. 10 00:00:40,330 --> 00:00:43,860 Can the Web site that they put out on my laptop. 11 00:00:43,860 --> 00:00:45,090 A lot of upside web server. 12 00:00:45,090 --> 00:00:50,060 It is a better web server and it doesn't really have anything on it but it's running currently. 13 00:00:50,080 --> 00:00:56,940 So we should be able to see the IP address and the version of the Apache and also maybe some of the 14 00:00:56,940 --> 00:01:03,920 errors it could possibly have so let me just enlarge this a little bit. 15 00:01:03,920 --> 00:01:08,080 Now in order to run though you basically just type your nickel. 16 00:01:08,420 --> 00:01:11,200 It will show you the usage of the command. 17 00:01:11,210 --> 00:01:17,150 Now these are some of the basic options that you can see right here if we want to we could bring the 18 00:01:17,240 --> 00:01:23,720 Senate version this help as it says right here yeah this will be the extended version of the need to 19 00:01:23,750 --> 00:01:24,740 help. 20 00:01:25,040 --> 00:01:29,870 And we can see there are a bunch of the options right here for this program. 21 00:01:29,900 --> 00:01:36,260 Now we won't be covering all of these since that will take a lot of time but we will cover some basically 22 00:01:36,260 --> 00:01:38,160 the most important one would be the. 23 00:01:38,310 --> 00:01:40,430 Let me just find it DeCosta. 24 00:01:40,490 --> 00:01:41,360 Here it is. 25 00:01:41,420 --> 00:01:42,670 Target host. 26 00:01:42,890 --> 00:01:46,880 So in order for you to scan website you need to provide a target host. 27 00:01:47,630 --> 00:01:53,870 Now that target host can be either a domain name or basically are IP address. 28 00:01:53,870 --> 00:02:00,620 Now in my case I will use my IP address since my laptop is on my local network and its IP addresses 29 00:02:00,680 --> 00:02:02,310 one night to that 168. 30 00:02:02,330 --> 00:02:05,240 That one that 15. 31 00:02:05,390 --> 00:02:11,150 Now if you have any available Web site or any other virtual machine you can test it on that one and 32 00:02:11,150 --> 00:02:18,140 you can check out if your local Web site is memorable or something or possibly could be vulnerable to 33 00:02:18,140 --> 00:02:19,570 something. 34 00:02:19,580 --> 00:02:21,680 Now let me just show you this tape here. 35 00:02:21,680 --> 00:02:22,190 Nicole 36 00:02:25,490 --> 00:02:33,020 and basically will specify first of H for the coast and then 192 that 160 that the 15th. 37 00:02:33,130 --> 00:02:37,100 Now did you print out some of the errors it might find such as. 38 00:02:37,170 --> 00:02:41,540 Here we have the A.P. checking extreme options header is not present. 39 00:02:41,820 --> 00:02:44,580 The exercise protection header is not defined. 40 00:02:44,580 --> 00:02:47,390 Now this could be a problem. 41 00:02:47,460 --> 00:02:55,370 It is opening us to an across site scripting attack but it also could be just a false alarm. 42 00:02:55,380 --> 00:03:02,610 See here we can see these allowed HDP methods on the Apache Web site which is get head post and options 43 00:03:03,330 --> 00:03:11,920 and this will take a few seconds to finish basically if it takes a lot of time we will just close it 44 00:03:12,490 --> 00:03:20,230 so I can show you some of the other options that Nico has. 45 00:03:20,610 --> 00:03:29,010 Here we have log in that BHP admin log in page section found portions of this service headers are not 46 00:03:29,010 --> 00:03:33,800 in the database or our newer than the known string OK. 47 00:03:33,810 --> 00:03:35,730 Would you like to submit this information. 48 00:03:35,730 --> 00:03:38,370 We do not want to submit it now. 49 00:03:38,370 --> 00:03:46,560 Now you might be asking uh what kind of logging page or my posting on my laptop. 50 00:03:46,560 --> 00:03:50,420 Well basically I just have a fake Instagram page right there. 51 00:03:50,550 --> 00:03:51,210 I JUST MADE IT. 52 00:03:51,210 --> 00:03:56,030 SO IF WE TAPE My laptop's IP address we just open this up. 53 00:03:56,250 --> 00:04:01,050 It will lead us to a fake Instagram page. 54 00:04:01,050 --> 00:04:06,670 As you can see right here it is not a real Instagram it's basically just my IP address which I. 55 00:04:06,790 --> 00:04:14,670 Which we will use for some of the attacks later on but for now on well we'll just use the unique though 56 00:04:14,670 --> 00:04:20,370 in order to scan this page and as we can see it has finished it printed out a bunch of the options which 57 00:04:20,370 --> 00:04:22,050 could be useful or not for you. 58 00:04:22,050 --> 00:04:29,190 Depending on the website and depending on the errors but let's check out some of these other examples 59 00:04:29,400 --> 00:04:30,500 of this command. 60 00:04:30,510 --> 00:04:38,250 So you just type your H and you can see the shock command once again we can see our options 61 00:04:41,330 --> 00:04:51,020 decency display format hosts evasion encoding technique for example you can use the evasion. 62 00:04:51,210 --> 00:04:54,710 I believe it is tagged as a minus E in the command. 63 00:04:54,770 --> 00:05:01,980 We can use the minus E and specify any of these numbers if we want to for example pick barometer directory 64 00:05:01,980 --> 00:05:09,190 self reference or any other we can write here we will use number 1 random encoding on UTF 8. 65 00:05:09,260 --> 00:05:16,280 OK so we will basically run the same command for the ad that said before that. 66 00:05:19,510 --> 00:05:22,700 Now I believe that this will print out the same output. 67 00:05:22,710 --> 00:05:27,910 So we are not really interested right now in waiting for this finish. 68 00:05:27,960 --> 00:05:34,820 So one more thing I want to show you is that you can specify a port on which you want to scan. 69 00:05:35,010 --> 00:05:38,430 Now most likely that port will always be port 80. 70 00:05:38,430 --> 00:05:47,720 So it is not really needed but in case you want to for example scan import for 4 3 which is the CPS 71 00:05:47,790 --> 00:05:53,850 usual port you can change that with the minus B option as we can see. 72 00:05:53,850 --> 00:06:01,510 Default is 80 so you will just type here Nico and then the coast which in my case wanted to then about 73 00:06:01,510 --> 00:06:03,160 68 at one 15. 74 00:06:03,420 --> 00:06:10,080 And then you specify a port and type your 80 or 440 or any other port you want but most likely it will 75 00:06:10,080 --> 00:06:11,920 be one of those two. 76 00:06:11,940 --> 00:06:18,570 Now let's say for example we want to scan port 80 since my Apache web server is running on port 80 on 77 00:06:18,570 --> 00:06:23,150 my laptop and we want to save that into a file. 78 00:06:23,160 --> 00:06:30,980 Now how we do that with be minus 0 command but they just check here if it really is minus so I'm not 79 00:06:30,980 --> 00:06:32,450 seeing it right here. 80 00:06:32,450 --> 00:06:35,590 I believe it is yes it is output. 81 00:06:35,630 --> 00:06:39,710 So just type here minus 0 dash 0 and we will name a file. 82 00:06:39,710 --> 00:06:45,240 Basically we can name it anything you want you we will name it right here result. 83 00:06:45,520 --> 00:06:53,610 And you also need to specify the file type which I believe is the capital F which is format save file 84 00:06:53,880 --> 00:06:54,480 format. 85 00:06:54,480 --> 00:07:01,530 OK so format which just type your basic 60 we want to say it into a text file and we can run the same 86 00:07:01,530 --> 00:07:03,120 client once again. 87 00:07:03,120 --> 00:07:08,610 And basically right here once it finishes we will have a file with all this stuff written to it. 88 00:07:09,030 --> 00:07:11,700 So don't have to write it manually. 89 00:07:11,700 --> 00:07:17,830 The output to option can be used if you need to provide to someone scan results. 90 00:07:18,150 --> 00:07:21,860 So you can just put that into any file type. 91 00:07:22,050 --> 00:07:28,090 I just decided it to be too for this example and you can just send the file to someone. 92 00:07:28,270 --> 00:07:35,040 Now let's just wait for this to finish so we can check out our file here to ask us again if we want 93 00:07:35,070 --> 00:07:39,640 to report something to the website that leave. 94 00:07:39,750 --> 00:07:43,530 Let me just read once again not to include that the base on your. 95 00:07:43,530 --> 00:07:48,780 Would you like to submit this information all into one do not want to snipe what I care less I should 96 00:07:48,780 --> 00:07:52,590 have a pretty good file as we can see right here. 97 00:07:52,770 --> 00:07:55,370 Now we now know there is a file on the research. 98 00:07:55,440 --> 00:07:57,750 Let's just get it resolved. 99 00:07:57,780 --> 00:08:02,310 We should see all of our output right there as we can see. 100 00:08:02,310 --> 00:08:03,300 Target hostname. 101 00:08:03,300 --> 00:08:10,810 Target port is right here and there are some of the we'll try truly sure why it didn't put all of them 102 00:08:10,960 --> 00:08:11,500 in here. 103 00:08:11,500 --> 00:08:12,520 Or maybe it did. 104 00:08:12,570 --> 00:08:14,020 I just can't see them. 105 00:08:14,650 --> 00:08:22,070 But that's the example of righty writing and output in a file. 106 00:08:22,170 --> 00:08:31,170 Now if you want to run nickel to produce the latest fire for now if you want to run nickel can see that 107 00:08:31,170 --> 00:08:37,160 there is an option to run it over a proxy as you can see. 108 00:08:37,170 --> 00:08:42,780 Use proxy use the proxy defined in the nick that corner of file. 109 00:08:43,020 --> 00:08:47,790 Now in order for you to do this you need to link in that file and the proxy one. 110 00:08:47,790 --> 00:08:52,500 Basically you have one I will show you how to put it there. 111 00:08:52,530 --> 00:08:59,760 I don't really have one at the moment to cover proxy and VPN later on but for now and let me just locate 112 00:08:59,820 --> 00:09:01,770 a nickel that compile. 113 00:09:01,800 --> 00:09:03,610 We covered this command so you step here. 114 00:09:03,750 --> 00:09:04,230 OK. 115 00:09:04,260 --> 00:09:08,940 And then the name of the file and will show us all of the files that are named like this. 116 00:09:08,940 --> 00:09:11,870 And where are they stored. 117 00:09:11,920 --> 00:09:19,580 Now we are interested in the first one which is which is in deep at sea and the Nano to the decoder 118 00:09:19,610 --> 00:09:20,360 compile. 119 00:09:20,820 --> 00:09:23,150 We can see a bunch of options right here. 120 00:09:23,280 --> 00:09:28,120 Let us navigate and find the proxy option. 121 00:09:29,710 --> 00:09:31,910 Let me just check where it is. 122 00:09:31,910 --> 00:09:32,530 Here we go. 123 00:09:32,530 --> 00:09:35,860 Proxy settings still must be enabled by use proxy. 124 00:09:35,890 --> 00:09:43,300 So basically if you wanted to use proxy in the nickel program you would specify use proxy in the command. 125 00:09:43,300 --> 00:09:48,540 And here you would specify the proxy and the proxy proxy coast and the proxy board. 126 00:09:49,030 --> 00:09:55,090 So if you had a proxy with specified proxy IP address right here which for me is just a local host at 127 00:09:55,090 --> 00:09:57,130 the moment in here you will specify the port. 128 00:09:57,760 --> 00:10:03,900 And also one more thing you will need to do is remove the hash in order for this to be configured. 129 00:10:03,970 --> 00:10:12,010 And after that you would just type control all save enter control X to exit and then you could use your 130 00:10:12,010 --> 00:10:13,670 proxy an anecdote. 131 00:10:14,020 --> 00:10:20,830 But since I don't really need it at the moment I will just put the hash back. 132 00:10:21,820 --> 00:10:23,270 So we don't use it. 133 00:10:23,790 --> 00:10:25,850 And I will say once again. 134 00:10:26,980 --> 00:10:31,030 So basically just remember that the file is located in the seat. 135 00:10:31,030 --> 00:10:33,850 You can also find it we do locate command. 136 00:10:35,020 --> 00:10:38,250 So that will be about it for the nickel program. 137 00:10:38,560 --> 00:10:41,500 If you want to you can check other options as well. 138 00:10:41,500 --> 00:10:49,160 I don't find them useful at the moment but if you want to could check out all the other options and 139 00:10:49,160 --> 00:10:55,270 we will continue in the next lecture we do whois program and I hope I see you there and take care. 13981