1
1

00:00:00,388  -->  00:00:02,791
<v ->Now that we're in phase two, scanning and enumeration</v>
2

2

00:00:02,791  -->  00:00:05,317
we've gotta find a hole in the network in order to break in.
3

3

00:00:05,317  -->  00:00:08,249
Since this is an introductory course, we're gonna use ZenMap
4

4

00:00:08,249  -->  00:00:10,007
which is a graphical user interface
5

5

00:00:10,007  -->  00:00:12,731
for the world's most popular scanning tool Nmap.
6

6

00:00:12,731  -->  00:00:15,133
Zenmap is truly powerful because it uses Nmap
7

7

00:00:15,133  -->  00:00:17,126
as its workhorse to do all the scanning,
8

8

00:00:17,126  -->  00:00:19,489
but provides us with the easy to use graphical interface
9

9

00:00:19,489  -->  00:00:21,604
that makes setting up our scans simple,
10

10

00:00:21,604  -->  00:00:24,294
and consolidates all of our text based output from Nmap
11

11

00:00:24,294  -->  00:00:27,349
into a nice, concise format for us to read.
12

12

00:00:27,349  -->  00:00:29,425
Another great feature of Zenmap is the ability
13

13

00:00:29,425  -->  00:00:30,967
to customize the scan parameters,
14

14

00:00:30,967  -->  00:00:32,801
it provides us the command line syntax
15

15

00:00:32,801  -->  00:00:34,880
that would be required by Nmap to perform the scan
16

16

00:00:34,880  -->  00:00:36,957
but then allows us to add or change those parameters
17

17

00:00:36,957  -->  00:00:38,743
to make it a more refined scan.
18

18

00:00:38,743  -->  00:00:41,146
The final benefit of Zenmap is that it also creates
19

19

00:00:41,146  -->  00:00:43,014
a database of the past scans.
20

20

00:00:43,014  -->  00:00:44,683
Which can be saved for future reference.
21

21

00:00:44,683  -->  00:00:45,865
This is a wonderful feature
22

22

00:00:45,865  -->  00:00:47,454
to aid in your documentation of the network,
23

23

00:00:47,454  -->  00:00:48,953
and allows us to go back to those details
24

24

00:00:48,953  -->  00:00:50,603
in the future if we need em.
25

25

00:00:50,603  -->  00:00:52,648
So what kind of information do we need to get started?
26

26

00:00:52,648  -->  00:00:53,788
And what kind of information
27

27

00:00:53,788  -->  00:00:55,130
are we going to find during our scanning?
28

28

00:00:55,130  -->  00:00:57,127
Well to get started, we're gonna need either an IP address,
29

29

00:00:57,127  -->  00:00:59,411
or a range of IPs, we should have that information though
30

30

00:00:59,411  -->  00:01:00,874
from our reconnaissance phase.
31

31

00:01:00,874  -->  00:01:03,073
Using that information we're gonna perform different scans
32

32

00:01:03,073  -->  00:01:05,108
to determine different levels of information.
33

33

00:01:05,108  -->  00:01:07,346
Our most basic scan are simply pings,
34

34

00:01:07,346  -->  00:01:08,483
to determine if the machines are up
35

35

00:01:08,483  -->  00:01:09,911
and responding on the network.
36

36

00:01:09,911  -->  00:01:11,754
This certainly falls into our scanning category
37

37

00:01:11,754  -->  00:01:13,465
in our scanning and enumeration phase.
38

38

00:01:13,465  -->  00:01:15,428
Next, we're gonna begin scanning for open ports
39

39

00:01:15,428  -->  00:01:17,706
then we'll finally move into more in-depth scans
40

40

00:01:17,706  -->  00:01:19,911
where we can use that information received to perform
41

41

00:01:19,911  -->  00:01:22,189
a basic enumeration of the host to determine
42

42

00:01:22,189  -->  00:01:25,819
the Operating System, the version of the software, and more.
43

43

00:01:25,819  -->  00:01:29,562
So lets get started tryin to find those holes.
44

44

00:01:29,562  -->  00:01:31,186
Now before we begin scanning our network,
45

45

00:01:31,186  -->  00:01:32,204
we need to set up our network
46

46

00:01:32,204  -->  00:01:34,325
to make sure they're all still on an isolated net.
47

47

00:01:34,325  -->  00:01:37,905
To do this we're gonna open up Virtual Box.
48

48

00:01:37,905  -->  00:01:41,635
From Virtual Box we're gonna go to preferences,
49

49

00:01:41,635  -->  00:01:44,037
and then we're gonna click on network.
50

50

00:01:44,037  -->  00:01:45,991
Then we're gonna click on host only network,
51

51

00:01:45,991  -->  00:01:49,811
to create a network just for our virtual machines to use.
52

52

00:01:49,811  -->  00:01:52,332
We're going to click on the adapter to add,
53

53

00:01:52,332  -->  00:01:53,915
with the plus sign.
54

54

00:01:55,342  -->  00:01:59,425
And you'll see you now have Virtual Box net zero.
55

55

00:02:00,969  -->  00:02:03,456
We're gonna click on the screw driver icon
56

56

00:02:03,456  -->  00:02:05,328
which is gonna allow us to configure it,
57

57

00:02:05,328  -->  00:02:09,559
and it has by default 192.168.56.1 that's fine,
58

58

00:02:09,559  -->  00:02:12,169
we can use that but we do want to set up a DHCP server.
59

59

00:02:12,169  -->  00:02:15,474
So we'll click on that, and say enable server.
60

60

00:02:15,474  -->  00:02:19,057
We're gonna use 192.168.56.1 as our server.
61

61

00:02:20,718  -->  00:02:24,885
Our mask will be a standard class C 225.255.255.0.
62

62

00:02:26,227  -->  00:02:28,743
Our lower bound we'll hand out IPs starting at 100,
63

63

00:02:28,743  -->  00:02:32,910
so 192.168.56.100 and our upper bound we'll use as 50.
64

64

00:02:34,827  -->  00:02:38,077
192.168.56.150 this will give us 50 IPS
65

65

00:02:41,590  -->  00:02:43,906
that can be handed out to our virtual machines.
66

66

00:02:43,906  -->  00:02:46,395
Since we only have three, that will be plenty for us.
67

67

00:02:46,395  -->  00:02:49,693
We'll hit okay, and then hit okay again.
68

68

00:02:49,693  -->  00:02:52,295
Now we need to set up each machine in network to use them.
69

69

00:02:52,295  -->  00:02:56,116
So we'll click on Kali, and then click network
70

70

00:02:56,116  -->  00:02:58,597
go to network, and select from internal network,
71

71

00:02:58,597  -->  00:03:01,564
to Host-only Adapter, and again we use the same one
72

72

00:03:01,564  -->  00:03:04,397
we used before vboxnet0. Hit okay.
73

73

00:03:05,916  -->  00:03:08,237
We'll go to windows, we'll do the same thing,
74

74

00:03:08,237  -->  00:03:11,737
click on network, go to host only adapter,
75

75

00:03:12,747  -->  00:03:15,152
vboxnet0 and hit okay.
76

76

00:03:15,152  -->  00:03:17,753
And then metaspolitable click on network,
77

77

00:03:17,753  -->  00:03:20,920
and go to host-only adapter, vboxnet0.
78

78

00:03:22,276  -->  00:03:23,215
At this point we're gonna start
79

79

00:03:23,215  -->  00:03:25,824
launching our virtual machines,
80

80

00:03:25,824  -->  00:03:28,515
to do that we'll simply left click on the name Kali
81

81

00:03:28,515  -->  00:03:32,094
and then start, we're gonna go back while that's booting up
82

82

00:03:32,094  -->  00:03:36,202
and start up my windows, and I'm going to go back again
83

83

00:03:36,202  -->  00:03:38,535
and start up metasploitable.
84

84

00:03:42,878  -->  00:03:44,624
So now we can cycle through those machines,
85

85

00:03:44,624  -->  00:03:46,493
and see where they are in the boot process.
86

86

00:03:46,493  -->  00:03:48,011
Once they boot up they're gonna be able to
87

87

00:03:48,011  -->  00:03:51,522
pick up their own IP address using that DHCP.
88

88

00:03:51,522  -->  00:03:55,689
So we'll click on Kali, and then we're gonna cycle over
89

89

00:03:57,116  -->  00:04:00,289
to our metasploitable machine, and then we're gonna
90

90

00:04:00,289  -->  00:04:02,932
cycle over to our windows machine.
91

91

00:04:02,932  -->  00:04:04,764
Now, just to verify that they've actually picked up
92

92

00:04:04,764  -->  00:04:08,680
the IP address, lets go head and do an IPconfig on windows.
93

93

00:04:08,680  -->  00:04:12,099
Open up the command prompt, and do Ipconfig.
94

94

00:04:12,099  -->  00:04:14,012
And you can see that it got the first IP address,
95

95

00:04:14,012  -->  00:04:18,179
192.168.56.100, at this point we can cycle over to
96

96

00:04:20,407  -->  00:04:22,488
our metasplotable machine.
97

97

00:04:22,488  -->  00:04:25,090
We're gonna log in again with, msfadmin,
98

98

00:04:25,090  -->  00:04:27,496
msfadmin for the password
99

99

00:04:27,496  -->  00:04:30,182
and we can do ifconfig since this is linux.
100

100

00:04:30,182  -->  00:04:33,515
And you can verify here, 192.168.56.101,
101

101

00:04:34,372  -->  00:04:35,554
now in the real world,
102

102

00:04:35,554  -->  00:04:37,671
your machines are already gonna be online.
103

103

00:04:37,671  -->  00:04:39,217
This is just because of our simulation
104

104

00:04:39,217  -->  00:04:40,599
that we have access to them.
105

105

00:04:40,599  -->  00:04:42,224
We just want to know what we're looking at.
106

106

00:04:42,224  -->  00:04:45,557
We're gonna go back to our Kali machine,
107

107

00:04:47,728  -->  00:04:49,236
and this is where we're gonna do all of our work
108

108

00:04:49,236  -->  00:04:50,457
for the rest of this lesson.