1 00:00:00,300 --> 00:00:01,950 Service, inversion detection. 2 00:00:03,750 --> 00:00:05,790 And Matt, as we target. 3 00:00:07,280 --> 00:00:12,750 It's been scanning within map, it's not enough to obtain just the open port information. 4 00:00:14,910 --> 00:00:19,920 With his information, it's pretty necessary to know the name in the version of the service running 5 00:00:19,920 --> 00:00:20,750 on the open port. 6 00:00:20,760 --> 00:00:21,060 Yeah. 7 00:00:22,350 --> 00:00:28,500 So the version information will give us more insight into what are the possible attacks that we could 8 00:00:28,500 --> 00:00:29,760 actually launch. 9 00:00:31,410 --> 00:00:35,760 So there's a database of more than 2200 services and in MAP. 10 00:00:37,060 --> 00:00:38,170 Where is that database? 11 00:00:38,440 --> 00:00:42,400 It's in the user share and map and map services. 12 00:00:44,380 --> 00:00:49,960 So the database contains the names of the services it can operate according to the board information. 13 00:00:51,200 --> 00:00:56,450 For example, Port 80, of course, is mostly used by HDP service. 14 00:00:57,720 --> 00:01:00,990 Ward 53 is usually used by the DNS service. 15 00:01:02,310 --> 00:01:09,320 The point here is that the port numbers do not always belong to the servant mentioned that earlier, 16 00:01:09,330 --> 00:01:11,300 but I want to make this clear. 17 00:01:11,670 --> 00:01:18,690 So it means that the system administrator can change the HTTP service 80 to 12, 80 from within the 18 00:01:18,690 --> 00:01:19,240 program. 19 00:01:19,980 --> 00:01:26,280 So in this case, the port number and the service running on that board must be detected and verified. 20 00:01:27,350 --> 00:01:32,210 So for this purpose and MAP uses the map service probes database. 21 00:01:34,300 --> 00:01:41,080 So this database is located in user share and map and map service probes. 22 00:01:42,420 --> 00:01:48,270 And this database will contain different query statements for each service. 23 00:01:49,630 --> 00:01:56,230 So it'll try to detect this service and the version running on the and map word by running these query 24 00:01:56,230 --> 00:01:57,010 statements. 25 00:01:58,850 --> 00:02:02,270 So Unmap is very successful with this. 26 00:02:03,440 --> 00:02:05,690 And then when you're armed with this information. 27 00:02:07,110 --> 00:02:12,000 You may discover there may be different vulnerabilities depending on the version of each service. 28 00:02:14,000 --> 00:02:17,270 And, of course, specific vulnerabilities can be attacked. 29 00:02:18,630 --> 00:02:23,970 Is therefore necessary to use the S.V. parameter when scanning within map. 30 00:02:26,160 --> 00:02:27,800 So I'll show you an example. 31 00:02:29,270 --> 00:02:34,040 Open virtual box open carry Linux 10 zero 2.0 one five. 32 00:02:34,900 --> 00:02:37,990 Open Métis voidable and 022 not for. 33 00:02:38,950 --> 00:02:41,320 Log in to Callisthenics, Vimes. 34 00:02:42,470 --> 00:02:44,480 Username route, password tour. 35 00:02:45,550 --> 00:02:46,600 And open terminal. 36 00:02:47,480 --> 00:02:54,710 So right, this command and map 10 dot zero, dot two, not four top courts, 10 press enter. 37 00:02:55,960 --> 00:02:58,690 And the scan results are you're. 38 00:02:59,760 --> 00:03:06,840 As you can see, it only lists the port names, numbers, Port St., whether they're open or close as 39 00:03:06,840 --> 00:03:07,980 well as the service names. 40 00:03:08,850 --> 00:03:11,880 So now do the same operation with the S.V. parameter. 41 00:03:13,220 --> 00:03:19,430 And map 10, that zero do not for top ten as V and press enter. 42 00:03:21,190 --> 00:03:23,080 The scan results are here now. 43 00:03:25,010 --> 00:03:28,910 And of course, scanning with the as the parameter will take a little bit longer. 44 00:03:30,070 --> 00:03:35,680 But as you can see here, the version information of the open ports has been added to the list. 45 00:03:37,400 --> 00:03:42,920 So that means that according to the version information that we gather here, we can develop attacks 46 00:03:42,920 --> 00:03:45,950 specific to our target system.