1
00:00:00,960 --> 00:00:05,740
The second program that we'll use for network mapping is and Mabbe.

2
00:00:06,030 --> 00:00:12,240
Now in the previous lecture we use net discover and we see how nice it is to quickly discover all the

3
00:00:12,240 --> 00:00:19,260
devices connected to our network see their MAC address and maybe get the vendor and map takes scanning

4
00:00:19,380 --> 00:00:21,170
to a whole new level.

5
00:00:21,180 --> 00:00:27,780
It might be a little bit slower than a Discover but it'll show you much much more information about

6
00:00:27,780 --> 00:00:33,830
the target so you'll be able to see the open ports you'll be able to see the running programs or the

7
00:00:33,840 --> 00:00:36,140
running services on these open ports.

8
00:00:36,210 --> 00:00:42,600
You'll be able to determine the net the computer name the Operating System running on that computer.

9
00:00:42,690 --> 00:00:48,590
If you're in a network you'll be able to discover all of the connected clients you'll be able to bypass

10
00:00:48,640 --> 00:00:56,880
security bypass firewalls and so much more and map is actually a huge tool and there are books and complete

11
00:00:56,910 --> 00:01:02,510
courses done just to teach and map the map book would actually be a really good read.

12
00:01:02,520 --> 00:01:06,660
Once you're done with this course now because this tool is huge.

13
00:01:06,690 --> 00:01:12,210
Were not going to be able to cover all of its uses but in this lecture I'm going to show you the basics

14
00:01:12,210 --> 00:01:18,360
of this tool how to use it to discover all the connected clients and see useful information about them

15
00:01:18,750 --> 00:01:20,550
and will actually use it more.

16
00:01:20,610 --> 00:01:23,590
When we get to the gaining access section.

17
00:01:25,130 --> 00:01:31,940
We're actually going to be using Zend map which is the graphical user interface of and map so to run

18
00:01:31,940 --> 00:01:33,020
it in terminal.

19
00:01:33,020 --> 00:01:34,730
You just have to type them up.

20
00:01:35,770 --> 00:01:38,610
You can find it under your applications menu.

21
00:01:39,450 --> 00:01:43,050
Now as you can see it has a very very simple interface.

22
00:01:43,080 --> 00:01:47,220
The first thing that we see is the target input box in here.

23
00:01:47,220 --> 00:01:48,990
You can put your target.

24
00:01:48,990 --> 00:01:55,500
You can scan any IP that you can reach whether it's a personal computer whether it's a server whether

25
00:01:55,500 --> 00:02:01,200
it's an IP for a web server or for a Web site for example that you want to discover all the open ports

26
00:02:01,230 --> 00:02:06,070
and all the running services on it are like what we're going to do right now.

27
00:02:06,090 --> 00:02:12,690
We can put a range similar to what we did with net discover and it'll scan this whole range discover

28
00:02:12,720 --> 00:02:19,830
all the live IP of the eyepiece of the connected Michi is on the same network and display information

29
00:02:19,890 --> 00:02:20,830
about them.

30
00:02:21,780 --> 00:02:26,680
Now we'll have a look on how to scan sevres in the gain access section.

31
00:02:26,700 --> 00:02:32,820
So for now since we are still in the net where a kiking section we're going to put arrange to discover

32
00:02:32,820 --> 00:02:37,160
all the connected clients and see useful information about them.

33
00:02:37,930 --> 00:02:41,220
So right now I'm actually connected to my wireless network.

34
00:02:41,350 --> 00:02:44,610
That's why I'm going to specify the whole range on that network.

35
00:02:44,680 --> 00:02:47,320
And we see how to get that in the previous lecture.

36
00:02:47,530 --> 00:02:53,000
So a 2 1 9 2 1 6 8 1 1 of 24.

37
00:02:54,630 --> 00:02:56,920
On the bottom you can see the command.

38
00:02:56,990 --> 00:03:02,750
This is actually the map command that will be executed when I hit this kind bottom.

39
00:03:02,750 --> 00:03:08,600
So like I said Zen map what you are using right now is just a graphical interface that will run this

40
00:03:08,600 --> 00:03:11,910
and map come out in the background and show me the results.

41
00:03:12,050 --> 00:03:17,780
So if you know custom and map command you can put it here or if you just want to see a map terminal

42
00:03:17,990 --> 00:03:23,390
you can literally copy this command piece that terminal and it'll give you the same results that you

43
00:03:23,390 --> 00:03:25,320
would get if you're on it here.

44
00:03:26,660 --> 00:03:31,900
Tentatively if you don't really know much about and map and its commands you can use one of their own

45
00:03:32,030 --> 00:03:33,450
profiles in here.

46
00:03:35,390 --> 00:03:40,730
So at this juncture we're actually going to be using a number of these profiles and we'll see the difference

47
00:03:40,730 --> 00:03:44,550
between them in terms of speed and the information gathered.

48
00:03:46,130 --> 00:03:48,550
So I'm going to start with the scar.

49
00:03:48,980 --> 00:03:50,790
This is a very quick scan.

50
00:03:50,830 --> 00:03:54,260
It literally just pings every possible IP in the range.

51
00:03:54,320 --> 00:04:00,290
And if it gets a response It'll record this response and it'll show me the devices that give you a response

52
00:04:00,470 --> 00:04:04,280
which means that these are the devices connected to the network.

53
00:04:04,280 --> 00:04:09,820
Now a lot of devices do not respond to requests even if they are alive.

54
00:04:09,830 --> 00:04:17,210
So the list that you'll get in this scan might not include all the devices connected to your network.

55
00:04:17,210 --> 00:04:19,410
Now once the skynyrd's done as you can see.

56
00:04:19,410 --> 00:04:22,650
We can see the list of all the connected devices in here.

57
00:04:22,950 --> 00:04:28,140
And in here we can also see the mac addresses for each of these devices.

58
00:04:28,160 --> 00:04:29,900
We also see the vendor.

59
00:04:29,900 --> 00:04:35,750
So for example we can see that the device at 1 9 2 1 6 8 1 1 is a Cisco device.

60
00:04:35,750 --> 00:04:38,960
This is actually my rotor and it is made by Cisco.

61
00:04:38,960 --> 00:04:40,190
So this is correct.

62
00:04:40,490 --> 00:04:44,330
So we can go ahead and start looking for exploit in this device.

63
00:04:45,520 --> 00:04:50,020
We can also see the 1 9 2 6 8 1 10 is the haste to see device.

64
00:04:50,020 --> 00:04:53,200
And again this is a hasty Seafoam and this is correct.

65
00:04:53,560 --> 00:04:58,500
And since it takes to see then we know that it's probably running on Android.

66
00:04:58,540 --> 00:05:02,600
So as you can see we're getting more information about the Connected clients.

67
00:05:02,830 --> 00:05:11,390
Again we can see the 1 9 2 1 6 8 1 12 is an up or device so it could be a phone a tablet or our Mac.

68
00:05:11,470 --> 00:05:14,010
We can see the next device is a Dell.

69
00:05:14,380 --> 00:05:20,440
So again it was a very quick scan but as you can see it still gave us much more information than what

70
00:05:20,440 --> 00:05:22,320
we got from that discover.

71
00:05:23,650 --> 00:05:26,640
The next comes that I want to show you is the quick scan.

72
00:05:27,540 --> 00:05:33,040
Now this is going to be slightly slower than the pink scan but it's going to show us more information.

73
00:05:34,950 --> 00:05:40,200
So right now you can see that the scan is showing us the same information that we've seen before with

74
00:05:40,200 --> 00:05:41,340
the piskun.

75
00:05:41,530 --> 00:05:49,080
But it's also shown us the open pore ads on each one of the Discover devices so it's able to discover

76
00:05:49,100 --> 00:05:53,520
the follow in the rafter and we can see that port 80 is open.

77
00:05:53,520 --> 00:05:58,520
This is actually the port used for other outer setting space because it runs on a web server.

78
00:05:58,560 --> 00:06:00,090
So the sist correct.

79
00:06:01,200 --> 00:06:07,080
Again we have our Apple device here that we said it might be a phone or a computer or a tablet but we

80
00:06:07,080 --> 00:06:11,480
can see now it has 22 open so this is a port for a service call.

81
00:06:11,490 --> 00:06:15,650
SS Hage which is designed to allow remote access to the system.

82
00:06:15,660 --> 00:06:18,160
It's running on again.

83
00:06:18,180 --> 00:06:24,360
If you go on all the other devices you can see all the open ports and the service is running on each

84
00:06:24,360 --> 00:06:25,640
one of these ports.

85
00:06:27,360 --> 00:06:34,050
Now the next lecture will build up on this real CEO to gather even more information and you'll see how

86
00:06:34,050 --> 00:06:41,580
important information gathering is because we're going to use the gathered information to hack into

87
00:06:41,670 --> 00:06:45,270
an iPhone that is connected to the same network.