1 00:00:00,480 --> 00:00:05,580 So, guys, in this you we are going to take a look at this blue card and map and map stands for Network 2 00:00:05,580 --> 00:00:09,510 Mapper and it is very important tool for the enumeration. 3 00:00:09,510 --> 00:00:15,780 And also scanning this and map scans the computers and the airports. 4 00:00:15,780 --> 00:00:23,940 And also it will try to see those banners, I mean, the service services running on the spot to put 5 00:00:23,940 --> 00:00:27,740 numbers and also to try to grab the Russian number. 6 00:00:28,170 --> 00:00:34,260 So if you get those numbers, you can just search on Google if that is an old version and if there are 7 00:00:34,410 --> 00:00:35,920 any exploits for this version. 8 00:00:36,390 --> 00:00:39,210 So first, I show you the help of this map. 9 00:00:39,540 --> 00:00:41,180 So there are two options out there. 10 00:00:41,490 --> 00:00:43,110 That is a command line in place. 11 00:00:43,110 --> 00:00:49,710 And the graphical user interface, uh, graphical user interface is called map, but ninety nine point 12 00:00:49,710 --> 00:00:55,770 nine percent, most of the punters, we use the cover because it is very simple to use. 13 00:00:55,890 --> 00:00:57,870 And also we can script. 14 00:00:57,880 --> 00:01:00,030 It means we can automated. 15 00:01:00,480 --> 00:01:10,560 So let's take a look at this, HelpAge, OK, now we can set the target using this ideal to our space 16 00:01:10,650 --> 00:01:13,140 for the file containing the wholesale network. 17 00:01:13,200 --> 00:01:16,410 But we can also specify and map the IP address. 18 00:01:18,510 --> 00:01:25,260 So you can just say I sent four pings, can ascend is like ping sweep in previous versions of a map, 19 00:01:25,260 --> 00:01:30,150 which is a P, but they have changed to a certain point. 20 00:01:31,440 --> 00:01:36,050 That means it wants Kanada subnet range. 21 00:01:36,060 --> 00:01:43,200 But to treat that are the hosts are all right and it will lead us to the airport getting our service 22 00:01:43,200 --> 00:01:43,620 scanning. 23 00:01:44,530 --> 00:01:49,260 And you can see just first scanning and then you assume you'll be scanning. 24 00:01:49,680 --> 00:01:52,860 And this for other scans as well. 25 00:01:53,670 --> 00:01:55,200 And X marks the spot. 26 00:01:55,560 --> 00:02:01,240 You can see a sign for another four feet and also a six foot x munchkins. 27 00:02:02,370 --> 00:02:09,480 So what this does is it will send the back to the, uh, destination and then destination since the 28 00:02:09,480 --> 00:02:16,710 simplest act back then, this and map assumes that since I got this in Prosek, the host might be yellow. 29 00:02:16,980 --> 00:02:24,710 If I got any research packet or if I did not get any bigger, then it is, uh, the system is different. 30 00:02:25,560 --> 00:02:34,570 So that way it assumes because based on the packet response behavior and we can also see the Patronus 31 00:02:34,590 --> 00:02:37,960 using the minus Pickman and S4. 32 00:02:38,160 --> 00:02:40,680 So there will be no service versions. 33 00:02:45,400 --> 00:02:52,300 Sorry, and the superscripts cancer and also support some scripting and so you can also use some basic 34 00:02:52,300 --> 00:02:59,800 scripts that are already prepared in, and so these groups will try to fetch some more information from 35 00:02:59,800 --> 00:03:00,580 their services. 36 00:03:00,890 --> 00:03:11,310 So either you see them in a separate video about scripting engine and you can also detect the EU's is 37 00:03:11,320 --> 00:03:15,210 running on that target, our target computer. 38 00:03:15,220 --> 00:03:17,850 But it will not 100 percent accurate. 39 00:03:18,070 --> 00:03:23,130 It just guesses based on our network package, they are some other network properties. 40 00:03:24,280 --> 00:03:25,810 So these are options. 41 00:03:25,810 --> 00:03:35,050 You can check it out and we can also say go put into our format and map and normal text format we can 42 00:03:35,050 --> 00:03:39,730 use for with a comment to report IP addresses and phone numbers. 43 00:03:40,120 --> 00:03:47,200 So here are a few examples and map version minus might be able to see what's happening on that map. 44 00:03:47,200 --> 00:03:52,370 Is running at minus C, minus eight is very useful because it is a very aggressive Skåne. 45 00:03:52,420 --> 00:03:57,490 It will detect auctions or scripts, scripts and etc.. 46 00:03:58,630 --> 00:04:07,240 So this is then for the, uh, checking the things we are the how many loopholes are there and how many 47 00:04:07,480 --> 00:04:08,320 holes are there. 48 00:04:08,920 --> 00:04:15,790 And now we are going to, uh, see your IP address using the IP command. 49 00:04:16,480 --> 00:04:25,990 Now we have got this IP address because it is not what I will a map minus three, minus four transferable 50 00:04:26,170 --> 00:04:36,640 to see what's happening on that map is running and all they want to minus a set and to check all the 51 00:04:36,640 --> 00:04:40,000 holes that are alive or dead in that subnet range. 52 00:04:40,030 --> 00:04:41,080 Let me copy this. 53 00:04:41,560 --> 00:04:47,910 And what I say is slash 24, this is the crazy subnet range or departed subnet mask 24. 54 00:04:47,920 --> 00:04:55,630 It will take are the hosts from one two to that 168 itinerate one two one two two one six zero two things 55 00:04:55,630 --> 00:04:59,500 like the firehose of source. 56 00:05:00,940 --> 00:05:08,440 So as you can see, we got a lot of host down and you can see here some are the some of Corsaro. 57 00:05:09,100 --> 00:05:12,660 You can see hosts of 100 is one that is open up, for example. 58 00:05:13,030 --> 00:05:14,140 So if you are 59 00:05:16,900 --> 00:05:23,230 getting like those in computers, then you get most of the computers down. 60 00:05:23,890 --> 00:05:32,790 So to, uh, filter only the lowest, you can say grep minus V, minus V for inverse. 61 00:05:33,010 --> 00:05:41,770 So whatever I give you the pattern here that will be sorted and at not accept the format, I will get 62 00:05:41,770 --> 00:05:42,230 the results. 63 00:05:42,640 --> 00:05:46,300 So let me show you my because my English is bad. 64 00:05:46,870 --> 00:05:54,930 So if I said go minus post on the lines with the host down will be removed and then the lines without 65 00:05:55,000 --> 00:05:56,980 washed-out will be displayed on my output. 66 00:05:57,800 --> 00:05:59,050 You will see within a minute. 67 00:06:00,670 --> 00:06:04,540 So as you can see, the lines with the host are not shown to us. 68 00:06:05,500 --> 00:06:08,070 Uh, one is that is Maroota one hundred. 69 00:06:08,170 --> 00:06:14,040 So maybe that's why phone not to use up and we not full is discarded. 70 00:06:14,050 --> 00:06:14,650 Next mission. 71 00:06:16,260 --> 00:06:27,720 So you can simply report this address to check whether the computers are alive or not, and we know 72 00:06:27,720 --> 00:06:30,670 that one nine two zero one zero zero one not too easily. 73 00:06:30,900 --> 00:06:31,270 Right. 74 00:06:32,670 --> 00:06:38,250 So let me do the scanning ministry and I'm going to let you see another option called Minocin. 75 00:06:38,580 --> 00:06:45,050 Minocin stands for not being as a result of the result that the NSA does, because we are pursuing the 76 00:06:45,060 --> 00:06:51,120 IP address and the turn of this and try to find that DNS domain name for this IP address. 77 00:06:51,150 --> 00:06:52,760 So it takes some time that way. 78 00:06:53,100 --> 00:07:02,860 We are not avoiding that, using this as an option and let's say minus capital P, and since we are, 79 00:07:03,150 --> 00:07:10,310 um, scanning only the one IP address, we can assume that our hosts are alive and this and not can 80 00:07:10,320 --> 00:07:12,210 reminding us it was still some time. 81 00:07:12,690 --> 00:07:16,770 Now let's, uh, put the IP address. 82 00:07:18,760 --> 00:07:19,910 So on and on. 83 00:07:20,230 --> 00:07:21,190 Does he want to? 84 00:07:23,260 --> 00:07:29,840 As you can see there, it is called Open Port, and you can see the port information 22 is open, as 85 00:07:29,840 --> 00:07:34,440 is said, and it is open and GDP and not visible and so on. 86 00:07:34,630 --> 00:07:36,100 So these ports are open. 87 00:07:36,550 --> 00:07:38,260 So this. 88 00:07:40,820 --> 00:07:51,620 And my view is, can the top to bottom boats by default, if you want to specify your range like a one 89 00:07:51,620 --> 00:07:57,620 to two thousand, you need to specify the P minus B if you want to only scan one pot, you can take 90 00:07:57,620 --> 00:07:58,410 minus beauty. 91 00:07:59,390 --> 00:08:03,160 So that is a single pot. 92 00:08:03,170 --> 00:08:05,300 If you want to scan the range of what you can sell. 93 00:08:05,300 --> 00:08:07,620 One to one hyphen. 94 00:08:07,700 --> 00:08:08,420 Two thousand. 95 00:08:11,300 --> 00:08:15,820 So our remaining ports are closed at only six ports are open. 96 00:08:17,500 --> 00:08:25,450 And you do scan all the polls that there are 65000 support, but if you want to scan all those, you 97 00:08:25,450 --> 00:08:27,400 can tell minus B minus. 98 00:08:29,680 --> 00:08:33,700 So minus B minus will scan for a report on that mission. 99 00:08:35,600 --> 00:08:47,970 So by default and MAP will scan only for UDP exports, so to discover the UDP ports are 200 plus minus 100 00:08:48,290 --> 00:08:48,530 you. 101 00:08:51,070 --> 00:08:56,440 So this UDP scandal clears throat, police are in pursuit of. 102 00:08:58,880 --> 00:09:00,090 The type in the password. 103 00:09:01,230 --> 00:09:09,780 So this UDP scan takes so much time because the Republican establishment and before Conexion establishment 104 00:09:10,020 --> 00:09:18,870 and Mackinder, that the computer is like right or not, but in UDP scan, the packet loss is very much 105 00:09:18,870 --> 00:09:23,870 because we just send the packet to the computer and the computer would send the package to us. 106 00:09:24,240 --> 00:09:26,130 So you cannot guarantee the computer. 107 00:09:26,760 --> 00:09:34,500 So we make sure that by sending multiple packets to the same computer, that's why you be take so much 108 00:09:34,500 --> 00:09:44,190 time to make sure that the the host is 11 or even the host is alive at the port is open or not for the 109 00:09:45,620 --> 00:09:46,270 same reason. 110 00:09:46,320 --> 00:09:47,640 Multiple barriers for the poor. 111 00:09:49,570 --> 00:09:53,100 So let me run that in the background, I will open you up. 112 00:09:55,820 --> 00:10:01,350 Well, most of the protesters for good booze can be pot, but it's very important for you. 113 00:10:01,410 --> 00:10:12,250 You need to remember minus B, minus four percent below the nuts and minus B, and for skip the hostess 114 00:10:12,250 --> 00:10:16,300 code, you know, what I want to do is you can do the starters can. 115 00:10:19,500 --> 00:10:21,090 And we can take the IP address. 116 00:10:24,280 --> 00:10:27,730 So this can also request the religious. 117 00:10:34,560 --> 00:10:40,170 So there are those scans as well, like zombies, Cannex, Muskan, you can check that out as well. 118 00:10:40,200 --> 00:10:46,110 You can simply put minuses and foreigners can scan an X for X. 119 00:10:46,710 --> 00:10:53,430 So these scans are these are like somewhat attacks, which you can use either computer to scan and other 120 00:10:53,430 --> 00:10:58,170 computers, but you can have the permission to scan all the computers. 121 00:10:58,590 --> 00:11:01,170 So we were limited to this stealth scan. 122 00:11:03,770 --> 00:11:15,380 And what we can do is we can find out the washer numbers running on these spot so that we brought how 123 00:11:15,380 --> 00:11:19,370 much information with this enormous can so we can spend my necessary. 124 00:11:23,050 --> 00:11:27,760 So there are six services and we'll get some more information about the services. 125 00:11:34,500 --> 00:11:42,180 So as you can see, Europe is a very, very slow so I always you that Europe is scanning the background 126 00:11:42,210 --> 00:11:45,310 and after some time you can see the scan. 127 00:11:46,680 --> 00:11:50,160 So as you can see now, we got some Russian information. 128 00:11:50,640 --> 00:11:52,850 And as you said, it's running open openness. 129 00:11:53,270 --> 00:11:55,530 And we do we have that for Google. 130 00:11:55,560 --> 00:11:59,760 If there are any exploits that will take advantage of this Russian number. 131 00:11:59,790 --> 00:12:04,090 And you can see about one one three two zero. 132 00:12:04,200 --> 00:12:06,360 So it's running Red Hat Linux. 133 00:12:06,780 --> 00:12:15,180 And this is the modest an openness if you can type in Google this modest Saldaña, our version of what 134 00:12:15,180 --> 00:12:18,540 you can get some experts, you can take advantage of this system. 135 00:12:19,430 --> 00:12:25,390 You can see there is some power group and that name is my group and Apache and so on. 136 00:12:25,410 --> 00:12:32,600 So like this, where in this we can get the worst numbers of these services running on the computer. 137 00:12:33,450 --> 00:12:35,270 And there is a map scoop's. 138 00:12:35,280 --> 00:12:36,050 I told you right. 139 00:12:36,180 --> 00:12:40,440 We can perform the default and map scripts by using a C option. 140 00:12:46,990 --> 00:12:54,610 So this will try to perform all this, some different groups on each part, whether they'll put if this 141 00:12:55,390 --> 00:12:57,790 if that group succeeds, will get the output. 142 00:13:18,550 --> 00:13:26,180 So you can type up and return to check the percentage of the progress. 143 00:13:26,680 --> 00:13:28,010 Ninety nine point seven percent. 144 00:13:32,490 --> 00:13:35,820 So in that case, I will show you another comment. 145 00:13:36,120 --> 00:13:44,850 Another option for the mob to take the wheel is what to do that you put simply by Nassau and the IP 146 00:13:44,850 --> 00:13:45,300 address. 147 00:13:51,640 --> 00:13:57,340 So this will try to fingerprint the Russian version. 148 00:14:04,160 --> 00:14:08,150 So it's running Linux kernel two point four percent or something. 149 00:14:08,990 --> 00:14:09,510 OK. 150 00:14:09,560 --> 00:14:16,160 I always do this to Ben for opening the details or telling the likely to an embedded device. 151 00:14:16,790 --> 00:14:19,430 And that distance is one hope, and that is my router. 152 00:14:21,110 --> 00:14:32,990 So in most other cases, in my use, some false positives, like it's telling the wrong channel number 153 00:14:32,990 --> 00:14:35,240 or any wrong Windows versions. 154 00:14:35,570 --> 00:14:42,920 If you go in and open this run this comment on my Windows time machine, probably reduce that No.7 or 155 00:14:42,920 --> 00:14:51,590 some other Windows order versions because this, uh, Windows have some patches for this, uh, TCP 156 00:14:51,600 --> 00:14:52,550 IP fingerprinting. 157 00:14:54,160 --> 00:15:00,550 So as you can see here, so that everybody's always scanning and we can see our scripts have been performed 158 00:15:01,960 --> 00:15:08,200 and those groups are telling us that on DP server, we can actually bizzaro, we can perform the method 159 00:15:08,740 --> 00:15:10,040 that had the option. 160 00:15:10,900 --> 00:15:13,360 So potentially risky, Sirtris. 161 00:15:14,020 --> 00:15:21,570 And also, it seems the server and the title page for this is the default Apache manual page. 162 00:15:23,620 --> 00:15:28,780 And you can see there is 443 port and that is secure the server. 163 00:15:31,950 --> 00:15:35,900 All right, Sterling native title, and as a result, it ends on. 164 00:15:38,780 --> 00:15:47,850 OK, no, it's, uh, using that beauty and beast, that comment to, uh, get the information and this 165 00:15:47,880 --> 00:15:54,780 is tell my group, uh, down further to a computer, and it's using that as a musician, too. 166 00:15:55,610 --> 00:16:01,280 So as you can see, we got some more information from these different groups. 167 00:16:03,190 --> 00:16:11,350 And you can just put the minus and for the different groups and I want to talk peace, I want to show 168 00:16:11,350 --> 00:16:12,790 you how to save or put. 169 00:16:16,120 --> 00:16:18,580 So I think we need to give you the output, Puttnam. 170 00:16:23,660 --> 00:16:30,020 And we can show that out within the hour, three formats, the three formats of printed format and normal 171 00:16:31,310 --> 00:16:37,820 and my format and a similar format and droppable and my former well, you can use XML passes to get 172 00:16:37,870 --> 00:16:41,720 information, but this graspable and map is very much useful. 173 00:16:43,610 --> 00:16:43,800 OK. 174 00:16:44,000 --> 00:16:46,550 No, I think we have got this. 175 00:16:50,600 --> 00:17:01,580 OK, Temporada and my other Dambrot, and now let's see what the information stored in this grappler 176 00:17:01,760 --> 00:17:02,280 and map. 177 00:17:07,080 --> 00:17:08,640 These are the ports scandal. 178 00:17:10,980 --> 00:17:17,590 But these ports are open, so you can see ports 22 or 80 and so on. 179 00:17:19,260 --> 00:17:24,360 So it gives us the basic information because we did not put that minus, you see, in the previous comment. 180 00:17:25,920 --> 00:17:31,700 You can also so in the previous case, we did not put their name that way. 181 00:17:31,710 --> 00:17:35,120 It does take an IP address as the, uh, final. 182 00:17:37,010 --> 00:17:47,060 So I think that majority are pretty much about this, and I think I have said almost all the options, 183 00:17:47,060 --> 00:17:49,190 the general options he can do in the. 184 00:17:53,910 --> 00:18:01,830 So you can also write the host or the iPad to strangers in the list and you can, uh, uh. 185 00:18:02,940 --> 00:18:03,450 A. 186 00:18:05,080 --> 00:18:12,700 You can put that, uh, we can specify the minus your comment so I can see you. 187 00:18:13,420 --> 00:18:14,290 Can you still? 188 00:18:14,290 --> 00:18:15,100 Not completely. 189 00:18:44,200 --> 00:18:50,680 All right, I will end this war now, because this is taking almost a long time and you can see, I 190 00:18:50,720 --> 00:18:58,180 mean, where you can see it is open, but 137 and 111 on this I.P. address. 191 00:18:59,170 --> 00:19:01,630 So that's all you need to know about this map. 192 00:19:02,320 --> 00:19:08,690 And if there are any further options, I need I forgot to tell you or I need to know. 193 00:19:09,640 --> 00:19:12,070 Probably these are the basic options you can do. 194 00:19:13,000 --> 00:19:17,200 So we'll be not leaving the atmosphere, but we will do that. 195 00:19:17,200 --> 00:19:23,710 And, uh, most of the time, this is the starting phase of this operation and scanning. 196 00:19:24,490 --> 00:19:25,890 So that's what the.