[0:00]Hi everyone. Here we are going to start with our next module, that is we are having as the scanning networks. Now, over here guys, previously what we have done is we have collected the information about our victim, right? During our footprinting phase we were having. Now, after that, we will be going ahead and we will be trying to perform your scanning. Now, inside of this scanning network we will be trying to find the information, what are the vulnerabilities? What are the informations that are available about our devices. So for that in a scanning generally we are performing the three step. First, we need to discover the information whether the host is live or not. Now, when I'm saying that, we need to discover the information about the host is live or not. See, over here, if I want to perform the attack on a system, that is present on a different geographical location. So for that we will be having the two requirements on our head, that is going to be first, the system should be powered on, it should be connected with the internet. And for that, we can utilize a small utility with the name of your pen. By utilizing it, we will be able to make sure that whatever the target we are having, we will be able to discover that it is reachable. Now for performing our practical guys, in this module, we are going to use the machine Metasploitable. So for that, I will be opening my terminal. Let me zoom in for you. And here we will be first trying to find the information about our targets IP address. Now for collecting that information, we are going to use a small protocol with the name of your ARP. Here, Address Resolution Protocol. And the work of your address resolution protocol has to go ahead and to find the information about what are the devices that are connected in our network. Right? So for that, what will be happening is, we will be able to find the information about those devices IP address and their respected Mac address. And that mapping will be done by your Address Resolution Protocol which is going to broadcast itself and it will be providing us the info. Now for using it, first we need to discover the information about the IP address range we are having. Like in which particular network I'm sitting. And for that, I'm going to perform your IF config with the help of that we will be able to find the information about your network. And you guys can see, here we are getting the information about the IP version 4, here we are having the information about the IP version 6, and this is the Mac address of my Kali. Now from here, since this is the IP address of my Kali IPV 4, I'm going to copy it. And I will be writing ARP scan and I'm going to paste the IP address which we have copied. Now guys, since we need to provide the information about the range, that is why we will be writing.0. Instead of the last octet, that is your 129, that is the IP address of a Kali, I'm providing zero. Then since we are sitting on the class C of your IP version 4, that is why I'm writing the cider notation as your 24. If I will be hitting enter, it will be providing us some IP addresses like we are getting a.1, that is your network ID, .2, the default gateway, .254, that is your broadcast. Then we are just left with one more IP address, that is your .131. That is the IP address we are having of your target. Now, let's perform your ping against of the target's IP address. And from here, we are collecting the information that we were sending two packets, and we have received two. Means that we are not having any type of packet loss, it means that our target is reachable. And we are also getting the TTL value, that stands for your time to live, that is your 64, which is indicating that the might be the target operating system it is going to be your Linux based. So, from here, since we are able to see by utilizing your ping utility, that is going to provide us the information about your targets reachability, that yeah, our target is reachable. Then, we will be moving into the second step, that is we are having as your finding the information about what are the ports that are open inside of the target system. So guys, when we are talking about the ports, ports are the gateways through which a computer is providing its services. For example, like we are having as the port number 80, we are having port number 443 and many more. So for finding the information about the ports, we will be using like the tool name your Nmap. Which stands for your network mapper. So guys, this Nmap, it is an open source tool we are having, that can be used by our auditors, our ethical hackers, our penetration tester, by utilizing that, they will be able to find the information about the network, the devices, and what are the vulnerabilities that are present into them. So, over here, I will be writing Nmap and the targets IP address.
[5:38]By putting it, it is providing us the information that our target is reachable as well as these are the ports that are open, right? So, over here, you will be finding that, it was saying that, we are having around 977 closed TCP ports. So guys, here we are having some facts regarding the Nmap, we should be having the information. First, our Nmap it only scans like by default for well known 1000 ports.
[6:21]As well as our Nmap by default is just going to scan for TCP ports.
[6:42]3. TCP Syn scan, stealth scan, halfway scan. So, on the basis of that, here we were able to discover the information that out of your well known 1000 ports, well known TCP ports we are having 1000 ports.
[7:09]We got around your 23 open ports over here. But now guys, as I was saying that our Nmap it is just going to look for the well known 1000 ports. So let's go ahead and let's ask it to look for the all the ports we are having, that is your 65535. So for that I'm writing the targets IP address. And here we are having an option, that is your hyphen p hyphen, which will be helping us to collect the detailed information about all the ports. Hit enter. And let's see, what are the total number of ports, TCP ports that are open? And this time we are getting that, we are having the 65505 closed TCP port. It means that previously it was saying that we are having your 23 ports, that are open TCP and this time it is saying that we are having your 30 ports, 30 TCP ports that are open.
[8:17]So that's why, let's go ahead and let's try to look for the UDP also. As we have seen that our Nmap, it was first only looking for the 1000 ports. Now, we have also seen that it was also just looking for the TCP ports. But we are having a lot of services that are using the UDP, like we are having your DHCP, we are having your DNS and many more. So, let's try to look for the UDP ports. For that I'm writing hyphen S U, that is going to be your service UDP.
[8:54]If I will be hitting enter, it will be going ahead and it will be trying to perform the scan. If you want to see how your Nmap it is performing its task in the background, let me open the Wire Shark. So that we will be able to see what are the packets, what are the communication that is happening in the background. From here, I'm going to provide the same interface that was present ETH0. Selected it, and from here you will be able to see, uh, we are having the 129, that is my Kali's address, and we are having the 130, that is your, target's address. And from here you will be able to see what are the protocols that are getting sented, and here we are getting the information about them, like what is happening over there. Now, let's see, what are the ports that are open? If you want to see how much scan has been completed, you guys can just simply hit enter and it will be trying to provide you the information about it.
[24:19]So far you guys can see only the 28% scan has been completed.
[24:30]In a continuous manner, it will be sending the protocol in the background. The conversation is going on over there.
[26:40]So once all the conversation will be done, it will be providing us the result in front of your screen.
[26:54]Now over here guys, you can see we have finally gotten the result with the UDP scan. And with the help of that, we were just looking for the well known 1000 ports. And here we are finding these ports that are open. Now, over here you will be finding that in some of the areas the state is showcasing us as the open filtered. Open filtered means to say our Nmap it is not able to understand whether that particular port it is really open or it is getting filtered by some sort of security controls we are having. That is why it was not able to provide us the clear information about it. Now, let's try to understand the sin scan what we are having over there.
[28:39]The third fact which I was talking about. So for that, I will be going ahead and I will be removing it. I will be just giving the targets IP address.
[29:28]A single port which I'm going to write as the port number 21. Like this one I'm providing over here. So, if you want to specify single port, you have to write hyphen P and the port number.
[29:55]Okay, my Kali it is giving me some errors over there. So that it is not able to perform a scan right now.
[30:15]Yep, you guys can see my Kali it is not showcasing me any type of IP address. It happens many time with our Linux, that they won't be able to provide us the information about what actually the IP address we are having. Like lot of time the DHCP it is failing over there. So that's why, in those cases, what we have to do is we need to go ahead and we need to power off the machines. Shut down. Do same for the Metasploitable also.
[30:52]Now both the machines, once they are powered off, then click on your added and get inside of the virtual network editor. Change settings to make the configuration change inside of that. Now, since it is done, we can click on okay.
[31:54]And restart your machines. Now you will be finding that our network manager it is coming back.
[32:31]So let me again quickly open my terminal sudo su kali. If I will be doing IF config, you guys will be finding that, this time we are getting a different network range. Provide the ARP scan and the network range. Here we are having the metasploitable IP this time as 128.
