1
00:00:00,470 --> 00:00:07,490
It is time to start with the first big tool that is essential for ethical hackers, that tool is called

2
00:00:07,500 --> 00:00:10,970
and we're going to cover a lot of things inside of it.

3
00:00:10,970 --> 00:00:16,670
And unlike all the other tools that we covered by now, which you might or might not using penetration

4
00:00:16,670 --> 00:00:21,300
tests, this is a tool that you will almost always use without any doubt.

5
00:00:22,100 --> 00:00:23,240
So what is a map?

6
00:00:23,630 --> 00:00:25,520
And map is a network map.

7
00:00:26,120 --> 00:00:28,490
It is a free and open source network scanner.

8
00:00:28,610 --> 00:00:34,640
And it is used to discover hosts and services on a computer network by sending packets and analyzing

9
00:00:34,640 --> 00:00:35,360
responses.

10
00:00:36,200 --> 00:00:41,190
It has a lot of different options and we're going to check them out in the next few minutes.

11
00:00:41,960 --> 00:00:46,160
For now, let us just see how we can start and map and run a basic scan.

12
00:00:46,790 --> 00:00:50,150
First thing, make sure your display table is up and running.

13
00:00:50,570 --> 00:00:55,550
And also, if you've got any other devices in your home network, turn them on just to we can scan them

14
00:00:55,550 --> 00:00:55,910
as well.

15
00:00:56,730 --> 00:01:01,040
OK, let's see how we can run and map and what options do we get with that map?

16
00:01:02,030 --> 00:01:07,730
Just like all the other tools, we can get the map help menu by only specifying and mapping terminal

17
00:01:09,740 --> 00:01:12,050
or specifying and map that help.

18
00:01:13,970 --> 00:01:19,130
And you will see right the way we get a lot of options right here.

19
00:01:20,120 --> 00:01:26,870
And this right here is just a short help menu where we'll see the longer menu once we start experimenting

20
00:01:26,870 --> 00:01:28,180
with these options right here.

21
00:01:29,240 --> 00:01:33,290
But for now, we're only interested in running and map with just a basic scan.

22
00:01:33,770 --> 00:01:38,120
So for basic scan, all we need to do is specify an IP address.

23
00:01:39,270 --> 00:01:44,190
If we go to the health menu and you scroll all the way to the top, we should see target specification

24
00:01:44,280 --> 00:01:44,910
right here.

25
00:01:45,860 --> 00:01:49,040
It tells us that we can provide the hostname.

26
00:01:50,710 --> 00:01:51,700
An IP address.

27
00:01:52,810 --> 00:01:54,700
Or a network for scanning.

28
00:01:55,650 --> 00:02:01,770
And below that, we got some of the examples of what we can specify with a map and what is the syntax

29
00:02:01,770 --> 00:02:02,890
for specifying hosts.

30
00:02:03,600 --> 00:02:08,330
We can also read our targets from a list by specifying option that I tell.

31
00:02:09,150 --> 00:02:15,210
And if we want, we can exclude some quotes that we don't want to scan by specifying that that exclude

32
00:02:15,210 --> 00:02:17,190
option for the first time.

33
00:02:17,410 --> 00:02:23,070
Let us get an IP address from our meant to split the and let's send it to see what results we get for

34
00:02:23,070 --> 00:02:24,510
scanning one IP address.

35
00:02:25,380 --> 00:02:28,190
We already saw how we can get anticipatable IP address.

36
00:02:28,200 --> 00:02:33,780
You can either run Nettie's discover to see all the online hosts or if you don't want to bother, you

37
00:02:33,780 --> 00:02:36,270
can just go to Anticipatable right here.

38
00:02:38,310 --> 00:02:45,660
And type I have config, I can see that the IP address of my metals floatable is 192, that 168 at one

39
00:02:45,660 --> 00:02:46,200
point six.

40
00:02:46,870 --> 00:02:47,920
So that is the IP address.

41
00:02:47,940 --> 00:02:55,920
The trouble is, let's run our first and meskin if I type and map and just want to do that 168 at one

42
00:02:55,920 --> 00:02:57,510
point six and press enter.

43
00:02:59,090 --> 00:03:05,270
Wow, this finished pretty fast, but don't get used to it, the only reason that this can finish so

44
00:03:05,270 --> 00:03:13,760
fast is because the target is on my home network too, and my scans can sometimes take hours to finish,

45
00:03:14,450 --> 00:03:18,050
depending on where your target is, how many points they have open.

46
00:03:18,380 --> 00:03:19,580
Are they protected by far?

47
00:03:19,610 --> 00:03:22,300
Well, and many other things that we are also going to cover.

48
00:03:22,790 --> 00:03:27,590
But for now, this is the response for our metal plate with our basic scan.

49
00:03:28,430 --> 00:03:30,050
She tells us the toasties up.

50
00:03:30,890 --> 00:03:33,170
It tells us which open port it has.

51
00:03:33,620 --> 00:03:36,830
We get the exact number of which ports are open on the target machine.

52
00:03:37,860 --> 00:03:45,030
And right here, we can notice that there are a lot of ports that are open, that is because the is

53
00:03:45,030 --> 00:03:46,410
running a lot of services.

54
00:03:47,070 --> 00:03:52,890
And MAP also tells you, besides the port that is opened, which service is running on the open port?

55
00:03:52,890 --> 00:03:54,930
And this is this third column.

56
00:03:56,170 --> 00:04:03,370
So we can see that Port 21 is open and it is running FTB, which we already know that it's file transfer

57
00:04:03,370 --> 00:04:03,860
protocol.

58
00:04:04,570 --> 00:04:08,830
We got Port 22 to be open and that port is for secure shell.

59
00:04:09,930 --> 00:04:16,470
We got Port 80 that is opened, and that is a deep port, and this could mean the tormenta split the

60
00:04:16,470 --> 00:04:18,560
boat, could be hosting a Web page.

61
00:04:19,320 --> 00:04:23,930
We can check this out if we type the IP address of our anticipatable inside of our Firefox.

62
00:04:24,450 --> 00:04:25,440
So let's go up here.

63
00:04:25,980 --> 00:04:27,420
Open up our Firefox.

64
00:04:29,300 --> 00:04:37,010
And if I go up here and type 180 to that 168 dot fund, that six press enter, this will automatically

65
00:04:37,010 --> 00:04:43,040
go and try to connect to the Port 80 and indeed, it is hosting a Web page.

66
00:04:44,030 --> 00:04:49,730
But more about this Web page later on in the course as it holds a bunch of vulnerabilities which we

67
00:04:49,730 --> 00:04:54,560
will cover for now, let us just see what other things we got with our map.

68
00:04:54,920 --> 00:05:01,070
So besides these known ports that we got right here, we also discovered a bunch of other ports hosting

69
00:05:01,070 --> 00:05:04,580
different services and some of them could be vulnerable.

70
00:05:05,750 --> 00:05:08,050
We also see this right here that says not shown.

71
00:05:08,180 --> 00:05:10,460
Nine hundred and seventy seven closed ports.

72
00:05:11,540 --> 00:05:17,330
But wait a second, I said that they're over sixty five thousand ports, why does it say that it didn't

73
00:05:17,330 --> 00:05:22,910
show only nine hundred and seventy seven ports or it shows that only nine hundred and seventy seven

74
00:05:22,910 --> 00:05:23,770
ports are closed?

75
00:05:24,320 --> 00:05:27,320
That is because end up by default scans.

76
00:05:27,350 --> 00:05:29,270
Most known one thousand ports.

77
00:05:29,810 --> 00:05:31,880
It doesn't scan all sixty five thousand.

78
00:05:32,780 --> 00:05:36,230
We can tell it to scan all sixty five thousand which we will see later on.

79
00:05:36,440 --> 00:05:38,810
But in most cases it is not necessary.

80
00:05:39,880 --> 00:05:40,610
OK, cool.

81
00:05:41,050 --> 00:05:47,140
Our first and maps can give us some results and all of these results from our scans you would write

82
00:05:47,140 --> 00:05:49,480
down in our report in a real penetration test.

83
00:05:50,260 --> 00:05:55,360
Now that we know how we can scan one IP address, let us see how we can scan a range of IP addresses.

84
00:05:55,640 --> 00:05:57,820
Let's say we want to scan our entire network.

85
00:05:57,820 --> 00:06:03,120
And for this, once again, you must know your subnet or your network or your networks IP range.

86
00:06:03,490 --> 00:06:04,930
We talked about this earlier.

87
00:06:05,080 --> 00:06:07,630
For me, it is from 190 to that 168.

88
00:06:07,630 --> 00:06:10,150
That one that one up to 192.

89
00:06:10,150 --> 00:06:12,360
That 168, that one that took fifty five.

90
00:06:13,300 --> 00:06:16,330
So we can specify this in two different ways.

91
00:06:16,750 --> 00:06:23,050
We can type and map one, add to that 168 and find that one Besch to fifty five.

92
00:06:23,860 --> 00:06:29,860
Or we can type it like this one idea to that point sixty eight at one point one twenty four.

93
00:06:30,810 --> 00:06:36,630
And if you're new to something, you can think of this twenty four as something that says first three

94
00:06:36,630 --> 00:06:43,770
octets are not changeable and by first reacted, I mean first three numbers, which leaves us with only

95
00:06:43,770 --> 00:06:48,500
last that or last number that will be changeable inside of our IP range.

96
00:06:49,320 --> 00:06:50,610
So let's get it.

97
00:06:50,940 --> 00:06:51,900
If I press enter.

98
00:06:52,960 --> 00:06:58,410
Now, this can right here might take a little bit more time, since it is not only scanning one host,

99
00:06:58,570 --> 00:07:04,750
it is scanning multiple hosts and even though it's scanning multiple hosts, it finished relatively

100
00:07:04,750 --> 00:07:07,410
fast because it is scanning my own network.

101
00:07:08,470 --> 00:07:09,590
That is the results.

102
00:07:10,210 --> 00:07:13,690
So these right here are the results for the.

103
00:07:14,940 --> 00:07:20,280
Anticipatable, as we can see by the IP address, and we got the same results as before, which ports

104
00:07:20,280 --> 00:07:23,970
are open and what services are they running down here?

105
00:07:23,980 --> 00:07:28,530
We get that it scanned two hundred and fifty six IP addresses and three hosts are up.

106
00:07:29,250 --> 00:07:33,200
Let's see what other two hosts are up besides our display.

107
00:07:34,140 --> 00:07:37,270
We got the device with the IP address of 192.

108
00:07:37,290 --> 00:07:38,790
That's 168, that fund four.

109
00:07:39,150 --> 00:07:43,680
And it says right here all one thousand scan ports on this device are closed.

110
00:07:44,590 --> 00:07:49,690
And you remember what I told you, that this is the more secure version, since right now we cannot

111
00:07:49,690 --> 00:07:54,880
connect to any one of these ports and this is probably some home device, possibly my laptop.

112
00:07:55,120 --> 00:08:01,270
It has all 1000 scanned ports closed because it doesn't cost any service to other machines.

113
00:08:02,190 --> 00:08:09,870
And the last device that we got is my router, we got its IP address and we also got Witchboard it has

114
00:08:09,870 --> 00:08:17,630
open so it has bought 22 for Secich for twenty three for Telnet port, fifty three for the domain port

115
00:08:17,640 --> 00:08:21,840
eight and port four for three for HTP and https.

116
00:08:22,260 --> 00:08:25,590
And this port right here that says service unknown.

117
00:08:26,130 --> 00:08:30,510
This is because Unmap couldn't figure out what service is running on this open port.

118
00:08:31,550 --> 00:08:32,360
OK, great.

119
00:08:32,630 --> 00:08:39,650
For now, we perform Basecamp scan without adding any additional options to it, and with this we managed

120
00:08:39,650 --> 00:08:42,290
to discover open ports on our target machines.

121
00:08:42,920 --> 00:08:44,390
That is good for the start.

122
00:08:45,050 --> 00:08:50,900
In the next video, we will see what else can be discovered using and map and what other options it

123
00:08:50,900 --> 00:08:51,200
has.