1
00:00:00,060 --> 00:00:06,810
‫So one of the end maps, best known features is remote OST detection using TCP IP stack fingerprinting

2
00:00:07,350 --> 00:00:14,580
‫and Map sends a series of TCP and UDP packets to the remote host and examines practically every bit

3
00:00:14,970 --> 00:00:15,930
‫of the responses.

4
00:00:17,300 --> 00:00:24,830
‫After performing dozens of tests, such as DCP Ascend, sampling TCP options support and ordering iPad

5
00:00:24,950 --> 00:00:32,660
‫sampling and the initial window size check and map compares the results to it and Map OS DBE database

6
00:00:32,930 --> 00:00:38,190
‫of more than 2600 known OS fingerprints and prints out the details.

7
00:00:38,210 --> 00:00:45,950
‫If there is a match, each fingerprint includes a freeform textual description of the OS and a classification

8
00:00:45,950 --> 00:00:54,080
‫which provides the vendor name, for example son underlying OS that would be Solarz OS generation,

9
00:00:54,560 --> 00:01:00,410
‫let's say 10 and device type general purpose routers, which game console whatever.

10
00:01:01,070 --> 00:01:08,030
‫OS detection is far more effective if at least one open and one closed TCP port are found.

11
00:01:09,250 --> 00:01:11,110
‫So let's see the oil detection in action.

12
00:01:12,260 --> 00:01:19,310
‫We have to use always detection with one of the port detection techniques, so I use Cin scan for this

13
00:01:19,310 --> 00:01:19,640
‫demo.

14
00:01:20,840 --> 00:01:28,790
‫The target system is Metis voidable that's juiced up 100 ports to make the query faster or just don't

15
00:01:28,790 --> 00:01:33,080
‫give any port at the end map, scan top 1000 ports that won't take long.

16
00:01:34,960 --> 00:01:39,700
‫Put up case, oh, for ozone detection and hit enter.

17
00:01:42,530 --> 00:01:44,420
‫Here is a result of OS detection.

18
00:01:45,750 --> 00:01:52,590
‫It's a general purpose device and running Linux with a version between two point sixty nine and 2.6

19
00:01:52,590 --> 00:01:53,400
‫Dot three three.

20
00:01:54,580 --> 00:02:02,530
‫If you like in math to be more aggressive, to have a more accurate result, you can use Oskin gas parameter

21
00:02:02,530 --> 00:02:05,440
‫with o o se detection around.

22
00:02:07,630 --> 00:02:11,590
‫Now, let's scan a window system and try to find out the version of iOS.

23
00:02:13,240 --> 00:02:15,370
‫So here I have a Windows eight virtual machine.

24
00:02:16,330 --> 00:02:24,070
‫I want to learn its IP address first over the command prompt type, IP config and hit enter.

25
00:02:27,020 --> 00:02:30,140
‫Now, let's go to Carly and test if we can reach the window system.

26
00:02:31,620 --> 00:02:38,190
‫First, helping the system know the system is not responding to the ping requests, or we cannot reach

27
00:02:38,190 --> 00:02:38,780
‫the system.

28
00:02:40,070 --> 00:02:43,160
‫So second, I perform an end mapping scan.

29
00:02:43,940 --> 00:02:52,640
‫We know how to do it right type and map as in one seven two one six nine nine point one seven one and

30
00:02:52,640 --> 00:02:53,240
‫hit enter.

31
00:02:54,650 --> 00:02:55,130
‫Yes.

32
00:02:55,490 --> 00:02:59,990
‫And Map says the host is up, so we are able to reach the system.

33
00:03:00,350 --> 00:03:03,830
‫Now I want to scan the top 10 TCP ports of the system.

34
00:03:10,030 --> 00:03:14,950
‫I add the reason parameter to see the reasons of the results.

35
00:03:16,330 --> 00:03:20,860
‫All the ports we scanned are filtered because there are no responses from them.

36
00:03:21,550 --> 00:03:22,660
‫It's not good for us.

37
00:03:23,840 --> 00:03:27,500
‫So I had the early detection to the latest map query and rerun it.

38
00:03:30,470 --> 00:03:37,400
‫No and map cannot find the details because it does not have a result set to probe or interrogate.

39
00:03:38,800 --> 00:03:45,460
‫I would like to open a port on the Windows system and reply to and map scans and Windows eight VM,

40
00:03:45,790 --> 00:03:49,660
‫I run this Internet Information Services Manager.

41
00:03:53,170 --> 00:03:56,230
‫And start to host the default website of ISIS.

42
00:03:58,440 --> 00:04:00,990
‫Open a Web browser and try to reach the website.

43
00:04:01,020 --> 00:04:06,300
‫Typing the IP address of the system into the address bar, OK, web service is up.

44
00:04:07,020 --> 00:04:11,500
‫Let's test if I can reach the web site from Carly, I go to Carly.

45
00:04:11,520 --> 00:04:12,330
‫Open a browser.

46
00:04:12,780 --> 00:04:16,710
‫Enter the IP address of the Windows eight VM and hit Enter.

47
00:04:19,110 --> 00:04:20,010
‫No, I cannot.

48
00:04:20,430 --> 00:04:21,900
‫And I think I know the reason.

49
00:04:23,010 --> 00:04:25,890
‫In Windows VM, let's look at the firewall.

50
00:04:26,040 --> 00:04:35,250
‫If HTTP traffic is allowed, so I open the firewall at the upper left corner, I click Allow an app

51
00:04:35,340 --> 00:04:38,520
‫or feature through Windows Firewall Link.

52
00:04:40,470 --> 00:04:47,550
‫Quick change settings, which needs to have admin privileges go to the end of the list, as I thought,

53
00:04:48,300 --> 00:04:50,580
‫FTP services are not allowed.

54
00:04:51,300 --> 00:04:53,910
‫Check it and click OK to apply the changes.

55
00:04:55,210 --> 00:05:00,460
‫Now, in a command prompt to see Port 80, I run netstat and command.

56
00:05:05,870 --> 00:05:09,950
‫When I come back to Cali, I see that the pages loaded in the browser.

57
00:05:10,400 --> 00:05:13,940
‫That means Carly can reach Port 80 of my Windows eight VM.

58
00:05:15,270 --> 00:05:21,390
‫Now in Terminal Scream, I want to run since scan for the Windows systems top 10 ports.

59
00:05:22,610 --> 00:05:27,950
‫Here we have an open port now, so let's reply the scan with ozone detection option.

60
00:05:32,170 --> 00:05:34,030
‫Now we have the early detection result.

61
00:05:35,270 --> 00:05:37,730
‫First and Map warns us about the results.

62
00:05:38,330 --> 00:05:45,080
‫It says the results may be unreliable because it couldn't find a closed port to probe anyway, and map

63
00:05:45,230 --> 00:05:46,190
‫makes it best.

64
00:05:46,430 --> 00:05:50,000
‫And here it says the operating system is one of them.

65
00:05:50,810 --> 00:05:57,110
‫Windows 2008 Windows 8.1, Windows seven, Windows Phone or Windows Vista?

66
00:05:57,260 --> 00:05:57,890
‫Good job.