1
00:00:00,180 --> 00:00:01,920
Hello everybody and welcome back.

2
00:00:01,920 --> 00:00:08,400
And before we begin with the options for this part of the editorial I just want to show you the output

3
00:00:08,490 --> 00:00:10,110
of the previous candid we did.

4
00:00:10,120 --> 00:00:16,800
And as we can see it discovered a port that is different than the port that these three previous cans

5
00:00:17,400 --> 00:00:24,030
got us which was the port I believe 5 3 5 7 or something like that which was a DP port and instead of

6
00:00:24,030 --> 00:00:32,680
that we got a UDP open port net buyers minus an S which runs on 1 3 7 on our laptop machine.

7
00:00:32,760 --> 00:00:40,240
So you might notice that the UDP scan basically just gives you the output for UDP port which makes sense.

8
00:00:40,260 --> 00:00:44,180
It will basically give you any UDP port which is open.

9
00:00:44,190 --> 00:00:46,430
For example it could be these net buyers.

10
00:00:46,440 --> 00:00:50,030
It could be your DNS or anything that is running over UDP.

11
00:00:51,120 --> 00:00:54,790
This option right here will give you open UDP ports.

12
00:00:55,260 --> 00:01:00,900
So now that we've covered that we covered basically the full three see three way DP handshake.

13
00:01:00,930 --> 00:01:08,340
We covered that scene on the first part of trade three with shipping handshake and we cover the UDP

14
00:01:08,340 --> 00:01:09,160
scanner.

15
00:01:09,270 --> 00:01:15,480
So now that we covered all of those options I want to show you how you can avoid some of the defenses

16
00:01:15,690 --> 00:01:18,830
that your target might have and how you can avoid your IBS.

17
00:01:19,890 --> 00:01:28,830
So for example the first thing you might want to do if your target is blocking your map or you can get

18
00:01:28,830 --> 00:01:36,680
any output for example you can try the minus as a option now as you said in the previous video minus

19
00:01:36,680 --> 00:01:43,970
essay is listed where this is cancer since the A stands for Act which is the last part of three way

20
00:01:43,970 --> 00:01:49,460
DCP handshake as you can see right here it is the third option and it stands for AK

21
00:01:53,030 --> 00:01:54,810
i deleted this.

22
00:01:54,840 --> 00:01:55,300
This

23
00:01:58,910 --> 00:02:00,090
drawing that I did before.

24
00:02:00,110 --> 00:02:03,990
Since it was really bad let me just try it once again.

25
00:02:04,070 --> 00:02:04,910
Doesn't even matter.

26
00:02:04,910 --> 00:02:11,940
This is the P.C. a this is the ECB.

27
00:02:12,840 --> 00:02:15,340
And from a we want to say can be

28
00:02:19,420 --> 00:02:26,440
but let's say your EU perform you try to perform a three way DCP handshake.

29
00:02:26,500 --> 00:02:30,630
So it goes like this then this machine sends Sinek.

30
00:02:30,640 --> 00:02:35,190
And once again you send ACH right here.

31
00:02:35,210 --> 00:02:42,520
This one last is only the EC I really do encourage you to read more about this big handshakes since

32
00:02:42,520 --> 00:02:46,670
this can be a little bit confusing if you don't know what am I talking about.

33
00:02:46,780 --> 00:02:53,720
But basically the method behind this is the minus assay which is only the last part of three speak handshake

34
00:02:53,800 --> 00:03:01,030
can be used to bypass some of the rules of your doctor for example if there is a rule that allows Sim

35
00:03:01,030 --> 00:03:04,550
packets only from the internet work.

36
00:03:05,200 --> 00:03:12,400
So what I just said is basically let's say this is some website that will only allowed the full three

37
00:03:12,400 --> 00:03:20,550
way DCP handshakes or SIM packets which is the first part of the 360 handshake only from the Internet.

38
00:03:20,570 --> 00:03:21,060
OK.

39
00:03:21,280 --> 00:03:28,750
So basically only from the machines that are Ed on its local network and you as someone coming from

40
00:03:28,750 --> 00:03:35,890
the Internet trying to send a sim packet to the machine being outside of your local network you will

41
00:03:35,890 --> 00:03:37,020
get blocked.

42
00:03:37,900 --> 00:03:44,230
And if that rule really exists on the target machine you can trick it by sending only the EC which is

43
00:03:44,230 --> 00:03:51,970
the last part of three way DCP handshake which will treat the router or the site to think that it is

44
00:03:51,970 --> 00:03:59,590
an answer to a previous Sim set so let's say this router is connected to some of the other devices on

45
00:03:59,590 --> 00:04:01,330
its local network.

46
00:04:01,330 --> 00:04:08,470
Now pardon me for my really bad drawing right here but basically the circle right here is representing

47
00:04:08,530 --> 00:04:11,040
the internal network of these machines.

48
00:04:11,710 --> 00:04:18,370
And it will only accept the three way handshakes or SIM packets syndicate bid sets from the machines

49
00:04:18,370 --> 00:04:20,260
that are on its local network.

50
00:04:20,650 --> 00:04:26,680
And you as someone coming from the outside trying to send the same packet will get blocked.

51
00:04:28,780 --> 00:04:36,120
So if you only send the packet without sending the previous Sim packet or bits at it it is not a packet

52
00:04:36,130 --> 00:04:43,840
it is basically a bit set from the DCP packet it might trick your counter to think that this act is

53
00:04:43,840 --> 00:04:54,620
an answer to a previous scene bits it that some of the local machines sent so in order to do that you

54
00:04:54,620 --> 00:05:05,420
just type here and map minus essay and let the IP address of your outer selected just type here.

55
00:05:05,420 --> 00:05:05,960
Also

56
00:05:09,120 --> 00:05:16,830
so basically you use this option if there is the blockage of sin bit set on the target machine.

57
00:05:16,860 --> 00:05:24,090
Now this is not that common to see so you won't be needing it that much but it can happen.

58
00:05:24,090 --> 00:05:32,250
Now the next thing you might want to specify is he bought this so support that your packets are going

59
00:05:32,250 --> 00:05:40,110
from now by default the map sets distort which is deported from and which is your port from which you

60
00:05:40,110 --> 00:05:42,640
send the packets to the machine.

61
00:05:42,720 --> 00:05:43,830
It can be any port.

62
00:05:43,830 --> 00:05:48,780
I believe the N map specifies it randomly at the beginning of the scan.

63
00:05:49,930 --> 00:06:01,550
And it can be problem in case of where the target only allows the packets from the specific ports.

64
00:06:01,600 --> 00:06:08,200
Now what I mean is let's say exempt for example you run and map scan from this machine and it basically

65
00:06:09,330 --> 00:06:18,870
uses the port three three three for the outgoing scan which is a randomly assigned port for your machine

66
00:06:19,290 --> 00:06:25,500
but once it gets to the target machine there is a rule on the target machine that this port will only

67
00:06:25,500 --> 00:06:27,900
accept packages from the ports.

68
00:06:27,900 --> 00:06:36,410
For example 80 so your packages no matter which type of option you specify whether it is the UDP scan

69
00:06:36,410 --> 00:06:43,040
the X can Candy since scan or the 40s piece scan it will get blocked since your packets are not coming

70
00:06:43,040 --> 00:06:45,740
from the outgoing port which is port 80

71
00:06:49,590 --> 00:06:56,100
so in order for you to be able to scan this target you need to specify the port which it allows the

72
00:06:56,100 --> 00:06:57,690
packets to come from.

73
00:06:57,690 --> 00:07:05,340
So it will usually be some of the known ports which is for example port 53 for the DNS port twenty five

74
00:07:05,340 --> 00:07:09,510
point eighty port 80 80.

75
00:07:09,570 --> 00:07:16,260
It can be any of those widely known ports but it can also be any other random port so you will need

76
00:07:16,260 --> 00:07:18,000
to find that out by yourself.

77
00:07:18,150 --> 00:07:28,200
But once you do find out that by yourself you can just type here minus minus source port and then the

78
00:07:28,260 --> 00:07:34,770
number of the source port for for example let's say the source port is 80 and then we type here the

79
00:07:34,890 --> 00:07:37,950
IP address of our target machine.

80
00:07:39,120 --> 00:07:43,640
And as we can see right here the IP address 0 hosts up.

81
00:07:43,710 --> 00:07:46,870
Not really sure why that happens as we can see right here.

82
00:07:46,870 --> 00:07:51,890
Host since down a bit is really up but blocking our ping pros trade minus.

83
00:07:52,530 --> 00:07:58,170
So it minus PND which we covered in the previous tutorial but for some reason it doesn't want to show

84
00:07:58,170 --> 00:08:01,100
us that the host is up.

85
00:08:01,590 --> 00:08:09,600
Let me just see right here if I correctly specified this option minus minus source port I believe it

86
00:08:09,600 --> 00:08:15,020
is but let's check once again where could it be.

87
00:08:15,120 --> 00:08:23,810
Timing always detection scripts scan service port exclude or use

88
00:08:27,250 --> 00:08:36,460
Port ratio fests can point down trend of mice and maybe they change this option.

89
00:08:36,460 --> 00:08:42,540
I thought it was minus minus source minus point and it didn't give us any error.

90
00:08:42,540 --> 00:08:50,430
So I believe it still is but for some reason our host is appearing to be down but we won't be really

91
00:08:50,880 --> 00:08:52,110
wasting our time on that.

92
00:08:52,110 --> 00:08:53,920
So basically religious recap.

93
00:08:53,970 --> 00:09:00,780
You use that theme and you use the minus minus source minus port option when your target is only allowing

94
00:09:00,780 --> 00:09:09,620
packets to come from certain ports for example as we saw 80 so let me just right here right here.

95
00:09:09,620 --> 00:09:15,320
Minus minus source transport on nights through that 168 that fondant 8

96
00:09:19,010 --> 00:09:25,550
and let us continue to the next step in order to bypass some of the detection problems which could be

97
00:09:25,910 --> 00:09:28,330
the data lent now.

98
00:09:28,700 --> 00:09:34,160
The map by default sends packets of specific size.

99
00:09:34,350 --> 00:09:40,410
I'm pretty sure about the size is but I believe it sends the same size packets every time so some of

100
00:09:40,410 --> 00:09:46,780
the defenses today have rules to the nice packets that are of Standard and map size.

101
00:09:46,800 --> 00:09:47,730
Size.

102
00:09:47,820 --> 00:09:53,790
Basically what that means is that any map every time when it sends packets it sends them with the same

103
00:09:53,790 --> 00:09:54,320
size.

104
00:09:54,330 --> 00:10:02,340
And if someone has a rule specified or nodes the 10 map exists it can make a rule that says basically

105
00:10:02,340 --> 00:10:06,860
block any packet that is the size of the standard and map packet.

106
00:10:07,140 --> 00:10:14,750
Now to bypass this detection system you can configure different packet sizes with the option minus minus

107
00:10:14,750 --> 00:10:17,800
data minus length.

108
00:10:17,810 --> 00:10:20,880
Now let me just type here normally.

109
00:10:20,910 --> 00:10:22,650
So let us try that one out.

110
00:10:22,830 --> 00:10:31,170
If we type here and map and then minus minus theta minus land can we specify for example 50 and we type

111
00:10:31,170 --> 00:10:41,040
here the IP address didn't give us any error so it means that the that the syntax of the command is

112
00:10:41,040 --> 00:10:41,870
correct.

113
00:10:44,730 --> 00:10:51,900
So this taking a little bit of time it should give us this the correct output once it finishes.

114
00:10:51,930 --> 00:10:53,670
So let me just type here.

115
00:10:53,940 --> 00:11:01,740
The data lines on and to that 168 that on the date now of course you need.

116
00:11:01,960 --> 00:11:06,900
You don't have to specify only this option once you can you can specify a bunch of options including

117
00:11:06,900 --> 00:11:14,520
this one so you can basically use all of these three for example to combine into a scan which will bypass

118
00:11:14,550 --> 00:11:21,580
all of all of these three detection problems which the first one is the blockage of simple steps.

119
00:11:21,600 --> 00:11:24,870
The second one is blockage of specific ports.

120
00:11:24,870 --> 00:11:36,790
And the third one is the blockage of the map standard packet size so we will cover one more in order

121
00:11:36,850 --> 00:11:40,510
to bypass the detection and defense.

122
00:11:40,990 --> 00:11:44,170
Right here we have the output of the scanners.

123
00:11:44,170 --> 00:11:51,040
We can see it performed correctly and we have one open port which is DCP and the service running is

124
00:11:51,040 --> 00:11:53,200
w as the AP.

125
00:11:53,350 --> 00:11:59,140
So let us continue on to the next one which would be the spoofing of your mac address.

126
00:11:59,320 --> 00:12:09,220
Now long ago one of the stories we covered how to change our mac address you can use that as well but

127
00:12:09,670 --> 00:12:19,000
the map keeps us its own option to spoof our mac address and as we can see if we take your map I believe

128
00:12:19,060 --> 00:12:21,520
it will show us the option right here.

129
00:12:21,520 --> 00:12:29,210
Not really sure if it is listed yes it is it is right here we can also see the data length comment and

130
00:12:29,210 --> 00:12:32,330
the source port as we can see.

131
00:12:32,360 --> 00:12:40,800
I forgot wearables this option let me just right here in minus G as it says that it is same as minus

132
00:12:40,800 --> 00:12:47,680
minus source port and it didn't work for us or let me just type here and met minus G and then quarter

133
00:12:47,700 --> 00:12:56,280
80 and then one night to that 160 that wanted but to see if the horse is up right now and it is up.

134
00:12:56,760 --> 00:13:05,490
So basically instead of this option minus minus our spot you can use Klein's Jeep and specify the port

135
00:13:05,490 --> 00:13:09,690
of course so that's good.

136
00:13:09,700 --> 00:13:15,910
I didn't know that existed but let us not care about that at the moment at the moment.

137
00:13:15,910 --> 00:13:22,050
We want to spoof our mac address with this comment as we can see the syntax is minus minus spoof minus

138
00:13:22,050 --> 00:13:30,030
Mac and then we add the MAC address right here you can add other options spell as prefix one to name

139
00:13:30,060 --> 00:13:31,420
but it'll just type here.

140
00:13:31,420 --> 00:13:39,280
The MAC address and we can see that the description for this option a spoof your MAC address.

141
00:13:39,350 --> 00:13:40,900
So let us do that

142
00:13:44,030 --> 00:13:45,850
the source sports can finish.

143
00:13:45,860 --> 00:13:54,360
So let us just clear the screen and type here then map minus minus spoof minus Mac.

144
00:13:55,540 --> 00:13:59,680
I believe that was the option and you type your mac address that you want to fake.

145
00:13:59,740 --> 00:14:08,790
So let me just say this and to show you you can see right here that the or let us use the Mac changer.

146
00:14:08,790 --> 00:14:16,830
We covered it before you type your minus minus show and then the network interface in order to see your

147
00:14:16,830 --> 00:14:18,500
current MAC address.

148
00:14:18,540 --> 00:14:21,690
So this is the format of the MAC address.

149
00:14:21,690 --> 00:14:24,560
You can see it is divided by two dots.

150
00:14:26,380 --> 00:14:31,500
And it is consistent from six parts that are basically divided by these two dots.

151
00:14:31,750 --> 00:14:32,930
So you can just type here.

152
00:14:32,950 --> 00:14:38,150
2 2 3 3 4 4 5 5 6 6 7 7.

153
00:14:38,410 --> 00:14:44,230
And we right here type the IP address of our host or of our target.

154
00:14:44,350 --> 00:14:51,640
And as you can see right here it is said it says spoofing MAC Address 2 2 3 3 4 4 5 5 6 6 7 7 No registered

155
00:14:51,640 --> 00:14:53,970
vendor and host seems down.

156
00:14:54,420 --> 00:14:58,940
If it's really up about blocking our pin code straight minus pen.

157
00:14:59,050 --> 00:15:04,390
Now for some reason it seems that the host is down with that option.

158
00:15:04,440 --> 00:15:09,990
It could be because we didn't really specify these two options but I doubt really we won't really bother

159
00:15:09,990 --> 00:15:11,900
with that right now you just want.

160
00:15:12,120 --> 00:15:14,420
I just want you to know about that option.

161
00:15:14,580 --> 00:15:22,560
That for example it is used if this machine right here allows the packets to come only from certain

162
00:15:22,560 --> 00:15:27,340
mac addresses it can be used as a blacklist or as a whitelist.

163
00:15:27,430 --> 00:15:33,270
This machine can have a blacklist where it blocks some of the MAC addresses and some of those could

164
00:15:33,270 --> 00:15:39,240
be yours as well or it could have whitelist where it only allows certain MAC addresses

165
00:15:43,030 --> 00:15:43,310
now.

166
00:15:43,330 --> 00:15:50,140
Most likely it will have a whitelist where it will allow only trusted devices with their MAC addresses

167
00:15:50,680 --> 00:15:56,320
and in order for you to be able to send packets to this machine you need to spoof the MAC address of

168
00:15:56,320 --> 00:16:01,310
a trusted device from these that these target machine specified in its whitelist.

169
00:16:01,450 --> 00:16:07,840
And once you do that with the minus minus both minus Mac option you will be able to send packets and

170
00:16:07,840 --> 00:16:10,330
receive packets from the target's machine.

171
00:16:10,930 --> 00:16:16,590
So let us type right here minus minus source or not source it is spoof I believe.

172
00:16:16,960 --> 00:16:22,100
Let me just see what was the option spoof Mac.

173
00:16:23,380 --> 00:16:28,930
And then you basically just type here 3 3 4 4 5 5 6 6 7 7.

174
00:16:28,930 --> 00:16:30,420
It doesn't have to be this MAC address.

175
00:16:30,430 --> 00:16:33,410
You can basically specify countries you want.

176
00:16:33,550 --> 00:16:40,810
And right here you type the IP address of your target or the whole thing doesn't really matter.

177
00:16:40,840 --> 00:16:51,960
So that would be about it for the avoiding defence in IP as these four things can be useful if your

178
00:16:51,960 --> 00:17:00,620
target specify some of the rules in order to block your scans but you will find out that really targets

179
00:17:00,690 --> 00:17:09,800
use any of these rules to prevent you from scanning them but if it happens you can use these options

180
00:17:09,860 --> 00:17:11,820
that we covered in this video.

181
00:17:11,870 --> 00:17:18,390
Now the next video I will show you better and map scripts how to get to them and how to use that.

182
00:17:18,500 --> 00:17:22,930
So I hope you join this editorial and I hope I see you in the next one by.