1
00:00:00,120 --> 00:00:01,890
Hello everybody and welcome back.

2
00:00:01,950 --> 00:00:09,000
And in this tutorial I will show you some of the advance use of the map which is basically using the

3
00:00:09,000 --> 00:00:13,290
scripts that are already pre installed in clinics.

4
00:00:13,320 --> 00:00:19,220
Now Scripps can be used for anything to discover for example a stage host key to discover some of the

5
00:00:19,250 --> 00:00:26,310
more abilities to stage brute force to basically do a bunch of things as we will see right here.

6
00:00:26,310 --> 00:00:32,300
There are a bunch of scripts that are already in our clinics machine.

7
00:00:32,400 --> 00:00:42,660
So first of all in order to get to them you just want to change your directory into the user share and

8
00:00:42,660 --> 00:00:44,030
map.

9
00:00:44,190 --> 00:00:52,920
And if you go into that directory and type your pal s you will see something rectory called scripts.

10
00:00:52,920 --> 00:00:55,230
Now let me enlarge this right here.

11
00:00:55,230 --> 00:01:02,730
So if you change your directory to scripts and type here or else you will see that it will print out

12
00:01:02,850 --> 00:01:11,130
a bunch of these top N S E files which are basically already pre installed and map scripts that you

13
00:01:11,130 --> 00:01:16,310
can use for basically any type of scan you want.

14
00:01:16,320 --> 00:01:20,640
So for example let me just show you first of all how to use them.

15
00:01:20,700 --> 00:01:27,030
So if you type here and map you will see the minus minus script option which is right here and then

16
00:01:27,210 --> 00:01:34,800
basically type your equals and then the name of the script it is simple as that.

17
00:01:34,860 --> 00:01:41,460
So in order for you to use the script to specify this option and that equals and then you specify the

18
00:01:41,460 --> 00:01:49,650
name of the of any of these files right here which are basically scripts and you run them on your target

19
00:01:49,650 --> 00:01:50,630
IP.

20
00:01:50,640 --> 00:01:58,100
Now we will try out one of the scripts for now one which will be DSH brute force which will be also

21
00:01:58,100 --> 00:02:02,150
one of the first attacks active attacks on the target.

22
00:02:02,240 --> 00:02:07,830
It will basically brute force it to try a bunch of passwords for the sage on our target.

23
00:02:07,850 --> 00:02:12,830
Now for that target you can use any of your two machines you want.

24
00:02:12,830 --> 00:02:17,330
You cannot use scandal and method or Web site as it says Do not try.

25
00:02:17,330 --> 00:02:22,310
Deep Web site could force a message on the map site.

26
00:02:22,340 --> 00:02:29,300
So you want to either run your methods point the ball which showed how to install in the previous videos

27
00:02:29,330 --> 00:02:34,270
or you can basically run any other machine that has the port 20 to open.

28
00:02:34,700 --> 00:02:40,790
Now in my case I will run a wasp which I will show you how to install in some of the next stories.

29
00:02:40,850 --> 00:02:49,460
From now on just on your methods potable since Matt spreadable also has the SSA port open

30
00:02:55,140 --> 00:03:00,510
so let me just wait while this opens right here.

31
00:03:00,510 --> 00:03:05,740
It doesn't take long to basically prompt me with username and password soon.

32
00:03:06,770 --> 00:03:08,920
It's pretty similar to the methods portable.

33
00:03:08,960 --> 00:03:14,460
This is just unfair to machine that a trans punch all the vulnerable programs on it.

34
00:03:14,540 --> 00:03:21,470
So as you can see starting up armor profiles on starting post guess Eskil database in a bunch of these

35
00:03:21,500 --> 00:03:24,180
other stuff.

36
00:03:24,230 --> 00:03:30,000
This is the machine that we will use in the next section which would be worth testing.

37
00:03:30,080 --> 00:03:32,600
So let me just pull the plug in right here

38
00:03:35,680 --> 00:03:37,910
and we don't need this anymore.

39
00:03:37,910 --> 00:03:43,610
We just need to find out what the IP address of this machine is which is 1 9 2 that once you see that

40
00:03:43,610 --> 00:03:50,750
one that 7 so if we only scan the coast for now on the map.

41
00:03:50,840 --> 00:03:53,950
So we do a basic scan.

42
00:03:55,370 --> 00:04:01,570
You can see that finishes relatively fast and it keeps us bunch of these ports open only DP ports.

43
00:04:01,610 --> 00:04:06,860
And as you can see we have the 22 DCP such port open.

44
00:04:06,870 --> 00:04:11,300
Now while scanning method applicable you should also have these port open.

45
00:04:11,300 --> 00:04:16,760
So as long as this port is open on the target machine you can run this scan.

46
00:04:17,120 --> 00:04:20,660
So the scan that we are the script that we are looking for.

47
00:04:20,830 --> 00:04:24,290
If it up here we want to find the SSA it's great.

48
00:04:25,130 --> 00:04:33,160
So in order to narrow our options as this type here tell us and then we pipe that into crap as a sage

49
00:04:33,680 --> 00:04:40,130
so it will only show us the scripts that have SSA Internet now from all of this.

50
00:04:40,160 --> 00:04:44,830
We can use any of these but from now on I will just use the sage brought that.

51
00:04:44,930 --> 00:04:51,980
And as e we copy the name of the scripts and in order for you to run the script you type here and map

52
00:04:52,240 --> 00:04:53,030
minus minus.

53
00:04:53,030 --> 00:04:57,980
Script equals and then you paste here the name of the script.

54
00:04:58,040 --> 00:05:04,040
You can just copy paste it from here and then the only thing you need is the IP address which is why

55
00:05:04,040 --> 00:05:06,190
I do that 168 that wanted seven.

56
00:05:06,200 --> 00:05:14,200
Can just press your enter and as you can see it started good forcing our target if it finds the user

57
00:05:14,200 --> 00:05:19,810
name and password you will be able to a search into that machine and basically do anything to it.

58
00:05:19,880 --> 00:05:21,700
This is a very serious attack.

59
00:05:21,710 --> 00:05:27,950
It can get you into trouble especially if you find out the password and actually looking into that machine

60
00:05:29,200 --> 00:05:30,730
and start changing stuff.

61
00:05:30,850 --> 00:05:36,320
So only use this on the machines that you do own.

62
00:05:36,350 --> 00:05:42,660
Now for this specific machine I don't think it will find the password but I'll just leave it run.

63
00:05:42,790 --> 00:05:50,920
Just in case I don't think that's the password and user name is stored in these list that it is using

64
00:05:50,950 --> 00:05:54,070
in order to put forth the message target

65
00:05:57,730 --> 00:05:58,940
so they can take some time.

66
00:05:58,960 --> 00:06:01,060
It depends on the list that you use.

67
00:06:01,060 --> 00:06:07,780
So let me just call this right here since I thought it would finish a little bit faster and better I

68
00:06:07,780 --> 00:06:09,770
would just type here.

69
00:06:09,800 --> 00:06:14,660
Control C in order to close and we stopped the brute force.

70
00:06:14,710 --> 00:06:21,580
Now let's say once again we want to find that and you want to change the password list for example as

71
00:06:21,580 --> 00:06:28,150
you can see it has the specific password list that it uses in order to brute force the target.

72
00:06:28,150 --> 00:06:31,000
So what you want to do is to narrow

73
00:06:33,760 --> 00:06:40,390
the script that you are using which in my case is a sage root and what you want to change right here

74
00:06:41,680 --> 00:06:45,520
is the option where it gives us the password list.

75
00:06:45,660 --> 00:06:47,450
No not really sure where that is.

76
00:06:47,470 --> 00:06:48,310
You can just.

77
00:06:48,400 --> 00:06:52,560
I believe it's right here usage here.

78
00:06:52,590 --> 00:06:55,410
It's right here so pass that list.

79
00:06:55,420 --> 00:07:02,290
I believe you change that and it will change the password list you're using.

80
00:07:02,320 --> 00:07:11,560
So you can also change the port which is 20 to basically a sage will most likely always randomly port

81
00:07:11,580 --> 00:07:19,540
22 but there are cases where the people want stuff on the other port just to prevent the attacks.

82
00:07:19,570 --> 00:07:23,420
So you might be needing to change that as well.

83
00:07:23,440 --> 00:07:30,340
So here you can see that the through is 22 NSA to basically just change d 22 into any port number you

84
00:07:30,340 --> 00:07:35,820
want that funds SSA on it and you will be good to go.

85
00:07:35,830 --> 00:07:40,780
So if there are any other options that you want to change right here you can change it in the file itself

86
00:07:41,740 --> 00:07:45,950
if it requires that for example the port the password list.

87
00:07:46,090 --> 00:07:52,420
And once you do that you just type here controls oh to save and try to save under that name and control

88
00:07:52,420 --> 00:07:56,820
X to exit and you will be good to go.

89
00:07:56,850 --> 00:08:06,120
Now you can run the script again and it should change your password list and port number.

90
00:08:06,150 --> 00:08:12,580
Now let's say for example you want to find out the was key for that particular machine.

91
00:08:12,580 --> 00:08:16,720
So we just copy which isn't really useful but let's just try it.

92
00:08:16,720 --> 00:08:18,700
Why not store and map.

93
00:08:18,910 --> 00:08:20,410
Script equals

94
00:08:23,050 --> 00:08:31,010
box script equals search was key and then the IP address of our target machine.

95
00:08:31,150 --> 00:08:38,710
Now as we can see it gave us the message was key to basically just these DSA and they're saying it really

96
00:08:38,710 --> 00:08:43,660
isn't that useful but sometimes it possibly could be.

97
00:08:44,170 --> 00:08:51,310
So you can you can experiment with all of these scripts right here in the next three hours show you

98
00:08:51,310 --> 00:08:57,670
how to download some of these scripts online from the keep repository that we will use in order to scan

99
00:08:57,670 --> 00:09:00,550
for specific abilities.

100
00:09:00,550 --> 00:09:07,930
So let's just recap in order to get to these scripts folder you just go to the user share and map scripts

101
00:09:08,110 --> 00:09:15,130
directory and the syntax is basically and map the stash script equals and then the name of the script

102
00:09:15,130 --> 00:09:22,270
itself and you just specify the IP address so that's about it for this material was rather short and

103
00:09:22,270 --> 00:09:23,190
in the next one.

104
00:09:23,260 --> 00:09:25,980
As I said we will download some of our own scripts.

105
00:09:25,990 --> 00:09:28,380
So I hope I see you there and take care.