1
00:00:00,120 --> 00:00:00,530
All right.

2
00:00:00,540 --> 00:00:06,870
So before we go into the OSA model I do want to talk about some common ports and protocols since this

3
00:00:06,870 --> 00:00:10,640
is a refresher most of these should be pretty familiar to you.

4
00:00:10,650 --> 00:00:16,380
I'm going to run through them pretty quickly and just talk about them briefly on each of these common

5
00:00:16,380 --> 00:00:16,800
ports.

6
00:00:16,800 --> 00:00:22,170
And the reason I've listed these is because they are things that we'll see quite often as a penetration

7
00:00:22,170 --> 00:00:23,010
tester.

8
00:00:23,010 --> 00:00:27,030
And it's just something that as we're going through the course if one of these show up it's something

9
00:00:27,030 --> 00:00:32,640
that just rings a bell and you see you see a scan it comes back and you see Port 21 you think I guess

10
00:00:32,730 --> 00:00:36,350
FCP or you see for 80 you think I guess a GP.

11
00:00:36,380 --> 00:00:39,690
So you've got to start training your mind to memorize these ports.

12
00:00:39,690 --> 00:00:43,890
So when we get into our scanning which again we haven't covered scanning but when we get there and we

13
00:00:43,890 --> 00:00:49,060
see what ports are open on a machine we're gonna be able to have these common ports memorized.

14
00:00:49,140 --> 00:00:55,180
So on the TPP side we've got FCP FCP is the file transfer protocol.

15
00:00:55,320 --> 00:00:58,950
You're going to see this in some assessments you're going to see this a lot when we do something called

16
00:00:58,950 --> 00:00:59,820
Capture the Flag.

17
00:00:59,820 --> 00:01:03,960
We run through some test machines you'll see FCP open quite a bit.

18
00:01:03,960 --> 00:01:08,760
So FCP file transfer protocol all that means is we can log into the server.

19
00:01:08,760 --> 00:01:12,010
We can put a file or we can get a file off the server.

20
00:01:12,010 --> 00:01:20,600
Now SSA and telnet kind of play hand in hand telnet is the ability to log into a machine remotely.

21
00:01:20,610 --> 00:01:22,590
Now SSA does the same thing.

22
00:01:22,590 --> 00:01:26,540
The only difference is SS age is the encrypted version of that.

23
00:01:26,550 --> 00:01:34,630
So it tells that you are in clear text and with SSA age you are encrypted now S.M. T.P. POP 3 And I

24
00:01:34,630 --> 00:01:36,980
map all relate to mail.

25
00:01:37,020 --> 00:01:39,140
We're not gonna worry too much about mail in this course.

26
00:01:39,150 --> 00:01:41,650
But you might see it come back up at some point.

27
00:01:41,650 --> 00:01:47,760
So just remember your twenty five one ten and one forty three DNS.

28
00:01:47,760 --> 00:01:54,770
So DNS is a way to resolve IP addresses to names and we could take a quick look at that.

29
00:01:54,780 --> 00:02:00,810
If we go back to our Kelly machine and say we're at Google here we've got Google up.

30
00:02:00,810 --> 00:02:07,080
But the computer doesn't really know what Google is the computer is just using nice text like Google

31
00:02:07,080 --> 00:02:09,100
dot com for us the humans.

32
00:02:09,270 --> 00:02:14,330
What's going on on the back end is Google actually resolves to an IP address.

33
00:02:14,430 --> 00:02:19,380
Now the IP address is how the computer knows to get back and forth because we don't want to sit there

34
00:02:19,380 --> 00:02:26,010
and type in IP addresses this DNS or domain name system has been implemented for us.

35
00:02:26,070 --> 00:02:34,230
So we typed in Google dot com on the back end IT knows hey I want to go out to 1 7 1 7 9 10 20 to 30

36
00:02:34,230 --> 00:02:41,670
for whatever is in reality but this is just a quick way for the computer to relate to a human and the

37
00:02:41,730 --> 00:02:47,000
human to you know have easily readable access to some of this stuff.

38
00:02:47,040 --> 00:02:55,140
So going back to our PowerPoint we have HP and HP yes that is a Web site just what you saw there.

39
00:02:55,230 --> 00:03:02,340
Mostly everything is on for three now or HP yes the HP port 80 you'll see sometimes.

40
00:03:02,400 --> 00:03:06,090
Remember that is the non secure version of the protocol.

41
00:03:06,120 --> 00:03:12,370
So HP is encrypted HP is not encrypted and not secure.

42
00:03:13,050 --> 00:03:18,120
So lastly SMB ports one thirty nine and four forty five.

43
00:03:18,150 --> 00:03:24,090
Originally it was just one thirty nine in the later versions of Windows they put on for four or five

44
00:03:24,360 --> 00:03:26,640
you're going to see these ports a lot.

45
00:03:26,640 --> 00:03:29,700
This is probably the most common port you're going to see as a pen tester.

46
00:03:29,760 --> 00:03:34,070
These relate to file share as you might also hear this called samba.

47
00:03:34,620 --> 00:03:39,630
So there are a few names for it but when you think of SMB and you see one thirty nine or forty five

48
00:03:39,900 --> 00:03:47,070
think of file shares and as a pin tester perspective you got to think about all the crazy exploits we've

49
00:03:47,070 --> 00:03:49,010
had regarding SMB.

50
00:03:49,020 --> 00:03:54,350
The most recent one as of this course was the one to cry virus.

51
00:03:54,360 --> 00:03:54,990
Right.

52
00:03:55,020 --> 00:04:00,750
So you had the want to cry virus is also known as Eternal Blue was what it was built off of or M.S.

53
00:04:00,810 --> 00:04:09,900
17 0 1 0 was the official term of that exploit that exploit utilized and SMB exploit to navigate through

54
00:04:09,900 --> 00:04:10,530
networks.

55
00:04:10,560 --> 00:04:16,130
So it became very vicious very quick because S&amp;P is open so frequently on networks.

56
00:04:16,290 --> 00:04:19,790
Now on the UDP side we also have DNS over here.

57
00:04:19,790 --> 00:04:22,820
DNS is both ATP and UDP protocol.

58
00:04:22,830 --> 00:04:27,720
We also have DHS BP now when it comes to IP addresses.

59
00:04:27,720 --> 00:04:32,420
DHS GP associates you with an IP address kind of at random.

60
00:04:32,490 --> 00:04:36,760
Now you could have the opposite of that is what is a static IP address.

61
00:04:36,810 --> 00:04:43,320
So with DCP you plug into your network say your home network and the Internet just fires up.

62
00:04:43,500 --> 00:04:44,220
Guess what.

63
00:04:44,280 --> 00:04:49,850
Probably DHS VPN the back end it just picks a number between arrange says Hey here's your IP address.

64
00:04:49,890 --> 00:04:54,750
I'm going to let you lease that out for eight hours or a day or a week or however long the timing is

65
00:04:54,750 --> 00:04:55,320
set for it.

66
00:04:55,600 --> 00:04:57,710
And that IP address is yours.

67
00:04:57,750 --> 00:05:03,450
Now the opposite of that again is static so you could say hey I want a static IP address and anytime

68
00:05:03,530 --> 00:05:05,810
I plug in with this specific computer.

69
00:05:05,930 --> 00:05:07,820
Go ahead and give it this IP address.

70
00:05:07,820 --> 00:05:09,210
So how are we going to know that.

71
00:05:09,350 --> 00:05:10,700
Most likely the MAC address.

72
00:05:10,700 --> 00:05:11,000
Right.

73
00:05:11,000 --> 00:05:15,460
So from layer two it's gonna know layer three and how to assign it.

74
00:05:15,470 --> 00:05:18,440
So again DCP should be pretty familiar to you.

75
00:05:18,440 --> 00:05:26,660
We've also got TFT APM port sixty nine which is the trivial FTB and utilizes UDP instead of TPP.

76
00:05:26,840 --> 00:05:32,420
And we also have SMP which is the simple network management protocol.

77
00:05:32,420 --> 00:05:39,650
So you will encounter as an MP occasionally on networks not always but when we do encounter it there

78
00:05:39,650 --> 00:05:45,440
may be some information to be gathered especially if there are strings being used that are community

79
00:05:45,500 --> 00:05:47,090
or public strings.

80
00:05:47,090 --> 00:05:49,320
And we'll worry about that when we encounter it.

81
00:05:49,340 --> 00:05:52,320
But you will probably see it again in this course.

82
00:05:52,340 --> 00:05:58,430
So that is it in this video we're going to go ahead and move on to the OSCE model and tie all this together

83
00:05:58,700 --> 00:06:05,000
then we'll get into a little bit submitting and we'll end this with a refresher on networking a final

84
00:06:05,480 --> 00:06:07,520
final video on networking.

85
00:06:07,520 --> 00:06:09,110
So I'll see you over in the next video.