NMAP

Course
Time
7 hours 1 minute
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:00
in this lesson, I'm going to simply walk you through removing and map from the Windows operating system.
00:07
I'm pretty sure that all of you know how to remove a program from Windows, but I thought I'd throw in a cool, built in Windows Command line tool that helps a pen tester cover tracks.
00:18
The obvious benefit of such a tool is that you don't have to install 1/3 party tool like Eraser or C cleaner on a compromise machine during a penetration test.
00:27
Let's get started.
00:29
Here are the learning objectives For this lesson,
00:32
this lesson will almost entirely focus on the lab.
00:36
First, I'm going to show you howto uninstall and map ends in map from a 64 bit Windows 10 installation.
00:43
Then I'm going to show you how to use a couple of built in Windows commands to make the work you did in and map completely your recoverable
00:51
in the lab. I'll walk you through removing NP cap and maps packet capture library.
00:58
Then we'll remove and map
01:00
Zen map in all of its dependencies and features.
01:03
Finally, I'll show you how to run the cipher command to make it so that all the work you did, and map will be irrecoverable.
01:11
When you delete files or folders. The data is not actually removed from the hard disk right away. Instead, the space on the disk that was occupied by that deleted data is considered de allocated.
01:23
That basically means that it has stuff on it that can't be seen by browsing the operating system in the space it used to occupy can be overwritten
01:33
until that space is overwritten.
01:36
A low level disk editor or piece of data recovery software like those used by digital forensic analysts can still actually fairly easily recover it.
01:46
However, the cipher utility is designed to prevent unauthorized recovery of such data. So using cipher will make it so that all deleted files like the ones removed by uninstalling and map
01:57
will be impossible to get back.
02:02
Welcome to the lab on removing and map
02:06
in windows.
02:08
All right, First of all, we're gonna open a command prompt
02:12
Click on the start button,
02:14
then just start type in C M. D.
02:17
Once you see, command prompted the top. Just right. Click and run his administrator.
02:25
All right, I'm gonna show you where in the file system.
02:29
And Matt stores all its files. So do a CD space
02:34
backslash
02:35
enter
02:38
on a 64 bit operating system.
02:40
It is
02:43
to a seedy space
02:45
program. Files Space
02:50
X 86
02:53
hit Enter
02:54
We'll do a D I R
02:57
and map
02:59
star dot
03:00
That'll show us all directories that start with and map.
03:05
So we see a directory right here called and MT.
03:08
That's where in map stores all its files
03:14
for now, we'll just minimize. This screen will come back to this later.
03:17
All right, now we'll go through the actual removal process.
03:22
I have control panel on my desktop, but
03:25
the best way to navigate to it is just simply click the start button
03:30
and start typing control panel,
03:36
and you can see that it's up there at the top. Just click on it.
03:42
Now we want to scroll down and find programs and features.
03:46
Click on that.
03:49
We'll maximise this screen to make it bigger.
03:53
Now simply just scroll down until you see and pea cap.
03:59
Click on it
04:00
and click Uninstall.
04:05
The wizard will just walk us through. The process,
04:18
once completed, just clicked close.
04:21
Then I'll open back up my control panel
04:27
and we'll look for and map.
04:30
Think like
04:35
then just walk through the wizard
04:43
click next
04:45
click uninstalled
04:51
Cook. Yes,
04:55
click close
04:58
and I want to open back up my command, prompt
05:01
and
05:02
click the up arrow just to run the same
05:05
command that I did last time. That is D I. R Space and map star dot in the program file's directory
05:14
hit Enter
05:16
the folder is still there.
05:18
So
05:23
So I'm gonna go into that folder and see what's there.
05:28
Seedy space and matter.
05:32
Enter
05:33
D I r.
05:39
So there's still some files there.
05:42
So if we want to clear our tracks
05:44
really well,
05:46
then we want to remove all of that stuff,
05:49
not just from the file system, but remove it permanently.
05:54
So the cd
05:57
dot dot
05:59
I'll do it.
06:00
Our m D I. R space
06:03
and map
06:09
says the directory is not empty.
06:16
So
06:17
in order to remove the directory
06:19
with files in it were to do a r m d i R. Slash s.
06:28
So do ah
06:30
r m die Our space
06:32
slash s
06:33
space
06:35
and map.
06:40
Are you sure? Why?
06:44
Now I'll do a d i r.
06:46
Space
06:46
and map. Start out again.
06:50
Found not found.
06:53
Okay, so now we removed it from the foul system. But unfortunately, as many of you know, just deleting stuff from the file system doesn't permanently remove it.
07:02
So
07:04
the command to permanently remove it
07:06
is
07:09
not very well known, but it's very effective
07:12
that is cipher.
07:14
So the command we want to execute is cipher,
07:17
space slash
07:20
w
07:21
colon
07:23
and map
07:25
hit enter.
07:40
Okay, so it's done
07:42
s. So if you have been following along with me and are extremely patient,
07:46
then, ah,
07:48
you can be reasonably certain that the end map folder
07:53
has been completely deleted and is irrecoverable.
07:58
A lot of you probably know that any reasonably good digital forensic
08:01
person
08:03
will be ableto
08:05
look into your operating system and know that,
08:09
and map was installed at some point.
08:11
But
08:13
what you can be certain of after doing this is that
08:16
any of the maps, scans or files created by N map
08:22
or vulnerability tests or penetration tests that you've run
08:26
will be completely removed from the system and therefore undetectable
08:33
in this lesson. I showed you how to remove and map from Windows.
08:35
Thank you so much for walking through that with me, and I'll see you in the next lesson.

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor