The next part of the hacker methodology is scanning. Scanning. An enumeration were candid. Hand
after your skin a network. You will use the map that you've created to send queries for vulnerabilities.
Skinning can be done with a tool like and map to identify key areas.
Areas such as ports I P addresses, operating systems and service's and service versions of those service is
they're running on the system. All of these are going to give you a accurate look at the network and
where you might be able to punch holes at
and also where you might need thio. Increase your security.
So let's take a look at scanning real quick.
All right, here. We're on our Callie to box
pause for one moment. Have to start up my Veum workstation
I have to set the I P address
and then test connection
All right, we have communication there,
and we're able to browse. All right, now, back to
I say, here we are in our Callie environment. So we're gonna do is open our terminal.
And first we're gonna start up arma Taj Armitage is
a scanning a piece of software that can scan for us. Um, and we're gonna start that up first because it takes a second to start up. We're gonna type Mama Taj
an ampersand. Let it run in the background
now, processes started, and it takes a second to pop up
and it's gonna break. Give us this menu here, and we want to click. Connect
has gonna ask us if we want to start The Medicis played RPC several. You're going to say yes,
and it's going to attempt to start it up
The service is were not started prior to starting it up. So what you're gonna do here
because you're gonna type service,
and started up that service on where are also going to start up? The U men displayed service
and it failed to start the municipal aid service because I don't have that, uh, service installed on here. So let's attempt
restarting Alma Taj again.
patrol, See, to get out of that,
starve our montage again,
it's gonna ask. Guess about the minister Blade server. Once more, you're gonna click. Yes.
It started the minute split service ourselves.
It started the minute split service itself there
where it failed here it was ableto start up properly
and you see, it's running some processes there. So now with our massage,
we do a scan with our massage.
There's a lot of different things you can do Here
import hosts add hosts were gonna
mmm started an intense scam.
We're gonna do it on 192.168
And now it's going to run through
and it's performing and maps can
and it has found the target,
and you can right click on it.
View the different types of Loggins that found
you. Click Service is here and identify the service is that were running.
You go over here, and
if you think it's a different operating system, you go over here, you can change what you think the operating system actually is,
and it changes the AC on there, but we know it is Lennox
Ridge said back toe Lennox, there
Have you had more items that you were scanning? It would create a nice little map here, for you
have all the other virtual machines turned. I also right now we're just getting that one item,
and we will come back to
I am a Taj. Later on, when we get to the enumeration portion,
if you come over here to the mmm.
We're able to see some further information here.
Ah, I'm a college Doesn't make that
information so pretty.
in a terminal by itself.
So we can also skin using and maps, so we're gonna d'oh!
tak es for everything
I'm gonna do when I intuit out 168.0
Here we get a better look of the information than you get from Armagh. Taj Armitage is nice because
of the things that you could do further with it
and the, uh, new Marais shin portion and exploitation portion.
So we will go back to that later on,
able to see it, the host is up.
We will see the ports that are open.
We're able to see what's running on the ports. So this as S h running and it's running open. Sshh. Version 5.5
here, he said, There's an Apache.
No, I have opened L dap running as well.
We get a Mac address from the device,
and then we get some information about the operating system itself and also each racer out. That's performed.
So a map is a fantastic tool for you to use to get information
hosts that you may want to enumerate information about
another to let you can use. It's called Zen map.
Zen map is like karma, Taj, and it's like an map. In fact, it actually uses end map. However, it puts all the information to, ah,
nice little consolidated format for you.
That's where I got, uh,
our target list up here. I've already typed in a couple of different
networks here. We're gonna
go to our 192.168 dot 0.14 slash 24. You can manually type it in there,
and then you're gonna click scan, and it's gonna run in 10 scan.
Now, you are gonna see
a bunch of things saying hosts is down.
If you don't have all of things on your network, you're going to get that a lot.
Um, and you're gonna see that, actually, here in a second on this video,
As you see there, all those hosts down came up,
and now it's scanning the 192.168 that 1.10 which is the
Come over here. We can see that it found when I 2.168 dot 1.10 and 1.30
like ports slash hosts.
It wasn't able to find anything on the one that won 30 and that's because it was a Cali box in the Cali box blocks, a lot of and maps canings.
Well, come up here and we see the Web server
and we're able to see the ports and hosts are open on. Go here to a topology
and we could see a little
topology. Here. You can zoom in and zoom out using your wheel.
And if we had more devices on the network, it would show those additional devices on here all interconnected.
There's a couple different ways that you can view it. You can change different kinds of control so you can
adjust how you want this network map to be viewed.
You come over here to host details.
Here we see in this Callie box at all, the ports were closed, a scant will, 1000 ports were closed and a scan of 1000 ports
as because Callie filters that out. Come over here to the tenants. Sees that
1000 were scanned and 999 7 997
You come down here and you get
TCP sequences. Any kind of comments that you might want to put in you could put in there.
that is an map. It's a fantastic little too afraid to use.
And you can also see the previous scans. As usual, you've done by clicking scans.
Let us move on to enumeration.