1
00:00:00,120 --> 00:00:05,250
Hello everybody and welcome back to the last part of the map scanning tutorials.

2
00:00:05,250 --> 00:00:11,310
Now in this tutorial we will download some of our own scripts and we will run them against our target

3
00:00:11,610 --> 00:00:15,320
in order to discover some deep vulnerabilities it might have.

4
00:00:15,660 --> 00:00:21,480
Now once you finish this tutorial right here you will know more than 80 percent of people that use and

5
00:00:21,480 --> 00:00:22,430
map.

6
00:00:22,470 --> 00:00:25,790
And it is really essential for you to get this to a right.

7
00:00:25,810 --> 00:00:37,500
So you can perform your scans at the best so first of all let us change the directory to the end map

8
00:00:37,510 --> 00:00:38,450
scripts directories.

9
00:00:38,490 --> 00:00:43,140
So it is user share and map scripts.

10
00:00:44,020 --> 00:00:51,250
If you type your unless we have here a bunch of scripts and mostly is read here which is CV e 2015 and

11
00:00:51,250 --> 00:00:57,640
then some number are certain vulnerabilities that were discovered in the age of this number.

12
00:00:57,640 --> 00:01:00,250
So basically this one was from 2017.

13
00:01:00,250 --> 00:01:05,420
This one was from 2000 thousand fifteen and so on and so on.

14
00:01:05,800 --> 00:01:12,740
But we want to discover all of the vulnerabilities that could occur in a certain target.

15
00:01:12,760 --> 00:01:15,610
So for that we want to download some of our own scripts.

16
00:01:15,640 --> 00:01:26,380
So just open up Firefox and opened up a new tab and just typed here folks can get up once it loads up

17
00:01:26,380 --> 00:01:32,440
the page and we want to click on the first link which will later lead us to the UK repository for this

18
00:01:32,440 --> 00:01:32,940
script.

19
00:01:33,070 --> 00:01:36,610
So just click here on the first thing.

20
00:01:36,610 --> 00:01:43,300
And here we are on the github repository of this and my portability scanner as you can see right here

21
00:01:43,300 --> 00:01:49,980
we have the usage which we will cover after we download this script.

22
00:01:49,980 --> 00:01:55,920
Now in order to download this hour we show you in the previous videos you just copy the link right here

23
00:01:56,670 --> 00:02:03,160
and we will use the it uh program that we already installed.

24
00:02:03,300 --> 00:02:11,300
Let me just change my directory and it's not there.

25
00:02:11,330 --> 00:02:12,830
Kick this in the road.

26
00:02:15,120 --> 00:02:16,520
So let's put it.

27
00:02:16,600 --> 00:02:19,320
Let's let's just delete these two files from previous videos.

28
00:02:19,320 --> 00:02:23,480
We do not need them anymore and we what do we want to type here.

29
00:02:23,510 --> 00:02:30,480
Get clone and then we paste the link that we copy and then we add dot to get

30
00:02:34,280 --> 00:02:34,690
now.

31
00:02:34,760 --> 00:02:36,910
It will take some time to download this.

32
00:02:36,950 --> 00:02:41,870
And once it finishes we will have our script installed on our calendars machine

33
00:02:46,570 --> 00:02:47,860
I believe it will finish here.

34
00:02:47,860 --> 00:02:48,550
Here it is.

35
00:02:48,550 --> 00:02:56,170
And if we type here unless we can see the full scan is right here as a directory in order to go to it

36
00:02:56,230 --> 00:03:03,040
we just type here see the old scan and we can see a bunch of files that eat that we got with it.

37
00:03:03,400 --> 00:03:09,400
But this isn't the only program I want to install right now we want to install another script so open

38
00:03:09,400 --> 00:03:19,880
up your Firefox once again add a second tab and just type here and map all nurse.

39
00:03:20,170 --> 00:03:26,540
And then once again type here get her so it will once again lead you to this page and you just want

40
00:03:26,540 --> 00:03:31,120
to click here on the first link which is from the github Web site.

41
00:03:31,130 --> 00:03:38,630
The procedure is same such as crop copy the link of the page go to your directory.

42
00:03:38,630 --> 00:03:44,200
So it can just go on directory back and make sure we're in the same directory where was.

43
00:03:44,410 --> 00:03:52,190
Can Just take your kid clone paste your link right here and add dot kids to it it will also download

44
00:03:52,190 --> 00:04:00,220
the direct and the script into our directory and we will be good to go so as we can see this one has

45
00:04:00,220 --> 00:04:07,050
finished faster than the previous one so right now we should have both of them both of these scripts

46
00:04:07,080 --> 00:04:14,940
in our directory as we can see right here we have we'll scan and we also have map owners no let us make

47
00:04:15,540 --> 00:04:17,220
directories and map scripts

48
00:04:19,920 --> 00:04:23,000
in order to put them both into that directory.

49
00:04:23,070 --> 00:04:24,770
So we will have them like this right here.

50
00:04:25,020 --> 00:04:40,170
So let me just move foreskin into unmapped scripts of self-interest and move to the and that all nurse

51
00:04:41,690 --> 00:04:48,580
into any scripts and right here we should only have the map scripts file and if we change our directory

52
00:04:48,580 --> 00:04:51,540
to it we'll have our both scripts right here.

53
00:04:52,060 --> 00:04:56,380
So now that we downloaded it and now we can run them.

54
00:04:56,380 --> 00:05:02,660
So in order to run them we use the same command that we used in the previous video.

55
00:05:02,900 --> 00:05:11,340
So and map there's this script and right here instead of typing the equals sign which we would which

56
00:05:11,340 --> 00:05:17,340
we would use in order to specify one script we want to remove the equal sign and just put his case and

57
00:05:17,370 --> 00:05:26,130
just appear both can and and map Warner's as we can see right here with specified two scripts instead

58
00:05:26,130 --> 00:05:32,550
of one and it will use both of them in order to discover the vulnerabilities.

59
00:05:32,850 --> 00:05:40,200
So after this we want to add minus speed in order to discover the Virgin of the services running on

60
00:05:40,260 --> 00:05:41,450
open ports.

61
00:05:41,670 --> 00:05:47,550
And right here we want to also add the IP address of the target.

62
00:05:47,550 --> 00:05:49,490
So let me just check once again.

63
00:05:49,560 --> 00:05:52,020
What was the IP address of this target.

64
00:05:52,020 --> 00:05:53,700
It was not Windows 7.

65
00:05:53,910 --> 00:05:57,960
So here with type 1 Let's do that 168.

66
00:05:57,960 --> 00:05:59,660
That one that's seven.

67
00:05:59,850 --> 00:06:01,320
And we let this run.

68
00:06:01,350 --> 00:06:02,970
So let me just enlarge this.

69
00:06:03,000 --> 00:06:06,150
This could take some time but not too long.

70
00:06:06,330 --> 00:06:12,990
It should finish relatively fast and it will print out punch of equal abilities that it found on this

71
00:06:12,990 --> 00:06:13,800
target.

72
00:06:13,800 --> 00:06:21,540
Now I know that this target is vulnerable since it is made portable in order for us to test it and we

73
00:06:21,540 --> 00:06:26,160
can see that we got the different output from previous scans.

74
00:06:26,310 --> 00:06:32,630
So here we have open ports and these vulnerabilities as it says right here.

75
00:06:32,640 --> 00:06:39,570
If you see no findings it means it didn't find any vulnerabilities on this specific port and basically

76
00:06:39,720 --> 00:06:44,340
uses a bunch of these Web sites in order to scan for different abilities.

77
00:06:44,340 --> 00:06:50,830
And if you scroll up we can see that the on the DCP open port which is running Apache.

78
00:06:50,940 --> 00:06:58,380
It found a bunch of abilities right here now you can test these scripts on your own machine in order

79
00:06:58,380 --> 00:07:06,120
to find out if your P.C. has of vulnerabilities but basically even mine has some of the more abilities

80
00:07:06,120 --> 00:07:09,990
that go up to five sometimes seven point five.

81
00:07:10,800 --> 00:07:13,390
But mostly these aren't so dangerous.

82
00:07:13,470 --> 00:07:14,840
These that are low numbers.

83
00:07:14,850 --> 00:07:17,290
This is basically a mark for the vulnerabilities.

84
00:07:17,310 --> 00:07:22,360
So if it is 1.0 it is a really small vulnerability but it is still there.

85
00:07:22,800 --> 00:07:24,740
And it is ten point 0.

86
00:07:24,750 --> 00:07:28,600
It is basically an easy exploited vulnerability.

87
00:07:28,650 --> 00:07:34,920
So if you just find something like this you need to update your device as soon as possible or in this

88
00:07:34,920 --> 00:07:40,580
case the in this case attach it to since it is found on the port 80.

89
00:07:41,220 --> 00:07:47,670
Let us just see if there is anything else and we can see also also on the sage port it found some optical

90
00:07:47,700 --> 00:07:52,150
abilities which are so highly rated but they are still there.

91
00:07:52,410 --> 00:08:01,260
And also once you find something like this you can basically just copy this link right here which will

92
00:08:01,350 --> 00:08:07,620
lead you to a page in Firefox if you paste it you just open a new tab and paste the link from the vulnerability

93
00:08:08,520 --> 00:08:18,380
and it will open up the page where it will describe in greater details the possibility that he discovered.

94
00:08:18,390 --> 00:08:25,290
So here we can see the mark which extend the access complexity is low the confidentiality is complete

95
00:08:25,310 --> 00:08:28,530
and the integrity is complete and the availability is complete

96
00:08:31,290 --> 00:08:32,360
in the description.

97
00:08:32,370 --> 00:08:39,810
You can check out what the vulnerabilities which in this case its model are crew in 32 in something

98
00:08:39,810 --> 00:08:44,340
something something let us just not read all these numbers when running on Windows does not ensure that

99
00:08:44,340 --> 00:08:52,020
request processing is complete before calling is AP unload for is a pitot yellow module which allows

100
00:08:52,020 --> 00:08:58,410
remote attackers to execute arbitrary code where unspecified vectors related to a crafted request a

101
00:08:58,410 --> 00:09:01,560
reset packet and often call it pointers.

102
00:09:01,560 --> 00:09:04,750
Now this is basically of an ability.

103
00:09:04,800 --> 00:09:11,640
And if you wanted to for example exploit it could basically just copy the name of the invulnerability

104
00:09:12,510 --> 00:09:14,460
which in our case is this one.

105
00:09:14,850 --> 00:09:25,780
So just copy and you can just go onto the Google paste that vulnerability and tax your exploit and hope

106
00:09:25,780 --> 00:09:31,390
that you will find something or someone that already has written and exploit for this vulnerability

107
00:09:32,570 --> 00:09:35,970
so we can just try to find it.

108
00:09:36,050 --> 00:09:42,770
We know that is it is we can click on any link for example and try to find if anyone has written any

109
00:09:42,770 --> 00:09:46,570
exploit for this now.

110
00:09:46,680 --> 00:09:49,190
We do not want to go right here.

111
00:09:49,230 --> 00:09:55,530
There probably is something but we won't really spend so much time trying to find it I will just check

112
00:09:55,530 --> 00:10:00,890
out some of the links right here.

113
00:10:00,960 --> 00:10:01,560
I agree.

114
00:10:01,560 --> 00:10:02,070
Whatever.

115
00:10:02,070 --> 00:10:10,910
Let's go so available exploits so we can just check here available exploits

116
00:10:14,690 --> 00:10:19,940
and we have the module name for the Matus point program that we share and still covered.

117
00:10:19,940 --> 00:10:26,300
So we won't be showing it right now but it's basically an auxiliary module which allows us to scan the

118
00:10:27,110 --> 00:10:31,880
vulnerability that we just discovered in the method point framework

119
00:10:36,030 --> 00:10:43,200
now we can also try to find the vulnerability with the name of the vulnerability itself but not like

120
00:10:43,200 --> 00:10:44,340
this.

121
00:10:44,550 --> 00:10:49,500
Let's like this Apache emote is a key exploit.

122
00:10:50,780 --> 00:10:55,230
You can try to find something.

123
00:10:55,230 --> 00:11:07,440
Let us check right here and here we found something which is basically c++ program that probably exploits

124
00:11:07,440 --> 00:11:10,800
this vulnerability.

125
00:11:10,800 --> 00:11:11,550
So here it is.

126
00:11:11,550 --> 00:11:20,070
You could just copy this entire program and just paste it into C++ file compile that file and run it

127
00:11:20,130 --> 00:11:24,180
and you would exploit the vulnerability of course you will need to change some of these certain things

128
00:11:24,180 --> 00:11:27,430
right here for example ports IP addresses and so on.

129
00:11:28,110 --> 00:11:35,600
But if you wanted to you could do that not really sure what it would give you but I believe it will

130
00:11:35,600 --> 00:11:37,140
give you a reverse shell.

131
00:11:37,160 --> 00:11:40,010
I'm not really sure what this vulnerability is.

132
00:11:40,610 --> 00:11:43,200
So we want exploiting.

133
00:11:43,280 --> 00:11:48,680
We won't be exploiting it right now since it requires an auxiliary module from the maximal framework

134
00:11:51,670 --> 00:11:52,360
for now on.

135
00:11:52,370 --> 00:11:59,520
We'll just leave it on here where we have all of these scans completed and you can also try to research

136
00:11:59,520 --> 00:12:05,850
all these other vulnerabilities and see if there are any exploits written for them that you can use

137
00:12:07,700 --> 00:12:13,790
but we will cover the exploitation in some of the future lectures from now on we just wanted to see

138
00:12:14,000 --> 00:12:19,560
how we can scan the target for certain abilities and we did that.

139
00:12:19,580 --> 00:12:21,430
So that's about it for this.

140
00:12:21,440 --> 00:12:26,930
Now before I close this lecture and close the end of lecture there I just want to show you that there

141
00:12:26,930 --> 00:12:29,490
is another tool that you can use if you want to.

142
00:12:29,720 --> 00:12:37,320
It is basically almost the same as a map and it is almost the same called which is a map.

143
00:12:37,340 --> 00:12:42,950
Now the map is basically also a scanner the different.

144
00:12:42,980 --> 00:12:45,860
The difference is basically in just one letter.

145
00:12:45,860 --> 00:12:51,950
It has some of the different syntax for the scanning part but if you want to you can check it out.

146
00:12:51,950 --> 00:12:56,820
I won't be covering it since we covered a bigger tool which is an map and more useful tool.

147
00:12:56,990 --> 00:13:02,300
You can cut it you can check out some of these options by yourself and you can use this as well if you

148
00:13:02,300 --> 00:13:09,370
want to but that would be it for these materials if you learn all this stuff that we covered in previous

149
00:13:09,370 --> 00:13:14,980
videos you will be having some of the intermediate to advance knowledge of the map.

150
00:13:15,520 --> 00:13:21,700
Now maybe in the inland section we will learn how to write our own map scripts which will even more

151
00:13:21,700 --> 00:13:23,660
post your knowledge about it.

152
00:13:24,490 --> 00:13:30,490
So in the next video I will show you how to install the oh expert to machine that we will use for the

153
00:13:30,670 --> 00:13:32,830
penetration testing.

154
00:13:33,000 --> 00:13:34,370
It doesn't take that long.

155
00:13:34,360 --> 00:13:39,930
It basically takes a few minutes might be taking longer to download since it is around I believe one

156
00:13:39,930 --> 00:13:42,410
point five gigabytes or something like that.

157
00:13:42,570 --> 00:13:50,830
But once you download it it will take only a few minutes to install and then we will start with penetration

158
00:13:50,830 --> 00:13:57,670
testing which will be a longer section since there is a lot to cover and I hope I see you in the next

159
00:13:57,790 --> 00:13:59,370
lecture and take care.