Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 1 00:00:00,940 --> 00:00:02,710 The second program that we'll use 2 2 00:00:02,710 --> 00:00:05,990 for network mapping is Nmap. 3 3 00:00:05,990 --> 00:00:08,740 Now in the previous lecture we used netdiscover 4 4 00:00:08,740 --> 00:00:11,860 and we seen how nice it is to quickly discover 5 5 00:00:11,860 --> 00:00:14,300 all the devices connected to our network, 6 6 00:00:14,300 --> 00:00:17,610 see their MAC address and maybe get the vendor. 7 7 00:00:17,610 --> 00:00:21,150 Nmap takes scanning to a whole new level. 8 8 00:00:21,150 --> 00:00:23,960 It might be a little bit slower than netdiscover 9 9 00:00:23,960 --> 00:00:27,450 but it will show you much much more information 10 10 00:00:27,450 --> 00:00:28,730 about the target. 11 11 00:00:28,730 --> 00:00:31,090 So you'll be able to see the open ports, 12 12 00:00:31,090 --> 00:00:33,510 you'll be able to see the running programs 13 13 00:00:33,510 --> 00:00:36,160 or the running services on these open ports. 14 14 00:00:36,160 --> 00:00:39,400 You'll be able to determine the computer name, 15 15 00:00:39,400 --> 00:00:42,660 the operating system running on that computer. 16 16 00:00:42,660 --> 00:00:45,270 If you are in a network, you'll be able to discover 17 17 00:00:45,270 --> 00:00:47,380 all of the connected clients. 18 18 00:00:47,380 --> 00:00:51,070 You'll be able to bypass security, bypass firewalls 19 19 00:00:51,070 --> 00:00:52,483 and so much more. 20 20 00:00:53,600 --> 00:00:56,220 Nmap is actually a huge tool and there are books 21 21 00:00:56,220 --> 00:00:59,750 and complete courses done just to teach Nmap. 22 22 00:00:59,750 --> 00:01:02,490 The Nmap book would actually be a really good read 23 23 00:01:02,490 --> 00:01:04,920 once you're done with this course. 24 24 00:01:04,920 --> 00:01:07,700 Now because this tool is huge, we're not gonna be able 25 25 00:01:07,700 --> 00:01:10,710 to cover of all its uses but in this lecture, 26 26 00:01:10,710 --> 00:01:13,070 I'm gonna show you the basics of this tool, 27 27 00:01:13,070 --> 00:01:15,970 how to use it to discover all the connected clients 28 28 00:01:15,970 --> 00:01:18,700 and see useful information about them. 29 29 00:01:18,700 --> 00:01:21,300 And we'll actually use it more when we get 30 30 00:01:21,300 --> 00:01:23,423 to the gaining access section. 31 31 00:01:25,100 --> 00:01:27,160 We're actually going to be using Zenmap 32 32 00:01:27,160 --> 00:01:30,493 which is the graphical user interface of Nmap. 33 33 00:01:31,350 --> 00:01:34,490 So to run it in Terminal you just have to type Zenmap 34 34 00:01:35,480 --> 00:01:38,483 or you can find it under your Applications menu. 35 35 00:01:39,410 --> 00:01:43,040 Now as you can see, it has a very very simple interface. 36 36 00:01:43,040 --> 00:01:46,650 The first thing that we see is the target input box, 37 37 00:01:46,650 --> 00:01:48,940 in here you can put your target. 38 38 00:01:48,940 --> 00:01:51,730 You can scan any IP that you can reach, 39 39 00:01:51,730 --> 00:01:55,150 whether it's a personal computer, whether it's a server, 40 40 00:01:55,150 --> 00:01:58,300 whether it's an IP for a web-server for a website, 41 41 00:01:58,300 --> 00:02:01,190 for example, that you want to discover all the open ports 42 42 00:02:01,190 --> 00:02:03,730 and all the running services on it. 43 43 00:02:03,730 --> 00:02:06,070 Or, like what we're going to do right now, 44 44 00:02:06,070 --> 00:02:10,060 we can put a range similar to what we did with netdiscover 45 45 00:02:10,060 --> 00:02:14,270 and it will scan this whole range, discover all the live IPs 46 46 00:02:15,339 --> 00:02:18,200 of the connected machines on the same network 47 47 00:02:18,200 --> 00:02:20,703 and display information about them. 48 48 00:02:21,760 --> 00:02:24,860 Now we'll have a look on how to scan servers 49 49 00:02:24,860 --> 00:02:26,660 in the gaining access section. 50 50 00:02:26,660 --> 00:02:28,480 So for now, since we are still 51 51 00:02:28,480 --> 00:02:30,800 in the network hacking section 52 52 00:02:30,800 --> 00:02:33,740 we're gonna put a range to discover all the connected 53 53 00:02:33,740 --> 00:02:37,023 clients and see useful information about them. 54 54 00:02:37,910 --> 00:02:41,330 So, right now I'm actually connected to my wireless network, 55 55 00:02:41,330 --> 00:02:44,630 that's why I'm gonna specify the whole range on that network 56 56 00:02:44,630 --> 00:02:47,470 and we seen how to get that in the previous lecture. 57 57 00:02:47,470 --> 00:02:51,400 So it's 192.168.11 58 58 00:02:51,400 --> 00:02:52,913 over 24. 59 59 00:02:54,545 --> 00:02:56,930 At the bottom you can see the command, 60 60 00:02:56,930 --> 00:03:00,610 this is actually the Nmap command that will be executed 61 61 00:03:00,610 --> 00:03:02,700 when I hit the Scan button. 62 62 00:03:02,700 --> 00:03:05,140 So like I said, Zenmap, what we're using right now 63 63 00:03:05,140 --> 00:03:07,730 is just a graphical interface 64 64 00:03:07,730 --> 00:03:10,460 that will run this Nmap command in the background 65 65 00:03:10,460 --> 00:03:12,020 and show me the results. 66 66 00:03:12,020 --> 00:03:15,420 So, if you know a custom Nmap command you can put it here 67 67 00:03:15,420 --> 00:03:17,940 or if you just want to see Nmap in Terminal 68 68 00:03:17,940 --> 00:03:21,240 you can literally copy this command, paste it in Terminal 69 69 00:03:21,240 --> 00:03:24,000 and it will give you the same results that you would get 70 70 00:03:24,000 --> 00:03:25,243 if you run it here. 71 71 00:03:26,460 --> 00:03:29,540 Alternatively, if you don't really know much about Nmap 72 72 00:03:29,540 --> 00:03:31,290 and it's commands, you can use 73 73 00:03:31,290 --> 00:03:33,343 one of the ready profiles in here. 74 74 00:03:35,340 --> 00:03:37,780 So in this lecture we're actually gonna be using 75 75 00:03:37,780 --> 00:03:40,700 a number of these profiles and we'll see the difference 76 76 00:03:40,700 --> 00:03:42,800 between them, in terms of speed 77 77 00:03:42,800 --> 00:03:44,433 and the information gathered. 78 78 00:03:46,100 --> 00:03:48,930 So I'm gonna start with the Pink scan. 79 79 00:03:48,930 --> 00:03:51,920 This is a very quick scan, it literally just pings 80 80 00:03:51,920 --> 00:03:55,780 every possible IP in the range, and if it gets a response, 81 81 00:03:55,780 --> 00:03:58,310 it will record this response and it will show me 82 82 00:03:58,310 --> 00:04:00,450 the devices that devices that gave me a response 83 83 00:04:00,450 --> 00:04:02,250 which means that these are the devices 84 84 00:04:02,250 --> 00:04:04,220 connected to the network. 85 85 00:04:04,220 --> 00:04:07,780 Now a lot of devices do not respond to pinged requests 86 86 00:04:07,780 --> 00:04:11,240 even if they are alive, so the list that you'll get 87 87 00:04:11,240 --> 00:04:14,620 in the scan might not include all the devices 88 88 00:04:14,620 --> 00:04:16,163 connected to your network. 89 89 00:04:17,170 --> 00:04:19,960 Now once the scan's done, as you can see, we can see 90 90 00:04:19,960 --> 00:04:22,940 the list of all the connected devices in here. 91 91 00:04:22,940 --> 00:04:25,740 And in here we can also see the MAC addresses 92 92 00:04:25,740 --> 00:04:28,120 for each of these devices. 93 93 00:04:28,120 --> 00:04:31,140 We also can see the vendor, so for example, we can see 94 94 00:04:31,140 --> 00:04:35,710 that the device at 192.168.11 is a Cisco device, 95 95 00:04:35,710 --> 00:04:37,610 this actually my router 96 96 00:04:37,610 --> 00:04:40,470 and it is made by Cisco so this is correct. 97 97 00:04:40,470 --> 00:04:42,960 So we can go ahead and start looking for exploits 98 98 00:04:42,960 --> 00:04:44,053 in this device. 99 99 00:04:45,490 --> 00:04:49,900 We can also see the 192.168.10 is a HTC device 100 100 00:04:49,900 --> 00:04:53,400 and again, this is a HTC phone, this is correct. 101 101 00:04:53,400 --> 00:04:56,820 And since it's HTC then we know that it's probably 102 102 00:04:56,820 --> 00:04:58,490 running on Android. 103 103 00:04:58,490 --> 00:05:00,650 So as you can see, we're getting more information 104 104 00:05:00,650 --> 00:05:02,770 about the connected clients. 105 105 00:05:02,770 --> 00:05:07,770 Again, we can see the 192.168.12 is an Apple device, 106 106 00:05:07,770 --> 00:05:10,543 so it could be a phone, a tablet or a Mac. 107 107 00:05:11,410 --> 00:05:14,340 We can see the next device is a Dell. 108 108 00:05:14,340 --> 00:05:17,490 So again, it was a very quick scan but as you can see 109 109 00:05:17,490 --> 00:05:19,800 it still gave us much more information 110 110 00:05:19,800 --> 00:05:22,473 than what we got from netdiscover. 111 111 00:05:23,610 --> 00:05:26,310 The next scan that I wanna show you is the Quick scan. 112 112 00:05:27,520 --> 00:05:30,560 Now this is gonna be slightly slower than the Pink Scan 113 113 00:05:30,560 --> 00:05:32,893 but it's gonna show us more information. 114 114 00:05:34,900 --> 00:05:37,900 So right now, you can see that the scan is showing us 115 115 00:05:37,900 --> 00:05:41,530 the same information that we seen before with the Pink scan 116 116 00:05:41,530 --> 00:05:45,450 but it's also showing us the open ports on each one 117 117 00:05:45,450 --> 00:05:47,800 of the discovered devices. 118 118 00:05:47,800 --> 00:05:50,190 So it's able to discover the following ports 119 119 00:05:50,190 --> 00:05:53,500 in the router and we can see that port 80 is open. 120 120 00:05:53,500 --> 00:05:56,600 This is actually the port used for the router settings 121 121 00:05:56,600 --> 00:05:59,763 page because it runs on a webserver, so this is correct. 122 122 00:06:01,140 --> 00:06:03,660 Again we have our Apple device here that we said 123 123 00:06:03,660 --> 00:06:06,740 it might a phone or a computer or a tablet, 124 124 00:06:06,740 --> 00:06:09,080 but we can see now it has port 22 open. 125 125 00:06:09,080 --> 00:06:12,340 So this is a port for a service called SSH 126 126 00:06:12,340 --> 00:06:14,880 which is designed to allow remote access 127 127 00:06:14,880 --> 00:06:16,723 to the system it's running on. 128 128 00:06:17,760 --> 00:06:20,170 Again, if you go on all the other devices 129 129 00:06:20,170 --> 00:06:23,860 you can see all the open ports and the services running 130 130 00:06:23,860 --> 00:06:25,553 on each one of these ports. 131 131 00:06:27,290 --> 00:06:30,090 Now, in the next lecture, we'll build up on this. 132 132 00:06:30,090 --> 00:06:33,110 We'll see how to gather even more information 133 133 00:06:33,110 --> 00:06:36,750 and you'll see how important information gathering is 134 134 00:06:36,750 --> 00:06:40,180 because we're going to use the gathered information 135 135 00:06:40,180 --> 00:06:43,670 to hack into an iPhone that is connected 136 136 00:06:43,670 --> 00:06:44,963 to the same network. 12268