Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,760 --> 00:00:01,400 Welcome back. 2 00:00:01,960 --> 00:00:08,090 Here we are ready to start our scanning phase, we have covered the information gathering, which was 3 00:00:08,110 --> 00:00:14,410 first phase of penetration testing, and now we will proceed with the second stage by scanning our target 4 00:00:14,410 --> 00:00:17,230 and trying to get even more information about it. 5 00:00:18,010 --> 00:00:25,420 Now, the difference between information gathering and scanning is that scanning is performed on a much 6 00:00:25,600 --> 00:00:26,710 deeper level. 7 00:00:27,770 --> 00:00:33,980 And also, while in the first phase, we gathered all kinds of information, such as emails, phone 8 00:00:33,980 --> 00:00:40,450 numbers and bunch of other things in the scanning, we're mainly focused on technology side. 9 00:00:41,090 --> 00:00:45,350 So we want to find out as much as we can about our target's technical aspect. 10 00:00:45,890 --> 00:00:51,950 We're going to talk about in just a second as to what exactly are we looking for in this stage and what 11 00:00:51,950 --> 00:00:53,620 are all the goals of this stage. 12 00:00:54,260 --> 00:01:01,820 But first, you could be wondering, what are we going to scan since remember that scanning is something 13 00:01:01,820 --> 00:01:05,510 that we are not allowed to do on any target that we want? 14 00:01:06,630 --> 00:01:13,590 Don't worry, for this stage and any future stage from now on, we're going to be using vulnerable virtual 15 00:01:13,590 --> 00:01:14,160 machines. 16 00:01:15,190 --> 00:01:21,340 There are lots of paid, vulnerable virtual machines that you can buy and test on, but for this course, 17 00:01:21,340 --> 00:01:27,850 I will be showing the free ones so all of us can download them, install them, and then try to hack 18 00:01:27,850 --> 00:01:28,000 the. 19 00:01:29,320 --> 00:01:34,750 All of these virtual machines are going to be running some outdated, vulnerable software that we will 20 00:01:34,750 --> 00:01:40,700 be able to exploit in the third stage, and they will also require very little hardware power. 21 00:01:41,110 --> 00:01:45,250 So all of us will be able to run them while also running Linux. 22 00:01:45,970 --> 00:01:51,880 And keep in mind that penetration testing process will look exactly like it would look in the real world 23 00:01:52,120 --> 00:01:54,230 if you would test some website or some network. 24 00:01:54,880 --> 00:02:01,390 The only difference is that right now we know that these machines are vulnerable, since I just told 25 00:02:01,390 --> 00:02:01,600 you. 26 00:02:01,750 --> 00:02:05,700 And in real world, you wouldn't essentially know that before testing them. 27 00:02:06,430 --> 00:02:12,460 However, just knowing they are vulnerable doesn't really help us as we need to figure out in what way 28 00:02:12,460 --> 00:02:15,340 are vulnerable and how can we take advantage of that. 29 00:02:16,090 --> 00:02:18,010 Scanning will help us with this. 30 00:02:18,880 --> 00:02:23,770 We will be using our Linux machine to scan these machines. 31 00:02:24,490 --> 00:02:30,010 And by scanning these machines, what they really mean is we're going to directly exchange packets with 32 00:02:30,010 --> 00:02:30,850 our target. 33 00:02:30,850 --> 00:02:36,670 And once that target sends packets back to us, hopefully it will discover something about the target 34 00:02:36,670 --> 00:02:38,800 machine that we will find useful. 35 00:02:39,780 --> 00:02:48,660 And what we will be sending to the target, our DCP and UDP packet, DCPI and UDP are just protocols 36 00:02:48,660 --> 00:02:52,160 that are used for sending bits of data, also known as Becket's. 37 00:02:52,500 --> 00:02:56,000 And we will discuss them in a little more detail in the next video. 38 00:02:56,640 --> 00:03:02,670 For now, just think of them as different communication protocols that will allow us to get information 39 00:03:03,030 --> 00:03:04,230 from our target. 40 00:03:05,250 --> 00:03:12,000 I keep talking about information and scanning and all of that without actually explaining what do I 41 00:03:12,000 --> 00:03:14,300 mean by scanning and getting information? 42 00:03:14,910 --> 00:03:16,020 What are the goals of this? 43 00:03:16,410 --> 00:03:18,470 What are we looking for exactly? 44 00:03:19,080 --> 00:03:26,040 Well, we're looking for open ports, and I don't mean U.S. ports or some physical ports. 45 00:03:26,070 --> 00:03:32,520 I mean, we are looking for virtual open ports that every machine has, and it uses them to close their 46 00:03:32,520 --> 00:03:35,520 software and communicate with other machines over the Internet. 47 00:03:36,030 --> 00:03:41,940 For example, you watching this over Internet on a website means that the machine that's hosting this 48 00:03:41,940 --> 00:03:49,410 website has bought 80 open wide port at well, 48 is used to host a Web server. 49 00:03:49,770 --> 00:03:54,270 It is used for HDB and it's also known as HTP Port. 50 00:03:55,020 --> 00:04:00,210 So every time you visit a website, you are essentially making a connection to that machine, hosting 51 00:04:00,210 --> 00:04:08,160 that website, one point eighty or one port, four for three since Port 80 is used for HTP and Port 52 00:04:08,160 --> 00:04:15,140 four for three is used for DP's and HTTPS is just a secure version of HTP. 53 00:04:16,290 --> 00:04:22,550 These are the two most usual ports that target that you're scanning externally will have open and by 54 00:04:22,560 --> 00:04:27,750 external scanning, I mean that you're scanning it while not being in the same network as the target. 55 00:04:28,650 --> 00:04:31,860 An example would be you scanning some website from your home. 56 00:04:32,940 --> 00:04:38,460 And a report that could sometimes be open if you're scanning internally, which means either scanning 57 00:04:38,460 --> 00:04:43,770 machines on your network or your performing net for penetration testing inside of some company, you 58 00:04:43,770 --> 00:04:47,130 could, for example, find Port 21 to be open. 59 00:04:48,390 --> 00:04:54,800 This is an nifty port and it's used for file transferring, FPP stands for file transfer protocol. 60 00:04:55,620 --> 00:04:59,160 These are just two of the ports and there are a lot of them. 61 00:04:59,610 --> 00:05:06,150 You could, for example, have for 20 to open, which is SSA port or secure port. 62 00:05:06,780 --> 00:05:10,950 It is used to log into the target machine and execute commands on it remotely. 63 00:05:11,490 --> 00:05:18,840 We could also have, for example, Port 53 open, which is DanceSport, or we could have Port twenty 64 00:05:18,840 --> 00:05:20,910 five open, which is SMTP port. 65 00:05:21,780 --> 00:05:23,460 So there are a lot of ports. 66 00:05:23,850 --> 00:05:31,020 Matter of fact, every machine has sixty five thousand five hundred and thirty five ports for both DCPI 67 00:05:31,020 --> 00:05:32,030 and UDP. 68 00:05:32,700 --> 00:05:39,060 And if there is just one open port with one vulnerable software running on that open port, then that 69 00:05:39,060 --> 00:05:41,970 target is vulnerable and it could be exploited. 70 00:05:42,420 --> 00:05:46,940 Now the high secure machines are the ones that have all ports closed. 71 00:05:47,730 --> 00:05:54,300 These are usually your home devices, such as laptops or computers that you use just for browsing online 72 00:05:54,330 --> 00:05:56,100 or playing video games or something. 73 00:05:56,820 --> 00:06:01,500 They don't need to be hosting any software since they are not a server that someone will connect to 74 00:06:01,560 --> 00:06:02,670 for a certain service. 75 00:06:03,120 --> 00:06:05,310 They're just home devices that you use. 76 00:06:05,580 --> 00:06:12,240 But websites, for example, must have Port 80 or port four for three open since they are hosting a 77 00:06:12,240 --> 00:06:12,960 Web page there. 78 00:06:13,470 --> 00:06:17,490 Also in companies, their machines could have some port open. 79 00:06:18,090 --> 00:06:23,820 Maybe they use that port on all their machines within that company to internally transfer files between 80 00:06:23,820 --> 00:06:24,600 different machines. 81 00:06:24,930 --> 00:06:26,280 It could be anything, basically. 82 00:06:26,430 --> 00:06:33,240 Now, the problem, of course, if that software they use on their open ports is outdated and has a 83 00:06:33,240 --> 00:06:41,040 vulnerability, then our job as a hacker is to scan that machine for open ports and exploit that machine 84 00:06:41,400 --> 00:06:44,750 through that vulnerable software running on the open port. 85 00:06:45,060 --> 00:06:51,330 But the goal for now in the scanning section is only to scan the target for the open ports. 86 00:06:51,750 --> 00:06:58,590 Then we want to discover what software are running on those open ports, and we want to go as deep as 87 00:06:58,590 --> 00:07:02,610 discovering what version of software is on that open port. 88 00:07:03,530 --> 00:07:04,160 Are you ready? 89 00:07:04,790 --> 00:07:10,290 We are going to be covering a lot in this section and in this section we will cover one of the most 90 00:07:10,290 --> 00:07:13,170 important tools that the hacker must master. 91 00:07:13,680 --> 00:07:15,690 That tool is called and map. 92 00:07:16,800 --> 00:07:17,970 Let's dive into scanning. 9839