Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,090 --> 00:00:02,990 Now it's time to play around with Nazis. 2 00:00:03,210 --> 00:00:09,310 So when it comes to nurses nurses is what is called a vulnerability scanner. 3 00:00:09,330 --> 00:00:14,430 You're going to use this quite frequently when you work as a penetration tester slash ethical hacker. 4 00:00:14,580 --> 00:00:20,440 Basically let's say you're doing an external assessment chances are that you're going to use nurses 5 00:00:20,470 --> 00:00:23,340 in that assessment probably even right away. 6 00:00:23,350 --> 00:00:24,890 You might kick off your scans. 7 00:00:24,910 --> 00:00:30,070 Basically you're going to send out an e-mail saying hey scans are about to start and then you're gonna 8 00:00:30,070 --> 00:00:33,520 start your scans and then you get those scans run in while you let those scans run. 9 00:00:33,520 --> 00:00:34,720 They take some time. 10 00:00:34,830 --> 00:00:38,740 They're going to go out and do your information gathering maybe look for those breech credentials. 11 00:00:38,740 --> 00:00:40,880 Try to find something juicy on the client. 12 00:00:41,050 --> 00:00:46,090 Then you'll come back and you'll review your scan results and see if there's anything interesting there. 13 00:00:46,090 --> 00:00:49,480 Same thing with internal Ed the process really doesn't change. 14 00:00:49,480 --> 00:00:54,730 We use nurses quite a bit so we're going to use nurses here and just see what it looks like and how 15 00:00:54,730 --> 00:00:57,230 we can use it to our advantage. 16 00:00:57,250 --> 00:01:03,040 So let's go ahead and just go out to Google and we're going to Google Nexus download 17 00:01:05,630 --> 00:01:13,120 and we're going to go to downloads right here from tenable actually we'll download nexus right here 18 00:01:13,130 --> 00:01:16,680 sorry and up at the top. 19 00:01:16,780 --> 00:01:19,270 We are looking for 64 bit Debian. 20 00:01:19,300 --> 00:01:24,340 So it says Ubuntu but we're just looking for the Debian so we can go ahead and just click on that and 21 00:01:24,340 --> 00:01:25,220 download it. 22 00:01:25,390 --> 00:01:26,290 We'll agree. 23 00:01:26,290 --> 00:01:33,120 We won't even read it and we'll save here and this will take a minute or so to download depending on 24 00:01:33,120 --> 00:01:34,170 your connection speed. 25 00:01:34,170 --> 00:01:36,770 So if you need to pause go ahead and pause. 26 00:01:36,840 --> 00:01:45,540 Now we're going to open up a terminal and I'll make this a little bit bigger and I'm going to see over 27 00:01:46,080 --> 00:01:47,610 to my downloads folder. 28 00:01:47,640 --> 00:01:55,530 That's where it is and then we're going to say DP cagey which is d package and we're going to install 29 00:01:55,530 --> 00:01:56,130 with the dash. 30 00:01:56,160 --> 00:01:59,240 I know Miss to nexus. 31 00:01:59,340 --> 00:02:01,260 There we go. 32 00:02:01,260 --> 00:02:02,820 Just tab if you have nothing in there. 33 00:02:02,820 --> 00:02:05,340 Capital and on the Nexus and you should autocomplete. 34 00:02:05,940 --> 00:02:13,800 And then we'll hit enter and it's going to grab the package and then start to download it here and install 35 00:02:13,800 --> 00:02:16,910 it and you can see automatically it has been installed. 36 00:02:16,920 --> 00:02:23,790 So it says you can certain Asus scanner by typing forward slash Etsy and it d nexus D start going it's 37 00:02:23,790 --> 00:02:26,420 going to copy that and paste it. 38 00:02:28,010 --> 00:02:33,320 And then we're going to navigate to this Cally 4 4 3 8 4 8 8 3 4. 39 00:02:33,320 --> 00:02:34,180 Hey can I talk. 40 00:02:35,270 --> 00:02:37,130 And then you're going to see your connections not secure. 41 00:02:37,130 --> 00:02:40,850 We're just gonna say advance at exception confirm. 42 00:02:40,850 --> 00:02:42,320 And here is NASA's. 43 00:02:42,440 --> 00:02:44,570 Now this is going to compile plug ins here. 44 00:02:44,570 --> 00:02:46,820 So this is going to take some time. 45 00:02:46,820 --> 00:02:48,910 Go ahead and let this finish. 46 00:02:49,040 --> 00:02:56,190 And when it does go ahead and say we're going to download or install nested nests essentials OK. 47 00:02:56,210 --> 00:03:03,590 And then you're going to provide it with your name and you need a valid email for an activation code. 48 00:03:03,590 --> 00:03:04,970 All right. 49 00:03:04,970 --> 00:03:12,710 Once your activation code has arrived the email go ahead and just copy paste and then hit continue and 50 00:03:12,710 --> 00:03:15,050 then it's going to ask you for a username. 51 00:03:15,050 --> 00:03:20,160 So I'm going to say h Adams for me and then others do password 1 2 3. 52 00:03:20,300 --> 00:03:22,000 Because you know I'm super secure. 53 00:03:23,180 --> 00:03:24,210 And I'm not going to save. 54 00:03:24,220 --> 00:03:26,740 And then now it's gonna take a minute. 55 00:03:26,770 --> 00:03:30,520 So just go ahead and pause your video. 56 00:03:30,520 --> 00:03:33,090 Let this install go get a drink. 57 00:03:33,220 --> 00:03:34,370 Go get some coffee. 58 00:03:34,480 --> 00:03:36,340 Whatever it is that makes you happy. 59 00:03:36,460 --> 00:03:43,420 And once your Nexus is installed and you are at a log in screen go ahead and log in and then come back 60 00:03:43,420 --> 00:03:49,390 to the video and we'll start from there who that took for ever. 61 00:03:49,400 --> 00:03:49,790 All right. 62 00:03:49,820 --> 00:03:51,500 So we have loaded SS. 63 00:03:51,560 --> 00:03:55,520 It's installed and now we're brought to this playing screen that says my scans. 64 00:03:55,940 --> 00:03:56,750 Why is it blank. 65 00:03:56,750 --> 00:03:59,330 Well it's blank because we have made a scan yet. 66 00:03:59,720 --> 00:04:05,280 So let's go ahead and go up to new scan and let's quickly talk about what we're capable of doing. 67 00:04:05,280 --> 00:04:08,700 So this is the free edition of Nexus. 68 00:04:08,700 --> 00:04:15,030 This means that we can scan against any private IP address and we can scan up to 16 of those I do believe 69 00:04:15,120 --> 00:04:16,260 at one time. 70 00:04:16,290 --> 00:04:21,540 So remember back to the networking section of your class A through class see that's what we're capable 71 00:04:21,540 --> 00:04:22,250 of scanning here. 72 00:04:22,260 --> 00:04:27,250 If you were to try to go out and scan a Web site or a external host not going to happen. 73 00:04:27,270 --> 00:04:29,560 So we do have a couple options here. 74 00:04:29,580 --> 00:04:33,680 We're gonna start with this basic network scan and then we'll talk a little bit about the advance scan. 75 00:04:33,690 --> 00:04:39,820 So let's go ahead and click on this basic network here and what we can do is we can just type in something 76 00:04:39,820 --> 00:04:44,950 like key optics for the name and I just always copy this because you need a description. 77 00:04:45,040 --> 00:04:50,060 I just like to paste it in the description as well and then down here it's gonna say hey what targets 78 00:04:50,060 --> 00:04:51,520 do you want to scan against. 79 00:04:51,520 --> 00:04:57,760 Well we're only going to provide one IP address and that is the IP of cap tricks and then let's go with 80 00:04:57,760 --> 00:04:59,380 the tabs here on the side. 81 00:04:59,380 --> 00:05:03,420 We've got the scheduled tab schedule sounds exactly what it sounds like. 82 00:05:03,550 --> 00:05:04,530 It's scheduling. 83 00:05:04,630 --> 00:05:11,680 So let's say that you are into automation and you're working as a pen Tester and you it's a Monday morning 84 00:05:11,680 --> 00:05:17,140 at 8:00 maybe you want to sleep in just a little bit longer and you say hey you know I got to e-mail 85 00:05:17,140 --> 00:05:18,010 a client. 86 00:05:18,010 --> 00:05:20,160 I'll schedule that email go out at 8:00. 87 00:05:20,170 --> 00:05:26,500 And then the e-mail is going to say hey we're kicking off scans right now and at 8 or 1 maybe your scan 88 00:05:26,500 --> 00:05:32,740 can kick off and you can schedule that to happen and then you can wake up a little late protests there. 89 00:05:32,860 --> 00:05:39,400 Also you can enable scanning for once daily weekly monthly yearly so if you're in a business you can 90 00:05:39,400 --> 00:05:44,110 do this on a periodic basis and get updated scan results. 91 00:05:44,140 --> 00:05:50,610 There's also notifications the SMP if you have an S empty server most importantly discovery. 92 00:05:50,610 --> 00:05:53,010 So it's going to do port scan of common ports here. 93 00:05:53,130 --> 00:05:55,880 I actually like to do port scan of all ports. 94 00:05:56,040 --> 00:06:00,140 Again this is the same thing as like a dash P versus a dash P dash. 95 00:06:00,150 --> 00:06:03,240 You see the one through sixty five thousand five thirty five. 96 00:06:03,240 --> 00:06:05,540 Here we come down just common ports. 97 00:06:05,550 --> 00:06:07,850 I'm guessing top 1000. 98 00:06:07,980 --> 00:06:14,970 So let's go down into assessment and we see scan type default so we can scan default we can scan for 99 00:06:14,970 --> 00:06:23,220 web vulnerabilities we can scan for all web and all web complex let's just scan for known Web vulnerabilities. 100 00:06:23,220 --> 00:06:28,920 If we go into complex it's going to take a while and this just depends on how deep into the scan you 101 00:06:28,920 --> 00:06:29,380 want to go. 102 00:06:29,400 --> 00:06:30,900 But we'll just going to say for now. 103 00:06:30,900 --> 00:06:36,570 Scan for known Web vulnerabilities and it'll show what it's going to do it's can do some page crawling 104 00:06:36,870 --> 00:06:46,200 do some directory traversing and look for vulnerabilities OK on the report it's going to say hey can 105 00:06:46,200 --> 00:06:47,190 we edit scan results. 106 00:06:47,220 --> 00:06:48,470 Yes we can. 107 00:06:48,480 --> 00:06:51,920 Should we display hosts that respond to paying display unreachable hosts. 108 00:06:51,920 --> 00:06:53,110 I just leave this is default. 109 00:06:53,100 --> 00:06:54,470 Most the time. 110 00:06:54,660 --> 00:07:00,150 And then on the advance tab we have scan type I'd just like to say default here. 111 00:07:00,300 --> 00:07:09,220 So we'll save this and then we'll go ahead and just launch it and you'll see that we'll start spinning. 112 00:07:09,250 --> 00:07:12,740 And now it means we're we're running and this is going to take some time. 113 00:07:12,760 --> 00:07:19,580 So while this is going on let's go ahead and hit new scan up here and let's look at this as well. 114 00:07:19,610 --> 00:07:25,880 So you've got the advance scan and they've got other scans here which I don't use a lot of but you might 115 00:07:25,880 --> 00:07:30,590 have used them in the past if you're familiar with Nexus or they've got a little one off site they've 116 00:07:30,590 --> 00:07:37,250 got this shellshock detection and it looks like they've got these Shadow Broker's detection here. 117 00:07:37,250 --> 00:07:42,370 So they've got a couple of different scans even a malware scan but we're going to go into advance scan. 118 00:07:42,370 --> 00:07:46,490 These are the most common to you'll be using same deal here. 119 00:07:46,490 --> 00:07:49,760 And when we go into discovery you see a discovery is a little bit different. 120 00:07:50,240 --> 00:07:51,670 So we've got a host scanning. 121 00:07:51,790 --> 00:07:53,710 And it says Hey do you want to ping the host. 122 00:07:53,750 --> 00:07:55,350 Or maybe you don't want to bring the host. 123 00:07:55,370 --> 00:07:57,950 And if we do ping the hosts what are we looking for. 124 00:07:57,950 --> 00:08:03,170 Are we looking for our TGP ICMP or UDP. 125 00:08:03,170 --> 00:08:04,090 What do we want to scan. 126 00:08:04,100 --> 00:08:05,510 We want to scan network printers. 127 00:08:05,510 --> 00:08:09,390 If we're doing an internal network assessment maybe we want to click that. 128 00:08:09,620 --> 00:08:10,410 Maybe not. 129 00:08:10,410 --> 00:08:14,890 You know and we can do a different types of scanning here. 130 00:08:14,900 --> 00:08:20,060 There's a lot more options which is what advance scanning is for we could do port scanning you see the 131 00:08:20,060 --> 00:08:23,420 sense scan comes up again a.k.a. still scanning. 132 00:08:23,420 --> 00:08:28,760 We could do UDP even down here it says it's really not possible for a UDP to pick up between open and 133 00:08:28,760 --> 00:08:29,970 filtered ports. 134 00:08:30,050 --> 00:08:34,120 So UDP scanning takes forever and it's not always reliable. 135 00:08:34,220 --> 00:08:36,160 We could do a service discovery. 136 00:08:36,290 --> 00:08:42,300 I kind of just leave these blank or leave them as default and then we come through assessment. 137 00:08:42,350 --> 00:08:43,620 Same thing. 138 00:08:43,730 --> 00:08:45,590 It just gives us additional options here. 139 00:08:45,590 --> 00:08:49,420 So it's always good to click through these do we want to brute force any log ins. 140 00:08:49,430 --> 00:08:52,100 We could use Hydra to do brute forcing if we want. 141 00:08:52,190 --> 00:08:57,530 We could test for default accounts on if we could discover like an Oracle database etc. But this is 142 00:08:57,530 --> 00:09:01,910 going to go through and try empty passwords try log in as password etc.. 143 00:09:01,940 --> 00:09:04,460 So this just does a little bit more here. 144 00:09:04,520 --> 00:09:11,120 We can scan web applications and we can say hey we want to use a specific user agent or we want to crawl 145 00:09:11,120 --> 00:09:12,630 from a certain web page. 146 00:09:12,670 --> 00:09:17,490 How many pages we're going to crawl again it just gives us more control. 147 00:09:17,570 --> 00:09:23,750 So if we come down here reporting looks the same and then advance we have a little bit of more options 148 00:09:23,750 --> 00:09:24,650 here as well. 149 00:09:25,100 --> 00:09:31,520 But again either either way if you use advance scan I would start with the basic scan just as a beginner 150 00:09:31,520 --> 00:09:36,590 and then kind of play around data and scan and see if you can scan against the same hosts and maybe 151 00:09:36,590 --> 00:09:40,720 get back more information and maybe key objects is a good one to play with. 152 00:09:40,850 --> 00:09:46,040 But let's go ahead and go over to credentials and now if you have credentials for a machine and you 153 00:09:46,040 --> 00:09:52,160 wanted to like log into that machine the SSA at your windows or even S&P you can enter in credentials 154 00:09:52,640 --> 00:09:57,680 and you could scan a little bit deeper on the machine but you're likely never going to get that as a 155 00:09:57,680 --> 00:10:00,870 pen Tester because you usually don't have any access. 156 00:10:01,040 --> 00:10:05,000 So let's go back to our scans and you see now that it's scanning and running. 157 00:10:05,090 --> 00:10:09,620 The nice thing is that it does update vulnerabilities as it finds them and it is finding them we're 158 00:10:09,620 --> 00:10:11,690 actually at ninety nine percent right now. 159 00:10:11,690 --> 00:10:15,080 So you can click in it and you can see that it's got all different kind of vulnerabilities. 160 00:10:15,080 --> 00:10:17,000 And right now they're kind of grouped. 161 00:10:17,000 --> 00:10:20,540 So we don't worry about them too much we're going to group this once it's done. 162 00:10:21,080 --> 00:10:21,920 So I tell you what. 163 00:10:21,920 --> 00:10:25,940 Go ahead let your scan finish once your scans finish. 164 00:10:25,970 --> 00:10:29,300 I'm going to meet you over in the next video which is going to be part two or we're going to look at 165 00:10:29,300 --> 00:10:30,500 the scan results. 166 00:10:30,500 --> 00:10:33,920 Talk about him a little bit and see what nurses can do for us. 16654