Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,960 --> 00:00:04,330
Let's start digging a little bit deeper.
2
00:00:04,510 --> 00:00:05,410
We've run Unmap.
3
00:00:05,410 --> 00:00:08,800
We've seen what ports are open what services are running behind the sports.
4
00:00:08,800 --> 00:00:12,600
We've even seen what versions these services have.
5
00:00:12,720 --> 00:00:14,090
But I want more information.
6
00:00:14,100 --> 00:00:19,980
I want to start finding what vulnerabilities that I can exploit and to do that as we've seen before
7
00:00:20,040 --> 00:00:24,000
we use an ability scanner and the hacking for beginner scores.
8
00:00:24,000 --> 00:00:28,120
We went over Nessus on Windows and they call it Linux tutorial.
9
00:00:28,140 --> 00:00:31,530
I showed you how to install Nessus on Kalli.
10
00:00:31,570 --> 00:00:36,840
So what I'm going to do now is I'm going to start the NSA service and I do that using these slashy ATC
11
00:00:36,970 --> 00:00:42,030
slash and ADOT the slash Nessus d start commands.
12
00:00:42,370 --> 00:00:47,870
Now that it's up and running I actually don't remember what port exactly the NSA service runs on.
13
00:00:48,370 --> 00:00:53,560
So I'm going to use one of the commands that we've learnt before which is then stack command to see
14
00:00:53,560 --> 00:00:55,930
what services are running on my machine.
15
00:00:56,840 --> 00:00:57,760
And here we go.
16
00:00:57,800 --> 00:00:58,340
There it is.
17
00:00:58,340 --> 00:01:05,500
This is the SSD running on board eight eighty four.
18
00:01:05,670 --> 00:01:11,070
So I've opened the page and you might notice that this looks a little bit different than the previous
19
00:01:11,070 --> 00:01:12,770
Nessus and the previous videos.
20
00:01:12,900 --> 00:01:17,070
And this is because this is an updated video with the latest Nessus version.
21
00:01:17,070 --> 00:01:18,960
So it does look a little bit different.
22
00:01:18,990 --> 00:01:23,600
However the core of it and how we do the scans is pretty much still exactly the same.
23
00:01:24,030 --> 00:01:29,400
I'm going to log in using my username and password that I created during the installation process.
24
00:01:30,450 --> 00:01:32,310
And I'm going to start and you scan
25
00:01:36,200 --> 00:01:40,620
you see here a lot of different options that we talk about in more advanced courses.
26
00:01:40,700 --> 00:01:46,700
For now all I'm going to do is I'm going to go with the basic network scan so I'm going to click on
27
00:01:46,700 --> 00:01:47,160
that.
28
00:01:47,180 --> 00:01:50,230
I'm going to name my scan at this floatable too.
29
00:01:50,240 --> 00:01:56,440
I'll leave that description empty and my target is the IP address of the disposable machine.
30
00:01:56,840 --> 00:01:57,980
I'll save it.
31
00:01:57,980 --> 00:02:01,180
And remember after you save it you need to launch the scan.
32
00:02:01,190 --> 00:02:03,220
It will not start automatically.
33
00:02:03,290 --> 00:02:08,780
So I'm going to launch it and you see now the green arrows spinning around telling me that the scan
34
00:02:08,780 --> 00:02:11,600
is running to see where my scan progresses.
35
00:02:11,600 --> 00:02:19,760
I can double click on it and if I want to go back I can go back to my scans so it's still running here.
36
00:02:19,760 --> 00:02:23,030
Notice the difference between the running and the completed scans.
37
00:02:23,220 --> 00:02:25,160
Let me double click on it again.
38
00:02:25,260 --> 00:02:26,760
And now you might see a slight difference.
39
00:02:26,760 --> 00:02:32,280
The Nessus graphical interface now so I can actually go and look at the vulnerabilities that the see
40
00:02:32,280 --> 00:02:35,400
what vulnerabilities have been discovered so far.
41
00:02:35,430 --> 00:02:37,480
Keep in mind that the scan is still running.
42
00:02:37,500 --> 00:02:40,910
So if I go back to my scans it's still going on.
43
00:02:40,920 --> 00:02:43,670
There will be more vulnerabilities to be discovered.
44
00:02:44,010 --> 00:02:49,410
I'm going to speed the video up a little bit and now that the scan is complete I can go to the vulnerabilities
45
00:02:49,440 --> 00:02:51,590
and start looking at them one by one.
46
00:02:53,030 --> 00:02:58,340
On the right hand side there's some scan details it tells me the name of the scan what the status is
47
00:02:58,730 --> 00:03:02,950
what their policy I use so I use the basic network scan here.
48
00:03:03,390 --> 00:03:04,090
The scanner.
49
00:03:04,130 --> 00:03:06,750
So this is if I'm using multiple scanners.
50
00:03:06,800 --> 00:03:07,630
When did it start.
51
00:03:07,640 --> 00:03:09,320
When did it end and how long it took.
52
00:03:09,320 --> 00:03:11,960
So in my case it took about seven minutes.
53
00:03:11,960 --> 00:03:16,970
Obviously I'm going to keep the video running for seven minutes so I just fast forward to the end of
54
00:03:16,970 --> 00:03:17,580
the scan.
55
00:03:17,630 --> 00:03:22,890
So don't be surprised if you see the scan taking a lot longer than the length of this video.
56
00:03:22,970 --> 00:03:28,310
You'll also notice that the vulnerabilities are grouped by criticality from the highest to the lowest
57
00:03:28,730 --> 00:03:31,910
critical risk is the highest and the ratings of criticality.
58
00:03:31,970 --> 00:03:36,670
Then you have under that the high medium low and info.
59
00:03:36,710 --> 00:03:43,040
Keep in mind though just because a vulnerability is medium or low that does not mean we get to ignore
60
00:03:43,040 --> 00:03:45,620
it and the hacking for beginners scores.
61
00:03:45,620 --> 00:03:52,160
We saw how we managed to break into our target using a low severity vulnerability for the purpose of
62
00:03:52,170 --> 00:03:52,650
the.
63
00:03:52,640 --> 00:03:57,810
However we're going to be focusing on some of the most critical ones because going through one hundred
64
00:03:57,810 --> 00:04:01,800
and eight vulnerabilities will end up dragging this video on for days.
65
00:04:01,820 --> 00:04:07,280
So let's focus on the more critical ones and to see the details of any vulnerability I can just click
66
00:04:07,280 --> 00:04:13,160
on it and read the description of what an attacker can do and what the results can be.
67
00:04:13,280 --> 00:04:19,760
Just to go back on the point of the criticality of vulnerabilities if I do a quick search for FTB you'll
68
00:04:19,760 --> 00:04:27,050
notice that Nessus returned only one finding which is the FTB server detection meaning that Messis managed
69
00:04:27,050 --> 00:04:29,630
to detect that that is NFD service running.
70
00:04:29,630 --> 00:04:36,830
However Mazur's did not tell me that this FTB the server that we just exploited is actually vulnerable.
71
00:04:36,950 --> 00:04:43,880
So for some reason whatever that reason might be Nessa's failed to detect that that particular FTB server
72
00:04:44,210 --> 00:04:46,810
is actually vulnerable and is exploitable.
73
00:04:46,820 --> 00:04:54,220
So for some particular reason mezzos failed to detect that this particular FTB server is vulnerable.
74
00:04:54,320 --> 00:04:58,310
Now again I do not want to concern you or myself with reason of why this happened.
75
00:04:58,310 --> 00:05:04,790
It could be that the scan got interrupted that the service crashed that the network is unreliable whatever
76
00:05:04,790 --> 00:05:10,560
it is and this is why we never ever rely on just one tool output.
77
00:05:10,850 --> 00:05:13,250
This is why we investigate using a map.
78
00:05:13,250 --> 00:05:14,980
We investigate using Nessus.
79
00:05:15,020 --> 00:05:20,630
We investigate manually by connecting to each service and we investigate using a lot of other tools
80
00:05:20,630 --> 00:05:21,450
as well.
81
00:05:21,680 --> 00:05:25,430
So do keep that in mind just because the vulnerability scanner does not say it's vulnerable.
82
00:05:25,490 --> 00:05:27,410
That does not mean it's not vulnerable.
8674
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.