NMAP

Course
Time
7 hours 1 minute
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:00
welcome to the lab on constructing an end map scan.
00:04
This lab is pretty long. So let's get started
00:08
in a lab. All quickly review how to get quick reference Help as you're running and map scans.
00:14
Then I'll demonstrate that and map scans can be typed out in various ways while delivering the same results.
00:20
Next, we'll go through the main target and output types and finally, I'll show you why I like putting target an output at the end of and map scans.
00:30
Okay, welcome to the lab on constructing an unmapped command line scan statement
00:35
in this lab, I'm gonna be using Windows 10.
00:38
Everything is the same with other operating systems. Except for the first part.
00:43
I'm gonna show you where to go on windows to make sure. And map is in your path, meaning that no matter where you are in the command prompt file system and map scans will run successfully.
00:53
So the first thing you want to do is click on your start button
00:57
and type
00:58
system,
01:03
then click on system control panel,
01:08
Then click advanced system settings over to the left
01:15
and then at the bottom you'll see environment variables click on that.
01:23
And so what we're looking for is the path variable,
01:26
which is right here. Well,
01:29
edit that
01:30
and right here, you'll see. And map is installed to see program files, back slash and map.
01:37
And that's correct. In my installation, that's pretty much the default installation of them. Map if you've installed it somewhere else, or you don't see and map anywhere in your environment Variables, um, in your path,
01:51
click on new,
01:53
and then just type the location where it iss.
01:56
You'll know better than I will. So
01:59
once you have it typed out there, or in most cases, you're gonna have it.
02:02
Um,
02:04
but what? Once you've verified that
02:07
and map is in your path, just click. Okay?
02:09
Okay.
02:12
Okay.
02:13
And then just close that
02:16
right? The next thing I want to show you is running and mapas an administrator. Just click on your start button in type C m. D for the command prompt.
02:27
Once it comes up at the top of the list,
02:29
right? Click on it and click Run his administrator
02:36
by default. When it opens, it should be at sea windows System 32. You can see that right there.
02:43
Eso
02:45
what I want to do is just show you that.
02:46
And map indeed does work from
02:50
kind of anywhere in the operating system. So we'll type
02:54
dash Capital V.
02:58
That'll give us the version of en map that we're running, hit, enter
03:02
and it works
03:06
now. Ah, type seedy space backslash hit Enter
03:10
and I'm at the root of the operating system now a root of C, I should say,
03:16
and
03:17
again type and map dash capital V just a test to make sure it's still working.
03:23
So a map will run
03:25
from
03:28
anywhere in the operating system. You can pretty much assume, because it's worked from the system 32 folder
03:34
and from the root of C.
03:37
Okay, now just a refresher.
03:39
Get help
03:42
for and map. You can type in map
03:44
space, Dash H,
03:47
and I'll scroll up here just so you can see
03:53
all of the different options available to you at and map.
04:01
Additionally, as we cover before you can type just in map and hit enter
04:09
the results of both of those two commands are exactly the same.
04:13
Okay, so one of the things that I wanna cover now our target types
04:18
and so I'm gonna scroll up
04:21
to the very top right after we
04:25
ran the end map command.
04:30
And right underneath. Here.
04:31
Here's the map. Command run underneath. It shows target specifications so
04:36
you can pass host names. I p addresses networks, et cetera.
04:40
If you ever want to refer back to it, that's where it ISS.
04:43
So I'm gonna go ahead and do a clear screen.
04:46
All right,
04:48
So
04:50
the first thing I want to do is show you how to scan a single host, even though we've done this before and map
04:57
1 92.1 68 1 dot to 54
05:01
That doesn't standard default and map scan of that, I'd be address.
05:05
There's the results.
05:08
Or you could do a scan of multiple hosts at the same time. You do? Ah, be range. So we'll do it in Mount Space
05:20
19 to 1 68 1.1 through 25.
05:25
Enter
05:27
the scan will take a little bit more time, so I'll probably cut it from the video.
05:32
All right, so you see that that scan took 9.62 seconds, which is a very nice,
05:38
very nice information to have,
05:40
uh,
05:41
for any scan.
05:44
Okay, So now I'm gonna clear the screen again.
05:47
All right? So N map also will accept
05:50
entire network range insider notation.
05:55
If you don't know what that is, I'll talk to you more about that in the T v i p section.
06:00
So we'll run a n map
06:10
slash 24.
06:12
So that will scan
06:15
every host on the 1921681.0 network,
06:19
which is Ah subnet Mask of 255.255 dot 255.0.
06:24
Essentially,
06:28
the scan takes awhile, so I'm definitely gonna cut this from the video.
06:33
Okay, so now we have our results from
06:36
the networks. Can insider notation
06:40
clear the screen again?
06:44
Okay, Now I'm gonna go back to another scan that we've done in the past just for demonstration purposes in that is unmapped space. Began me. That and matt dot or ge
06:56
hit. Enter.
06:57
This is just a show that you can also run an unmapped scan with the target of a fully qualified domain name.
07:04
All right,
07:05
clear the screen again.
07:06
Now we'll run a N map.
07:13
Now we'll do entire domain
07:15
insider notation form
07:17
of map dot or ge and we'll do a slash 29 which is a lot smaller network than a slash 24
07:24
since there's 29 bits
07:27
in the sub net mask,
07:32
meaning that there's 29 bits assigned to the
07:35
network portion of the I P address.

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor