Constructing an Nmap Scan Lab Part 1 - NM

00:00

welcome to the lab on constructing an end map scan.

00:04

This lab is pretty long. So let's get started

00:08

in a lab. All quickly review how to get quick reference Help as you're running and map scans.

00:14

Then I'll demonstrate that and map scans can be typed out in various ways while delivering the same results.

00:20

Next, we'll go through the main target and output types and finally, I'll show you why I like putting target an output at the end of and map scans.

00:30

Okay, welcome to the lab on constructing an unmapped command line scan statement

00:35

in this lab, I'm gonna be using Windows 10.

00:38

Everything is the same with other operating systems. Except for the first part.

00:43

I'm gonna show you where to go on windows to make sure. And map is in your path, meaning that no matter where you are in the command prompt file system and map scans will run successfully.

00:53

So the first thing you want to do is click on your start button

00:57

and type

00:58

system,

01:03

then click on system control panel,

01:08

Then click advanced system settings over to the left

01:15

and then at the bottom you'll see environment variables click on that.

01:23

And so what we're looking for is the path variable,

01:26

which is right here. Well,

01:29

edit that

01:30

and right here, you'll see. And map is installed to see program files, back slash and map.

01:37

And that's correct. In my installation, that's pretty much the default installation of them. Map if you've installed it somewhere else, or you don't see and map anywhere in your environment Variables, um, in your path,

01:51

click on new,

01:53

and then just type the location where it iss.

01:56

You'll know better than I will. So

01:59

once you have it typed out there, or in most cases, you're gonna have it.

02:02

Um,

02:04

but what? Once you've verified that

02:07

and map is in your path, just click. Okay?

02:09

Okay.

02:12

Okay.

02:13

And then just close that

02:16

right? The next thing I want to show you is running and mapas an administrator. Just click on your start button in type C m. D for the command prompt.

02:27

Once it comes up at the top of the list,

02:29

right? Click on it and click Run his administrator

02:36

by default. When it opens, it should be at sea windows System 32. You can see that right there.

02:43

Eso

02:45

what I want to do is just show you that.

02:46

And map indeed does work from

02:50

kind of anywhere in the operating system. So we'll type

02:54

dash Capital V.

02:58

That'll give us the version of en map that we're running, hit, enter

03:02

and it works

03:06

now. Ah, type seedy space backslash hit Enter

03:10

and I'm at the root of the operating system now a root of C, I should say,

03:16

and

03:17

again type and map dash capital V just a test to make sure it's still working.

03:23

So a map will run

03:25

from

03:28

anywhere in the operating system. You can pretty much assume, because it's worked from the system 32 folder

03:34

and from the root of C.

03:37

Okay, now just a refresher.

03:39

Get help

03:42

for and map. You can type in map

03:44

space, Dash H,

03:47

and I'll scroll up here just so you can see

03:53

all of the different options available to you at and map.

04:01

Additionally, as we cover before you can type just in map and hit enter

04:09

the results of both of those two commands are exactly the same.

04:13

Okay, so one of the things that I wanna cover now our target types

04:18

and so I'm gonna scroll up

04:21

to the very top right after we

04:25

ran the end map command.

04:30

And right underneath. Here.

04:31

Here's the map. Command run underneath. It shows target specifications so

04:36

you can pass host names. I p addresses networks, et cetera.

04:40

If you ever want to refer back to it, that's where it ISS.

04:43

So I'm gonna go ahead and do a clear screen.

04:46

All right,

04:48

So

04:50

the first thing I want to do is show you how to scan a single host, even though we've done this before and map

04:57

1 92.1 68 1 dot to 54

05:01

That doesn't standard default and map scan of that, I'd be address.

05:05

There's the results.

05:08

Or you could do a scan of multiple hosts at the same time. You do? Ah, be range. So we'll do it in Mount Space

05:20

19 to 1 68 1.1 through 25.

05:25

Enter

05:27

the scan will take a little bit more time, so I'll probably cut it from the video.

05:32

All right, so you see that that scan took 9.62 seconds, which is a very nice,

05:38

very nice information to have,

05:40

uh,

05:41

for any scan.

05:44

Okay, So now I'm gonna clear the screen again.

05:47

All right? So N map also will accept

05:50

entire network range insider notation.

05:55

If you don't know what that is, I'll talk to you more about that in the T v i p section.

06:00

So we'll run a n map

06:10

slash 24.

06:12

So that will scan

06:15

every host on the 1921681.0 network,

06:19

which is Ah subnet Mask of 255.255 dot 255.0.

06:24

Essentially,

06:28

the scan takes awhile, so I'm definitely gonna cut this from the video.

06:33

Okay, so now we have our results from

06:36

the networks. Can insider notation

06:40

clear the screen again?

06:44

Okay, Now I'm gonna go back to another scan that we've done in the past just for demonstration purposes in that is unmapped space. Began me. That and matt dot or ge

06:56

hit. Enter.

06:57

This is just a show that you can also run an unmapped scan with the target of a fully qualified domain name.

07:04

All right,

07:05

clear the screen again.

07:06

Now we'll run a N map.

07:13

Now we'll do entire domain

07:15

insider notation form

07:17

of map dot or ge and we'll do a slash 29 which is a lot smaller network than a slash 24

07:24

since there's 29 bits

07:27

in the sub net mask,

07:32

meaning that there's 29 bits assigned to the