NMAP

Course
Time
7 hours 1 minute
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:00
So I'm gonna open up my email here.
00:05
This gets a little bit personal
00:08
and a lot of times in your junk mail, you'll see some strange stuff. So
00:14
I don't know who this review safety is. It's probably something that I looked up or bought at some point, but
00:21
your email clients gonna be different than this. Obviously,
00:24
I'll leave it up to you to decide. Oh, our determine how to get to your email headers. But in Microsoft Outlook,
00:32
you open up the email, click on file
00:35
properties
00:36
and here's your email headers right here.
00:40
One of things I like to do
00:42
when doing email header analysis is come through
00:46
and look for
00:48
I p addresses
00:49
so we can see that
00:51
the centers I p address is this address right here.
00:55
So copy it.
00:57
We'll close out of my email
01:02
and we'll add that is the target.
01:04
All right, so let's find out information about this I p address.
01:15
Okay, so here's the scan results. You can see all the detail here,
01:19
the i. P address resolved to this name,
01:23
and
01:23
here you can see who the I P address is registered to
01:29
and there
01:30
Organization in email address.
01:33
And so that's a pretty cool scan.
01:34
All right, so let's create another custom scan. This one is we're gonna call it.
01:42
We'll call this one who is domain.
01:52
I'm gonna clear out all these options.
01:57
And this one also is an NSC script.
02:00
Local gun scripting.
02:04
Start typing. Who is
02:06
she? Choose who is domain.
02:08
I'll uncheck. Who is I? P
02:15
and I'll leave all the other default options as they are.
02:21
Well,
02:22
save changes.
02:23
And in the drop down list, there's the Who has domain.
02:28
Clear out our last target.
02:30
And again, I'm gonna open up my email.
02:32
We'll go into our junk mail folder again and do a little email header. Analysis
02:38
Junk.
02:40
Do this. Ah, Trophy Depot.
02:50
All right, so this time we're gonna do who is on the domain itself instead of the I. P address.
03:00
We could just choose trophy depot dot com
03:08
clothes out of that again.
03:13
Make that our target.
03:15
And let's find out more information about trophy trophy depot dot com.
03:25
What the scandal do is return the information from the registrars who is database
03:39
again. The most important part about this is
03:44
not so much
03:45
what the skin does but the fact that
03:47
you can name your custom profiles and you can set all those options, so don't get too hung up in the in the other details.
03:57
So
03:58
here you can see that the registrar is that we're solutions.
04:02
Here's the abuse,
04:05
email and phone number,
04:08
and you could see that their D N s is hosted by Cloudflare.
04:12
So they have some Adidas protection.
04:15
Okay,
04:15
let's do one more custom profile.
04:19
New profile.
04:25
Clear out all these options.
04:29
Call this one
04:34
quick. Detailed
04:36
the less detection.
04:42
Okay, so the scan is pretty useful. I know the i p address of my server on this network, so I'm cheating a little bit because I already have that I'd be addressed. But,
04:53
um, again, when we're building out profiles, we leave the target blank, so this will work on any target.
05:00
So I'm first going to go to
05:04
scan
05:09
we're gonna do an OS detection,
05:15
and here I'm gonna choose the timing template
05:17
of aggressive
05:20
that makes it work a lot faster, but it is more intrusive. So if you're doing this to an outside or unknown I p address or target,
05:30
it could be flagged by an I D s
05:32
or firewall.
05:39
One other really useful OS detection
05:45
option is NSC script,
05:47
so it will goto scripting, and we'll do it.
05:51
SMB OS Discovery s and B O s discovery works really, really well, especially against Windows hosts.
06:03
So I'll save that.
06:10
Go to quick, detailed OS detection. You can see it's built out right here.
06:15
Changed the target to a server on my network. And that is at 1 92.1 68.1 dot 10.
06:25
That's Ah, 2012 server
06:30
hit scan.
06:34
The scan for all it does actually works pretty quick. The timing template of a T four helps with that
06:44
so you can see
06:46
a lot of details. It actually is. Ah,
06:48
Windows Server 2012 R two essentials.
06:53
And that's thanks to the S and B. O s discovery and a C script
06:57
appear.
07:00
You see all the ports that were open on that server
07:03
and
07:04
you'll get the Mac address.
07:06
I know that it's Adele. That's accurate.
07:11
It says the warning right here. O s scan results may be unreliable because we could not find at least one open and one close port,
07:18
and that's what I was talking about how the dash capital oh, is sometimes sometimes yields
07:27
less than perfect results. It did figure out that it's probably server 2012 or 2012 r two.
07:35
But like I said, the S and B O s discovery got it exactly right.
07:44
All right, that's the end of this lab. Thanks a lot for going through with me
07:49
in this lesson. We talked about what a Customs can profile is in Zen map.
07:54
Next, we discussed why they're important.
07:57
And finally we went through a lab on creating them.
08:00
That completes our lessons on in Matt basics. From now on, we'll dive a bit deeper and will cover many more useful scans.
08:07
Thanks so much for working through this lesson with me, and I'll see you in the next one.

Up Next

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor