Hi. Welcome back to the course. And the last video we went over our introduction to our module tool labs. Now, if you haven't watched that video, you go ahead and Paul is this one. And go back to the video is gonna have a lot of good information for you to be successful in these labs.
So in this lab, we're gonna go over a tool called Nick Toe, which can be used for foot printing, different websites now, specifically, it's gonna allow us to look for potential vulnerabilities on the website.
So the main requirement for this lab is just actually Callie linen. So whether you want to do it on your local computer there, if you follow the module one video, I've got it installed. Or if you're gonna do it through the cyber module or even some other lab that you have access to, any of those is fine. We just need the actual Callie desktop and the terminal access.
So step number one here launched her Kelly virtual machine and get logged in, which I've actually already done here
and again. The password if you're running down your own stuff, his route and the excuse me. The user name is root in the password is tour T o R.
Now go ahead and launch a terminal window. Once you get log in there, I've already got one pull up here as well.
And so Step number three, what is gonna go ahead and actually typing this command here? So the first thing we're gonna do here before we do that, we're gonna look at the hell page of Nico. So we're to type in Nick toe all over case
and then put a space in the new dash. Lower case H. So go ahead, just hit. Enter there. And that's going to just show you the basic help file there. Now, if we want to look at, like, the whole help file. So again, this is just kind of a truncated version. We're gonna look at that hold hell file. All we do know is pressing up arrow key to save your command there and bring it back.
And then just delete out that lower case and put a capital.
And then once we hit, enter here, you'll see that we've got a lot more options if we scroll up page here.
So we're not gonna go through every single one of these, but go ahead and check him out and play around with them. We're going to use a specific command to get some output from a test website. So let's go ahead and do that. So we're gonna type in here on step three, this command right here. So the nick toe and then a space and then a dash little Ricky's e. And that's gonna be an evasion switch. So
Nick was pretty noisy.
So we're basically trying to do it a little stealthy or not. Doesn't really matter too much. We're using a test website, but you want to be a stealthy as you can when you're doing a penetration test simply because you don't want to get caught. Right. So that's kind of the main goal there.
So again, the dash lowercase E is an evasion switch, and then we put another space in the number one which specifies random and coating. So again, both those are really just to help us try to be a little stealthier when we run this scan.
Next we have a space, and then we're gonna put a dash more case H that's gonna allow us to divine defined either the House name of the I P address. In this game, we're going to use the host name, which is gonna be a website called Web scan test dot com. So let's go ahead and take that in there. So we're gonna type in the nick toe dash E
one Dutch H in the Web scan test dot com Cynical space Dash E Space Dash. Excuse me one space dash
H and then Web skin test dot com's all of that lower case, So just double check ourselves. You see, we have nick toe
dash, lower case e another space, the number one A space dash, lower case H and then a space, and then our website, the Web's can test dot com sec that matches up. Just make sure you're trying to type in the right stuff in there again, all over case, and they just press enter. Now, this is gonna take a minute. So I've actually gotten the scan done on this one here.
So I've gone ahead and just scanned it. So,
uh, what we see here, some different results. So let's go back to our Web Web. Excuse me. our lab document and we see question number one. So do you see any possible vulnerabilities from this particular website? So let's look at our our feedings back here, and, uh, we'll see our results here. So
we do see that it looks like anti click jacking.
The header is not present, so they may be vulnerable to sometimes
cross site scripting. And that's what ex SS stands for. We see that that protection header is not defined, so might be vulnerable to a cross site scripting attacks.
We also see there's some, uh, different cookie issues here. We see that the Apache version appears to be outdated. So just look through that and then go back to your lab document here and just type in some of the information there. So I noticed a few things here. I'm going to say, you know, like anti click jacking,
We could say header is not president. Something like that.
okay. And then, uh, what else do we have here? The cross I scripting protection header is not to find again.
That just tells me that they may be vulnerable to some type of cross site scripting etcetera, etcetera. So just shot down with ones that you find there and just make a notation of that. So again, this tool is really just used to find different vulnerabilities targeted towards the websites.
So in this lab, we went over Nick, go again. It's mostly for vulnerabilities. And the next lab, we're gonna go over the tool called the Harvester. And as we mentioned in the initial lecture video, we talked about how that could be used for harvesting email information. But it's also good for harvesting any type of generalized public information.