Time
5 hours 21 minutes
Difficulty
Beginner
CEU/CPE
6

Video Transcription

00:00
all right. Hello, and welcome to command line basics. In this video, we're gonna learn about Lennox networking to I'm Christopher Howler. Let's begin.
00:08
So are lending objectives for this video. You wanna learn about to tell my command in the S S H Command and learned the N c that cat command as well?
00:18
It's a pre assessment. Which program provides encryption by default? Is it a N c
00:24
B s s h or C? Tell Mitt.
00:28
Answer is B s S H stands for secure show because it is automatically encrypting already by default. So the neck and and the telling that commands to not encrypt when you're connecting remotely to a machine. So it's very important to make sure that we're using sssh if we're using this in practice
00:48
for real on production systems, that way nobody can just sniff the data and see what we're doing.
00:54
So the telnet commend. This is used to remotely connected to a terminal on a machine and like we were saying, it should not be used today because there is no encryption and everything is in plain text. But it is a useful protocol if you need to connect remotely to a machine.
01:10
So I'll give a brief demonstration about this will capture some packets, and we'll see exactly how dangerous this is. So I'm gonna be on my sift machine, and I'm going to
01:23
start wire shark in the background so we can capture these packets.
01:33
All right? And why a shark is up and we're capturing packets now. So now I'm going Thio, run telnet and connect to this remote machine.
01:44
So it's going to tell Mitt and then the address. And by default, it uses Port 23 for Telnet.
01:52
So I'm gonna use the local log in for the sifting workstation that I'm connecting to
01:59
and then the password.
02:01
Now, I don't want you to see your password because I've logged in so that we could type in a few other things we could Look, you know what's inside of this folder? My home folder there.
02:12
Uh, we can do you name Nash A. To see exactly which type of Lennox this is. We can look at the Colonel, all that information and who am I
02:23
and I am Sands. Forensics. So and now, in order to quit going to use exit and this will quick directly out of this telnet session. Now, if we go over here and we are in, uh, wire. Sure, we could take a look at the detail on that protocol we have. So I'm gonna stop this capture
02:40
and now free right click and go to follow and TCP streams.
02:46
You can see
02:47
all of the activity that we were doing.
02:50
So let's go ahead and take a look at one end.
02:54
So if we look at this end, this is what we were seeing says sift workstation Long Gin San's forensics. Here, I'll make a little bigger
03:04
and then the password.
03:06
And now, if we look at what was sent back,
03:08
we could see
03:09
this was the past for it.
03:12
And now if we can look at Thea everything together, we could see this was my password in plain text right in front of it. And anybody that was listening on the wire could take a look and see all of the activity that we were just doing and learn everything that we did.
03:27
So it's very important to use a secure program in order to be able Thio, protect yourself
03:34
from unauthorized listening
03:36
and we have the SS age command. So we'll do this again. ALS will show a brief explanation, capture some packets so we could see that this increase the terminal section uses certificate based encryption and it's not allowed the plain text the conversation, So we can't just have someone listening to it.
03:53
So let's go ahead. Go back to the clinics machine.
03:58
I'm going to close out of the stream and we're gonna capture some new packets,
04:04
all right? And now I'm going to bring up our for use command,
04:10
and then just type That's this h
04:14
and he's gonna ask me for the password. Now, I forgot to change the user name, So I'm going to you exit that real quick.
04:25
And now for sshh. Sometimes you'll need to you do you
04:29
user name at the I P address that you're connecting to.
04:33
So now it's asked me for this hands forensics password,
04:38
and I would try to hide the password. But you already know it from this video
04:42
and you could see we're in now. It could type s
04:46
do. Are you name again for Iife? Fig, Take a look at the interface is on the other machine.
04:55
And now stop capturing packets and we can see there's some SS age connections going on. So let's follow that stream
05:00
and take a look at that. It is just a bunch of gobbledygook down here. So all of this is this is negotiating with the type of connection that's going on before, but we don't see the actual log in. We don't see the actual commands being passed because this is the encryption that going down down here and you can't read this. I can't read this.
05:20
It's a very secure way to connect remotely to machines. Annoyed,
05:25
have that terminal access remotely in a secure fashion.
05:31
All right.
05:33
And I have Net cat N. C. This is a very, very simple network protocol, and you can use it too quickly and easily set of connections between two computers and because it is so easy to use, it is used in malware very frequently.
05:47
And in order to set up a listening server with Nick Camp, you're going to use the N C. Dash LP and then report that you wanted to listen on.
05:58
So let's go ahead and give a quick demonstration of that as well.
06:01
So I'm gonna close out of wire shark. We don't need this anymore.
06:06
Now I'm going to type N c
06:09
hel p
06:10
and let's say we're going to listen on Port 1234
06:15
and now N c. Neck and it's just going to sit here and wait.
06:18
And now from our let me exit out of this as the sage connection real quick.
06:28
There we go. Now I'm going to do
06:30
and see
06:31
this for remote computer and then the port. We're gonna connect to 1234
06:38
and you could see there's no kind of welcome screen. There's no introduction because it is such a simple, low overhead vertical. All it does is it just makes that connection and then leaves it up to you.
06:50
So let's type Hello.
06:54
Now let's go over to the other machine and check that out. We have the helo on this end,
06:59
and in order to not be rude,
07:01
let's say, Well, hello there, back
07:04
and we have Why hello there, back. So, uh, Net cat is a very, very simple protocol that you're going to see use very often and because of its simplicity, it is used in malware pretty frequently
07:18
aren't to post assessment it is not alarming. Define NC that E a c listening for connections on port 44 44.
07:27
Is this true or false?
07:30
The answer is false. It is extremely alarming to find NC that e x c on a windows machine listening to connections on port 44 44. And if you're not familiar with the medicine Lloyd, this is the default medicine Floyd port that is used when they write your using exploits. So finding a
07:49
execute herbal running and with neck at on 44 44 is exceptionally alarming and should be a
07:57
investigated further.
08:00
All right, so in this video, we let tell that command really the SS H command and learn the N C net cat command and, well, we captured packets, analyzed them and saw just how much more powerful the SS H command is, then to tell my command. And I hope to see you in the next video

Up Next

Command Line Basics

In this course you will learn the fundamentals of Command Line basics, a fundamental tool for any user of Windows and Linux machines. Command line allows developers to manipulate files easily and quickly, Learning command line saves developers time and resources.

Instructed By

Instructor Profile Image
Christopher Haller
Senior Intelligence Operations Analyst at Centripetal
Instructor