NSE, Vulnerability Testing & Exploitation Part 1 - NM

00:00

Welcome to the end map scripting engine vulnerability. Scanning an exploitation lesson In previous lessons, we've covered various aspects of map scripting engine. I've shown you how to perform a couple scrips, scans and get help information about scripts from both the command line and INS and map.

00:17

This lesson will go over some of that stuff, but we'll focus on the use of NSC for vulnerability, scanning and target exploitation. The truth is, NSC could be an entire training Siris on its own, so this lesson will focus on giving you the tools to get started. Here are the learning objectives for this lesson.

00:36

First will briefly answer the questions. What is the end map scripting engine and how does it work?

00:41

We'll examine how n map scripting engine gives us the ability to perform advanced scanning.

00:47

Then we'll go through a lab that demonstrates its use as a vulnerability scanner and exploitation tool.

00:53

So what is the end map scripting engine? Well, up into this point, many of the features and functions that we've learned about N map basically require you to execute one commanded a time,

01:03

then gather the results, which generally leads to more and more single commands for further investigation.

01:10

One of the neat things that NSC allows us to do is write out a series of commands in the form of a script that could be dependent and related to one another in such a way that our time could be much more better focused on analyzing the results instead of on typing in a commanded A time and waiting

01:26

the way you do this is by using and maps built in scripting engine, which uses the loo, a programming language.

01:32

The creators of that map like to say the NSC provides the ability to automate networking tasks. Lula works very nicely for N map because it is an interpreted language and not compiled. That basically means that you can use any text editor to create your scripts than run them from the unmapped command line or within Zen map.

01:51

Lou is extremely lightweight and has been around and refined since early 19 nineties.

01:56

Learning it is very easy, and I think you'll find that it is well worth your time,

02:00

is fully documented on their website, and best of all, it's free and built in tow and map.

02:06

Each NSC script contains a field that associates it with one or more categories. Those categories are off for authorization. Broadcast default

02:15

discovery.

02:17

Most of what and map is known for

02:20

D. O s Nile service

02:22

exploit external

02:24

buzzer Intrusive, which are potentially hostile.

02:28

Malware

02:29

for remote malware detection.

02:31

Safe,

02:32

which has a little risk

02:35

version for version detection signatures and balm for vulnerability detection.

02:40

What is really great is that there are hundreds of NSC scripts that ship meaning downloaded install within map.

02:47

We'll go over how to find them, how to open and examine them and how to run them in different ways.

02:53

They're all very well documented at dot, or GE Quack and a C Doc.

02:59

Also, I should note that the code base of scripts on and map site is constantly being added to.

03:05

Finally, you really need to be careful with NSC scripts.

03:08

They have the potential to do harmful things to your computer,

03:12

computers on your network and target hosts.

03:15

Make sure you only run scripts that you downloaded from the and map website,

03:19

wrote yourself or got from someone you really trust.

03:22

As with any, and maps can understand the effects of the scan on both your computer and the target.

03:29

So how does the end map scripting engine work?

03:31

While this is sort of a trick question, because there are several regular command line switches that cause scripts to run by default,

03:38

for example, I've shown you the unmapped dash capital a scan in the past, which I call the advanced and aggressive scan that's can actually runs every NSC script that has been labeled in the category default, among other things.

03:51

But for the sake of clarity there to command line switches that can be used to specifically initiate the unmapped script scripting engine they are and map

04:00

Dash s Capital C

04:01

and and map, dash, dash, script

04:04

like and Map Dash Capital A and Map Dash s Capital C also runs and maps can using all of the scripts that have been labeled in the default category. On the other hand and map Dash Dash script allows you to specify the exact script you wish to run or even an entire category of scripts.

04:23

There's some other flexibility with the dash dash script command line Switch to, for example, you can run every script that starts with a specific name.

04:30

Two or more scripts at the same time.

04:33

Or even use Boolean arguments to tell and map to run scripts that match certain criteria.

04:39

I'll show you this stuff in the lab.

04:41

The main point I'm trying to make your is that for the most part. If you want to run and map and a C scripts, you'll be using the dash dash script command line switch.

04:49

The last bullet point is a link to the online man page for NSC.

04:54

They're a couple other features and options that I won't be covering in this lesson. So I recommend that you navigate to this page to see some of the other options available to you as you run an A C scripts.

05:04

Okay, so enough talk, let's do a lab in this lab. I'm going to demonstrate some of Essie's capabilities. My main goal is to give you enough information about NSC that you feel comfortable trying it out for yourself.

05:16

Also want you to see how good and maps built in scripts are detecting vulnerabilities and exploiting them.

05:23

I truly believe that NSC is capabilities are only limited by user support and desire to contribute to this amazing tool in community. We're gonna find the Cisco switch on my network, see if it has some vulnerabilities and exploit them and see what happens

05:36

before we do that, though, I'll show you where to find NSC scripts and remind you how to get help information about them,