Target Specification Lab Part 2 - NM

00:04

Okay, Now I'm gonna show you a really interesting one. That amount has built in, and that is a map

00:08

dash. Hi, Capital R

00:12

and then a number. What this does is it tells and map too.

00:17

Basically, randomly select 10

00:21

I p addresses and they're all outside your network perimeter

00:25

and then run a scan against him.

00:27

I'm not gonna run it because I don't know those I p addresses, And I don't really want to run it against people that I don't know because I think it's

00:37

borderline unethical and possibly illegal, so I'm not gonna do it.

00:42

Um,

00:44

so that's that scan. If you did want to run this from your house, I wouldn't recommend doing it from your work or home.

00:51

If you want to do a really quiet scan using random I p addresses out there, you could do Ah and map Dash

01:00

S s

01:02

capitalists

01:03

Dash P

01:03

Haiti

01:06

tea, too.

01:08

I r.

01:10

And then the number of Raina might be addresses that you want. Let's do you want to run against 50? So what the scan does is it's a sin scan, which is really the default

01:19

scan. That

01:22

and map runs a TCP syn scan.

01:25

The dash P is for the port that you want to scan. So it's only scanning a single port instead of 1000 or 100.

01:32

And the dash t two is the timing, and that timing is

01:37

considered polite.

01:38

And like we said before the dash, I capital R is

01:44

a random selection of I P addresses and the 50 is the number of I P addresses you want to scan.

01:51

So again, if you want to run that from her house,

01:53

I don't think it's gonna do any harm at all.

01:56

And But I just suggest that you don't do it from work or school because it might get picked up by your

02:01

cos I d s or

02:05

if they have a seam or advanced threat management system. And

02:08

you just don't want any of those guys talking to you unless that's you. In which case, if it's part of your job description, go ahead.

02:16

All right, so now I'm gonna do it in map Dash Ascend.

02:25

So that's a scan that we've run before. And this time I'm gonna add

02:30

an exclusion, so we'll do. Ah,

02:35

exclusion of 1.1.

02:38

Actually, I'm gonna modify it just a little bit to make it run faster.

02:40

We won

02:43

0.0 through. Let's do 40.

02:46

Well, exclude I p address one. That one.

02:53

All right. So there's only three hosts up out of those 40 that we scanned

02:58

here. They are right here.

03:00

And it got done in 1.6767 seconds.

03:05

And if you notice we did an exclusion on 1.1,

03:08

which should be about right here and it's not there. So that's how you do an exclusion and Mt.

03:19

Okay, so now what? I want to d'oh

03:21

clear the screen

03:23

I want Let's say you wanted to do the same thing, but you wanted to exclude multiple

03:28

hosts that were in that range.

03:30

So this is the way you do it. You do and map.

03:34

I'll do it.

03:35

Think sweep again.

03:38

How good do

03:40

the full

03:43

sub net

03:44

we'll do? Uh,

03:46

Dash, Dash exclude

03:49

and we'll exclude 1 92.1 68 That one. That one.

03:53

I know the host name of the server on this network. That will do

03:58

well, C B S R. V one,

04:01

and we'll do a 1 92.1 68 that one dot to 54

04:06

So my main point is, it's the same commanders last time.

04:10

But

04:11

if you're gonna put multiple exclusions,

04:14

All right,

04:15

Unlike your target specifications from earlier with the exclusions, you actually have two separated by commas. I don't know why they did that, but that's the way it is.

04:24

So when you run it,

04:30

I'm not gonna go through this whole list here, but

04:33

you'll notice at the end.

04:36

The last I p address that is alive or up is 182.1 68. That one, that 1 67 And so we excluded one dot to 54

04:46

which would show up right around right around here if it was up

04:50

or if you know, if it wasn't excluded, is what I mean.

04:55

And so it's not their swords are exclusion list worked.

04:59

All right,

05:00

clear the screen again.

05:04

All right. We're in the target's folder here. The one that we created earlier. You can call it whatever you want, Really? But I just do targets just to make it easy.

05:13

So what we're gonna do now is I'm gonna show you how to do an exclusion list without having a type each one at the command line. You can actually create a file. Kind of like we did with the target specifications. Target list earlier.

05:27

So we'll d'oh! No bad.

05:30

Of course this assumes your own Windows 10. Um,

05:33

if you're in Lennox or

05:36

Ah, UNIX platform or Mac OS, you can do the eye or whatever makes you happy,

05:45

so I'll d'oh!

05:46

No pad

05:47

Exclude! List dot T X t

05:50

Oh,

05:54

yes, I want to create it.

05:58

And so I'll do some exclusions Here. I'll do

06:01

Studio shoot at 1 68

06:04

one dot

06:05

one

06:06

magnitude at 1 68 that one dot

06:11

10 through 50

06:14

D'oh!

06:15

182.1 68 1 dot to 54

06:24

And just so you know, this is my layer three switch on this network.

06:30

These are

06:31

servers and other devices, and then everything in between 50 and 2 54

06:36

are just

06:38

devices on this network to 54 is my firewall.

06:42

So there's some inside information there.

06:46

Don't use it against me.

06:51

Right? So do Ah,

06:54

clear screen.

06:59

Okay, so now that we've created our exclude lis file,

07:02

we'll run a scan against the entire sub net using that exclusion file. So do it. And Mountain

07:11

Dash s n.

07:18

That will do

07:21

exclude file

07:29

in the name of the file that we want to specify where the exclusions are.

07:34

So enter.

07:43

Okay, so

07:44

I'll scan up and show you.

07:48

Okay, so you can see here that

07:51

it skipped 1.1 and then it skipped

07:55

everything beyond 1.10.

07:59

And then it started grabbing everything from one dot

08:01

101 and on.

08:07

And then it skipped 1.2 54 which we know is alive. So

08:11

there you have it. That's pretty much all

08:15

of the target specifications. And then mount there are some other options and other things you can play with. But for the most part, that's everything that you're gonna use in your daily life.

08:26

All right, Thanks for going through this lab with me. And I'll see you on the next lesson

08:31

in this lesson. In the previous one, we did a review of target specifications covered in previous lessons. Then I showed you a bunch of additional options. And finally we did a lab that covered all of them.