Zenmap

00:00

Hi, everyone. Welcome back to the course. So in the last video, we wrapped up our discussion with banner grabbing. So we wrapped up module for and with banner grabbing as well as operating system fingerprinting is technically enumeration that we're doing.

00:12

But here in this particular lab, we're gonna just go over some other ways to do in new Marais Shin. So we're gonna use a tool called Zen map as well as using the dig

00:21

in finger commands.

00:23

So let's go ahead and get started. So you should already be logged into the cyber, a lab environment. What is going to search for ethical hacker?

00:30

And we're looking for the top option here, this certified ethical hacker, C E h. Once you found that, just go ahead and click on it

00:36

and then click the launch button. Here. We'll have one more button we need to click, which will be the launch item button that launched the lab environment in a separate window. Now, if you're doing this lab on your own machines on your own virtual network, then by all means judge, you'll just want to make sure you change your I P addresses, and you just want to open a terminal window. It's out of your Callie Lennox

00:55

once we get to that point and you should be able to follow along without any issues,

01:00

all right, for everyone else that she's in this I bury lab environment. You're gonna go ahead and look for the using in new Marais shin tools lap. So it's gonna be this one. It's about halfway down the page. Or so it's this one right here. Just go ahead and click on that and then click on the start button.

01:14

Once you do that, you'll see all the virtual machines here. We're just gonna go ahead and activate these air. Turn these on the way. We do that as we just cover our mouths over top of each one and select the power on option.

01:26

So just do that for all these. These will take about 20 to 30 seconds to boot all the way up. So while that's doing that, I'm gonna pause the video and we use the magic of fast forwarding again. And once they've pulled up here, then I'll restart the video and we'll move forward with the rest of the lab.

01:41

All right, so we see that all of my machines are booted up now. Now, if yours have not finished putting all the way up here and if they're not showing all the green button that says on that, you just want a pause this video real quick and wait until all your machines come online. Now, we're not gonna be using all these different machines in this particular lab. But it's just a good habit to get into of making sure everything's booted up and functioning properly

02:00

so you can continue on with any labs that you happen to be doing.

02:05

All right, So let's go to our lab document. We're gonna see which machine we're gonna click on here. So we're down here. It's step number six. So we're gonna collect Connect to the Windows 10 machine, which is the P Lab. Win 10.

02:15

So let's go ahead. Do that. Now, we're just gonna go ahead and click on that one.

02:17

It's gonna take a moment or so to pull the desktop for us. We'll also see a command prompt window. Usually that'll pop up randomly. We'll give that a second or so to pop up and then go away. And once we've done all that. We're gonna double click on this V NC viewer icon. So you'll see There's a command prompt window I mentioned. So now that that's out of the way, we're just gonna go ahead and double click on this little icon here.

02:37

The DNC viewer one. It looks like a little orange icon. Or are Tiger's eyes really what it is?

02:43

What is gonna double click on that To open it up?

02:46

Not by default. It should have the Cali Lennox machine I p address in there for us if for some reason it doesn't. I've listed it there on the step by step clap guide, and you could just manually type it in there.

02:58

All right, so sunsets in there or we're gonna do is just click the connect button.

03:00

Now, before we enter the password, I just want to mention again that all the step by step lab guides are available in the supplemental resource is section of the course. Go ahead and download that, and you can get all the documents as well as information about the assessments that you'll want to take his part of this course.

03:15

So in this password field were Actually, I'm just gonna take the word password of the capital P and then replacing the O with a zero. So let's go and do that now.

03:23

So we'll type in Capital P in the lower case A s S W

03:28

the number zero and then a lower case R D.

03:31

So once you've taught that in either click the okay button or just press enter a new keyboard and that will pull up our Kelly Olynyk Steph, stop for us. Now we're gonna see an air message. As soon as this pulls up, you'll see it. We see a no session for P I. D. A 38. Don't really worry about what that is. It doesn't pertain to our particular lab we're doing so just click the okay button to make that go.

03:51

All right, So let's go back to our lab document here. So we've won Haven't touched in our passport that want Star Kelly desktop here in step 10

03:57

and then step 11. Here's we're just gonna go ahead and open up the terminal window. So in this instance, the way did we do that as we double click on this route terminal icon. So it's going. Double click on that and open it.

04:08

Now, if you happen to be following along at home in your own virtual lab environment, then this is the point where you'll just want to go ahead and launch the terminal window if you haven't done so already, so you can go ahead and run the commands that we're doing now. If you are running your own lab, I do want to mention that you want to make sure you have Zen map installed, so just kind of double check that Paul is a video if you need to.

04:28

But just double check. You have that installed

04:29

for everyone else for everyone using the Savary lab. You have that here. So when once we tap in the command, it should launch Zen mat for you, and then we could continue on with the rest of the lab.

04:41

All right, so let's go back to our lab document here.

04:44

So now we're at step 12. So we're just gonna talk in this command here? Zen map and the at symbol on all that's gonna do is leave the terminal in a window in the background for us. So in case we want to talk something else in there. We could certainly do so. So Zen map and the at symbol for the excuse me, the ampersand Simple, not theat symbol. So let's go ahead and take that in now.

05:01

So is that map and then the ampersand symbol Or many people call it the and symbol.

05:09

Once you taught that in distress Intern, a keyboard, it's gonna take a moment, and it should open up Zen mat for us. And that's what you see there. That little pop up window. I always like to just maximize this here. You don't have to do so, but I like to maximize it to make it easier to read.

05:21

And so all we're gonna do now is we're gonna type in our command here in the command line, and then we'll cut this scan button to go ahead and run it.

05:29

So let's take a look and see what command we're gonna run today.

05:32

So you'll see here. We're gonna run end map. We're gonna run it at a speed of t four. We're gonna do the dash a so we can look at things like the operating system, or at least try toe. See what? The operating system is So again, part of our new Marais shin aspect. We're gonna make it over both scans. We can get us much information as possible.

05:48

And then, of course, this is our I P address we're gonna scan against. This happens to be the

05:53

P lab D C 01 to that top virtual machine we have there. That's our server machines. So we're gonna run against that.

06:00

So once we run this command, a couple of questions will take a look at here. So if we see any open ports at all, and then also what operating system does Zen map, which again is just a goody version of en map? So we want to see what operating system is it showing, Or at least what does it think that the target is running?

06:17

All right, so let's go and take this command in without further ado. Now you'll see in the background there that we actually got a good chunk of this already in there, right? So you see, in the command line, we already have and map dashiki for dash a dash V. So actually, no, we have to do. And that's why I did this on purpose. Like this. By the way, uh,

06:33

all we have to do now is just actually topping the I P address and run the command.

06:38

Now, you're welcome to type in the full command if you want to. That's gone up to you for our purposes. I'm just gonna type in the i p address and go ahead and run it. But again, it's good practice to type it all in if you want to.

06:48

So we're just gonna put a space here and then type in 1 92.168 dot 0.1.

06:55

Once you've taught that in again, just go ahead and click the scan button. It's gonna go ahead and run the scan. I'm gonna pause a video here because it does take a moment of soda. We're on this particular scan.

07:04

All right, so we see the scan results I have here. Now, if your skin is still running, go ahead and just pause a video and just wait until years is complete so you can take a look at the output.

07:13

Now, we had a couple of questions in our lab document that we want to answer here. So question one is DC Open ports. And then question two is what operating system does the tool Think that this particular target, which is our server again? RP lab, D C 01 server. What does this tool think? That it's actually running.

07:30

So we're actually gonna start with question, too. Or at least I am on my side. And I'm just because that's comes a little sooner from where we're looking at right now in the, uh, command output. And then we'll be able to see the port information a little later on.

07:43

All right, so if we screw up just a little bit here, you'll see kind of near the top. I've already got information about the operating system that it thinks is in use. You notice that the show's Windows server 2012 as well as window seven as well as possibly Windows 8.1.

07:57

Well, we know from our information, or at least from the information I've given you that, people Abdi C 01 is actually a Windows server device, so we could easily tell like, Okay, well, this is probably gonna be Windows Server 2012 for the operating system.

08:11

However, as an attacker is a penetration tester, we probably wouldn't have that internal information. And so we would just know that this particular device is potentially running a Windows operating system. One of these one. So what? We're looking for vulnerabilities. We're gonna be targeting specifically something that made many runs on Windows seven Windows Server 2012 as well as

08:30

Windows 8.1, or find individual exploits that work on these different operating systems

08:35

and just try them against the against the target to see if we can actually gain access and do our nefarious stuff.

08:43

All right, so the other question was regarding ports safe. Your problem? Question number one was DC Any open ports at all. And if we scroll up just a little bit, at least on my results, and everyone should have the same result, then we do see that yester arson ports open. Here we see the port numbers. We also see that it's TCP and not like you to be, for example.