5.5 Malware CurrPorts Lab Instructions

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

19 hours 55 minutes
Video Transcription
Hi. Welcome back to the course. In the last video, we talked about a tool called Stinger that we were using to do a scan for any malware on the machine.
In this video, we're gonna use a tool called Reports, which is gonna give us some visibility on the ports currently running on the machine.
So let's go ahead and get started.
So step number one if you're not connected or ready to the Windows 10 machine, go ahead. Just click on the P Lab, Win 10 to get connected.
And now we're gonna go down to the file Explorer icon. It's on the taskbar. So let's go ahead and do that with Scroll down here and click the file Explorer icon. There's gonna open up the window for us here. Now let's go back to our lab document
and we see that word would be looking for DVD drive F C H tools. So let's see if we notice that.
So we see DVD drive F C A. G tools. Go and click on that.
You'll see it's got a folder called CH Tools here. Go ahead and double click on that
and then let's take a second here and look back on our lab documents. So we've instead, four we've located and double clicked on the CH Tools folder.
So now we're gonna look for instead five. The folder called Cure Ports
and then inside of there, we're gonna double click on the application file. So the seaports application file. So let's go ahead and do that. So we're gonna go down to cure ports, is right here.
Go ahead and double click on that.
And then you're gonna look for the sea ports. The application files. If you look over here, we only have one of these that showing an application file.
So then you're just gonna double click on that
and it's gonna open it up for us.
Let's go back to our lab document here. So we see Yes. And Step seven, the key airports window it did open for us. Now we're gonna sort the protocol. So the way we're going to do that is we're gonna click on the Protocols column header. Now that's gonna sort him So we'll come back here. What is gonna click on the Protocols column header? You'll see. It's gonna sort it between T, c, P and U T P.
Okay, so now we're gonna sort by a process name. So we're gonna click the process name, and then we're gonna click the local port name column headers, and we're basically just gonna swear by the process name and then also the port names. So let's go ahead and do that.
So we're gonna click the process name first.
All right, so we've done that,
and now we're gonna sort by the local port name. So this one right here, just go ahead and click on that.
You'll see it's gonna sort everything for us. So we sorted by Poor TCP The protocol we've sorted by the port name in the process name. So we scrolled on, we could just see which each thing is doing. So we've got some established, some listening connections there, and some not giving us any feedback at all on what they might be doing.
Official. If you're trying to see if a system might be compromised by malware, you comin? A lot of Mauer uses similar ports. Not now. That being said, some of it nowadays isn't there changing it every single time. But but many of the older tops and now where used common ports that that everyone kind of knows about
and you could look to see.
Let's just pretend that something was run on you D p 53 53. So we would come here, look at the ports
and the processes and we see 0 53 53 Maybe there is nowhere on this machine. Let's take a little closer look and see what we might be able to find.
So that's the advantage of doing this again. We just want to get some visibility on our ports
in the next lab. We're gonna use a TCP view to actually do a similar thing here. So question number one here. So what kind of information might be we be able to see under the port columns under under these different columns here. So we talked about when we sorted, actually were able to see the different types of protocols we could see the different types of ports we could see if the port is listening
or not.
We could even see somewhat of the local address on that port there. We can also see if we're gonna proxies running at all.
So it gives us a lot of information
that we can use to analyze if there's some type of attack on this particular system.
So again, in the next lab, we're gonna use a tool called TCP View that's gonna give us visibility in a similar fashion, and we'll do some sorting in there as well to look at our different ports information.
Up Next
Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By