2 hours 24 minutes
Hi, everyone, welcome back to the course. So in the last video, we wrapped up our lab on in New Marais Shin, where we used tools like Dig as Well. Zen map.
In this video, where does talk about a tool called Court Impacts will jump right into vulnerability. Scanning. Now, why do we care about vulnerability? Scanning as a penetration tester? Well, for obvious reasons, right? We want to look for vulnerabilities during our scanning and enumeration phase. So then we can exploit those
and these fun tools called vulnerability Skinner's that the defenders use. We can use those as well to find vulnerabilities on the particular system or systems were trying to access.
So, as I mentioned in this lab will use a tool called Core Impact
So grand locked in Surgery website, which you should already be logged into and in the search field, you're gonna look for vulnerabilities. Skinner set up and configuration. Now be careful because there's actually two different labs with that same title, but you'll notice that one says part two with it. So the part two is actually the next lab we're going to do.
We just want the vulnerability scanner set up and configuration one.
And if you click on that, you'll see a launch. But
once you click on the launch button, it may give you, ah, message that you need to launch it in a separate window. If it gives you that, just go ahead and click. You know, launch the item button in the separate window and shared launched the lab for you. Now, this one takes probably about a minute or so to launch up. Sometimes it takes up to two minutes. I've found a lot of that again depends on connection speed in those sorts of things.
But generally speaking, a minute or less in the lab should launch for you.
Once you launch is you'll notice the little pop up I have in the background there. That's what you will see on your end as well. All you have to do to close that is just click on next and then Okay, and it'll take you to the log in screen here.
So once we're at the log in screen here and step five, you're gonna go ahead and log in. Now it's already it should default to the administrator user name already. If it doesn't go ahead and type that in, but you should only have to enter in the password. So
the word password. We've got a capital P the at symbol a lower case S s and w and then the number zero. So that zero not a capital O
lower case R in a lower case D. So let's go ahead and talk that in now. And once you talk that and go ahead and press enter, click the little arrow key right here, and that will get you logged in
Soapy capital P the at symbol
Lower case S S W the number zero again, that zero and not a capital O and then the lower case R D.
That the longest said it might take a moment or so. Now you may get this pop up here, and actually, you probably should get the pop up here. Just click on. Ask me later. We don't really care that the Windows license is not genuine, this particular virtual machine and then you'll get in the Southern pop appear on just say okay to that one. Now, you also may see a pop up about Do you want to restart your computer.
Technically, the really are not any changes. We Yes, we certainly haven't done any,
so just click and restart later. And that should give us plenty of time to complete the lab.
All right, so go ahead and do that in Paul's video. If you need Thio, go a little slower on removing all those papa boxes there.
We're gonna move on to the next step of a lab now.
So here in step seven, we're gonna double click on the little core impact professional icon on the desktop. Now, it does take some time for this tool to launch. Generally speaking, about 20 to 30 seconds. So I'm gonna go ahead and pause a video real quick, and once it comes back up, huh? Go ahead and start the video again on kind of use the magic of fast forwarding here.
All right, so we use the magic of fast forwarding, So this is what you should see. Once you've launched a tool, you'll get that you'll start off on the tip of the day, Papa box here. Just go ahead and uncheck the show. *** that start up. It's really not too relevant since we're not gonna launch the tool again. And she's a good habit to get into if you happen to use this particular tool in your workplace.
So just don't check that box here. And don't just say close,
and that allows us to actually access the tool here.
So once you've done that, we'll go back to our lab document here. So we've already covered step eight where we closed the tip of the day. Purple box.
So now we're gonna create a new workspace. So as the creating a new works place implies, we're gonna click on the new workspace here of the top left.
Once you click on that, you're gonna click on the blank workspace of a very top option There is gonna open up this papa box for us.
So in that workspace name, we want to go ahead and type this right here. So you were here at step 11. We want to type in network underscore vulnerability, underscore scan. So just like that.
So it's grand type that endows the network,
and then underscores, can
All right, so our past phrase here, we're actually just gonna put the word scanning so you'll see right here in step 12. What is gonna put scanning? And then we're just gonna confirm with that in the second box as well.
So this type in scanning all over case.
All right. I want your complete. You can go ahead and just click the finish button there.
That'll create the workspace for us.
All right, so no word step. 14 years. So what we're going to do with the very top of left here, we're gonna double click where it says network information gathering. So it's that top choice there.
Now, that's gonna open up a little wizard for us.
Let's go and do that now. So just double click that very top left one there and you'll see it opens up the wizard for us
Now in the Wizard. We're just gonna click the next button here.
We're gonna live. Leave this Defaulted to the court impact pro again. We're using that one in this lab,
so just click on next there.
We're gonna leave it as I p v version four. So let's go ahead and click next there,
and then we're gonna leave this default network range in place. Now, If we didn't have that, we would type in 1 92.168 dot 0.0 sum. Ford slashed 24 but we're not worried about that. It defaulted in there for us. And so we're just going to say next there,
let's go back to our lab document before we do this particular item here. So we've already gone through. Most of these steps were down and step 19 now, but let's just cover what we've talked about so far. So we went ahead and we cooked the next button. Once the Wizard launched
here on steps 16 we left alone the default. So it was defaulted, the Korean pack pro. We left that alone. We just say next.
And then we also left it to the I P V version for and we clicked next. And then again, we just looked at the I p address range, and we left that default alone, and we clicked. Next is well, so now we're here. Step 19 we're gonna actually select a fast scan for this 1st 1 here.
Now, I do want to mention it's gonna take some time and might take up to five minutes or so on this particular 11 time it took like, almost 10 minutes. So that's why I put that range there. But generally speaking, it takes him right around 45 minutes to complete eso again. I'll use the magic of fast forwarding, and we'll take a look once the scan's complete. So what we're gonna do here, just click on the fast option
and then cook the finish button at the bottom.
Now, what you're gonna notice here is a scandal. Run here at the top right under the status column. One says says finished. Then you're going to go and we'll move on to the next step of the lab. So, like I said, I'm gonna go ahead, pause a video here on, actually, based on the time I'm probably gonna go ahead and stop the video here, and we'll pick it back up in the next video to finish out the rest of this particular lab
Scanning, Enumeration, and Vulnerabilities
This course covers basic scanning, enumeration, and vulnerability scanning as part of a penetration test.