Vulnerability Scanner Setup and Configuration of Core Impact Part 2

00:01

Hi, everyone. Welcome back to the core. So in the last video, we went ahead and launched her core impact pro, and we ran our first skin. So again we ran the fast scan. If you haven't done that yet, you'll definitely want to do so before you continue on this video. So go ahead and pause this one. Go back to the last video and make sure you run that initial scan here.

00:18

As I mentioned, it takes roughly around 45 minutes to run the skin.

00:21

I just went ahead and stop the video, and we picked things back up in this one. So you'll notice here at the top, right? My status now says finished. So I'm all finished with that fast skin.

00:30

So let's go back to our lab document here. So we've gone ahead and ran our fast scan here in step 19.

00:35

Now instead, 20 credit in the center of our screen here is kind of the bottom part of the center. We see our results. So we see the devices that we found in the scam.

00:44

So, of course, the number one here is gonna be on once we click on the wind file. What's the operating system? So that's question number one. So I want you guys to go ahead and through that one there. So if I click on the wind file here,

00:56

we could take a look in the bottom box here, and we can take a look and see what kind of operating system is in use.

01:03

All right, so for me, I see Windows 2008 standard without hyper visa service back on there. And you should have the same result in your end. Unless something's dramatically change When you're watching this video from the time I filmed it. But I do not anticipate that. So we should be good to go.

01:19

All right, so now we're gonna run a little a little longer. Scan now a little more in depth skin. So we're going to do that now. So same thing here. We're gonna go back to the network information gathering, so we're gonna double click out on the top left here.

01:30

Let's go and do that. Now, again, it opens up our wizard for us. We're just going to say next to that initial one. There were also going to just stay with core impact prose Well,

01:41

and we're gonna keep I p v version City sees me version for

01:44

as well as our network range will leave that alone. Now, here's where we will differentiate it. So we're actually gonna do a detailed scan. So let's go back to our lab document here.

01:53

So we've gone through set 22. We went ahead and click next after we launched the network information gathering wizard

02:00

we left. The default is core impact Pro. We left in his I p v four and we also left our i p address range intact.

02:07

And then again, the only change here is where instead, gonna be running a detailed scan this time. So I want to stress this one will probably take more than five minutes. This one probably takes closer to seven or eight minutes to complete, So just keep that in mind. I'll go ahead Paul's video once I've launched this one here, and we'll pick it back up once it's completed on my end.

02:27

But go ahead and feel free to pause the video as well. On your end. Seacon,

02:30

uh, posit and take a look once we pick things back up once it's actually finished the skin,

02:35

so leave it as default of detailed here and then just say next.

02:39

The other thing you want to do here is just unchecked. This box is top boxes. Says perform surveillance cameras of fingerprinting because we don't actually have surveillance cameras hooked up here. So I will not do you any good, So just go ahead and check that box, and then just click the finish button next.

02:53

And so what you'll see here is you'll see that scan that we just started running on the top of right here. So again, I'm gonna go ahead Paul's video here and pick it back up Once this says finished, and you could do the same thing, you can pause this video here a cz Well, and once it once you're finishes on your end, you could pick things back up.

03:14

All right, so welcome back. My scan is finished on my end again. If your scans still going, you can go ahead. Paul is a video and just wait into your scam finishes. Or you could just follow along and then finish out the lab as yours finishes.

03:25

So we went ahead and ran our detailed scans for? Go back to our lab document here, you'll see instead. 26 we went ahead and ran our detailed scan. If you recall, we unchecked that box regarding the secure security or surveillance cameras just because we don't have any of those hooked up on this particular lap

03:42

and it took for me, it took right around, Uh, just about two or three minutes, actually. So it's pretty quick this time, but normally it was taking me about 4 to 5 minutes. So hopefully yours is going quickly as well. So my scan's finished the question I want you to look at. An answer is,

03:59

Do you notice any differences in the results between the faster the detailed scan? So

04:02

if we go back to our scan output here, So if we take a look at our detailed one, do we notice any additional information or any different information from the previous skin that we ran?

04:15

So it's kind of look around at the different results and see if you notice any differences at all.

04:21

So for me, I do notice that the detailed scan does produce a little more results. Now it's time to go back up here to this one here.

04:29

We don't see quite is in depth information on each, eh? Particular item

04:35

it does. It does tell us a little more about these unknowns or at least a shoe. It doesn't look like it has

04:42

was

04:45

more information, but it actually is not looking like it

04:48

did properly. So what we should see with a detailed scan is more information on these targets. Specifically, it should be actually naming this one for us, but it's not doing so. It looks like there may be an error in this particular lab. But do you get the overall concept of if we run a quick scan or, you know, something of basically a fast scan

05:06

it's not gonna produce is much results in a vulnerability scan, as if we do a detailed scan Now, keeping in mind that

05:14

we're touching the target right now, right? So with the vulnerability scanner, we're touching this target, so they're gonna know we're doing something. Um, and there's ways, you know, we can office Kate who we are, etcetera. But they're going to generally speaking, no. Who, You know. They're gonna know that somebody's scanning their system and other systems and looking at

05:32

the information A potentially. You know, they're gonna assume that's gonna be an attacker

05:36

on and shut us down. Essentially, you know, for use in particular I p addresses. We're not masking it for some unbeknownst reason. They're gonna probably shut us down. So this is an easy way to trigger an I. D. S R I. P s system, but it is a valuable approach. Once we're in, the enumeration fades to specifically find a lot of vulnerabilities.

05:56

You'll see it more when we do the open Voss lab.

05:59

You'll see it'll make a lot more sense because we'll actually be able to see a listing of vulnerabilities.

06:03

So in this video, we just wrapped up our discussion on court impact again. We just ran a couple quick scans potentially take a look. They're different results. It looks like this time around, it was not functioning properly for some reason. But generally speaking as it is, you can probably assume a detailed scan is gonna provide a lot more information than a quick or fast scan.