Part 6 - Why Sites Get Hacked

Video Activity

The next step in planning an attack is to enumerate the various ports, IP addresses, OSes, services, and software versions running within a target's environment. This is performed in order to uncover potential vulnerabilities which can then be exploited. Tools used in this step include NMAP, Armitage, and ZenMap.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

The next step in planning an attack is to enumerate the various ports, IP addresses, OSes, services, and software versions running within a target's environment. This is performed in order to uncover potential vulnerabilities which can then be exploited. Tools used in this step include NMAP, Armitage, and ZenMap.

Video Transcription
00:03
>> The next part of the hacker methodology is scanning.
00:03
Scanning and enumeration work hand in hand.
00:03
After you scan a network,
00:03
you'll use the math that you've
00:03
created to send queries for vulnerabilities.
00:03
Scanning can be done with a tool
00:03
like Nmap to identify key areas.
00:03
Areas such as port's IP addresses,
00:03
operating systems and services,
00:03
and service versions of
00:03
those services that are running on a system.
00:03
All of these are going to give you accurate look at
00:03
the network and where
00:03
you might be able to punch holes at,
00:03
and also where you might need
00:03
>> to increase your security.
00:03
>> Let's take a look at scanning real quick.
00:03
Here we are on our KALI-TOOLBOX.
00:03
Pause for one moment. I have to start up
00:03
my VM Workstation target.
00:03
I have to set the IP address
00:03
and then test the connection.
00:03
That one address.
00:03
We have communication there and we're able to browse.
00:03
Here we are in our Kali environment.
00:03
What we're going to do is open our terminal.
00:03
First, we're going to start up Armitage.
00:03
Armitage is a piece of software that can scan for us.
00:03
We're going to start that at first because
00:03
it takes a second to start up.
00:03
We're going to type Armitage.
00:03
Then ampersand to let it run in the background.
00:03
Now, process is started and it takes
00:03
>> a second to pop up.
00:03
>> It's going to give us
00:03
this menu here and we want to click "Connect".
00:03
It's going to ask us if we want to start
00:03
the display RPC server.
00:03
You're going to say yes.
00:03
It's going to attempt to start it up.
00:03
Now, these services were not
00:03
>> started prior to starting it up.
00:03
>> What you're going to do here is you're going to type
00:03
service post grad school, start.
00:03
It started up that service and we're
00:03
also going to start off the Metasploit service.
00:03
It failed to serve the Metasploit service
00:03
>> because I don't have that service installed on here.
00:03
>> Let's attempt restarting Armitage again.
00:03
Hit control. Control C to get out of that.
00:03
Start up Armitage again.
00:03
It's going to ask us about
00:03
the Metasploit server once more.
00:03
>> You go and click "Yes".
00:03
>> Here we go. It started
00:03
up the Metasploit service itself there.
00:03
Where it failed here,
00:03
it was able to start it up properly,
00:03
and you see it's running some processes there.
00:03
Now with Armitage,
00:03
you do a scan with Armitage.
00:03
There's a lot of different things you can do here.
00:03
You can go in and import hosts, add hosts.
00:03
We're going to do an Nmap scan.
00:03
An intense scan.
00:03
We're going to do it on 192.168.1.10
00:03
and I'm going to click "Okay".
00:03
Now it's going to run through.
00:03
It's performing a Nmap scan.
00:03
It has found the target.
00:03
You can right-click on it. View the different types
00:03
of logins that are found.
00:03
You can click "Services" here and
00:03
identify the services that we're running.
00:03
>> If you think it's a different operating system,
00:03
>> you can go over here and you can change
00:03
what you think the operating system actually is.
00:03
It changes the icon there,
00:03
but we know it is Linux.
00:03
We're going to set it back to Linux there.
00:03
If you had more items that you are scanning,
00:03
it will create a nice little map here for you.
00:03
I have all of the other virtual machines turn off.
00:03
Right now we're just getting that one item.
00:03
We will come back to Armitage
00:03
later on when we get to the enumeration portion.
00:03
If you come over here to Nmap,
00:03
we are able to see some further information here.
00:03
Armitage doesn't make that information so pretty.
00:03
Let's check out Nmap and a terminal by itself.
00:03
We can also scan using Nmap.
00:03
We're going to do Nmap tack a for everything.
00:03
I'm going to do 192.168.1.10.
00:03
Here we go. It's better look of
00:03
the information that you get from Armitage.
00:03
Armitage is nice because
00:03
the things that you can do further with it
00:03
>> and the enumeration portion and exploitation portion.
00:03
>> We will go back to that later on.
00:03
But from Nmap here,
00:03
we're able to see that the host is up.
00:03
We're able to see the ports that are open.
00:03
We're able to see what's running on the ports.
00:03
This says SSH running and it's
00:03
running OpenSSH version 5.5.
00:03
Here we can see that there's an Apache server running.
00:03
Then we have OpenLDAP running as well.
00:03
We're getting a MAC address from the device.
00:03
Then we get some information about the operating system
00:03
itself and also a traceroute that is performed.
00:03
Nmap is a fantastic tool for you to use to get
00:03
information about hosts that
00:03
you may want to enumerate information about.
00:03
Another tool that you can use, it's called Zenmap.
00:03
Zenmap is like Armitage and it's like Nmap.
00:03
In fact, it actually uses Nmap.
00:03
However, it puts all the information to
00:03
a nice little consolidated format for you.
00:03
We're going to go up to our target list up here.
00:03
I've already typed in a couple
00:03
of different networks here.
00:03
We're going to go to our 192.168.0.14/24.
00:03
You can manually type it in there.
00:03
Then you're going to click "Scan",
00:03
and it's going to run intense scan.
00:03
Now you are going to see
00:03
a bunch of things saying hosts is down.
00:03
If you don't have a lot of things on your network,
00:03
you get that a lot.
00:03
You're going to see that actually
00:03
here in a second on this video.
00:03
As you see there, all those hosts down came up.
00:03
Now, it's scanning the
00:03
192.168.1.10 which is the webserver.
00:03
Come over here,
00:03
>> we can see that it found 192.168.1.10. and 1.30.
00:03
>> Come up here. Click "Ports/Hosts".
00:03
It wasn't able to find anything on the 1.130,
00:03
and that's because it was a Kali box,
00:03
and the Kali box blocks a lot of Nmap scannings.
00:03
We'll come up here and we see the webserver.
00:03
We're able to see the ports and hosts are open.
00:03
We can go here to a topology.
00:03
We can see a little topology here.
00:03
You can zoom in and zoom out using your wheel.
00:03
If we add more devices on the network,
00:03
it would show those additional devices
00:03
on here all interconnected.
00:03
Here's a couple of different ways that you can view it.
00:03
You can change the different kinds of control so you
00:03
can adjust how you want this network map to be viewed.
00:03
Then come over here to host details.
00:03
Here we see in this Kali box
00:03
that 1,000 ports were closed and a scan 1,000 ports.
00:03
Because Kali filters that out.
00:03
Come over here to the 10,
00:03
it says that 1,000 were scanned and 997 were closed.
00:03
We come down here and you can get TCP sequences,
00:03
and the comment that you might
00:03
want to put it in, you can put it in there.
00:03
That is Zenmap.
00:03
It's a fantastic little tool to use.
00:03
You can also see the previous scans as
00:03
usual you've done by clicking "Scans".
00:03
Let us move on to enumeration.
Up Next