1
00:00:00,060 --> 00:00:07,590
‫So one of the maps best known features is remote detection, using TCP, IP stack fingerprinting and

2
00:00:07,590 --> 00:00:15,300
‫maps and a series of TCP and UDP packets to the remote host and examines practically every bit of the

3
00:00:15,300 --> 00:00:15,960
‫responses.

4
00:00:17,270 --> 00:00:24,950
‫After performing dozens of tests, such as DCPI Essene sampling TCP option support and ordering IPID

5
00:00:24,950 --> 00:00:32,690
‫sampling and the initial window size check and map compares the results to it and map os DBE database

6
00:00:32,900 --> 00:00:39,380
‫of more than 2600 known OS fingerprints and prints out the OS details if there's a match.

7
00:00:39,800 --> 00:00:46,760
‫Each fingerprint includes a free form textual description of the OS and a classification which provides

8
00:00:46,760 --> 00:00:47,600
‫the vendor name.

9
00:00:48,080 --> 00:00:50,600
‫For example, sun underlying OS.

10
00:00:50,930 --> 00:00:59,270
‫That would be Solares OS generation let's say 10 and device type general-purpose routers which game

11
00:00:59,270 --> 00:01:07,640
‫console whatever OS detection is far more effective if at least one open and one closed TCP port are

12
00:01:07,640 --> 00:01:08,060
‫found.

13
00:01:09,250 --> 00:01:11,110
‫So let's see the U.S. detection in action.

14
00:01:12,290 --> 00:01:19,310
‫We have to use voice detection with one of the port detection techniques, so I use in scan for this

15
00:01:19,310 --> 00:01:19,640
‫demo.

16
00:01:20,840 --> 00:01:28,640
‫The target system is medicine voidable, that's Joo's top 100 ports to make the query faster or just

17
00:01:28,640 --> 00:01:32,180
‫don't give any port at the maps can top 1000 ports.

18
00:01:32,360 --> 00:01:33,100
‫That won't take long.

19
00:01:34,990 --> 00:01:39,700
‫Put uppercase O four OS detection and hit enter.

20
00:01:42,530 --> 00:01:44,450
‫Here is a result of OS detection.

21
00:01:45,750 --> 00:01:51,960
‫It's a general purpose device and running Linux with a version between two, not six, not nine and

22
00:01:51,960 --> 00:01:52,170
‫two.

23
00:01:52,170 --> 00:01:53,430
‫Not six, not three, three.

24
00:01:54,550 --> 00:02:01,780
‫If you would like Unmap to be more aggressive, to have a more accurate result, you can use Özkan guess

25
00:02:01,900 --> 00:02:05,470
‫parameter with O OS detection parameter.

26
00:02:07,630 --> 00:02:14,350
‫Now, let's scan a window system and try to find out the version of the OS, so here I have a Windows

27
00:02:14,350 --> 00:02:15,390
‫eight virtual machine.

28
00:02:16,300 --> 00:02:24,100
‫I want to learn its IP address first over the command prompt type IP config and hit enter.

29
00:02:27,020 --> 00:02:30,140
‫Now, let's go to college and test if we can reach the window system.

30
00:02:31,620 --> 00:02:38,220
‫First, helping the system know the system is not responding to the ping requests or we cannot reach

31
00:02:38,220 --> 00:02:38,790
‫the system.

32
00:02:40,040 --> 00:02:43,170
‫So second, I perform an end mapping scam.

33
00:02:43,940 --> 00:02:52,670
‫We know how to do it right type and map as NN one seven two dot one six nine nine one seven one and

34
00:02:52,670 --> 00:02:53,270
‫hit enter.

35
00:02:54,650 --> 00:03:00,000
‫Yes, and Matt says the host is up, so we are able to reach the system.

36
00:03:00,350 --> 00:03:03,890
‫Now I want to scan the top 10 TCP ports of the system.

37
00:03:09,970 --> 00:03:14,980
‫I add the reason parameter to see the reasons of the results.

38
00:03:16,330 --> 00:03:20,860
‫All the ports we scanned are filtered because there are no responses from them.

39
00:03:21,580 --> 00:03:22,680
‫It's not good for us.

40
00:03:23,810 --> 00:03:27,500
‫So I had the best detection to the latest and map query and rerun it.

41
00:03:30,470 --> 00:03:37,430
‫No, and Map cannot find the lost details because it does not have a ResultSet to probe or interrogate.

42
00:03:38,740 --> 00:03:45,970
‫I would like to open a port on the Windows system and reply the unmap scans and Windows eight VM, I

43
00:03:45,970 --> 00:03:49,690
‫run the IIS Internet Information Services Manager.

44
00:03:53,170 --> 00:03:56,260
‫And start to host the default website of ISIS.

45
00:03:58,410 --> 00:04:03,690
‫Open a Web browser and try to reach the website, typing the IP address of the system into the address

46
00:04:03,690 --> 00:04:04,020
‫bar.

47
00:04:04,800 --> 00:04:06,360
‫OK, Web service is up.

48
00:04:06,990 --> 00:04:09,960
‫Let's test if I can reach the website from Colly.

49
00:04:10,650 --> 00:04:16,710
‫I go to Cali, open a browser, enter the IP address of the Windows eight VM and hit Enter.

50
00:04:19,110 --> 00:04:21,900
‫No, I cannot, and I think I know the reason.

51
00:04:23,010 --> 00:04:28,210
‫In Windows VM, let's look at the firewall if http traffic is allowed.

52
00:04:29,850 --> 00:04:38,040
‫So I open the firewall at the upper left corner, I click allow an app or feature through Windows Firewall

53
00:04:38,040 --> 00:04:38,400
‫Link.

54
00:04:40,500 --> 00:04:47,550
‫Quick change settings, which needs to have admin privileges go to the end of the list, as I thought,

55
00:04:48,000 --> 00:04:53,910
‫HTTP services are not allowed, check it and click OK to apply the changes.

56
00:04:55,210 --> 00:05:00,490
‫Now in a command prompt to support 80 Irun net stat and command.

57
00:05:05,840 --> 00:05:11,900
‫When I come back to Cali, I see that the page is loaded in the browser, that means Colly can reach

58
00:05:11,900 --> 00:05:13,940
‫Port 80 of my Windows eight PVM.

59
00:05:15,270 --> 00:05:21,390
‫Now in Terminal Scream, I want to run since scan for the Windows system's top 10 ports.

60
00:05:22,580 --> 00:05:27,950
‫Here we have an open port now, so let's reply the scan with OS detection option.

61
00:05:32,170 --> 00:05:34,060
‫Now we have the U.S. detection result.

62
00:05:35,270 --> 00:05:37,740
‫First and Map warns us about the results.

63
00:05:38,330 --> 00:05:45,230
‫It says the results may be unreliable because it couldn't find a closed port to probe anyway and map

64
00:05:45,230 --> 00:05:46,250
‫makes it best.

65
00:05:46,400 --> 00:05:49,990
‫And here it says the operating system is one of them.

66
00:05:50,810 --> 00:05:57,130
‫Windows 2008, Windows eight, not one, Windows seven, Windows Phone or Windows Vista.

67
00:05:57,230 --> 00:05:57,920
‫Good job.