WEBVTT

00:00.330 --> 00:09.150
The default and MAP scan only displays state of the ports whether they are open or not.

00:09.180 --> 00:17.580
In this lecture, we will extract more information about the target network, such as services that

00:17.580 --> 00:19.920
are running on the network.

00:19.960 --> 00:29.130
Their versions and operating system of the target network or host discovering software version of a

00:29.130 --> 00:37.590
service is important because once attackers discover the exact version a number of the service, then

00:37.590 --> 00:44.100
attackers can check all the possible vulnerabilities in that particular version.

00:44.100 --> 00:50.790
And if there are vulnerabilities available, then they can be exploited very easily.

00:50.790 --> 00:51.390
Right?

00:53.530 --> 01:02.050
So type and map hyphen as we now specify the IP address or a domain name.

01:02.300 --> 01:05.020
S means service, which means version.

01:05.410 --> 01:14.260
This scan is going to take a longer time than the usual scans, so wait patiently.

01:14.260 --> 01:17.740
So hit enter scan is complete.

01:17.800 --> 01:22.630
Now let's dissect the information one by one.

01:22.690 --> 01:27.910
As you can see, guys, here we have an additional column version, right?

01:27.940 --> 01:37.450
It displays the current version of the installed application or service port number 22, which runs

01:37.630 --> 01:39.460
SSH service by default.

01:39.460 --> 01:45.160
And the current version of SSH is open SSL 6.6.

01:45.220 --> 01:45.670
Right.

01:45.700 --> 01:51.150
Now what does this version number mean to a hacker?

01:51.160 --> 02:01.510
Once the exact version number is found, then we can easily search databases like exploit ADB and C

02:01.510 --> 02:06.070
we for possible vulnerabilities in the version.

02:06.070 --> 02:16.060
And if vulnerabilities are there, then we can use a framework like Metasploit to exploit the vulnerabilities

02:16.060 --> 02:19.050
for a network and system administrators.

02:19.060 --> 02:25.750
It is important to check the version of installed services or applications.

02:25.750 --> 02:34.510
If version is vulnerable to attacks, then we must apply patch or update the application.

02:34.840 --> 02:38.260
Then we have another open port eight zero.

02:38.290 --> 02:43.540
The current version of Apache Web server is 2.4.7.

02:43.540 --> 02:51.880
Down here we have another interesting piece of information service info right operating system of the

02:51.880 --> 02:57.310
host is Linux server is being powered by the Linux.

02:57.400 --> 03:06.730
So guys, it is important for network and system administrators to keep an eye on the services and their

03:06.730 --> 03:15.850
versions so regularly check the current version of the installed application or service and also check

03:15.850 --> 03:19.570
whether it is vulnerable to attacks or not.