1
00:00:00,270 --> 00:00:05,190
So next up on the list are our network enumeration commands.

2
00:00:05,330 --> 00:00:06,990
And I was going to throw a few at you for now.

3
00:00:06,990 --> 00:00:08,950
We're going to explain why they're important.

4
00:00:09,030 --> 00:00:13,150
So again we're going to go ahead and enter into a shell.

5
00:00:13,830 --> 00:00:16,340
And let's take a look at some of them.

6
00:00:16,380 --> 00:00:19,760
The first may be obvious but we're going to run an IP config.

7
00:00:19,770 --> 00:00:24,090
Now we can run the IP config and see what the IP address is of the machine.

8
00:00:24,090 --> 00:00:30,420
We can also get more details by running IP config slash all and seeing a little bit more information

9
00:00:30,420 --> 00:00:31,780
than we did before.

10
00:00:31,950 --> 00:00:36,350
We can see the default gateway we can see the DNS servers etc..

11
00:00:36,360 --> 00:00:39,510
So this just provides information on the architecture.

12
00:00:39,510 --> 00:00:43,710
We might even see something like If I run a domain we might see the domain controller here as a DNS

13
00:00:43,710 --> 00:00:49,800
server or just give us a little bit more information as to where our next attack might be what our subnet

14
00:00:49,800 --> 00:00:51,680
structure is etc..

15
00:00:51,840 --> 00:00:53,960
So important to know.

16
00:00:54,120 --> 00:00:58,860
Another thing that we're going to look at is we're going to look at our ARP tables so we can just say

17
00:00:58,860 --> 00:01:02,310
something like our dash a four hour dash all.

18
00:01:02,580 --> 00:01:08,130
And this won't be that big on most CTF machines but if you're in a lab environment there's a chance

19
00:01:08,130 --> 00:01:10,640
that you might see another IP address here.

20
00:01:10,650 --> 00:01:13,190
So we see two in two fifty five.

21
00:01:13,200 --> 00:01:17,880
Chances are this is a broadcast I.D. and maybe this is your network I.D. here.

22
00:01:17,910 --> 00:01:19,820
It's hard to say without knowing for sure.

23
00:01:19,850 --> 00:01:22,540
But we know we're a dot five.

24
00:01:22,590 --> 00:01:24,710
Actually yes our DOT too is our DNS server.

25
00:01:24,720 --> 00:01:30,090
So we know we're talking to DNS and then we have a dot five which is us maybe we saw like a dot six

26
00:01:30,090 --> 00:01:35,940
or seven or dot seventy five whatever if we saw another IP address in here I would be instantly suspicious

27
00:01:35,970 --> 00:01:40,830
as to why it's in our ARP table especially in a lab environment and how it's communicating with us and

28
00:01:40,830 --> 00:01:41,940
what we can do about it.

29
00:01:42,300 --> 00:01:48,240
So if you're not familiar with these networking protocols then you're probably need to brush up on what

30
00:01:48,270 --> 00:01:54,090
ARP is or where IP config is etc. Those aren't gonna be taught in this course but we should be looking

31
00:01:54,090 --> 00:01:55,200
at the art table.

32
00:01:55,200 --> 00:02:01,590
We should also be looking at the routing table something like a click route print will tell us where

33
00:02:01,590 --> 00:02:03,050
this is communicating as well.

34
00:02:03,060 --> 00:02:09,070
So we're interested in seeing the 10 address and you could see the 10 10 dot 10 10 five.

35
00:02:09,180 --> 00:02:10,800
There's not like another network on here.

36
00:02:10,800 --> 00:02:13,050
Same thing with the IP config by the way.

37
00:02:13,380 --> 00:02:18,990
Sometimes you see dual homed IP addresses where there's a tend not hand that tend to and maybe you would

38
00:02:18,990 --> 00:02:24,810
have something like a 10 not 10 not 10 or 10 not 10 to eleven not two or something like that or dot

39
00:02:24,810 --> 00:02:25,540
five.

40
00:02:25,680 --> 00:02:33,030
We would see a second Nick on this machine and that would mean that this is communicating on one address

41
00:02:33,120 --> 00:02:35,040
and then communicating on another address.

42
00:02:35,220 --> 00:02:38,690
And maybe we don't even need to elevate we just need to pivot on this machine.

43
00:02:38,740 --> 00:02:42,690
So there's a lot of different reasons for looking at what's going on here.

44
00:02:42,690 --> 00:02:44,390
Same thing with the ARP table.

45
00:02:44,400 --> 00:02:48,870
That's another thing if we're communicating to another machine that's important to know the routing

46
00:02:48,870 --> 00:02:55,950
table same thing and then net step is super important close to a net stat dash you know and see what

47
00:02:55,950 --> 00:02:57,880
ports are out there.

48
00:02:58,080 --> 00:03:00,660
We should know you know where are we talking to.

49
00:03:00,660 --> 00:03:01,740
Who are we communicating with.

50
00:03:01,740 --> 00:03:07,210
Well we could see we're communicating with us over this 4 4 4 4 and that's an established connection.

51
00:03:07,290 --> 00:03:11,160
But what about all these listening ports like we're listening on one thirty nine.

52
00:03:11,380 --> 00:03:18,420
OK well we have all these other eyepiece here that we're listening on and how many of these actually

53
00:03:18,420 --> 00:03:22,770
showed up when we were looking at the box originally.

54
00:03:22,830 --> 00:03:23,910
Well not a lot of them.

55
00:03:23,910 --> 00:03:24,120
Right.

56
00:03:24,120 --> 00:03:25,850
We had twenty one in 80.

57
00:03:26,010 --> 00:03:29,920
I didn't see any of these externally facing to us when we did a search.

58
00:03:29,940 --> 00:03:32,520
So where are these ports coming from.

59
00:03:32,520 --> 00:03:35,040
Here's UDP ports where are these ports coming from.

60
00:03:35,040 --> 00:03:40,400
Why are we seeing them you know inside the box but we're not seeing them outside the box.

61
00:03:40,410 --> 00:03:45,840
So maybe these services are only available to us from the inside network and that could be interesting

62
00:03:45,840 --> 00:03:52,380
too because that could allow us maybe to do some sort of port forwarding using a tool like plank or

63
00:03:52,380 --> 00:03:54,020
even interpreter can do it.

64
00:03:54,180 --> 00:03:59,700
And that's just a foreshadowing of what you might see a little bit later on in the course.

65
00:03:59,700 --> 00:04:04,890
So keep that in mind that these internal services are important as well.

66
00:04:04,890 --> 00:04:09,030
So for now we've established that we need to do some basic enumeration.

67
00:04:09,060 --> 00:04:11,870
We need to look at the systems we need to look at the users.

68
00:04:11,880 --> 00:04:17,400
We need to look at the network just kind of gather what's around us before we just start going crazy

69
00:04:17,400 --> 00:04:20,180
and looking around all the files and infrastructure.

70
00:04:20,190 --> 00:04:24,740
Now when we get to the tool section I'm going to show you all the tools I can do this for us.

71
00:04:24,810 --> 00:04:29,460
The next thing I want to show you before we move on and start looking at different tools and start talking

72
00:04:29,460 --> 00:04:36,450
exploits is I want to show you how to do some basic enumeration hunting down passwords and then we'll

73
00:04:36,450 --> 00:04:41,900
move on and start doing our actual exploitation and using tools and et cetera.

74
00:04:41,910 --> 00:04:45,540
So I'll catch you in the next video and we start talking about hunting down passwords.