CompTIA Security+ SY0-601 – 4.1 Tool to assess organizational security. Part 1

  1. Introductions to commands

In this video I’m going to be telling you what I’m going to be doing in this section. So in this section of the course, we’re going to be going through a whole bunch of commands. That is in the CompTIA’s objectives that I want to show you guys that I’m going to be covering now because the commands and takes up the screen and I want to show you the screen. I’m going to be disappearing from the screen just for the next couple of videos. But I want to show you here on the CompTIA objectives that we have here. Here’s the objectives and there is a whole lot of commands here. Here is it. We’re going to the top of four. Here we go. So I am going to be doing dedicated videos for every single one of these commands maybe we will group some of them up like head, tail and cat pretty simple Linux commands. Now some of them I did already we did do the Nexus scanner some of them I’ll talk about and I’ll show you guys what they are.

Some of them are complex to install like sniper. I give you guys some links but I will be demonstrating a good set of the commands here for you so have some fun doing these commands. Most of them are going to be done in Linux so you guys can check them out. Now I would recommend to you guys to try to do more practice afterwards. I’m only going to give you an introduction and tell you what you need to know for your tests. And that’s all. I’m basically going to say this is what you need to know for your exam and nothing more. I’m going to give you a good introduction into it. So I’m going to cover some of the slashes and the dashes and the slashes and whatever and then you guys are going to be doing the rest from there to have some fun. In the next series of video learning all about different Linux and Windows commands mostly Linux.

  1. ARP and Route

In this video I’m going to be showing you how to use ARP Address Resolution Protocol. That’s basically a command and route command. Now these commands are very useful especially seeing if your table, if somebody has done a man in the middle attack against you and you want to see if maybe there was some kind of spoofing or poisoning of your ARP table and also if it’s rerouting any of your traffic. So you can use your route command for this. Two commands are basically going to be the same for Windows and Linux and I’ll show you what I mean. So I’m going to try these here first on Windows and I’m going to do ARP. Just press Enter and you notice that it basically brings up all the lists. Now basically we run this command with a in order to show the IP interface and basically all of the resolution against it. So this is the IP on this computer here’s, all the computers in my network here’s, all the Mac addresses for those correspondent IPS.

Remember, address resolution protocol basically translates between IP addresses and Mac addresses. Now just to show you that, you could even add static ARP entries in there. Now some people do this in order to defeat or not have anyone poison their ARP table. So you would do this with the ARP command. The other one here is going to be route. So in this one here we’re going to do route to the print in order to print out and show us the routing table. Now this is basically the routing table on this computer and it’s telling me in order to get to certain things, notice to get to this destination means any I’m going to send all my traffic to the gateway and then it has specific interfaces where I can go to and what interface I can use. This computer does have a lot of virtual machines installed on it so it’s going to have a lot of different interfaces. So these would be these two commands on it.

Now the other thing here I’ll show you here is on Linux you do have the same command ARP and I’m just going to press Enter and it basically shows you basically the same thing. So you have your IP address. It’s showing you, hey, it’s bound to this Mac address. It resolved this IP to this Mac address. So you do have that also there. Now also route is also going to be the same here. So you’re just typing in, you press Enter and it’s basically telling you the route and table. So anything that wants to go somewhere, the default one is basically going to send it to the router here. Okay? So these two commands somewhat useful when it comes to security, security commands but it is mentioned in the exam objectives. I mostly use these commands when I’m checking to see if something got poisoned or my traffic is being redirected. So are poisoning. You can check by using the ARP command. If you see your traffic is being redirected, just use the route command for that.

  1. hping

In this video, I’m going to be going over a command with you that’s really important to know as a Pen tester or security administrator. It’s called hping. hping is a command that allows you to conduct Dos attacks on different types of systems and even DDoS attacks. It basically allows you to test your firewall rules and test your IDs. What I’m about to show you is just a small example of what this command is capable of. But this is going to be an eye opener for you so you can see what it’s doing. Basically what we’re going to be doing is we’re going to be Dos attacking one of my web servers I have here on VirtualBox through Kali Linux. Now Kali is basically let me log back in here. Kali is what we’re going to be using to run this command. Now, I already have the command typed out here, but before I go through the syntax with you, I just want to show you guys how to set up is working.

So I’m going to go back here to my Windows Ten. And in my Windows Ten, actually, let’s check the IP address on it. So on this Windows Ten box, I have an adapter IP address, 192-1681, dot 188. So that’s the IP address of this Windows Ten box. And you’ll notice that the windows ten. I’m going to open up a web browser here. This is on my host machine now. And I’m going to go to that IP address and you notice that it’s just the default Internet information page. Just remember how fast this thing popped up. And I’m going to close it up. We know we have a web server running on it. I’m going to open up wireshark because I want to capture the packets coming onto ETH Two, which is the interface I have. So I got some packet capturing going on here.

And what we’re going to do is we’re going to flood this thing. We’re basically doing a Sin flood against this machine using the hping. So let’s go take a look at what the command says. The command says hping Three. That’s command we’re running. So the first thing up is this C with 100,000. We’re going to be sending you know what, I got it. There is 10,000. We’re going to be sending 100,000 packets to the actual Windows Ten box. Now the D is the size dash 120 is the size of the packets to send to the target machine. The other one I have is a dash S. We’re only sending the Sin packets. This is going to be basically a sin flood. This is the window size. We’re doing 64, and the P here is 21. Or you could do 80, you could do 443. As you can see, we’re doing 80. We’re actually basically doing it against the web server.

We’re going to be flooding it with random IP addresses and the host, the target is that 161, 88, so I’m just going to press Enter. Now it goes in and it says hping in flood mode, and it’s basically flooding the interface as I’m speaking now. Right now, Wireshark is probably going crazy on this machine. You can see that it’s already in here. And I look at this. I can’t scroll up here. Wireshark is not responding to me right now because it’s just getting flooded with so many IP addresses that it’s hidden. So it’s coming from the source and the desk, and it’s going crazy. I notice all the sentence. And since that’s coming in and it’s hidden this machine like crazy. So let’s go and check out the website here. Now that I bring it down, I’m not sure if I brought it down. Okay, so it’s still coming up there, and it came up pretty quickly.

It could have just been that it was cash in there. So we send 100,000 packets in there, and I’m just going to control zdat I’m sorry, control CDAT. And basically it stopped. So the machine should become responsive one more time. Okay, give it a second. Let it stop. You can see that this is just completely slowing down on me right now. So we turned off the flood and look at all these random IPS from all over the places we’re getting. Okay, now it’s responsive again. So you can see all the sins in Sins, and look at all these IP addresses now. So in the ones we just saw. So when we do the Sin, all of these, it’s going to come back and want to do the Acknowledgment. So now it’s sending back the Sin Act to these random IPS that just don’t exist right now. Basically, we randomize the IP addresses. So now it’s receiving IPS from all these random things, and then the computer sends back the syntact.

But there’s going to be no return because these machines never actually requested it. Now, this is not a command that you should be doing just outside like this. This is a command that you only want to keep for internal IP addresses and just to test your network. Again, this video is for educational purposes only. I want to make sure I say that for somebody, somebody does something that they shouldn’t be doing and take websites offline. But you could use this in doing DDoS attacks also. Okay, so this was hping. This is one example of using it. hping has many, many options that you can use. There’s a big rabbit hole to go down if you start going into it. Many tutorial are out there and using this in order to conduct tests. But remember, always tests. And if you’re doing any kind of testing, make sure to do it on your internal systems only.

  1. Curl

In this video I’m going to be covering a command called Curl or what’s known as Client URL. It’s basically an acronym for that. So this command basically allows you to do things such as transfer and download files from FTP or Http. It allows you to grab Http headers. Let’s see what it does. And then we’ll do some file transfer with it. And the easiest thing to do in now this is a Linux command. So we’ll type Curl and we’ll type maybe Tia. edu. So basically it’s going to grab the Http header here. We don’t have a big Http header, but I want to show you how small it is. If I was to run this command again and I was to put Google, you’ll see how much bigger it is just to grab that in there. This basically grabs the Google. com domain. But if I was to put the Www, it’s going to grab the entire web page. So this here could be pretty large. So let me show you how to transfer a file.

Now to do this on this command, what we’re going to do here is I want to show you that on my Windows Seven machine I have an FTP server that we set up. If you guys remember we had used this to see how to sniff FTP traffic, FTPs. So we’re going to go in here and we are going to see if we have a users. So I got a user called Bob. Bob has access to a shared folder. So what we’re going to do is we’re going to watch the log set in here to see if we can transfer and download files to it. And that’s a pretty simple command. This is a command I use on Linux. If I just want to use some FTP transfer really quickly, I do use this sometimes if I want to just do a quick FTP transfer. So if I want to basically just see what’s in the FTP server, I would just curl I got to put in my user, which is Bob colin. The password for Bob is actually just password and then we got it. Now curl does support a lot of different protocols.

We actually got to be specific with what we want. Now I forgot the IP here. So the IP on this windows seven machine was 1175. The IP there. So the one seven five is the command this is just going to tell us. So right now I got two files in my FTP server. This test txtdata, TXT. And what I want to do is I want to download that file. That’s an easy command. You would just run the same command again, but you would put a slash and you would just type the file that you’re looking for. One thing I always tell people is you got to watch spaces in these files now because if you put a space, it wouldn’t download it. That basically just downloaded it. Let’s see, if you go back to the Windows seven, it should have shown open and data channel for file download a server text TXT successfully transferred goods. So we grabbed the file. Okay, the next thing here I want to do is I want to upload a file.

So I’m going to do LS to make sure I have a file there. So I do have a file crack TXT here. So I’m going to go ahead and I’m going to run curl, but this time we’re going to do with a T. And we want to transfer that file TXT. And basically we’re going to run the same command again. The user is Bob, the password is password and FTP address again. And let’s see if we’re able to transfer this file across our network. Okay, so let’s see if this works. Okay, so the last time we did it, we transferred the text. Okay. Successfully transferred. And it seems like we’re good. All right, so basically that’s what this command does. It’ll allows you to transfer files across your network, and it’s a very simple command to use. I do use this quite often when I’m doing some file transfer, but it does do a lot of other options. I’m just giving you a good introduction to it. Now take it from here and use it down go down that rabbit hole and learn more about this coral command.

  1. IP scanner

In this video, I’m going to be talking about IP scanners. Now, IP scanners are basically utilities that allows you to scan big address spaces or network blocks and tell you what hosts are there or not. One famous IP scanner. And I mean famous. I mean, it’s pretty famous. A lot of people have used this IP scanner, and this scanner is called Angry IP scanner. And it’s angry for a reason. Guys, this thing is really fast. This is probably my most, one of my most favorite tools when it comes to doing Pen test and being in the network, just being able to discover hosts very quickly. Okay, so we’re going to just do this 64 32 bit installer here and start your download. Okay. Is it going to give me some kind of okay, yeah, I don’t like these ads. These ads are pretty they get you on those ads. Okay, so I was able to download it here. We’re going to click on next we’re going to install this cannot Java.

You need to have Java virtual install the 64 bit. Let’s see if it just runs. Do you want to open and download? Okay, so we’re going to have to download Java on this. So guys, this is what happens when you don’t practice the lab before running it. Anyhow, I wanted to show you guys all of this so we can download it and get this all working. Okay, so give this a second. Let this download because this is a really good utility. Now I have it installed on my laptop that I do my Pen testing with. Although I can’t remember installing this. Hopefully they’re not giving me spyware. That’s why you always want to put these things in virtual machines. Okay, so that should be it. There it is. Okay, so we are good. All right. Angry IP scanner. So what I’m going to do is I’m going to scan this entire network in my house here and we’re going to see what we found.

So it’s going to start scanning and that’s why it’s called Angry. As you can see, it’s pretty quick. When it was finding it, it found the gateway, and then it starts to look for all types of machines across my network. And it’s going to check some common ports on those machines that are open on it. So, for example, I got a couple of machines here. I got my Windows Seven VM that’s running? I have a Roku in the house. Got a circle in here. Yeah, a lot of important information that this thing is going to show you so you guys can download this. This is basically what an IP scanner is. Angry IP scanner. Great piece of software for you guys. Check it out. Keep it in your toolkit. Just be careful how you download that. They seem to have a lot of ads on their website there. All right, so good stuff. Go check this one out. Have some fun.

img