1 1 00:00:02,330 --> 00:00:03,163 Okay, now that 2 2 00:00:03,163 --> 00:00:06,070 we installed Nexpose successfully, 3 3 00:00:06,070 --> 00:00:08,310 let's see how we can run that tooL, 4 4 00:00:08,310 --> 00:00:09,450 and see what that tool is. 5 5 00:00:09,450 --> 00:00:10,890 I know we spoke about it a lot 6 6 00:00:10,890 --> 00:00:12,610 and we went through the installation process, 7 7 00:00:12,610 --> 00:00:15,480 but you still haven't seen what the tool does. 8 8 00:00:15,480 --> 00:00:18,040 So the first thing before we can run the tool, 9 9 00:00:18,040 --> 00:00:20,990 we need to make sure that the database 10 10 00:00:20,990 --> 00:00:23,200 that comes in with Kali Linux is turned off 11 11 00:00:23,200 --> 00:00:26,350 because Nexpose uses its own database. 12 12 00:00:26,350 --> 00:00:28,650 So if we have both of them running on the same port, 13 13 00:00:28,650 --> 00:00:30,350 they'll conflict with each other. 14 14 00:00:30,350 --> 00:00:32,370 So the first thing we're going to do, 15 15 00:00:32,370 --> 00:00:34,380 we did that in the previous lecture as well 16 16 00:00:34,380 --> 00:00:37,740 before we installed Nexpose, but I just wanna make sure that 17 17 00:00:37,740 --> 00:00:39,630 you have it in your mind that every time 18 18 00:00:39,630 --> 00:00:42,460 before your Nexpose you turn off your database. 19 19 00:00:42,460 --> 00:00:44,320 So you do it using the same command 20 20 00:00:44,320 --> 00:00:45,950 that we did in the previous lecture. 21 21 00:00:45,950 --> 00:00:50,590 So at service post stop, 22 22 00:00:54,980 --> 00:00:58,210 and that will make sure that the service has been stopped. 23 23 00:00:58,210 --> 00:01:01,730 Now we're going to navigate to the location 24 24 00:01:01,730 --> 00:01:03,370 where we installed Nexpose. 25 25 00:01:03,370 --> 00:01:05,630 So unless you change the location during 26 26 00:01:05,630 --> 00:01:08,940 the installation process, it should be installed in. 27 27 00:01:08,940 --> 00:01:11,180 So we're using the CD command to navigate, 28 28 00:01:11,180 --> 00:01:16,180 and it should be installed in opt Rapid seven Nexpose. 29 29 00:01:18,820 --> 00:01:22,300 And then the the file that runs the server 30 30 00:01:22,300 --> 00:01:25,813 is stored in the directory called NSC. 31 31 00:01:27,670 --> 00:01:30,410 And the file that you wanna run 32 32 00:01:30,410 --> 00:01:33,273 is called nsc dot sh, this file. 33 33 00:01:34,590 --> 00:01:37,410 So we run it just the same way we run the installer before. 34 34 00:01:37,410 --> 00:01:39,810 As I said, to run an executable 35 35 00:01:39,810 --> 00:01:42,640 you always use the dot forward slash 36 36 00:01:42,640 --> 00:01:44,520 and then you write the name of the executable. 37 37 00:01:44,520 --> 00:01:47,443 So it's nsc dot sh. 38 38 00:01:50,060 --> 00:01:53,340 Now, running this for the first time might take some time. 39 39 00:01:53,340 --> 00:01:56,600 So just let it do its thing until it runs. 40 40 00:01:56,600 --> 00:02:00,360 And once it finishes loading the framework, 41 41 00:02:00,360 --> 00:02:03,810 we'll see how we can access it and use it. 42 42 00:02:03,810 --> 00:02:07,330 Okay, so the tool has loaded successfully. 43 43 00:02:07,330 --> 00:02:09,940 And as you can see that it's telling us that 44 44 00:02:09,940 --> 00:02:13,560 we can browse it using the following URL. 45 45 00:02:13,560 --> 00:02:17,510 So what we're going to do now is launch our browser 46 46 00:02:18,550 --> 00:02:22,473 and just paste the URL that it just gave us. 47 47 00:02:24,450 --> 00:02:26,350 Now, it's asking us to log in. 48 48 00:02:26,350 --> 00:02:29,290 So log in using the username and password 49 49 00:02:29,290 --> 00:02:32,060 that you created when you installed the tool. 50 50 00:02:32,060 --> 00:02:35,983 So my username was zaid, and I'll put my password. 51 51 00:02:38,360 --> 00:02:40,980 Okay, and we logged in successfully. 52 52 00:02:40,980 --> 00:02:44,040 And you can see that the first thing it asks us to do 53 53 00:02:44,040 --> 00:02:45,880 is to enter the product key. 54 54 00:02:45,880 --> 00:02:48,030 Now as I said, this is a free version. 55 55 00:02:48,030 --> 00:02:52,630 And when you download the tool you have to fill out a form. 56 56 00:02:52,630 --> 00:02:55,360 So in that form you put your email address 57 57 00:02:55,360 --> 00:02:58,130 and then they send the product key to your email. 58 58 00:02:58,130 --> 00:02:59,730 So I'm just gonna go to my email 59 59 00:02:59,730 --> 00:03:02,723 and get the product key and paste it here. 60 60 00:03:03,940 --> 00:03:06,403 Okay, so I'm gonna post it now, paste it. 61 61 00:03:07,920 --> 00:03:10,453 And click on activate the key. 62 62 00:03:13,870 --> 00:03:16,250 Now as you can see the activation is successful, 63 63 00:03:16,250 --> 00:03:17,990 it's gonna refresh now. 64 64 00:03:17,990 --> 00:03:21,350 Now this, I actually paused and received the video 65 65 00:03:21,350 --> 00:03:23,720 because the activation takes some time as well, 66 66 00:03:23,720 --> 00:03:26,330 I just don't want to make the video boring. 67 67 00:03:26,330 --> 00:03:30,620 Now, as you can see this is just showing us information 68 68 00:03:30,620 --> 00:03:33,840 about the license, so everything is activated 69 69 00:03:33,840 --> 00:03:35,303 and we're good to go. 70 70 00:03:36,670 --> 00:03:40,163 So I'm gonna go to the Home from here, from the left menu. 71 71 00:03:44,180 --> 00:03:46,830 So this is the homepage of the tool. 72 72 00:03:46,830 --> 00:03:49,320 And as you can see now everything is empty. 73 73 00:03:49,320 --> 00:03:52,570 So before I start talking about what everything means, 74 74 00:03:52,570 --> 00:03:56,620 let's go ahead and add the target and then we'll do a test 75 75 00:03:56,620 --> 00:03:58,350 and we'll see, because this stuff 76 76 00:03:58,350 --> 00:04:00,350 will be filled after we do a test. 77 77 00:04:00,350 --> 00:04:02,980 So the first thing I'm gonna do is go and create 78 78 00:04:02,980 --> 00:04:06,070 and go on a site to add a target. 79 79 00:04:06,070 --> 00:04:09,383 And I'm gonna call this target Metasploitable. 80 80 00:04:12,460 --> 00:04:16,853 And I'm going to go to the Assets. 81 81 00:04:17,960 --> 00:04:19,810 And we're gonna add the target. 82 82 00:04:19,810 --> 00:04:23,410 So the target can be arranged the same way we added it 83 83 00:04:23,410 --> 00:04:26,570 when we were doing the network penetration things 84 84 00:04:26,570 --> 00:04:29,180 with Zenmap, so you can add a range 85 85 00:04:29,180 --> 00:04:30,860 or you can add a specific IP. 86 86 00:04:30,860 --> 00:04:33,710 So in this we're actually targeting 87 87 00:04:33,710 --> 00:04:35,320 the Metasploitable machine. 88 88 00:04:35,320 --> 00:04:36,900 So we're gonna add our target, 89 89 00:04:36,900 --> 00:04:41,780 which is ten twenty fourteen 204, confirm this here. 90 90 00:04:41,780 --> 00:04:45,233 This is our Metasploitable machine ten twenty fourteen 204. 91 91 00:04:47,720 --> 00:04:49,540 And we're gonna add this to a group 92 92 00:04:49,540 --> 00:04:51,880 and we call that Metasloitable as well 93 93 00:04:52,740 --> 00:04:54,933 or we call this test. 94 94 00:04:55,990 --> 00:04:57,363 So this is our group name. 95 95 00:04:58,610 --> 00:05:02,090 Now and here in the authentication part, 96 96 00:05:02,090 --> 00:05:05,730 if the target uses some sort of authentication, 97 97 00:05:05,730 --> 00:05:09,440 so nobody can access the target unless they need 98 98 00:05:09,440 --> 00:05:12,460 to authenticate with some sort of a service for example, 99 99 00:05:12,460 --> 00:05:17,150 if it's an FTP service or a web HTTP authentication, 100 100 00:05:17,150 --> 00:05:20,163 a TELNET or an SQL Server. 101 101 00:05:21,470 --> 00:05:23,540 So you can pick it from here, 102 102 00:05:23,540 --> 00:05:27,580 put the domain username, password, confirm your password. 103 103 00:05:27,580 --> 00:05:31,470 And that way the framework will be able to authenticate 104 104 00:05:31,470 --> 00:05:34,980 with that service and test the security of your server. 105 105 00:05:34,980 --> 00:05:37,630 Now our server doesn't use any type of authentication, 106 106 00:05:37,630 --> 00:05:38,873 so we don't need this. 107 107 00:05:39,810 --> 00:05:42,940 Also if you're targeting a web application, 108 108 00:05:42,940 --> 00:05:47,550 and the web application uses, has a login page for example, 109 109 00:05:47,550 --> 00:05:49,510 for users, for example Facebook. 110 110 00:05:49,510 --> 00:05:51,210 Let's say you're targeting Facebook, 111 111 00:05:51,210 --> 00:05:54,220 then you won't have access to most of Facebook's features 112 112 00:05:54,220 --> 00:05:58,270 unless you log in using a certain username and a password. 113 113 00:05:58,270 --> 00:06:01,110 So again, using this feature here you can login 114 114 00:06:01,110 --> 00:06:03,863 and then test the security of your target. 115 115 00:06:05,830 --> 00:06:09,800 And the Template is where you select the Scan type. 116 116 00:06:09,800 --> 00:06:12,280 So it's very similar to this Scan type with Zenmap, 117 117 00:06:12,280 --> 00:06:14,760 we seen in Zenmap we had, a Quick Scan, 118 118 00:06:14,760 --> 00:06:19,020 Quick Scan Plus and Intense Scan, this is the same. 119 119 00:06:19,020 --> 00:06:22,442 So each one of these profiles is different, 120 120 00:06:22,442 --> 00:06:23,990 it scans different things. 121 121 00:06:23,990 --> 00:06:25,580 For example, we have the full audit here 122 122 00:06:25,580 --> 00:06:27,110 which takes a lot of time, 123 123 00:06:27,110 --> 00:06:29,880 but pretty much checks for everything. 124 124 00:06:29,880 --> 00:06:32,600 Then you have a full audit enhanced logging 125 125 00:06:32,600 --> 00:06:34,710 without a Web Spider. 126 126 00:06:34,710 --> 00:06:37,950 So a Web Spider is a tool or a script 127 127 00:06:37,950 --> 00:06:41,723 that finds all the files and directories in your target. 128 128 00:06:43,420 --> 00:06:46,300 And the default one is a full audit without Web Spider. 129 129 00:06:46,300 --> 00:06:48,890 So that's the one we're gonna be doing. 130 130 00:06:48,890 --> 00:06:52,840 And you also have network specific profiles, 131 131 00:06:52,840 --> 00:06:54,770 you have web audits as well. 132 132 00:06:54,770 --> 00:06:59,360 So I really encourage you to try all of them or most of them 133 133 00:06:59,360 --> 00:07:01,110 and get yourself familiar with them. 134 134 00:07:01,110 --> 00:07:03,300 Now we're only gonna try this one because using them 135 135 00:07:03,300 --> 00:07:05,810 is the same, which we'll be scanning 136 136 00:07:05,810 --> 00:07:09,650 for ICMP TCP and UDP ports. 137 137 00:07:09,650 --> 00:07:13,100 So I'm leaving that the same, I'm gonna leave 138 138 00:07:13,100 --> 00:07:15,310 the Engine the same as well, which means 139 139 00:07:15,310 --> 00:07:18,140 it's going to use our local engine which we installed 140 140 00:07:18,140 --> 00:07:22,003 instead of using the one that is provided by Rapid seven. 141 141 00:07:23,200 --> 00:07:25,560 And the alerts, you can set up custom alerts, 142 142 00:07:25,560 --> 00:07:27,940 so that whenever an ability is found 143 143 00:07:27,940 --> 00:07:30,100 you get a notification. 144 144 00:07:30,100 --> 00:07:32,840 And the schedule is a really, really cool feature. 145 145 00:07:32,840 --> 00:07:36,010 Now say you're working for a company or for an enterprise 146 146 00:07:36,010 --> 00:07:39,660 that keeps pushing code, new code every day. 147 147 00:07:39,660 --> 00:07:43,470 Or, for example, maybe your code you do a test today 148 148 00:07:43,470 --> 00:07:45,570 and everything you're working on is good. 149 149 00:07:45,570 --> 00:07:48,750 Your web servers, your programs, your applications, 150 150 00:07:48,750 --> 00:07:49,810 everything is up to date 151 151 00:07:49,810 --> 00:07:51,690 and there is no vulnerabilities in them. 152 152 00:07:51,690 --> 00:07:55,200 Let's say tomorrow you push a new vulnerable code 153 153 00:07:55,200 --> 00:07:59,000 or maybe tomorrow someone discovers a new vulnerability 154 154 00:07:59,000 --> 00:08:01,750 with a program that You're using on your web server, 155 155 00:08:01,750 --> 00:08:04,020 so you're not secure anymore. 156 156 00:08:04,020 --> 00:08:07,930 So this feature allows you to schedule this test 157 157 00:08:07,930 --> 00:08:11,660 so that it runs every week or every hour or every month 158 158 00:08:11,660 --> 00:08:13,963 dependent on how critical it is. 159 159 00:08:15,390 --> 00:08:19,940 So all you have to do is just go into create a schedule, 160 160 00:08:19,940 --> 00:08:21,070 and create the schedule. 161 161 00:08:21,070 --> 00:08:23,620 So you can put a start date and an end date. 162 162 00:08:23,620 --> 00:08:26,630 And you set up the frequency from here for every day, 163 163 00:08:26,630 --> 00:08:28,580 every Thursday, every 26th 164 164 00:08:28,580 --> 00:08:31,890 or depending on what you want, really. 165 165 00:08:31,890 --> 00:08:34,830 You create a schedule, and then every interval 166 166 00:08:34,830 --> 00:08:37,610 that you specify, the scan will run. 167 167 00:08:37,610 --> 00:08:40,280 And even you can get it to produce a report for you, 168 168 00:08:40,280 --> 00:08:42,990 so you can go over the report and see what's changed 169 169 00:08:42,990 --> 00:08:45,210 or what has been discovered. 170 170 00:08:45,210 --> 00:08:46,580 So everything's good now. 171 171 00:08:46,580 --> 00:08:49,250 The most important part today or what we did here 172 172 00:08:49,250 --> 00:08:51,253 is you put your target here. 173 173 00:08:53,150 --> 00:08:56,870 And the next thing is you select the template. 174 174 00:08:56,870 --> 00:08:58,480 So we have both of them selected 175 175 00:08:58,480 --> 00:09:00,770 and we're gonna do save and scan, 176 176 00:09:00,770 --> 00:09:04,923 which will save this configuration and start a scan for us. 177 177 00:09:05,960 --> 00:09:09,240 Now as you can see our Asset Discovery is in progress. 178 178 00:09:09,240 --> 00:09:12,050 I'm gonna pause the video and after that 179 179 00:09:12,050 --> 00:09:15,543 we will talk about the results that we got.