[Music] foreign [Music] service enumeration in this video so the process that I am following is I'm covering the entire playlist in six parts that is in six days and each day consists of different part which is required to clear the examination I already covered this scanning Network part if you haven't saw this video you can just get the link in the description box or you can navigate to the whole playlist regarding the scanning Network today so today we'll be saving the different service enumerations such as FTP followed by SNMP SMB RDP and net bias if you are not familiar with this protocol kindly go and give a deep dive of these concept these are very important protocols that are used in the networking but I'll be covering as well that what is up TP and what are these Services how to brute force it what are the right syntax or the right tools that are required to brute force it or to perform the task that is being asked in the examination so uh first of all uh we'll be enumerating FTP and it basically runs on default Port 21 and FTP is a network protocol that is used to transfer files between different computers over TCP connection so uh we'll be learning each and everything by doing practical so this is practice time let's get started okay so you'll be getting the same environment and the best part for you is that you don't need to bother about any word list or password file it is already present on the screen it will be mentioned in the task that you can navigate to the file list from this and this directory so you just have to be aware about the situation solve the questions with open mind okay so uh first of all uh when we when we see any Target over the uh Live host that we already found by scanning the network then we'll get to know that on some IPS there is FTP running on Port 21 okay so let me check my IP so that I can see that which other IP is running FTP in the network [Music] so we'll copy it and [Music] hear it and I know that FTP is running on Port 21 of this IP address and you will be also you know aware about what type what hosts are running with Services because in the network enumeration part you already discovered that what ports are open and what services are running on those ports but then also uh I'll be using the nmap to demonstrate you that what service is running on Watford so I have an nmap and we'll be using the flag P for the port 21 because we need to enumerate the FTP and we will also use this script tag so that uh external scripts will be utilized as well during the scanning or enumeration of this host so we got to know that there is a port 21 and the state is open and the service that is running on the port 21 is FTP so we are sure now that FTP is running on 421 for the host and for the host ending with IP dot three so let's clear the screen now the real thing starts that when you want to connect or do FTP to share the file we give a syntax of FTP and the IP of that host machine so when we do so it asks us the credentials to log in and since we don't have any credentials so let's let's give the credentials of root and password as tour let's see what happens so we got to know that login was failed we will exit this now what you are supposed to do is you are supposed to Brute Force the login credentials of FTP and you as I already told you that you don't need to bother about the username list and password list it will be provided to you already on the desktop screen or whatever the location they have stored in they will navigate you or tell you that the credentials are present over here okay but in this case to demonstrate you and make you aware that what is the process and how you are going to proceed to brute force it so you have to use the Hydra tool you must be aware of the header tool if you are not aware then I will suggest you that you can go over the track there is a free room for this and make yourself familiar with the Hydra tool Hydra tool is basically used for brute forcing the services so in this case let me explain you that there are a number of flags that you can utilize it but majorly focused flag is hyphen L that is a hyphen small L when you have a username and you just need to give the user name then you will use the hyphenate smaller and when you want to give a complete playlist then you have to give the hyphen capital L as a flag and you'll be using hyphen Captain L as a flag in most of the cases during your examination and for the password hyphen P flag will be used I guess we can get it here something yeah so hyphen P for the password file the complete text file or any other file you can give the path of that file using a hyphen P flat so this is the main thing that you must be concerned after that if you are curious about what header can do you can navigate or you can learn more about it but that is not required it's totally up to you so I'll be using a Hydra to Brute Forces Hydra and high final because I'll be using a complete playlist I mean sorry because I'll be using a complete uh list of the IP of the usernames because I'll be using a complete list of usernames and I'll be using hyphen capital P as a flag because of complete list of passwords okay and after that you just give the IP address of the target machine and the service that you want to brute for so I want to Brute Force FTP Service so now we'll be giving the username list and password list [Music] so uh we'll be using the common password list that is present in our host machine that's a user share in word list we'll go for Metasploit and there we have a number of options so let me demonstrate you you just uh don't think that how we are supposed to know that what exact word list is used in this scenario to demonstrate you I am using a specific word list but in your case you'll be given okay so don't panic about that it's very easy exam uh you can crack it easily so uh of course I was showing you that what options do we get so for the word list we'll be using the common users txe file uh where we have a list of curated common users so we'll be using that and for the password file we'll be using um we'll be using Unix password.txt okay so let's get started and let's see whether we are able to Brute Force any valid login credentials or not so for the username I will be using the common usernames okay and for the password same user share word list matters flight after that we'll be using Unix passwords right passwords not txt file so this is the complete syntax Hydra hyphen l the usernames password list hyphen P the password list and after that the IP address on which we are going to do the FTP login brute force and the protocol that we are going to put for so for FTP we use FTP and for SMB we will be doing the same for SMB SMTP we just need to manipulate the protocol or the services that we want to uh enamor it so let's hit enter and let's see whether we are getting something in response or not [Music] so okay I started brute forcing and we can see that we are getting a login credentials that is valid the first one is system admin and we got password for the uh respective user that is system admin and for root create Square t demo for butterfly auditor for chocolate and let the Hydra do its work and let's see how many valid credential we can get to login into this application so let's see how many Mallet credentials we can get to brute force uh the FTP login credits so we get to know that we have one two three four five six seven we have seven login credentials okay so as I already told you that uh but first let's copy it so that it will be handy for us later on and in your uh during our exam as well uh it's a tip from my end that you just copy the credentials what you get so that you did not so that you do not have to do it again and again for others questions as well okay but there's a possibility that there will be different scenario and user login credential so you have to do it but consider consider it as a best practice so let me open Notepad to copy down things so we get the credentials here and after that we'll be logging into the FTP so let me clear the screen and as I already told you when we have to login uh we just give the FTP and the IP address of the okay sorry clear okay so we just have to give the IP address and uh let me paste it TP and we want to login as system admin and the password is six five four three two one okay fine so sys admin is the user and the password is six six five four three two one so we can see that we have successfully logged in and let's see what we get here we get a file that is secret.txt and uh this is kind of important that you must be aware that how to download a remote file into your host machine uh I saw that many of the people were struggling that maybe maybe they have used a different command to download it so you can use the get command or the download command so get and secret.txt file we can see that the transfer is complete and it is in our local machine so let's exit and let's do LS and we see that we have got a secret.txt let's get it to see what is present inside it so we got to know that there was some secret and this is the secret the same way you will be getting the scenario and you have to just copy the secret and just paste into the answer block the same way that you used to do in pry hack me or the hack the Box scenario so that's all about the FTP enumeration and let's and let me summarize that what we learned we learned that what actually is FTP and what it is used for so FTP is actually used for sharing the files and we also saw that how we can do that we shared a secret.txt file from my remote machine to our own machines right we also saw that how we can root force it and we successfully Brute Force FTP Service and we got seven valid login credentials we can use these credentials to uh log into the remote machine and fetch the data or fetch the flag and submit it so let's get started with another protocol enumeration [Music] [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you foreign [Music] [Music] [Music] [Music] [Music] thank you [Music] [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] foreign [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] foreign [Music] thank you [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] foreign foreign [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] foreign [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you foreign [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you foreign [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] two times [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] [Music] foreign [Music] [Music] [Music] [Music] [Music] [Music] thank you [Music] so now we'll be enumerating the net bias enamoration which basically stands for Network basic input output system and it utilizes basically port number 137 138 and 139 for NB name and NB datagrams for NB name we can say that for TCP udb we can utilize the same port 137 according to our configuration and for NB datagram we'll be using Port 138 over UDP and for NB session we'll be using 139 over TCB so this protocol is basically used for accessing shared resources files and printers over the land and communicating between uh different computers over the land so let's see it practically that how we can enumerate net bios it is not considered to be very important for the examination but in case I'm [Music] letting you know that how you can enumerate net bios if it is asked in the examination now let me check my IP Okay so we'll be enumerating uh some IPS which we will be running the net bios so let me incorporate and clear it oh let's check that what IPS are present in our Network we'll be using the wild card for this and we discovered that dot 3 is an I here is an IP address which is ending with uh dot three in the last octet so we'll be enumerating this uh get the screen and map chapter 3.3 [Music] and for enumerating uh net bios we have different flags so the basic flag or the first flag that we would utilize is the iPhone SV for knowing the exact versions and if we want to get our Bose mode it totally depends on you but it is not required so I'll be not using hyphen V flag for the buzz Bose mode the main thing is we'll be using the NSC script for enumerating so script and the name of the script is and we start so and we start dot NSC and our Target IP so this is the command that we'll be using to enumerate the net buyer service so let's get started and see what we get in response [Music] okay so we got to know that net bios is running on Port 139 and when you show when you see that uh there is a net biosis and over 445 so uh let me tell you that when we can use we can use uh Port 445 as well uh using the SMB service but in that sometimes we can manually or the network admin can manually configure the use of net bios in it or it can exclude it as well so for but for this lab uh what we focus is that we wanted to know the group of this IP address so we got to know that the work group of this host is Recon labs and after that host script also gives us some result that NB name is sambaricon and we are not aware of the NB users but we are aware about the MAC address of this host machine so that's the only thing that will be able to uh record or enumerate for this net bio service so that's all about this video and this is the conclude of everything regarding to the service enumeration so we have covered uh all these services that is the required or can be asked during the examination that is the FTP SNMP SMB RDP and net bios so I believe uh nothing will be asked out of this scope but it depends on you as well that if you want to dig more deeper into this protocol and how to enumerate it and what is the actual working then you can go uh learning the concepts of these services so that's all about this video guys and keep loving keep supporting your subscription is very important to me keep sharing my videos if someone is preparing for CS practical you can share with them and uh and I'll be bringing another video as on day three we'll be working on the pcap analysis or traffic snipping so we'll be back with that video uh just be follow along with me and let's crack CS practical and that's all about this video thanks foreign [Music]