Transcript for:
Practical Ethical Hacking Course (Part 1)

hello and welcome to this 15 hour edition of the Practical ethical hacking course my name is Heath Adams and I'm going to be your instructor for the entirety of this course okay quick edit so you might be looking at the YouTube video and seeing that it's only seven plus hours that is because YouTube recently implemented a rule that we can no longer have videos over 12 hours so I had to split this into two parts I had to add this edit in and go back and re-render everything so this is officially part one and we'll go through part one and then I'll have a link in the description below for part two so without further Ado let's Jump Right In A really quick who am I again my name is Heath Adams and I am the CEO of TCM security we are a cyber security consulting firm and an educational institution on a day-to-day basis we primarily focus on what's called ethical hacking that is where companies hire us to try to hack into them to find vulnerabilities and let them know of any security issues they may have before the bad people find those on their own that could be breaking into a network a web application wireless network mobile applications thick client applications Etc I can even be breaking into a building which is called physical pen testing there's a lot of different types of hacking out there we're going to cover quite a bit of that in this course now hacking is such an interesting field because you don't have to necessarily come from an I.T background I'm actually a former accountant and I just fell in love with hacking and I know people from all different walks of life we have somebody that works for us that used to be a mayor I've seen doctors I've seen pharmacists I've seen all different kinds of weird backgrounds come into ethical hacking so if you're watching this and you really don't have an I.T background a formal one that's okay as long as you have some basic computer knowledge some basic networking knowledge that's all you really need to succeed in this course we're going to hold your hand the entire way through and make sure that you get and understand everything that's presented in front of you in terms of the qualifications I've listed my hacker certifications that's not all the certifications but those are the ones that are relevant maybe make me an expert whatever I've also listed my social media if you want to follow me on LinkedIn or follow the company on Twitter follow me on YouTube I would love if you just hit subscribe right now before we even get started or you want to wait till the end that's perfectly fine as well we're making our way to a million subscribers and you could be a part of that and I would absolutely love it if you did we also have some sites we have our Consulting site which is just tcm-tech.com we've got the academy which I'll show you here in a second we also have certifications site now before we dive into things you might say to yourself this course seems familiar and that's because it might be last year we released a ethical hacking course in 12 hours this year it's up to 15 hours last year that total of you has got 3 million views in 11 months which is great it hasn't even been a full year yet and we taught quite a bit of lessons in here you can see all the different lessons we taught in here so you might say hey what's the difference between this 12-hour course and the 15-hour course while there's quite a few differences three hours to be exact but even with the three hours of time difference we went through a lot of this in for example in the Kali Linux section that's been completely redone the python section has been completely redone so a lot of these videos and tools and ideas have been brought in into 2023 methodologies so not only are there three hours more but a lot of the videos and content have been recreated for 2023 specifically to make sure that this is up to date and fresh so you're getting a brand new courses this is the latest and greatest now this course is actually an extension of a 25 hour it's pretty close to 27 hours now of materials that is on our TCM Security Academy website and this is the only time I'm going to try to sell you on anything throughout the entirety of this 15 hours so I just ask for one minute of your time this course takes the first half the 15 hours takes the first half of what's in here if we scroll down to the curriculum we actually have all the first half here you'll see this if you actually came to the website it's the exact same thing you're getting in this course this goes all the way through the Capstone and the buffer overflows here and that is a great stopping point we'll go to the Capstone we'll go through it it's a great Midway point to test your skills if you get through the Midway point and you say hey I really like this I want to get the rest of the course we have even more stuff in here we have active directory which is one of my favorite things to pen test against and I would say it's the best part of the entire course we teach that we cover quite a bit of this all this is on active directory right here we cover more post exploitation we cover web app pen testing application pen testing we get into a little bit of Wireless testing and legal documents and all that fun stuff so the 15 hours that's here it's a great great resource it gets you started if you love it you love our instruction you want more this course is 29.99 all of our courses in fact on the academy if we go over here they're all 29.99 so if you're interested we have an all access pass that gives you access to everything we've got courses on Linux python we've got courses on privilege escalation osin external pen testing all different kinds of stuff in here if you're interested in that I just encourage you to check out the website you don't have to buy anything this is completely 100 free if you just want to stick with the 15 hours last but not least this course does lead to what is a certification we have a certification called the pmpt it's the Practical Network penetration testing certification I'll link it down in the description below it's a one-of-a-kind certification you go through you try to hack an organization you write a report you present a debrief and the good thing about this is it gets you job ready for the field so if you can get through this certification you actually go look for the pmpt on LinkedIn or indeed you're going to find this on job postings so this course 15 hours of this is part of a 50 hour curriculum that we have and so if you feel that hey I really am interested in this field and maybe I want a certification consider looking at the pmpt as well and that's really it we're gonna end here salesmanships over please enjoy this 15 hours if you do please like comment subscribe all that fun YouTube stuff let's go ahead and jump right into this course I'm so excited to teach you in this 2023 day Edition all right I hate PowerPoints but I love this template I don't know what's so cool about it it's all the colors I think so welcome to a day in the life of an ethical hacker 2022 edition let's talk about a pen tester's day to day and I'm going to highlight this at a very high level so what we do is we roll out of bed hopefully we wake up in the morning and we kick off our day and now our day can be performing an assessment and we're going to talk about the different assessment types that are out there it could be writing a report it could be giving a debrief or a collection of the three when we perform an assessment we're talking about different types of pen testing or ethical hacking and we're going to cover the most common types we'll talk about some other types as well once we perform our assessment we need to write a report we deliver a report to our client that report then gets digested and eventually we give them a debrief if they want one and we talk about our findings and so we'll cover this whole process from start to finish let's talk about the different types of Assessments that we could perform as an ethical hacker now the first type of assessment I want to talk about is what is called an external network pen test and one of the questions that we ask people when we're doing phone screens and baselines on interviews is we say hey can you tell me what an external pen test is versus an internal pen test and honestly I would say at least half the people get the answer wrong so make sure you're paying attention and you take notes because this may come up on an interview now an external pen test is probably the most common type of pen test that we perform if you just got hired as a penetration tester and you're brand new to the industry it's likely they're going to start you out doing external network pen tests these pen tests are the most straightforward and something that a junior could take on and work through and build up some experience and or confidence as they go through their process so an external pen test is looking at an organization's security from the outside this could to be us trying to hack in from our mom's basement or from another country or whatever it might be whatever scenario plays out in your head that's what it could be you're trying to hack in from the outside the methodology for external pen tests focuses heavily on what's called open source intelligence gathering or oh send we're trying to gather as much Intel and data about an organization who are their employees what is their email format have they ever been involved in a breach can we find out what passwords were in those breaches can we collect data and then use it against that organization to reach a login panel or breach the VPN or get into an area where we otherwise would not be allowed into now why do we focus so much on open source intelligence well because this is an external assessment you have to think about the internet as a whole there are Bots scanning the internet 24 7. if you don't believe me try putting up an SSH server or something similar and leave it up for 24 hours and see how many login attempts you get on that server it's a lot Bots are scanning all the time so what does that mean for us well that means that if we do vulnerability scanning and we find something that is incredibly dangerous well somebody's probably already found that as well so the chances of us finding something like remote code execution where we can land on a machine externally without doing a lot of work it's pretty low usually organizations have their external networks buttoned up from a patching perspective so what we're really looking at is the Intel that we can gather where are the login panels who are the users and how can we use that against the organization now this is the most common type of pen test that organizations do in my opinion for two reasons the main reason is that a lot of compliance organizations dictate that an external network pen test must be performed annually that is not true for the rest of the pen test though some compliance organizations might dictate other pen tests the external is by far the most common the other side of this is external pen tests tend to be a little bit cheaper than the rest of the assessments depending on the size and scope of the engagement and a lot of organizations like to dip their toes in the water before going and doing more assessments with a security firm so they might test you out and say hey let's do an external pen test we'll see how it goes we like you we'll hire you for more stuff so between those two reasons we see a lot of external network pen tests more so than anything else in my opinion now these pen tests tend to last around 32 to 40 hours on average though if you have a very large engagement that can go a lot longer or if you have a very small company and you're looking at one IP address or five IP addresses and 10 employees it's probably not going to take you 32 hours to do that pen test maybe somewhere in the 8 to 16 hour range we then tend to add another 8 to 16 hours for report writing and we'll touch base on report writing towards the end of this video so moving on is what is called an internal Network pen test this is assessing an organization's security from the inside of the network this means that we somehow breached the perimeter perhaps we sent a phishing email and somebody opened our email clicked on our link and now we're inside the network or maybe we broke into the building and left a dropbox behind whatever scenario in your head you want to play as well you can do that what we do on our end is we typically send a laptop out to the client the client plugs that laptop in and we are able to remote into that laptop and perform a network assessment as if we were sitting inside the office this is why a lot of work nowadays is remote because we don't have to be on site anymore to do internal pen tests now the methodology for an internal penetration test focuses heavily on active directory now if you don't know what active directory attacks are you absolutely need to learn those in order to be a successful internal penetration tester and it's one of those things that a majority of the organizations that are out there use so I believe the statement that I read once was 95 or 99 don't quote me on this by the way of the Fortune 500 companies use active directory in their environments and I honestly think that this number is way closer to 99 than anything else every single internal pen test I've ever done with the exception of one client one very small client has always been on active directory so you need to understand active directory methodology in order to perform an internal Network pen test these typically last 32 to 40 hours though they can run a lot longer again depending on the size and the scope they don't typically run shorter though I have seen them run 16 to 24 hours if the network is very small but there is a checklist that we have to run through that is usually in the 32 to 40 hour range and just like external pen tests we tack on another 8 to 16 hours for report writing now the third type of assessment I wanted to talk about is a web application pen test this is probably the second most common I wanted to group the external and the internal pen test together but you have to think about networks nowadays versus web applications there are websites everywhere there are more websites than there are networks if we're just counting websites to business networks there probably are more web sites to home networks as well though I'm not entirely sure of that I would argue that the answer is probably way more websites than home networks so with that there's a lot of attack surface that's out there so organizations will come to us and they'll say hey we need a web application pen test this can be dictated Again by compliance perhaps stakeholders want to see this or maybe the client is very interested in the security of the application and wants to make sure that it is very secure before they launch their application now the methodology focuses heavily on web-based attacks obviously and the owas testing guidelines so oauth stands for the open web application security project you've never heard of it Google it it's a great resource they have testing guidelines for not just web application but mobile as well they have how to test how to defend how to prevent all kinds of great things and we follow their testing guidelines pretty exclusively if you're ever going to be a pen tester and you want a pen test against web apps you you for sure need to know what the owas top 10 attacks are because you will be asked those in an interview now these engagements last typically 32 to 40 hours and that is pretty much the minimum we have a very thorough checklist that we have to go through when we're doing a web app pen test and I would say it pushes closer to 40 hours than anything else unless it were a very very small and specific web application they're almost always in the 32 to 40 hour range with another 8 to 16 hours for report writing another Common Assessment that we are asked to perform as pen testers is what's known as a wireless pen test or a wireless network pen test and we're assessing an organization's wireless network security so the methodology will vary depending on what type of wireless network is being used for example if they're using a guest Network we might log on to the guest Network and test segmentation can a guest access internal resources or is the network properly segmented if they're using a pre-share key which is what's common in most household and we might test that pre-share key for password strength and see how strong the pre-shared key is and how strong the password is if they're using enterprise-based network then we open ourselves up to a variety of new attacks as well so our methodology really changes depending on what is being used now Wireless pen testing is fairly straightforward you can look up the methodology online find blog posts about it you just need a wireless network adapter that you can honestly pick up for 30 to 50 dollars at most and I'll leave a link in the description below to my favorite wireless network adapter but you can just pick one that is compatible with your machine and that will work and do packet injection it's honestly where a lot of hackers start this is where I got my start before I ever learned about real pen testing or anything I went and bought a cheap wireless adapter and I started just hacking my own network and some devices that I had laying around at the house and I learned how to hack wireless pretty quick so it's one of those things that kind of gets you excited it and gets you into the hacking mindset and kind of teaches you some of the wireless assessments that are out there and I think it's pretty fun as well now these typically last about four to eight hours per SSID so if we're testing two ssids we're probably looking in the 8 to 16 hour range and then typically another two to four hours for report writing all right the last thing I want to touch on in terms of Assessments that we do quite a bit are physical pen tests and social engineering assessments so when we're doing a physical pen test we're assessing an organization's physical security and our methodology is going to depend on the tasks and goals that are at hand that are given to us by the client so if we're doing a physical pen test we are going on site and we're trying to break into the building that can be through cloning badges that can be through social engineering that can be through picking locks there's a lot of different scenarios that are at hand there now that methodology again depends on what we're up against and it also depends on the client's goal the client might say hey we want to see if you can just even get in the building or they might say hey I want you to get in the building and find our server closet and take a picture of yourself in our server closet we want to see if you can make it there so there's typically some goal behind why you're breaking into a building but it is legal breaking and entering and it's pretty fun and pretty exciting if that's your jam and there's a lot of social engineering involved in that so it's very very fun engagement to do the other side of this is pure social engineering and what I mean by that is doing something like a phishing campaign against an organization and we might actually do a phishing campaign in combination with an external pen test so we might combine those together though often they're left apart we might do something like a fishing campaign where we call people and we say hey I'm from I.T can you give me your password or I just sent you a code to your account can you give me the code that I just sent you we might do a smishing campaign where we send text messages and see if anybody responds back to us there's a lot of different social engineering that's out there and we have different campaigns that we can run in different engagements depending again on the client's need now the great thing about this is social engineering and physical pen testing offer a lot of learning opportunities and training opportunities for example when we do physical pen tests we wear cameras on our hip and we record everything that we do not just for our liability but also for teaching end users at the end of the day we'll cut that video have a Lessons Learned here's the good things they did here's the bad things they did and they can walk away with a way to improve moving forward the weakest element of any organization is going to be the human you can have a great environment great policy security everything set up and all it takes is one really nice person to hold the door open for you and that can lead to catastrophic events so social engineering again is a very important part of security and it's one of my favorite things to assess when I'm doing this type of work now again these can last anywhere from 16 to 40 hours maybe even more depending on the engagement that you're on plus another four to eight hours for report writing again maybe more depending on the scope of the engagement that you're working now these aren't the only assessments there are other assessments that we might perform as a pen tester these tend to get a little bit more specialized and you might have to take additional training in order to learn this type of stuff but these are things that we perform at work and you may end up performing as well so we have mobile penetration testing it's a lot like web application penetration testing in the sense that you're testing against an application except it's on a mobile device so iOS or Android and then there's specific methodology and techniques related to those operating systems you may have iot or Internet of Things penetration testing and somebody might send you something like one time we got sent over a pressure cooker that was a wireless pressure cooker and they wanted it pen tested so we had a lot of fun doing that there's red team engagements which are kind of sort of like pen testing but not really what I say pen testing I think of banging at the front door where red teaming is trying to sneak in in whatever creative way you can so a red team engagement might say hey we want you to hack our company you've got a month or six months or a year and we don't want to hear you we don't want to see you we don't want to know about it just let us know if you can hack into us in these types of engagements the methodology can be anything depending on what is allowed in scope usually it's pretty open in the scope I've heard a red team sending people to the client location and they might even live there for a little bit they might befriend some of the employees try to become buddy buddy learn some internal Secrets maybe get a password slip them a thumb drive they might do all kinds of social engineering engagements it's very very custom and unique to the client and Depends again on the scope which is usually pretty wide and what they can and can't do so red team engagements are pretty awesome but they're also incredibly stealthy where pen testing is very time Limited in the sense that we might only have a weak engagement we're going to know the IP addresses we're going to know our scope and we're going to have a set defined limitation in front of us where red team doesn't have that as much now a purple team engagement is something that you might do tabletop exercises and things like that where you as a red teamer or being offensive and working with a blue team or defensive you work together and that makes purple and in that sense you might tabletop and say hey I just ran this attack do you see me in your network I just ran this other attack do you see me and you try to establish a Baseline and you can see Hey where's the detection at where is the detection weak and how can we improve detection mechanisms within the network it's usually a bit of a more mature process an organization that's never gone through a pen test before likely isn't just going to jump right into a purple team engagement but it is something that more mature organizations do in order to improve their baselines and improve their detection mechanisms internally now I've covered just a handful of the different types of pen testing engagements that you can work on there's car hacking there's airplane hacking there's scada hacking there's all kinds of really cool stuff out there that you can do I discovered the most common items but you can absolutely specialize if that's something that you're interested in now with all the fun of getting to do assessment work there comes the downside of report writing and debriefing I actually enjoy doing both and in order to be a successful consultant you really need to be a three-headed person in a sense you have to be really good at technical abilities you have to be really good at report writing and communicating effectively not just to a technical audience but to a non-technical audience and you also have to be good with presentation skills in the sense that you need to present your findings to a technical and non-technical audience so with report writing we typically deliver a report within a week after the engagement now that report should be high level and Technical so we have what's called an executive summary for non-technical people think about a CEO who might not be a technical person if they're going to read the report it should still be Crystal Clear what the issues were and how they should be fixed and that's what the executive summary is now we have a technical findings section and that's for the people doing the work maybe the security engineer the network engineer or the web app developer depending on who you're working with it can digest the findings they can say hey here's what they found here's what tools they use here's how they were able to do it and here are the recommendations for remediation now recommendations should be incredibly clear you should have high level recommendations like hey patch this and you should have technical recommendations as well that says hey go to this website here's how you would install this patch etc etc so depending on your audience you want to make sure that you're communicating effectively to both of them and for a lot of new pen testers this can be an incredible struggle it's one of those things that you write a report you get beat up on it in the QA process and you just get better over time and it's just something that is kind of passed down and you learn as you go so don't be worried if you're not great at report writing just make sure that you understand that if you're going to do this job you will have to write reports and you will have to get better at it as you go last but not least is the debrief process now a debrief walks your clients through your report findings and again this should be non-technical and Technical as well you may be sitting in a room with a CEO and a network engineer you might be sitting in front of all technical people you might be sitting in front of all c-level non-technical people so you need to make sure that when you are presenting your findings that you can explain it at a high level and a technical level as well I've seen many people struggle with this all right I've had I've been in one situation I remember that I was in a debrief with a co-worker of mine this was years ago and he was very much struggling to communicate he was giving very technical in-depth details about what he was Finding and the CEO kept stopping him and saying I don't understand what you're saying so we had to do a little bit of translation because he really wasn't great at the debrief process yet he was still fairly new and it's one of those things that if you're going to be an effective consultant you need to be able to do both now the debrief is important because it also gives the opportunity for your client to ask any questions about the findings that you have and address any concerns as well so maybe there's a finding that they want to challenge or they want more information on it gives them the opportunity to do that because when we give them the initial report the report is a draft after the debrief or if they choose to not have a debrief we finalize that report so the debrief is the last opportunity the client has to understand what you're presenting to them and to ask any questions or address any concerns so it's a very very important process alright hopefully that was informative for you if you're looking to become a pen tester you should know at a high level what these different types of assessments are and you should know what you're getting yourself into because a lot of people think oh it's fun and games I just get to go hack things and yes that's a lot of the job but a lot of the job is also doing report writing and doing debriefs in front of our clients so if you're not strong with report writing or if you're not strong with your presentation skill cells you may have some time on The Struggle Bus before you get decent at it alright so make sure that you know coming into that that those are things that you're going to have to be doing and that you're comfortable doing those things as well so before we begin in this course and we really start to dive in it's important to cover one of the topics that I'm going to harp on the most which is effective no keeping if you're going to be successful in your career and you're going to be successful in this course you really need to take good notes now in this first video I'm going to show you what my notebook kind of looks like not only for my personal notebook but as a notebook for an assessment and how I might take notes for an assessment and then I'll also show you some note keeping applications that I prefer or I've heard students prefer in the second video we're going to cover how to install one of the applications and another cool application used for taking screenshots so let's take a look at my notebook first so here is my notebook and actually let's click over here so this is my notebook and you can see it's really long it's got all kinds of stuff in here and it's just something that I build upon this one in particular is actually only geared towards active directory so I have a few different notebooks this one is active directory and it's actually a few different courses that I've taken in the past that I've kind of put together and then just for assessment work etc I just kind of have a little cheat sheet here so I wanted to show you this one in particular because these were built off of courses and you're going to be working through a course so kind of just get an idea of how maybe to structure it so here you can see I structured it and I've got different modules here where okay module one might have had this email macro fundamentals module two two here has all these different uh components to them right and we have we have our notes then we have child notes and even sub children to those child notes and I'll show you how to create that here in a second but let's say for example enumeration which is one of the most important things that you're going to cover in hacking and we take a look at enumeration you don't have to understand what any of this means here but you could see if I want to look at a domain and I want to get the current domain that I'm on here's the command I run and here is a picture of what it looks like and here's what comes back when you run that command that's great that's what I want to see and I have a whole list of commands for all these in here right so if I'm confused on a assessment and I want to go and find a command that I'm not sure of I can go to my little cheat sheet here now again this is really long so you have to create your notes the way it really helps you for a course I think it's good to write it all out step by step like this and then go back and make a cheat sheet I don't need this pictures anymore I've been doing this for a while so maybe I just say hey get current domain is get net domain and then I say hey okay get object of another domain here's an example of it I don't need the pictures because it makes it really long but as an example and over time you learn with the pictures as well at least I do so let's build from that here is an example of an actual assessment that I did for a client and you can see how I did this now I did an external internal and web application assessment for this client and these were the findings now I'm only going to show you what is Master obfuscated already or doesn't reveal client information but as you can see here one example is on the internal they had something called SMB signing disabled you don't need to worry about it but here in my picture I've got a nice picture the picture has highlighted it says Hey message shining disable that signifies SMB signings disabled and it has the IP address so we identified the machine and we give proof of concept that this SMB signing is disabled here another example ms-17010 these are both internal exploits that you're going to encounter in this course here's one I check this machine it says hey this Target's not patched now this is one I didn't exploit but it shows that it's actually vulnerable to this attack so these are a couple screenshots that I'll put now your notes could be different than mine how I organize is I take a screenshot I put it in here and then I make sure that I have at least the IP address and the screenshot for reference because I'll remember it but if you need to go in here and take detailed notes that's absolutely fine as well you always want good notes for your assessments because you never know if a client's going to come back in six months or even a year and say hey what was that one thing that you did here and if you go back to your notes you say oh you know I did this and some people get down really into the weeds they have dates times everything for step by step what they do on an assessment and that's completely up to you and how well you take your notes this is kind of how I lay it out and then you see the green check marks next to it I add those green check marks when I'm doing my report so as I'm building my report out and I cover something in the report I'll just go ahead and right click and I'll change the note icon to a check mark meaning that I've written that part of the report for that finding and we just kind of go through over time so with that being said I do want to show you some decent applications the one that I'm using here and that you see is called keep note now I run on Windows as a base so keep note.org that's how you get keep note it is for Linux it is for Mac OS X but this is totally a preference thing me I prefer I've been using it for a long time some people don't like it okay so I'm going to offer some Alternatives as well cherry tree comes built into Kali Linux as you're going to see here in just a little bit worth looking at worth trying seeing if you like it one note's another example if you use Microsoft and if you're a Mac User a lot of students have told me that Joplin is really good now I've never used this but I keep hearing great things about it so what I'm going to do is I'm going to put all of these into the course resources and you'll be able to look at them download them decide on your own now you're not limited to these four no keeping applications by any means feel free to use whatever you like to take notes if you want pen and paper that's great as well and so just make sure that you're taking good notes and we're gonna we're gonna harp on this throughout the entire course over and over and over again so make sure you're taking good notes so from here what we're going to do is we're going to install keep note in the next video and we're going to install an awesome tool called greenshot I'm going to show you what greenshot does and why it's so cool and I can cannot live on any assessment without it so let's catch you over in the next video when we work on installing those tools alright so in that example in the last video we talked about using keep note so if you go to Google and you type in keep note all you got to do is come here and keep noteworks on Windows Linux and Mac OS X so great great tool the only issue with this tool is it has not been updated in a long time some people find issue with that if you're one of those people I'm actually not you can use other tools OneNote is an option cherry tree is also an option you can also find other options out there for you if you have a favorite note-taking tool already that's absolutely fine as well just make sure to take good notes especially during this course and make the most of it learn all the things that you can and incorporate that so I will show you quickly how to install keep note here and another thing note too is while we do this is cherry tree is available on Cali Linux we're going to install Kali Linux here very soon so once we install Kali Linux and we get into the introductory Linux and we explore it I'll show you a little bit more of cherry tree and what that looks like and we'll talk pros and cons of cherry tree when we get there so here we go if you are on Windows you can follow along or you download your appropriate one here depending if you're on Linux or if you need Mac as well so I'm going to go ahead and install the exe and I'm just going to actually run this we're just going to say yes and I'm going to say next next install and that's it that I mean it's it's that quick and then we just launch Keep note and here you go we've got keep note so the other tool the really cool tool that I love this one is called Green shot now this is a screenshot capturing tool so let's go to downloads here on greenshot if you are running on something other than Windows you're going or Windows or Mac so basically Linux you're going to need a different tool the recommended tool that I've heard out there is called Flame shot f-l-a-m-e though I have no experience with it I've heard it is identical to Green shot so here I'm going to download the latest stable I'm going to select run yes okay accept the agreement give away our firstborn next next next place it however you want I'm just going to next through everything and I'm going to start green shot with Windows start that is my preference I love this tool again so it's finished all right let's take a look at it so it should be running let's start greenshot now okay now you see it running down here on the bottom okay let's let's go let's open up a web page let's say we want to take a screenshot of something now you just hit your print screen button and this nice cursor gets brought up here and let's say we wanted to take this downloads part right here we're just going to capture this and now we have choices we can just save the image that we just grabbed or my favorite is that we can actually just open an image editor right so let's open this in their image editor look at this okay so here's the picture we just grabbed right on top of this really great tools let me show you two that I use always so I come into effects I put a border on it let's say that you have like a Kali Linux and Kali Linux if you've never used it has a black terminal it's really nasty so let's imagine here that it's black it's nasty when it comes to reporting so let's imagine that we're in this situation and we're writing a report and we've got this black background similar to this well you can see what I just did I just inverted it and I do this for all of my reports I invert the Cali background so that way it's white and that way it looks nice on a report and when we get into the reporting you'll kind of see what that looks like but I like a nice clean background it saves on ink as well if they were to print it and it's just nice and neat when you give it to a client so I always invert my images if I need to you've got the black border here another thing is let's say you want to point something out you saw in my keep note notebook that I had a highlight you can just click that button up here and just highlight something like right here great another tool that's in here is this officegate so let's say that there's like a password or something really sensitive in here that that you don't want the client to see or you don't want to be reveal on a final report you can do that and then you can just like up the pixel size on this and make it really blurry you know um so it's a really really great tool and then when you're done you can copy it to your clipboard you can save the file I just usually like copy this and if I want to go paste it like you know make a new notebook or whatever I'll just paste it in my keep note and just kind of go from there so again fantastic tool awesome to use if I had two recommendations for your note keeping it's keep note and green shot if I had to make one recommendation of the two it's absolutely green shot you can be flexible on your note keeping tool so again hopefully this helps you again again please do take good notes of this course you're going to find yourself wanting to know hey what was that command I ran again and because we're going to go through so much stuff by the time this is all said and done that you're gonna want to remember it so please take good notes so from here let's go ahead and move on into our networking refresher and we'll catch you in the next video hello everyone and welcome to this section on networking so this section is titled networking refresher meaning that some of you might have a networking background and if you're looking at this list that's on the screen and you go down the list and you say yep I know all those you can feel free to skip this section if you've taken some of these in the past and you just might want a little bit of a refresher on them then this section is for you we're going to cover these topics not totally in depth but we're going to use it as a way to brush up and then we'll hit on networking again when we get into introductory Linux so if you are unfamiliar with things like TCP UDP in the three-way handshake or if you're subnetting is a little shaky or you don't know what the OSI model is chances are you should probably stick around and just click through this series watch it and build that Foundation remember we talked about one of the core foundations of pen testing being a strong networking background this is a good way to build it up remember what you might have forgotten and go from there so let's go ahead and just jump right into the first video which is going to be IP addresses what's up everybody so I'm gonna preface this video really quick with that it is raining pretty hard here so if the soothing sounds of the rain put you to sleep during this video and you can hear it I'm very very sorry but the show must go on so what we're going to be doing today is we're going to be talking about IP addresses now if you've ever used a computer before and you're any anywhat familiar with it you probably know what an IP address is but I want to take this a little bit deeper in in theory on why we use IP addresses what types of IP addresses are out there and talk more about protocols and how IP addresses are actually designed and made up so I'm here in a Cali terminal and I'm just going to type in a simple command and that command is ifconfig now if you've used Linux before this might be familiar to you if you used windows it's similar to ipconfig all I'm trying to do is bring up my IP address so what we can see here is that we have an IP address which is our inet this is my IP address here I also have another IP address this inet 6. this is what's called an IPv6 address so we've got this inet which is considered an ipv4 in this inet 6 which is considered an IPv6 now you can notice right away that there's two different types of notations for these this inet here is in a decimal notation and the IPv6 is in a hexadecimal notation we'll get to the importance of that in just a second so when it comes to IP addresses this looks probably pretty familiar to us this is an IP address this is how we communicate we communicate over layer three and you're going to hear me talking about layers repeatedly throughout the course or at least throughout this part of the course so that we can get familiar with how we're actually doing this so I want you to be familiar with troubleshooting these layers and these layers all refer to something called The OSI model so when we we talk about layers we think about the OSI model and I'll introduce the OSI model here in a few videos and it should all click once I introduce the OSI model so if I brought in the OSI model up front it might be boring might not make sense so I'm going to introduce the OSI model near the end and you're going to say hey yeah that all makes sense so what we've got here is we've got this ipv4 address and this is the most commonly used format that we use today right we use ipv4 for mostly everything and again this is in that decimal notation so when we see this decimal notation it's just a realistically a bunch of ones and zeros that are put together so that we have this human readable format realistically all we're seeing here with 192 this first this first section here this first octet is actually just a bunch of ones and zeros it's eight bits so we've got a range of eight ones and zeros here we've got another eight here eight here and eight here so when it's all said and done this inet or this ipv4 is made up of 32 bits eight plus eight plus eight plus eight here and which equals four bytes so another way to think about that is to think about it as say something like this one two three four five six seven eight period period okay that is one section there so we've got eight ones that can make up this and then we'd have another eight Etc not gonna be the dead horse here but I do want to give you guys another example so if we go into our applications and we go to a text editor really quick so the way this looks is something like this we start with a number like 128 I'm gonna try to space this out as best as possible and all I like to do is think of 128 as my base and this will make a lot more sense when we get into subdending so please if you're confused by this don't worry this is all Theory right now when we get into subnetting and we get Hands-On it'll make a lot more sense I promise you so let's say we have ones and zeros here if we have a one for each of these sections and I'm going to space this out again as best as possible it's not pretty but if we have a one for all these this equals 255 why does this equal 255 will you take this and all these numbers add up one plus two plus four plus eight all this adds up to 255. so let's say if we didn't have all the ones and zeros we had just someone's enabled like these last three here okay well this would equal seven because we have four plus two plus one equals seven so our first number or whatever number this applied to in the octet would be seven so if we had 7.7.7.7 it would just be this numbers repeating over and over these numbers repeating over and over right so uh be zero zero zero zero one one one dot zero zero zero zero one one one and so forth so this is kind of what it looks like behind the scenes because again a computer is just ones and zeros we're all binary so what we're going to do is we're going to close this out we're going to talk a little bit of other Theory when it comes to this and why inet or IPv6 and why ipv4 so let's close this and let's talk about ipv4 so I'm going to bring up a calculator and with ipv4 we have these 32 bits so what we can do is we could take two to the 30 second power and this is the possible amount of IAP addresses that we could have so we have somewhere in the four billion range of IP addresses well spoiler alert we don't have only four billion people on earth right we're up to seven something billion at this point and all these IEP address spaces are gone so ipv4 has been around since 1981. nobody thought we were ever going to use all these addresses uh computers weren't really a thing who knew that we were going to want all these addresses and you know uh these companies started buying them up and they started buying them up in large chunks and then they sold those to isps and then isps sell those to you and so these IP addresses have been gone for a very very long time and uh chances are when you when you have an IP address and you get this ipv4 you're only going to get one if your corporation you might buy it more but we've run out of IP address space there's just not enough to go around so the theory is okay let's come up with something different let's come up with IPv6 now this hexadecimal mole is actually in 128 bits which makes things just a little bit longer and adds quite a bit so let's take this 2 to the 128 power and we get a number that I cannot tell you how to say not even going to try but I can guarantee you that in our lifetime we will never use this address space so we've come up with a solution of IPv6 but nobody really uses it IPv6 is just a thing that's that's there but when we we get IPv6 addresses a sign but still to this day everybody's using ipv4 well how how is that possible if we're using ipv4 but we're out of address space well think about this we're using something called nat which is Network address translation now let's think about your network so you might have a cell phone or computer or multiple devices my network has at least 20 devices on it I've got I've got cameras I've got multiple cell phones Smart TVs everything that connects to my internet gets an IP address and that's 20 IP addresses right there right so let's say I have 20 devices that's 20 IP addresses am I taking up 20 IP addresses out of that 4 billion no we're actually using something called Network address translation or it's called nat for short and we'll talk about this again when we we set up our actual lab but with Nat what we're doing is we're assigned these private IP address spaces so we've got this 192.168.57.139 now if you've ever seen a IP address before and you've been on a network good chances are it probably started with 192 or maybe it started with a 10 dot or something along those lines and that's because those are private IP addresses so anything that starts with 192.168 is not an IP address that is going to be out in the uh the interwebs it is going to be an IP address that is only known to you these are called private IP addresses so because we use these private IP addresses we can pass them out through what is called a public IP address now to make better use of this let's go out to Firefox and I've already got a tab open so I went to Google and I just said private IP addresses and I clicked the second image here because I think it's a great image so if we look at this there are classes of IP addresses private IP addresses now there is a Class D and E we're not going to worry about those The Big Three are class A B and C if you know these you are good to go uh so if we look at class C this is what the most common household and small business use so we see it starts with the 192.168.0.0 so the 192 168 are constant if you see a 192.168 address you can guarantee yourself that that is a private IP address space and then we have the range of changing this number between 0 and 255 and this number between 0 and 255. Y 0 to 255 well that'll all make sense when we get into subnetting but what that allows us to do is have a large number of networks here and a small amount of hosts but for a a regular user like you or I uh or a small business 254 hosts is pretty good I mean I'm only using like 20 in my household so the most common household is probably using this 192 address but what about a big big business right something huge okay well they might use a 10 address because a 10 address frees you up to anything after this 10 is private so 10.1 10.1.1.1 whatever you want to put in here up to 255 on each octet makes for a small amount of networks but a large amount of hosts okay and don't worry about the host versus Network thing again subnetting we'll talk about that it'll all make sense but just imagine the amount of amount of host that you can put in here with this wide range so because of this you'll see larger corporations using 10 addresses you'll also see a lot of Corporations even small businesses using 10 addresses the the matter of fact is as long as you have this private IP address you're good to communicate across your network so any IP address outside of these and the loopback here are free game for the public address space they're probably already owned and you purchase those or rent those really from your ISP your internet service provider so going back to this thought we have a class C address my Network's Class C 192 168 57 139 here so it falls into that class C I've got all these devices on this 192.168 network all these devices are talking out of one IP address that is my public IP address that is what I rent from my ISP and all this network traffic goes out one IP so this is how we have achieved or solved the issue of running out of address space without having to use IPv6 not that there's anything wrong with IPv6 uh it's it's not pretty I mean it's way easier to type this stuff in than it would be to type something like this in um but at the same time this is how we've solved it we've we're able to still use ipv4 in mostly all networks and we are able to communicate out with this quote unquote IEP address shortage so hopefully that makes sense we're going to build upon these Concepts again ipv4 IPv6 IP addresses are layer 3 protocols Layer Three is a router so when we Route traffic we route via an IP address so we're going to build upon that as well as we go in hopefully this is all just a refresher to you so that is it for this video I'll go ahead and catch you over in the next one all right so we're going to move down a layer here and talk about Layer Two so remember ipv4 IPv6 IP address is just a whole that is layer three we're talking about routing here in Layer Two we're going to be talking about a Mac address or a physical address now Mac stands for media access control and that is identified here in our ifconfig as this ether here so we can think of this as our physical address and a way that we communicate when we are using switches switches communicate over this physical address this is kind of how they know what device is what so what we say here is if we have a device say you just built a computer and you're installing your network interface card or your Nick you're going to plug that in and you're going to have a MAC address for that Nick your cell phone that's going to have a MAC address anything that's using a network interface is going to have a MAC address so these Mac addresses are important because they utilize layer 2 or switching and they are how we communicate over switches now there's something to be noted briefly about Mac addresses now Mac addresses have identifiers so as you can see here this Mac address has six different pairs of two right and what we can do is we could take the first three pairs and we can just copy this and we can go out and we can try to put it into a MAC address lookup now for this one this is just going to be VMware I'm not sure if it's actually going to come up but I'm going to go ahead and paste it and see what happens and you can see that the vendor actually shows up as VMware so the first three pairs here are identifiers and we can identify what we're up against if you've ever looked in your house and you've looked at your network and you you're trying to find a device and you see the IP address but the IP address doesn't really help you identify it you might see something along the lines of a MAC address because your your home device say your your router might also be what's called a layer two slash layer 3 device meaning it's doing switching and routing for you and it'll also know the MAC address of that device so you can take the first three pairs here put those into the Google machine and see if you can identify what the device is so if I was unsure this didn't have a host name or device name and I could just reach out and say okay well let me let me look these up maybe it'll give me an ink link it's not going to tell me the exact device but if I know it's it's running VMware then I could say oh you know that's my host machine running or if it's related to like Texas Instruments or something maybe I know that device in my house so this is just a quick way to look up devices and know about them the other option or other thing that you need to know here is just that again Mac addresses layer two related to switching I'm just trying to repeat this and get this into your head so that's all we need to know from this lesson and we're going to go ahead and I'll catch you over in the next lesson all right so now we're moving into layer four which is the transport layer of the OSI model and we're going to talk about what is TCP and what is UDP so we'll type that in here TCP versus UDP so TCP is what is known as the transmission control protocol and you could think of that as a connection oriented protocol and we also have UDP which is the user datagram protocol and this is a connection less protocol so when we have these two protocols one is best suited when it comes to high reliability that's TCP TCP is connection oriented we want to make a connection we need High reliability so you can think of something like a website which is HTTP or https or you can think of something like SSH or FTP the file transfer protocol those all utilize TCP when you think about UDP you might think about something like a streaming service that's connectionless or DNS is connectionless or our voice over IP is connectionless and when this comes into the importance of scanning scanning is super important we're going to be scanning both TCP and UDP as a penetration tester and don't worry about scanning right now when we get into the scanning section this will make a lot more sense but we need to know what TCP and udpr and Define them broadly so the most commonly we commonly use protocol that you're going to be scanning is going to be TCP now TCP works on what is called a three-way handshake now if we look at the three-way handshake it's going to look something like this we're going to first send out a sin packet and then we're going to receive back a sin act packet and finally we're going to send an act packet now how does this work now you could think of this as an interaction so let's say you have a friend or a neighbor and you go to your neighbor and you say hello that's a sin now sinach is going to be the response it's going to say hey sin I acknowledge you that's your neighbor waving hello back and then you know you are good to go start a conversation so that's the acknowledgment now when we think about this in the terms of ports now Port is a item that can be open on a machine it's a way to communicate with certain protocols for example if you think about HTTP that's over Port 80. if you think about https that's over Port 443 there's a lot of different protocols and there are 65 000 plus ports that can utilize these protocols so everything related here is has to do with these ports now let's say that you want to connect to Port 443 on a website you're going to send out a sin packet to that website you're going to say hey I want to connect to you on Port 443 and if 443 is open and available for connection they're going to say hey you can go ahead and connect to me and when you want to actually establish that connection you're going to send that acknowledgment packet back now let's make more sense of this let's go ahead and open up a tool called Wireshark so this is built into Kali Linux I'm just going to type in Wireshark and I'm going to provide an ampersand here just so I have shell access if I need it in the background and all I'm going to do is capture packet data so this is going to be listening in on my Nic and it's going to say hey what's he doing let's capture all that data so we're going to capture that I'm going to start a capture here you're going to start to see a bunch of traffic coming through you can see the different protocols here you can see UDP is coming through right now but we're going to go establish a TCP connection so let's go out to the world wide web and I've got Google up I'm just going to refresh Google you're going to see a lot of traffic start coming through so I'm going to go ahead and just stop this right here look at all the data packets that get sent when you're using your computer this is what's going on in the background you don't even think about it so we could see some sin synacts there those are in the gray let's see if we could find a good one okay so here is one right here um so what we're gonna do actually let's find a better one so we're going to come down to here and we're going to say okay so here we are we're our source IP this is 192.168 5739 we're going out to destination of 74 125 21 155 we're saying hey I've got this port here I want to connect to your Port so Port 443 this is a web page we're sending a sin packet if that port is open and available for connection and communication what's going to happen back is that IP address is going to say hey here I am I'll allow you to connect on this port and if we make that final connection we're going to go ahead and send the ACT packet back which is right here it's going to say ack so that is the three-way handshake please do remember this is going to come back into play when we get into scanning and we'll talk about Stealth scanning and how we modify the three-way handshake to actually do some scanning so that is it for this lesson I will catch you over in the next one all right so before we go into the OSI model I do want to talk about some common ports and protocols since this is a refresher most of these should be pretty familiar to you I'm going to run through them pretty quickly and just talk about them briefly on each of these common ports and the reason I've listed these is because there are things that we'll see quite often as a penetration tester and it's just something that as we're going through the course if one of these show up it's something that just rings a bell and you see you see a scan it comes back and you see Port 21 you just think ah yes FTP or you see Port 80 you think ah yes HTTP so you got to start training your mind to memorize these ports so when we get into our scanning which again we haven't covered scanning but when we get there and we see what ports are open on a machine we're going to be able to have these common ports memorized so on the TCP side we've got FTP FTP is the file transfer protocol you're going to see this in some assessments you're going to see this a lot when we do something called Capture the Flag or we run through some test machines you'll see FTP open quite a bit so FTP file transfer protocol all that means is we can log into this server we can put a file or we can get a file off the server now SSH and telnet kind of play hand in hand telnet is the ability to log into a machine remotely now SSH does the same thing the only difference is SSH is the encrypted version of that so with telnet you are in clear text and with SSH you are encrypted now SMTP POP3 and IMAP all relate to mail we're not going to worry too much about mail in this course but you might see it come back up at some point so just remember your 25 110 and 143 DNS so DNS is a way to resolve IP addresses to names and we could take a quick look at that if we go back to our Kali machine and say we're at Google here we've got Google up but the computer doesn't really know what Google is the computer is just using nice text like google.com for us to humans what's going on on the back end is Google actually resolves to an IP address now the IP address is how the computer knows to get back and forth because we don't want to sit there and type in IP addresses this DNS or domain name system has been implemented for us so we type in google.com on the back end it knows hey I want to go out to 17179 10 22 34 whatever it is in in reality but this is just a quick way for the computer to relate to a human and the human to you know have easily readable access to some of this stuff so going back to our PowerPoint we have HTTP and https that is a website just what you saw there mostly everything is on 443 now or https the HTTP on Port 80 you'll see sometimes remember that is the non-secure version of the protocol so https is encrypted HTTP is not encrypted and not secure so lastly SMB ports 139 and 445. originally it was just 139 in the later versions of Windows they put on 445 you're going to see these ports a lot this is probably the most common Port you're going to see as a pen tester these relate to file shares you might also hear this called Samba so there are a few names for it but when you think of SMB and you see 139 or 445 think of file shares and as a pen tester perspective you got to think about all the crazy exploits we've had regarding SMB the most recent one as of this course was the wannacry virus right so you have the wannacry virus it's also known as Eternal blue was what it was built off of or ms17010 was the official term of that exploit that exploit utilized an SMB exploit to navigate through networks so it became very vicious very quick because SMB is open so frequently on networks now on the UDP side we also have DNS over here DNS is both atcp and UDP protocol we also have DHCP now when it comes to IP addresses DHCP Associates you with an IP address kind of at random now you could have the opposite of that is what is a static IP address so with DHCP you plug into your network say your home network and the internet just fires up guess what probably DHCP on the back end it just picks a number between a range says hey here's your IP address I'm going to let you lease that out for eight hours or a day or a week or however long the timing is set for and that IP address is yours now the opposite of that again is static so you could say hey I want a static IP address and anytime I plug in with this specific computer go ahead and give it this IP address so how are we going to know that most likely the MAC address right so from Layer Two it's going to know layer 3 and how to assign it so again DHCP should be pretty familiar to you we've also got tftp on Port 69 which is the trivial FTP and it utilizes UDP instead of TCP and we also have SNMP which is the simple Network management protocol so you will encounter SNMP occasionally on networks not always but when we do encounter it there may be some information to be gathered especially if there are strings being used that are Community or public strings and we'll worry about that when we we encounter it but you'll probably see it again in this course so that is it in this video we're going to go ahead and move on to the OSI model and tie all this together then we'll get into a little bit of subnetting and we'll end this with a refresher on networking a final final video on networking so I'll see you over in the next video all right so this whole time we've been talking we've been talking about networking and I've been throwing terms at you and I every time I throw a term at you I try to use the respective layer for it so you've heard me say layer two layer three layer four and those all correspond with what is called The OSI model now if you're ever in a network interview or if you're ever talking to somebody who has experience in networking or even if you're on the help desk or taking tickets knowing the OSI model is incredibly helpful and people will just throw layers at you especially the people who have been in the field for quite some time might just say Layer Two instead of a switch or they might say layer three instead of a router so I'm going to discuss the OSI model really quickly give you a mnemonic on how to remember it and just talk about some of the concepts within it and how to troubleshoot down it as well so I picked this up from Keith Barker a long time ago great trainer by the way and this is the mnemonic so we're gonna go p d n t s p a and this stands in my head for please do not throw sausage pizza away again that is please do not throw sausage pizza away so I'm gonna put numbers corresponding to the layers in front of it here and we're gonna go ahead and type these out one by one so on the first layer here we've got what is called the physical layer and you could think of your physical layer as like data cables or like your cat 6 cables stuff like that something you might you might plug in right that is the physical layer and we've already talked about Layer Two quite a bit Layer Two is the data layer and that is our switching right and also our Mac addresses going down the list we've got the network layer which is IP addresses also routing the fourth layer is the transport layer which is TCP UDP which we have talked about as well and the last few so the session layer we've got the session layer which is just session management you don't really have to worry too much about this one six is the presentation layer now this should be familiar to you because think about WMV jpeg movie files that's what your presentation layer is so media and then lastly we've got the application layer which is like HTTP SMTP your applications that you utilize right so we've got this laid out here and you might be asking why is this important well again when we say something like my home router is a layer 2 3. so that means it does it does switching and it does routing right you might think of this in another way as well you might be asked to troubleshoot and something to talk about too with the with the OSI model is when we receive data we receive data down this physical layer all the way down to the application when we transmit data it goes out the application layer down to the physical when we're troubleshooting this it is always best to start with the physical and go down to the application Level okay so say you get a your working help desk and you get a phone call and somebody says you know my internet's not working help me well what's the first thing you're going to do are you going to ask them application Level questions yeah probably not you might say hey can you look at the back of the computer do you see a uh the cable plugged in oh the cable's plugged in okay well uh do you do you see the the where the cables plugged in is there a blinking light is that blinking light green by chance okay we're checking the Nick right and then we might ask them to you know do they have an IP address what's going on uh all the way down and then we troubleshoot all the way down to layer seven so we wouldn't start on layer seven right we would start from the basics and move down so it's important to know this this isn't a help desk course by any means but it's super important to know this especially if it's been a while since you've seen this network stuff or even if this is new to you that the osm model is commonly referred to even as a pen tester I get all kinds of layer two layer three talk and you will be sitting in meetings with network Engineers with people who are very very smart about this stuff and they're going to throw all this lingo at you so if you know this lingo really really benefits you or else you're just gonna sit there and wonder what the heck they're talking about so hopefully the this is a quick informative method for you and again remember please do not throw sausage pizza away that's the easiest way that I remember it you can make up your own mnemonics if you want people have other things as well if you've got a if you got a favorite mnemonic please feel free to comment down below and tell me your mnemonic as well so I'd love to hear some of these other ones so let's go ahead and move on into subnetting and then we'll uh we'll start moving into other fun parts of the course let's talk about subnetting so subnetting is important in networking you hear about it all the time you hear even people perhaps freaking out I know I freaked out when I heard that I had to do it for exams like Network Plus or CCNA and I feel like there are a lot of complicated methods out there for submitting but there was a method that was shown to me middle of my career and it just blew my mind it's really really fast subnetting method and I really want to break down for you what subnetting is why we do it and then show you the methodology behind it so if we want to talk about subnetting if we just come in here and just do an ifconfig and we look at our IP address right we have our inet which is our ipv4 and you can see here too we have this net mask this is also known as a subnet mask or a subnet and it just says 255-255-255.0 really tell us a lot if we don't know much about it but this is what a subnet looks like and we can think of subnets in ones and zeros it's all bit right so we've got eight bits here just like an IP address ipv4 same thing 8 Bits 8 Bits 8 Bits and another eight bits and we've got ones and zeros if all the ones are switched on we've got 255 if none of the ones are switched on we've got zero and depending on how those ones and zeros are switched on or off determines a lot of things for us and that's why this net mask is important now attached to your resources for this course I've created an Excel sheet that I think will be useful so if we look at the Excel sheet here is the Cyber mentors subnetting sheet and let's talk through this it looks like a bunch of numbers and it might look crazy for you and we're going to talk about how this breaks down how the bits break down and then how I would write this shorthanded for an exam or a test or just something that I do on a day-to-day basis so first let's talk about the bit so come to the bits tab here and we have our eight bits right we can count this across and there's eight here on the count you can see that and it starts with 128 and descends down to one you just keep cutting it in half right so 128 64 32 16 8 whatever what's more important is why we get to these numbers so if we have a 1 switched on here it adds to the value when all the ones are switched on it equals to 255 you see all the ones switched on here if we were to highlight over all this come down to the sum you see the sum is 255 that's all this formula is doing here so if we were to come through and you see all the zeros here nothing's flipped on to actually turn any value on here how this actually works is the switch has to be on in order right so if we were to switch on another bit we'd have to switch it on here and we'd have to switch another one on here we couldn't just come down here and switch it on here it wouldn't make sense it doesn't work that way not with subnetting so we're going to take these back off and just show zeros again but you see how the values change if for example we had this network and you saw the default and I'm showing you the 255-255-2550 the standard here because that is what's known as a slash 24 Network that's very very common and it's very common because it's used mostly in household and small businesses and it's done this way because of the amount of hosts that it allows now if we talk about the host you can see that I have here 2 to the eighth power why do I have that well we actually go by how many bits are switched off or how many hosts are available to us so if a host here or a bit was switched on then we lose the amount of hosts we have available to us and this subnet gets smaller and smaller now don't worry too much about the ones and zeros it's going to make a lot more sense when we stop talking in these binary terms I just kind of want to break down the math behind it first before we make it really really simplistic so again we've we're talking about what's called the slash 24 or whack 24 Network and it's so standard because of the host again 256. think of all the devices in your house you have cell phones you probably have computers you might have like a Roku or Amazon Fire or something along those lines you might have Smart TVs or smart watches or something that connects to the internet well again they're all connecting through Nat right and going out but the amount of hosts that you can have on your private Network really depends on the subnet mask and how you set it so we have this class C that you saw before the 192.168.1 or dot zero or however you want to have it right well it allows us to have 256 when we have a subnet of Slash 24 so that's very common for a household it's also common for a small business maybe there's a printer some few devices in there but they're never going to get over this 256 hose okay so when we come to the subnet cheat sheet let's break this down a little bit differently so we have our host here let's start with the slash 24 we just were and you saw that there is 256 available hosts as we start turning off bits okay we turn off a bit here we turn off a bit keep going down the list the hosts start getting bigger and that just corresponds here we have a slash 24 and the only reason I'm saying 24 is I'm counting the ones across right so we've got 24 bits switched on if we had 23 okay it gets bigger and bigger and bigger now let's stay away from the ones and zeros I think it's a little bit complicated the better way to think about this is to look at the subnet Mass down here and I'm going to replicate this and then we're going to come back to it so what I do here is we can have a possibility of 32 bits switched on right so I'm just making a new tab and I'm just going to go over here and I'm going to hit control and drag this across until it hits eight okay and then I'm gonna do the same thing with nine I'm gonna drag it across all I'm doing is just making really quickly 32 placeholders and I'm just emulating here if we had the possibility of 32 different switched on bits so imagine one bit is switched on imagine all 32 bits are switched on that's the possibilities here right so always for sure we're going to have an amount of host and we're gonna have a subnet mask okay so we'll just call it subnet there we always start here with 128 just like the bits that you saw you saw the 128 start on the bits let's just start also with 128. now as you saw every bit that's switched on remember when we switch a bit on over here it starts decreasing so we're going to decrease for the bits that are switched on 64 32 16 8 4 2 1. you come over here and what I like to actually do is I like to just add these numbers together and you can see 128 and 64 is 192. and then you can add these two together so you get 192 32 you just add diagonals the way I I actually always do it so 224 240 248 252 254 and 255. now what does that correspond to it corresponds to the possibilities of the bits being flipped on right so this looks just like what you see here same deal and if you had a one underneath of it okay then you got 128 if you've got another one underneath of it well guess what you've got 128 plus 64 which is 192. and this number keeps growing why is this important this is still all ones and zeros right well let's start thinking about it if we have a slash 24 Network we've got 24 bits turned on our subnet mask is 255.255.255.0 if we had a slash 16 it becomes 255.255.0.0 why where are these changes coming from let me show you this okay for a slash eight I'm just tying this into just this right here well this is coming from the number of bits that are turned on eight bits turned on we've got two five five and the rest are zeros you got another eight bits turned on two five five two five five the rest are zeros come down to the slash 24 which is that really common subnet that you see and you've got two five five two five five two five five zero now this is very common okay let's go back to the cheat sheet now and you can see that I've got X as a placeholder in the subnet so what I'm saying here is you look at this list and you say I've got a slash one well for this whole area here from one to eight the placeholder is going to hold in place of this x so for a slash one if I've got 128 then guess what it's going to become 128.0.0.0 because that's how it would be and if you were turned on just one bit here and made all of these zeros guess what just the 128 would be on the rest would be zeros okay if we had a slash 14 okay so 255's automatically flipped on you have a slash eight already you've passed through it okay so you're starting on the second iteration here slash 14 corresponds down here to 252 so you'd have a 255.252.0.0 so all this is is placeholders let's go back to the sheet here so I make this quick and dirty list this is what I write out when I'm just writing out something quick for an exam I'll write out one through thirty two I'll put the host here and I'll put the subnet here so again if we know that once we cross through 8 16 24 32 that has a two five five in front of it all we've got to do then is we'll say slash 27 well we've come through three columns then I know for sure that we've got 255.255.255.something right you see the slash 27 you come down here the subnet would be 224. say 28 okay two five five two five five two five five look at the 28 you've got a DOT 240. and this is gonna be confusing this is subnetting is not necessarily easy once you get the chart down it makes a lot more sense so let's start piecing some more things together when I say that I've got host now the host I'm showing you only correspond to these first rows but it's very common or very useful just to know this number right off the bat now if you look at the cheat sheet what you can do here is you just know that you start with a one or you start with the 128 you go down but every time you go up you're doubling and why are we doubling do you remember from the bits part every time a bit is turned off so as we go up a number we take it to the next power so we've got eight bits turned off we take two to the eighth power it's 256. well here you go look come through here 256 we go to the ninth power 512 to the 10th power 10 24 it just keeps doubling okay that's all you got to think about in your mind is it keeps doubling so on an exam for example you might have something like what how many hosts could be potentially in a slash 20 Network and you come to your cheat sheet that you made or you have in your head and you say well 496 and then we'll get to this in a minute but we have to subtract two so 494 potential and why is this all important what do we even care about any of this why am I rambling on well you need to know based on the network okay the slash 24 is great for a small office home network however you want to have it but what if you're a large Enterprise maybe you have thousands of devices okay maybe you want a slash 16 Network that might make more sense for you or you even see some with a slash 8 Network it just depends on how big the company is the larger the company the greater chance that you're going to see that they're not using slash 24 or they could even have subnetted segments of their Network where say they have just telephones and they've got 500 employees and 500 telephones they might just have one slash 23 Network for nothing but telephones because that's the amount of hosts that fit in there so what we're after with subnetting is how many hosts can we fit and what is the mask that's behind it so those are questions you might be asked in the exam and these are questions that you're just going to see and when you're given addresses say you're doing a pen test for a client you might be given something like this you might be given IP address it's 192.168.1.0 24. okay and immediately in your head you're like oh slash 24 that's standard there could be up to 256 hosts or 254 hosts or devices in this network but if they gave you something like 192 168 1.0 20. then you might look at your little chart and say 4094 hosts remember we're going to subtract two four thousand ninety four hosts in this network now I know if I'm scanning this I'm up against a lot more devices potentially than I am in this okay so when a client gives you your subnets they might just write it out like this and depending how big your client is might depend on how big their subnets are for you for example I just pen tested a client that was a slash 16 all the way across and it looks something like 10.1.0.0 16. okay and your subnet mask for that would be something like two five five two five five zero dot zero and how does this come into play well every time you have a two five five that number's locked in place that's another way to think about this so that 10 is always locked down this one is always locked down the rest of the bits are fair game meaning we could have 10.1.1.0.1.2.3 we could actually have a zero here 0.1.2.3.4 and that's how this number for like a slash 16 gets so big because you have 10.1.0.0 through 255 on the possibilities which equals 256 hosts okay for one range you get 256. well imagine you have to do that 255 other times right and that number gets substantially bigger here and then if you were to have a slash eight then of course it gets bigger and bigger so what you need to realize are a few things here we have these addresses and you see the slash one slash a again we call them wax whack 24 is going to be very common I would say wax 16 is probably your next common you might see some weird cemented networks like this subnetted networks like this but typically it's slash 24 16. now your network ID is typically what is known as your first address and your broadcast ID is known as your last address this is not always the case but it is very common and let me log back into this Cali machine here and I'll show you so we have our IP address 192 168 57.139 and we've got a net mask of 255-255-2550 what does that tell you from what we just learned that tells you we have a slash 24 Network okay this is a common Network there are potentially 250 for hosts why have I keep saying that why do I keep subtracting true well we've got a network ID and a broadcast ID or broadcast IP here well what we need to know is we are DOT 139 we could be anywhere from dot 1.254 within this network that's our 254 possibilities this zero means we have the flexibility to be any IP address range from 1 to 254. usually usually a DOT zero for this IP here and a DOT 255 make up your network ID and your broadcast IP okay usually so if we were to say something along the lines of let's go back to this Excel document and we were to say something along the lines of this let's say that we have a slash 24 Network and we want to know how many hosts we want to know how what our network ID is and what our broadcast ideas or IAP is okay we would say okay and we'll we'll give it one more we'll say it's a slash 24 and the IP starts with 192.168.1 DOT zero okay or we can even write it like this 192 168 1.0 24 delete this and we'll say what's our subnet mask what's our host what's our Network what's our broadcast so subnet you come to your cheat sheet you say Okay slash 24 I already know that I need to be filling in this area here on the X so I'm just going to come in 255 255 what's the X well we know to come down this row 255 here dot zero okay and then we've got hosts I'm just going to expand this a little bit we've got the host okay hosts are right here 256 hosts potentially 254 though because we always subtract 2 from the host total so our network ID is usually the first address available to us which is 192.1681.0 the broadcast is 192.168.1.255 meaning available to us is anything from dot 1 to Dot 254. let's take a look at something else that's uh a basic example let's do like a slash 28. let's say we got 192.168.1.0 28. now what well you've got 16 hosts here okay so our subnet is then going to fill in two five five two five five two five five dot X right because we're in this row slash 28 says it's going to be a 240 when we drop down to the subnet mask I'm going to make this a little bigger how many hosts 16 minus two we have 14 hoes okay so the first non-host would be a 192.168.1.0 again still the same thing first first address last address is going to be what 192.168.1.15. does that make sense 0 to 15 is 16 addresses usable space is 14 because we take out the network and the broadcast now you could see something like this and then guess what you're segmented so because you're only using this little bit of space you can then in turn have something like this 192.168.1.16 28. and then it starts the same way your subnet mask is actually the same because you're using a slash 28 you come through you can just copy and paste that the hosts are still the same what changes here well your first address 102.168.1.16 and then your last address which is 192.168.1.31 so because this is smaller on the slash 28 side we can actually have multiple networks within like say a DOT 1.0.1.16.1.32 you get a multiple little networks here with only a small amount of hosts so maybe you have just a few servers in this range and you have like servers um a b and c they go in a slash 28 and then you have another one of servers DC and e or d d e and f however you want to say it and you have more in that range okay so you can subnet this out into different things and when we see subnets we see all kinds of stuff we can see phones servers user computers Wireless all different sort of things some companies get really specific with their subnetting now let's try one more let's say we have a slash 23. now I want to put in 192.168.1.0 23 but that would be wrong why would this be wrong this is actually going to be a zero and I'll show you why in a second so we're no longer locking in the this this number anymore right when we get below the slash 24 of the 255 all the way across for three of them guess what we're now have the ability to change this number other than what's locked in so let's do a DOT zero we'll talk about why let's hit enter here so the subnet on a slash 23 well we're going to do a 254 which is going to be the placeholder of the X here we're going to come in and say 255-255-254.0 and now again we're not locked in so remember this 255 would lock in this dot one that doesn't happen anymore so we've got 255 255 254.0 we're actually going to start at zero here and we're going to say the number of hosts that are possible it's 510 okay 512 minus two we'll say our network ID is 192.168.0.0 and our broadcast would then be 192.168.1.255. why okay so we have the possibility now that we're spanning two ranges we've got 510 hosts in this network okay and we have the ability to go between zero and one we've got two options now zero and one so if we were to say another network if we wanted to get to like a two we'd actually have to say 192.168.2.0 23 it would be the same subnet mask same number of hosts but then this would be 192.168.2.0 192.168.3.255. again there's 500 510 possible hosts in between this right because you got to think dot 0.1.0.2.0.3 all the way through 254 and again 1.1 1.2 all the way through 254. so that equals 510. once you've hit that maximum that 1.255 then guess what you start at 2 you have a whole new network here just like these smaller segments you get whole new networks on the bigger side as well so what you need to know is that when I if I were to put something like a 192.168.1.0.23 that would have fallen into line with the one and the zero in our actual network ID still would have been 0.0 and a 1.255 would have been the broadcast here and you can double check this anytime you're confused you can double check your cider notation so I'm going to bring over a website that I will show you here and this is just an IP addressing guide It's called ipaddressguide.com you bring this over and you scroll down just a little bit and I just put in 192.168.1.0 23 and you can see that it actually corrects me and says the first bit is 192.168.0.0 the last one's 192.1681.255 total host is 5 12 minus two shows you that again first IP last IP you got your net mask very easy to use a cider calculator here or an IP range to convert to cider as well so very useful calculators but if you're not allowed to use these for like an exam purpose or something along those lines then using the cheat sheet that I've shown you is super useful now what I want to do is I want to try three more subnets okay I'm going to write these out I'm going to say 192.168.0.0 22 192.168.1.0 26 and 192.168.1.0 27. I want you to solve these for me tell me the subnet mask the host Network and broadcast and with that being said this again is a very complicated topic I did not pick this up the first time or the second time that I got it if you're running confused right now perfectly normal you can go back and watch this video again try to pick up more topics try to understand it maybe I'm not the right instructor for this either I do recommend looking at other resources to completely fill in your knowledge Gap if there is one that exists another resource that I'll link down is what is called seven second subnetting it is very useful a lot of students have recommended it to me I'm going to push it forward as well so go ahead and try to solve this understand that what you're after here is just understanding what a subnet is okay when you see something like this if a client sends you 192.1681.024 you're gonna say hey okay I know that there's probably 254 hosts in that Network and I know what I'm working with if you see this 255.255.255.0 again you know that you're working with a slash 24 Network very standard stuff that's what we're after I don't expect you to ever memorize this I don't have this memorized like I don't come in here and say you know a slash 18 is a two five five two five five 192.0 Network and it's got 16 384 hosts I don't do that okay I have a cheat sheet I'll use a website if I need to for the most part what you need to understand is two 254 hosts for a slash 24 if that number has gone up to like a slash 28 you know you're dealing with less if that number is lower like a slash 16 you know you're doing with a bigger Network that's really what it comes down to unless you are working in networking and then these become more important but as a pen tester understanding how to read this understanding what the subnet is and just identifying it with very basic measures this is extremely useful so I will catch you over in the next video when we talk about solving these challenges and hopefully we got them all right so I'll see you over there in the next one foreign so let's solve this challenge together shall we 've got a 192.168.00 22 why did I write this out this way well similar to the slash 23. so if we come to a slash 22 we see that there are 1024 hosts which means we have a possibility of 1022 right and all we need to do is fill in the blank on the X so 255.255 dot 252.0 we come across we know our first IP here or ID is 192.1680.0 first address possible now if we think about this we can kind of do this mentally in our head we can think okay there's probably 250 or so hosts in a network and we've got a thousand or so hosts here well that's going to be about four right four ranges because we got a thousand divided by 250 so I'm going to go ahead and go 0 1 2 3. that's four total we'd say 192.168.3.255. and hopefully that math makes sense again zero dot 0.1 through 254 .1.1 through 254.2.1 through 254.3.1 through 254. that equals about 1022 hosts okay actually I lied to you the only two we're taking off are 0 and 255 you actually have dot zero through 255 1.0 through 255 all the way we're only subtracting these two so if you do that math that will add up to 10 22. okay so a slash 26 we've got a 255.255.255.192 fill in the blanks fill in the X's 64 hosts we got 62 in reality and we're gonna say 192. 168.1.0 and 192.168.1.63. again if we wanted to create a second Network we could start here with a 64-26 and we would start with 64 as the network ID and then 127 as the broadcast and lastly 255.255.255.224 for a slash 27. we've got 30 potential hosts because we got 32 minus 2. 192 168.1.0 and then we're going to do 192.168.1.31. same thing here if we wanted to create a second Network we could we could say 192.168.1.32-27 and then this would start at 32 and this one would end at 63. we can make however many networks within that four to eight I think eight eight different segmented networks with the Slash 27. so that is it again as I said last video this can be confusing and all we're taking away here is identifying what the cider notation looks like identifying the base that to me is slash 24 being the most common what you'll see understanding what a subnet mask is and why it's important especially in relation to hosts and the number of devices that you can have on a network and why you might see something like a slash 28 or a slash 23 or more commonly something like a slash 16. so understand again that slash 24 as you see a bigger number there or you see even you know something other than 3 255s in a row understand the number of hosts are getting smaller the last 255s you see on your screen the number is getting bigger for the number of hosts okay and just understand how to read this that's all you need to take away again I'm going to provide additional resources as I provide in the last video go review them if you don't understand them you can always come to the Discord Channel you can always ask q a questions this is not an easy topic to pick up but it is a topic that I had to show you as part of networking all right so in order to be successful in this course we are going to be utilizing what is called a virtual machine now virtual machines are known as VMS for short and a VM is just a machine on top of a machine and to give you an example I'm actually running this Windows 10 instance that you see here on top of my Windows 10 instance so here you can see if I scroll up that I have a Windows 10 machine I also have a Linux machine sitting here if I were to demaximize this you can see that I'm actually running here a Windows machine in the back this is my wife and I and you come through here we just blow it back up and we're back inside of our machine so a virtual machine is just a machine inside of a machine so what we're going to be doing is we're going to be utilizing this to build out Labs that way we don't have to actually have a bunch of Hardware we can just use this for our our course and run what we need to on top of our own machine already now this can get resource intensive so if you are only utilizing something like eight gigabytes of RAM then you might have some issues with this but you can still follow along when we get into the active directory portion you might run into issues if you do not have at least 16 gigabytes of RAM to utilize but we'll worry about that when we we get there there's still plenty of ways to follow along throughout this whole course so another thing to note is that I use VMS every single day this machine that you see here is actually my day-to-day pen testing machine so I run a Kali Linux instance on top of my Windows machine and utilize that to do penetration testing so I'm going to demonstrate that to you and how we're going to build out our Labs with that and a lot of us in the industry run through VMS as opposed to running it directly on metal or on a machine so in order to utilize virtual machines we first need some sort of virtual machine software to play these so there are two different ways that we can do this if you are on a Windows machine or a Linux machine you can utilize VMware Workstation player now if you type in VMware Workstation player in Google the first one here that says download VMware Workstation player you just click on that and if you are in a Mac environment you're going to be utilizing Oracle virtualbox so if you type in Oracle virtualbox you come here and you go to downloads you have your option there as well so in this course I will be using VMware Workstation player I'm going to be running it on top of Windows if you are using Mac that is absolutely fine you're going to be following along just the same all you need to be able to do is follow the same instructions that I give you and you will be a-okay so if you scroll down here you can see try workstation player for windows or try a workstation player for Linux go ahead and just select download now that should bring up a download and go ahead and save it if you're doing virtualbox go ahead and download for OS X I will download the windows version just so that we can uh we can see what that looks like as well so I'll save both of these so let's view our downloads and we've got VMware Workstation player here I'm going to go ahead and open this one and we're going to install this and this will be very point and click so next accept the agreement possibly give away our first child uh yeah we should go ahead and install the enhanced keyboard driver while we have this and then we don't need to enjoy join any Improvement programs or check for product update that's okay we will install desktop start menu you check check your preferences as you like it I'm just going to install this and this should just finish here in just a second okay then you'll be brought to this screen once everything's done it should take about a minute or two and we're going to go ahead and hit finish and it's going to want a restart to take effect you can go ahead and restart your system I'm going to say no right now let's go ahead and install virtualbox if you are a Mac User we'll hit next here next and yes and install except and again vary point and click with the installation select install and any options that do pop up and then we can start Oracle VM if we want let's go ahead and just start that this is what Oracle VM looks like and let's see if we can start the VMware Player here even though we need to restart and this is what VMware Workstation player looks like so here you can see that we have virtual machines we can create new virtual machines open ones Etc we'll get into that in the next video so again if you are using Windows or Linux this is probably what your view is going to look like for the rest of the time if you are using Oracle on a Mac this is what your view is going to look like another site Pro tip here is that I am using workstation Pro and I might utilize this in some instances throughout the course other instances I'll be utilizing the workstation player they are not much of a difference especially in the beginning when we get into the active directory portion it might actually be worth it for you all to download the VMware Pro trial because the trial is 30 days and you can utilize that to get through some sections and actually have nice little Windows here to to be clean and just have a pro Edition you can do everything that I'm going to show you in the course on the player it just is that you have to open if you want to run more than one machine you you'll just have to reopen the VMware Workstation player several times to run multiple machines but that's okay it just won't look like this nice clean layout where you could transfer between machines like I can do just here so with that being said let's go ahead and move on to the next video we're going to be installing Kali Linux onto our VMware Workstation player now that we've installed VMware or virtualbox we need to install Linux we're going to be using a version of Linux called Kali Linux throughout this course this version of Linux is a Debian based distribution which is geared towards ethical hacking and penetration testing so it's a special version of Linux that allows us to have all the tools in one place that will allow us to hack without having to download these tools and install them on our own custom Linux distribution so it's all kind of nicely built into one package so if you go out to Google and you type in Kali Linux download you should see this link I'll put the link in the description below as well but you should just be able to go to get Cali right here and you're going to be presented with a couple of options here we're going to be using a virtual machine in this course so we're just going to go ahead and click on this virtual machine option and that's going to take us down just a little bit here what you're going to do is you're going to download the respective version that you need so if you need VMware you download VMware you're using virtualbox go ahead and download the virtualbox one now they have a direct download which is a 7-Zip and they also have a torrent if you know how to torrent what you're going to do is go ahead and download the file that you need and while you're doing that if you do choose to download directly you're also going to need a tool called 7-Zip or a way to unzip this file so go ahead and start your download while it's downloading let's also go ahead and navigate to 7-Zip so if you go to Google and you look at 7-Zip you'll see this page here comes up you just go to download in here you're going to download the file that is for your respective system so here I'm using Windows on 64-bit I would download this executable right here now if you're running on Linux here's where you download Linux if you're running on Mac OS here's where you download for Mac OS very straightforward I've already got this installed but what you need to do is just download this and literally click next through it make sure you get it installed go ahead and pause the video once that is installed 7zip that is and once you have the actual Cali image downloaded go ahead and unpause the video I'll be here waiting for you okay so your next step should look something like this you have your 7-Zip file open you should see a folder located in there and the easiest thing is to just drag and drop this you can also right click and extract if you know where you want to extract it I created a folder called Cali I'm just going to grab this and I'm going to drag it over and it's going to take a minute here just a few seconds honestly to unzip the file size of this one at least for the VMware version is around 11 gigabytes or 11 gigabytes exactly unzip so make sure you have the space on your hard drive in order to do this now once you have it unzipped you can go ahead and just double click in here you'll see a bunch of files if you have VMware installed you can actually just double click on this vmx file and that should open things up for you I'm just going to show you the other way around doing this as well so with VMware Workstation player open what you're going to want to do is go to open a virtual machine and in the folder that you have you should see this vmx file as well again you could double click it or you could just open it through this what's going to happen is it's going to open that file here and you're going to want to edit this virtual machine settings once you have it loaded click on edit virtual machine settings and in here we're going to want to First change the amount of ram that we have now this is dependent on your system if you have like eight gigs of RAM or maybe even 16 gigs of RAM you might want to try leaving it at 2 at first I'm going to bump mine up to four gigs which is 40.96 and I have a 128 gigs of RAM so I have more than enough space to allocate for this but if you again if you're on like eight gigs of RAM probably not the best idea to Jack this up Beyond two honestly I would try it at one maybe two see how it works the other thing you're going to make sure of is that you're running on Nat Network so if you click on network adapter make sure that it says Nat and that's selected once that's selected go ahead and hit OK and then you're just going to hit play Virtual Machine when it asks you what to do just say I copied it now from here it's going to take a minute for this to load you can just let this run through it'll boot on its own once you are presented with the login screen go ahead and unpause the video but until then pause and I'll meet you back when you're at the login screen okay I'm at the login screen I'm going to make this a little bit bigger just so we can see and from here what I'm going to do is I'm just going to type in the username of Cali k-a-l-i and the password of Cali k-a-l-i hit enter and if you see this screen congratulations you have successfully installed the Kali Linux and you now have it up and running in later videos we're going to cover what we're going to be doing and how to use this and how to use Linux and all this but for now pat yourself on the back you've got Linux installed and we're going to pause here and move on to the next video okay so this video pertains to some updates we need to make to virtualbox for quality of life so if you're not using virtualbox you can go ahead and skip this video if you are Buckle in we just need to do a couple of quick updates and then we should be good for the rest of the course so go ahead and go out to Google and Google virtualbox extension pack what it's going to bring up is just the downloads page of virtualbox so we're going to want to go here and on this page if you look kind of towards the middle you'll see that there is a virtual box extension pack here we're going to just click all supported platforms and that will automatically download the file that we need so once that is downloaded and pause if you need to go ahead and open virtualbox and you can come in here and up at the top we're going to go ahead and click on preferences and from here we are interested in extensions see extensions right here go ahead and click on that there's a little plus sign we're going to go ahead and click on that and then you should have your downloads right here so we're going to take the downloads and just go ahead and install that hit install read this give away your firstborn accept all the terms and you should be good very quick install okay the second thing we need to do is we need to come to the one tab appear above which is Network we're going to go ahead and hit the network button or this add button and we're going to add what is called a Nat Network okay and we're going to come in here and we're going to double click and you can go ahead and keep these defaults I'm going to actually change them to 192.168.57.0 because that's what's going to be used through the rest of the course and that is what the cider notation of my Cali machine and my key Optics which you'll see later Etc all fell into this 57.0 so we're going to go ahead and keep it on this Nat Network make sure you support the hcp go ahead and just hit OK hit OK and then for a machine and make sure any machine that you use again any machine that you use in this course make sure you set it to Nat network if you're using virtualbox so you can come in here click on a machine like this mail machine I have here you can just click on that settings go to network and then you can go ahead and just go to Nat Network all right and that name right here you see name that Network that's all we're going to use that'll automatically set it up so when you have a Cali machine running later and you have kiopteryx or another box running or even when we build out an active directory lab you need to make sure that you're running that net Network so that all the machines are on the same subnet if you don't you might run into a situation where the same IP comes up for the same machine and then they're conflicting with each other or you get on different networks and some weird stuff happens so make sure again that it's imperative that you're setting that net Network for every single machine that you're setting up so with that said we're going to go ahead and move on to the next video in this section the first thing I'd like to do before we get started with any commands or anything like that is just take a look around Kali Linux and kind of demonstrate why a pen tester or ethical hacker might use this distribution of 1x now throughout the course as stated in the last video you might see a different version of this pop up as I recorded videos on some of the older versions everything should still work just as is you just might see a different look and feel to some of the Cali interface but all the commands I'm going to show you everything that we do is going to be the same so let's take a look and just explore Kali Linux just for a bit so if we come up here into the corner and we just click on the little Cali logo you can see that we have nice things broken out for us so we've got these favorites up here which we have our terminal which we're going to be living in essentially we've got a text editor we've got a web browser which is basically Firefox we've got some other tool down here docs Etc the other thing that we can come scroll through is we can see that we have different applications in here if we look at the different sections these kind of go in order which we haven't covered quite yet but in the order of how a hack might go down so information gathering is usually the first step you can come in here look through this and here's a bunch of tools related to information gathering you can even click into these and go deeper if you wanted to related to specific things so DNS or SMB or open source intelligence all of this that's in here this is just built in tools so let's say we're coming in here we want to do a wireless attack well we go to wireless Stacks got a bunch of tools already built in so Kali Linux is just essentially a ethical hacking distribution of Linux and it's built on Debian so if you've ever used something like Ubuntu or anything along those lines of a Debian distribution this is all going to feel really familiar to you with just a bunch of tools built in on top of it so fairly straightforward they do have some nice Tools in here you can come through and utilize these a lot of this is already built in and we're going to take a look at that as we go okay so the next thing that we're going to do is and throughout the rest of this course is start looking at the terminal so if you come up here you'll see that we have a terminal now mostly everything that we do is going to be done in this terminal here now this is almost like accessing the command line so if you're using a command line like in Windows for example if you've ever used a command line if not that's okay but we do a lot of this from this interface as opposed to maybe utilizing a GUI bass interface where if we clicked a folder this might look more familiar to you if you're a Windows or Mac User you come in here you have this kind of area yeah yeah we can do that and sometimes we'll utilize this but a lot of times we're going to be living right here okay so as we move forward we're going to start talking about this command line how we can utilize it and use it to our advantage and then we'll do some tips and tricks and hopefully learn some pretty neat stuff as we go so in the next video I'm going going to cover the sudo feature which I think is important it's something that was brought in now originally we had something called a root permission and we'll talk about that that has changed since 2020.1 moving forward so we're introducing that into this course and we'll talk options that you have so let's go ahead and move to the next video where we talk about the sudo feature all right so before we look at any commands or learn any command line we have to talk about sudo Sudo is very important and what had happened previously was that in the earlier versions of Kali Linux we ran as a user called root root is the ultimate user you could think of it as the administrator of the machine now we're running as a user called Cali so we don't have root privileges directly this is as an improved security feature because we should be running only certain commands when we need to as the root user so what we're going to see is we're going to see how we can run commands as an elevated privilege and we're going to do that with sudo which stands for super user do they just kind of shortened it so we just have sudo now okay now with sudo what we're doing is we're saying Hey I want to run a command elevated I want to run this as a higher user in this instance we can say I want to run the command as root why is that important well let's take a look at an example let's say that I wanted to look at a very sensitive file now one sensitive file in our system is the Etsy Shadow file you can see cat Etsy like this Etsy Shadow and you don't have to follow along right now you don't have to really understand what's going on if you've never seen Linux all I'm doing is saying hey I want to print out this file I want to look at it okay and for here I can't see it it says permission denied you don't have the access to see this file that's a good thing but if I was the root user or somebody that had elevated privileges I could see it so I could say sudo cat Etsy Shadow like this okay and it's going to say what is your password for Cali I'm gonna go ahead and say Cali k-a-l-i hit enter and now I can see that I have access to this file and this file is very sensitive we'll talk about this later on in the course but sensitive file okay so when we're looking at it I ran that command specifically as the root user as the root user I'm able to see okay this file now why or what's going on here well we're running that specific Command right and we're still staying as Cali we're doing this in a kind of one-off scenario so there will be times where something that you run in this course might require sudo or you can run the command without sudo but you notice something doesn't work so best practice for this is saying hey let's go ahead and just run mostly everything that I'm showing you command-wise in this course that's not best practice overall usually you should run things just as a regular user if you get permissions blocked then run it as pseudo as necessary now the other thing to point out and we'll talk about this again in later on in the course but why can we do this is because this user is part of what's called a pseudors file meaning we can have this permission not any user can come in here say we made a new user and we just called the user John we can't just take John and just go ahead and then just run these commands as root no John has to have the permission to do this so you can think of Cali as being an administrator but only when we utilize that access or that privilege okay the other thing I want to show you though is that we can switch over to root if we want to we can come in here and we can say sudo switch user Dash just like that and then I'll put us into root now you can see okay we're running root at Cali and that's only for this instance you can if you want I'm not going to demonstrate how to do this but you can if you want change the root password log out and log back in as root and run through this course as root again that's not best security practice but that feature is available to you if you are a Linux user that is comfortable with Linux comfortable with running as root and you want the easy path otherwise I highly recommend just staying as Cali running as pseudo privileges as you need it and then moving forward but this is a quick way to switch into root if you need to sometimes even running sudo causes some issues so switching to root to run a command is Okay what we can do here too is the demonstration is we can go file new tab and look at a new instance and you'll see that this instance of root is only good for this tab here once we start a new tab we're going to be brought back right back to Cali Cali you can see that from the Top Line in the tab as well so just keep note of this when you're running commands in this course if you see something again try running it with sudo if it's not working or if it says access denied then you know hey I need to run sudo very very very important okay I'm trying to drive that in into your brains right now so from here we're going to move on we're going to start looking at how to navigate around the file system taking a look at everything from a bigger picture and diving into terminal so I will see you over in the next video now we're going to take a look at the Linux terminal and if you're a user of a regular computer like Windows or even Mac OS you are probably used to using what is called a GUI or a graphical user interface and we can do this with our version of Linux we can come in here and if we want to like go to folders We can absolutely open this and go to folders we've got the ability to go to Firefox we've got all of our Tools in here that we want to use or look at and we have a graphical user interface however a lot of our time is going to be spent on the command line and using a terminal so it's very important that we learn how to use a terminal in Linux so looking at our terminal here we can see a few things before we even get started the first thing is that we have a Cali at Cali what does that mean well the first instance here is Cali that is your user so remember when we first logged in we logged in as Cali and that is our user so if we ever switch over to root we'll see root here the second part of this is our hostname so our computer name happens to also be Cali if you change your host name you could say whatever you wanted to say here the last little part of this is this attilda this is actually the directory that you are currently in so this is a quick way to say what user am I what workstation am I on and what directory am I in now we can take a look at what directory we are in with the PWD command and that stands for print working directory and in this instance you can see we are in the home forward slash Cali folder and that is the equivalent of being in the attilda so if you see the Attila that just means you are in your users home folder so if we were a root user we would actually be in the forward slash root folder as opposed to the home Cali folder so the attilda means something different for every user that you're on the next thing we're going to look at is the change directory feature so imagine that we are in our folder here so if we go to like I don't know our desktop and we're sitting in our Cali folder this is really what we're looking at so we're looking at Cali right here and we want to get out of this Cali folder and change into another folder say like I don't know downloads for example if we go into downloads it's very easy to click into but how do we navigate around on the terminal I'm going to show you how to do that so the first thing we're going to do is use the CD command that stands for change directory now if we do change directory dot dot that says I want to go backwards so if I do that now you can see that we are in the forward slash home folder but we can also do a PWD print the working directory and you can see that we are in the home folder now can we go any further back well let's try CD dot dot again and now you can see we are at a forward slash if we do a PWD we are at a forward slash and one more time I'm going to CD dot dot and see if anything happens nothing happens here we cannot change any further we are in what is called our base directory so if you see a forward slash think of that as the base folder you cannot go any further back from that now I'm going to clear my screen if you want to clear your screen you just hit Ctrl l like that and that'll clear the screen and from here we are going to look at what is in our base folder and to do that we can use a tool called list which is LS so from here we can see different colors and different things and we can tell based on the colors though these color schemes are not the greatest in the newest Kali Linux we could still see like hey this darker version of Blue is actually a folder where some of these other things are actually files we don't have to worry too much about that right now but we just came out of the home folder so we can see here that we have a bunch of files and folders and let's say we want to go back to the home folder well we can see the home and I'm going to start typing H and I'm just going to hit Tab and because there's nothing else in here with an H we don't have to worry too much it will just auto-complete to the home folder now for example if there's a bunch of L's I'm going to back up really quick before I hit enter if I wanted to try something that has multiple items in here if I tried the L and I hit tab you're going to see that there's going to be a lot of options for me to go through and depending on what you have is when you can auto complete so if I start typing l o it should know that there's only one Lo and I can Tab and autocomplete the rest so you just have to be able to get to a point where you can Tab out or if you know the first letter of the file that you're looking for you can hit tab on that and you can see okay here's where I need to be or here's what I can look at with everything that starts with that letter I'm going to delete this and we're going to CD back into home we're going to LS to list the contents of home which is just our Cali folder so I'm going to CD into Cali and if I LS from here you can see that I have our desktop documents downloads similar to what we saw in the graphical user interface when we were in the folder now we can see it from our terminal now before we go diving deeper into these folders something that I want to look at is what if I wanted to get to this Etsy folder over here so there's this Etsy folder that was in our base now if I try to CD into Etsy from here nothing's going to work I'm tabbing nothing works if I try CD Etsy it's going to say I can't find it so what does that mean well when we change directories we can only change directories from the folders that we have available to us so I can only change directories into these folders by using that sort of nomenclature however if I can provide a full directory or a full path then I can CD from any folder that I'm in so if I go CD forward slash because remember we have the base here well then I can say forward slash ET start typing that out and guess what I get Etsy here and if I wanted to dive deeper into what folders are in there I could hit Tab and I could see all the folders that are available in the Etsy folder to complete my task now if I hit enter I will be brought into the Etsy folder and similarly I can hit LS and see all the files and folders that are in here now let's just CD here and I'm going to use the attilda and that's going to get us back to our home folder I'm going to control L to clear screen and then I'm going to LS again you're going to see we're back where we just were now in this case what if I wanted to list the files of the Etsy folder well it's the same thing I could do LS forward slash Etsy and that will list all the files as if I were sitting in that folder so just know that you can list folders and files you can change directories from being it within another directory it doesn't have to be in that same up and down tree that I was showing you there's a lot more robustness to these commands same thing if we LS in here we could take a look at the folders and we don't have to change the directory to see what's in these folders We can just LS desktop for example and start Auto tab completing there's nothing in there I do have something in the downloads folder just because I changed my picture I put our TCM security logo in there so I have that in the downloads folder but it's completely normal not to have anything in your desktop or downloads when you first install Cali and again we can achieve the same thing by seeding into downloads and then hitting LS you have the same object here as you saw before except we're just now in that folder so you have to declare the folder or be within the folder to see the contents okay now let's go ahead and CD back to the base folder you could CD dot dot or just use the attilda I'm going to clear my screen and from here we want to talk about making a directory so let's make a directory I'm going to make a directory called Heath you can just use your first name if you want and then when you LS in here you can see now that the heath directory is here and I could see the end of that heat directory I can LS in that directory and there's not going to be anything in there so I'm going to go ahead and backup one and now I'm going to show you how to remove a directory or remove a folder so you say rmdir and you're going to go ahead and just say he and that will remove that these commands work exactly the same as everything else if I wanted to make a directory in the base folder I could totally make dur forward slash eat if I wanted to and I could also remove that from here so again it doesn't matter exactly where you're at as long as you're using full file path okay so I've cleared my screen and now I want to run LS and you see in LS that we just have a bunch of folders that's not entirely true what we're going to do is we're going to do an ls-la and I like to think of this as list all but really it stands for long all and if we hit enter you can see that there's a bunch of new files in here and folders actually so from this we can see that we have a like a bash history we've got uh dot Java folder anything with a DOT is considered a hidden file we won't see that when we're using the ls command we actually have to do a dash La command and this is a great time to actually take a look at what these sub commands are and how are some ways that we can identify what these things mean so I'm going to show you a website first and I think this website is awesome we can go to something like explain shell.com so it is explain shell you can see it autocompleting up there but explain shell.com and if you came in here and you wanted to take a look let me make this a little bit bigger if you wanted to take a look at like ls-la you could say okay explain this to me and it'll tell you okay the first part is LS that means list directory contents remember I called it the list command that's what it is now what does that La do well the L you hover over it says use long listing format and the a says use all okay so do not ignore entries starting with a DOT which is what we're looking for and the long listing just gives us more detail gives us these file permissions which we'll get into a little bit later and who owns it and what the file size is the directory Etc et cetera we'll get down into that in just a few videos we can also use what are called Man pages I'm going to control L again if we do man LS man stands for manual so man LS we can see in here that LS means list directory contents great Dash a stands for all do not ignore entry starting with the period same thing as we saw before we could scroll down look for the L portion of this and we'll see that we have used a long listing format you can hit Q to quit this so if you don't have internet access for example you can use the Man pages I like using explain shell.com I think it's pretty awesome but man works very quick and from the terminal you don't have to leave or do anything another thing that you can do is LS dash dash help and that will give you similar to The Man pages though not as old detail I guess is the best way to say it and you come in here and you can see the same kind of switches and commands that were in here so dash dash help works for a lot of commands it's one of those that you should know and you should try if you have any questions about what you're trying to do it's a great resource so if we LS la we can CD into one of these hidden folders like we can CD into dot cache for example and we just LS that you can see that there's actually stuff in the cache in here so we're not going to get into this I just want to show you that hidden files and folders do exist so if you're looking for something especially pen test related something might be hidden if you're on a Linux machine you might need to do ls-la to see a hidden file and they're incredibly easy to see as you can see for yourself let's go ahead and CD back to our home folder and from here I'm going to show you a couple of things that we're going to explain later on but I just kind of want to get you familiar with it the first thing I want to show you is the echo command if we go Echo and we use a single apostrophe and we say hi like this that's just going to Echo out to the screen we'll get into the echo command a little bit later on in the course what we're doing here is we're going to Echo this into a file so I'm going to say hi and then I'm going to put that file I'm going to use this greater than symbol and that's going to be a region Direction operator and I'm going to say hey just go ahead and make a file called test.txt and while you don't need to know this yet if I ran Cat on this on test.txt you'll see that it prints back out High okay so I just want to have this file here that we created and what we're going to do is we're going to just quickly LS we're going to see that it's there you can see that there are color differences for files and folders again and the reason we're making this in this video is I want to show you the copy command so if we run copy on this we could say copy test.txt what I want to do is I want to copy this into the downloads folder so I can just say copy test.txt into downloads if we LS we'll see that test.text is here we're making a copy if we LS downloads we can see that test.text is actually in there as well so similar with the remove directory we can use the RM command and what we're going to do is remove that file and again we don't have to be in the directory to remove it we can call the directory path and then test.text if we hit LS on downloads again we can just go ahead and hit enter and you're going to see that there is no test.txt in there anymore but if we LS here you'll see that test.text does exist so I'm going to go ahead and control l the opposite of this is the move command now if I move test.txt and I put that into downloads if I LS now you're going to see that there is no test.txt in here why is that well if we LS downloads you're gonna see that we moved it so remember copy leaves an original version wherever you copied from move completely moves it so the CP and the MV commands are what you need to know there now while we're on this what we're going to do is we're going to look at a command called locate so locate's pretty awesome if we did locate and say I wanted to find out where that test.text file is I could do locate test.text and we're probably not going to get anything back quite yet now if we're looking through this none of these files are where we're at so there are some test.text files on this machine but we're not seeing the one that we created so say that we created a file we can't remember where we put it and we just want to go search for it and find it what we can do is we can say update DB and you're going to see that we actually get a denied why are we getting permission denied well this comes back to sudo so let's go ahead and sudo update DB you're going to enter in your sudo password it's going to update the database and now if we do locate test.txt and you can just when you see a screen like this by the way where it's kind of semi-gray if you just hit the right arrow that will go ahead and autocomplete because it remembers your last command you can hit that and you can now see that the first entry in here is home Cali downloads test.text so now the database is updated and it finds it one other thing to mention I just talked about Auto completing with the right arrow if you hit the up Arrow you can go through your previous commands you can see all the commands that I've been running through so we can also use the down arrow to scroll back down through those commands so say I wanted to run that locate test.txt command again instead of typing it out I just hit the up arrow and then I hit enter easy breezy okay so we're gonna go ahead and remove downloads test.txt and now that file should be gone we can LS one more time into downloads just to make sure and you can see that PCM security finals the only thing that's in there one other thing to point out that I just noticed actually is these files are case sensitive and the folders are case sensitive so if I try to CD into downloads it's not going to work because downloads doesn't exist so if I CD into downloads I could spell then you can see that I actually get into the downloads folder so note that it's case sensitive autocomplete if I go back we'll do a pretty decent job at trying on newer versions of Cali that is if I hit do for example and then I tab it'll realize that I'm trying to get to downloads so the last thing I'm going to show you is the password command and that is p-a-s-swd we are going to be good security engineers and change our password we're going to make it a strong password because we're good security engineers I am going to be the bad security engineer and make my password password and I'm doing that because later on the course will talk about cracking Linux passwords and we're going to use my bad password as an example so here we're going to type our current password Kali is a terrible password by the way and we're going to go ahead and type in our new password you can make your password whatever you want I'm making mine password and now we have updated successfully and we have finished all the commands that we need to know for this video I'll go ahead and see you in the next lesson now we're going to talk about users and privileges so in the last video we learned about ls-la so I am in my home folder which is the attilda here and all I'm going to do is just say ls-la I'm going to hit enter and we're going to see a bunch of stuff over here on the left hand side we've got this we've got the details kind of of ownership we've got some file size in here and we'll talk about all of this but we do ls-la we're getting so much more information than whether or not a file is hidden which is kind of the purpose we looked at it for last time but now we can take it and look at it from a different scope or a lens we can see that we have this column here the First Column now the First Column tells us something interesting it first tells us whether or not we are looking at a file or a directory so if we see a d here we are seeing that this is a directory note that these are also color coded right so we have blue for directories it looks like and then white ear or files and then we also have links which we're not going to get into much right now but a link looks like it's a lighter blue so we have the indicator here first it says okay it's either a d or maybe a dash or an L there are other settings that could be here but for now this is all we need to worry about the next set of things that we're going to look at are these rwx's or our blank x what does that all mean well rwx means read write execute when we're missing one of those like a dash here that just means we have a read and execute and there are actually three groups that we're looking at here so we have the first group which is the owner of our file so this first group says read write execute for the owner of this file and if we look at the owner of the file we can actually see that the owner is going to be Cali well in this instance it's the directory but here we're looking at Cali you can see that one of these has root listed but in this instance or since we're using the Cali user and we're in our home folder we're looking at mostly Cali being the file owner for this the next one we're going to look at is we're going to say okay group membership so anybody that is a part of this group what do they get ownership to or what do they get to do with this directory or this file well anybody in this group can read or execute but they cannot write to this directory or file and lastly we have the third setting which is all other users what can all other users do all of the users can read and execute but they cannot write here and we don't have anything in here besides this link that is read write execute we don't have a world read write execute in this folder and that's okay this does come into play when we're doing penetration testing however when we want to find some sort of file that has read write access or read write execute access if we have full access that is ideal especially if there are some sensitive files that we're not supposed to see or maybe were misconfigured or if we need somewhere to write to on the disk for example if I clear the screen here and we do an ls-la of the temp folder we could see that temp actually has read write execute privileges throughout this is a great place when we're doing pen testing and we're working on a Linux machine that if we need to come drop a file we know that this temp folder can be written to we can write whatever file we want and execute these files from here without having to worry about too many permissions so for attacking machines later on especially as we get on into the Practical ethical hacking course you may see me go and use the temp folder to upload malware or write a malicious file or something that I can do from a folder that is read write executable so let's clear the screen again now another reason and importance for the read write execute is that if we write a script we won't be able to execute that script until we have full access to do so that's going to become more important as we download files and try to run them against machines but even in this little section when we're looking at the bash scripting we're going to need to be able to execute our script and we're going to need to be able to change the permissions on that let's go ahead and do that here we're going to create a little text file and just look at the permissions and how things change so similar to the last video we're going to do an echo and we're just going to say hello and in this we are going to use our directional operator and we are going to just put this in a hello.txt file if we ls-la we can see that hello.txt is in here but look at the permissions that are set we have read write permissions we don't have any execute permissions if this was a script or anything that we're trying to run the machine will not let us run it because we do not have to execute permissions same thing here everybody else can only read this file they cannot write or execute this file so we can change the permissions on this and we can do that with the chmod which stands for change mode so I'm going to go ahead and clear screen again and we can do a CH mod and there's two different ways to do this the first way is to do something like a plus sign and then give the permissions that you want set for that file so we could do something like rwx that is read write execute if you want to just read access or read write access or just write access you would put the appropriate lettering there and let's go ahead and just give this a read write execute and I'm going to say hello.txt and hit enter and we're going to go ahead and ls-la again and now you can see that the color of this has changed why it is fully read write executable for us as the user okay as the owner I should say so that's one way of doing it however there is another way of doing this as well we can say chmod 777 hello.txt hit enter do an ls-la and you'll see now that everything has read write execute here well what changed what is this 777 and why is it so important okay for that we're going to jump over to PowerPoint for just a second okay so we have different numbers that we can set for the CH mod and remember we did 777 because we gave a seven to each group we had the first second and third groups remember that well what does 7 mean well 7 means read write execute so for a read permission we get four points or a right we get 2 and for execute we get one so as you can see down here we have four plus two plus one that equals seven well if we had no permissions that would be zero so we could do something like a seven zero zero you might see something like read only and then you would just give it four four four across the board for example or I've seen something like an SSH pem file and those files require specific permissions typically it is six four four so that would say that the owner has read write but no execute and then the rest of everybody else has just read access to that file so that would be a 644 permission so if you ever wonder what the permissions mean you can always refer back to a chart like this or quickly Google what do the CH mod numbers mean just know if you want to give something full permissions you are going to set 777 across the board and if we're doing hacking or doing penetration testing that's often what we're going to use with the exception of pem files where they have to have more restricted permissions sometimes 644 sometimes actually four zero zero is what I've seen as well from here let's go back to our Cali machine and I'm going to go ahead and control L to clear the screen here we want to take a look at adding a user so we're going to do a pseudo add user and you can give whatever username you want I'm going to just call this user John it's going to ask for our sudo password remember we changed our password so make sure you put in the right password and now it's going to say okay what password do you want to use for John I'm going to go ahead and enter that and I'm going to enter it again and then you could just hit enter through all of this and get back to the screen where it says Cali at Cali from here we're going to go ahead and switch user and go into John so just do s u John I'm going to ask for John's password go ahead and give that password and now you can see that we are John at Cali so what is special about John well we've made a new user and John has some permissions now if we wanted to cat out like the at the password file we can and this is a very common file that you're going to look at as a pen tester if you come in here the Etsy password file is important this is something that we can see a lot of information about this machine now the Etsy password file is called the password file not because it has our password in it but because it used to store our password in it in a very very long time ago now what is being done is they put an X here for a placeholder and that placeholder is then filled in with the shadow file we'll take a look at that here in a second so we are using the cat command and you've seen me use this several times throughout the course we are using that to basically print out a file so when we print out the file we can read the file so from here we're reading the file and we're saying okay I see root root is the zero user ID and that is important that's telling us they are the ultimate user on the machine they are user zero if we scroll way down to the bottom we should see some users that were created here for example we see Cali Cali's user 1000 pretty common we can also see that John is in use here and John is user 1001 we could see what type of shell type they're using and what their home folder is as well you could see the zsh shell type compared to John's bin bash so they are different shell types and we'll get into those a little later on but from here we can also see Roots here we could see the root shell type and we can also see what kind of services are running on this machine so if you want to find the users I typically look at root and then I look and scroll all the way to the bottom to see what's been installed besides what's on this machine so in here we can see some things like SSH which is important we know okay this has the capability of running SSH maybe has an SSH service maybe it has a SQL service here with the MySQL openvpn so it's a little bit of information gathering if we were to land on a machine for example and we're a low-level user with no privileges we could start to look at who are the other users on the computer why are they important how can we get a hold of them where are their files located what kind of services are running on this machine this is all part of the information gathering stage of ethical hacking and this file leads to a lot of clues for us now clearing the screen let's say I want to view the shadow file the shadow file is the file that contains the password hashes for this machine I'm going to go ahead and try to type in cat Etsy shadow remission denied okay maybe I need to use sudo let's try it here enter our password oh John is not in the suitors file this is also called the Sue doers file and you can also call sudo Sudo depends on your nomenclature and how you pronounce it I'm a pseudo person so from here I'm going to go ahead and control L we're going to switch user back into Cali and we're gonna take a look at some stuff so if I go switch user Cali it's going to ask me for the password I'm gonna enter our password in and first thing I want to show you the shadow file before we move on to the sudoers file so if we go pseudo cat let's see Shadow I think this is important to see you can come in here and remember how I said with a hash that this is set here so our root password has not been set there's no hash in here and this is security best practice we don't really want to have a root password unless we absolutely need to in this instance we might just want to have certain users that can Elevate into root and then if logging is enabled we can then see from our logs who access that root account at what time you really don't want to have a root password where anybody can just log in with a known password because then that eliminates some accountability so best practice would say hey if we have a Linux machine you get all regular user accounts and then if you want to run something as an elevated privilege you're going to do that with your account and then use sudo for that but looking down here we can see the hashes for this computer okay and what's interesting actually is Cali and John have the same password but they have different hashes and that is sort of unique if you saw this in a Windows machine if the password was the same on the local machine you would see the exact same hash and that is a clear indicator that password reuse is in play but here it's not so the hashing algorithm that's being used is a little bit different and it's generating different hashes even though the password is the same regardless the password for both of these accounts is password and that's very weak and can easily be cracked as we'll find out later on okay now on to the Sue doers file what we're going to do is we're going to do a pseudo cat and we're going to look at Etsy sudoers just like that and I might have typed that a little fast so I'm going to go ahead and scroll back up for a second pseudo cat Etsy sudoers okay just like that it should Auto tab complete and from there we're gonna go in here and we're going to look at who has what privileges well if you see allow members of a group pseudo to execute any command and you see percent pseudo so it's calling sudo from somewhere else sometimes we can just include users in here we could say hey the user Cali I want to do these things instead this is saying hey anybody a part of this group I want to be able to do whatever they want they can execute any commands like they were the root user essentially so with that what we're going to do is we're going to take a look at who is in that percent pseudo group and we can do that by using the grep command so we can say grep and we're going to get really familiar with grep in The Bash scripting video but basically think of grep as pulling out a specific string or element out of a file or some contents that you want to see it's a great way to narrow down specifics and pull down only the information that you want and we're going to get really familiar with it here in a couple videos so we're going to say grep and then we're going to say sudo just like this and we're going to do that from Etsy group okay and it says who has a pseudo privilege here all we see is Cali so our user has pseudo privilege if we wanted to give privileges to John we'd have to add John to the pseudo group in the Etsy group or we could add John specifically to the sudoers file and give him specific permissions as well and as we move on in the course and we get into privilege escalation and if you ever go into more of the privilege escalation courses that we have you'll see that we look at pseudo-privileges immediately when we get onto a machine by doing something like sudo-l and we'll take a look at those and say okay what commands can I run and in this instance we could see okay all commands can be run here but sometimes that's not the case sometimes we can only run one specific command or maybe John for example we want John to be able to run python because John's a developer so John can run python with pseudo privileges but cannot run anything else so something to think about depending on the individual and who we want to give permissions to on that machine they might not have privileges to access everything as sudo they can actually be limited in what they can run as well so that is it for this video I'm going to go ahead and catch you in the next one now we're going to touch on networking commands that are relevant to penetration testing and relevant to this course so the first thing that we're going to do is we're going to use the IP Command and that is IPA IPA lists all is the way I like to think about it and you can see here that we have a loopback address and we have our eth0 this is our ethernet address and you can see that we have an IP address here ipv4 of 192.168.138140 we are on a slash 24 subnet and here is our broadcast address here we can also see our IPv6 here which is nice and we can see our Mac address here so we can also look at this through the i f config command and that will show us the same things here's ethernet zero here is the loopback all the same information here ifconfig is the old school way of doing it IPA is the newer way of doing it IPA is nice and colorful if I'm being honest I still use ifconfig because I like the old school way of doing things but IPA is the new way of doing things and in some instances I have config requires sudo to even run or may no longer be on a machine but in some instances IP is not a machine depending on what type of machine you're on and what you access you may need either one of these so it's great to show you both now while the IPA does all if only shows the ethernet connection so the hardwired connections if we want to see wireless connections we need to do IW config and in this instance you're going to see down here that we have no wireless connections right now when we get into Wireless hacking we'll see that we have connections established and we'll use the IW config command but just know for now that it's for wireless and if you ever need to use it that's what it's for let's clear our screen and the next thing I want to cover is the ipn and n stands for neighbor the alternative to this is the ARP Dash a okay what is ARP if you do not know what ARP is that is the address resolution protocol this comes from your networking if you are not familiar with networking then you may need to go study up on a little bit of this now ARP says what IP address is associated with what Mac address and what happens is a broadcast message goes out when we are trying to identify an IP address and a MAC address so broadcast goes out and it says who has this IP address and whoever has the IP address will come back and it'll say hey that's me I have that IP address and here is my Mac address so now you can associate my Mac address with this IP address and it is a way to identify these two items together and link them up so again in this instance we can use the IAP command or the old ARP command now the IP Command is a little bit prettier and a little bit more colorful I think easier to read in my opinion but either will work in this situation another IP Command that we're going to want to run and know is the IPR command now R stands for route you could also type in route and you'll get similar feedback here so what we're looking at is what is called a routing table we want to know where our traffic is routing and here you can see on either one of these that we're routing through 192.168.138.0 we have an open Gateway we can see the Gateway here is 138.2 we can see our mask here and we can find all that information out up here as well so it's important to know the routing and what's going on especially if you are in a network or example where you might have multiple routes say if we come in and we say oh IPA okay we're on the 192.168.138 network but we just try to connect to only the machines on this network we see a slash 24 we think okay well I know a slash 24 has 255 potential IEP addresses and I'm going to go ahead and just stick to scanning that subnet and looking for those IPS on that subnet well if you looked at the routing table you might actually see that there's a 137 in here or 136 or maybe a 10 dot IP address or something different than what you have here maybe you have the ability to talk to other networks even though you're on this one slash 24 Network very important to look at the routing table it's also important because in real life pen tests we have been on a quote unquote segmented Network and in reality it really wasn't a segmented Network there just wasn't a route to that Network so they said that we were isolated and we couldn't access anything and all we had to do was say okay we're going to go add that Network to our routing table and what do you know we were able to scan and connect to the network so being able to know your routing table being able to understand what a route is and how to add routes how to remove routes can become important as well these are things that you should already know from General networking I'm showing you the commands here for basic routing and how to display the routing tables if you need further information on routing tables you should go look that up and research that before continuing on with the ethical hacking course okay last command I want to get through that is the Ping command so I'm going to do an ifconfig again and in this instance I'm just going to Ping 192.168.138 and I believe earlier I saw a DOT 2 was my Gateway so I'm going to go ahead and just hit enter that should talk back to me and it does now if you are a Windows user and you've ever used ping before it will only send four packets out so it'll check four times as you can see here we are getting more than four packets sent we are sending indefinitely and I'm going to go ahead and just hit Ctrl C and stop that we are definitely seeing that we're getting responses back now there is a way to limit the amount that we send in the amount of traffic that we're sending but basically what we're doing with the Ping command is we're saying hey are you there are you alive can you respond to me let me know you're there so I asked the machine at this IP address to respond and tell me yes I am here now this is called icmp traffic not all machines permit icmp traffic just because we ping a machine and it does not respond does not mean that it's not online okay there are machines that have icmp disabled and will not respond to Ping requests but ping is a quick way to see if a machine is online and typically by default ping or icmp is enabled on most machine means just as a further example we can ping a machine that we do not believe to be alive so I'm going to change this to a three I don't think there's a three on my network and you're gonna see it's going to try to send data and it's just going to get stuck here and say host unreachable now again that could potentially mean that that host is not there or it could potentially mean that the host has icmp disabled but we're going to be using ping sweeping to identify host in our Network and we'll do that here in just a couple of videos but I wanted you to get familiar with the Ping command if you weren't familiar already now there are some commands in this video that we did not talk about for example the netstat command now the netsack command is used to identify what open ports and services are there we'll take a look at that more later on but just know that that command exists and that we're going to do due diligence on a command later so any of you that are watching that have networking background or like hey you didn't show netstat that's so important you're correct it's coming later on in the course so that's it for this video we're going to go ahead and move on to the next one let's now talk about viewing creating and editing files and we've done a little bit of this in the course already you've seen me do something like Echo hello and remember that prints out to the screen and we could just Echo that again like a hello and put that into a file and you've seen me do that we'll just call this one hey.txt and if we LS we should see hey.txt right here if we do a cat a DOT txt we should print out to the screen hello all these should be pretty familiar to you so let's build upon this let's talk about how we can append to this and overwrite these files in different ways that we can actually create and edit files I'm going to clear the screen here now what if I wanted to add to this file and I'm just tapping up by the way what if I want to say hello again so I want to say Echo hello again into this hey.txt file that already exists what do we think is going to happen here so I'm going to go ahead and hit enter and then I'm going to cut out the hey.txt well now it says hello again it used to say hello well that is because when we use one greater than symbol like this what's going to happen is that overwrites the file so if we tab up and if we go over and we just write hey again again just for fun and let's add a second one of these so now there should be two of these greater than symbols we hit enter we cat out a DOT dxt and now you can see it says hello again and hello again again why do we care why are we doing this well when we are using scripting for example and we want to Loop through a bunch of information and we want to add that information to a file we might use something like this where if we're Gathering say i p addresses this is foreshadowing by the way if they were gathering IP addresses and we are wanting to put them all in a file we're going to need to use something like a double greater than in order to not overwrite the file with one IP address we want to list all the IP addresses in the file so you're going to see that when we get into the bash scripting of this section let's clear our screen another way that we can make a new file is just to say touch new file.txt and if we LS you can see that new file.txt is here we can cat out new file.txt [Music] and nothing is going to be in there because we didn't tell it to do anything we just said touch which creates a file so we can use a different type of Editor to try and edit this and save the file now there are a few editors that we can use within our terminal so we can use something called Nano which is my personal favorite you may hear other people talk about VI in Vim you may hear lots of jokes about quitting them and how it's impossible to quit them and for that reason honestly because of the complications and because I like Simplicity I just use Nano so we can Nano new file and in here you can type whatever you want I'm going to literally say I can type whatever I want in here and now I'm going to hit Ctrl X and throughout this course you're going to actually see me use Nano quite a bit and we're going to use it for updating files and Shell Code and it's beneficial if we log into a machine remotely for example and we won't have the ability to have a graphical user interface type notepad which I'm going to show you here in a second we might not have the luxury of having something like that we might have to use Nano or Bim or in in terminal text editor so we're going to go ahead and hit Ctrl X here I'm going to hit Y which is going to say yes I want to save this file and then I'm going to hit enter and now if I cut out newfile.txt you can see it says I can type whatever I want in here lastly we're going to look at a graphical notepad so we're going to use mouse pad we can type in mouse pad and we can just say new file dot txt just like we created and hidden here you can see that it says I can type whatever I want in here and that's true I can also modify it's just like a notepad if you had on Windows machine or if you've used leafpad or any sort of notepad type material this one's just called mouse pad so we can control s and save and then just exit out if we cat out our new file again you can see I can also modify now throughout this course you might see me use a tool called G edit it is not installed on this machine yet though we are making updates to the course we will be using G edit anytime you see me use G edit feel free to use mouse pad instead of G edit it's become deprecated offensive security got rid of it in Kali Linux and now if you go hit G edit it'll say it's not found but you can install it we're not going to do that right now but when we install Tools in a upcoming video you will be able to install that with one of the tools that we're running so anyway just note that we're going to be using mouse pad instead of G edit because it's the new and latest and greatest one last thing with Nano or any of these tools you can make a brand new file so you can say like brand new file.txt and then you can type whatever in here and control X hit Y hit enter and then you can cat out brand new file and guess what it's there so the file doesn't have to be existing to use Nano or existing to use mouse pad you can create new files with these commands as well so that is it for this video I'm gonna go ahead and catch you in the next one another topic we need to talk about is starting and stopping services we may have a service like a web server or SSH or maybe SQL or some sort of database that we need to start while we're already running Cali or we might want to start a service on boot every single time that our computer loads if you've ever used Windows this is similar to installing a program and then having that boot up on launch it's kind of the same thing here if we're installing something we want that service to start on launch we have to tell our machine to do that so we're going to look at how to start a service and how to have a service start on launch so the first service that we're going to look at is the Apache service and this is what I used to use when I first started out as an ethical hacker and the reason is is that we can spin up our own web server fairly easily and host malicious data or files or things that we might want to access or might want somebody else to access so before we run that command I do want to do a proof of concept so let's do an ifconfig and we're going to grab our IP address here I'm going to copy this and then I want to open up Firefox from within Firefox I'm going to go ahead and try to navigate to that IP address and you're going to see that it says it's unable to connect this is exactly what we expected so now what we're going to do is we're going to come in here and we're going to say sudo service Apache to start we hit enter it's going to ask for our sudo password and then we have no confirmation of anything so let's go ahead and come in back into the browser and we're going to refresh and let's take away the https and now you can see that this is here on Port 80. so we are actually on HTTP not https and we have an Apache server running now now let's say we wanted to stop this service we could we can go in here and say sudo service Apache to stop and before we do that I want to show you something so if we come back into the Apache 2 I'm going to make this a little bit bigger you could see that our files are located in the VAR www.html folder and what that is if we come to our home folder here and we just go to file system we scroll down and go to bar and then we go to www .html all I'm doing is going to the same location here why I'm doing this is this is where if I wanted to host like a picture or a file or malware I could put that in here this index.html is the same index page that's loaded here like if I open that that's literally the same page that's being hosted you're seeing it here from a file format but now if I go back you can see I'm hosting it at this IP address so if I wanted to host something malicious I could do that now in order to stop the service all we have to do is say stop hit enter then we come back and we refresh this page you can see that we're now again unable to connect now I did mention the beginning of this video that this was my favorite way to host malicious stuff or just host files for whatever purpose now that has changed I now use Python to do this so we can create a file let's go ahead and just say Echo hello and we're going to do [Music] hello.txt so if we LS we can see that we've got a bunch of stuff in here um hello.txt being one of them so what I'm going to do is I'm going to spin up a web server on the fly with python so I'm going to say python three Dash m http.server and then I'm going to give it port 80. now what we're saying is we want to run the module HTTP server and we're going to run Port 80 here you can put whatever Port you want and you can see now it says hey it's hosting up HTTP on Port 80 and what's going to happen is any file within the directory that I'm in is going to now be hosted so you can see that I'm hosting all this stuff here pretty awesome it's a quick way to host up a web server without having to start and stop services and you can on the fly from within a folder just start a web server so I think this is the cooler and better way to do it so I wanted to show you how to start a service but also that python has some robust capabilities as well if you follow into the python section we'll cover how to run an FTP server as well which is also fun stuff so I'm going to hit Ctrl C which is going to again shut down the server if I come here refresh you'll see that it's now shut down and we can go ahead and talk about one more thing before we go so let's say that we wanted a service to start when we started our machine well for that we're going to use the system CTL command system CTL and we can say enable if we wanted to for example enable SSH we can come in here and just enable SSH and we just hit enter on this and now you can see that it's enabled so when we restart the computer SSH will always be enabled for us now I'm going to disable that this isn't like security best practice and now you can see that we have disabled it and we're good to go so if you ever have a service that you want to run you just need to figure out the name of the service and enable that and there may be times that you want things to run like historically I have ran SSH with it enabled or I used to run the Apache 2 server so I didn't have to spin it up every time I just had a place to go immediately host that but your mileage may vary depending on what it is you want to run but knowing these commands is important in case you need to start or stop a service maybe restart a service same thing with enabling a service at boot up or disabling a service at boot up so that's it for this video I'll go ahead and see you over in the next one now let's talk about installing and updating tools so the first thing that we're going to do for Mark command line is we're going to look at how we would update our current machine so just like other operating systems Linux machines require updates as well and patching can be best practice so in order to update and upgrade our machine we're going to use the sudo command and we're going to say apt apt and then we're going to say update and upgrade just like that so make sure you use two Ampersand symbols here we're going to do two commands we're going to say first I want you to update second I want you to upgrade well why are we doing this why are we running two commands in the first place well what we do when we actually install items on our Cali machine we are going out to what are called repositories and we're looking through packages and the update command is going out to the known repositories and it is updating those repositories and then it's going to look at those repositories and say okay what needs upgraded here so what tools have upgrades or updates available for them that we need so if we run this command you're going to see that it's going to go through these repositories you can see it going through these Cali rolling and release AMD 64 packages and contents etc etc it'll take some time as it goes through and it updates these repositories it's going to find what programs we need and it'll provide it in a list now what you can see is it's asking us are you rude so this is a lesson here sometimes we have to be the root user we can't be just a pseudo user to run the command so what we're going to do in this instance is we're going to sudo switch user into root now we're root and we're going to run that command again we're going to say apt update and apt upgrade okay and it's going to run through this and then it should provide us with a list of what we're going to install which if we scroll back up to the top you can see that it says hey these packages were automatically installed and no longer required and it says we can use the APT Auto remove command to do that it's saying here are the brand new packages that need to be installed and then here are the packages that are going to be upgraded so these are already installed such as like Apache 2 has some updates that are required and it's going to go through and install all these now when you scroll down to the bottom it's going to say you need 801 megabytes and yours might be different depending on when you watch this video it's going to say do you want to continue this operation in this instance I'm going to say no and the reason that I'm going to say no is because updating on Kali Linux can break things you should always have almost two copies of your Linux right you should take a backup copy before you ever make an update and there are some limitations on being able to make backups depending on if you're using VMware or virtualbox and we're not going to get into that right now but just know that tools can easily get broken by pushing updates and we'll talk about a tool that you can use that is up to date and kind of makes your Cali the latest and greatest without breaking anything even the current version of Cali right now 2022.2 not all the tools work out of the box as the way they should we'll talk about that in just a little bit so let's say that you wanted to install a tool we're just going to go grab one as an example so let's say that there was a tool you wanted to install like this cron Damon common I'm just going to copy that you could come in here and you could say apt install Ron Damon common like this hit enter and it's going to say oh you want to install this just hit yes and it will install and it will also upgrade this cron package here I'm not going to do that but just know that you can also install applications as a one-time thing if they're a part of the repository that you have we're not going to get into updating repositories and adding manual repositories we don't need to know that at this point in our Linux careers we just need to understand that we're going out to repository and we can download those items or packages based on what is in the repository so updating the repository is always good and then we checked for upgrades available to our packages in this instance we're not going to do any updating or upgrading but there may be a time where we need to install a specific tool we go out to the web and we have to grab a tool and it says Hey run this app install command this is what it's going to be doing this is how we would install something if we need to now the next thing that we're going to look at is we're going to look at the get command and git is a tool that runs with GitHub I'm going to open up a new Firefox and I'm going to make this a little bit bigger we're going to go to GitHub actually let's just go to Google we're going to go to Google and a lot of times in our ethical hacking careers we're going to be searching for tools we're going to come out here and we're going to say oh I really want to find a tool maybe that does brute force Office 365 and then I might say something like GitHub and you can see it's already starting to fill out and we might go find something like okay there's this Daft hack tool we might click on that and we come in here and it might tell you how to install this well this is Powershell so that's not a great example uh we might come into here we might say okay here's one how to install so you go through and it'll say here's the usage on how to use this and sometimes we'll give you installation instructions but a lot of times all you will need to do is you'll need to come in here and just download the code to install the file so I'm going to show you a tool that we're going to install and run we go to Google and we search for hemp my Cali just like that you're going to see that we can click in here and this tool is available to us to download now one way to look at a tool and see if it has any relevancy on GitHub is to look up at the number of stars that it has in the forks that it has anything with like 700 stars like this is pretty reputable and you also should look at when it was last updated you can see that this was last updated last month now full disclosure DeWalt actually works for TCM security and is a fantastic person if you never got to interact with DeWalt he is somebody that is awesome and a great resource he built this out because there were so many issues with Kali Linux and the tools that were coming freshly installed like in 2022.2 don't always work in the way that we intend them to work so a lot of tools are broken some things need downgraded and there's a lot of options in here that can tell you hey here's what we can fix like we can fix different missing issues that are going on or we can fix go laying or fix impack it and you don't have to worry about what any of that means right now until we get into pen testing but this is something that we actually do install and run when we build out our lab machines or we build out our machines for even hacking on clients this is such a well done tool and he tells you in here how to install it he says hey get clone right here off of this address we can also come up here we can go to the code and we can just copy we say copy my Cali right here and then we'll come in and we can just say get clone actually let's switch user I'm sorry let's sudo or let's switch user back to Cali and we'll enter here and then what I like to do when I install tools is I like to install them into the op folder the opt folder so from here we're going to run get clone paste that actually we're going to run sudo get clone I apologize and then enter your password and now if we look in here we should have Pimp My Cali which we do so if we CD to Pimp My Cali and now we LS we can see that we have the pimp mycali.sh script if you come back into the website it will tell you how to run and operate this any decent GitHub will say hey here's how you run this script so it says hey just run sudo hit my Cali this is for a new Cali VM you just need to run menu option n we're going to copy this and paste it and then we're gonna run it so now this tells you what do you want to do well here's all the different options N is a new VM setup run this option as your first time running Pimp My Cali okay so that's going to fix all the things for you I'm going to go ahead and hit n and let this run it's going to go out and fetch some stuff from repositories and it's running apt update and now it's going to install certain tools and packages and uninstall certain tools and packages as you can see it's rolling through here so go ahead and let this run I'm going to pause the video here for a second and then meet me back when you're at the next screen where you can actually enter in any sort of command okay so it's been about five minutes and we get to this page here and you can see that it's asking us if we want to run root login installation it explains that in Cali 2019 point x the default user used to be root which we talked about early on in this course and now that they've switched it to Cali which is what we've been using now do we want to re-enable the ability to log in as root in Cali in this instance I'm going to choose yes however you need to make sure that you are comfortable and capable of running as root in Linux if you do not feel comfortable stick with running as Cali you're going to see me throughout the course as we get into the ethical hacking section running as root just know that there may be times where you might need to use sudo or you may need to switch user into root as you saw me do with upgrading packages just a few minutes ago that may be required so if you're understanding of that you can hit no on this screen and that's perfectly okay security best practice to just to hit no I'm going to hit yes because I feel comfortable running as root I'm the only user on this machine and I don't have any accountability or repudiation to worry about so I'm going to give a new password for this and I'm going to enter it again and now it's going to ask if we want to copy everything over from our Cali folder into our root folder I'm going to say no and now it's going to continue on installing so we're going to let this run again go ahead and pause the video if you need to and then we'll meet you back when this is all said and done okay and when everything is said and done which it took about 10 minutes to get through all that you should get to this all done happy hacking screen right here and everything should be installed for you if you chose to go the root route that's a weird thing to say if you chose to go the root route you can log out and log back in as root and begin using Linux as root otherwise you can continue on with this lesson using Cali as your main user so we're going to go ahead and move on to the next video last video in the section and this is going to be one of my favorites so what we're going to be talking about is scripting with bash I'm going to show you some cool tricks that we can do to kind of narrow down some of the results that we get and then I'm going to show you how you can automate some of that process and we'll take that and even write out some for loops and one line Loops which this might not make any sense right now and that's absolutely okay but by the time the video is done hopefully it does so the first thing I want to show you is I want to show you how we're going to write a ping sweep so we're going to write a pink sweeper basically we're going to go out and say I want to Ping a device if that device is alive go ahead and show me that result and we're going to sweep an entire network so what we're going to do first is we're going to identify a device that's alive so we can test this out and then build upon that so you can go ahead and type in ifconfig and then just hit enter now my ethernet here is on a netted Network so I'm running through a different IP address subnet here so this one is 192.168 57 150 my actual IP address is on a dot four dot X here so I'm going to for this example I'm going to be pinging 192.168.4.29 however and you can see here's the Ping that we're getting back however if you are unsure of a IP address in your house that is active or your Subnet in your house that's okay you can just run 57.1 for this example you might not get a lot of return results however you might only get one or two when we do this sweep so I advise you to figure out what your IP address is that's a good challenge anyway and if you are familiar with networking which you should be at this point then you should be able to determine the IP address of your home network but if you do not do that then you can use 57.1 or whatever your IP address is here on this third octet so that will also work if you see that all right so I'm going to clear this now what are we noticing when we're pinging we're pinging this address and we're getting some data back now if we ping an active address you can see that we get okay 64 bytes from 192 1684.29 it's saying it's active we're getting details back if we were to Ping something let me do like 41. where we just don't get any data back okay and let's try this one more time let's try this a different way let's do like a count of one dash C of one we'll do a count of one it's going to try to send one packet over and see if it works nothing's happening right it's trying to transmit that packet you could see that it's getting zero received here where here is getting four received no data is coming back it's just not doing anything for us so the thing that we can identify here is what's the big difference if we look at line one and two versus line one and two what are we seeing when we get data back well the big difference here is we're well two of them I guess we see that we get this response right that's a big difference and then down here it'll say hey we received some packets if it's not zero now the easy way to do this is to look at a line that says hey we receive data which is this line here okay now what I want to do is I want to narrow this down just a little bit what we're going to say is we're just going to do a ping of one time so I'm going to clear this I'm going to bring it back to this like this I'm gonna do a count of one and that should just ping once and that's perfect we don't need to Ping endlessly we just want to make sure we can ping once and then we're done okay and then from here I'm gonna put this into a text file I'm just going to call this ip.txt just like that so when I cat out ip.txt now you can see that I have this file it's stored I don't have to run the command again we're good to go so what we're going to do now is we can take this and then we can start Gathering data based off of what we see here so what I want to do is I want to just extract this one line here the 64 bytes from 192 168.4.29 and the best way to do that is with a command called grep so grep is going to look for a specific term or phrase and we can do that and it's going to pull down any line that has that term or phrase so if I say grep here and then I just put in quotation 64 bytes like this now when I cut out this all I'm pulling down is this line and it's even highlighting it for us it's saying here's the line that we see 64 bytes from 192.168 Okay so we've extracted just the one line and why am I extracting this line well if we're building out a ping sweeper what I want to do is I want to sweep every single IP within a specific subnet so say this dot four right I want to Ping 4.1.2.3 all the way through 254 255. I want to see if I can get through all the IP addresses in a subnet so what we're going to do is we're going to Ping every single one of them and say hey are you you up are you there and we're going to do it with a count of one and we're going to say are you there okay and if they're there they're going to say yeah I'm here 64 bytes here's my response and it's going to say 64 bytes from this IP address so we want to extract the IP addresses to say yeah we're alive that's basically our goal here so when we run this on a bigger scale which is what we're going to do we're going to need to grep out this information and extract this information to where we only just get the IP address back okay so what we're going to do now is we're going to start narrowing down and grabbing this IP address and then I'm going to show you how we're going to take this all in one instance and run it and then extract IP addresses so from here what I want to do is I want to do another command so every time we pipe we're saying hey run this command then with that command run this command then also run this command too so we're going to keep running this command on top of this to narrow things down so here's what we're doing here we're going to run a command called cut and with cut we're going to say I want to cut something out of this we need to provide it what is called a delimiter so we do a Dash D like this and the delimiter I'm going to use is a space and then I'm going to say Dash f for field and then I'm going to say 4. okay what is this doing well it's saying Hey I want to cut this line that you're getting back on a space so the delimiter is a space so here's a space Here's a space Here's a space and it says I want to count up to 4 to grab that data so one two three four right here so if we say 4 here like this we hit enter we're grabbing that specific IP address because we're doing it by spaces if we did it on three what do you think we're going to grab we're going to grab the word from so you can see here's from so what I want to do is grab the IP so we're going to use this cut just like this use our delimiter and then get to the correct field position that we want to grab the IP address all right so we've got the IP address now there's only one thing wrong here with this IP address is that there is a little colon on the end of it we just want this without a colon at all we want it just like this now there's a couple ways we can do this we could use something called said said it's a little bit complicated and a little bit Advanced I would say for where we're at right now um so I'd rather teach you an easier way to do this and that is called translate so with translate all we're going to do is we're going to do one more pipe like this and we're just going to say TR for translate a Dash D for a delimiter again and then we're going to say we want to get rid of this and that's it we're just getting rid of this okay so if we run this one more time now you can see that we've successfully extracted this IP address out that's our goal that's all we wanted to do now how can we apply this to something bigger how can we make this part of a bigger script that is the question and we're going to do that so what I want you to do is I just want you to copy this okay copy this entire line and we're going to go into a mouse pad so let's copy the selection and I'm going to clear my screen I'm just going to say mouse pad and we're going to call this ipsweep.sh okay so this is going to be a bash script and I'm going to make this bigger and the first thing we're going to do with our bash script is we have to declare that it's a batch script we're going to say hash bang right here shebang is what we'd call this forward slash bin forward slash bash this allows the machine to know when we run this this allows bash to know hey we're calling this here's the location to bash this is what we're running with the script you're also going to see this when we we use python as well you'll see the the Declaration hip here at the top or when we're calling this out so I'm going to go ahead and control s and save this that'll add some nice color to this so when we're coding this out we get to see in color I like that a lot I'm going to actually make this a little bit smaller and then make this like this here so we can get the whole picture okay so what I want to do is I want to paste in what we just wrote so I'm just going to control V here and paste that in so we don't need to do a cat of an IP address here in this instance instead we're going to change this back we're going to Ping remember we want to Ping every device in the network so we want to Ping say if we're pinging 192 1684 dot X okay we want to Ping that and we can leave this like this for now don't worry about changing anything here this is just going to be a placeholder we're going to do a little bit of extra syntax here to make this work so we're going to write what is called a for Loop so we're going to say 4 and I'll explain what this does here in a second you're also going to see this again when we get into python encoding and so you'll be able to understand more and more about loops and what for Loops are while Loops Etc they're very very useful and very common in coding and scripting so I'm going to say 4 IP in and then I'm going to say sequence 1 through 254. now very important this character here is not an apostrophe okay this is not an apostrophe this is the little line I don't know what it's called it's above the attilda next to your escape button on your keyboard so it's this right here okay it's like a backwards apostrophe almost I'm sure there's a term for it I just don't know it uh so you come in here and you say okay four IP address in sequence one through 254 and I'm going to explain what all this does in a second I want you just to type this out for now I want you to say do all right and then I want you to come down here and we're going to say Ampersand on this line and we're going to say done I'm going to explain what all this means okay so this is a loop that we've just created what we're saying is for the IP address and we're just declaring this this could be Bob if you wanted to we're just I'm just making it a name or a term that's easy for us to remember so we're going to say for IP but if you want to call this Bob call Bob for IP in sequence 1 through 254. so what sequence is doing is it's saying Hey I want to count everything from 1 to 254. so one two three four five six seven eight all the way to 254. this for Loop means I'm going to do this every single time so for IP in one for ipn2 for ipn3 we're going to run this command until we're done so until this sequence has run up 255 times it's done okay and now we're going to say I want to do a count of dollar sign IP so what we're saying here is for IP in sequence 1 through 254 go ahead and do a ping Dash C for a count of one 192.1684 254 and here we're going to say dot 1.2.3 every time this Loops over and over and over it's going to be incrementing that number through this sequence that's all we're doing this is a basic Loop okay so we're going to keep going through and through and through now this will work if you plugged in your hard-coded IP address here this will absolutely work now we can improve this just a little bit if we want to so what's going on here is what we're going to say is if we wanted to run this we would just do dot forward slash and then I P Suite okay and this would work that's fine but we can make this a little bit better from a coding perspective we can come in here and we can give this a dollar sign one and that means argument one so what we're saying here is I want to give an argument instead so if you want to be technical this first dot forward slash ipsweep.sh that is argument zero so you can consider this dollar sign zero argument one would be what you type after that so this would be argument one argument two Etc so in this case what we can do is we could say I want to run 192.1684 like this and this will run the dot 1.2.3 after it so you provide the argument it places that here in argument one and then it does the rest for you so this way you can specify your network and if you wanted to Ping multiple networks you don't have to come back in here and keep changing this it just works so super easy this is a great little script for a slash 24 type subnet okay okay so let's go ahead and try running this really quick I'm going to just control s save this I'm going to close it we're going to do a CH mod plus X on ipsweep if it'll allow us to we might have to do a okay let's do LS La real quick make sure it worked it sure did okay so here's what we're gonna do we're going to run the ipsweep and we're going to say 192.168 you just put in your IP here I'm going to run that all right and you can see all the devices that are coming back within my network here I'm going to go ahead and hit Ctrl C cancel this out and so this is grabbing all the different devices in my network now that's great that works out really well but what we can do is improve this what if I typed in a what if I didn't type anything at all what if I just hit enter here now I'm just getting all kinds of pings unknown and it's going off of some of the stuff I was doing before but it just causes all kinds of issues and errors right so you can see I'm trying to hit Ctrl C it's it's taking its time to Break um here we get issues because we're not we're just allowing any sort of argument here what we need to do is we need to fix this up just a little bit so what we can say is we can come back in here and just go mouse pad ipsweep.sh and come in here and let's add a little bit extra oh and I also left this in here don't leave this in here that's why that was running twice um okay so what we're doing here is we need to add in a statement what we're going to do is we're going to add in a if statement if statements are conditions we're saying hey if this condition is met do something for us if it's not met then go ahead and do something else all right so we're going to say if and we're gonna just put in here dollar sign one is equal to nothing then we're gonna go ahead and just say then Echo you forgot and IP address Echo syntax something like this we'll just say IP sweep.sh and we'll go 192.1684 like that okay and then if we did do this correctly if we do have an argument inside of argument one then we're going to say else do all of this here and be done and then we're going to end our if statement with f i now this script or this resemblance of this script is not one of my own by the way this is goes credit to something I've modified over time but the original credit definitely goes to Georgia Weidman I remember seeing this in her course a long long time ago when I was first getting started and she did a great job of teaching this this is just a modification of this script so I just want to make sure that all credit goes to her but looking at this let's break this down really quick before we run this again we've got an if statement we said if argument one doesn't equal anything then you're gonna Echo back out and say hey you forgot an IP address here's the syntax if it does include something then we're gonna go ahead and come in here and say let's run our for statement our for Loop and run through it and then we're going to end our if here the only thing that I'm doing uniquely here is I'm including this Ampersand which is going to run this command um multiple times at once this is a good way to explain it basically we have a couple ways of doing this we could say like this so we could put a command here and this will run one at a time it'll say okay four one four two four three this allows multiple instances of this Loop to run at once and just speeds things up I can show you the difference between that so I'm going to go ahead and just Ctrl s save this I'm going to go ahead and just run this script real quick now let's try running it with without anything here okay now look it says you forgot an IP address so look we did that correctly now let's go ahead and add the 192.168.4 run it and you can see okay it's sweeping but it's taking its sweet time especially for the IP addresses that are going to hang like um like if I don't have a DOT two or dot three it's going to take a while so I'm going to control C and get out of this if it'll let me and it looks like it's actually going to hang so what we can do is we can come back in I'm going to open a new tab real quick just while that's waiting and I'm just going to say mouse pad and we're just going to go back into ipsweep dot sh fits in this folder there we go okay so from here I'm going to change this back to the Ampersand and I'm going to save it I just want you to see the difference really quick and why I run it like this so ipsweep .sh192168.4 you can see it's picking everything up really fast all right what I can do now is I can run this and then store this into like ips.txt something like that just like found IP addresses okay so now if I cat IPS dot txt I have all the IP addresses I just found and I found them that fast versus this which may still be going and it is and I can't even kill I'm just going to close this out okay so this is the big difference there with that Ampersand and the speed what it is capable of doing so with all that being said we could take this and do one more thing so I want to show you how we can utilize a one-liner these are called one line statements in um in bash and we can do similar to what we just did and accomplish that in this command line so now we have an IP address we have a list of IP addresses let's say that we want to run nmap now we haven't gotten to nmap yet you don't need to really know about it just know that it is a tool that allows us to go out and do Port scanning okay so typically we would just say something like nmap and we might do something like uh Dash T4 Dash a dash p dash like this this is just saying I want to run a map scan I want to look at everything and I want to scan all ports this is just an example you can just run mmap IP address like this and that would be fine too like we could just go 192.168 4.29 and we'll do a quick M map scan okay but what we can't do here is we can't just say hey I want to run uh well we could we could say I want to run nmap for everything in dot zero 24. the issue is it's going to take time looking and finding what IP addresses are valid here if we have a list we can automate this process quite a bit we can just come in here and we can say something a little bit different we can say hey for IP we're using the same kind of syntax in dollar sign and we're going to put parentheses here we're going to say cat and then we're going to say ips.txt and then we're just going to do this we're going to say do and map dollar sign IP and then again we have the option of doing done or we can do Ampersand done just like this okay I'm just going to do done here as an example and just show you so this is really easy we're saying hey for every IP address in this list and all we're doing is we're cutting out this IP list that we just had so it's going to take the first IP then run the M Maps again it's going to come back run the next one so until this list is completely done it's going to keep going through this Loop that's all it is a simple Loop then we're going to say done it's going to take that IP address it's going to start scanning it it's going to go through and hopefully find information and go in a loop so this is a quick way to automate some of this process I actually do this with a lot of my scripts where I will do some probing see if anything is out there that's alive put it into an IP file and you're going to see this later in the course and then nmap scan that so think about this hopefully this gets your wheels spinning on what you can do to really start scripting some of this stuff out and this is going to be the first time you get your hands dirty with scripting we're going to go on again with this and we're going to get more advanced as we go but this should be a good introductory lesson to you on how we can build a simple tool and automate a lot of this process fairly easily with just a little bit of command line syntax so we're going to go ahead and move on to the next section and I will see you over there welcome to this module on python so if you've never used python before or even heard of python before python is a coding and scripting language it is commonly used in ethical hacking and it's commonly used all around the world it is actually considered one of the best beginner languages to start with if you've never learned coding before so that's exactly what we're going to do we're going to cover some of the basics of python so we'll cover everything you see on this screen here strings math functions we're going to get into conditional statements and looping we'll get into some more advanced items and eventually we're going to build our own tools so we're going to be building a port scanner at the end of the lesson and then when we get into the exploit development section of this course we're going to use Python again to write our own exploits so it's going to be used throughout the course you're going to see it again as a ethical hacker as well well you're going to go on to websites and you might need to download python code or something to utilize against a host or a client and it's just going to be frequently seen for you so very important topic to cover especially for the foundations one very big thing to point out you do not have to be a developer to be successful in penetration testing the important thing is that you understand what you're seeing and understand how to read code if when you come away from this module you have a better understanding on how to read what you are seeing in code you'll be much better off by no means do you have to be a developer I am still to this day nowhere near a developer level and I'm very very successful in what I do you don't have to be a developer so the big takeaway here is to take very good notes understand what you're seeing if you need to watch a video multiple times in this section absolutely okay just make sure you understand everything in front of you and understand that the lessons are going to build upon each other and it should all come together in the end and you're going to get to see it over and over through the course especially in the exploit development section where we write our own python script so I look forward to teaching you this module on Python and look forward to seeing you in the next video okay on to our first lesson the first thing that we're going to cover is going to be strings and in order to do that I'm going to go ahead and make a directory on my Linux machine you can make a folder in your Mac or your Windows machine if you're using those operating systems I'm just going to go in here and just say make dirt Python and then I'm going to go ahead and go into that directory so from here I'm going to go ahead and make my first script so I'm going to clear my screen with Ctrl l and I'm going to say mouse pad and I'm just going to call this script first dot pi and I'm going to give it the Ampersand here at the end that's just going to allow me to open up this process of mouse pad and also have the terminal available to me when I need it so you'll see why I do that here in a little bit now if you're not on Linux that's okay you can use something like notepad plus plus or code runner for Mac which we showed earlier in this course so from here what I'm going to do is I'm going to go ahead and enter in a shebang which is a hash an exclamation forward slash bin or slash python3 and this is important for Linux here because we are calling out the directory if you are familiar with Linux What's Happening Here is we have two options we can come in here and we can say python3 and we can say first.pi and that'll execute our script or in theory we can come in here we can just do a DOT forward slash first dot pi and run it that way if we run it like this our script will not know where to go unless we declare that so up here we're giving the shebang forward slash bin forward slash python3 that is where python3 is located in this machine so it will come up here and it will look for this first and say okay I'm going to execute this based on python 3. so that is a little bit of a Linux Nuance here and something you should know in case you are ever coding in Linux or an environment that is similar like Unix which Macs do run off of so from here if you've ever taken a coding class the first thing you do in every single coding class is what is known as hello world so we're going to print out hello world and print it to our terminal so in order to do that we're going to go ahead and do some thing like this we're going to say print and then we'll do a parenthesis and we'll say hello I'm gonna go ahead and save this and if we run this and I'm going to run this with python3 if we run this python3 first.pi you'll see that it says hello world now one thing that we can do in here is good practice for being a developer is add some notes in so we're going to add a comment in here we're going to do a #or a pound symbol and we're just going to say print string now when we run this again this isn't going to print out comments are just for us inside of the script and I can prove that to you by Saving this and running it again you'll see all we have in here is Hello World perfect so comments with a hash are just meant for whoever is reading your script or your code and that could be you or bad scenario but what if you get hit by a bus tomorrow you're the main developer and nobody knows how to read your code because you didn't leave any comments that'd be very bad so good coding practice suggests to leave good comments and make sure that people can come in and read your code and understand what is going on in here so we're going to add comments along the way so that way we understand what we're doing and practice good habits as well so what you're seeing here is what's called a string you're seeing a string in quotations and you can see a string printed out with single quotes as well so we can just do hello world I'll add the exclamation for consistency and if we save this and print this you'll see that it also prints hello world so it really doesn't matter if you have single quotes or double quotes until we get into more advanced strings and we'll talk about those a little bit later on in the course but for now just know that you can use single quotes or double quotes when printing out a string another thing that we can do with strings is print on multiple lines so if we say print and we do triple quotes like this we say this string runs and then we hit enter multiple lines with an exclamation and and add in three more double quotes there and close this off we can add a note here as well that says triple quote for multi-line and if we save this with Ctrl s and we run this again you're going to see this string runs multiple lines awesome another thing that we can do is concatenate strings so we can print out something like this string is and now we're going to add a space at the end of it make sure you have a space right here we're going to do a plus sign and then we're going to say awesome just like that and we can say we can also concat innate it's always hard for me to spell that so what's going to happen here is it's going to take this string plus this string when it prints out so the reason we have a space is it's got to have the space because there's no space here and this will just add a space for us even though in our heads we might want it to so we're going to go ahead and save this print it out one more time and you can see that it concatenated and said this string is awesome now one last thing we can also print out a new line so we can just do something like this and we can use a single quote this time just to do a proof of concept do a backslash n like this and this will print out a new line and we'll get familiar with that later on as we get into functions we'll write our own function to make a new line but for now if we wanted to add another line we could and then we can just print test that new line out and let's see if it actually gave us a line printed in between this concatenation and this new print statement here let's go ahead and save that print it and you can see there is a line here so the backslash n will print out a new line for us and that is all we need to know for basic string so we're going to go ahead and move on to math you can go ahead and leave this open we're going to run through this as we go and then you'll have a long script which will also make for very good notes let's go ahead and move on to math so math python actually has a built-in math interpreter so we can do a bunch of fun stuff with python and with math that's automatically built in so I'm going to go ahead and just call this section math and if you want to like keep track of sections you can come up here and just call this strings and just capitalize it like that and then that way we kind of have an idea of where we're at you can even add an extra line here if we want to so from here let's go ahead and play around with math just a little bit so if I wanted to do a print of 50 plus 50 we can definitely add we can also subtract so if you want to do 50 minus 50 you could do that and I'll give you some time to catch up here in just a second I'm just going to do a few print statements then we'll take a look at them and then we'll move on to some more math as well we can also do 50 times 50. and we'll just use the little star or the asterisks we'll just say multiply and we'll also do 50 divided by 50. we'll just say divide so if we save that you could take a second to catch up you could see we are just doing Simple Math here we should expect 100 we should expect zero we should expect one here and 2500 if my math is mental math is correct so I'm going to go ahead and print this out okay we've got 100 0 2500 and 1.0 so this 1.0 is a little bit different this is what's known as a float everything else that is come out so far is just an integer and we'll talk a little bit about that here in just a few minutes but know that integers are on the left hand side and if we don't have a decimal point here we're looking at integers and on the right hand side when we see anything on the right hand side of the decimal we're looking at what is called a float and that becomes very important depending on when we need it for now we're going to keep worrying about math we'll get into integers and floats in just a little bit so another thing that math built into python can do is it can do PEMDAS if you've never heard of PEMDAS please excuse my dear Aunt Sally so parentheses exponents multiply divide add subtract you may have had it something different within your educational experience but it will do that for you so if you do 50 plus 50 minus 50 times 50 divided by 50. it will give you the answer I don't know that Mental Math off hand another thing that we can do are exponents so we can print say 50 to the second power which is same thing as 50 times 50 which would be 2500 as well and we can get exponents out of this and we'll actually go ahead and save this and run this here because the next step I want to be able to lay out clearly you can see that we have successfully done the math here and did it for us awesome and it also did the exponent for us as well so now a couple weird things with the vision so you saw the 1.0 before well we have a few things that we can do for example the 50 divided by 6 but using a percentage sign is what's called a medullo and that it just takes what is left over so 50 divided by 6 is not divisible there is a leftover so if we print that you'll see we get a leftover of two which makes sense because 6 goes into 58 times 6 times 8 is 48 and then we have 2 left over so if we want to know what the remainder is we can use a percentage sign here we can also do something like 50 divided by 6 like we saw earlier and this will have division with remainder so we can say or or float we'll save that and take a look at that really quick you can see we get 8.3 and then it rounds up eventually to a four and lastly what if we wanted no remainder so if we just did 50 divided by 6 we say no remainder we could do this and we should get eight here so depending on the situation and what we want we might want a situation where we only want the integer or we only might want what's left over or perhaps we actually want the whole number of what's being divided so there are a few different ways to divide with math in Python and it's good to know all of them depending on the situation that you run into so for now just take notes on this and know that there are a few ways to do math and division and you can do PEMDAS and exponents and all kinds of fun stuff and this is just scratching the surface of math with python so that's it for this lesson we're going to go ahead and move on to the next one which is going to start covering variables and methods so I'm going to come in here and I'm just going to call this section variables and methods and if we want to make our script a little bit clean we can just come in here and copy this new line it'll be a lot easier once we write a function for this but we haven't gotten there quite yet so we're going to print out this new line and that way when we print this out you can see that we have kind of gaps in between the sections that we're working on so now we're going to work on variables and methods so variables variable means something can vary it can change and we're going to look at that here in a second so if we have something like quote and we make quote equal to All is fair in Love and War and this is what this is a string we are storing the string inside of this variable called quote and we can just come in here now we can print out whoa and if we do that we should get this returned back to us you can see all is fair and Love and War if we didn't print this just go ahead actually we'll just comment this out this is a great way to test the script if we just save this now with a comment and we hit enter there's nothing here we haven't given it any instructions to actually print out so now we can print this out and it's printing whatever is stored inside of that variable in this instance we have a string stored in there now when we talk about methods methods are just functions that are available for a given object now you could think of functions as something built in to python that allows us to do something and it'll make sense here when we get into using methods so we have this quote All is fair in Love and War well what if we wanted to print this in a few different ways well we can use methods to do that for example we can print quote in uppercase and just do upper like that and this is going to make it all uppercase because we're giving it this period upper and then open close parentheses right here and that is allowing us to use that method so we can say uppercase and we can also print in lowercase if we do lower and just for one more we can also do print and we'll say quote dot title and this is what's known as title cakes and title case will capitalize every single letter like it is the title uh in this instance here we're going to get like the a capitalize which wouldn't really be true in a title but still just know that title case is meant to capitalize every first letter within your string or your sentence in this case we're going to call this lowercase here okay so let's go ahead and save this and we're going to print this out and you can see the differences that we have we have it here in its normal quote and then we have it in uppercase all lowercase and then every single first letter capitalized perfect these are methods these are just a small example methods we're going to get into more a little bit later here's another example what if we wanted to print the length of quote let's say we wanted to know how many characters were within this sentence so this is going to count the characters and this will also count spaces so we're trying to get a total count of what's going on inside this string we print that you'll see that we get 28 return so if you want to check that you can go count every single character within here and you'll get the length of that and that could become important as you're doing python later on and this is just yet another example of a method now let's go back to looking at variables and why they're called variables so let's say that we have a variable of a name and in this instance I'm going to use my name and I'm going to make it a string and I'm going to use my age I am 33 and here we're going to say string just so we can make sure we notate the differences this is an INT or an integer and we're also going to give a GPA let's say I went to school I'm going to use the American grading system let's say I had a 3.7 GPA and this is what's known as a float and that has a decimal so make sure you notate that so if we print these out if we print out the integer of age that'll still print 33. what if we print out the integer of 30.1 save that take a look and you'll see that we just get 30. all right and you can see that this rounded down again integer just the first number just what's on the left side of the decimal point doesn't care about the right side what if we printed integer of 30.9 will it round will it round no so if we save that and we print again you'll see it's still 30. it doesn't care what's on the right side of the number it's only going to take what the integer is so anytime you print an integer you're only going to get the first or what's on the left hand side of the decimal point so make sure you know that now a few cool things that we can do let's say that we wanted to print something like this if we print my name is with a space and then we'll do plus name and we'll say space again and I m space age Plus space years old make sure you have your spacing in there properly that way you can account for the spaces before and after these variables but what are we doing here we are concatenating variables now if I try to run this I'm actually going to get an error if I run it we're getting a type error and this is a great example by the way of understanding what python is telling you I get emails all the time from students saying I don't understand why my script isn't working and the first thing I'll ask them is I will say did you read the output of the error because it tells you it says Hey on line 44 by control tab look this is line 44 it tells you where your mistake is and then it also says it only concatenate string not int to string so if you didn't know what this meant and maybe you don't you can copy this go to Google and search it and I promise you somebody will have had this error before as much as if we wish to be special uh there's not in many situations that will come up where there hasn't been this error or an issue that we run into that somebody hasn't already had before so with that in mind we can fix this so it's saying that it can only concatenate strings not integers well name is a string but age is an integer so we need to make in this situation age or string so what we're going to do is just say Str like this and give it like that and now if we print this save it print it you can see my name is Heath and I am 33 years old perfect now what happens if I am a year older well I could take age and do something like plus equals one something like that and if I print age now hopefully we are seeing 34. you could see 34. now this is what comes into play this is a variable variables can change at this point in the script we Define that we are 33 and as we run through it I am still 33 when I print this statement out however I've had a birthday now age has increased by one printing age out now will say that I'm 34. so variables can change variables can store different numbers at different times that's why they are called variables because they vary now we could also do something like birthday and set birthday equal to one and I could say age plus equals birthday and then print days and guess what now it's going to return 35. so just know that you can store a number within a variable we've shown that before already we can add two integers together and we can print them out so we're adding those together and it's taking that total and adding that to age and now it's saying we're 35 years old so that is it for this lesson we're going to go ahead and move on to functions and fix this new line issue that we've had plus write some pretty cool stuff out and build some other cool functions out as well so I'll go ahead and see you over in the next lesson all right moving on to functions so let's go ahead and print out a new line really quick and we're going to call this functions now I like to think of functions as many programs what they are is an organized block of code that you define and then you can call it later instead of repeatedly typing the code out so we're going to take a look at some examples of that so let's go ahead and write a function so let's do a Define Def and that's how we start a function and in this one I'm going to say who am I and I'm going to do closed parentheses and here we're going to say this is a function without parameters and we'll talk about that here in just a little bit now indentation is incredibly important in Python if we do not indent we will throw an error here and you're going to see a lot of situations where indentation becomes incredibly important it's one of the most important things in python python does not have a lot of rules that apply to it but indentation is one of them that you must follow so we're going to go ahead and hit the tab to indent and I'm going to say my name is Heath and this is what is known as a local variable we'll talk about that here in a second as well age is equal to 30. and we're going to go ahead and print same thing we did before we can actually just kind of copy this up here we'll say my name is just like this okay copy all that paste it and then add the closed parentheses there I'll let you catch up and then we can just call down here who am I so what's going on in here well we have a function that we're defining we're calling it who am I and it has no parameters we'll get into parameters here in just a second now we're giving it some items within this in this instance what we're doing is we're giving this local variables we're saying hey in this instance when we have a variable of name it's going to be Heat and the age is going to be 30. well whatever is stored in here is only stored within the function that's why this is a local variable if we print age as well we'll see that so we know that age was 35 we called age over here is 30 and let's see what happens first of all we called our function here we said who am I called that and all it does is run our mini program our mini program says hey I'm going to print out these variables into this string here okay and that's exactly what it did but when we printed age again you could see that we're actually still 35 so this variable or the variables that are within a function are local and do not apply outside of the function so make sure to remember that okay so I'm going to delete this print statement we don't need it and we're going to write some more functions so let's do one where we add some parameters so we're going to do add 100 and we're going to give this a parameter of num n-u-m and that's just going to stand for number okay we're going to indent make sure we indent and all we're going to do is print num Plus 100. so when we call our function we say add 100 just like last time this time we have to actually give it what is called an argument so our argument goes with our parameter here when we're calling it so our argument is going to be a hundred and when we print this out this is going to be 200 hopefully so we'll save this run it you can see that we got 200 because we're doing print 100 plus 100. that's all we're doing is this mini program okay let's try another one let's say we want to have multiple parameters let's do Define add and we're just going to add X and Y this one's going to be easy we're just going to say print X Plus y and now we can add whatever we want so let's add Seven and Seven and one will take the place of X the other one will take the place of Y X Plus y 7 plus 7 should be 14. let's go ahead and run that you'll see we get 14 here beautiful all right let's make it a little bit more complicated then all right let's try adding in here another function this time we're going to do multiply we're going to do X and Y again and instead of doing a print I want to show you something a little bit different let's say we just return X times y and now in this instance if we multiply 7 times 7 do we get 49 we don't okay there's a reason for this this is just calling back so when this is saying return this isn't saying print remember this says print this is going to return x times y so we can call this here this function and it knows that this function is equal to 49 and perhaps we can put that into something else like we could put that maybe into a variable or whatever it is we might want to do with it however if we wanted to return to the screen we actually have to call that so sometimes we're going to actually store something instead of printing it we do a lot of printing in Python tutorials just so that you can see it on the screen and make sure that you're seeing what you're doing and that everything's printing out okay so that's why we're doing this but please understand that the return option does exist and is used quite frequently so I'm going to save this and run this you can see now that we get 49. perfect okay two more let's say we want to do a square root okay so let's define square root and we're just going to give it one parameter and in this instance we're going to print out the square root so we're going to take X and a square root an exponent format is just to the power of 0.5 that's all we're doing and we can test that theory by doing something like square root of 64. which we should return as 8 because 8 times 8 is 64. so if we save that come in here print it and you can see we get a float of 8.0 now I told you we would create our own function for a new line and we're going to do just that let's go ahead and Define new line and we could call this like new line if we wanted to or whatever but I think to make it simple as long as we understand what it is we can make comments and notes in here if we wanted to we could just say defined NL and then we can just say that when we do that we're just going to print out our n for our new line and then we call a new line we'll get one very simple so we can just even say in here new line okay so now we know and we save that and we can print it you'll see it it's here but we really don't have anything after it to really show it but we do have that space there so that is it for this lesson I'll go ahead and see you over in the next one next up we're going to learn about Boolean expressions and also relational and Boolean operators so let's go ahead and type in here Boolean expressions and when we think of these we can just think that this as true or false that's really what it is so from here let's do a few variables so we could set Bowl one equal to true we're just going to say hey this variable is true bull 2 we could set equal to three times three is equal to 9. so the double equals means that something is equal to something so we have three times three that's nine equal equal that means that equals nine do not confuse that with setting up your variable this is saying hey my variable is equal to this but this is saying this is equal to this number okay and that is a true statement we could also say Bool 3 and make that false or we can give it a statement that makes it false so something like 3 times 3 does not equal nine exclamation equals means does not equal nine now if we print it out bull one bull two bull three ample four just like that and save it and if we come in here you'll see that it says true true false false again Boolean Expressions is something true is something false why do we need to know this well we need to know if something is true then we might want to continue on or if something is false we might want to do something and we'll get into that when we get into conditional statements like if something is true then go ahead and do this if something is false do this or there's something called while Loops which will allow us to continue as long as something is true we're going to get there when we get to conditional statements as well or looping I should say and we'll talk about that but that is why we might want to know these things among other stuff we might want to know if something's true or set that parameter or that variable to True until it becomes false etc etc so right now just understand that Boolean expressions are true or false and we're going to come in here and we're going to print and we're going to say type and we're going to do Bowl One okay and this will tell us now this is a nice thing so if we come in here and say type it'll give us the class this class is Boolean awesome and another example of that is if we say like Rule 5 is equal to true and we print the type so if you see true and you're like I wonder what that is is that Boolean or is it actually just a string we come in here and say pull five let's save that save that there and then you should see that that class is actually a string here so you can check with the type to see what is this okay so the type feature is very nice and we can see that we are dealing with a Boolean here and this one is actually a straight so please note that if you put it in quotations that makes the string you leave it like this that makes it a Boolean expression let's go ahead and make a new line and we're going to talk about relational and Boolean operators okay so we can think of that as let's make a variable here we say greater than we say 7 is greater than 5. well that would be true and we are using an operator here so the operator is the greater than sign we're also using a Boolean expression because it's going to result in a true return if we were to print that out now we can do a few other things we can say like less than is equal to 5 is less than seven we can do greater than or equal to which would be 7 is greater than or equal to seven that's true we can also do less than or equal to and in that case we can do 7 is less than or equal to seven which is also true so all of these statements here are true now we can get into some other type of operators and statements here what if we did and so let's just call this test and we're going to do test and we say 7 is greater than five well that's true and 5 is less than seven that's also true both statements are true thus this is true do another one test and two and for some students this does take a little bit to get your head wrapped around I'm going to provide a table for you here just in a second but just follow along and I'll explain this as we go let's say we have 7 is greater than five and five is greater than seven all right let me fix that syntax five is greater than seven this now becomes false why well seven is greater than five and 5 is greater than seven that's not true so because it's not true because all statements are not true this becomes false there's an alternative to this what if we had an or we said or so 7 is greater than 5 or 5 is less than seven well both statements are true thus this is true but we can have the same situation as before where we have 7 is greater than 5 or 5 is greater than seven and guess what this statement is actually true because all we need is one condition to be true for this to be true so in this situation this is true or if this is true then the whole thing becomes true so just because this is false this would also have to be false for this to be false hopefully that makes sense one other thing here before I show you the cool little table is we could do test not so if we said something was not true guess what that becomes false same thing if we said it was not false then it's true not is just the opposite so not true in this situation is false now if we go out to the internet and we go to Google we could come in here and we can just search something like python truth table and if we go to images we should be able to find one that works out pretty well in our favor here's a good example right here so if you ever take a coding class you might be quizzed on this this will tell you truth tables right here so if it's not false it's true it's not true it's false we can look at or statements so true or false is true the only situation and or statement becomes false is when both are false now the and we looked at that if it's true and false it's false if it's false and true or false and false it's still False only situation for and where it can be true is when both are true there's also not or not and there is does not equal or equals so it's good to know these types of Truth tables and you can come and just again Google python truth table and come look at this pretty straightforward once you get the hang of it but it's completely okay for right now for it to be confusing just wanted you to know that these are out there and exist in case you are a little bit confused by this lesson so we're going to go ahead and move on to the next lesson which is going to cover conditional statements okay we'll come in here we'll do a new line and we'll just say conditional statements and we can think of this as if then or if then else or if else either way you want to write this this is fine so think about this if you go to the store and you want to buy a drink and that drink is two dollars if you have two dollars or more you can buy the drink if you do not have two dollars you will not be able to buy the drink so let's take a look at that so if we write a function and we call it Define drink and we give it a parameter of money we come in here and we say if money is greater than or equal to two then we're going to return look at the indentation again we need an indent here after our function and we need an indent after our if statement so make sure you're indenting correctly return you got yourself a drink and here we come back we can say else we're going to return no drink for you kind of like Seinfeld no soup for you all right so if we come in here and we print drink of three meaning we had three dollars at the time and we print drink of one meaning we had one dollar at the time we're gonna have two different results if we have two or more dollars we're going to return you've got yourself a drink otherwise if we have less than two dollars we're gonna say no drink for you let's save that you've got yourself a drink when we print out three dollars because we had enough money here you can see with one dollar we did not have enough money thus no drink or us okay let's take a look at a little bit more of a complicated one we're gonna come in here we're gonna say Define now I'm going to make this alcoholic beverages if you do not drink that's okay you can just follow along still you can change it into whatever you want to be I think this is a good example because we have a couple parameters and we can use those to make different sort of conditional statements so let's define alcohol now in the United States we have two things that we need in order to purchase alcohol one we have to be old enough we also have to have enough money similar to the drink before that was non-alcoholic we assume well we have to actually be old enough to purchase the strength in the United States you have to be 21. so if our age is greater than or equal to 21. they put a space here by the way sorry and look the and is coming into play money is greater than or equal to five then we're going to return we're getting a drink all right now we're gonna say else if because there's a few situations that we can be in there's actually four situations here so we're going to say e-l-i-f which stands for else if what happens if our age is greater than or equal to 21 and we don't have enough money so we say money is less than five well in that situation we're going to return come back with more money okay and then what if we have another situation where we say age is less than 21. and we actually have money we're just an underage person trying to buy a drink and we say five dollars well we're gonna return nice try kid and then lastly if we have no monies and we're not old enough well then we can just return something like your too young and two poor yay and then let's try these out so we've got these different situations here again if we have our age and money we meet both criteria we're getting a drink otherwise if we meet the age but no money let's come back with more money we don't meet the age but we have the money nice try kid and then lastly if you don't have the money and you're not old enough you're gonna be too young and too poor so we're gonna print out a few different statements here of this function so let's give it 21 and 5. we'll print alcohol again of 21 and 4. friends alcohol of 20 and 5. and these should all meet different criteria alcohol of 20 and 4. so we should expect to get these in order we meet what we need here we don't we don't we don't different criteria for each of these we'll save this go ahead and run this and you can see it says no drink for you actually that's the last one uh we're getting a drink come back with more money nice try kid and you're too young and too poor so you can see that we can make conditional statements based on everything that we're starting to put together here we have now used a function we've used multiple parameters we've used the conditional statement we've used relational operators okay we've got the Boolean right this is true and true we're returning something this is true and true in this situation then we're going to return something else so we have different situations that can come back so we need to meet those criteria and we're starting to use that look we're using the return instead of the print feature there's a bunch of different things that we're doing here that's all starting to tie in and hopefully that's starting to make sense why we do things we're starting to build upon it and it's starting to get a little bit more fun so from here we're going to go ahead and move on to lists and move on with our journey into python so I'll see you in the next lesson let's move on to lists so let's go ahead and do our new line and we'll call it lists and the best way to think of lists in my opinion is that they have brackets something like this now lists are data structures they are changeable we can reorder them they are basically just a group of elements now everything within a list is called an item and as I mentioned the best way to think about lists is that they have brackets just like a string might have quotes around it lists will have brackets around it now again we need to remember these are changeable we'll talk about something here in a little bit that is not changeable which is called the Tuple now here let's go ahead and declare a list we're going to say movies and I'm just going to list out some movies that I like and we can do a bracket and I can say when Harry Met Sally we'll just give these as strings I like The Hangover and I like The Perks of Being a Wallflower now you can add whatever you like here and my hangover here by the way that I have to hang over here my hangover on the line here is just because my notepad here is not wide enough if I made it wider it would actually just continue on so a don't confuse this if I hit enter you'll see it goes to 148 so my wrapping does not mean I went into a new line and lastly we'll just say The Exorcist and we'll close the list off with a close bracket so if I wanted to print the first movie in the list I wanted to print When Harry Met Sally I come in here and I print movies and I wanted to say one do we think that would print the first item in the list go ahead and hit save print and you're going to see that it actually prints The Hangover so what am I doing here I am calling an index and our index actually starts with the number zero so when we look at an index we need to think of it as 0 1 2 3. always count starting with zero not one otherwise you can return the wrong numbers and this can get very confusing let's make sure we add no to this Returns the second item in the list okay we're looking at the second item with the index of one if we printed for example movies and we gave it zero then we would see that this will return the first item in the list okay we'll save that take a look real quick you could see that the first item is When Harry Met Sally and that's exactly what we're getting returned which is what we want now let's look at a few tricks to splicing an index or indices uh we can say something like print movies and if we printed movies one to three what would happen here well what's gonna happen is it's going to return the first item given so this is going to be index number one which is item two so first I should say first index number given right until the last number given it's not going to include the last number well let's even say but not include the last number so no it's a lot it's just printed out take a look so one to three will print The Hangover starting at one and The Perks of Being a Wallflower which is two it will not print three okay so make sure you understand if you go one to three you're only going to include two items three items now you can also do one to four which would print all of those if you wanted to print everything from the beginning of a number so say we've wanted to print movies one and we wanted to go all the way to the end we could just do something like this so you can start from a certain point in index print The Hangover versus Being a Wallflower The Exorcist and we're skipping When Harry Met Sally because we're not stirring at zero okay we could also do in the opposite of that movies and remember if we go to one it's not going to include one it's only going to include the first item here everything before so When Harry Met Sally everything up until this point is another way to think about it okay so we wanted to print two items we'd actually have to add a second or put the number two here and that would include The Hangover that's what we wanted to do now another thing that we can do is if we wanted to print the very last item we could do a movies negative one and you don't need to commit All This to Memory right now especially if you're not working with lists but if you ever do work with lists you need to pull specific items down from the list this becomes very important so important to know that indexes or indices exist you start at zero and then you move forward and then the way that you can spice these just depends on how you call these now this will return last item in list we save that take a look you'll see It'll return The Exorcist here now we can apply methods to lists just like printing length of movies we'll print count the items in the list right and the list and we'll save that just take a quick look I never close this sorry so you can see it tells you your mistakes and even I make mistakes come in here try it again you can see that we have four items within our list all right so and that is true we have four items in the list we can also add to the list so we can use something like movies dot append we'll add to lists and if we wanted to add the movie Jaws we could and if we printed movies you'll see that this appends to the end of the list let's go ahead and save that and you'll see now that Jaws is here at the end now we could also insert a movie into the list so if we did movies dot insert and we wanted to put in a specific spot so say we want to put it in index two we could say two and then we could give it a movie Hustle the movie I just watched recently and really liked and we can come in here and print movies now we save that you can see that we can actually insert hustle here into position two on the index so pretty neat now we can also remove movies we did movies.pop come in here and that will remove the last item so if we come in here add a print statement really quick save that and then print this out you'll see that Jaws is now gone we can also specify specific spots we want to remove so if we want to remove index 0 we could and then this will remove the first item print movies save go ahead and When Harry Met Sally is now gone from our list we can also combine two lists so if we come in here and let's say that my wife has favorite movies and she definitely does and we'll just go with a couple of her favorite movies she likes Just Go With It and she also likes 50 First Dates come in here and close that off well we can combine movies let's say we wanted to know our favorite movies what we can do we can combine lists I should say come in here and I could say I want to add movies plus Amber movies and I can print our favorite movies and then I have now combined lists let's go ahead and take a look at that hopefully I did it right and you can see now the hangover hustle perks a big Wildfire Exorcist just go with the 50 First Dates you could also just come in here if you copied this by the way and just pasted this you don't have to put it into a variable you could totally do it like that but I think storing in variables is a better practice so I'm going to go ahead and just Ctrl Z here and one more thing so we can also have what are called 2D lists so two dimensional lists so let's say for example we have grades and we have a list of grades and we're going to say that inside this list we have Bob and his grade is an 82. and then we have Alice and she has a 90. okay and then we've got Jeff 's not doing so hot Jeff's got a 73. okay and let's say we wanted to pull down Bob's grade we could make a variable like it's called Bob's grade and we could set that to grades and then do something like zero one like this and what are we doing here well we're saying I want to pull from the first index okay index one or zero right first index 0 1 2 so I'm pulling from zero and within that I want to pull the second item which is this zero one so we have a two dimensional index here and if we went ahead and printed Bob's grade you can see now we save this we get an 82. well that's correct what if we screwed up Bob's grade and we wanted to fix it well we could also do something like grades 0 1 just kind of like we called and we could just set it equal to 83 maybe it wasn't 83. okay we come in here and we print out grades you should see that this has changed so let's go ahead and print this you can see now Bob has an 83. so we can modify our 2D lists as well so that is it for list remember lists have brackets lists are data structures we can change lists as you saw we were able to append pop insert remove okay we can modify many different ways we're going to move on here in a second to what are called tuples and tuples cannot be changed even though they look very much like lists they are different so I'll go ahead and see you over in the next lesson when we cover duples okay let's talk about tuples very quickly and then we're gonna move on so do a new line say tuples and these are like lists but they do not change we'll say do not change and then they get parentheses as opposed to getting brackets okay so we might want to have something that doesn't change and when something can't change we say that they are not mutable m-u-t-a-b-l-e they're not mutable so that means that they're immutable and tuples are immutable meaning we can't change them so we think of list list mutable tuples not mutable or immutable so if we have a tuple of grades we can say something like grades are equal to a b see this is the American grading system d and F coming here if we did something like grades.pop like we saw before or grades dot append something like that neither of these are not going to work or neither of these will work I should say proper English what's going to happen is they're not mutable we can't change them once we have this and we store it it does not change so if we want something that is like a list but we don't want it to change it's better to use a tuple we can set something in stone like our grade letterings and then we can call those when we need to we can just say something like print grades and give it a one and save it and we should get a B back okay and we get a B back so that's it just know the difference between tuples and lists and that tuples do not change but they are very similar in how they can function and there are pros and cons to each of those so we're gonna go ahead and move on to the next lesson which is going to be looping okay so let's come in here make a new line and we're going to call this looping so we're going to talk about two different types of Loops the first type of loop that we're going to talk about is what's called a for Loop and four Loops are start to finish of an iterate and here's what a loop looks like and we'll take a look so let's go ahead and get a list we're going to say vegetables and you can put whatever vegetables you want in here I'm going to go with a cucumber I'll do some spinach and then we'll do some cabbage as well and now what we're gonna do is we're gonna come in here and we're going to write a four Loop we're going to say 4 x and x could be whatever you want it to be you could say for veggies it could be whatever you want to call it in this instance I'm just going to call it X in vegetables the 4X in this list we're going to go ahead and print out so what do you think this is going to do all this is going to do is just Loop through the iterates start to finish up and iterate so it's going to say cucumber spinach cabbage go ahead and give it a go save it print it cucumber spinach cabbage all we did was go through a list iterate through it until we reached the end of the list and then it stopped so that is a for Loop another good example of a loop if you want to think about it might be trying to Ping an IEP address like a 192 168 1.1 or maybe you have 1.x maybe there's a whole slew of ips that you want to Ping maybe it's one through 254. okay if you wanted to Ping all of those you might want to do something like a 4X in IP and where IP is just equal to like a sequence like say IP is like a sequence of one to 254 and don't worry about this I'm just logically writing this out so if you say IPS 1 to 254 for x and IEP and then you want to do something you might want to like Ping 192.168.1.x and then X will be one then two then three then four okay so you could write something like this for a pink sweeper again it's the start to finish of an iterate one through two fifty four with a stop at 254 when the iterate is done now another example of this or another example of a loop is what we call a while loop let me say wall loops these execute as long as true I should probably capitalize true so that way it makes sense that we're talking booleans so let's think about this situation what about we set I equal to one so we've got a variable of I equal to one while I is less than 10. we're going to go ahead and print out I and then we're going to say I Plus equals 1. so what's going to happen well while I is less than 10 . so right now I is equal to 1 1 is less than 10 that is true we're going to go ahead and print I increase the value of I by 1. so the next time it Loops through it's going to be 2 and it's going to continue on until this is no longer true so if we save this this should print out one through nine because we're not looking for 10 just one through nine so we're going to say that hit enter one two three four five six seven eight nine and it looks like the loop actually did its job so again we have two types of Loops all we need to know about right now is we have a start to finish of an iterate that's the for Loop a little while loop executes as long as true we may see these later on as we do our project work so keep these in mind as we go on through the course so from here we're going to go ahead and move on to Advanced strings so I'll see you over in the next lesson okay let's take a look at some Advanced strings so if we come in here again we do a new line go ahead and enter Advanced strings and let's create a variable of my name I'm going to say my name is Heath now let's say we wanted to print my name and we wanted to grab the first letter of my name how do you think we might do that well if you're saying index of 0 you are absolutely correct and we can say in here first letter what about printing the last letter of my name well if you say negative one you have remembered your index lessons great job that's going to be the last letter we can save this and we can go ahead and print and if I made this a string that would be very helpful go ahead and save this you can see that we get the capital H and the lowercase H here because my name starts with an h and ends with an H so another thing to note about strings much like tuples they are also immutable you cannot change a string we cannot modify the string we can join strings we could split strings and we'll talk about that here in a second but once I have set this variable in this string this string is here forever I can always change the value of this variable but you cannot change this string so again strings are immutable now let's go ahead and say we have a sentence we give that something like this is a sentence if I can type today and we print out sentence with something like this what do we think that's going to look like let's save this print it you can see that we get this what are we doing well we're just grabbing this first word however we have the benefit of knowing what the first word is and how long it is so we went 0 1 2 3. remember we stopped at four so we grab the word this well what if we were in a situation where we didn't know what the word was or how long the first word was we could use something like a delimiter so we could say print we could do sentence dot split and if we do a DOT split we can just do it like this and then this is a delimiter and a delimiter says we're going to take something and we're going to split based on that now the default delimiter in Python if we just give it a split is a space if we save this come in here this is a sentence now look at it it's in a list we could pull the first item if we wanted to and know the first word instead of having to split it like this or pull it out like that so we could do something like this as well this is just a proof of concept that's a little bit fun we go sentence split and we say that is equal to sentence dot split okay and then we also create another variable we call that sentence join and we say that is equal to space we're giving it a delimiter to join on actually we're telling you what to add in between the different words that we're pulling out so we're adding a space here and we're going to say join sentence split like this and if we print out sentence join what do you think we're gonna actually have happen here let's save it guess what this is a sentence so all we did was deconstruct this sentence based on the delimiter it came out to this is a sentence and then we joined it back together with a space so every one of those got a space in between and that's it so that's just a Nifty little way to show you that splitting and joining is possible and again this is still immutable even though we're messing around with the strings the strings are immutable let's take a look at a few other things here I mentioned in the beginning of the first lesson when we were talking about strings initially that we might have different ways of using single quotes and double quotes and think about this like what if we had a situation of quote and we wanted to say something like he said give me all your money well with this situation what are we gonna do what if we wanted to add quotes here and say give me all your money we do that because that is a quote well looks like it's kind of messed up we're not seeing it in green it kind of looks funny what we can do in this situation is we can use single quotes if we wanted to or we could flip this around by the way we could use single quotes on the outside and then double quotes on the inside if we wanted to use double quotes here and I could save this so let's print out quote just to show you and then we can save this another thing that we can do though is we can say something like quote and then we can just do he said and we can do character escaping so we can do give me all your money like this and now python knows that everything within these escaped characters is ignoring it's ignoring this double quote here and ignoring this double quote here so we're escaping that and then we can print it and hopefully we did this right go ahead and print you can see now it says he said give me all your money in double quotes while we also use double quotes on the outside so we can use character escaping if we want to just know that we'll have to use this backslash in front of each of the characters that we want to escape okay let's take a few more examples here so if we say something like a variable of too much space what happens in the situation where we have like you can just add as much space as you want in here it doesn't really matter we have a string with a lot of space in there well we can strip this out we can print too much space and then we can do a DOT strip and the strip is going to take the delimiter of a space as default and that will also strip this out you can see there's just hello there nothing else so that's kind of nice few more items what if we have the letter of a and we have the word of Apple okay well what if we wanted to know something like this let's actually go up a little bit and let's say we wanted to know like print a and Apple okay what is this going to return go ahead and if I could type sorry and this is going to return something let's go ahead and save that that's going to return true so we'll just say true now if we print a in apple you're going to see that this is going to return false save this y well this here is a lowercase a and that does not exist with an apple so even though we're looking for a specific letter Within A Word we have to match case sensitivity in order for that to return true so if we wanted to know if the letter A was in the word apple and we weren't concerned about case sensitivity then what do we do in that situation well this brings something up that we did a little bit early on which is using lowercase remember the lowercase method we can say print and then we can come in here and say letter dot lower you could also do upper if you wanted to but what we're doing is we're converting all of this to lowercase so this is not going to be a lowercase a and then we could say in word dot lower and we can just say this is an improved way of doing this so if we print that out we save this this should come back as true so think about when you're trying to match a word or a string or anything and if somebody came in and you were expecting like I don't know like think about school and we're thinking about uh a word maybe like Manhattan I don't know and somebody types in Manhattan like this okay we still want to be able to accept that answer is true even though they may have screwed up a little bit on the punctuation now there could be instances where we want a capitalized letter and it has to be very specific in that case this kind of syntax works but if we're looking to just accept an answer like Manhattan for Manhattan then we might want to consider using lowercase or uppercase in that situation just to match those words or letters or whatever it might be so one more thing let's look at what is called string formatting so if we do something like movie we'll pick the hangover again we say The Hangover you can pick whatever movie you want here there's a few ways that we can print this out remember we concatenated early on and we said like print we did something like my favorite movie [Music] is space plus you know movie something like that right well we can actually write this in a certain way that is a little bit easier so there's a few things that we can do for example we can do my favorite movie is add a couple brackets in here like that and then we can add period at the end just because we're going to close our sentence we'll say dot format and we'll say movie and close that off that's one way of doing it if we save that it's a my favorite movie is The Hangover okay this is called using the string format method now what we can do there's another type of method we can use is we could say print my favorite movie is percent s and we say percent really just like this save that this is using percent formatting and look the same thing happens I just forgot my period in there so no big deal lastly if we print out an F in the front this is called an F string or what's known as a string literal we can do my favorite movie is and then just do a movie like this super easy and we have moved off of using the format method and the percent method into this F string or string literal let me come in here we save this tab up print and you can see my favorite movie is The Hangover that worked out perfectly well you can use any of these to format but just know that the F strings are the latest and the greatest way of doing it in Python 3. so that is it for this lesson we're going to go ahead and move on to dictionaries okay so we'll add new lines in here and we'll say dictionaries and we could think of these as key value pairs and also think of these with the curly braces like this so we've seen lists like that we've seen tuples now we can think of dictionaries with the curly braces so let's go ahead and we're going to put some drinks and again I'm going to use alcoholic beverages you do not have to do that you can use whatever drinks and prices in here that you want but we're going to have a key value pair so our key is going to be the drink so first drink I'm going to pick up is a White Russian and the value is going to be seven let's say that a White Russian costs seven dollars if we do an Old Fashioned we're going to say that this costs ten dollars and we'll do one more we'll do a lemon drop and we'll just say that this costs eight dollars okay and we can make a note here to ourselves that drink is the key price is the value remember key value pairs key value all right so we've got our drinks we can print our drinks save this go ahead print and you can see we print out our dictionary here now let's give it another example let's say that we have employees and this could be a good example so we say we have employees and I really like the show Bob's Burgers so I'm going to use Bob's Burgers here as an example let's say we have different departments we've got the finance department and in the finance department we actually have a list of people what if we've got we've got Bob oops we've got Linda and we've got Tina all in finance we can also have another department let's have it so again that's the key and the value is going to be this list that we're putting in there so Gene Louise and we'll throw our Teddy in there as well and that one and let's do one more we'll do HR so HR and we'll put in here Jimmy Jr and we'll also put in Mort again you can put whatever you want in here and if you need to pause if you're trying to follow line for line word for word you need to pause and type this out feel free to do that I'm gonna go ahead and print out our employees just to show this make sure I type this all right because this is a lot of syntax and we've got Finance it and HR looks like we did a great job awesome so let's say I wanted to add a new key value pair I could do that in a couple of different ways we can do something like employees and we can just say something like we want to add a legal department all right and in the legal department we're gonna have just one person we'll just have Mr frond he's our legal team okay we'll just say it adds new e value pair save that actually let's print employees so that way we can actually verify save print and you can see legal ads Mr frond so we are adding to the end of our dictionary just like we added to the end of our list everything gets appended to the end unless we specify otherwise let's go ahead and come in here another way that we can do this is we can say something like employees dot update and we can say something like give it a sales department and in the sales department we'll have Andy we'll have Ollie close that off we're also going to have to close off our curly braces and we'll close off our parentheses and if you have a decent notepad it'll show you where your items are so that way you know you're closing things off correctly so we've got three different types of syntax going on there and it sometimes can be hard to read so here we could say adds new key value pair as well so just another way of doing it we can print employees and we'll see that Annie and Ollie should be added provided we typed everything correct which we did so here's sales with Andy and Ollie okay one more thing let's say that we wanted to update something in our dictionary we're going to go ahead and update a value we're going to go back to drinks for this one let's say that inflation has happened which it has and with inflation the price of a white russian has now gone up from Seven dollars to eight dollars we can do something like that print drinks and you should see that hopefully this has been updated to eight dollars which it was seven before now it's eight perfect we can also grab the value of that so if we wanted to do something like print drinks dot get and then we do white Russian totally do something like this and save and hopefully it will return eight and it does so that is it for this lesson we're going to go ahead and move into a new file here in the next video so let's go ahead and save this and close this and we'll prepare for the next video so I'll catch you over in the next lesson okay so I wanted to talk about importing we're going to talk about importing modules so I wanted to make a new file for this let's just call this mouse pad importing dot Pi or whatever you want to call it and I'm going to do the Ampersand here and again if you're using Windows or Mac just make sure you create a new file for this I'm going to go in here and I'm going to add my shebang like before I'm going to declare bin Python 3 and save this and now we're going to go ahead and talk about importing so importing let's type this importing and we'll say importing is important now modules exist within python that are built in but not available to us without importing them so like you saw us being able to do math but we could import a more robust module of math and then use that to do more advanced calculations outside of adding subtracting exponents Etc in this instance we're going to talk about a couple of different Imports that we can do and that you're going to see again as we get into some of our Hands-On stuff and we build out some projects for example we might want to import something called CIS now let's say if we tried to print out sys dot version and we'll just save this and then we're going to Python 3 importing dot pi and you're going to see that I get an error back that says CIS is not defined name says not defined okay well CIS is something that we're going to use quite often in Python you're going to see it imported quite a bit and it does a lot of different unique items like it does something called ARG V for example which we'll use as an example later on but if we want to specify a an amount of arguments say we're trying to run uh Python 3 we're going to do a port scanner later so we'll just say portscanner.pi and we need to supply an IP address here right and this is argument zero this is argument one so if we Supply no argument one then we're going to throw an error it's going to be an if else statement and that's going to use something called RV now we'll get into that later but that's very important it's a part of CIS another part of CIS is doing something like the version type of python that we're used using or another thing is the sys dot exit which you'll see later on as well which is going to allow us to gracefully exit when we encounter an error we tell the script to exit or whatever we're doing so we might need to import something like sis or another one is OS which is very common to be imported as well so let's talk about importing in order to import we can say something like import sys just like this and we can just say this is for system functions and parameters save that and let's go ahead and just print this now and see what happens you can see now that sys has been imported even though it wasn't built in automatically we can import it and you can see now it tells us hey we are running on version 3.10.5 of python and it was downloaded on June 8th 2022 or built on June 8th of 2022 so from here let's go ahead and import something else let's go ahead and import date time and we can import from something so I know this is going to be confusing but we can import specifics from a module so we're just importing the date time feature from date time even though they're named the same just know that we can import specifics we don't have to import the whole thing even though we totally could just import the whole thing as well so here for example we can say print date time dot now like this and you know what this is going to do it's going to tell you what the date and the time is and I apologize this is backwards this is it's from date time import date time so again your syntax will tell you where it's wrong and it is perfectly normal to make mistakes I leave these in the video so that you see that I am human too and it's completely normal to make mistakes like this so go ahead and do your script now and you'll see that it gives the date and the time so right now it is July 6th and it is two o'clock in the morning I am a night owl now one other thing that we can do is we can come in here and we can from daytime import date time and we can also give this an alias we can say as DT what if we don't want to write date time out we just want to do DT just like we didn't want to write new line out we did NL same kind of concept so we can just say import with alias and instead of saying date time.now we could just say DT dot now save that go ahead and print it you can see it still works so absolutely the same thing we're just giving an alias making it a little bit easier to run okay so that is it for this video let's go ahead and close this out and then I'm going to meet you in the next video we're going to talk about sockets before we get into building out a port scanner so I'll catch you over in the next video okay so let's make a new file and we're going to call this s dot pi and again create this however you want to if you're using Linux you can follow along like this or just create a new file in Linux or Windows again we're going to shebang this up here I'm going to give this a bin python 3. now this is an incredibly necessary if you're running on Windows or Mac but this is just best practice for me this is the location of my python even though I'm not actually calling it I am calling it with python3 so this isn't incredibly relevant as long as you're using python 3. now we are going to deal with sockets oh sockets now sockets are what can be used to connect two nodes together so we're going to use this to connect to Ports and IP addresses if you're unfamiliar with computer networking that's okay but what we're looking for is a port and we're going to look for that port on an IP address and on that IP address that that port is open we're going to make a connection to this we're going to build a port scanner in the next video or in later on in the lesson and you'll see this in action right now I just want you to notate understand what we're doing and then I'm going to demonstrate an example that you do not have to follow along with and you might not be able to follow along with so that's okay but just know that sockets are used to make a connection between ports and IEP addresses and you'll see that here very shortly so you do not name this by the way socket.pi if for some reason you came in here and you named this socket.pi this will break python because we are going to import socket so make sure that you come in here and you rename this if you named it socket.pi it's very easy to do that but that will break the socket dot Pi which is but we're importing here so with this we're going to set a couple of variables we're going to say host is equal to 127.0.0.1 and this is our loopback address or our home address if you're not familiar with computer networking I do recommend that you go take a class on computer networking because it will become very important as you get into python development especially if you ever work with nodes of any sort so other thing is ports so we have ports on our machine that we can connect to we're going to be using TCP uh if you do not know what TCP is or what the ports are that's okay you can still follow along but know that there are 65 535 available ports some ports are very common in what they use like Port 80 for example is a web server over HTTP you have 443 which is https 21 is FTP there's a lot of common ports and protocols that are out there we're going to pick a non-standard port non-common we're just going to say 7777 so what I'm going to tell this to do is I want to tell this to reach out to this host which is just going to be us for this example and this port I want to make a connection on this port now I'm going to give a variable of s and this is going to be a very long statement so if you say socket dot socket I'm going to type this out and I'm going to explain everything okay so socket dot AF init then we're going to say socket dot sock stream and then just for your notes AF init is ipv4 sock stream is a port so we're giving it this s because we are not wanting to type this whole long thing out all the time we're just shortening this what we're going to do is we're going out to make a connection to this AFI net which is ipv4 IP address which is what this is and we're going to also make a connection on a port which is our sock stream we're going to give it this port so we're going to say that by doing s dot connect and we're going to come in here and this is going to be a tuple so we're actually going to use double parentheses here oh support okay and we could come in here by the way and we could just put in one two seven zero zero one instead of using a variable but I like to use variables because it's best practice but you could hard code this in if you wanted to but here I just like using the variables easier to change especially if you're coming in here and you're writing in a bunch of host Port calls so the variable is easy just to have in one place as opposed to hard coding this okay so I'm going to go ahead and save this this is where I do not expect you to follow along because you might not have the architecture behind it now as I stated in the beginning of this video I am an ethical hacker by trade which means that this version of Cali that I've been running on her this version of Linux that I've been running on is actually Cali Linux and in Kali Linux we have a bunch of tools available to us for pen testing and ethical hacking one of those tools is a tool called netcat now netcat is NC and basically what it does is allows us to connect to open ports or establish a listener on an open port so what I'm going to do is actually I'm going to open up a new tab here make this bigger and then I'm going to run this here just understand if you've never used netcat before that's fine I'm just opening up a listener on a port that's all just worry about the L and the P for now listen on Port 7777 anybody makes a connection on that Port we're listening so we are going to connect to ourselves because we wrote the script out to 127001 which is us and all we're going to do is python3 s dot pi hit enter nothing's going to happen we don't have any print statements anything crazy but you can see that a connection was made from one two seven zero zero one to one two seven zero zero one and it made a connection on this port and we connected on the other side on this other Port here which don't worry about that too much if you're not familiar with networking that's absolutely okay but there has to be two or it's being connected um one on one side one on the other so here we made that connection we didn't tell this to do anything else we just said hey go out listen for this connection we made a connection we established it we did our job we used our socket and we are good to go here we close the connection because there was nothing no instructions given or anything else and that's all we needed so what we're going to do now is we're going to in the next video build out what I call a terrible Port scanner and we'll talk about why it's terrible but we're going to tie everything we've learned so far together and build something out that is actually usable with python so I've been throwing all these lessons and terms and everything out to you now we're going to apply that you're going to see how we can use that all together and I'm very excited so I'll catch you over in the next lesson when we start building out a port scanner it is time to create our first project and this project is going to be building out a terrible Port scanner and so let's go ahead and create a new file I'm going to call this scanner.pi give it the Ampersand here if you're on Linux and then we're just going to call this in python3 save it get the pretty colors going and what we are going to do is we are going to create a scanner that is going to be something like this we're going to type in python3 scanner.pi and then we're going to say IP address we want to provide an IEP address and then it's going to go out and do Port scanning on the IP address so hopefully we can build that out for now let's go ahead and import a couple of things I should say a few things we're going to import CIS talked about CIS I'm going to import socket talked about socket and from date time we're going to go ahead and import date time so none of this should be new to you so first thing that we're going to need to do is Define our Target so we need to set up an if statement I'm just going to say Define our Target and what I want to say is if the length of CIS ARG V and I'll explain this in a second is equal to 2 then we're going to set a Target variable Target is going to be equal to socket dot get host by name and we're going to say sys dot ARG V1 and all this is going to do is Translate hostname to ipv4 all right let me make the else statements I'm going to come back I'm going to explain everything okay so if we do else we're going to print out invalid amount of arguments and also print out syntax Python 3 scanner dot pi IP address something like that okay go ahead and close that off okay so we're taking a method of length and we're saying CIS dot ARG V we spoke a little bit about argb in the importing section RV is going to be the amount of arguments that we are giving so when we come in here and we type in python3 okay our first argument argument zero in theory is going to be scanner.pi the second argument or second index index of one is going to be the IP address that we give so 192.168 1.1 or whatever it might be so we need to have two arguments if we have a third argument it's going to break if we don't have a second argument it's going to break if we just type in scanner.pi it'll break if we type in an IP address like 1.1 and then we type in something here it's going to break because there's too many arguments so if it doesn't meet this specific length then what we're going to do is print out invalid amount of arguments here's the syntax give somebody some some help here if it does meet the length then what we're going to do is we're going to set our Target equal to socket dot get host by name and all this is saying is we're going to get host by name of CIS arcv1 that's our IP address now this is going to translate a hostname to an ipv4 so in case for example if you did python3scanner dot pi and you had a host name like I have a host in my house called Punisher like if I gave it Punisher and my DNS knew internally that that translated to a specific IP address in my network that's fine this will translate okay easy enough but we could also just give it an IP address so that's what we're looking for here I highly recommend for this example using an IP address in previous lessons when I've taught this before somebody has tried typing in a host name and it doesn't always go as planned though we will talk about adding error exceptions for that here in a little bit so right now all we need to know is we're trying to set this up with these arguments now this is not the best logic this is something that will work for our needs because we are building this out but if we're building it out for somebody else this logic's not great and this is why I call this a crappy Port scanner is because it's not the best we're only doing it for proof of concept and to learn what we've learned so far but think about this in another way think about if we're running two arguments well I could give this an argument what if I if I come here and I say python3scanner dot pi and I give it the second argument but I give it like 192.1 or something like that well that's not a host name it's not going to translate to anything that's also not really an IP address so we should really add some other statements in here to say hey it needs to be a valid IP address it needs to be like have four octets like we expect and if we really wanted to get critical about this we can make sure that it is a valid IP address because I P addresses can serve like 256. whatever so we could say it must be between like you know each octet must be between 1 and 254 and get really refined with that and say hey that's not a valid IP address thus we're not going to scan this but we don't have to worry about that right now I'm just saying the logic behind it we need to start thinking about well how can a user break this we know how to run it but if we gave this to somebody else how would they run it and how could they break it or how could they typo some something so these are things to think about as we go so for now we've added this in we've got this in here we could test this if we just save it we come in here and we just say Python 3 scanner dot Pi we don't give in any arguments you'll see that it says invalid amount of arguments python3scanner.pi is the syntax perfect don't give it an argument right now because it's going to break if you don't have DNS translating properly so from here let's go ahead and add a pretty Banner so just add a pretty Banner and all I'm going to do is do a print command and I'm going to just do a bunch of dashes this is not really going to be that pretty of a banner but it's still going to be a banner and so when this kicks off if if we've got a valid IP that we're going to be scanning we're just going to do scanning Target and then we'll just do a space and you could just do a concatenation here of plus Target you could do F string if you want completely up to you on how you want to do this so we just do scanning Target plus Target this will say what the IP address is we can do like scanning Target of that something along those lines and then we could say print time started and then we can give this something like a string so we want to give plus a string of date time dot now remember we can't concatenate numbers and strings so we're going to go ahead and do this and then we'll just print out this one more time okay I'm going to save this let's go ahead and try running this with like I don't know 192 168 1.1 okay so this is what we get we can see that we have scanning Target okay scan Target 192.168 1.1 here's the time that it started perfect we've got a pretty Banner set up so now let's actually start making it do something so we're going to use what is called the try command we're going to try something and if it works perfect if it doesn't we're going to have exceptions for that so here's what we're going to do we're going to say try or we're going to do a for Loop port in range remember we talked about a range earlier we talked about well what about a 4ip in range of 1 through 254. we're doing the same concept here now we're just giving it a range now there are 65 535 potential ports I'm not going to force you to scan all those if you want to you can come in here and say 65 535 this is not threaded we are not doing any sort of speed runs here this is could potentially be a slow Port scanner so it is best in my opinion to do like a port scan between 50 and 85. and the reason I do this is because we're going to scan or attempt to scan our home router and usually DNS is open on that and usually Port 80s open on that so I'm trying to look and see if we can find a couple ports that might be open so for port in this range what we're going to do is we're going to set our s equal to that lovely socket dot socket socket dot AF inet and socket dot sock underscore stream just like that and then we're also going to come in here and we're going to do a socket dot set default timeout to one so if it responds back or doesn't respond back within a second we're just going to move on we don't want to stick to scanning a port waiting waiting waiting for not to respond back to us and then the script takes long and longer and longer so we just want to make sure that we set our default timeout to one there and then what we're going to do is we're going to go ahead and set a variable result and result is going to equal to s dot connect underscore ex and I'll explain all this in a second Target import all right so what this is doing here actually let me type out the rest and then we'll go back we're going to say if result is equal to zero we're going to print out port we can do is open so now we can come in here we can do a format Port if we want to you could use an F string here if you want to so we can just use an F string I'm just showing you examples but you can say port and just do an F in front of this okay Port whatever is open and then we're going to close the connection all right let's read through this make sure we understand what's going on so we're gonna do a for Loop for a port in the range of 50 to 85 so we're going to start with 50 and 51 then 52 go through that process we are setting a variable of s equal to this because we're going to gather the ipv4 address and we're going to gather the port that we're trying to connect to now our ipv4 address here's our Tuple right here we are saying I want to connect on Target and Port Target is going to be supplied by us we're going to use rb1 so we're going to supply the IP address and the port is going to be this range here so for port in range we're declaring Port here now this s.connect underscore EX this is an error indicator so if a port is open the error result returns zero if a port is closed it returns a one so if the result is a zero we're going to say hey this port was open if it's not it's going to close out and we're going to close this then we're going to go back to the loop and come through and try it again so we're going to close out our socket connection on that Port come back try 51 52 etc etc now before we run this there are some exceptions that we need to consider so the first one we're going to try this but we need exceptions so accept what if we have a keyboard interrupt so we'll say keyboard interrupt and that just means what if we hit Ctrl C while this is running we can stop this on our own so we're providing an exception of a keyboard interrupt and we're going to say exiting program on a new line and then we're going to assist exit remember I talked about sysexit and we're going to allow us to exit gracefully we can also do an exception of a socket dot gai error now this is what happens when the hostname does not resolve so what if we say hostname could not be resolved so if we typed in a bunch of Mumble jumbo up here we say like Python 3 scanner dot pi and we just typed in something and that doesn't resolve to an IP address well guess what this is going to throw an error now and we can exit we got to cover all of our bases lastly what if we have a socket dot error so we have an error when we're doing this and we print out hey we could not connect to the server just it's just not online what if we try to connect to an IP address and it doesn't talk back to us but not connect to the server so something to think about there again we'll assist dot exit so let's go ahead and save this now you're going to need to run this against something so I'm going to show you an example of mine okay so in order to run this we need an IP address now if I type in ifconfig I'm actually on a virtual machine right now so 192.168.138.140 is not my true IP address I'm actually going to bring up my Windows machine that I'm on and you can see here that I have a default gateway of 192.168.4.1 so make sure you know your gateway or what your router's IP address or that you have a machine that you can scan that you know might have a port of 53 or 80 open or you need to modify your script to make sure that you can scan for something but I'm going to go ahead and scan my 4.1 because it should have some stuff open so if I do a Python 3 scanner.pi I'm going to come in here and just do a 4.1 and I hit enter this could take some time so what I'm going to do is I'm going to let this sit here actually it's already it's zooming through uh you can see it found Port 53 pretty quick um and then this might take time to find Port 80 if Port 80 is open but basically what it's going to go through is go through 450 51 52 53 all the way through the process and has that one second timeout as it goes through and checks each and every one of these ports so it should take maybe up to a minute for this to work so I'm going to go ahead and pause right here looks like we're almost done actually or 80 came back as open too no need to pause it finished while I was yapping so you can see I came back and said 453 is open port 80 is open so our script worked it took forever to scan these ports but it is working so we were able to build out let's go back and look at this this is awesome we were able to build out a port scanner that came in here and within two hours you now have the knowledge to build out a basic Port scanner you didn't think you would be able to do that well here you are look at you you're awesome okay so we were able to give it an argument we set our if conditional statement make sure the length of the argument was two valid otherwise we have an else here we made a little pretty Banner we imported some stuff got that all working we did a try statement which really was just a for Loop in here and we had some logic based on conditions that would happen within this for Loop we had a for Loop and an if statement together we used a F string to print this out pretty cool came through we had some exceptions as well for example like the keyboard interrupt just as to show you if I come and run this again if I wanted to stop this scan in the middle of it I could just hit Ctrl C and it'll say hey exiting program and that's exactly what we told it to do we could say in here it says exiting program so that's the keyboard interrupt same thing we had exceptions for not being able to connect or we had the hostname could not resolve we would also have those sorts of things as well so you could test out those errors see if they work for you but other than that we built a scanner so this is Project number one we're gonna go ahead and move on to learning a little bit more Python and then we'll go ahead and get into some more Project work so I'll see you over in the next video now we're going to take a look at accepting user input in our program and then how we can manipulate data with that input so let's go ahead and make a new file I'm going to just say mouse pad and we'll call this input dot pi and I'm going to bring this over we'll give this the shebang then python3 here save it get the pretty colors and in order to take input in Python all we actually need to do is just use input something like this so we could say like enter your name for input like this and put a space and we'll need to put this into a variable so if we come into the front of this and we just say name is equal to we could do something like that and then we can just print out like hello and give a space do name and then we'll add an exclamation at the end or a period at the end doesn't really matter and then we can just come in here and save that and if we run this close this out I forgot to add an ampersands we'll do that real quick and if we run this now we just say python3 and we say input dot Pi let's say enter your name I'll just say Heath and you can see it says hello Heath we can add upon this we can say like what's your favorite drink so if we just make a variable and we call it drink and we do input and say what's your favorite drink and do a question mark something like that we can come in here and then just add upon this if we want we can just say have a space plus drink less period all right and it should say welcome Heath have a and then whatever drink we put in here so if we save this come back and run it okay I'm gonna put Heath as my name and then White Russian is my favorite drink and it says hello Heath have a White Russian so we can easily accept input like this so let's think about if we wanted to build out a calculator I'm going to go ahead and delete this what if we wanted to take input and make a mini calculator we could definitely do that so what if we had two numbers and we've been taking X and Y so if we said X is equal to input and we'll just say give me a number and then we'll do something like that and then we can also do y and also make that input give me yet another number you put whatever you want here by the way and if we do something like print X Plus y and we do that let's save it and let's see what happens here so I'm going to print this out we'll give a number we'll do three and then we'll do two and it gave us 32. why is it doing that well what it's doing is it is taking these and giving this to us as a string so we need to either do an integer here and put this in an INT or we need to take this as a float so if we think about this from the past if we want to only take integers we can but if somebody were to put in like 8.7 or some number here and they gave that to us well we would only take the eight and we would leave off the 0.7 so I think if we're building out a calculator it's better to use floats so we can just come in here and say float and we'll put this all in parentheses and then we'll do the same thing right here so now when we come in here and we'd save this and run this again what should happen is this should work properly so if we did like three and then 3.2 you'll see that we get 6.2 which is proper that's awesome well what if we wanted to build this out further we could make this into a situational thing what if we not only wanted to do an addition but what if we wanted to allow the user to say I want to add or subtract or divide or multiply or maybe use an exponent we could do that so what if we added another variable and we just called this o for operator and we just took that input and we just said something along the lines of input give me an operator right and maybe we put this in the middle here so that way we're not just getting two numbers maybe we want to take that and we want to say something like this so that way you'll say give me your number give me an operator and then give me another number and we'll print that out so now let's think about how we want this to flow if we want this to work with a addition like we already have we might want to come in here and just say something like if o or operator is equal to a plus sign well then we'll come in and just print out X Plus y remember the indentation is important here else if or L if o is equal to a minus guess what we're going to print x minus y and we can continue on here else if o is equal to division we'll divide and then we'll multiply as well so x divided by y else if o is equal to multiply here we'll go ahead and multiply that let's throw in an exponent for good measure so let's do L if o is equal to an exponent so that's two asterisk there and then we'll just print out X times y so we've got a mini little calculator here and we need to end this with an else statement so what if we take input that doesn't belong here if it doesn't match one of these operators then we can just print something like unknown operator all right and period there save that and this should work so let's go ahead and give this a try what if we come in here we just say give me a number we'll do three and let's say we want to multiply and we'll do by three and we get a 9 we can do it again we can try something like we'll do uh four and this time we'll do an exponent we'll do four so four to the fourth power is 256. so we have just quite easily built out a little calculator that we take input from a user and then utilize that to calculate that expression given what is given to us by the user now let's think of something else here just as an aside what if something is written differently like when I think of math with python yes we think of two asterisks as an exponent but what if we had a situation where we wanted to maybe use the up Arrow or the carrot symbol which is how I've commonly seen it used online for Math and exponents well we could do something like or o is equal to the up Arrow like that and what if we save that and ran this now and if we gave a 4 to the up Arrow of 4 guess what we still get 256 so we can use our statement like that here our and or or other operators that we have learned along the way so start thinking about it like that as we start to piece these things together we're starting to build out little projects and we can use some of the logic that we have already learned throughout this course so that's it for this lesson we're going to go ahead and move on to the next one okay now we're going to talk about reading and writing files using python so let's go ahead and make a new file I'm just going to mouse pad and we're going to call this file months Dot txt and in here let's go ahead and just type out the month so we'll do January February March April if I could type May June July August September October November and December if you need to take a break and catch up go ahead and do that save this and once you have it saved go ahead and close the file out so let's go ahead and create a new python file so call this mouse pad and I think we'll just call this read write dot pi it'll do an ampersand here and for this what we're going to do is we're going to go ahead and look at how we can read and write files so the way that we do that is with the open command so we'll say something like open and with open and actually let's add the shebang up here really quick in python3 save it and with the open command we can say something like open months.txt and I need to add this here so if we open months.txt what we need to do with this or what we typically do with this is we store this within a variable so we might just call this months equals open months.txt and if we want to read that file we can come in here and just print out months and you'll see what this does here in a second now best practice says to also close this out anytime we open this so I'm going to go ahead and just add some lines in here because we're going to add some more stuff to this but we can just do months Dot close and we'll save this let's go ahead and run and see what happens here so if we do Python 3 read write.pi you'll see we get this information back let me move this so it's readable and what this tells us is hey this is the name of the file we're in a certain mode in this mode currently is read mode and we get the default encoding here of utf-8 so we're getting information back we're not actually reading the file that we wrote so um some of the information that we can get by the way we can come in here and we can say it to ourselves well is this file readable so we have mode equals R and this is one way to check it there's a couple ways that we can check it as well we can print out month dot mode and that will tell us what mode we're in we can also print out months.readable and that should give us a Boolean statement whether that is true or false so if we come in here and we save this and we do this again you'll see that we get months we print that out we get the whole shebang here and we get the uh mode is equal to R which is readable you can see if we print out the mode we can also see it's readable or if we do months readable we can see that it is readable so we have the ability here to actually print this out and read this file so how do we do that well let's go ahead and delete these two lines and we can just come in here and do month dot read if we do that what happens here let's save it print this out and you can see that it reads through every single iteration January all the way through December perfect so we just read a file and we closed out working as intended if we wanted to read this line by line we could we can do months.readline like this and if we save that in print we will read literally one line if we wanted to read a second line we could copy this and we could paste this and save it and come in here and guess what we'll get January and February this time so if we want to read this we have to read line by line now if we wanted to read all the lines at once we could do that in a different way we could do that with read lines and this will print out an empty array or a list here actually and what you'll see is we get January a new line February new line March Etc so we put this into a list and now if we try to actually run this again let's actually tab over we tried to run this twice look what happens I'm going to print this and save this so we have the first list here and then we have a second list here the second list is empty well that's because we've actually already read this so we read through it here first and then it's empty the next time we try to read it so if we wanted to read it again what we need to do is actually use what is called the seek method we can come in here and say months.seek do zero like that to go back to the very first line and print out again and now you can see we actually printed this out twice so that works out well we also have the ability to put this into a for Loop to read through every iteration of the line so if we wanted to do something like four month in months we could just print out month all right and that should iterate through everything in here so save that print this and you can see that it indeed does print through everything we can also add the dot strip at the end of this save that print and you can see that we strip out any of the new lines that are in there so you saw we got some spacing in here it's a little funky so if we came through and we just added the dot strip that makes our for Loop a little bit better so again remember what we're defining here is whatever we want we can call this for X in months make this an X and it's the same thing but logically it's just easy to call this month in month and then we can just print those out so we can iterate through this so so far up until this point all we've done is been able to read a file what if we want to write to a file or append to a file well we can do that as well so if we wanted to for instance open a file let's open a new file let's do something we haven't created yet let's do days of the week so let's do open days and if we try to do this let's change months to days and we're going to change days to close and we're just going to leave this open right here so we have our best practice now if we try to run this with an open days.txt uh we're not going to be able to do that because currently we're just in read mode so we want to be able to turn over and put ourselves into write mode in order to do that we can just do a w if we wanted to check that out we could just do print days.mode like we saw before make sure we are actually operating in right mode so if we save this you'll see that we are in right mode so we're good to go you could also just again delete this save and print out days apologies you print out days save that you'll be able to see that we are also in write mode so both of these work now let's write to a file so we've got days let's go ahead and write to that so we can do something like days oops days dot right and let's say we wanted to put Monday into days save that close it and if we go ahead and execute that nothing happens but if we go ahead and cat out days.txt you'll see that Monday has been put into days.txt perfect so now what if we wanted to continue on with this let's put Tuesday in there and we're going to need a new line so let's go ahead and do a new line with that and we'll do Tuesday and hopefully when we write this out we'll see Monday and Tuesday so let's save that print this sorry let's run the script and then print this and you'll see we have the new line in there and we have Tuesday but we actually overwrote it we don't we don't have Monday anymore so what's happening here is we're actually writing to a file which is overwriting the file we're not appending to the file so if we wanted to append to the file what we need to do is change this W to an a and we can come in here and we can write in Wednesday if we wanted to save this and now let's run this and run that and now you can see we have Tuesday and Wednesday so understand the difference between R being read W being right which overwrites and a being append which allows us to append a file instead of overwriting a file so that is it for this lesson I'll go ahead and see you over in the next one all right let's talk about classes and objects so python is what is known as an object oriented programming language so pretty much everything in Python is an object and we can use what is called a class to be what is like an object Constructor and we can use that to help create objects and this is a little bit easier to explain once we actually demonstrate this so we're going to create a couple of files in this lesson and the first thing that we're going to do is we're going to do a mouse pad and I am going to create a file called employees dot pi and in this we're going to go ahead and declare class I'm going to save this here so let's do class employees save it and we're going to go ahead and hit enter and just tab over and we're going to do this Define and two underscores i n i t or init two underscores again and we're gonna put some parameters inside of this function and we'll talk about what the init function is here in a second let's go ahead and let's think about having employees so the first parameter we're going to Define is called self and then for our employees we might want to know the employee's name we might want to know what department they work in we might want to know their role in that department their salary and maybe the years that they've been employed so we'll do years underscore employed and just like a function We'll add the colon here at the end and we're going to go ahead and tab and then we're going to Define all of this so let's go ahead and say self dot name is equal to name so we're creating methods here which you'll see us use in just a bit we're going to do self.department equals Department and you should get the gist at this point self.roll is equal to roll self. salary is equal to salary self dot years employed is equal to years employed okay so let's save that so all classes have a function called the init function and this is always executed when the class is being initiated so we're going to use this init function to assign values to object properties so what we're doing here is we're creating these parameters within this function and we're also building out methods that we can use once we import this class so let's go ahead and close this out and we're going to open up another mouse pad and we'll just call this something like our employees dot Pi you can call whatever you want and I'm going to go ahead and do my shebang at the top we'll do bin python3 save that and from here I want to actually import the class that we just built so what I'm going to do is I'm going to import this and we're going to say from employees import employees all right and we can make a couple of employees here so let's set a variable of E1 for employee one and we'll just do employees and I'm going to stick with the Bob's Burgers theme from earlier we'll just say we've got Bob remember we we're declaring Bob's name his department will say he works in sales will say that his role within the department is the director of sales and we'll say his salary is a hundred thousand dollars a year and that he has been employed for 20 years and we'll do another employee and we'll say that this employee is Linda she is an executive she is the Chief Information officer or the CIO she makes a hundred and fifty thousand dollars a year and she has been with the organization for 10 years so we can do some stuff with this we can go and say like print E1 dot name let's save this make sure everything works coming here actually let me close and reopen this because I forgot my Ampersand on this and we'll come back and now we'll go ahead and do python3 our employees and you'll see that print e1.name is pulling down Bob so we're using the name method that we created with our class so we Define that within that class so now we have the ability to pull down information based on the class that we built so we can also do something like print E2 dot roll and we should get that role printed out for us so if we see E2 roll we're getting that she is a CIO so that is accurate statement here let's see if we could open both of these let's open also employees.pi and we have both of these here now so it's a little bit easier to see we've got our function our init function here and we have all of our methods that we've defined now we can build upon this within this class so let's say if we wanted to make another function if we wanted to say something like Define eligible for retirement and we just said self in here as the parameter what if we said something like if self dot years employed is greater than or equal to 20. then we return true because if the person has worked with us for 20 years then they are eligible for retirement otherwise if they haven't then they haven't earned their retirement yet so we can look at an employee and see how long they've worked with us and we can save this here and then we can come in here we can do something like print and we'll say E1 and we'll ask if they are eligible for retirement okay save this print this out and you'll see that Bob is indeed eligible for retirement because he has been with the company at least 20 years which is what we put here within the class so just know what we're doing is we're building out our own class and we're able to Define these functions and these parameters and these help us with creating our objects that we're using over here so we've got our classes and then we've got our objects so this can get really robust very quick and we'll build out a project to look at that here in the next lesson and that way we can tie this all together but this is a very important part of programming and this is very much a one-on-one class so we're just skimming the surface on what this is but this is actually incredibly useful when we start building out classes like this to help with other things that we're writing and pulling information from so that's it for this lesson we're going to go ahead and move on to the next one we have reached the final project in this course and this is going to tie everything together that we have learned thus far so I am a bit of a sneaker head which means I really like shoes and so what we're going to do is we're going to build a budget app using classes and objects and we're going to see what shoes we can afford based on how much money we have so we're going to go ahead and start with the class and we're going to just make a new file we'll do mouse pad and we'll call this shoes I can type shoes dot pi open that up and we'll also open up a new window as well or just a new tab here and we'll write in both of these so uh for this one we're going to go ahead and just define a class of shoes and I'm going to go ahead and just save that so I see the colors and here we're going to Define our init statement and we're going to just say self and then we're going to have a name our name of our shoe and the price of our shoes and within this we're just going to Define self.name equals name this should all look familiar so far and self dot price is equal to price what we're going to do with the price because we'll run into an instance where this is going to be taken potentially as a string we're going to go ahead and just give this a flow we want to make sure that we are assuming this is going to be a float of a price here let's go ahead and Define a few more things so I want to define a budget check and I want to make sure that we have the budget here so what we're going to do in this instance is we're just going to say self and then we'll also add in budget here and we'll come in here and we'll do a check first we want to make sure that we are given an integer or a float here when we are asked for the budget so we can say something like if not is instance and what this means is we're saying if this type is not what we're specifying here then we're going to go ahead and reject this and close out of the application so the is instance looks for our type and returns a True Value but if we say is not true then that's false remember our truth tables and thus becomes invalid and closes the app so what's going to happen is we're going to say budget and we're also going to look whether budget is going to be an INT or a float and if it is not one of those two things we're going to go ahead and print out invalid entry please enter a number something along those lines and then we'll exit the application so let's say that we have a budget and we want to also know how much money is left over if we buy the shoes so we can define something like change or what change is left over and we could say something like self Budget on this as well and we can just return our budget minus ourself dot price so remember we declared self.price up here now we're calling it we're just saying Hey I want to return the value of the budget that we have minus the cost of the item that we're purchasing okay only a couple more things and we'll be done with our class here so we also need to purchase it right so let's define buy and we're going to do self budget again and here we're going to do a self dot Budget Check and we'll check our budget and what we'll say is if our budget is greater than or equal to self.price then we're going to print out we'll do a F string here and we'll just say U and cop sum and then we'll do self.name so the name that we'll provide here this will all make sense once we tie it all together okay and then if our budget is equal to the self.price then we're gonna just say print out you have exactly enough money for these shoes otherwise we can do else now we could go through this whole thing and and give a statement and say well what if we had no money or what if we didn't have enough money but in this instance we're just gonna print out the situation of you can buy these shoes and have we have a dollar sign here we'll say self dot change and we'll give a budget left over so left over just like this all right and then when we exit the application we can say something like exit and we'll just give a statement thanks for using our shoe budget app now this might not make any sense yet and that's okay let me make this a little bit bigger and so what we're doing here is we're defining our init and in our init we have a name which is going to be the name of the shoe and price which give me the price of the shoe so self.name is equal to name self.price is going to be a float because we're expecting potentially it could be our price of our shoe could be 2.99 or 100.99 it might not just be a perfect number so we want to use a float we have our budget check here we're just checking the is instance we could in theory add to this budget check and make sure we have enough funding before we come down and do the purchase would probably be the logical way to do this but in this instance we're just using really beginner logic and we're just coming through and we're just saying hey if this instance isn't an integer or a float like somebody types in a string then we're just going to go ahead and reject this we we don't want any we have no interest if this is no integer or float here then we're going to Define our change so if we have uh money left over like if we have budget minus the price of the shoe then we're going to go ahead and give some money back um and then we're gonna buy the shoe as well so we're gonna have our buy option as long as our budget is greater than the price of the shoe we can buy that shoe and if the budget is equal to the price then we have enough money if it's not then we'll actually have some money left over here um unless it's the instance of not having enough money and then it'll just exit the application because we haven't told it to do anything else and then it'll also thank us for using the shoe app so that's part one we have defined the class now could we build this out all in one thing yes we could just write a script out for this we could code this and make it into one easy script but what this will do is allow us flexibility this is where object oriented programming comes into play because we don't have to continue to repeat ourself and what we're following is what is called the dry approach the don't repeat yourself approach and so what we're doing is maintaining everything in a class here and then we'll call that class and make it very easy on us instead of having one crazy long script that is potentially repetitive and a lot more difficult to go through so here we're gonna just open this up and I'm going to call out a shebang I'm Ben python3 I'm Gonna Save this and I'm going to call this uh shoe purchase dot pi save that now we're going to import from our class that we made so from shoes import shoes and let's define a few variables so let's say low is equal to choose and for the low price shoes we're just going to say we can buy some and ones and we can buy those for 30 dollars uh for medium price shoes maybe we can purchase some Air Force Ones and for those maybe they're a hundred and twenty dollars and then for the high price shoes maybe we're interested in purchasing some off-whites and those might run us for a hundred dollars and from here what we're gonna do is we're going to do a try statement remember we've done a try statement before and we're going to say try and we're going to say shoe budget is equal to a float of an input we're going to ask for an input here so this is all tying together we'll say what is your shoe budget do a question mark there tie this together and then we're going to do an exception so if we have a value error meaning we don't get a number back similar to what we were doing previously if we don't get a number back here we're going to say please enter a number now we can come in here and say for shoes in and then we can just give this high medium low like this we can do a shoes dot by and remember we came out with this by Method over in our class here so we're doing a shoes dot by I'm gonna go and check all this for us and we're going to say to budget so we're going to take the input of shoe budget what's the value here we'll take that we'll come in here and we'll see what our budget is if it is greater than or equal to the price of the shoe we're defining our name of the shoe and our price of the shoe from our parameters that we defined up here name and price so we're saying hey our the name and the price so is the price of the shoe is it at least the amount of our budget and if it is we can buy that and we'll check in the highest order and then go in the lowest order if you flip these and you put in 400 we just keep telling you that you can only buy the low price shoe so you need to make sure it's in the highest to the lowest order in this this example and so it'll check do we have enough money to buy the 400 pair of shoes no okay and then do we have enough money to buy the 120 pair of shoes no do we have enough money to buy the 30 pair of shoes so we'll go through that and iterate in this Loop to see what we can or can't buy so let's go ahead and save this and we'll save shoes.pi and I'm going to go ahead and run this hopefully I have no typos I will do shoe budget shoe purchase sorry and run this and I do have a typo and so if I come back in here I forgot to close off my F string so let me save that now let's try this what is our shoe budget let's give it a few different options if we said our shoe budget was thirty dollars exactly well it's going to say that we can cop some air some and ones sorry and we have exactly enough money for these shoes thanks for using the shoe app uh what if we had 31 dollars well we could still cop some and ones and then we can buy these shoes and have one dollar left over all right what if we had 450 dollars well we can buy the off-whites and we can buy those and have fifty dollars left over for our budget so hopefully this makes sense I know this is a lot of information and this again is just a one-on-one course so we're just kind of dabbling in the object oriented programming and if you continue on with python from here and you start getting into more complex material then you could build upon what you're learning here so try to think of something that you might want to script out like this or write out like this and think of the logic behind it I highly recommend going and doing coding challenges or programming challenges and try to increase the logic and the ideas behind what you're trying to build and that just takes practice all this takes practice it's one thing to watch and follow along with somebody it's a whole nother game to go out and do this yourself so start thinking of some things that you want to build really use your Google skills look at stack Overflow and look at some Googling and some redditing and just try to piece together the logic that you have in what you want to build so highly recommend building upon this this is a great language learn and very flexible and I hope that you continue on with this okay before we get hands on I have to give you a little bit of Death by PowerPoint but it's for good reason so we need to introduce the five stages of ethical hacking these are the five stages that you will go through on every assessment so before we do that let's first make a big note from here on we are moving into the ethical hacking portion of our course we're going to learn malicious things please only use the information learned in this course for ethical purposes do not attack your neighbors do not attack anybody that you do not have explicit permission to do so you can and will get into trouble for doing that so with that out of the way let's talk briefly about the five stages of ethical hacking so we start up at the top and we actually start with what is called reconnaissance the stage is also known as information gathering and there are two different types there's active and passive now passive is saying like going out to Google and searching for somebody say you're giving a client and you want to look at their Google you want to look at LinkedIn you might be looking for I don't know a picture of their badge or an employee's name or maybe an employee's Twitter page that's all passive you're not actually going out to the company's website and doing anything active against it now active reconnaissance kind of falls into place with the second phase which is scanning an enumeration now that is active that is where we go out and we take tools such as nmap and nessus and nicto and you've never heard of any of those that's fine but we take those and we scan actively against a client now what we're looking for are open ports vulnerabilities different items and with what Returns on these results when we do this scanning we also perform what is called enumeration enumeration is just looking at items and digging into them to see if we can find anything of value say that there is a web server running on Port 80 we see Port 80 is open and it's running something like Apache 1.2 which would be really really outdated we would go out to Google and we would say Google do you know if Apache 1.2 2 has any X place for it and we would do research that's the enumeration portion of it so once we do our information gathering we do our scanning enumeration then we move into the gaining access portion this is also known as exploitation we will run an exploit against the client or against the vulnerable service or whatever it may be to try to gain access into a machine or into a network into an environment Etc once we have that access the process starts to repeat we do scanning and enumeration again and we also want to maintain that access right so if we were to get kicked out okay or a user shuts down their computer how do we maintain that access so when they turn their computer back on we still have access to it and then lastly there is the covering tracks you want to delete any logs that you may leave behind you want to delete any kind of malware that you upload which is more important as a pen tester any accounts that you create for any reason you want to delete those as well you really just want to clean up it's a good way of putting it covering tracks is the more hacker way of putting it but as a penetration tester you really just want to clean up so we're going to go heavily through steps one through three in this course we'll also cover four and five briefly but the process in methodology never changes regardless if you're doing network if you're doing web app or if you're doing a different type of assessment it's all similar in this five stages of hacking the tools might change the attack methods might change but the overall methodology is always the same so that's how we're also going to structure this course we're going to go in first and we're going to talk about information gathering and reconnaissance then we're going to move into scanning enumeration and then we'll start with exploitation and do that repeatedly until we get it inside of our heads and our it feels almost second nature right once we have all that done we'll do some practice boxes you know give it a go see how we do we'll move into the internal side of things with active directory we'll start working with our web applications and our wireless and we will touch on the maintaining access and covering tracks but you're going to see this methodology over and over and you might also get this question on an interview you know to describe the five stages so it's important to know these it's just something that every ethical hacker can rattle off pretty quickly so have this written down think about it keep your wheels spinning and let's go ahead and move on to our first section which is going to be information gather ring slash reconnaissance so in some Cool Tools some Google Foo and just what kind of information we can actually gather on a potential client so in this section we are going to be talking about information gathering and all the information gathering we're going to do in this section is going to be passive so I'm calling this passive Recon or passive reconnaissance I wanted to give a brief overview of what we're going to be covering and talk about some high level topics before we get into the weeds and really dive into our Target so let's talk about the different types of passive Recon so on the physical or social sides physical meaning actually going on site and maybe doing a physical engagement or the social engineering aspect of maybe doing a phishing assessment or even including in a physical engagement or a bishing assessment just gathering this information from the physical social aspect is incredibly useful so we have location information so we might utilize something like satellite images or often will go on site and do drone reconnaissance where we fly a drone around and try to gain information and what we're really after with these images of this drone Recon is we're trying to find out hey what is the building layout look like are there badge readers are there break areas does security exist do they have somebody posted out up front can you just walk right in the door what does their fencing look like are are there areas where they're just leaving the doors propped open where do people go out and smoke in these break areas because those are good place to just walk up to somebody light up a cigarette even if you don't smoke and to start a conversation and then tailgate right in with them into the building now the other aspect of this is the job information so we might be looking for employees online I might want to know somebody's name job title phone number who their manager is I try to get a good idea of what people look like so if I see them on site I have a good idea who they are I also look for pictures so I cannot tell you how many times a badge photo is posted on LinkedIn or somebody posted on Twitter you can see all the memes out there about people posting their photos at work and it's bad it happens all the time I see it to this day so we're looking for badge photos I'm looking for desk photos computer photos I had a situation one where somebody took a picture of her watching a game at work she was watching a basketball game at work and the basketball game was on her computer and on her screen there it showed all the different tools that they utilized at work she had a work application open in this photo there was a desk in the background you can see different things and it just gives us information and that's really what we're after what kind of information can We Gather now this course is not a course on physical or social so I kind of wanted to give a high level of what to expect we won't really be doing a whole lot of this in this course with this type of information gathering but these are the things that you should be looking for so if you are tasked with the physical assessment do go out there and look for satellite images try to get a good feel of the building layout and also try to get a feel for who the employees are who maybe the it manager is in case you're going to say you know I work for it they might ask you who your manager is you might need to know those names and of course look for pictures if you can find a good badge photo and what that looks like you can make a fake Badge go on site and you'll be way more passable with that badge but sometimes they don't even look it can be drawn in crayon so from there let's go ahead and talk about what we will be doing a lot of which is the web in host so when you get a web or a host assessment the first thing you really should do is what is called Target validation so we're going to be targeting something on bug crowds we're not really going to focus on this but what we're going to do in the real world is we would validate the Target now there are situations where a client will give you an IP address or a website and they might they might fudge it right they might accidentally fat finger it put uh the wrong number put the wrong letter in the website and then guess what you're off attacking somebody else's website and they're if you're a podcast listener there's a good Dark Net Diaries episode on this if you don't listen to darknet Diaries go check it out there's a great episode with a guy named Rob Fuller AKA mubix and he talks about getting the wrong IP address on an assessment and attacking the wrong people and actually gaining access to that machine which is a really really big big screw up on both parts right so you should always validate your targets on top of this when we're doing our web and our host on the website we're going to look for subdomains and we'll talk more about that as we get into it but we can do that with Google we can do that with nmap sublister there's so many different tools that we can use and we'll cover some of the tools and how to do it get a little deep into that as well especially as we get into the website of things there's fingerprinting we need to know what's running on a website or what's running on a host what kind of services are out there are they running a web server what's that web server is it IAS is it Apache what version is it right are they running what ports are open on their machines oh they have FTP open what version of FTP is open so we need to fingerprint machines and kind of understand but on the passive side we're not touching any machine right so we're not going to be doing much scanning against a host we just have to utilize what kind of information might already be out there so if we go out to a website it's on the border of active but as long as we're not scanning it in my book it's still passive so we'll do we will cover some of the passive slash active side in this section and then when we get into scanning we'll get way more active with it lastly we're going to hit heavy especially in the beginning on data breaches data breaches are the most common way when we're doing an external assessment that we get into networks absolutely by far when we talk about data breaches we're talking about breached incidents from the past that have leaked data again these are like Home Depot Equifax LinkedIn all kinds of breaches that are out there that have had credentials dumped and then those credentials become available to us eventually and we try to utilize those to gain access or at least utilize the usernames to gain access nowadays most the time there's not going to be an easy just scan find something vulnerable and exploit it on the external side of the house so we're looking for these data breaches and this information that we can gather and this is why information gathering and then enumeration and scanning most important by far the better scanning enumeration that you can do and the better information gather you can do the better hacker you're going to be and the better you're going to be at your job so take these first two sections really serious so we're gonna start in with identifying what our Target's going to be for this part of the section and then we're going to go ahead and start talking about data breaches and why they're important and go deeper into that and then we'll go off some of these tools that you see here on this list and really dive into those so I will look forward to seeing you in the next video when we identify our Target and get some information gathering started all right before we begin doing our reconnaissance we have to establish a client to attack so for this course we're going to be utilizing a client out of bug crowd if you've never heard of bug crowd bug crowd is a public bug Bounty program what that means is there are programs on the website that will allow you to attack them and if you find a bug against the program you're able to submit it and potentially get money for it so you are able to hack these programs publicly as they are part of this program now the program we're going to be attacking is Tesla so Tesla is part of bug crowd now please do note please double check when you're watching this course as some time may have passed Tesla might no longer be part of this bug Bounty program so it's very critical to make sure that you are still within scope before you attack if for some reason Tesla is no longer in scope just go ahead and pick a new client and do information gathering on them you don't have to pick Tesla when we're doing this you can just do it to follow along with me but you're also welcome to pick any program you want so if you go to bugcrowd.com and we go to programs I will show you where Tesla exists now you can see here that they have all different types of programs in here and if I were to scroll down and continuously I could find more and more and more there are hundreds of programs involved all kinds of names digital ocean OCTA really big names Pinterest altacian anything that you can imagine probably has a bug program if it's a reputable okay any of the big names most likely have a bug program especially if they're reputable so here you could see what's based on reward what's based on charity and what's based on points only that's how the bug bounties are rewarded some of them are not all cash some of them are just for points and for Kudos and the other ones are for charity I'm going to go ahead and just search Tesla and when I do that you can see here that Tesla comes up now this is your first lesson into Rules of Engagement and we're going to talk about Rules of Engagement later but it's super important to read the program details that you see here and what we really need to do is we need to scroll through and make sure that we stay in Scope when we're doing this so we have a wild card here so this means that any subdomain inside of tesla.com is fair game tesla.cn Tesla Motors Etc what is more important is that we stay within this out of scope so we don't want to attack shop.eu.testalmotors.com or energy support.tesla.com it says you can report vulnerabilities to bug Bounty for this one any domains from Acquisitions such as Maxwell so we have to stay within Tesla and there's a few more sites we're not going to worry too much about that when we get into the web app portion of the course we're going to talk about way more detail on the numerating web applications and go into that so for now what we're going to do is we're just going to focus on information gathering what kind of information can We Gather from this client so again I'm setting my target to Tesla if you pick another Tesla or another client just make sure you stay in scope of that client so from here we're going to move on to our first video and get our information gathering started welcome to the email ocean section we're going to talk about discovering email addresses and this is something that I do on a weekly basis so I'm going to show you the most common tools that I use to actually look up email addresses and try to find people and what you can do to kind of verify email addresses so I'll show you some of my favorite tools and Concepts and this is something that I do because not only for oh sent and doing it for investigative type work but think about sales if I'm trying to find a lead or I'm trying to find multiple leads within an organization I have to figure out where the emails are who the people I'm trying to email are so maybe I'll Google them and say who is the CSO or chief information security officer for this company and I might find that it's Bob Jones and we go look up Bob Jones and we say okay well how do I get Bob Jones's contact information can I find it via Google maybe maybe it's out there in the public but maybe we have to dig a Little Deeper maybe we have to kind of do some guesstimation and see if we can figure it out so that's what we're going to do today is is look at the email addresses formats and try to determine if we can find some emails so let's go ahead and move over to the Kali Linux machine that I've got and the first website is one of my favorites so hunter.io you just come to hunter.io you get like 50 or 100 free searches a month I don't remember what it is it's it's a fair amount uh you can come here and basically just type in a company name so like say I want to type in TCM security tcm-sec and you can see TCM security here we get one result on the email address so we'll click it and see what happens here uh and looks like we have like an info at tcm-asect.com it tells us hey there's five sources that identify this so we see tcm-sec.com there's an about blog so this is where they're finding it okay um a better example maybe a something that has more users like Tesla Tesla has 468 users if we come in here and we look well we can see that they have a pattern identified here so their pattern they're identifying is first initial last name at tesla.com and that's really what we want to see and then we can gather email addresses here if we want but say like we knew Bob Jones again going back to that example Bob Jones so maybe Bob Jones works at Tesla maybe his email would be B Jones at tesla.com so it's something to think about now we can sign up and get actual information here you should be able to sign up with a Gmail account sometimes this does not work depending on the country that you are in so be cognizant you might have to use a different email address but I just tried signing up with a Gmail account that I have on here and it worked just fine so I'm going to go ahead and try to log in I'm going to sign in with Google with what's already here and just now I'm logged in so we can go back now and try searching Tesla again and you'll see that the results actually come back so we get information here now we get let me make this a little bit bigger we get information as to okay here's the vice president this is the vice president's email address uh project development manager maybe you want to talk to somebody in Human Resources so you can click here and go to human resources and then here are the different Human Resources emails that are here so and then the sources that they found these email addresses so this isn't a particular person in HR but it's still Human Resources email addresses so this looks like it's probably for Hong Kong this is for Berlin this is gigafactory so they have different email addresses based on where they are now if you looked up TCM security here you're really not going to find much on us because we don't have a ton of email addresses out there but I think that we can find more in other ways now so we only get so many uses here we'll just keep thinking about this as we move forward so 100.io great great resource they have plugins if you want them I I think it's fantastic place to look phonebook.cz is the next resource I want to show you this one is fantastic let's start with tcm-sec.com and see so we're gonna go tcm-sec.com and we're going to search email addresses here so they do domains and URLs as well which I think is awesome but let's just search for email address see if anything comes back no no results okay that's okay let's try Tesla and see what comes back there okay a lot more so we get uh quite a few email addresses we could see Elon Musk all over the place we've got Elon Dash musk Elon we've got emusks over here and we get a ton of emails look at this so what's nice about this is we can sit here and try to identify what the possible email addresses are so again first initial last name looks like it's showing up quite a bit outside of maybe like the Elon musks of the world we're getting a bunch of uh mostly first initial last names in here so I think that's pretty spot on with this uh the other thing that we can do is we could utilize this list say we're we're trying to do something called credential stuffing which we'll talk about in the next section actually when we talk about breach credentials uh but say we're trying to gather a bunch of usernames and test and see if we can log in with those usernames anywhere or maybe password spraying not so much uh the credential stuffing but password spraying where we take all these usernames and we just throw it at a login form and say Hey Summer 2020 exclamation point you know see if that logs into any of these accounts and you would be surprised it happens quite a bit so you know these are this is valuable information even if we don't know exactly maybe we're not just hunting for one email maybe we're hunting for an entire domain this is a great way to get free entire domains with a quick copy and paste capability like we have the Tesla here we can export the CSV from hunter.io but you only get so many results that you can export into a CSV here you get a bunch there's no guarantee these are all valid but they're still it's still information information is what we want this is all we're trying to gather is as much information as possible so these are all potential email addresses for tesla.com I think it's a great great resource now we could also use something like uh voila no bear now this one you can get 50 more leads for free I'm not going to show you it's the same kind of deal as 100.io they're showing you how to utilize it here basically you can just search for people and see to try to find their email addresses there is one I want to show you that I do use and I have quite a bit of success with and that is called clearbit and clearbit has to be used in Chrome so I'm going to bring up this here clearbit has to be used in Chrome so you can download the Chrome extension for Clear bit and all you have to do is go to Google let me log in really quick and then I'm going to just select the free account we get so many searches 100 emails a month so basically you're going to search for clearbit connect and you would just say hey clearbit connect I'll put a link down below by the way but clearbit connect is awesome you'll you'll see why here in a second once I authorize this okay we're gonna come down here acknowledge probably give out our firstborn and then now we're going to say hey I want to find emails and here's all different kinds of things that we can sit here and search for you can see TCM Securities in here these are some searches that I've done these aren't any clients of mine these are just searches that I've done in the past maybe looking for information or looking for possible leads or anything so if I come in here and I say hey I want to look for TCM security you could type that in I'm going to just click on TCM security and look what it discovered that the others didn't it discovered me okay and if I click on me look it says heat that tcm-sec.com where where did that come from and then look it has my LinkedIn right here as well that's amazing that's awesome and it says here you can email hate just click this button and then it's also got rizwan rizwon's on my sales team look it's got Riz one at tcm-sec.com what does that tell you that tells you that we're using a first name basis for our email addresses it's awesome now let's come in here and maybe we want to look at Tesla maybe let's try Tesla one more time maybe we're looking for the CSO of Tesla Tesla has a CSO you could come in here and look like Elon Musk is right here obviously CEO but you could come in here and maybe go by roll and they have different roles in here so CEO let's see if we can find any sort of CSO uh I don't see one but I do see information technology so maybe we can find somebody the information technology department or it Department um and then here we go we've got quite a few I.T people here's a CIO this could be somebody of interest that we might want to reach out to and we could just scroll through this list and find people so say we want to reach out to the CIO just click on this we get first initial last name just like we thought we would we get this person's LinkedIn page we get their location website this is awesome awesome awesome so I typically will start with a Google search if I'm trying to hunt something down I will start with a Google search I will say who is in this role at this company if I'm looking for a specific person at a company then I will go to phonebook.cz or hunter.io try to identify the the formatting of the email and then try to find that person or guesstimate that once we get to that point I try not to burn through these clear bits unless I need to but clearbit is very good at identifying this once we get to that point we can take this email say like this um this email or we'll even try a different email I'll show you a couple but we could take this and we can go try to verify this so there is a website called email hippo you can go to tools.verifyemailaddress.io and all you have to do is type in an email address here sometimes you can get false positives if they're good or bad here I typed in this email address a couple times and just got a bad result this is an email address that does not exist now let's try an email address that we saw info tcm-sec.com see if it works result is okay so it says yeah this email address works so we're verifying that this is up so say that you get somebody and you see that they have a potential email address you can come here and try to verify it first and see if it works before you go fire off an email uh or don't you don't have to fire off an email you don't have to do anything or interact so this is the benefit like if you're from a sales perspective and you're doing osin here the this is the benefit not having to email get waste your time get it rejected you can come in here and just validate if you're doing an investigation you don't want to interact with the person or company that you're investigating you want to come in here and just verify without any interaction this is the way to do it same thing with this website here email checker.net validate email Dash checker.net validate say hey checking the email I put the same email address here you can see it says bad we could try again with info at tcm-sec.com and see if that works and it says okay so again this is doing a a great job there are possibilities of false positives there are so many searches that you can do per month on these I do believe they have apis which is nice if you want to automate this or script this out but I think this is this is fantastic this is great stuff now there are plenty of other ways to verify email addresses in the next section we'll talk about that even more as we talk about breach data because if somebody shows up in a data breach guess we'll have that email address has been used in the past if you look at something like I have I've been pwn which I'll talk about in the next section and they show up guess what that person's email address has existed so we're trying to verify if an email address exists who that address might belong to Etc now this is more has been from a business perspective some of this hunting down of emails may be more difficult to do if you're trying to find a specific individual that's where breach data comes into play and a lot to This research and what I'm going to show you in the next section we'll try to hunt down individuals with maybe having loose pieces of information like a name or a username or something along those lines breach data can come in handy very very well so this is kind of scratching the surface now there's one last thing I want to show you one last little tip and trick do not underestimate forgot passwords do not underestimate them let's go to Google for example right now I am logging in under an account that is please don't hack me sir please so it's please don't hack me sir plz I do believe I'm gonna go ahead and try hitting next on that okay so first of all it said hey welcome hey what does this mean this means that we have a valid account here that's great this is validating that this Gmail account exists here's something else we can use this to tie to potentially another account or help validate say we know that this email belongs to somebody that's harassing somebody else we don't know who this person is they're using this spoofed email but maybe we have a hundred maybe we don't maybe we just want to try to get more data you can come to forgot password and it's going to say what's the last password remember using I don't know let's try another way you come down here and it says hey let me make this bigger Google will send a verification code to H and it says look it shows you the rest of the the digits here and then at TC here that would give you a pretty good indication if you're tracking who your subject is that this email could tie to somebody else look this is heat tcm-sec.com okay so this email belongs to me this is tying back to me now you have another Point here so if you knew about this email address and now you have the link the connection to guarantee that this person this is evidence right here say you were doing something which we'll learn about again in the next section where you're looking through breach data you find a username that matches this email address and also matches this email address but people can reuse usernames there could be multiple people who use the same username so you need to verify or some link this would be a proof of a link between those a pretty strong proof if you ask me if you can say hey I identified two email addresses with the same username I did an account recovery came in here and saw that this had this same first character and first domain name I think that's a pretty strong correlation so things to think about Wheels to be spinning try to identify email addresses in any way possible we'll cover this more in depth in the next section and I'm really excited because password hunting is one of my favorite things so let's go ahead and move on to the next section when we talk about password osin okay so I would like you to go out to github.com and then once you're there go ahead and just do a forward slash H Maverick Adams h m a v e r i c k Adams and hit enter and you can see me and my snazzy photo here but what we're after is I want to show you a tool that I wrote called breach parse and we're going to walk through what it does now go ahead and click on breach parts and you're going to see a bash script here and a little bit of a description so you do not need to download this let me preface with what we're doing here this magnet link you're going to need one a torrent some sort of uTorrent or BitTorrent and you'll need to download this and it's also something along the lines of 44 gigabytes extracted it's a huge file so you don't have to do this you can just watch and follow along you are more than welcome to install this on your machine I'm going to show you what it looks like so I'm going to go out to my applications and my files here and then I have put this into my opt folder so if you come into opt here and I've got breach parse if you come into this breach compilation folder which is what we'll download you're going to see that we have data here okay so this data has a bunch of different data it's got emails starting with zero one two three four all these different ones what's living inside of this is if we can display it is emails and passwords now you see these ones have weird symbols inside the emails but there's a bunch of emails and passwords in here like somebody at yahoo.com and their password is one two three four five six well these passwords are coming from credential dumps so we talked about it earlier about thinking about the you know Equifax or the LinkedIn breach or Home Depot all these big breaches that happen credentials get dumped out and guess what they show up on the dark web and eventually they show up in these lists so we utilize these lists and we've got you click into this just hundreds of files here and again 44 gigabytes so what I did was I built a little tool that can search through this data and pull down names so we can take a quick look at the tool and what it does but basically what it does is you just put in the syntax you search for something like at tesla.com and then you specify you know tesla.txt and it's going to search through all of these files for at tesla.com if you're more interested in the code behind it you're more than welcome to read the code in here and see if some of the items that we've covered already with the batch scripting and the python scripting kind of ring a bell so what we're going to do is I'm going to come ahead and go into the terminal and make it a little bigger and then I'm just going to change into that op folder breach parse I'm going to run breech parse so reach parse here and what we're going to do is I'm just going to say at tesla.com and then Tesla dot text and that's going to run so again you do not have to install this this is only for visual purposes I'm going to show you in the next video another way to do this so this is going to run through it's going to take a minute here and it's going to grab everybody's username and password that says tesla.com and the username and then it's going to have all the passwords and we're going to be able to decipher things from this so I'm going to let this run and as soon as it's done I'll come back and we'll talk about the results okay the results are back so this breaks it down into three files there is a it's cat Tesla there is a master passwords and user so the master has the username and password and then the users file has the users passwords has the passwords so I'm gonna actually G edit the Tesla master dot text and let's take a look at this so from here we don't have a big list surprisingly for a company the size of Tesla so what happens is people utilize their work credentials their work emails and they log into websites and probably shouldn't be using their work emails for and we just use it to our advantage so we're after is we're after not only these usernames but we're after these passwords as well so we see these usernames and we see these passwords and I like to look for repeat offenders I like to look for the syntax as well remember we had first initial last name but we see first name dot last name here we see possibly you know just a single name there are different types of things in here so uh Nick tesla.com as well so you know it's changed up I think nowadays it is first initial last name but maybe in the past they use first name dot last name then move to an easier format or vice versa they started the first initial last name they got too big then they had to do first name dot last name but again what we're after here is potential repeat offenders so look at this shark at tesla.com it got popped twice and the password is very very very similar so if I were to attack tesla.com through a login interface I might spray this username with this password and this password that's what we call credential stuffing because we already know the passwords and then I might make some modification of capitalized letters and non-capitalized letters with d-a-d-e because 907 and 814 appear to be consistent you know so I would alternate Capitals in non-capitals here in lower case and just see maybe if something sticks so this is something that's interesting this user down here one two three four five one two three four five star probably not going to get in with that on a company like Tesla but you never know but this is what we would do we would take the usernames we would throw these passwords at it and that's called credential stuffing and then we would take these usernames and all the known usernames and we would spray passwords at them like fall 2019 like we talked about in the last video that's password spring so this is a important and very very critical part of information gathering is gathering these usernames and these credentials right off the bat you want to identify those with your targets so this is kind of what it looks like this is what I do during every assessment and hopefully that makes sense and that works into it in the next video we're going to go ahead and just show another method and start thinking again about these credentials and how they can be utilized and then we'll do some other information gathering as we move on and learn some techniques and how we can get information on a client so I'll see you over in the next video okay let's talk about hunting breach credentials and let's get Hands-On now before we get started I know I stressed this in the beginning of the course I'm going to stress this again what I'm going to show you here could change now I released a course about a year ago which was on ethical hacking we talked about breach credentials and I utilized a website called we leak info we leak info was then eventually shut down and I got all kinds of emails saying hey this is shut down I don't know what to do there's more out there okay there's always more out there what I'm showing you is the methodology I could show you on a specific website which I'm going to do that website could go down tomorrow we never know but what you need to retain is the thought process and the methodology behind what's about to happen from there you could take that and utilize it elsewhere so if a website does go down you still have the same thoughts why you're doing it and why you're thinking about it so let's go ahead and move over to a website now so I want to take you to a website called D hash now this is dhash.com I do not expect you to be able to follow along at this point because this costs money okay it's five bucks for a week it's a hundred and fifty dollars for a year this is only a used to take credit card they only now take Bitcoin I do believe or some sort of cryptocurrency absolutely worth it in my opinion even get a week get a week see if you like it it's amazing there's gonna be tools I show you later on the course that will go through and we can do it locally like the one I just ran in the last video I ran breach parts right this is something that I've put together in in set up but and it's free but the database isn't maintained it's a slow search I don't get the results back as instantly and I can't tie it to as many data points as a website like this can I think this website's great now let's talk about what D hash can do now that I'm logged in we have the ability to search by let me make this a little bit bigger we have the ability to search by email username IP address name address phone number Vin okay think about this say we know a email address okay we know an email address say it's Bob Bob at tesla.com we're not going to search this yet we take Bob and we know Bob it has an account and we're looking for him we search him Bob shows up and we see Bob shows up and we see maybe his name like Bob Jones or something like that shows up maybe something that he's been leaked in has his address or maybe there was an IP address tied to the client you're looking for or the person you're looking for this can all be identified what if Bob has a username it's like Bob Bob rocks123 okay well we can search that username in here and see if that username has repeated itself at all which is great we could search by password so say Bob's password was Bob rocks123 we could search that password and if it's Unique enough then maybe we can actually do some Advanced searching like if we go back to the example from last time like this last video we saw this 907 d-a-d-e-814 we could put that into a search engine and see if that comes back to something else maybe that comes back to a user that is not at a tesla.com but maybe it's like Bob at gmail.com and then guess what now we have Bob's personal account or now we have Bob tied to another email account especially if we search by name or something that we can tie them together we need to start being able to relate other accounts to each other we can do that with hashing we could do that with passwords there's a lot of things that we can do and we want to start tying this together as a real world example when I am looking at an organization and I'm doing research on on hashing or I'm doing research on breach credentials I'm trying to think okay first if my client if my client is tesla.com I might come in here and search at tesla.com and I might come see how many results are in here let's see what happens okay here's George tesla.com George has been in a shared data so there's no actual um any data details here besides a potential username a name email okay same thing with safety we'd have to scroll down and see if we can find something that okay here's Adobe now Adobe will have a there's actually a bob and Tesla um Bob at Tesla has a hash password here okay so now we could say well first of all we can go see if we can figure out what this hash is which we'll talk about in a second we can also go and say okay Bob uh does Bob exist anywhere else does this hash exist anywhere else on this website can we tie it to another account that maybe even if we don't crack the password then we can say okay this Bob this ties to Bob gmail.com so like I would note this down and I would take this and copy it so from a real world example I would take all the data that I see on this website I would collect all of the passwords all of the usernames and everything so like Tesla 9 all this I want to know what the passwords are I want to know who the people are I want to know all the data because if I could start finding patterns if I could start putting things together maybe I can even relate these back to their personal email accounts like we're talking about and then I could see password patterns there or other passwords and just start tying this down because my goal is to break into an organization if I'm doing a pen test my goal is to break into an organization so I'm going to take that data and if I can find other passwords related to a personal account I'm not going to go attempt to break into a personal account but I will take that data and I will put it together and maybe try to break into their work email account with those passwords of that information this can tie to an investigation as well if you're hunting down an individual you're trying to tie them to other accounts this is incredibly useful if you can find their data in a breached database and have a password and that password's unique you can search it maybe find them somewhere else you find and I IP address you find a name there are often IP addresses in here which we can tie to a location possibly and see here's that 9078 or Dade 814 we could take this and maybe search it and see if it comes back anything who knows shark at Tesla shark at Tesla okay sharkmail.ru look this is a new new email address we didn't know about this one before and look it does us a favor we search d-a-d-e but here's the capitalize we didn't search for capitalize we're not searching specific okay and now we're getting more information look here's one for Dropbox okay so it tells you where this is coming from and how you can tie it in if we can get any sort of name out of this um any sort of anything that would be amazing we can get a person's name or IP address and we could start tying them down but when you're doing different searches like this you need to start almost um you know like in the investigations where they have like the the red yarn and it's going from one pinpoint to another you kind of have to zigzag that back and forth and really try to tie this down and you'll see that when we get into reporting how you might take one individual and really just see like a password tied to an account tied to this and this was the exact methodology that we took to get to that point because when you write a report you want to make sure that I the investigative person or the say you're heading off to the police or whatever you want to make sure that the person that is doing what what you did or they can replicate what you did with ease and there's no no question about it so this is some of the the searching that we can do now if we come to dehashed again we can come here and we can search by email username name name anything so you can put your name in here I mean if you want to search on here I think it's great you can come through here and just search for your name let's go back let's search Tesla again I saw a hash in there the Adobe hashes are kind of interesting they're not the easiest to pick up but let's see let's find this Adobe hash so let's say we get a hash like this we could try to identify what this hash is we can try to crack this hash we can see if it's been cracked somewhere else this hash as of right now we have no idea but we know Bob tesla.com we can maybe paste this in here first of all and see if it ties back to anything and there's 22 results back um you know I would probably be looking for somebody that has this password with the name of Bob it's probably not going to be like a Brett or a Michael you know we might want to see if we can find another account somewhere else but these are all tying down to a hash from Adobe so depending on how they were hashing this data we might not find anything else of interest but you can see all the things here all the different opportunities that are here for us to just do research and tie down information now we can go to a website called hashes.org and if we come here we have the capability to actually try to search for this hash so we could search hashes and see if we can find it so you can come in here and just paste it and again it doesn't do a great job in my opinion with the Adobe hashes sometimes they crack but a lot of times it says it can't find them um oops there we go let's try hitting a search here okay so it says not a valid hash now if you put this into Google as a search you can see it didn't come back with anything either so we want to make sure that when we're searching this you know we we try all options there is an adobe database that if you do put in a hash and it does show up there's a GitHub Adobe database that will actually show up here so with that being said this is kind of what I want you to start thinking about when we're hunting down breach credentials how can I take a person or company that I'm looking into so if you have a company you can just go at company name.com or dot net or whatever it is search in here see how they show up if you have a person maybe a personal email account if you can find that person if you know their email account you come in here and say Bob gmail.com maybe you don't know what their their email address is then maybe you come here to the main page you go okay I'm gonna look for a name I'm going to look for Bob Jones and search for that and then you start taking this and trying to find the patterns if you know Bob lives somewhere uh maybe you could find an address for Bob or maybe you know Bob lives in like Arizona you could search Bob Jones and see if Bob shows up um and then kind of take it from there and there is some search operators that you can utilize you can see Bob Jones is taking forever you can put this in quotations and search it again and kind of narrow down your results here so if we click on this you could see like here's a name of we got a lot of results but here's the name Bob Jones this is a very common name so um but you could see like if we're trying to look this down we can start searching and adding operators in here and trying to see if we can figure out to tie a username or something to them so again get your wheel spinning don't rely on just dehashed but just rely on thinking about this this is the thing you should think about again the hash could go down tomorrow but if you're thinking about it in in the way that the credentials and the information can be interwoven remember that red yarn again that's really what I want you to take away from this so we're going to do another video on this I'm going to show you some more I guess tools that are out there and some other things that you can do offer alternatives to this and then we'll wrap up this section so I'll catch you over in the next video okay we have reached the end of part one I am again going to link in the description below the link to part two so go ahead and click on that if you finish this and we're going to meet you over in part two of the video