Posted on 1 Comment

Learn Ethical Hacking Episode #24: Footprinting with Nmap (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will start a chapter on footprinting. So, I have explained what the act of footprinting is before, but now we will actually go ahead and conduct a few scans to see how it all works, and introduce you to the tools that we will be using.

First off, we need to find ourselves a target to scan. I could scan myself, but that would not be realistic because I already know what the results are going to be. Plus, it would not be a long range scan over the internet, I would be scanning within my own local area network. So, the speed of the scan would not be realistic as it would be a lot faster than when you conduct the scan over the net. So, what I did was I went online, and you can do the same, and on the official nmap website they have a section devoted to actually allowing people to scan them to test their tool out. Here is the written permission that you can actually scan this website. You can scan it to test out the nmap tool, a few scans a day here is fine, but do not scan it a hundred times a day, or use this to test your SSH brute force password cracking tools, etc. So, that’s definitely something you don’t want to do, but you can run a few scans on this site per day and according to them that’s perfectly fine. You are not breaking any laws. I’m just emphasizing one more time that you do have a written permission right here on the site, which is fantastic because it gives us an opportunity to actually simulate real time circumstances to see how nmap behaves.

Now nmap is an essential tool for pretty much any pentester out there. Many people will say that it’s pointless to port scan, it doesn’t do you much good, and so on and so forth. Well, perhaps in terms of exploiting the services running on the port themselves it doesn’t do you that much good, but just by seeing which ports are open and which ports are closed you can, to a fairly good extent, determine which operating system, or which platform, is being used on the other side, and then you can find weaknesses of that platform. Of course, there are some other ways of doing this, I will show them to you, but let me show you how nmap works. Nmap is known to trigger quite a few alarms, quite a lot of firewall red flags, and you want to make sure that your nmap scans are as discreet as possible. Now there are tools to actually figure this out, but I will show you here how to do it using the Linux terminal. There is also something called zenmap. Zenmap is a graphical user interface of nmap, but we will not be using that. Instead, I want to teach you how to use it via terminal. So, nmap is the one most commonly used, and it is always used in the terminal text format. People rarely use the actual graphical user interface. In the previous chapter, we have also discussed how to stay anonymous, so at the end of the chapter I will be combining these things: scanning, footprinting, and anonymizing your scans. In any case, without further ado, let’s type in nmap –help, press ENTER, and there we go. There are a lot of options here, I mean a metric ton of options, way more options than we actually need for a basic scan. However, eventually, over time, you will come to understand that all of these options are available for a reason, there is a particular use case for each of them. So, what you need to do is scroll down to the bottom, and here you have examples of how nmap runs. So, 99% of the time you will type in nmap -v for verbose output. For this sort of activity, we will want as much information as possible. We can use -A to enable OS detection, version detection, script scanning, and traceroute. I don’t think we’re going to need that immediately. There is the -O function which is just for OS detection. Anyway, you can pass either scanme.nmap.org, which is basically the domain name and it will get resolved to an IP address, or you can actually pass it an IP address. If you’re wondering what this is, this is a mask. It would be very difficult to explain in great detail what this is, but for the time being know that this is actually an IP address range. It goes from a certain IP address, to a certain IP address, but you do not actually need to use this format. Not that many people actually use this particular format with the mask. They just tend to specify very specific ranges because they don’t have the permissions to scan the entire subnet. Instead, they have to create lists, and then skip certain IP addresses, and then continue again from a certain point. So, they do need to create lists, and that can be a problem.

Now up here, at the top, you have another very important option that’s going to come in handy, you have – iL, input file name. So you can actually create a list, in a file, a list of IP addresses, and then you can scan those particular IP addresses. They will also have an ability to do this, look at what’s written here. So just take a look at this segment and its 10.0, and then this segment here, this octet here is 0-255, and then the last octet is 1-255. If you’re wondering why I’m calling these things octets, it’s because each one of these has 8 bits, and it is represented in binary. So it can have 8 zeros, or 8 ones, or a combination of ones and zeros, but it has 8 bits, so 8 positions. That’s why they are referred to as octets. This is a very common form that people tend to use, and this is what you will find yourselves using. Either this, this will be a method in which you will specify the IP addresses, or you will be passing files. People will either create these files themselves, or they can find these IP addresses on the internet. So in addition to this site, https://nmap.org/, you also have this one here, https://www.nirsoft.net/countryip/. This is a fantastic website. The entire range of pretty much every IP address block is listed here, and it also lists who owns what. You can search and find and it’s going to give you the appropriate IP addresses for that particular country, and it’s going to give you the owner of those IP addresses. Usually it’s just telecoms, but you also have other people who own them as well. So I’ll just give it a shot. Let’s just type in Germany, or I don’t know, France. Okay, this is not the first search, but that’s not a problem. Actually, you can find it down here, and I’m not going type it in here. I could control + F France, there we go. Down here, just saving myself a bit of time there, and there we go. So, you have a range, this is a given range here, it’s from 2.0.0.0 to 215.255.255. This is a massive range. This is a humongous range. Look at how many IP addresses you can have in total, how many of them you can generate within this range. It’s quite a lot. This is owned by French Telecom. I don’t know why they need this many IP addresses. So, as I said, you can sort them out by the owner, and you can see that many of them are not listed here. Wow! France has a lot of IP addresses assigned to it. They’re not free, they cost money. Let’s just go ahead and see down below. Where is it? Where is it? OK, so you see all of these IP addresses, and this is a pretty massive range, so this is a telecom in France. Look at how many IP addresses, IP address ranges they have. So, that’s quite a lot, and this site, as I said previously, we can use to figure out which IP address range we wish to scan. Again, you usually do not have the permission to scan the entire range. You can scan certain IP addresses within that range for which you have a permission. This is a very nice site to determine where the IP address is from, or something like that. However, always remember, once you get an IP address your search engine is your best friend. This is one of the major components of footprinting. You can type in whois, and then type in an IP address, I don’t know I’m just going to type in this random IP address. So, if you don’t want to search for it here, you can have a look at it here. Whois 82.120.0.0? I don’t know if this search will be successful. There we go. So, I’ve typed in whois and I’ve picked the first website out that I could find, and here I have all the information in regards to that particular IP address. I have a country, I have the username of the admin, I suppose, I have the status, remarks, source, and I even have an address, a physical address, of the IP address, which is ridiculous. Yeah, as I said, search engines are your absolute best friends. If you want to find pretty much anything on the net in regards to an IP address, or to do any sort of research, make sure you utilize your favorite search engine.

So, those are the two tools that I wanted to introduce you to. Well, one tool, one website, and one search method which you can use in order to determine where an IP address is from, or whois using it, and even to determine its physical location. Although, it’s physical location can be assigned to a telecom, and that telecom can assign it to a city, and to a specific region in the city. Then you can find it on google maps, or on google earth, but usually those things are not that precise. What is precise, however, is that the IP address belongs to a telecom, and they keep rotating them in between cities. So, if you have let’s say a hundred thousand IP addresses that you have scanned, and if you wish to sort them out by the city, you will get 70-90% accuracy. This can be problematic because you’re going to miss out on some things. You also have something called nslookup. I’m going to use scanme.nmap.org. I have said I want to look up files on scanme.nmap.org, and this is my DNS server, which is basically my router. You see it says port 53. You know immediately that it’s a DNS because all DNS traffic runs on port 53. Then we have the results. So, this is the domain name, and you get the IP address down below. This is also one of the ways in which we can get the IP address off of the site with a domain. Once you know the domain you don’t actually know the IP address until you look it up, but there’s a far simpler method. You don’t need to use nmap. Oh, by the way, nslookup also works in reverse. So, type in nslookup, and you can type in the IP address, go ahead and press Enter. Down below are authoritative answers from the name servers. Basically, that means there are DNS servers and they are giving you responses, and telling you to whom the domain belongs to, and so on and so forth. What I want to show you here is that you can actually get a domain name by typing in nslookup, and then the IP address, and here where it says non authoritative answer you get the IP address, and then you get the name, which is the domain name. However, you might notice that there was a problem here, that this IP address does not match this one. Well, guess what? It actually does. Try looking at it in reverse. It’s 74, 74 here, 207, and 207 here, 244, and 244 here, and 221 here, and 221 here. When you do an nslookup, and when you pass in an IP address, it’s going to do a reverse lookup in the DNS MX records. It’s going to query the DNS servers, and the DNS servers are going to give it a response, but in the MX records this is basically how things are written. You write an IP address in reverse, and then you put this in, -addr.arpa, but this part really is not that interesting to us. This is more interesting to server admins who configure the DNS servers. We will get to DNS servers in the later stages of this course. What is important for you here is we’ve typed in an IP address, you’ve used the tool called nslookup, and you have gotten a domain name in return. Now you can start doing some other things as well, but we will be dealing primarily with nmap. Nmap is a tool used to scan networks and to retrieve information from them. What I’ve showed you in this video is some basic information, retrieval, and some basic external resources that you can use. In any case, I’ll see you in the second part of this nmap introduction, and there we’re going to actually conduct some scans and see how it all works. Thank you for watching and I hope to see you next time.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Enroll in the 14 Course Holiday Bundle!

Enroll now in our Black Friday/Cyber Monday Course Bundle for 2017! This bundle of Udemy courses includes all 14 technology courses listed on the website by Joseph DelgadilloNick Germaine, and Ermin Kreponic! Get 98% off some of the best-selling courses covering ethical hacking, Linux administration, programming languages, and development!

26 Course Forever Bundle!

Below is a list of every course included in the bundle:

The Complete Ethical Hacking Course: Beginner to Advanced!

Join 200,000+ students in the most popular ethical hacking course on Udemy! Learn penetration testing, web testing, and WiFi hacking using Kali Linux.

The Complete Ethical Hacking Course for 2016/2017!

This course is the successor to The Complete Ethical Hacking Course: Beginner to Advanced! Gain the knowledge hackers use to compromise systems and use it to protect your own.

Build an Advanced Keylogger Using C++ for Ethical Hacking!

Take this course to learn how to code a fully functional keylogger in C++ for use in Windows!

The Complete Python 3 Course: Beginner to Advanced!

Learn to code in Python with projects covering game & web development, web scraping, MongoDB, Django, PyQt, and data visualization!

The Complete Front-End Web Development Course!

Get started as a front-end web developer using HTML, CSS, JavaScript, jQuery, and Bootstrap. Use this course to launch your own career as a freelance web developer!

Learn and Understand C++

Take this course to learn C++ which you can use for ethical hacking, game development, and most software you use daily!

Learn Angular 2 from Beginner to Adavanced

Learn how to develop web applications using Angular 2!

The Complete Python 3 Course: Go from Beginner to Advanced!

Complete guide to learning how to program in Python. Go from a beginner to advanced level in Python with coding exercises!

A Beginner’s Guide to Linux System Administration!

Get started with Linux, app development, server configuration, networking, and move on to a career as a system administrator!

CentOS and Red Hat Linux to Certified System Administrator!

Learn the basics of CentOS, and Red Hat Linux. Prepare and pass the Red Hat Certified System Administrator (RHCSA) exam!

BASH Programming Course: Master the Linux Command Line!

Go from beginner to advanced with the Linux command line in this BASH programming course!

The Complete Wireshark Course: Go from Beginner to Advanced!

Learn to use Wireshark as a networking professional including troubleshooting, analysis, and protocol development!

Design and Build Your Own Personal Computer!

Learn everything required to build your first custom PC for work, home, or gaming!

Certified Ethical Hacker Boot Camp for 2017!

Gain the knowledge necessary for passing the CEH exam and move on to a career as professional pentester!

When you purchase this course bundle you will receive lifetime access to the classes, 1 on 1 assistance with the tutorials, and a certificate of completion through Udemy. Each course is fully subtitled in English.

Thank you for taking the time to read this and we hope to see you in the classes. Happy holidays!

26 Course Forever Bundle!

Posted on

Learn Python Episode #24: Final Project

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

Welcome back everyone! We are on the last video of this tutorial series which means you now have a basic understanding of Python. You actually have enough knowledge right now to start building basic programs. We have covered some of the core concepts, as well as the language syntax, and we currently know how to create loops, if-elif-else statements, variables, etc. So, we are going to finish off the series with a project, specifically building a calculator in Python. Let’s go ahead an open up our ide.

import re

print("Our Magical Calculator")
print("Type 'quit to exit\n'")

previous = 0
run = True

def performMath():
global run
global previous
equation = ""
if previous == 0:
equation = input("Enter equation:")
else:
equation = input (str(previous))

 

if equation == 'quit':
print("Goodbye, human.")
run = false
else:
equation = re.sub('[a-zA-Z,.:()" "]', ' ', equation)

if previous == 0:
previous = eval(equation)
else:
previous = eval(str(previous) + equation)

 

while run:
performMath()

At the top of the script we are going to import the regex library, write a print statement welcoming our user, and inform our user how to exit the program. Next, we will define the previous and run variables. The previous variable will define the default value upon starting the program, and the run variable will determine whether the program is running or not.

Next, we will get into the meat of our calculator program. We will begin by defining the performMath function. Since the run and previous variables do not exist within our function, we will need to import them as global variables. Finally, we will define the equation variable.

Now that the performMath function is created, we will need to tell it what to do. The first if-else statement will request an input from the user. The second if-else statement will tell the program how to handle the user input. If the user types “quit”, the program will end and print “Goodbye, human.” Otherwise, the program will run a regex request on the input. Remember from the previous tutorial, we can use the regex library to identify and replace different sets of characters. We do not want the user inputting anything other than basic math. In the same block of code, we are going to run the eval function on the input from the user. If the user has already run a calculation, our program will take that result and add it to any additional calculations.

Lastly, we will create a while loop to run our performMath function. This is a very basic program and I would be interested to see any additions you make to it! Thank you to everyone who followed along with this tutorial series. I hope you found the information valuable!

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #23: Importing Libraries into a Script

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this tutorial we are going to learn how to import different modules into a Python script. So, what is a module? A module is an external library that you can include and use in your project, without having to write the additional functionality yourself. Let’s import the regex library.

import re

Re is included with Python, so there’s nothing that we need to install in order to use it. Regex is basically a mini-programming language that you can use within most other languages. Regex gives us a way to match certain characters and then do something based on that. Let’s cover some basic re usage.

string = "'I AM NOT YELLING', she said. Though we knew it to not be true."

print(string)

This particular string has capital letters, lower-case letters, a comma, a period, and quotations. Let’s play around with this a bit.

new = re.sub('[A-Z]', '', string)

What we’re going here is instantiating the re object that we imported at the top of the script, and we’re calling the sub, or substitute, function on the re object. So just like calling any other function, we need to provide parameters to the object. We haven’t discussed classes or objects yet, and we will get to them later, but this is what we need to know for the sake of this video. The three parameters that this substitute function will take is the matches we want to make, what we want to replace them with, and then string that we’re going to manipulate. Take note that rules in regex are contained within square brackets.

print(new)

As you can see, we took the capital letters A-Z and replaced them with blank space. There are all sorts of different applications for regex, and we will be using it when creating a calculator in the next video.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #22: For/While Loops

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this tutorial we are going to cover the two loops types in Python. The first one is a for loop. A for loop will allow you to iterate over a list in Python. In other words, you can do something for each item in the list. So, let’s go ahead and create a list.

numbers = [1, 2, 3, 4, 5]

for item in numbers
print(item)

When we run this each number in our list will be printed out in the console. Let’s add names to our list instead of numbers.

names = ["Nick", "Someone", "Another Person"]

for item in names
print("This persons name is", item)

That is a for loop, and basically the second parameter is to access the list, and then the first parameter is what you want each item in the list to be called while inside it’s little block of code. Now we’re going to learn about a while loop.

run = True
current = 1

while run:
if current == 100:
run = False
else:
print(current)
current += 1

In this bit of code we are creating two variables, while, and then we write what we want to happen while the program is running. In this case, we are going to check to see if current = 100. If not, we are going to add 1 to the total, and we are starting from 1. Once the total hits 100 the program will stop running. We will be using loops quite a bit throughout this course, so make sure you’ve mastered this concept.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on 3 Comments

Learn Python Episode #21: If, Elif, Else Statements

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this tutorial we are going to be learning about the conditional statements available to you in Python. So, we’re going to be learning about the if-else statement, and this is basically provides us a way to evaluate if something is true or false, and then perform something whether or not the condition is met. Let’s write an if-else statement.

check = True

if check == False:
print("It is false")
else:
print("It is actually equal to True")

This is going to print out “It is actually equal to True” in the console. First, Python is going to check if the variable is equal to false. Else, it’s going to continue through the script and print, or perform, whatever we tell it to do. This is great if we only have two conditions, but what if we want to use more than two? Between the if and else we can use an elif statement, and here we can supply an additional condition.

check = Hamburger

if check == False:
print(“It is false”)
elif check == “Hamburger”:
print(“Yummm, hamburgers”)
else:
print(“It is actually equal to True”)

When we run this script it’s going check to see if the first condition is true, if not it will check the next condition, if not it will print the else statement. So, that’s what an if-statement is, and these are necessary for the project we are about to begin working on.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #20: Return Values from Functions

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

Welcome back everyone. This is the final tutorial in the subsection for functions, and we’re going to be talking about return values from functions. Again, this may not be new to some of you as it is a fairly basic concept. So, in the past videos we have been using functions to print something out, but what if we want to return that value and do something else with it? Let’s go ahead and define a function.

def do_math(num1, num2):
return num1 + num2

do_math(5, 7)

Now when we run this bit of code, it’s not going to print anything in our Python console because we didn’t tell it to. Let’s add on to this.

def do_math(num1, num2):
return num1 + num2

math1 = do_math(5, 7)
math2 = do_math(11, 34)

print("First sum is", math1, "and the second sum is", math2)

When we run this we get the First sum is 12 and the second sum is 45. So, again, this a very simple example, but we will expand on this when we build our calculator.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #19: Infinite Arguments

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this video we are going to discuss passing an infinite number of arguments in to a function. So, let’s go ahead and write a function.

def print_people(*people):

So, here we have a function called print_people, and the asterisk tells this argument that it’s going to be an array of all the arguments that are passed in to the function. This may result in 1, 100, 1,000, etc. arguments, and we will see how this works in a moment. With an array we need some way to loop over it, and so we’re going to be using a for statement.

for person in people:
print("This person is", person)

Basically, the for loop allows us to iterate over the people list and pass the values into our function as arguments. Again, if you’re familiar with other programming languages this is not a new concept, it’s just a slightly different way of doing it. Let’s call the print_people function and pass it some names.

print_people("Nick", "Dan", "Jack", "King", "Smiley")

What we’re doing here is passing 5 arguments. Now if we knew we were always going to expect 5 arguments, we could accept each individual argument as it’s own variable. However, if we don’t know the total number of values, we are going to create an array stored in the variable called people. So, that’s how to include an infinite, or flexible, number of parameters. In the next tutorial we will cover return values.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #18: Keyword Arguments

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

Alright! So, let’s talk about keyword arguments. The first keyword, or boolean, that we are going to cover is None. Basically, this is the equivalent to null in other languages. So, let’s go ahead and write our previous function.

def print_something(name = "Someone", age = "Unknown"):
print("My name is", name, "and my age is", age)

print_something(None, 27)

There isn’t a way to pass in an argument that isn’t first one being used unless we use keyword arguments. We can also define the variable when we call the function.

def print_something(name = "Someone", age = "Unknown"):
print("My name is", name, "and my age is", age)

print_something(age = 27, name = "Nick")

By using keyword arguments, we can specify which value is supposed to go in a particular variable.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato

Posted on

Learn Python Episode #17: Default Arguments

Get The Learn to Code Course Bundle!
https://josephdelgadillo.com/product/learn-to-code-course-bundle/

Enroll in The Complete Python Course on Udemy!
https://www.udemy.com/python-complete/?couponCode=PYTHONWP

In this video we were going to discuss arguments a bit further, and we were going to move on to keyword arguments. Before we do that however, it is going to make more sense to cover default arguments first. So, let’s go ahead and write a function.

def print_something(name, age):
print("My name is ", name, + " and my age is " + age)

print_something("Nick", 27)

This won’t run. Remember, when we concatenate strings we must convert integers to strings as well. While we could use the str function to fix our code, it is much easier to separate the four pieces of data with commas.

def print_something(name, age):
print("My name is", name, "and my age is", age)

print_something("Nick", 27)

The results will be the same as if we converted the integer to a string and concatenated the four strings together. So, what happens if we only want to pass our function 1 of the 2 values? This is where we can use default arguments.

def print_something(name = "Someone", age = "Unknown"):
print("My name is", name, "and my age is", age)

print_something("Nick")

When we run this bit of code, Python will print out My name is Nick and my age is Unknown. As you can see, Python will default to the argument we provided it if no data is given.

Web – https://josephdelgadillo.com/
Subscribe – https://goo.gl/tkaGgy
Follow for Updates – https://steemit.com/@jo3potato