00:05When hacking a computer or a server, one of the first things you want to know is what
00:10does this server provide.
00:11For example, a web server provides an internet service, an FTP server provides file transfer
00:18possibility, it might be a database server, and you know that servers can provide multiple
00:24servers.
00:24So for example, you can have a computer that provides a database service, a web service,
00:28a file service, and so on.
00:30So the first thing we'll do is of course set up the victim's computer, the server, and
00:35then we'll make a tool that can hack into the, or that can scan the server for which services
00:42it provides, so a port scanner.
00:44So first we'll set up the server, this is a regular Ubuntu computer, and what we'll need
00:50in the server is for example SSH.
00:52SSH is a protocol that lets you remotely control a computer, so we'll say install open SSH server,
01:02and yes.
01:03So we'll first set up the server, it's a regular Ubuntu computer.
01:07Then for example a web server, so I'm installing Apache 2 using sudo apt install.
01:22So now this server, now we have a server here that provides web server and SSH access.
01:28And SSH is just terminal access.
01:31So if we check our IP address with IP address show, you'll see this is our IP address, and
01:38you would be able to remotely log in.
01:40So let me just open a new terminal here, and we can type SSH Ubuntu at 192.168.
01:48Well, our IP address that showed when we typed IP address show.
01:55So now we can remotely log in to our computer, 68.206, type yes, and now you would be able
02:08to type your password and remotely access the computer.
02:11Now it also runs a web server now, we installed Apache 2.
02:14So if I copy the IP address, and start a web browser, you'll see that it's running a web
02:22service.
02:23So it's running a web service, if I type the IP address, and you'll see Apache 2 Ubuntu default
02:34page, it works.
02:35So we now set up a basic server, which has the web server running and an SSH server running.
02:44So the next thing we'll do, is to actually make a program, a program similar to nmap.
02:50So a port scanner.
02:51What does a port scanner do?
02:52It tells you which applications are running on the server.
02:57So for example, we can type nmap-st with the target IP address.
03:04This is our IP address.
03:08And it will tell you which applications are running, and every application is running on
03:12a certain port.
03:13So let me just enlarge this here, this can be a bit small, font size.
03:24Okay, now I press enter, and it will tell you which servers are running.
03:29So it's showing SSH, which is the command line access that I showed you, and HTTP, a web service.
03:35And you'll see every application or every service has its own port.
03:39So 80 is a very common port for web service, and 22 is a very common port for remote shell
03:45or remote command line.
03:48So what we'll do is make a program that will tell, given an IP address, will tell you which
03:55applications are running on the server.
03:57Now this is especially useful for hackers because, for example, the hacker then might know,
04:02okay, I can attack the SSH, or I can attack the web service.
04:07So it gives you more information about the server and ways that you can attack it.
04:12And of course, the more information you have, the more easy it is to hack.
04:16For example, if SSH is open, what the hacker might do next is to try to brute force the SSH
04:22shell.
04:23So remember that if we type SSH Ubuntu at the IP address, it's asking for a password.
04:31So what a hacker might do is to provide a list of 14 million passwords and try every password.
04:38In the case of the web service is open, it might look on the internet for vulnerabilities
04:44for that web server, or perhaps maybe to brute force access on the web server.
04:51For example, if it's a web app with an administration panel.
04:54So a lot of information, but basically one of the first things hackers will always do is
04:59to port scan if there is a server and that gives you information about which services
05:06are running or which applications are running on the server.
05:10So Nmap is a tool to do that, but we'll use Python to make our own tool.
05:16So what we'll build is a port scanner.
05:18A port scanner is an application that scans a server to see which applications are running.
05:23Now, there are many port scanners already.
05:26So for example, on Linux, there's Nmap installed, which is a default port scanner.
05:32And we'll make our own port scanner.
05:34So just to give you a quick demo, to see our IP address of our server, we can type ipspace
05:39adder space show.
05:41That will tell you the IP address of your server.
05:44Now on old Linux systems or other Linux distributions, you can also type ifconfig.
05:49That shows you your IP address as well.
05:54So you'll see if you type ifconfig, it tells you your server IP address or ipadder show.
06:02And on this server, we have a web server running and an SSH server.
06:07So we can type Nmap minus ST with our, or even without ST, we can just type Nmap with our
06:14target's IP address.
06:17And it shows you which ports are open, so which services are running.
06:22And we have a web server, HTTP is a web, and SSH, which is a remote shell.
06:28So the next thing we'll do is to create a program that scans ports, so that basically we create
06:34a program that does the same as Nmap.
06:38You can use any editor for that, whether you use a simple text editor like mousepad, g-edit-gate,
06:44you want to use a programming environment like Visual Studio Code or PyCharm, or just use the
06:50terminal, it doesn't really matter.
06:52So we'll make a simple program, and I've already written the code for it.
06:57And in this program, you need to import the Sockets module.
07:00And let me just enlarge the fonts, because it might be a bit hard to read.
07:08So you need to import the Sockets module, which is a module for network connections in Python.
07:14Then we define our target and port, for example, if we want to scan for port 80.
07:22Next, set up the network, like this, and set a timeout.
07:27A timeout will tell you how much time should the program wait for reply.
07:35So, for example, if you run a website, how long you're going to wait until you decide
07:39to go back that the website is not working.
07:41You know, most people wait three seconds, maybe five seconds in the worst case.
07:46A lot of people, whenever they're searching something, right, so they search something
07:52on the internet, and, okay, they search something on the internet, and they click.
08:00How much time they're going to wait until they decide that the website doesn't exist.
08:06So that's a timeout.
08:08Then we try to connect to the target and port.
08:11If there is a result, it's open, otherwise, just do nothing.
08:16So I typed X is three, basically we do nothing.
08:18We don't output anything.
08:20So if we run this, it will scan if the port 80 is open on this IP address, which is
08:28the
08:28hard-coded IP address of our server.
08:31So if we run it, we'll type, you'll see port 80 is open.
08:40And you can check any port now, for example, 81.
08:44And I run it again.
08:46And you'll see now it doesn't output anything.
08:47So that is closed.
08:49Now I have commented out here, but it's possible to output it as well.
08:54So you'll see 81 is closed.
08:56So now you can check for any port if it's open or closed.
09:00But you would have to do it manually, right?
09:02Now we manually type which ports do we want to scan.
09:05And then it tells us it's open or closed.
09:08But what Nmap does, so if we run Nmap, it scans from 1 to 1,000.
09:15So for 1,000 ports, it checks if it's open or closed.
09:19So if you want to automatically do such a scan, you can use a for loop.
09:22A for loop just repeats this code and does it the amount of times you specify.
09:29So for loops are used for repetition.
09:30And we want to repeat this 1,000 times.
09:33So I wrote a program for that as well, sorry.
09:39So we just repeat it for 1,000 times, try to connect.
09:45And if it's success, it's open, otherwise it's closed.
09:47Now I had commented out because otherwise you see 1,000 times the message port is closed.
09:52Or 900, anyway a large amount of times because most ports are usually closed.
09:57So we only want to show if it's open, just like Nmap only shows you the open ports and
10:02doesn't show you the closed ports.
10:05We just repeat it 1,000 times or whichever amount you specify.
10:09And we also, we can define it manually like 1928.206.
10:17So that would start the program.
10:19But you can also let the user type it.
10:22So if now you don't run it, you'll see it immediately starts targeting our server.
10:29We hardcoded it and scans from 1 to 1,000.
10:33It will tell you which ports are open.
10:35And every port is always assigned to an application.
10:39So Nmap knows that by default.
10:45So port 80 is always web.
10:48Port 22 is always SSH.
10:50If you search on the internet, you can find default ports.
10:55So default network ports.
10:58And you'll get a list of like all of the default network ports.
11:06So there's a lot of default applications.
11:09And every application runs on a certain port.
11:12So for example, the web service is always running on 80 and 443 for SSL HTTPS.
11:20So web server HTTP is always running on port 80 as you see.
11:26And like there's a lot of default ports, SSH is always 22 and so on.
11:31So you'll see in our case we have port 80 and port 22 open which is the web service and
11:36then SSH service.
11:38Now if you use this list here, you'll see SSH 22 and the web port 80.
11:46And you'll see there's lots of different ports with different applications for database, for messaging and many different.
11:55And so we have our basic port scanner now, but it always scans the same IP address, the same targets.
12:01So instead what you could do is say input, enter your target IP and we would be able to scan
12:09whichever server, whichever server.
12:14So it asks our target IP, for example 192.168, our IP address and it tells you the open ports.
12:25Now, now that we have a dynamic, you can type any IP address here you want.
12:30So any, any server on your network or on the internet, now you can scan it using our program just
12:38like you would with Nmap.
Comments