Greetings, and in this short video presentation, we're going to see how we go about using sparker to enumerate potential targets on our network. For this lab, I'll be running Kali minister portable two and a install of Windows XP, Windows portable two and Windows XP will be the targets. The first thing we want to do is locate our network range. So I've typed in if config at the terminal, I'm going to hit Enter, and it pops back up and tells me that my Ethernet zero is operating on 192 dot 168 dot 145. Now, those first three octets are the network portion of my IP. The last octet is the host IP assigned to this machine.
So what we're concerned with is the network portion 192 dot 168 dot 145. Because this is the network, we're going to be using Scanning with Sparta. This is my network range, yours will probably differ. So make sure that you do not confuse the two. Once we've established the network portion of our IP address, we can go to applications, we can go to information gathering. And we can scroll on down to Sparta.
We got this error message here. So we're going to need to install our update, Spark. And we're going to do that using the app dash get install spark to command. We're going to go ahead and hit Enter. And it's going to ask us if we want to continue we're going to say yes, and if this can take just a few minutes, so give it time and be patient sparco has completed its install. That was about 40 minutes of being patient.
But that's the nature of Linux. We can't get away from it. Anything we need, anything we want, has to be downloaded and installed. We're now ready to runs Part Two One more time. So we're going to go up to applications. And we're going to go to information gathering.
And we're going to go on down to spark two, that opens up the command prompt. Now we have to leave the command prompt open. And spark is text ports doing is now going to open for us but leave the CLR open. So in case you want to see what's actually going on in the background, you can bring up that terminal and you can actually see what spark is doing. We'll begin by doing a quick overview of the tabs and the features of Spark. And we began by going up to File and clicking on File.
And you see that we have a typical file context menu Have you open Say, say that add host to a scope, import and map. So these are a couple of features that you don't normally see in a context menu, but you see that we can add a host to a scope and we can import a map. We also have exit Don't worry about the help. That doesn't work. But if you want to know something more about Sparta, you can go online. And there's plenty of documentation that will answer any of your questions.
So under the scan tab, we have a number of additional tabs that we can look around a host. That is for adding hosts or an IP ranges scope services, shows you discover services for your target, and tools shows output for each of the tools as the scan run. The route tab allows you to perform brute force password attacks against the different services you have discovered. Give it the host IP port to use the service to attack and configure the other options are also different configurations you can use. For the username and passwords. You can manually give it a username and password that you already know.
Give it a username and password list to use or let it use any accounts it knows about from running the tools. You can also do a combination So for example, if you know a huge Name, you can specify it, then let it use a password list to attack that one account. It uses hydric for this functionality, and you can look at the Sparta config file to see how it's set up. Before we launch our first scope, and begin our first enumeration of our potential victims, we're going to go ahead and open up the spark config file and make some changes. Because once we actually start to scan, it's going to launch all the tools and that becomes a little overwhelming. So we can go into the spark config file and we can tell it, which tools we want to use and which ones we don't.
So we've closed out sparker. And back at our terminal, we're going to type in the following or as I did copy and paste it from the lab nano, which is just a text editor. space, the path to the file we want to edit or open up inside of nano and that is the Sparta config. I'm going to go ahead and hit enter and this opens up the spotted dot config up inside of our nano editor, we're going to begin by finding the Enable scheduler comment. And we're going to change that to false. So we're just going to use our up arrows and down arrows to get over to this line inside of the config file.
And I'm just going to arrow on over, and I'm going to back off the true, I'm gonna type in false. Once I'm done editing this Spartan config file, I can do a Ctrl x. And it's going to ask me if I want to save the changes. So I'm going to say yes, by typing in y, and then I'm going to hit enter, that closes out the editor. I've closed out that terminal. And again, I'm going to go to applications.
And I'm going to go down to the information gathering. And I'm going to launch sparker one more time, we're now ready to conduct our first scan of our network. So I'm going to go to the host tab. I'm just going to click in the middle here. And that brings up the Add host dialog box and I'm going to type in my IP ring, we will leave the defaults check and then we're going to click on the Add scope button. And the scan is now in progress.
As services are discovered on our potential targets, they will appear up here inside of the Services tab. You'll know when the scan is complete by looking under the Status column. Right now it says running when the status is complete, it will say completed. Again, you have to be patient with these tools. And by the time n map reaches stage two, you'll start seeing the results pop up. Underneath the host tab.
You'll also see the services popping up underneath the Services tab. You'll also see that stage one has completed and we have a status of finished so as Sparta goes through the scanning process, and it's able to identify the operating system on those targets. It will change the icons that are available underneath Eos. Now the machine that we're interested in is my Linux Metis portable machine because this is the machine that's going to have the greatest Number of vulnerabilities. So now I'm going to click on the one to eight post. And we'll see that we have this large number of vulnerability that we're going to be able to attack.
And this is all present onto that meta splittable, to a Linux machine. So you can see that as a pen tester or as a hacker, this tool sparker can be very useful in discovery. And we can now begin the enumeration process. And we can do this by going up and finding Port 80. Now, Port 80 tells us that there isn't a patchy web server running on that Linux server. And if we right click on the port 80, we can go up and we can select to run nikto.
I'm going to run nikto. Now watch what happens. A new tab pops up. And we can now click on that and we can get some information or more information about what's actually going on with With this web server, we find the target IP address the host name, the target port, we find out the version of Apache. Now this is numerating, this machine so that we can find exploits, we want to know as much about this machine as we possibly can find out so we can figure out how we're going to export it to its full potential, we can go back over to the services, we can right click on port 80 again, and this time, we can say grab the banner. Now on a lot of machines that are running web servers, we can get a lot of information about that banner page, go ahead and do that.
Now we may or may not get the information you seek. This doesn't always work. But for the most part, it can be helpful. And here we get an unknown, so don't be surprised if it doesn't work. There's a lot of other things that we can do in here underneath the port's call. We can go to telnet we can right click and we can say open up a telnet There you go, we will open it up.
There's my mouse portable and wants me to go ahead and log in. So there's a lot of different things that we can do here with this tool Sparta, if you want to use FTP, or SMTP, and exploit that, you have the option just by right clicking on the port, and it'll tell you exactly what you what you can do and what you can't do. So don't be worried about what happens if you click on something new, it's either gonna work or it's not. So if you right click on a port, and you tell it to open it up, then it's either going to work or it's not if it works great. If it doesn't, well, then that export doesn't work on this particular version of the operating system and or this version of Sparta. So what we can do now is, we can actually go over here to Port 21, which is FTP.
We can right click on that. And we can say send to Brut. When we tell Spyder to send something to group we have to open up the group chat. I'm going to change the root username To anonymous, and we're going to provide a password list. And to do this, we're going to click on the Browse button underneath the files. selection, we're going to go to spark to here go up inside of that directory, then we're going to go up into the word list directory.
And here we're going to choose a word list. In this case, I'm going to go ahead and use the FTP dash default dash user password test. I'm going to go ahead just double click that when everything is in place, we're going to go ahead and just click on the run button. We have the results from our password attack on this Linux box. Using FTP, we find out that the login is anonymous and the password also is anonymous. That was a very simple attack on how to crack a password.
If that password had been a lot more complicated, it wouldn't have been that easy. To see these results we can also use the scan tab and go to scan and now we can go to Tools and our new tools we can find high grip and click on Hydra over here on In the right window pane, we can also see the results of that scan. We can say the results of this sparser scan by going up to File and doing a save as now I can go and I can save this any way I want to I'm going to go ahead and save it to my desktop. And what I'm going to do is I'm going to create a folder up here, I'm just going to call this particular directory that was saving the information to Sparta. And I'll now click on the Save button. And my information will be saved once I type in a file name.
So I'm just going to call this Sparta. Men exploitable. And now I'm going to go ahead and click on the Save button. And that information has now been saved into my sparker folder. later on if I decide that I want to review and or continue on with the scan process for meta splittable, I can go to file I can go to open I can find the save file, just double click it and I'm back right where I left off. I'm going to go ahead and close out Close up command prompt brings you back to my desktop.
And now we're going to see how we go about adding additional tools up inside of Sparta. Once again, we're going to launch a terminal. And this time, we're going to again, edit the Sparta config file using the nano editor. So I've copied and pasted this command from my lab, I'm going to hit Enter, and there's the file to navigate up and down and across. In nano, we're going to use our up and down and across arrows. So I need to get down to the tool section.
So I'm going to go ahead and just start tabbing on down with my arrow key until I come to the tool set. And there's the tool section. So now we're going to add another tool to our arsenal of tools that we have already available for us up inside of Sparta. I'm going to go down to the last line underneath the Tool Settings and here. I'm going to take my mouse and I'm going to copy That last line and where my cursor is, I'm going to right click, I'm going to paste. I'm not going to hit enter one time.
I'm now going to use my up arrow. And I'm going to go up to where it says text editor. And I want to replace that with the word x probe two, we know what tool it is. Now I have to tell the Sparta dot config file where the tool is located and it's located in the same directory as the rest of the tools up inside of the bin folder. So again, I'm going to replace that tool name. With the word ex pro two, we can add just about any tool we want to Sparta.
But the caveat is this. That tool must not be interactive, that is to say, it must be able to run on its own without any interference from you as the user I now have to use my down arrow and go Underneath the host actions section of this smarter dot config, and here, I have to copy and paste the following line from the lab, which I've already copied it. Now I'm going to paste it that has to go there. I'm going to hit enter one time to give me a space. I'm now ready to save the changes to my Sparta config file. To do so I'm gonna hit Ctrl x, I'm going to answer y to the question.
I'm going to hit enter. I'm going to close out this prompt. I'm going to go back over to applications information gathering. And I'm going to scroll on down and launch smarter one more time. Now what I can do is I can go to File and I can go to open and I'm going to bring in that folder or that save file from my previous scan. And there are the results.
Now when I right click on any of these saved host, we see that the ex pro option is Now available underneath the context menu when I right click, so x probe is exactly what it says it is. It is a OS fingerprinting tool that we can also use to assess victims on our network to find out what operating system they're running. So in this video, we learned that Sparta is a great tool for the pentesting arsenal. Not every tool works for the same for every situation. So we need options. Here we have the most sought after end map scripts automated to run for us.
We have n map we also have other tools at our disposal. All in map information in the terminal is now given to us using a duly right click on the different ports and services to see what tools are available under each context menu. We also use Hydra to crack the FTP username and password. So you see you have a lot of different options with sparker. It's actually like a Swiss Army knife that we can use for an all in one situation. We got tabs, we can click on things and we can get results immediately.
And for a pen tester, when you sit up there and you've got 1200 or 2000 client machines, this is really a great way to save time. That concludes this short video presentation on how we go about using Sparta to enumerate our clients on the network. If you have any questions or you have any concerns about the information covered in this video, please do not hesitate to reach out and contact your instructor and I'll see you in my next video.