Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
WEBVTT
00:00:00.000 --> 00:00:03.486 align:middle line:90%
00:00:03.486 --> 00:00:06.474 align:middle line:90%
[MUSIC LOGO]
00:00:06.474 --> 00:00:09.960 align:middle line:90%
00:00:09.960 --> 00:00:11.790 align:middle line:84%
We're going to jump
into our next protocol.
00:00:11.790 --> 00:00:15.990 align:middle line:84%
It's FTP, which stands for
File Transfer Protocol.
00:00:15.990 --> 00:00:19.110 align:middle line:84%
And like you would
expect, it's used
00:00:19.110 --> 00:00:22.710 align:middle line:84%
for storing files on
a server and being
00:00:22.710 --> 00:00:25.030 align:middle line:90%
able to access them remotely.
00:00:25.030 --> 00:00:27.465 align:middle line:84%
So let's take a look at
what that actually means.
00:00:27.465 --> 00:00:31.996 align:middle line:90%
00:00:31.996 --> 00:00:34.210 align:middle line:90%
We've got our machine.
00:00:34.210 --> 00:00:35.950 align:middle line:90%
Check our IP address.
00:00:35.950 --> 00:00:40.450 align:middle line:90%
We are 192.213.157.2.
00:00:40.450 --> 00:00:52.630 align:middle line:84%
So let's ping
192.213.157.3, and it's up.
00:00:52.630 --> 00:00:53.830 align:middle line:90%
Let's run Nmap scan.
00:00:53.830 --> 00:00:59.780 align:middle line:90%
00:00:59.780 --> 00:01:01.430 align:middle line:90%
And we get back port 21.
00:01:01.430 --> 00:01:04.910 align:middle line:90%
And it's says service is FTP.
00:01:04.910 --> 00:01:10.070 align:middle line:84%
So let's hone in and do
an operating system scan
00:01:10.070 --> 00:01:19.040 align:middle line:90%
and a services scan on port 21.
00:01:19.040 --> 00:01:21.305 align:middle line:90%
Port 21 is the default FTP port.
00:01:21.305 --> 00:01:24.020 align:middle line:90%
00:01:24.020 --> 00:01:27.540 align:middle line:84%
You could configure
it to be anywhere.
00:01:27.540 --> 00:01:30.240 align:middle line:84%
You can only keep
it where it's at.
00:01:30.240 --> 00:01:37.400 align:middle line:90%
It's running ProFTPD 1.3.5.
00:01:37.400 --> 00:01:42.140 align:middle line:84%
And it was able to fingerprint
and say that it's Linux.
00:01:42.140 --> 00:01:46.180 align:middle line:90%
2.6 is its best guess.
00:01:46.180 --> 00:01:46.960 align:middle line:90%
And that's fine.
00:01:46.960 --> 00:01:48.490 align:middle line:90%
We can live with that.
00:01:48.490 --> 00:01:49.990 align:middle line:84%
It's probably some
version of Linux.
00:01:49.990 --> 00:01:53.710 align:middle line:90%
00:01:53.710 --> 00:01:56.480 align:middle line:84%
So from there, we
could try some things.
00:01:56.480 --> 00:02:03.500 align:middle line:84%
If we do ftp, which
will just run the host
00:02:03.500 --> 00:02:08.400 align:middle line:84%
software on our
computer to reach out,
00:02:08.400 --> 00:02:10.220 align:middle line:90%
we can put in the server.
00:02:10.220 --> 00:02:13.940 align:middle line:90%
And it asks for a name.
00:02:13.940 --> 00:02:15.500 align:middle line:90%
We can go with nothing.
00:02:15.500 --> 00:02:17.660 align:middle line:90%
Try anonymous.
00:02:17.660 --> 00:02:21.050 align:middle line:90%
And nothing for the password.
00:02:21.050 --> 00:02:23.463 align:middle line:90%
Said login failed.
00:02:23.463 --> 00:02:24.380 align:middle line:90%
So we'll just say bye.
00:02:24.380 --> 00:02:26.930 align:middle line:90%
00:02:26.930 --> 00:02:32.990 align:middle line:84%
Let's try to figure
out what some usernames
00:02:32.990 --> 00:02:34.190 align:middle line:90%
and passwords would be.
00:02:34.190 --> 00:02:36.860 align:middle line:90%
We're going to use Hydra.
00:02:36.860 --> 00:02:41.782 align:middle line:84%
Hydra is a brute forcing
program that we have
00:02:41.782 --> 00:02:43.005 align:middle line:90%
or that we can get.
00:02:43.005 --> 00:02:45.710 align:middle line:90%
00:02:45.710 --> 00:02:49.200 align:middle line:84%
So with Hydra, you do
tack-L for your logins,
00:02:49.200 --> 00:02:51.450 align:middle line:84%
uppercase if you
want to do a list,
00:02:51.450 --> 00:02:54.356 align:middle line:84%
and we do for the
user/share/metasploit
00:02:54.356 --> 00:02:57.108 align:middle line:84%
framework/data/wordlists/common
users.txt.
00:02:57.108 --> 00:03:08.770 align:middle line:90%
00:03:08.770 --> 00:03:11.200 align:middle line:84%
You'll get familiar
with all your wordlists.
00:03:11.200 --> 00:03:12.670 align:middle line:90%
They're all in user share.
00:03:12.670 --> 00:03:19.480 align:middle line:90%
00:03:19.480 --> 00:03:22.930 align:middle line:84%
Tab completion is
also your friend.
00:03:22.930 --> 00:03:26.030 align:middle line:84%
If you hit Tab twice, it'll
show you more information.
00:03:26.030 --> 00:03:35.330 align:middle line:84%
So like, I want data wordlists
and then unix passwords.
00:03:35.330 --> 00:03:39.980 align:middle line:84%
And then, we tell it the IP
address that we're attacking
00:03:39.980 --> 00:03:41.690 align:middle line:90%
and the service, ftp.
00:03:41.690 --> 00:03:44.090 align:middle line:90%
That's it.
00:03:44.090 --> 00:03:47.540 align:middle line:84%
Hydra capital L, the
login wordlist, capital P,
00:03:47.540 --> 00:03:51.530 align:middle line:84%
the password wordlist,
our ip and ftp.
00:03:51.530 --> 00:03:54.140 align:middle line:90%
Then we'll let it go.
00:03:54.140 --> 00:03:57.035 align:middle line:90%
And that went pretty fast.
00:03:57.035 --> 00:04:01.430 align:middle line:90%
00:04:01.430 --> 00:04:05.540 align:middle line:84%
The login sysadmin has
a password of 654321.
00:04:05.540 --> 00:04:08.480 align:middle line:84%
And what it's doing is,
it's trying a username
00:04:08.480 --> 00:04:11.315 align:middle line:90%
and then it tries passwords.
00:04:11.315 --> 00:04:13.190 align:middle line:84%
It tries all the passwords
for that username.
00:04:13.190 --> 00:04:14.880 align:middle line:84%
And then it'll try
the next username.
00:04:14.880 --> 00:04:16.130 align:middle line:90%
It'll try all those passwords.
00:04:16.130 --> 00:04:19.890 align:middle line:90%
So it worked.
00:04:19.890 --> 00:04:20.990 align:middle line:90%
We got quite a list.
00:04:20.990 --> 00:04:26.270 align:middle line:84%
We would want to write all
these down and save them
00:04:26.270 --> 00:04:28.940 align:middle line:84%
because now what
we can do is ftpd.
00:04:28.940 --> 00:04:31.850 align:middle line:90%
Let's just hit up a few times.
00:04:31.850 --> 00:04:38.720 align:middle line:90%
00:04:38.720 --> 00:04:49.775 align:middle line:90%
Sysadmin and 654321.
00:04:49.775 --> 00:04:51.150 align:middle line:84%
And it says that
we're logged in.
00:04:51.150 --> 00:04:54.390 align:middle line:90%
We can do an ls.
00:04:54.390 --> 00:04:57.660 align:middle line:84%
You can run help if you want
to know all the commands.
00:04:57.660 --> 00:05:01.380 align:middle line:84%
But ls shows you the list
and their secret.txt.
00:05:01.380 --> 00:05:12.820 align:middle line:84%
So we can get secret.txt
and it says it sent it.
00:05:12.820 --> 00:05:15.440 align:middle line:90%
00:05:15.440 --> 00:05:17.140 align:middle line:90%
So then, we can say goodbye.
00:05:17.140 --> 00:05:20.440 align:middle line:90%
00:05:20.440 --> 00:05:24.820 align:middle line:84%
We'll look at ours,
and we have secret.txt.
00:05:24.820 --> 00:05:27.830 align:middle line:90%
00:05:27.830 --> 00:05:30.590 align:middle line:90%
And it's that code right there.
00:05:30.590 --> 00:05:40.400 align:middle line:84%
Another way we can go about this
is using an Nmap brute forcer
00:05:40.400 --> 00:05:48.320 align:middle line:84%
So what we'll do is, we
know sysadmin was in there.
00:05:48.320 --> 00:05:51.290 align:middle line:90%
00:05:51.290 --> 00:06:01.280 align:middle line:84%
Let's put it in this little
single wordlist called users.
00:06:01.280 --> 00:06:02.550 align:middle line:90%
I cat it out, and it's there.
00:06:02.550 --> 00:06:04.490 align:middle line:90%
OK.
00:06:04.490 --> 00:06:05.930 align:middle line:90%
Let's go back to our Nmap scan.
00:06:05.930 --> 00:06:11.190 align:middle line:90%
00:06:11.190 --> 00:06:14.835 align:middle line:90%
And what we can do is script.
00:06:14.835 --> 00:06:17.900 align:middle line:90%
00:06:17.900 --> 00:06:31.250 align:middle line:84%
We'll do the ftp-brute with
script-args userdb equals
00:06:31.250 --> 00:06:32.135 align:middle line:90%
root/users.
00:06:32.135 --> 00:06:34.970 align:middle line:90%
00:06:34.970 --> 00:06:40.730 align:middle line:84%
We'll do port 21
on that machine.
00:06:40.730 --> 00:06:45.500 align:middle line:84%
And let's see what the
Nmap FTP brute forcer
00:06:45.500 --> 00:06:51.020 align:middle line:84%
script returns for us using
that username of sysadmin.
00:06:51.020 --> 00:07:00.360 align:middle line:90%
00:07:00.360 --> 00:07:11.360 align:middle line:84%
And it came back that sysadmin
654321 were valid credentials.
00:07:11.360 --> 00:07:14.540 align:middle line:90%
Fairly straightforward.
00:07:14.540 --> 00:07:18.920 align:middle line:84%
So it utilizes a
username and password.
00:07:18.920 --> 00:07:21.390 align:middle line:90%
And then, you can get files.
00:07:21.390 --> 00:07:23.000 align:middle line:84%
Depending on how
it's configured,
00:07:23.000 --> 00:07:27.180 align:middle line:84%
there might be anonymous login,
which we'll look at next.
00:07:27.180 --> 00:07:32.460 align:middle line:84%
But that's FTP in a nutshell
and how we can use it.
00:07:32.460 --> 00:07:34.520 align:middle line:90%
Could we put files there?
00:07:34.520 --> 00:07:40.490 align:middle line:84%
Could we find useful files that
were just not stored securely?
00:07:40.490 --> 00:07:43.370 align:middle line:84%
And that may or may not
be the pen test itself.
00:07:43.370 --> 00:07:44.330 align:middle line:90%
It's really not.
00:07:44.330 --> 00:07:47.780 align:middle line:84%
Usually, that's going to be
a foothold or enumeration
00:07:47.780 --> 00:07:50.733 align:middle line:90%
to then gain full access.
00:07:50.733 --> 00:07:51.900 align:middle line:90%
Because that's what we want.
00:07:51.900 --> 00:07:53.480 align:middle line:90%
We want full access.
00:07:53.480 --> 00:07:55.550 align:middle line:84%
And if you're thinking
like a defender,
00:07:55.550 --> 00:07:57.050 align:middle line:90%
then you want to block all that.
00:07:57.050 --> 00:07:59.460 align:middle line:84%
You want to lock
this stuff down.
00:07:59.460 --> 00:08:02.320 align:middle line:90%
So let's move on.10530
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.