All language subtitles for 1. FTP - Copy

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic Download
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
ceb Cebuano
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
my Myanmar (Burmese)
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: WEBVTT 00:00:00.000 --> 00:00:03.486 align:middle line:90% 00:00:03.486 --> 00:00:06.474 align:middle line:90% [MUSIC LOGO] 00:00:06.474 --> 00:00:09.960 align:middle line:90% 00:00:09.960 --> 00:00:11.790 align:middle line:84% We're going to jump into our next protocol. 00:00:11.790 --> 00:00:15.990 align:middle line:84% It's FTP, which stands for File Transfer Protocol. 00:00:15.990 --> 00:00:19.110 align:middle line:84% And like you would expect, it's used 00:00:19.110 --> 00:00:22.710 align:middle line:84% for storing files on a server and being 00:00:22.710 --> 00:00:25.030 align:middle line:90% able to access them remotely. 00:00:25.030 --> 00:00:27.465 align:middle line:84% So let's take a look at what that actually means. 00:00:27.465 --> 00:00:31.996 align:middle line:90% 00:00:31.996 --> 00:00:34.210 align:middle line:90% We've got our machine. 00:00:34.210 --> 00:00:35.950 align:middle line:90% Check our IP address. 00:00:35.950 --> 00:00:40.450 align:middle line:90% We are 192.213.157.2. 00:00:40.450 --> 00:00:52.630 align:middle line:84% So let's ping 192.213.157.3, and it's up. 00:00:52.630 --> 00:00:53.830 align:middle line:90% Let's run Nmap scan. 00:00:53.830 --> 00:00:59.780 align:middle line:90% 00:00:59.780 --> 00:01:01.430 align:middle line:90% And we get back port 21. 00:01:01.430 --> 00:01:04.910 align:middle line:90% And it's says service is FTP. 00:01:04.910 --> 00:01:10.070 align:middle line:84% So let's hone in and do an operating system scan 00:01:10.070 --> 00:01:19.040 align:middle line:90% and a services scan on port 21. 00:01:19.040 --> 00:01:21.305 align:middle line:90% Port 21 is the default FTP port. 00:01:21.305 --> 00:01:24.020 align:middle line:90% 00:01:24.020 --> 00:01:27.540 align:middle line:84% You could configure it to be anywhere. 00:01:27.540 --> 00:01:30.240 align:middle line:84% You can only keep it where it's at. 00:01:30.240 --> 00:01:37.400 align:middle line:90% It's running ProFTPD 1.3.5. 00:01:37.400 --> 00:01:42.140 align:middle line:84% And it was able to fingerprint and say that it's Linux. 00:01:42.140 --> 00:01:46.180 align:middle line:90% 2.6 is its best guess. 00:01:46.180 --> 00:01:46.960 align:middle line:90% And that's fine. 00:01:46.960 --> 00:01:48.490 align:middle line:90% We can live with that. 00:01:48.490 --> 00:01:49.990 align:middle line:84% It's probably some version of Linux. 00:01:49.990 --> 00:01:53.710 align:middle line:90% 00:01:53.710 --> 00:01:56.480 align:middle line:84% So from there, we could try some things. 00:01:56.480 --> 00:02:03.500 align:middle line:84% If we do ftp, which will just run the host 00:02:03.500 --> 00:02:08.400 align:middle line:84% software on our computer to reach out, 00:02:08.400 --> 00:02:10.220 align:middle line:90% we can put in the server. 00:02:10.220 --> 00:02:13.940 align:middle line:90% And it asks for a name. 00:02:13.940 --> 00:02:15.500 align:middle line:90% We can go with nothing. 00:02:15.500 --> 00:02:17.660 align:middle line:90% Try anonymous. 00:02:17.660 --> 00:02:21.050 align:middle line:90% And nothing for the password. 00:02:21.050 --> 00:02:23.463 align:middle line:90% Said login failed. 00:02:23.463 --> 00:02:24.380 align:middle line:90% So we'll just say bye. 00:02:24.380 --> 00:02:26.930 align:middle line:90% 00:02:26.930 --> 00:02:32.990 align:middle line:84% Let's try to figure out what some usernames 00:02:32.990 --> 00:02:34.190 align:middle line:90% and passwords would be. 00:02:34.190 --> 00:02:36.860 align:middle line:90% We're going to use Hydra. 00:02:36.860 --> 00:02:41.782 align:middle line:84% Hydra is a brute forcing program that we have 00:02:41.782 --> 00:02:43.005 align:middle line:90% or that we can get. 00:02:43.005 --> 00:02:45.710 align:middle line:90% 00:02:45.710 --> 00:02:49.200 align:middle line:84% So with Hydra, you do tack-L for your logins, 00:02:49.200 --> 00:02:51.450 align:middle line:84% uppercase if you want to do a list, 00:02:51.450 --> 00:02:54.356 align:middle line:84% and we do for the user/share/metasploit 00:02:54.356 --> 00:02:57.108 align:middle line:84% framework/data/wordlists/common users.txt. 00:02:57.108 --> 00:03:08.770 align:middle line:90% 00:03:08.770 --> 00:03:11.200 align:middle line:84% You'll get familiar with all your wordlists. 00:03:11.200 --> 00:03:12.670 align:middle line:90% They're all in user share. 00:03:12.670 --> 00:03:19.480 align:middle line:90% 00:03:19.480 --> 00:03:22.930 align:middle line:84% Tab completion is also your friend. 00:03:22.930 --> 00:03:26.030 align:middle line:84% If you hit Tab twice, it'll show you more information. 00:03:26.030 --> 00:03:35.330 align:middle line:84% So like, I want data wordlists and then unix passwords. 00:03:35.330 --> 00:03:39.980 align:middle line:84% And then, we tell it the IP address that we're attacking 00:03:39.980 --> 00:03:41.690 align:middle line:90% and the service, ftp. 00:03:41.690 --> 00:03:44.090 align:middle line:90% That's it. 00:03:44.090 --> 00:03:47.540 align:middle line:84% Hydra capital L, the login wordlist, capital P, 00:03:47.540 --> 00:03:51.530 align:middle line:84% the password wordlist, our ip and ftp. 00:03:51.530 --> 00:03:54.140 align:middle line:90% Then we'll let it go. 00:03:54.140 --> 00:03:57.035 align:middle line:90% And that went pretty fast. 00:03:57.035 --> 00:04:01.430 align:middle line:90% 00:04:01.430 --> 00:04:05.540 align:middle line:84% The login sysadmin has a password of 654321. 00:04:05.540 --> 00:04:08.480 align:middle line:84% And what it's doing is, it's trying a username 00:04:08.480 --> 00:04:11.315 align:middle line:90% and then it tries passwords. 00:04:11.315 --> 00:04:13.190 align:middle line:84% It tries all the passwords for that username. 00:04:13.190 --> 00:04:14.880 align:middle line:84% And then it'll try the next username. 00:04:14.880 --> 00:04:16.130 align:middle line:90% It'll try all those passwords. 00:04:16.130 --> 00:04:19.890 align:middle line:90% So it worked. 00:04:19.890 --> 00:04:20.990 align:middle line:90% We got quite a list. 00:04:20.990 --> 00:04:26.270 align:middle line:84% We would want to write all these down and save them 00:04:26.270 --> 00:04:28.940 align:middle line:84% because now what we can do is ftpd. 00:04:28.940 --> 00:04:31.850 align:middle line:90% Let's just hit up a few times. 00:04:31.850 --> 00:04:38.720 align:middle line:90% 00:04:38.720 --> 00:04:49.775 align:middle line:90% Sysadmin and 654321. 00:04:49.775 --> 00:04:51.150 align:middle line:84% And it says that we're logged in. 00:04:51.150 --> 00:04:54.390 align:middle line:90% We can do an ls. 00:04:54.390 --> 00:04:57.660 align:middle line:84% You can run help if you want to know all the commands. 00:04:57.660 --> 00:05:01.380 align:middle line:84% But ls shows you the list and their secret.txt. 00:05:01.380 --> 00:05:12.820 align:middle line:84% So we can get secret.txt and it says it sent it. 00:05:12.820 --> 00:05:15.440 align:middle line:90% 00:05:15.440 --> 00:05:17.140 align:middle line:90% So then, we can say goodbye. 00:05:17.140 --> 00:05:20.440 align:middle line:90% 00:05:20.440 --> 00:05:24.820 align:middle line:84% We'll look at ours, and we have secret.txt. 00:05:24.820 --> 00:05:27.830 align:middle line:90% 00:05:27.830 --> 00:05:30.590 align:middle line:90% And it's that code right there. 00:05:30.590 --> 00:05:40.400 align:middle line:84% Another way we can go about this is using an Nmap brute forcer 00:05:40.400 --> 00:05:48.320 align:middle line:84% So what we'll do is, we know sysadmin was in there. 00:05:48.320 --> 00:05:51.290 align:middle line:90% 00:05:51.290 --> 00:06:01.280 align:middle line:84% Let's put it in this little single wordlist called users. 00:06:01.280 --> 00:06:02.550 align:middle line:90% I cat it out, and it's there. 00:06:02.550 --> 00:06:04.490 align:middle line:90% OK. 00:06:04.490 --> 00:06:05.930 align:middle line:90% Let's go back to our Nmap scan. 00:06:05.930 --> 00:06:11.190 align:middle line:90% 00:06:11.190 --> 00:06:14.835 align:middle line:90% And what we can do is script. 00:06:14.835 --> 00:06:17.900 align:middle line:90% 00:06:17.900 --> 00:06:31.250 align:middle line:84% We'll do the ftp-brute with script-args userdb equals 00:06:31.250 --> 00:06:32.135 align:middle line:90% root/users. 00:06:32.135 --> 00:06:34.970 align:middle line:90% 00:06:34.970 --> 00:06:40.730 align:middle line:84% We'll do port 21 on that machine. 00:06:40.730 --> 00:06:45.500 align:middle line:84% And let's see what the Nmap FTP brute forcer 00:06:45.500 --> 00:06:51.020 align:middle line:84% script returns for us using that username of sysadmin. 00:06:51.020 --> 00:07:00.360 align:middle line:90% 00:07:00.360 --> 00:07:11.360 align:middle line:84% And it came back that sysadmin 654321 were valid credentials. 00:07:11.360 --> 00:07:14.540 align:middle line:90% Fairly straightforward. 00:07:14.540 --> 00:07:18.920 align:middle line:84% So it utilizes a username and password. 00:07:18.920 --> 00:07:21.390 align:middle line:90% And then, you can get files. 00:07:21.390 --> 00:07:23.000 align:middle line:84% Depending on how it's configured, 00:07:23.000 --> 00:07:27.180 align:middle line:84% there might be anonymous login, which we'll look at next. 00:07:27.180 --> 00:07:32.460 align:middle line:84% But that's FTP in a nutshell and how we can use it. 00:07:32.460 --> 00:07:34.520 align:middle line:90% Could we put files there? 00:07:34.520 --> 00:07:40.490 align:middle line:84% Could we find useful files that were just not stored securely? 00:07:40.490 --> 00:07:43.370 align:middle line:84% And that may or may not be the pen test itself. 00:07:43.370 --> 00:07:44.330 align:middle line:90% It's really not. 00:07:44.330 --> 00:07:47.780 align:middle line:84% Usually, that's going to be a foothold or enumeration 00:07:47.780 --> 00:07:50.733 align:middle line:90% to then gain full access. 00:07:50.733 --> 00:07:51.900 align:middle line:90% Because that's what we want. 00:07:51.900 --> 00:07:53.480 align:middle line:90% We want full access. 00:07:53.480 --> 00:07:55.550 align:middle line:84% And if you're thinking like a defender, 00:07:55.550 --> 00:07:57.050 align:middle line:90% then you want to block all that. 00:07:57.050 --> 00:07:59.460 align:middle line:84% You want to lock this stuff down. 00:07:59.460 --> 00:08:02.320 align:middle line:90% So let's move on.10530

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.