Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,700 --> 00:00:04,690
In this section we will be talking about exploitation.
2
00:00:04,950 --> 00:00:13,620
And let me start by defining the objective of this section usually in hackings there is two different
3
00:00:13,620 --> 00:00:15,000
mythology.
4
00:00:15,000 --> 00:00:18,200
First one depend on the user error.
5
00:00:18,390 --> 00:00:26,970
So for instance I create a malicious code and add to a PDA fine and send it to the victim and hope hoping
6
00:00:27,060 --> 00:00:34,080
that he will open this file by email or whatever or I'm sending him an assignments or email with the
7
00:00:34,080 --> 00:00:38,390
link and hoping that he would click on the link in all zoé.
8
00:00:38,460 --> 00:00:50,560
And depending on his weak awareness or that he would do a mistake the second mythology is most effective
9
00:00:50,560 --> 00:00:54,750
MATELJAN which is depending on the weakness of the system.
10
00:00:55,030 --> 00:01:03,310
So I'm scanning the system I'm getting what operating system they are they have what the application
11
00:01:03,310 --> 00:01:03,820
is running.
12
00:01:03,820 --> 00:01:06,690
What ports are open what services are there.
13
00:01:07,000 --> 00:01:14,140
And we saw earlier in previous lectures how to get such information using netcat news anchor and map
14
00:01:14,140 --> 00:01:23,320
and so on and then start searching for weakness variability and start searching for an exploit which
15
00:01:23,320 --> 00:01:30,310
is a program to Hexis system through this with an ability it's more effective.
16
00:01:30,320 --> 00:01:34,440
And this is because we do not depend on any one mistake.
17
00:01:34,450 --> 00:01:41,600
I do not wait for that user mistake or a user error that he will click on the link or not.
18
00:01:41,620 --> 00:01:50,290
Now in this case regardless of use or how careful he is I will still be able to compromise the system.
19
00:01:50,440 --> 00:01:53,390
So during the section we're going to see how to do that first.
20
00:01:53,440 --> 00:01:58,510
In this letter I'm going to show you how complicated this was before.
21
00:01:58,510 --> 00:02:05,360
And then I'm going to show you in a framework a very famous framework called Meta's pride which made
22
00:02:05,360 --> 00:02:07,880
this process very very easy.
23
00:02:08,380 --> 00:02:15,400
So the first lecture was will be just a proof of concept showing you how to do it or how we used to
24
00:02:15,400 --> 00:02:20,880
do that before and it was complicated but don't get upset.
25
00:02:20,920 --> 00:02:27,610
Next lecture will be much more easier because I'm going to introduce to you a new framework that made
26
00:02:27,620 --> 00:02:32,460
sexploitation part very very easy without any prerequisite.
27
00:02:32,470 --> 00:02:35,750
You don't need to know any programming language you don't need to know anything.
28
00:02:36,070 --> 00:02:44,920
So first let's see how we use computers because if you don't see how hard it was you will not appreciate
29
00:02:45,070 --> 00:02:46,690
this framework.
30
00:02:46,710 --> 00:02:47,690
So.
31
00:02:47,920 --> 00:02:54,160
In my case here I have two virtual machine as a hacker machine and the victim machine and assuming that
32
00:02:54,160 --> 00:02:59,190
I did some research earlier I did get some information about the victim machine.
33
00:02:59,200 --> 00:03:05,110
I know that he's running Windows XP and I know some application I know support and everything and then
34
00:03:05,140 --> 00:03:11,980
using this information I start looking for weakness and there is a lot of ways for doing that.
35
00:03:12,040 --> 00:03:17,350
But I'm going to point to some of the public Web sites so you can go to this Web site security folks
36
00:03:17,350 --> 00:03:26,140
that come where you can search any product software or hardware it could be Microsoft it could be Linux
37
00:03:26,140 --> 00:03:27,650
Unix Android anything.
38
00:03:27,700 --> 00:03:29,440
And once you click it will show you all.
39
00:03:29,500 --> 00:03:31,380
So in my case it was Microsoft to show me.
40
00:03:31,380 --> 00:03:39,390
Also Microsoft products let me choose Windows XP so I'll choose Windows XP.
41
00:03:40,560 --> 00:03:44,010
And let's go down.
42
00:03:44,560 --> 00:03:50,330
And once they choose once XP it will show me all the vulnerability in Windows XP and it's Windows XP
43
00:03:50,330 --> 00:03:54,100
has more than one release.
44
00:03:54,100 --> 00:04:03,920
It will show me on the search Dropbox all the service back Ornelas.
45
00:04:04,770 --> 00:04:13,800
So as you can see zos hours of inability or weakness in Windows XP we have around 11 pages and you will
46
00:04:13,800 --> 00:04:19,440
find in any product even the news product that you can find Microsoft Windows 7 of 2012 Microsoft wins
47
00:04:20,200 --> 00:04:21,230
10.
48
00:04:21,300 --> 00:04:28,380
Any other product so using such public site as it is as a public site like for instance security tracker
49
00:04:28,980 --> 00:04:41,820
or Disney's exploit DD so many websites will help you to exploit D-B dot com
50
00:04:44,930 --> 00:04:47,310
or scrolls.
51
00:04:47,530 --> 00:04:55,690
Not a problem but what I'm saying is as you can see you know those are Windows XP which is my vector
52
00:04:55,690 --> 00:04:57,920
machine right now.
53
00:04:58,210 --> 00:05:04,060
I will take one specific abilities that was very very common in which any Windows XP or Windows Server
54
00:05:04,060 --> 00:05:07,300
2003 which is a dicom are PC.
55
00:05:07,730 --> 00:05:16,970
So this is one of the built in such a Kirti focus if you check it will show you all the system or also
56
00:05:16,970 --> 00:05:20,520
operating system effect it was such vulnerability.
57
00:05:20,800 --> 00:05:27,590
It will give you a discussion which will be it will explain the effect of civil debate on the system.
58
00:05:27,590 --> 00:05:30,860
But the most important point to exploit here.
59
00:05:30,950 --> 00:05:36,150
It will give us the programs that you can use to compromise the system chooses the village.
60
00:05:36,500 --> 00:05:41,120
But the problem was that most of the time those vulnerability was written in different language it could
61
00:05:41,120 --> 00:05:43,810
be c it could be Rupi it could be passed on.
62
00:05:43,820 --> 00:05:44,720
So let's see.
63
00:05:44,720 --> 00:05:53,920
In our case I would think this one it was written in C and as you can see it's you know it's you know
64
00:05:53,930 --> 00:06:00,020
some C language because sometimes maybe just one simple one you don't to move the financing but sometimes
65
00:06:00,020 --> 00:06:04,800
you need to define the code by changing the IP of the victim or changing some information.
66
00:06:05,210 --> 00:06:13,550
But let me show you how we used to like utilize this vulnerability in my case I already downloaded this
67
00:06:13,550 --> 00:06:16,790
vulnerability in my hacker machine.
68
00:06:16,790 --> 00:06:19,490
So getting back here.
69
00:06:20,360 --> 00:06:31,530
Let me show you my computer in the C-Drive and it is full that you can exploit it to go.
70
00:06:31,770 --> 00:06:39,560
And this was the vulnerability as you can see that I downloaded from the Web site.
71
00:06:39,610 --> 00:06:44,250
The problem was you cannot use of a nobilities is where you have to combine them you're going to get
72
00:06:44,250 --> 00:06:46,760
it and it becomes inexactitude.
73
00:06:46,780 --> 00:06:49,420
Now this is not inside the scope of our cause.
74
00:06:49,420 --> 00:06:56,230
I mean I don't want to waste time showing you how to compile a C program because maybe or finds a program
75
00:06:56,260 --> 00:06:58,960
or exploit with a different language.
76
00:06:59,200 --> 00:07:01,170
But I'm just showing you the process.
77
00:07:03,050 --> 00:07:07,120
In general how would you say to me how we used to do that.
78
00:07:07,490 --> 00:07:12,570
And then I'm going to compare that to the same attack but using the meta split which is much more easier
79
00:07:12,570 --> 00:07:13,300
to answer.
80
00:07:13,610 --> 00:07:19,710
So once I received one second byte is this law file to an exploit then I can launch it.
81
00:07:19,730 --> 00:07:24,890
So let's go to the command line and let's go to the
82
00:07:27,650 --> 00:07:28,690
C drive.
83
00:07:29,390 --> 00:07:39,650
And I'm going to go to the same POS where I work on exploit.
84
00:07:40,700 --> 00:07:50,780
This is the same POS where I kept the file exploit and then I just need to Tabes comment and it will
85
00:07:50,780 --> 00:07:53,060
tell me how to use it so if I become
86
00:07:55,920 --> 00:08:02,940
exploit then press enter it will tell me the proper way for using that is its of this common should
87
00:08:02,940 --> 00:08:09,330
be DICOM exploit then the target IDs Zenza target IP.
88
00:08:09,330 --> 00:08:15,420
I know the target IP because you know once you plan to compromise system you should get IP.
89
00:08:15,450 --> 00:08:18,460
And I believe you should be aware how to get an IP.
90
00:08:18,930 --> 00:08:25,140
But what is the target ID give you a list here with the target ID if you using Windows Server 2000 this
91
00:08:25,140 --> 00:08:25,860
is a good idea.
92
00:08:25,860 --> 00:08:33,690
In our case I think its a Windows server number five which is Windows XP Service box.
93
00:08:34,050 --> 00:08:43,110
So now I need to repeat the comment and type the target audience number five and then the target.
94
00:08:43,380 --> 00:08:52,180
Now how did I know that this is when Windows XP Service back zero.
95
00:08:52,260 --> 00:08:56,970
If you get back to the unmap lecture where I explained how to
96
00:08:59,580 --> 00:09:06,320
scan the system and know what operating system and no support opening and service and so on by the way
97
00:09:06,330 --> 00:09:09,270
same concept apply on Android device.
98
00:09:09,270 --> 00:09:11,980
You know this is a proof of concept concept on Windows.
99
00:09:12,270 --> 00:09:14,340
But what we are trying to say.
100
00:09:14,340 --> 00:09:19,400
You can search for a vulnerability for Android and for those that potentially.
101
00:09:19,740 --> 00:09:27,510
So Aransas exploit he said okay fine the exploit was successful and he opened a port on the victim machine
102
00:09:27,510 --> 00:09:29,260
for 444.
103
00:09:29,280 --> 00:09:35,430
So now I think we have an open port a potties that has been opened remotely on the victim machine.
104
00:09:35,430 --> 00:09:39,990
I just need to connect to it how to connect to a port remotely.
105
00:09:39,990 --> 00:09:48,990
We explained that we have a very very useful tool called netcat so we can type netcat 1 9 2 1 6 8 8
106
00:09:49,020 --> 00:09:57,240
1 1 1 4 and then space and support number 1 2 3 4.
107
00:09:57,840 --> 00:09:59,790
And here we go.
108
00:09:59,880 --> 00:10:09,810
We have been we are now on the vector machine and if we need to check if you type Now IP config youll
109
00:10:09,900 --> 00:10:15,240
see that you are on the I'm sorry.
110
00:10:16,250 --> 00:10:17,880
We can think
111
00:10:21,250 --> 00:10:22,830
you witnesses that you are now.
112
00:10:22,900 --> 00:10:27,610
This is a shell of a commission you can create to use or you can create a full that you can do whatever
113
00:10:27,610 --> 00:10:28,290
you want.
114
00:10:28,690 --> 00:10:34,360
Now my point from this lecture was just to show you that it was complicated and this is a very simple
115
00:10:34,360 --> 00:10:39,970
expose some of them are so complicated that you need to open the file I need to change inside it and
116
00:10:39,970 --> 00:10:40,840
then combine it.
117
00:10:40,840 --> 00:10:42,270
It was not that easy.
118
00:10:42,340 --> 00:10:51,650
It was very powerful but it is now according to that a very good framework called Middlesboro it has
119
00:10:51,650 --> 00:11:00,140
been introduced to this many many framework but this was a free one where it was Fassett is a process
120
00:11:00,140 --> 00:11:03,530
you don't need to know any language you don't need to any coding.
121
00:11:03,830 --> 00:11:08,520
You just need to know what vulnerability you are looking for and he's taking care of everything.
122
00:11:08,540 --> 00:11:13,160
So let's see how to repeat the same attack by using me meta exploit.
12941
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.