Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:11,940 --> 00:00:14,340
I don't go back to another episode on How to Hack.
2
00:00:14,720 --> 00:00:20,240
So today we'll be discussing about misapply framework for Beginners and we'll be looking at the architecture
3
00:00:20,390 --> 00:00:22,310
or the framework of Manasquan framework.
4
00:00:22,550 --> 00:00:27,080
And look at the modules are available instead of splotchy, as well as exploit and exploitation that
5
00:00:27,080 --> 00:00:28,270
we'll use alongside Cymatics.
6
00:00:28,850 --> 00:00:33,230
And this can really accelerate the pace of how quickly we're performing our penetration testing.
7
00:00:33,230 --> 00:00:38,300
And this can be really useful and helpful, especially when we are trying to understand more about how
8
00:00:38,300 --> 00:00:44,390
we could utilize misapply to help us get access into systems, find vulnerabilities, look at exploits
9
00:00:44,390 --> 00:00:45,140
as well as Palouse.
10
00:00:45,140 --> 00:00:48,470
They're available as well on top of that to post exploitation.
11
00:00:48,470 --> 00:00:50,240
What do we do after we get into the system?
12
00:00:50,240 --> 00:00:51,590
Are we able dumble passwords?
13
00:00:51,890 --> 00:00:54,020
I'll be able to get privilege escalation.
14
00:00:54,030 --> 00:00:56,930
So again, all these are key questions that you probably have.
15
00:00:56,930 --> 00:00:58,730
You have been using metastable for a while now.
16
00:01:01,500 --> 00:01:06,210
So what exactly is a better supply framework, so that supply framework is a penetration testing platform
17
00:01:06,240 --> 00:01:11,430
that allow us to use different modules and the modules on the right, you can see a module is a standalone
18
00:01:11,430 --> 00:01:16,980
piece of code that is in some or in a lot of ways not interacted with the other modules inside that
19
00:01:17,010 --> 00:01:17,670
supply framework.
20
00:01:17,850 --> 00:01:19,320
So you could do this on yourself.
21
00:01:19,320 --> 00:01:24,530
If you look at some of the template guy about coding your own exploited coding or in modules inside
22
00:01:24,540 --> 00:01:25,360
that supply framework.
23
00:01:25,380 --> 00:01:29,910
So that's a great way to start off with a special later on when you're trying to program some of these
24
00:01:29,910 --> 00:01:30,450
features.
25
00:01:30,600 --> 00:01:34,380
And we'll definitely be uploading a video about how you could create your own modules.
26
00:01:34,530 --> 00:01:39,570
Look at some of the exploits that you could potentially look at and be able to use and upload or change
27
00:01:39,570 --> 00:01:41,550
some of the code because everything is open source.
28
00:01:41,970 --> 00:01:44,300
So play framework has two versions.
29
00:01:44,310 --> 00:01:46,290
One is the pro version.
30
00:01:46,290 --> 00:01:47,370
So you have to pay for that.
31
00:01:47,520 --> 00:01:51,060
And one that we've been looking at in a lot of tutorials have always been a free one.
32
00:01:51,390 --> 00:01:53,940
And of course, there are some limitations in terms of free one.
33
00:01:53,970 --> 00:01:58,980
So, again, if you are a full time penetration tester or you're doing a lot of security assessments,
34
00:01:58,980 --> 00:02:01,290
so highly recommended to go for a paid version.
35
00:02:01,830 --> 00:02:05,170
And of course, if you look at a bottom, we have services of medicine.
36
00:02:05,410 --> 00:02:09,660
So, again, if you look at some of the tutorials online, we could see that sometimes people would
37
00:02:09,660 --> 00:02:14,370
have to study a possible sequel in order to start running the database of services inside supply.
38
00:02:14,430 --> 00:02:19,530
So, again, this could be because of supply use, possible sequel to actually stall all this data.
39
00:02:19,590 --> 00:02:24,030
So, again, you have to start to services before you're able to kick some ass boyfriend work.
40
00:02:26,850 --> 00:02:32,460
So today, we'll cover three key points in the agenda, so first of all, is about misplay framework,
41
00:02:32,460 --> 00:02:33,090
how does it work?
42
00:02:33,360 --> 00:02:37,380
And abattoirs in terms of the margins there available for you using that display framework?
43
00:02:37,390 --> 00:02:42,810
And lastly, how can we scope and define the kind of parameters and options that we want to push into
44
00:02:42,810 --> 00:02:43,320
the system?
45
00:02:45,240 --> 00:02:49,110
So first of all, let's understand three key points as part of our supply framework.
46
00:02:49,230 --> 00:02:51,360
So the very first is vulnerability.
47
00:02:51,600 --> 00:02:56,710
We have to make sure that we want to find our vulnerability inside the system, inside the machine.
48
00:02:56,780 --> 00:02:59,710
We're trying to hack into by using exploits and so on.
49
00:02:59,730 --> 00:03:04,770
So this is the part where we have to scanning modules available in some way framework that we can utilize
50
00:03:04,950 --> 00:03:05,460
or to.
51
00:03:05,460 --> 00:03:10,770
We could also use other tools like and MAP to find out the service version of the software version that
52
00:03:10,770 --> 00:03:14,460
has those services running out to find out what kind of services are running into the system.
53
00:03:14,700 --> 00:03:20,010
So, again, if a system is fully patch, have no vulnerability and then we have to start thinking about
54
00:03:20,010 --> 00:03:23,610
zero day potential as we want to craft out our exploit inside the system.
55
00:03:23,730 --> 00:03:27,980
So, again, that could be very tedious and cumbersome and could take a really long time to develop.
56
00:03:28,710 --> 00:03:33,540
And of course, the vulnerabilities are basically areas of opportunities that we can actually hack into
57
00:03:33,540 --> 00:03:33,980
the system.
58
00:03:33,990 --> 00:03:37,860
So vulnerability will be one of the key terms that we must understand.
59
00:03:38,280 --> 00:03:39,990
And number two is in terms of exploit.
60
00:03:39,990 --> 00:03:46,020
So exploit is what happens when we are able to bypass the security mechanism inside a particular service
61
00:03:46,140 --> 00:03:47,860
or a software operating system.
62
00:03:48,090 --> 00:03:53,670
So, again, this allow us to be able to take control of the system to control the software or the services
63
00:03:53,670 --> 00:03:57,030
running inside an operating system and arbitrages payload.
64
00:03:57,030 --> 00:04:00,600
So payload is what do we do after we get into the system?
65
00:04:01,020 --> 00:04:01,850
Do we want to show?
66
00:04:02,070 --> 00:04:03,650
Do we want it to trigger a shutdown?
67
00:04:03,780 --> 00:04:09,780
So again, payload come alongside with matter supply mainly as shells to give us control of the system
68
00:04:09,780 --> 00:04:15,980
so that we can do a lot more different kind of commands, manipulation of the system as part of a supply
69
00:04:15,990 --> 00:04:16,560
framework.
70
00:04:19,250 --> 00:04:23,960
So what's the advantages of using misapply framework compared to, say, using manual way of trying
71
00:04:23,960 --> 00:04:25,090
to do penetration testing?
72
00:04:25,520 --> 00:04:28,670
So there are five key ways for us to think about in terms of the advantages.
73
00:04:28,850 --> 00:04:35,480
So one is more supply is use a lot in a lot of penetration testing tools, a lot of auditing platforms.
74
00:04:35,720 --> 00:04:41,420
And it is used extensively to test companies for your security posture very, very frequently.
75
00:04:41,420 --> 00:04:46,370
And as such, having skill set amount of supply will be very helpful for you, because whenever you're
76
00:04:46,370 --> 00:04:50,510
joining a new team of penetration testers, chances are they have Mattiske boyfriend running.
77
00:04:50,720 --> 00:04:54,080
And it will be great if you are familiar with it, because some of the interview questions could also
78
00:04:54,080 --> 00:04:55,100
come alongside with that.
79
00:04:55,820 --> 00:04:59,660
And of course, the great thing is that it simplifies complicated or complex task.
80
00:04:59,870 --> 00:05:05,330
So complex tasks, meaning that you have sequential of actions that need to be carried out as part of
81
00:05:05,330 --> 00:05:06,380
your penetration testing.
82
00:05:06,380 --> 00:05:11,600
As such, you could use manage supply scripts to also automate it for you as much as possible so you
83
00:05:11,600 --> 00:05:14,210
can simplify many of this complex task together.
84
00:05:14,420 --> 00:05:19,280
And you can also put session on a background and use your own scripts to run through and execute inside
85
00:05:19,280 --> 00:05:19,940
a current session.
86
00:05:19,980 --> 00:05:24,980
So, again, a lot of this complexity can be taken out and simplified to the user matter.
87
00:05:24,980 --> 00:05:25,370
Splotchy.
88
00:05:26,260 --> 00:05:32,080
No tree is in terms of the range of capabilities that he can use along with matter supply, because
89
00:05:32,080 --> 00:05:34,840
it is built in a old and systematic way.
90
00:05:35,020 --> 00:05:40,720
So you can think of the mortgages that are available and you have auxillary scanners and you have exploits
91
00:05:40,720 --> 00:05:42,370
and you have post exploitation.
92
00:05:42,490 --> 00:05:48,190
So all these are really segmented into many different modules, many different in terms of a cyber attack
93
00:05:48,190 --> 00:05:48,560
chain.
94
00:05:48,700 --> 00:05:51,010
How are you trying to work around a system?
95
00:05:51,010 --> 00:05:53,460
So again, all this already of all that for you.
96
00:05:53,470 --> 00:05:59,830
So it's easy for you to visualize how where you are in the attack phase, where which part of the penetration
97
00:05:59,830 --> 00:06:03,280
testing you're at and what is the next step for you in order to carry them out.
98
00:06:04,000 --> 00:06:05,770
So this is all consistent updates.
99
00:06:05,770 --> 00:06:09,330
You get a lot of updates as you run about a supply framework into your system.
100
00:06:09,340 --> 00:06:14,590
So all this updates can help troubleshoot system, make sure the system are running fine and making
101
00:06:14,590 --> 00:06:16,390
sure your exploits are working as intended.
102
00:06:16,540 --> 00:06:21,070
So, again, all these updates are great for you, especially in terms of trying to make sure that you
103
00:06:21,070 --> 00:06:23,620
can perform your penetration testing smoothly.
104
00:06:24,700 --> 00:06:28,960
And of course, the great point is there are thousands of bodies inside that a supply framework.
105
00:06:29,140 --> 00:06:33,160
And this is really helpful because all these functions have been built by many of these penetration
106
00:06:33,160 --> 00:06:33,700
testers.
107
00:06:33,790 --> 00:06:39,310
And you can use them and be able to accelerate how quickly you are performing a penetration testing
108
00:06:39,340 --> 00:06:45,490
and all these tools at and help you find out potential vulnerabilities, exploits, as well as Paillot
109
00:06:45,490 --> 00:06:51,190
so that you are able to speed up the pace of how quickly you could get into the system and generate
110
00:06:51,190 --> 00:06:56,950
those reports necessary in order to find out more things about the entity to target entity of the target
111
00:06:56,950 --> 00:06:57,550
enterprise.
112
00:07:00,100 --> 00:07:05,380
So here we got a screenshot of my display, so whenever you in colonics or if you have install it on
113
00:07:05,380 --> 00:07:08,940
your Windows operating system, all you do is enter MSF console.
114
00:07:09,200 --> 00:07:10,790
You'll be brought into this page.
115
00:07:10,810 --> 00:07:16,270
So here we can see you've got two dozen four exploits, one zero nine auxillary, three four two post
116
00:07:16,480 --> 00:07:21,550
five six four payloads, forty five Encoders, 10 and Ops and seven invasion.
117
00:07:21,560 --> 00:07:24,190
So again, a lot of modules available as part of it.
118
00:07:24,370 --> 00:07:28,840
That could be austinmer of attack as it comes to doing and performing penetration testing.
119
00:07:31,230 --> 00:07:35,640
So one of the key things I really want to share with you as the number one advice when it comes to using
120
00:07:35,640 --> 00:07:39,410
metaphore framework is to go into the help wherever you are.
121
00:07:39,780 --> 00:07:41,190
So it is an interactive shell.
122
00:07:41,190 --> 00:07:45,690
So every time you're moving from one shell to another shell or you're moving from one place to another
123
00:07:45,960 --> 00:07:51,000
inside a supply framework, go ahead and to help freely enter help whenever you have the chance to.
124
00:07:51,120 --> 00:07:56,160
And you can see all the commands available to you that you can kihn that you can enter into.
125
00:07:56,220 --> 00:08:01,230
And this is really helpful for you to get yourself familiar with the user matter supply framework.
126
00:08:01,500 --> 00:08:06,660
So over here, in this case, we enter help and we can see all the functions and features and commands
127
00:08:06,660 --> 00:08:08,230
that we can use alongside with it.
128
00:08:08,370 --> 00:08:13,110
So this is really helpful in terms of trying to get yourself familiar with the supply framework.
129
00:08:14,900 --> 00:08:20,060
So, of course, now we move on into the exploits or exploits of ranked exploits are rank in terms of
130
00:08:20,060 --> 00:08:22,910
how good they are, do actually go off the system.
131
00:08:22,920 --> 00:08:27,440
So we got a ranking of excellent, great, good, normal, average, low and manual.
132
00:08:27,890 --> 00:08:32,480
So, of course, the best option to choose from will be excellent ranking because that entry to the
133
00:08:32,480 --> 00:08:37,730
system don't crash, because if the system crashes, then that could actually alert system administrators.
134
00:08:37,890 --> 00:08:42,280
And if you're doing a penetration testing on production systems, this is highly dangerous.
135
00:08:42,440 --> 00:08:48,230
In fact, most of the time you should always go after penetration testing on the environment or where
136
00:08:48,230 --> 00:08:54,770
the systems are actually merit to a separate lab test or a virtual set up where you could actually mimic
137
00:08:54,950 --> 00:08:58,090
real life production environment and be able to do all this testing on.
138
00:08:58,100 --> 00:09:02,200
So they'll be the number one advice for whenever we're doing penetration testing.
139
00:09:02,600 --> 00:09:04,550
So of course, we got the different kind of rankings.
140
00:09:04,550 --> 00:09:10,100
So we have to choose wisely what we want to use when it comes to executing many of these payloads.
141
00:09:12,150 --> 00:09:17,340
So over here, when you do a search on exploit or you want to show exploits, it will show you the thousands
142
00:09:17,340 --> 00:09:18,560
of exploits available.
143
00:09:18,570 --> 00:09:21,490
And of course, the first one we can look at is the ID number.
144
00:09:21,510 --> 00:09:27,120
So that number of stars from one foreign country, I can from one all the way to two one and we can
145
00:09:27,120 --> 00:09:30,060
see the windows, we understand, for the Windows operating system.
146
00:09:30,070 --> 00:09:34,620
So again, it could be Eunuch's, it could be any other type of Android devices as well.
147
00:09:34,630 --> 00:09:39,460
So depending on the operating system, followed by the service on top of the operating system and from
148
00:09:39,460 --> 00:09:42,740
the service, followed by a service type of service version.
149
00:09:42,750 --> 00:09:44,360
So that could be very software driven.
150
00:09:44,640 --> 00:09:50,160
So I'll say, for example, you're using a Windows so you could be a directory, could be an easy FTP.
151
00:09:50,520 --> 00:09:55,890
And of course, followed by the date, the date when the KVI common vulnerability exposure was released,
152
00:09:56,130 --> 00:09:58,270
followed by the ranking of the exploit.
153
00:09:58,560 --> 00:09:58,880
Yes.
154
00:09:58,890 --> 00:09:59,180
No.
155
00:09:59,190 --> 00:10:05,160
And a final one is actually on the version number of the particular exploit.
156
00:10:08,650 --> 00:10:13,720
So over here, of course, so we can show options whenever we are inside a supply framework.
157
00:10:13,750 --> 00:10:19,060
So once you have selected the use of that particular exploit payload or any of those modules, you can
158
00:10:19,060 --> 00:10:19,750
enter show option.
159
00:10:19,770 --> 00:10:25,330
So show options will show you the perimeters that are needed in order to execute this particular module.
160
00:10:25,630 --> 00:10:30,070
So in this case, we're using Windows Sambi MS 17 zero one zero.
161
00:10:31,480 --> 00:10:36,610
So in this case, we got our host, we got DG Treys, we got like a Tab's down pipe and so on.
162
00:10:36,640 --> 00:10:41,840
So, again, all this some of them, if you see under Thirt column, is required.
163
00:10:42,100 --> 00:10:49,300
So requirements it's compulsory is a value that you must specify in order to use that particular module.
164
00:10:49,450 --> 00:10:54,160
And of course, on the right side, we have the description about the module and here all the description
165
00:10:54,160 --> 00:10:55,790
about a parameter and an option that you have.
166
00:10:55,930 --> 00:10:57,130
So, again, very important.
167
00:10:57,130 --> 00:11:02,690
If you need any help, go ahead and to help really to understand more about the module and all the commands
168
00:11:02,690 --> 00:11:05,200
is available for you to use as part of the module.
169
00:11:07,680 --> 00:11:11,880
Of course, this would go us into the Paillot, so what happened after you exploited in the system?
170
00:11:12,240 --> 00:11:14,490
You want to execute something you want to execute?
171
00:11:14,490 --> 00:11:17,550
Most of the time, a payload and a payload is usually a shell.
172
00:11:17,790 --> 00:11:19,980
So, again, there are a number of shells that we can choose from.
173
00:11:20,160 --> 00:11:25,580
So you see on the background, we have windows, which is the operating system, type 64 architecture,
174
00:11:25,590 --> 00:11:26,610
the platform architecture.
175
00:11:26,880 --> 00:11:30,270
And then of course, we got Shell and we got different social media protocols.
176
00:11:30,270 --> 00:11:34,680
The most popular one of all, because it gives us a lot of capabilities in terms of penetration testing,
177
00:11:34,950 --> 00:11:38,160
while we can also do and get a normal shell of windows.
178
00:11:38,380 --> 00:11:43,440
Again, this is depending on the kind of privileges you're going to get or you think that you're going
179
00:11:43,440 --> 00:11:45,600
to get as part of your penetration testing.
180
00:11:45,810 --> 00:11:48,900
But the most preferred, of course, is made a printer, but, of course, made a printer.
181
00:11:48,900 --> 00:11:54,780
Also has some of these potential items that could be detected by antivirus system or endpoint detection
182
00:11:54,780 --> 00:11:55,740
and response systems.
183
00:11:56,040 --> 00:12:01,200
So, again, all this choosing of a selection of the payload is very important as part of penetration
184
00:12:01,200 --> 00:12:07,530
testing, especially if you're trying to penetrate into systems that are highly updated.
185
00:12:07,560 --> 00:12:11,430
So, again, all these are things that you want to keep in mind when you're selecting the kind of payloads
186
00:12:11,430 --> 00:12:12,300
to go in into.
187
00:12:14,110 --> 00:12:14,740
So here we go.
188
00:12:15,250 --> 00:12:20,710
Also, middle school is a great way in terms of exploiting a system, getting to payload, which has
189
00:12:20,710 --> 00:12:24,410
a lot of functions and features in terms of post exploitation as well as exploitation.
190
00:12:24,850 --> 00:12:31,540
So in terms of privilege, escalation, uploading, downloading a files, etc., so great way, especially
191
00:12:31,540 --> 00:12:36,850
in terms of running many different kind of modules, especially when it comes to penetration testing.
192
00:12:37,150 --> 00:12:40,980
So it's one of the most preferred shell, if you could get it, without detection.
193
00:12:41,320 --> 00:12:46,130
So again, this will be a great way for you to actually try out many of these different commands.
194
00:12:46,270 --> 00:12:51,100
So, again, as device enter help the moment you're in session, and this could actually show all the
195
00:12:51,100 --> 00:12:52,720
features and commands that you want to see.
196
00:12:52,960 --> 00:12:57,250
And from there on, you'll be able to find out things that you can do Furter and things that you could
197
00:12:57,250 --> 00:12:58,090
be limited to.
198
00:12:58,270 --> 00:13:01,870
And you have to a background session and be able to run all those sexploitation.
199
00:13:03,800 --> 00:13:05,880
So, of course, this will bring us to post exploitation.
200
00:13:05,900 --> 00:13:08,940
So the question is always now, then, of exploiting the system.
201
00:13:09,380 --> 00:13:09,930
What's next?
202
00:13:10,040 --> 00:13:10,930
What do I do next?
203
00:13:11,030 --> 00:13:12,160
How do I get passwords?
204
00:13:12,260 --> 00:13:13,490
How do I get persistance?
205
00:13:13,820 --> 00:13:19,010
So, again, there are a lot of post exploitation modules available in site Matus boyfriend that can
206
00:13:19,130 --> 00:13:20,360
help you in that way.
207
00:13:20,570 --> 00:13:24,100
So, of course, is a heart attack into Target organization.
208
00:13:24,560 --> 00:13:27,170
You want to pivot from one machine to another machine.
209
00:13:27,260 --> 00:13:29,480
You want to do scanning on the environment.
210
00:13:29,690 --> 00:13:33,290
You want to find out what protocols you're using, what servers they have, what services they have
211
00:13:33,290 --> 00:13:34,280
on top of those servers.
212
00:13:34,860 --> 00:13:40,850
So, again, all these are capable in helping you actually expand the scope of your exploitation.
213
00:13:43,610 --> 00:13:45,240
So here we got post Windows Exploit.
214
00:13:45,320 --> 00:13:50,780
So, of course, you can actually do a search on post and we can actually see all the modules available
215
00:13:50,780 --> 00:13:52,150
as part of post exploitation.
216
00:13:52,180 --> 00:13:56,690
We got privilege escalation and we got dumping out of data dumping and passwords.
217
00:13:56,710 --> 00:13:59,600
So, again, all these are there for us to take a look at.
218
00:13:59,610 --> 00:14:03,950
So especially when we go into tutorial later, we can actually see many of these modules and see how
219
00:14:03,950 --> 00:14:07,540
they function and work and what kind of data we can actually pull out from the system.
220
00:14:08,000 --> 00:14:12,980
So directly from the screenshot we could see, we could look at post Windows, Manesh webcam, we can
221
00:14:12,980 --> 00:14:16,240
look at resolving IP addresses, we can look at wireless list.
222
00:14:16,250 --> 00:14:21,050
So again, all this are some of the polls exploitation now we could be using in order to find out more
223
00:14:21,050 --> 00:14:26,750
information about a system trying to get privilege escalation again, many different items and features
224
00:14:26,750 --> 00:14:27,740
that we can look into.
225
00:14:30,030 --> 00:14:34,950
So there are also a lot of auxillary modules available as part of their supply framework, so in this
226
00:14:34,950 --> 00:14:39,360
case, on the right side, we have Etman, we got crawlers, we got scanners and we got Fyssas.
227
00:14:39,570 --> 00:14:44,970
So when you go into Mazwai framework, you can search for Auxillary and you can see all this modules
228
00:14:44,970 --> 00:14:47,310
available or all these subcategories available.
229
00:14:47,310 --> 00:14:51,900
So there are a lot more subcategories that you can look at that may be outside of scope of today's lecture.
230
00:14:51,930 --> 00:14:53,880
So, again, do explore them whenever you have to.
231
00:14:53,880 --> 00:14:54,420
Time to.
232
00:14:56,160 --> 00:15:01,080
So, of course, the first one is the crawler, so Criollo actually allow us to crawl into the system,
233
00:15:01,080 --> 00:15:07,710
so allow us to crawl through Web application servers, allow us to find our subdirectory, do a crawling
234
00:15:07,710 --> 00:15:12,780
into the system, like how we deploy web crawlers from search engines and we'll go into the site deeply
235
00:15:13,050 --> 00:15:18,000
finding out things that may be accidentally being exposed to publicly available information.
236
00:15:18,360 --> 00:15:23,490
So, again, we can use MSF Criollo on that and that can help us crawl into the Web server and finding
237
00:15:23,490 --> 00:15:24,690
out all this information.
238
00:15:26,650 --> 00:15:31,390
And of course, we also got a scanner, so scanners help us scan that particular service, whether it's
239
00:15:31,390 --> 00:15:34,820
available that is vulnerable to different kind of exploits.
240
00:15:35,050 --> 00:15:40,120
So we have done a number of tutorials about using auxillary scanner where we scan the Windows 10 operating
241
00:15:40,120 --> 00:15:43,210
system to see if it was vulnerable to eternal blue.
242
00:15:43,360 --> 00:15:47,560
So, again, that could be the first step you take before you run the exploit, because if the system
243
00:15:47,710 --> 00:15:50,440
is not vulnerable, then you will not be able to exploit it.
244
00:15:50,530 --> 00:15:55,540
And then you have to start scanning for other items inside a target machine before you're able to run,
245
00:15:55,540 --> 00:15:56,170
you exploit.
246
00:15:58,950 --> 00:16:04,650
So, of course, we have to go forcing so we uploaded a new video on SQL injection that was a full tutorial
247
00:16:04,650 --> 00:16:04,970
on that.
248
00:16:04,980 --> 00:16:06,130
So that was really interesting.
249
00:16:06,570 --> 00:16:11,100
So it's fairly similar in the sense that we are trying to foster service of the system.
250
00:16:11,100 --> 00:16:17,520
We're trying to inject code into the system to break it, to get past the buffer and be able to inject
251
00:16:17,520 --> 00:16:18,590
things into the system.
252
00:16:18,600 --> 00:16:20,340
So we're trying to find software Bachs.
253
00:16:20,640 --> 00:16:26,460
So in this case, as part of the auxillary modules of fazing inside Manzoni framework, we got support
254
00:16:26,460 --> 00:16:27,510
for a different protocol.
255
00:16:27,520 --> 00:16:30,280
So we got DNS, FTP and so on.
256
00:16:30,510 --> 00:16:37,170
So again, all these are ways and areas where we can try to push and inject code into those services
257
00:16:37,260 --> 00:16:40,850
to see when we can actually find vulnerabilities inside a system.
258
00:16:40,860 --> 00:16:46,410
So a lot more manual effort in terms of checking those systems or services for vulnerabilities.
259
00:16:48,520 --> 00:16:53,470
So, of course, before we go into dictatorial, the most important question right now you have in your
260
00:16:53,470 --> 00:16:56,940
mind is how can we write our own exploding supply framework?
261
00:16:56,950 --> 00:16:59,950
So again, we are going to cover it is in subsequent tutorial.
262
00:16:59,970 --> 00:17:01,030
So stay tuned for that.
263
00:17:01,420 --> 00:17:05,780
So for now, let us go into the tutorial of going through into metastable framework.
264
00:17:06,190 --> 00:17:11,410
So on the left side of screen of colonics running and all you got to do is actually click on the terminal
265
00:17:11,410 --> 00:17:13,960
emulator and we can actually zoom in a little.
266
00:17:13,960 --> 00:17:15,100
So it's easier for you to see.
267
00:17:15,490 --> 00:17:18,020
So I can actually go in and or MSF console.
268
00:17:18,310 --> 00:17:22,630
So this will start up the amount of supply framework immediately, just like what we see on the electric
269
00:17:22,630 --> 00:17:22,980
slide.
270
00:17:23,890 --> 00:17:25,000
So I'm here on a lecture slide.
271
00:17:25,000 --> 00:17:27,450
We can see that we actually keun into MSF console.
272
00:17:27,730 --> 00:17:30,960
So over here we are starting the med supply framework console.
273
00:17:31,300 --> 00:17:35,850
So once we're in, we'll be able to see, number one, the number of exploits, auxillary modules,
274
00:17:36,130 --> 00:17:39,550
pulse exploitation payloads, encoders and no ops as well.
275
00:17:39,550 --> 00:17:40,400
Seven, evasion.
276
00:17:41,050 --> 00:17:43,880
So now once we're in, all you got to do is enter help.
277
00:17:43,990 --> 00:17:47,260
So when you enter help, it will show you all the commands available.
278
00:17:47,270 --> 00:17:53,680
So again, wherever you are in the interactive shell, it's great if you have the ability to go into
279
00:17:53,680 --> 00:17:59,260
the help page or help command and it will show you all the parameters and all the commands that you
280
00:17:59,260 --> 00:18:01,070
can actually key in into the system.
281
00:18:01,270 --> 00:18:05,860
So this is a great way to actually explore and begin exploring new supply frameworks.
282
00:18:05,860 --> 00:18:08,680
So a very important way to understand more about exploiting.
283
00:18:09,820 --> 00:18:14,350
So, of course, as demonstrated on the lecture slide, we'll be looking also, of course, at some
284
00:18:14,350 --> 00:18:20,590
other key areas in terms of exploit so you can actually enter Shole followed by exploits and you hit
285
00:18:20,590 --> 00:18:21,220
enter and debt.
286
00:18:21,430 --> 00:18:26,950
So if you enter shool and if you do a double tap on a keyboard, it will show all the options that you
287
00:18:26,950 --> 00:18:28,000
have a spot of Schull.
288
00:18:28,270 --> 00:18:32,760
So here when you see Schull, there's a show all show auxillary and codas and so on.
289
00:18:33,070 --> 00:18:36,240
So of course we can enter a show, for example, on exploits.
290
00:18:36,550 --> 00:18:40,390
So this would actually show and pull out all the exploits from the database.
291
00:18:40,540 --> 00:18:44,240
And we want to show you what exploits are available as part of a supply framework.
292
00:18:44,620 --> 00:18:48,760
So when I hit enter and is this could take some time to load because it's trying to pull all this data
293
00:18:48,760 --> 00:18:49,750
out from the database.
294
00:18:49,900 --> 00:18:52,420
So you may take a little while for the query to complete.
295
00:18:53,110 --> 00:18:59,170
So of course, likewise you could see show all you could enter, show auxillary and exploits no ops,
296
00:18:59,410 --> 00:19:01,300
show options, payloads and so on.
297
00:19:01,330 --> 00:19:06,460
So again, a very important way for us to understand about how we could actually see all the modules
298
00:19:06,460 --> 00:19:07,210
inside the system.
299
00:19:07,210 --> 00:19:11,770
So show is one of those commands that you will use extensively to actually find out modules that you
300
00:19:11,770 --> 00:19:12,600
can look out for.
301
00:19:13,270 --> 00:19:16,250
And another option that we have is also in terms of searching.
302
00:19:16,630 --> 00:19:21,070
So in terms of searching, we can also search specifically, we can search for any keywords, just like
303
00:19:21,070 --> 00:19:26,080
how you use any of the search engine so you can to search, followed by the type of payload that you
304
00:19:26,080 --> 00:19:26,860
could be looking for.
305
00:19:27,190 --> 00:19:33,250
You could be looking for anything, perhaps, for example, related to Android or anything example related
306
00:19:33,250 --> 00:19:33,880
to Apache.
307
00:19:34,060 --> 00:19:39,390
So, again, all these are things that you can actually look for as you are using Matus framework.
308
00:19:39,640 --> 00:19:41,710
So, of course, in this case, we're still waiting for this show.
309
00:19:42,080 --> 00:19:43,600
So now we have to return.
310
00:19:43,630 --> 00:19:48,760
So if you remember earlier from the lecture right over here on the right site, we have different kind
311
00:19:48,760 --> 00:19:49,820
of ratings.
312
00:19:49,820 --> 00:19:50,350
So ranking.
313
00:19:50,350 --> 00:19:55,930
So we got the rankings of excellent, great, good, normal, average, low end manuell.
314
00:19:56,260 --> 00:20:01,330
So in this case, when you enter on the show exploits, we can see normal average manuell.
315
00:20:01,330 --> 00:20:01,780
Great.
316
00:20:02,050 --> 00:20:04,540
And maybe you're looking for Excelon over here like Weisse.
317
00:20:04,540 --> 00:20:05,550
We can see it over here.
318
00:20:05,950 --> 00:20:10,090
So again, we are able to see all the modules information as part of it.
319
00:20:10,840 --> 00:20:12,940
So, of course, moving back, we can enter.
320
00:20:12,940 --> 00:20:13,420
Such as?
321
00:20:13,420 --> 00:20:13,810
Well.
322
00:20:13,810 --> 00:20:17,320
And perhaps you want to search for Android so you can search on that.
323
00:20:17,320 --> 00:20:20,220
And it was show you all the different modules available.
324
00:20:20,230 --> 00:20:25,500
So if you scroll all the way up is actually over here, we can see Auxillary as the type of modules
325
00:20:25,510 --> 00:20:26,350
we're looking for.
326
00:20:26,380 --> 00:20:29,290
And now we have the administrator, Android, Google Play store.
327
00:20:29,650 --> 00:20:32,920
And of course, we got a ranking disclosure data as a CSV exploit.
328
00:20:33,370 --> 00:20:36,540
And of course, on the right side, we have a description of the particular module.
329
00:20:37,150 --> 00:20:41,080
So as you scroll down, we can see the different kind of auxillary modules are available for you to
330
00:20:41,080 --> 00:20:41,480
use.
331
00:20:41,710 --> 00:20:46,090
So we have Gater, we have Geter, we got a scanner again, we got a server.
332
00:20:46,630 --> 00:20:50,950
And of course, as you scroll down, we have exploit exploit, followed by the operating system type.
333
00:20:51,370 --> 00:20:56,410
And then the major category followed by the subcategory are the name of the particular service that
334
00:20:56,410 --> 00:20:57,470
we're exploiting into.
335
00:20:57,730 --> 00:20:59,740
So here we got the Android debark breech.
336
00:20:59,740 --> 00:21:06,040
So we actually show Android Buckeridge the past few videos about how we could actually be able to exploit
337
00:21:06,040 --> 00:21:06,190
them.
338
00:21:06,220 --> 00:21:08,020
So, again, really, really useful on that.
339
00:21:08,380 --> 00:21:14,410
So because Stagefright MP four, so this is a way for actually the user to execute AMP for video file
340
00:21:14,620 --> 00:21:16,340
and you gain complete control of the system.
341
00:21:16,660 --> 00:21:20,560
So again, many exploits for us to actually try and test out on.
342
00:21:20,770 --> 00:21:24,250
It's a great way for us to understand more about a system operating system question.
343
00:21:24,640 --> 00:21:26,260
And of course, we've got a different kind of payloads.
344
00:21:26,950 --> 00:21:28,840
So payloads are basically giving us shell.
345
00:21:29,080 --> 00:21:31,030
So we got a normal android shell.
346
00:21:31,030 --> 00:21:34,030
And of course, we also got meta preta shell over here that you can see.
347
00:21:34,030 --> 00:21:37,640
So reverse TCP reverse ETPs.
348
00:21:37,930 --> 00:21:41,050
And of course we've got post exploitation as part of the operating system.
349
00:21:41,050 --> 00:21:44,710
So we've got post Android Geter trying to dump all hash values.
350
00:21:45,160 --> 00:21:47,020
We're trying to get some information.
351
00:21:47,140 --> 00:21:51,460
We are trying to get wireless access point information, so again, also not a great one, removing
352
00:21:51,460 --> 00:21:53,500
a lock from the remote device lock.
353
00:21:53,540 --> 00:21:58,300
So, again, many different impulse exploitation that we can look at as part of media supply framework.
354
00:21:59,920 --> 00:22:04,660
So moving forward, of course, we have seen all of the exploits and of course, over here we can also
355
00:22:04,660 --> 00:22:05,740
use exploits.
356
00:22:06,070 --> 00:22:10,870
So in this case, I actually have a Windows operating system running over here so I can enter CMD.
357
00:22:10,900 --> 00:22:16,630
So this will show us the IP configuration of this particular this particular operating system.
358
00:22:16,630 --> 00:22:19,400
So we got one or two, one six eight one eight nine.
359
00:22:19,960 --> 00:22:24,610
So we are going to minimize this and that is going to be our target machine and we're going to use my
360
00:22:24,610 --> 00:22:27,060
display here to try to gain access into the system.
361
00:22:27,580 --> 00:22:32,710
So the first thing I use is perhaps I will search, I'll do a search on SMB because there is a very
362
00:22:32,710 --> 00:22:36,800
popular exploit in Windows using SMB or I could search on internal blue.
363
00:22:37,030 --> 00:22:38,660
So again, either one would be fine.
364
00:22:39,040 --> 00:22:42,040
So there's a lot of SMB over here so I can do a search on internal.
365
00:22:43,150 --> 00:22:46,530
And over here we've got five matching modules from our search results.
366
00:22:46,990 --> 00:22:49,990
So the first one is a auxillary module administrator.
367
00:22:49,990 --> 00:22:53,950
So it would be checking on the internal blue SMB windows.
368
00:22:53,950 --> 00:22:55,000
Come on execution.
369
00:22:55,270 --> 00:22:56,710
We got auxillary scanner.
370
00:22:56,710 --> 00:23:03,270
So scanner is actually a way for us to scan a system to see if it is vulnerable to a particular exploit.
371
00:23:03,550 --> 00:23:05,230
And of course, we've got a number of exploits here.
372
00:23:05,240 --> 00:23:06,910
We've got two, three, four and five.
373
00:23:07,180 --> 00:23:11,830
So we've got eternal blue, we got SMB MI 17 zero one zero.
374
00:23:12,040 --> 00:23:14,290
So again, we've got a blue internal blue eight.
375
00:23:14,290 --> 00:23:21,190
We got execute and of course that is on Eterno Blue Champion SMB Remote Windows Code execution.
376
00:23:21,190 --> 00:23:30,190
We've got Semba double pulser RSI so we can actually enter, use auxillary scanner SMB, SMB on a score
377
00:23:30,190 --> 00:23:33,370
at seventeen, hit enter indebt, enter show options.
378
00:23:34,660 --> 00:23:39,940
So over here again, if you see Caerphilly back into the sleights, we actually have a show options
379
00:23:39,940 --> 00:23:40,570
capability.
380
00:23:40,570 --> 00:23:45,710
So that is the part where we want to find out more information or details about the particular exploit.
381
00:23:45,910 --> 00:23:50,260
So again, we are able to find all those information directly from here by entering show options.
382
00:23:50,740 --> 00:23:53,830
So if you see over here, we can see all the show options available to you on that.
383
00:23:54,340 --> 00:23:55,750
So we can enter a set.
384
00:23:56,500 --> 00:23:58,890
Of course, here we can see the parameter that we have a key in.
385
00:23:58,900 --> 00:23:59,650
So required.
386
00:23:59,650 --> 00:24:00,260
No required.
387
00:24:00,310 --> 00:24:02,140
No, no, that's a yes.
388
00:24:02,140 --> 00:24:02,670
A nameplate.
389
00:24:02,680 --> 00:24:07,060
So we have already supplied those information over there and we have another one of our hosts so we
390
00:24:07,060 --> 00:24:13,300
can actually set our house and we can actually specify the IP address of the target machine.
391
00:24:13,660 --> 00:24:15,950
So one or two one six eight one eight nine.
392
00:24:16,090 --> 00:24:21,940
So go ahead, enter that one two one six eight one eight nine hit enter and that we can actually see
393
00:24:22,240 --> 00:24:25,270
the armholes information, of course, moving forward.
394
00:24:25,300 --> 00:24:27,680
We see that the rest of the information has been filled in.
395
00:24:28,120 --> 00:24:30,090
So once you're done on that, go ahead, hit front.
396
00:24:30,640 --> 00:24:34,120
So again, here we are checking whether the system invulnerable.
397
00:24:34,300 --> 00:24:40,770
So he says host is slightly vulnerable to me, 17 zero one zero Windows 10 zero one four three nine
398
00:24:41,030 --> 00:24:41,500
sixty four.
399
00:24:42,370 --> 00:24:47,380
So once we have check on the system, we can do a search once again to actually find out about what
400
00:24:47,380 --> 00:24:48,350
explodes we can use.
401
00:24:48,370 --> 00:24:55,750
So in this case, we can select number four so we can enter, use, exploit windows SMB Mouse 17 zero
402
00:24:55,750 --> 00:24:56,320
one zero.
403
00:24:57,910 --> 00:25:09,160
So use exploit windows SMB Mouse 17 zero one zero c p c heat enter and debt and to show options.
404
00:25:09,520 --> 00:25:15,010
So again, here we will see what are the parameters where it is compulsory for us to actually look into.
405
00:25:15,520 --> 00:25:20,290
So here we got the DB trace, which has already been Felic attempts already been filled.
406
00:25:20,560 --> 00:25:22,270
So we get a feeling into our hosts.
407
00:25:22,720 --> 00:25:28,240
So our host is the target IP address, as mentioned earlier, said our hosts one or two one six eight
408
00:25:28,390 --> 00:25:29,480
one eight nine.
409
00:25:29,500 --> 00:25:31,780
So in my case it is eight nine again.
410
00:25:31,780 --> 00:25:34,210
In your case it could be a different IP address.
411
00:25:34,420 --> 00:25:40,300
So we can go ahead and hit enter on debt and now we can enter show Paillot, what are the palettes available
412
00:25:40,300 --> 00:25:41,720
to get with this exploit?
413
00:25:42,070 --> 00:25:44,460
So again, it's retrieving the information from the database.
414
00:25:44,470 --> 00:25:49,330
So here we can see we've got two zero eight number of exploit, a number of Palouse that we can use.
415
00:25:50,050 --> 00:25:51,500
So here we can see Windows eight.
416
00:25:51,520 --> 00:25:54,160
Sixty four, we can see reverse Meenakshi DP.
417
00:25:54,400 --> 00:25:58,120
So the one is going to be the most suitable for today's tutorial.
418
00:25:58,300 --> 00:26:03,400
We're actually on me to Preeta, so let's screw up a little more and see that we can see all the windows.
419
00:26:03,520 --> 00:26:09,610
Sixty four metre preeta shell that we can get so in case we are going to be more interested in this
420
00:26:09,610 --> 00:26:09,810
one.
421
00:26:09,820 --> 00:26:11,980
So this is a Windows XP for me.
422
00:26:11,980 --> 00:26:14,210
To Preeta Reverse underscore the DP.
423
00:26:14,260 --> 00:26:15,610
So copy the selection.
424
00:26:16,240 --> 00:26:21,850
I'll scroll all the way down, I'll add to set payload and I'll pace the selection from the clipboard
425
00:26:22,300 --> 00:26:25,840
so I can pay selection hit enter on that enter show options.
426
00:26:26,200 --> 00:26:31,710
So now because we have a payload that would give us a shell reverse shell, we have to set the elbows
427
00:26:31,720 --> 00:26:33,440
or the local listener hostname.
428
00:26:34,000 --> 00:26:40,080
So what I'm going to do is I'm going to enter IP ADR the final the IP address of your colonics machine.
429
00:26:40,090 --> 00:26:44,550
So in this case I'll call the next machine is one or two one six eight one nine one.
430
00:26:45,010 --> 00:26:46,480
So go ahead and enter set.
431
00:26:47,440 --> 00:26:55,120
One, two one six eight one nine one and talk show options again to check all the options, all the
432
00:26:55,120 --> 00:26:57,940
values, and make sure that you have a key parameter on that.
433
00:26:58,630 --> 00:27:00,010
So here we go, Ellos.
434
00:27:00,010 --> 00:27:06,120
We got the airport number as well, and we got all the parameters set forward in as well in our house.
435
00:27:06,490 --> 00:27:10,170
So once you have all this information in place, go ahead, enter exploit.
436
00:27:10,270 --> 00:27:14,370
And that would give us our shall allow me to put a shell into the target machine.
437
00:27:14,800 --> 00:27:17,440
So once you're in the shell meter, pretty shake and enter help.
438
00:27:17,680 --> 00:27:23,200
So once again, in help, we can see all the modules available for us and we can actually see a lot
439
00:27:23,200 --> 00:27:27,010
of information, a lot of capabilities, a lot of things that we can enter into.
440
00:27:27,490 --> 00:27:33,790
So one example is we can actually enter the different kind of modules that we can use at our car, commands
441
00:27:33,790 --> 00:27:34,490
that we can use.
442
00:27:34,810 --> 00:27:40,350
So the question mark also is a way to put up the help manual and we can background a current session.
443
00:27:40,360 --> 00:27:44,490
We can kill processes that are inside a system, we can migrate and so on.
444
00:27:44,500 --> 00:27:50,950
So some of the commonly used ones will be on the system information system infl so we can go ahead and
445
00:27:50,950 --> 00:27:53,650
screw all the way down and antiracist infl.
446
00:27:54,070 --> 00:27:58,030
So it's very important that you try out all these different commands because it will be very helpful
447
00:27:58,030 --> 00:28:03,980
for you to get yourself familiar with Matus framework so you understand everything about Matus framework.
448
00:28:04,630 --> 00:28:08,440
So once again, I hope you learned something valuable in today's lecture and tutorial.
449
00:28:08,710 --> 00:28:13,300
And if you like what you watch remotely like, subscribe to the channel so that you can be kept abreast
450
00:28:13,390 --> 00:28:14,830
of the latest episode of Tutorial.
451
00:28:15,130 --> 00:28:19,300
And if have any questions, feel free to leave a comment below and I'll try my best to answer any of
452
00:28:19,300 --> 00:28:19,900
your queries.
453
00:28:20,590 --> 00:28:22,120
Thank you so much once again for watching.
49931
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.