Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,270 --> 00:00:02,250
Instructor: As an aspiring penetration tester
2
00:00:02,250 --> 00:00:03,690
it's important for you to understand
3
00:00:03,690 --> 00:00:05,490
how to use virtual machines
4
00:00:05,490 --> 00:00:07,410
to be able to practice your techniques
5
00:00:07,410 --> 00:00:10,440
by being able to have your own pen testing environment.
6
00:00:10,440 --> 00:00:11,550
Now in this course,
7
00:00:11,550 --> 00:00:13,350
I'm gonna do a lot of demonstrations
8
00:00:13,350 --> 00:00:15,330
to show you all the different tools and techniques
9
00:00:15,330 --> 00:00:16,800
that you might wanna use,
10
00:00:16,800 --> 00:00:19,050
and if you're in my course at diontraining.com
11
00:00:19,050 --> 00:00:22,170
that also includes cloud based Hands-on Labs.
12
00:00:22,170 --> 00:00:24,090
But if you wanna be able to build these things
13
00:00:24,090 --> 00:00:26,640
for yourself and start playing around with them
14
00:00:26,640 --> 00:00:28,752
that's what I'm gonna show you in this video.
15
00:00:28,752 --> 00:00:30,180
Now, I will say
16
00:00:30,180 --> 00:00:32,520
that this video is gonna be very generic in nature.
17
00:00:32,520 --> 00:00:34,500
I'm showing you the basic steps.
18
00:00:34,500 --> 00:00:36,540
I'm gonna show you how I do this on my machine
19
00:00:36,540 --> 00:00:38,550
which is a Mac OSX machine.
20
00:00:38,550 --> 00:00:40,620
But if you're using Windows or Linux
21
00:00:40,620 --> 00:00:42,330
you're gonna be following similar steps
22
00:00:42,330 --> 00:00:45,150
but the installation process will be a bit different.
23
00:00:45,150 --> 00:00:47,670
What I want you to take away here is the concepts
24
00:00:47,670 --> 00:00:48,992
and the basic steps.
25
00:00:48,992 --> 00:00:51,300
As an aspiring penetration tester,
26
00:00:51,300 --> 00:00:53,190
you should be able to go onto YouTube
27
00:00:53,190 --> 00:00:55,560
or go online and google exactly how to do this
28
00:00:55,560 --> 00:00:58,279
for your hardware and your operating system.
29
00:00:58,279 --> 00:00:59,910
Now, the first thing you're gonna need
30
00:00:59,910 --> 00:01:02,340
is some sort of a virtualization environment.
31
00:01:02,340 --> 00:01:04,230
I recommend using VirtualBox
32
00:01:04,230 --> 00:01:06,150
because it's an open source free tool
33
00:01:06,150 --> 00:01:08,730
that works on all of the different operating systems.
34
00:01:08,730 --> 00:01:12,117
To get VirtualBox, just go to virtualbox.org
35
00:01:12,117 --> 00:01:15,570
and on the homepage click the big download button.
36
00:01:15,570 --> 00:01:17,190
Now, when you go to the download screen
37
00:01:17,190 --> 00:01:20,490
you're gonna see that it says there are platform packages.
38
00:01:20,490 --> 00:01:23,580
These platform packages are based on the operating system
39
00:01:23,580 --> 00:01:25,860
that your machine is gonna be using,
40
00:01:25,860 --> 00:01:28,950
not the virtualization machines that you wanna be hosting.
41
00:01:28,950 --> 00:01:31,560
So for example, I'm using a MacBook Pro,
42
00:01:31,560 --> 00:01:34,230
so I need to click on OSX hosts.
43
00:01:34,230 --> 00:01:36,900
If you're using Windows you'll click on Windows host,
44
00:01:36,900 --> 00:01:37,770
and if you're using Linux
45
00:01:37,770 --> 00:01:39,510
you'll click on Linux distributions
46
00:01:39,510 --> 00:01:41,160
and pick your distribution.
47
00:01:41,160 --> 00:01:42,810
Once you click on your distribution
48
00:01:42,810 --> 00:01:46,170
or your operating system, it's gonna download that file.
49
00:01:46,170 --> 00:01:47,040
At that point
50
00:01:47,040 --> 00:01:49,020
you're gonna be installing this software
51
00:01:49,020 --> 00:01:52,347
known as VirtualBox into your host operating system.
52
00:01:52,347 --> 00:01:53,910
Now that it's been downloaded,
53
00:01:53,910 --> 00:01:55,770
I can go into my downloads folder,
54
00:01:55,770 --> 00:01:57,330
I can click on VirtualBox
55
00:01:57,330 --> 00:01:59,160
and this is gonna mount the ISO
56
00:01:59,160 --> 00:02:01,080
or the DMG in the case of a Mac,
57
00:02:01,080 --> 00:02:03,840
which allows me to reach that installer file.
58
00:02:03,840 --> 00:02:05,100
Now on a Windows machine,
59
00:02:05,100 --> 00:02:08,280
you're gonna have an EXC or an MSI executable file
60
00:02:08,280 --> 00:02:09,570
for you to run the installation,
61
00:02:09,570 --> 00:02:11,760
but on a Mac, it's a pkg file.
62
00:02:11,760 --> 00:02:13,110
You'll simply double click it
63
00:02:13,110 --> 00:02:14,648
and it will open up the installer.
64
00:02:14,648 --> 00:02:16,710
At this point, you're gonna say allow,
65
00:02:16,710 --> 00:02:18,540
and you're gonna walk through the basic steps
66
00:02:18,540 --> 00:02:20,250
of doing the installation.
67
00:02:20,250 --> 00:02:22,380
If you're asked to a your admin password
68
00:02:22,380 --> 00:02:23,790
you can simply put that in
69
00:02:23,790 --> 00:02:26,730
and this will allow to fully install the software.
70
00:02:26,730 --> 00:02:27,780
Once it's completed
71
00:02:27,780 --> 00:02:29,550
it's gonna take about one to three minutes
72
00:02:29,550 --> 00:02:31,440
depending on how fast your machine is,
73
00:02:31,440 --> 00:02:33,783
you'll be ready to start using VirtualBox.
74
00:02:37,110 --> 00:02:38,940
Now that VirtualBox has been installed
75
00:02:38,940 --> 00:02:42,090
you can close the installer, you can move it to trash,
76
00:02:42,090 --> 00:02:44,610
and you can close that mounted image.
77
00:02:44,610 --> 00:02:47,100
At this point, we no longer need the VirtualBox website
78
00:02:47,100 --> 00:02:48,500
so I'm gonna close that tab.
79
00:02:49,410 --> 00:02:50,670
Now the next thing we need
80
00:02:50,670 --> 00:02:52,260
is some sort of operating system
81
00:02:52,260 --> 00:02:54,330
that we're gonna conduct our attacks from
82
00:02:54,330 --> 00:02:57,150
because VirtualBox is just a virtualization system
83
00:02:57,150 --> 00:03:00,240
that provides you emulated hardware for you to use.
84
00:03:00,240 --> 00:03:01,980
Now, I personally like to use Kali
85
00:03:01,980 --> 00:03:03,150
and Kali is what is mentioned
86
00:03:03,150 --> 00:03:04,800
in your official textbook as well.
87
00:03:04,800 --> 00:03:06,330
So we're gonna go ahead and download Kali
88
00:03:06,330 --> 00:03:08,190
and use that in this course.
89
00:03:08,190 --> 00:03:09,210
To download Kali,
90
00:03:09,210 --> 00:03:13,110
just go to kali.org and then click on download.
91
00:03:13,110 --> 00:03:14,130
Once you click download,
92
00:03:14,130 --> 00:03:15,390
you'll be brought to this page
93
00:03:15,390 --> 00:03:17,160
where there's a lot of different options
94
00:03:17,160 --> 00:03:20,340
because Kali can be run on lots of different things.
95
00:03:20,340 --> 00:03:22,920
Now, if you see the one on the left that says Bare Metal,
96
00:03:22,920 --> 00:03:25,770
that would be if you want to format your entire hard drive
97
00:03:25,770 --> 00:03:28,770
and install Kali as your default operating system.
98
00:03:28,770 --> 00:03:30,930
As somebody who is learning penetration testing
99
00:03:30,930 --> 00:03:33,090
I do not recommend using that option.
100
00:03:33,090 --> 00:03:35,820
Instead, you're gonna wanna use a virtual machine
101
00:03:35,820 --> 00:03:37,920
and that's what we're gonna use here up on the right.
102
00:03:37,920 --> 00:03:39,630
Go ahead and just click on virtual machines
103
00:03:39,630 --> 00:03:43,410
and then you're gonna select either 64 bit or 32 bit
104
00:03:43,410 --> 00:03:46,200
depending on the operating system of your host OS,
105
00:03:46,200 --> 00:03:49,140
and whether you're using VMware or VirtualBox.
106
00:03:49,140 --> 00:03:51,600
In my case, I'm gonna be using VirtualBox,
107
00:03:51,600 --> 00:03:53,820
and I'm gonna be using this 64 bit edition
108
00:03:53,820 --> 00:03:56,070
and you'll download it by clicking on the download link
109
00:03:56,070 --> 00:04:00,179
where it says 3.7 G which is 3.7 gigabytes.
110
00:04:00,179 --> 00:04:02,160
Now to help speed up this process,
111
00:04:02,160 --> 00:04:05,190
I've already downloaded that 3.7 gigabyte file
112
00:04:05,190 --> 00:04:06,840
and I have it in my downloads.
113
00:04:06,840 --> 00:04:09,090
We're gonna go to our applications folder.
114
00:04:09,090 --> 00:04:11,220
We're gonna scroll down until we find VirtualBox
115
00:04:11,220 --> 00:04:13,323
and then we're gonna open up VirtualBox.
116
00:04:14,160 --> 00:04:16,380
Now you can see here that there's nothing showing
117
00:04:16,380 --> 00:04:19,230
in VirtualBox because we haven't created any hardware
118
00:04:19,230 --> 00:04:22,290
to emulate yet and there's no virtual machines,
119
00:04:22,290 --> 00:04:25,557
but we did just download a Kali Linux Virtual Machine.
120
00:04:25,557 --> 00:04:27,210
And so if we wanna use that,
121
00:04:27,210 --> 00:04:29,400
we're simply gonna go to our downloads folder,
122
00:04:29,400 --> 00:04:30,960
and in my case, it's right there
123
00:04:30,960 --> 00:04:35,310
with this ova file, which is a VirtualBox system.
124
00:04:35,310 --> 00:04:37,620
So if I click on that, it's gonna open up
125
00:04:37,620 --> 00:04:41,280
and it's gonna ask to import this appliance into VirtualBox.
126
00:04:41,280 --> 00:04:43,500
I can go ahead and select the normal default settings
127
00:04:43,500 --> 00:04:44,370
that it gives me.
128
00:04:44,370 --> 00:04:46,650
In this case, you can see it's using Kali Linux.
129
00:04:46,650 --> 00:04:48,238
It's from Offensive Security.
130
00:04:48,238 --> 00:04:53,010
It is a rolling X64 version in 2021.4a
131
00:04:53,010 --> 00:04:54,480
which is the current version of Kali
132
00:04:54,480 --> 00:04:56,040
at the time of this recording.
133
00:04:56,040 --> 00:04:57,780
You can see the guest type of the operating system
134
00:04:57,780 --> 00:05:00,810
is a Debbie and Linux machine which is 64 bit.
135
00:05:00,810 --> 00:05:02,640
It's gonna give it two processor core
136
00:05:02,640 --> 00:05:05,340
from my computer and two gigabytes of ram.
137
00:05:05,340 --> 00:05:06,690
And if we go down a little bit further
138
00:05:06,690 --> 00:05:09,540
we do have an emulated DVD, USB controller,
139
00:05:09,540 --> 00:05:11,550
sound card, and network adapter,
140
00:05:11,550 --> 00:05:14,277
as well as some storage controllers for IDE and SATA,
141
00:05:14,277 --> 00:05:15,750
and a virtual disc image
142
00:05:15,750 --> 00:05:17,640
which is already being mounted for us,
143
00:05:17,640 --> 00:05:20,070
the base folder and the primary group.
144
00:05:20,070 --> 00:05:22,803
From here, we're gonna go ahead and hit import.
145
00:05:24,360 --> 00:05:26,103
From here, we'll then say agree,
146
00:05:28,020 --> 00:05:30,240
and now we're just gonna wait as it imports.
147
00:05:30,240 --> 00:05:32,340
Usually this'll take just a couple of minutes
148
00:05:32,340 --> 00:05:35,240
depending on the speed of your system and your hard drive.
149
00:05:40,500 --> 00:05:43,410
All right, once it's done, you can now see it listed
150
00:05:43,410 --> 00:05:46,200
in the left panel showing that I have one machine here
151
00:05:46,200 --> 00:05:50,580
which is Kali Linux 2021.4a as a virtual machine.
152
00:05:50,580 --> 00:05:52,470
And this means we'll be able to use this machine
153
00:05:52,470 --> 00:05:54,720
and be able to add settings to it, changes to it,
154
00:05:54,720 --> 00:05:58,530
or just load it up and use it as if was a real computer.
155
00:05:58,530 --> 00:06:00,570
Now this is great except for one thing,
156
00:06:00,570 --> 00:06:02,190
this is my attack machine.
157
00:06:02,190 --> 00:06:04,110
I have no targets right now
158
00:06:04,110 --> 00:06:06,780
and so if I wanna practice my penetration testing skills
159
00:06:06,780 --> 00:06:08,580
I need someone to hack against.
160
00:06:08,580 --> 00:06:10,920
Now, as we talked about, you need to have permission
161
00:06:10,920 --> 00:06:13,020
from the system owner before you hack them.
162
00:06:13,020 --> 00:06:16,560
So the best way to do this is to create your own systems
163
00:06:16,560 --> 00:06:18,630
and this is the great thing about virtual machines.
164
00:06:18,630 --> 00:06:20,670
You can create your own virtual machines
165
00:06:20,670 --> 00:06:22,320
and you can then hack against them
166
00:06:22,320 --> 00:06:24,660
and you have your own permission to do so.
167
00:06:24,660 --> 00:06:26,550
Now, to do this, one of the great websites
168
00:06:26,550 --> 00:06:28,767
that I find out there is called VulnHub,
169
00:06:28,767 --> 00:06:32,580
and if you go over here and go to vulnhub.com,
170
00:06:32,580 --> 00:06:34,740
you're gonna find hundreds and hundreds
171
00:06:34,740 --> 00:06:36,330
of virtual machines here.
172
00:06:36,330 --> 00:06:38,760
These are all free to download and free to use.
173
00:06:38,760 --> 00:06:40,590
And these have all been created by the community
174
00:06:40,590 --> 00:06:42,600
to create different levels of challenges
175
00:06:42,600 --> 00:06:45,390
for people who are practicing their pen-testing skills.
176
00:06:45,390 --> 00:06:46,950
Now, the bad thing about these
177
00:06:46,950 --> 00:06:48,810
is none of these are directly tied
178
00:06:48,810 --> 00:06:50,550
to the pen-test plus exam.
179
00:06:50,550 --> 00:06:52,140
For instance, you're not gonna find one here
180
00:06:52,140 --> 00:06:55,620
called pen-test plus objective 3.7 that you can download
181
00:06:55,620 --> 00:06:57,628
and practice those particular skill sets.
182
00:06:57,628 --> 00:06:59,730
Again, this is one of the good things
183
00:06:59,730 --> 00:07:02,400
about using something like CompTIA Certmaster Labs,
184
00:07:02,400 --> 00:07:05,610
or the labs at diontraining.com because we tie them directly
185
00:07:05,610 --> 00:07:08,430
to the objectives of the pen-test plus exam.
186
00:07:08,430 --> 00:07:10,200
But as you're building your skills
187
00:07:10,200 --> 00:07:14,370
and going beyond the exam, VulnHub is a great place to go.
188
00:07:14,370 --> 00:07:15,600
Now, what I'm gonna do here
189
00:07:15,600 --> 00:07:16,433
is point out the fact
190
00:07:16,433 --> 00:07:18,630
that there is different difficulties here
191
00:07:18,630 --> 00:07:19,710
and as you're starting out
192
00:07:19,710 --> 00:07:22,380
you definitely wanna stick to the easy ones.
193
00:07:22,380 --> 00:07:24,030
So what I'm gonna do is I'm just gonna download
194
00:07:24,030 --> 00:07:26,464
the one on the right here, which is an easy difficulty,
195
00:07:26,464 --> 00:07:29,460
and it says the secret to this box is enumeration.
196
00:07:29,460 --> 00:07:31,050
So that's their hint they're giving us
197
00:07:31,050 --> 00:07:32,280
and I'm gonna go ahead and choose that one
198
00:07:32,280 --> 00:07:34,380
because enumeration is really the next phase
199
00:07:34,380 --> 00:07:37,590
of penetration testing as you go into information gathering
200
00:07:37,590 --> 00:07:38,940
and vulnerability scanning.
201
00:07:38,940 --> 00:07:40,170
So we're gonna go ahead and use that one
202
00:07:40,170 --> 00:07:42,540
as one of our targets just so we can play around with it
203
00:07:42,540 --> 00:07:44,190
and have a target to play with.
204
00:07:44,190 --> 00:07:46,020
Now, to download it, you simply go over here
205
00:07:46,020 --> 00:07:47,010
and click on it.
206
00:07:47,010 --> 00:07:47,843
When you do that,
207
00:07:47,843 --> 00:07:49,500
you're gonna learn a little bit about the release,
208
00:07:49,500 --> 00:07:51,630
when it came out, who the author was,
209
00:07:51,630 --> 00:07:52,950
and then the links to download it.
210
00:07:52,950 --> 00:07:54,825
Now notice we have that ova file again,
211
00:07:54,825 --> 00:07:57,410
that is an appliance image for VirtualBox.
212
00:07:57,410 --> 00:07:59,400
So if I click that and download it,
213
00:07:59,400 --> 00:08:01,950
you can see this one is 827 megabytes
214
00:08:01,950 --> 00:08:03,540
and it'll take me less than a minute.
215
00:08:03,540 --> 00:08:04,950
Now below that, you can go down
216
00:08:04,950 --> 00:08:06,900
and you can see the description of this box.
217
00:08:06,900 --> 00:08:09,270
Some of these have better descriptions than others.
218
00:08:09,270 --> 00:08:11,310
This one doesn't have a very big description.
219
00:08:11,310 --> 00:08:13,740
It just says it's an easy difficulty box,
220
00:08:13,740 --> 00:08:15,630
the secret to the box is enumeration.
221
00:08:15,630 --> 00:08:17,460
If you have questions you can email the author
222
00:08:17,460 --> 00:08:18,810
at their Gmail address.
223
00:08:18,810 --> 00:08:21,330
And this works better with VirtualBox than VMware
224
00:08:21,330 --> 00:08:23,165
which is good because we're using VirtualBox.
225
00:08:23,165 --> 00:08:25,890
And down here they actually have some file information
226
00:08:25,890 --> 00:08:27,420
so if you wanted to check the hash
227
00:08:27,420 --> 00:08:29,010
and make sure it wasn't corrupted during the download
228
00:08:29,010 --> 00:08:30,030
you could do that,
229
00:08:30,030 --> 00:08:31,860
and then you could see what type of system it is.
230
00:08:31,860 --> 00:08:33,374
It's a virtual machine running Linux.
231
00:08:33,374 --> 00:08:36,690
It has DHCP enabled, and it has an automatic assignment
232
00:08:36,690 --> 00:08:39,360
of the IP address for that particular box.
233
00:08:39,360 --> 00:08:41,340
And there's two basic screenshots.
234
00:08:41,340 --> 00:08:43,590
Now that's all the information they're giving you.
235
00:08:43,590 --> 00:08:45,270
From here, you're gonna be able to try to hack
236
00:08:45,270 --> 00:08:47,229
into this box and figure it out on your own.
237
00:08:47,229 --> 00:08:48,660
If you get stuck though,
238
00:08:48,660 --> 00:08:51,510
I will tell you most of the boxes on VulnHub
239
00:08:51,510 --> 00:08:54,870
do have walkthroughs available and this one is no exception.
240
00:08:54,870 --> 00:08:56,700
There's actually a great video on YouTube
241
00:08:56,700 --> 00:08:58,230
that's about eight to nine minutes long
242
00:08:58,230 --> 00:09:00,165
of a pen tester walking through exactly
243
00:09:00,165 --> 00:09:02,220
how they crack this box,
244
00:09:02,220 --> 00:09:04,860
going through the enumeration, finding the passwords,
245
00:09:04,860 --> 00:09:06,720
using that creating reverse shells,
246
00:09:06,720 --> 00:09:08,220
and all the other exploits he does
247
00:09:08,220 --> 00:09:10,260
to win at this particular box.
248
00:09:10,260 --> 00:09:11,730
But for our purposes right now,
249
00:09:11,730 --> 00:09:14,550
I just wanted to have some machine that I can use
250
00:09:14,550 --> 00:09:17,070
inside a VirtualBox and be able to talk to it
251
00:09:17,070 --> 00:09:18,870
from the Kali Linux machine.
252
00:09:18,870 --> 00:09:21,690
So what I'm gonna do is just go down here to my downloads,
253
00:09:21,690 --> 00:09:25,770
and again, we have that file jengow.ova.
254
00:09:25,770 --> 00:09:26,790
Click on that.
255
00:09:26,790 --> 00:09:29,760
It'll do the same import process, click on import.
256
00:09:29,760 --> 00:09:30,720
This one's a little bit smaller
257
00:09:30,720 --> 00:09:32,670
so it should take less than a minute to import.
258
00:09:32,670 --> 00:09:34,560
And once I have both of those
259
00:09:34,560 --> 00:09:37,020
we're now gonna be able to start up our Kali Linux machine
260
00:09:37,020 --> 00:09:39,120
and this vulnerable machine.
261
00:09:39,120 --> 00:09:40,950
Now the great thing with VulnHub is
262
00:09:40,950 --> 00:09:44,070
these tend to be smaller images that are based on Linux.
263
00:09:44,070 --> 00:09:46,290
This one, for example, is only one gigabyte.
264
00:09:46,290 --> 00:09:49,080
So you saw I had two gigabytes assigned to Kali,
265
00:09:49,080 --> 00:09:51,480
I have one gigabyte assigned to this box,
266
00:09:51,480 --> 00:09:52,770
that's three gigabytes.
267
00:09:52,770 --> 00:09:54,900
My system has 16 gigabytes,
268
00:09:54,900 --> 00:09:57,060
so I can actually load up two, three, four,
269
00:09:57,060 --> 00:09:59,010
maybe five of these virtual machines
270
00:09:59,010 --> 00:10:01,200
and have a whole network of vulnerable machines
271
00:10:01,200 --> 00:10:04,353
for me to scan and attack from my Kali Linux machine.
272
00:10:05,640 --> 00:10:07,077
All right, now that I'm done with VulnHub,
273
00:10:07,077 --> 00:10:08,610
I'm just gonna go ahead and close that out
274
00:10:08,610 --> 00:10:09,900
and clear it outta the way.
275
00:10:09,900 --> 00:10:12,540
And now we wanna go ahead and start VirtualBox.
276
00:10:12,540 --> 00:10:14,580
Now on Mac, there is gonna be an error
277
00:10:14,580 --> 00:10:16,170
if I try to start this up right now,
278
00:10:16,170 --> 00:10:17,910
and I'm gonna show you that exactly.
279
00:10:17,910 --> 00:10:18,870
When you click on the machine,
280
00:10:18,870 --> 00:10:20,490
you wanna start and you click start.
281
00:10:20,490 --> 00:10:22,502
By default, you're gonna get this kernel driver
282
00:10:22,502 --> 00:10:24,172
not installed error.
283
00:10:24,172 --> 00:10:26,229
Now, what do you do if you get this error?
284
00:10:26,229 --> 00:10:27,870
Well, the first thing I would do
285
00:10:27,870 --> 00:10:29,297
is actually take that error message,
286
00:10:29,297 --> 00:10:32,460
put it into Google and it will tell me what the problem is
287
00:10:32,460 --> 00:10:33,570
and how to solve it.
288
00:10:33,570 --> 00:10:35,850
If you get an error on Windows or Linux,
289
00:10:35,850 --> 00:10:37,590
google the error and you'll be able to figure out
290
00:10:37,590 --> 00:10:38,640
what's wrong.
291
00:10:38,640 --> 00:10:41,010
Now, in this particular case, I know what the error is
292
00:10:41,010 --> 00:10:43,710
and it's the fact that the support driver is not installed
293
00:10:43,710 --> 00:10:45,180
and it hasn't been signed.
294
00:10:45,180 --> 00:10:48,387
So what I'm gonna do is actually go down here and hit okay,
295
00:10:48,387 --> 00:10:49,980
and I'm gonna ignore that error,
296
00:10:49,980 --> 00:10:52,080
and I'm gonna go to my system preferences.
297
00:10:52,080 --> 00:10:54,270
And underneath my security and privacy,
298
00:10:54,270 --> 00:10:56,790
this is a security setting on Macs that does this.
299
00:10:56,790 --> 00:10:58,950
I have to go in here and you'll see right here it says,
300
00:10:58,950 --> 00:11:01,110
system software developer Oracle America
301
00:11:01,110 --> 00:11:03,840
has been updated and nobody has allowed it yet.
302
00:11:03,840 --> 00:11:05,583
So I have to unlock my machine,
303
00:11:11,970 --> 00:11:14,520
and then I can allow that to happen.
304
00:11:14,520 --> 00:11:17,820
And then it's gonna require me to restart my computer.
305
00:11:17,820 --> 00:11:19,170
I'm gonna go ahead and restart my computer
306
00:11:19,170 --> 00:11:20,320
and I'll be right back.
307
00:11:22,830 --> 00:11:24,540
Okay, my machine has restarted
308
00:11:24,540 --> 00:11:25,947
and it brought me right back to here
309
00:11:25,947 --> 00:11:28,620
and it already loaded up VirtualBox for me.
310
00:11:28,620 --> 00:11:30,480
To verify that driver has now been signed
311
00:11:30,480 --> 00:11:32,370
and approved in security and privacy
312
00:11:32,370 --> 00:11:33,990
just click on that box and you'll see
313
00:11:33,990 --> 00:11:36,690
it's no longer listed here as something that's a problem.
314
00:11:36,690 --> 00:11:38,130
So I can close that window.
315
00:11:38,130 --> 00:11:39,660
And now we should be able to go ahead
316
00:11:39,660 --> 00:11:42,600
and click on Kali and then click on start.
317
00:11:42,600 --> 00:11:43,440
Once you do this,
318
00:11:43,440 --> 00:11:46,800
it should open up Kali in a window just like it did there.
319
00:11:46,800 --> 00:11:49,320
I'm gonna go ahead and move this over to my left side here
320
00:11:49,320 --> 00:11:50,760
and you'll see it's pretty small
321
00:11:50,760 --> 00:11:51,930
and I'm gonna go ahead and just hit enter.
322
00:11:51,930 --> 00:11:53,830
It's gonna go into the GUI environment
323
00:11:55,260 --> 00:11:57,510
and it will expand into a larger size
324
00:11:57,510 --> 00:11:58,950
as it starts booting up
325
00:11:58,950 --> 00:12:01,380
and getting the right things into it.
326
00:12:01,380 --> 00:12:03,810
In this case, VirtualBox wants access to my microphone.
327
00:12:03,810 --> 00:12:05,550
You can allow that or not.
328
00:12:05,550 --> 00:12:07,770
In my case, I have no need for my Kali machine
329
00:12:07,770 --> 00:12:10,800
to use my microphone so I'm gonna say don't allow.
330
00:12:10,800 --> 00:12:11,633
Then I'm gonna go ahead
331
00:12:11,633 --> 00:12:13,710
and get rid of these little boxes here
332
00:12:13,710 --> 00:12:15,540
and we are gonna make this a little bit bigger
333
00:12:15,540 --> 00:12:17,532
so we can see it by going here,
334
00:12:17,532 --> 00:12:20,070
and then we're gonna go here and go to scaled mode.
335
00:12:20,070 --> 00:12:21,390
This will stretch it out
336
00:12:21,390 --> 00:12:24,240
and make it so it'll be easier for us to see.
337
00:12:24,240 --> 00:12:26,400
Okay, to log into your Kali Linux machine
338
00:12:26,400 --> 00:12:29,610
you're gonna use the username Kali and the password Kali.
339
00:12:29,610 --> 00:12:32,160
This is the default on the 2021 version.
340
00:12:32,160 --> 00:12:34,830
In older versions, it was root as the username,
341
00:12:34,830 --> 00:12:37,980
toor which is root spelled backwards as the password.
342
00:12:37,980 --> 00:12:39,240
Now, once you're into the system
343
00:12:39,240 --> 00:12:40,530
we're gonna wanna make this larger
344
00:12:40,530 --> 00:12:41,880
so it'll be easier to work with.
345
00:12:41,880 --> 00:12:42,870
And as you can see here,
346
00:12:42,870 --> 00:12:45,570
because I'm using a MacBook with a retina display
347
00:12:45,570 --> 00:12:48,690
it is really gonna be a very small portion of my screen.
348
00:12:48,690 --> 00:12:50,550
Now, if you wanna make Kali Linux larger
349
00:12:50,550 --> 00:12:52,650
and take up more of your real desktop
350
00:12:52,650 --> 00:12:55,770
you need to make the virtual display a little bit larger.
351
00:12:55,770 --> 00:12:59,310
By default, it's only set to 800 by 600 pixels
352
00:12:59,310 --> 00:13:01,230
which is really small on a MacBook
353
00:13:01,230 --> 00:13:02,730
which has a retina display.
354
00:13:02,730 --> 00:13:04,800
So what I'm gonna do is just right click on the desktop,
355
00:13:04,800 --> 00:13:06,240
go to applications,
356
00:13:06,240 --> 00:13:09,600
go up to settings and then go over to display.
357
00:13:09,600 --> 00:13:12,030
When you do this, it will allow you to go here
358
00:13:12,030 --> 00:13:15,390
and create your virtual resolution for this display.
359
00:13:15,390 --> 00:13:18,420
Now here you can see my resolution is 800 by 600.
360
00:13:18,420 --> 00:13:20,580
I wanna go ahead and set that
361
00:13:20,580 --> 00:13:25,050
to something like 1920 by 1080, which is full hd,
362
00:13:25,050 --> 00:13:27,360
and then I'll just hit apply.
363
00:13:27,360 --> 00:13:29,940
Once I do that, it's now gonna say yes.
364
00:13:29,940 --> 00:13:31,920
Do I wanna keep this or do I wanna restore?
365
00:13:31,920 --> 00:13:34,140
I'm gonna say yes, keep the configuration.
366
00:13:34,140 --> 00:13:37,269
And now I can actually maximize my window
367
00:13:37,269 --> 00:13:39,120
and take up a lot more space
368
00:13:39,120 --> 00:13:42,000
and it now looks like a full machine that I can use.
369
00:13:42,000 --> 00:13:44,489
I'm gonna go ahead and close my display settings here
370
00:13:44,489 --> 00:13:46,080
and in the meantime, I'm gonna go ahead
371
00:13:46,080 --> 00:13:48,810
and take Kali and move it on the left side of my screen
372
00:13:48,810 --> 00:13:50,340
to get it out of the way.
373
00:13:50,340 --> 00:13:53,040
Now, on my Mac, I actually have a program called Better Snap
374
00:13:53,040 --> 00:13:55,380
which allows me to move things left and right
375
00:13:55,380 --> 00:13:56,760
just like you can on Windows.
376
00:13:56,760 --> 00:13:59,460
By default on your Mac, that setting does not exist
377
00:13:59,460 --> 00:14:01,980
so you'll have to resize the windows by yourself.
378
00:14:01,980 --> 00:14:03,690
Now, let's go back to VirtualBox.
379
00:14:03,690 --> 00:14:04,830
And over here on VirtualBox,
380
00:14:04,830 --> 00:14:07,590
we wanna start up the other machine which is our target.
381
00:14:07,590 --> 00:14:09,840
Just go in here, click start,
382
00:14:09,840 --> 00:14:11,760
and it's gonna go ahead and boot up.
383
00:14:11,760 --> 00:14:13,440
Now it is gonna say there's a problem here.
384
00:14:13,440 --> 00:14:15,810
It's saying the physical network interface was not found
385
00:14:15,810 --> 00:14:19,800
for VirtualBox host only ethernet adapter adapter one.
386
00:14:19,800 --> 00:14:21,090
Now, this happens sometimes
387
00:14:21,090 --> 00:14:23,160
when you download somebody else's virtual machines
388
00:14:23,160 --> 00:14:24,690
like we did from VulnHub.
389
00:14:24,690 --> 00:14:26,670
Sometimes their adapters are not the same
390
00:14:26,670 --> 00:14:28,230
as what's on your system.
391
00:14:28,230 --> 00:14:29,310
So to fix this,
392
00:14:29,310 --> 00:14:31,948
you'll just click on change network settings.
393
00:14:31,948 --> 00:14:35,670
Now from here, we can just select whichever adapter we want.
394
00:14:35,670 --> 00:14:37,560
Now, in this case, we have a host only adapter,
395
00:14:37,560 --> 00:14:38,580
so we're just gonna take that
396
00:14:38,580 --> 00:14:41,280
and we're gonna change that to a NAT adapter.
397
00:14:41,280 --> 00:14:43,860
And from there we are gonna hit the advanced tab
398
00:14:43,860 --> 00:14:45,540
and just make sure everything looks fine,
399
00:14:45,540 --> 00:14:48,735
it looks like it is, and we'll go ahead and hit OK,
400
00:14:48,735 --> 00:14:51,467
and now we should be able to start up this machine.
401
00:14:51,467 --> 00:14:54,030
Now, because I set it as a NAT adapter,
402
00:14:54,030 --> 00:14:55,410
that means that this machine
403
00:14:55,410 --> 00:14:56,940
can actually talk to the internet
404
00:14:56,940 --> 00:14:58,650
because it's using my internet connection
405
00:14:58,650 --> 00:15:01,450
to talk to the internet and the rest of my home network.
406
00:15:03,180 --> 00:15:04,770
Now here, we're having the same problem.
407
00:15:04,770 --> 00:15:07,770
You can see that it is a very small amount of my screen
408
00:15:07,770 --> 00:15:11,850
because it is using that 800 by 600 pixels by default.
409
00:15:11,850 --> 00:15:15,270
We'll give it a second here and let it load all the way up.
410
00:15:15,270 --> 00:15:16,170
There we go.
411
00:15:16,170 --> 00:15:17,640
Now we're at the login screen.
412
00:15:17,640 --> 00:15:19,080
Now we can't really do anything
413
00:15:19,080 --> 00:15:20,580
to fix this particular machine
414
00:15:20,580 --> 00:15:22,470
because we don't know the login credentials.
415
00:15:22,470 --> 00:15:24,600
That's part of what we want to hack
416
00:15:24,600 --> 00:15:26,610
and part of what we wanna have a challenge with.
417
00:15:26,610 --> 00:15:29,160
So what we wanna do first is we wanna figure out
418
00:15:29,160 --> 00:15:31,440
where that device is on the network.
419
00:15:31,440 --> 00:15:34,200
Now, as I said, right now, I use NAT for both of these,
420
00:15:34,200 --> 00:15:36,330
so these are both able to talk to the internet.
421
00:15:36,330 --> 00:15:37,807
And so if I go over here on my Kali machine,
422
00:15:37,807 --> 00:15:40,380
I'm gonna make it full screen real quick,
423
00:15:40,380 --> 00:15:42,530
I can go ahead and click on Firefox
424
00:15:42,530 --> 00:15:45,930
and I can go online and access any website I want.
425
00:15:45,930 --> 00:15:47,700
For instance, I can go to google.com
426
00:15:47,700 --> 00:15:50,070
because I'm tied to the internet, okay?
427
00:15:50,070 --> 00:15:51,420
If you don't wanna be able to do that
428
00:15:51,420 --> 00:15:53,970
and you want them to talk on their own isolated network
429
00:15:53,970 --> 00:15:55,890
as you're doing your hacking and practicing
430
00:15:55,890 --> 00:15:57,510
we can do that as well.
431
00:15:57,510 --> 00:16:00,810
Now that we have both the Kali machine and jengow set up
432
00:16:00,810 --> 00:16:02,880
we have an attacker and a target.
433
00:16:02,880 --> 00:16:04,620
We're gonna play a lot more with this environment
434
00:16:04,620 --> 00:16:05,670
as we go through the course,
435
00:16:05,670 --> 00:16:07,110
and I do some demonstrations
436
00:16:07,110 --> 00:16:09,510
to show you how we can find out what the IP address is
437
00:16:09,510 --> 00:16:12,660
of that target and how we can exploit and attack that target
438
00:16:12,660 --> 00:16:14,460
based on the vulnerabilities we find,
439
00:16:14,460 --> 00:16:15,690
and we'll go through and do this
440
00:16:15,690 --> 00:16:17,340
as we go through the course together.
441
00:16:17,340 --> 00:16:19,230
But for now, I just wanna make sure you could set up
442
00:16:19,230 --> 00:16:23,070
a basic environment consisting of VirtualBox, Kali Linux,
443
00:16:23,070 --> 00:16:24,870
and some form of vulnerable machine
444
00:16:24,870 --> 00:16:26,310
that you can attack against.
445
00:16:26,310 --> 00:16:27,720
It doesn't have to be jengow,
446
00:16:27,720 --> 00:16:29,640
that's just the one I'm using for this course.
447
00:16:29,640 --> 00:16:31,080
You can use any of the ones you want
448
00:16:31,080 --> 00:16:32,640
that you find on VulnHub,
449
00:16:32,640 --> 00:16:35,130
and as you go through, you'll play with multiple of those
450
00:16:35,130 --> 00:16:37,110
to increase your skills and get more comfortable
451
00:16:37,110 --> 00:16:39,260
with the tools as we go through the course.
34413
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.