Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,270 --> 00:00:02,250 Instructor: As an aspiring penetration tester 2 00:00:02,250 --> 00:00:03,690 it's important for you to understand 3 00:00:03,690 --> 00:00:05,490 how to use virtual machines 4 00:00:05,490 --> 00:00:07,410 to be able to practice your techniques 5 00:00:07,410 --> 00:00:10,440 by being able to have your own pen testing environment. 6 00:00:10,440 --> 00:00:11,550 Now in this course, 7 00:00:11,550 --> 00:00:13,350 I'm gonna do a lot of demonstrations 8 00:00:13,350 --> 00:00:15,330 to show you all the different tools and techniques 9 00:00:15,330 --> 00:00:16,800 that you might wanna use, 10 00:00:16,800 --> 00:00:19,050 and if you're in my course at diontraining.com 11 00:00:19,050 --> 00:00:22,170 that also includes cloud based Hands-on Labs. 12 00:00:22,170 --> 00:00:24,090 But if you wanna be able to build these things 13 00:00:24,090 --> 00:00:26,640 for yourself and start playing around with them 14 00:00:26,640 --> 00:00:28,752 that's what I'm gonna show you in this video. 15 00:00:28,752 --> 00:00:30,180 Now, I will say 16 00:00:30,180 --> 00:00:32,520 that this video is gonna be very generic in nature. 17 00:00:32,520 --> 00:00:34,500 I'm showing you the basic steps. 18 00:00:34,500 --> 00:00:36,540 I'm gonna show you how I do this on my machine 19 00:00:36,540 --> 00:00:38,550 which is a Mac OSX machine. 20 00:00:38,550 --> 00:00:40,620 But if you're using Windows or Linux 21 00:00:40,620 --> 00:00:42,330 you're gonna be following similar steps 22 00:00:42,330 --> 00:00:45,150 but the installation process will be a bit different. 23 00:00:45,150 --> 00:00:47,670 What I want you to take away here is the concepts 24 00:00:47,670 --> 00:00:48,992 and the basic steps. 25 00:00:48,992 --> 00:00:51,300 As an aspiring penetration tester, 26 00:00:51,300 --> 00:00:53,190 you should be able to go onto YouTube 27 00:00:53,190 --> 00:00:55,560 or go online and google exactly how to do this 28 00:00:55,560 --> 00:00:58,279 for your hardware and your operating system. 29 00:00:58,279 --> 00:00:59,910 Now, the first thing you're gonna need 30 00:00:59,910 --> 00:01:02,340 is some sort of a virtualization environment. 31 00:01:02,340 --> 00:01:04,230 I recommend using VirtualBox 32 00:01:04,230 --> 00:01:06,150 because it's an open source free tool 33 00:01:06,150 --> 00:01:08,730 that works on all of the different operating systems. 34 00:01:08,730 --> 00:01:12,117 To get VirtualBox, just go to virtualbox.org 35 00:01:12,117 --> 00:01:15,570 and on the homepage click the big download button. 36 00:01:15,570 --> 00:01:17,190 Now, when you go to the download screen 37 00:01:17,190 --> 00:01:20,490 you're gonna see that it says there are platform packages. 38 00:01:20,490 --> 00:01:23,580 These platform packages are based on the operating system 39 00:01:23,580 --> 00:01:25,860 that your machine is gonna be using, 40 00:01:25,860 --> 00:01:28,950 not the virtualization machines that you wanna be hosting. 41 00:01:28,950 --> 00:01:31,560 So for example, I'm using a MacBook Pro, 42 00:01:31,560 --> 00:01:34,230 so I need to click on OSX hosts. 43 00:01:34,230 --> 00:01:36,900 If you're using Windows you'll click on Windows host, 44 00:01:36,900 --> 00:01:37,770 and if you're using Linux 45 00:01:37,770 --> 00:01:39,510 you'll click on Linux distributions 46 00:01:39,510 --> 00:01:41,160 and pick your distribution. 47 00:01:41,160 --> 00:01:42,810 Once you click on your distribution 48 00:01:42,810 --> 00:01:46,170 or your operating system, it's gonna download that file. 49 00:01:46,170 --> 00:01:47,040 At that point 50 00:01:47,040 --> 00:01:49,020 you're gonna be installing this software 51 00:01:49,020 --> 00:01:52,347 known as VirtualBox into your host operating system. 52 00:01:52,347 --> 00:01:53,910 Now that it's been downloaded, 53 00:01:53,910 --> 00:01:55,770 I can go into my downloads folder, 54 00:01:55,770 --> 00:01:57,330 I can click on VirtualBox 55 00:01:57,330 --> 00:01:59,160 and this is gonna mount the ISO 56 00:01:59,160 --> 00:02:01,080 or the DMG in the case of a Mac, 57 00:02:01,080 --> 00:02:03,840 which allows me to reach that installer file. 58 00:02:03,840 --> 00:02:05,100 Now on a Windows machine, 59 00:02:05,100 --> 00:02:08,280 you're gonna have an EXC or an MSI executable file 60 00:02:08,280 --> 00:02:09,570 for you to run the installation, 61 00:02:09,570 --> 00:02:11,760 but on a Mac, it's a pkg file. 62 00:02:11,760 --> 00:02:13,110 You'll simply double click it 63 00:02:13,110 --> 00:02:14,648 and it will open up the installer. 64 00:02:14,648 --> 00:02:16,710 At this point, you're gonna say allow, 65 00:02:16,710 --> 00:02:18,540 and you're gonna walk through the basic steps 66 00:02:18,540 --> 00:02:20,250 of doing the installation. 67 00:02:20,250 --> 00:02:22,380 If you're asked to a your admin password 68 00:02:22,380 --> 00:02:23,790 you can simply put that in 69 00:02:23,790 --> 00:02:26,730 and this will allow to fully install the software. 70 00:02:26,730 --> 00:02:27,780 Once it's completed 71 00:02:27,780 --> 00:02:29,550 it's gonna take about one to three minutes 72 00:02:29,550 --> 00:02:31,440 depending on how fast your machine is, 73 00:02:31,440 --> 00:02:33,783 you'll be ready to start using VirtualBox. 74 00:02:37,110 --> 00:02:38,940 Now that VirtualBox has been installed 75 00:02:38,940 --> 00:02:42,090 you can close the installer, you can move it to trash, 76 00:02:42,090 --> 00:02:44,610 and you can close that mounted image. 77 00:02:44,610 --> 00:02:47,100 At this point, we no longer need the VirtualBox website 78 00:02:47,100 --> 00:02:48,500 so I'm gonna close that tab. 79 00:02:49,410 --> 00:02:50,670 Now the next thing we need 80 00:02:50,670 --> 00:02:52,260 is some sort of operating system 81 00:02:52,260 --> 00:02:54,330 that we're gonna conduct our attacks from 82 00:02:54,330 --> 00:02:57,150 because VirtualBox is just a virtualization system 83 00:02:57,150 --> 00:03:00,240 that provides you emulated hardware for you to use. 84 00:03:00,240 --> 00:03:01,980 Now, I personally like to use Kali 85 00:03:01,980 --> 00:03:03,150 and Kali is what is mentioned 86 00:03:03,150 --> 00:03:04,800 in your official textbook as well. 87 00:03:04,800 --> 00:03:06,330 So we're gonna go ahead and download Kali 88 00:03:06,330 --> 00:03:08,190 and use that in this course. 89 00:03:08,190 --> 00:03:09,210 To download Kali, 90 00:03:09,210 --> 00:03:13,110 just go to kali.org and then click on download. 91 00:03:13,110 --> 00:03:14,130 Once you click download, 92 00:03:14,130 --> 00:03:15,390 you'll be brought to this page 93 00:03:15,390 --> 00:03:17,160 where there's a lot of different options 94 00:03:17,160 --> 00:03:20,340 because Kali can be run on lots of different things. 95 00:03:20,340 --> 00:03:22,920 Now, if you see the one on the left that says Bare Metal, 96 00:03:22,920 --> 00:03:25,770 that would be if you want to format your entire hard drive 97 00:03:25,770 --> 00:03:28,770 and install Kali as your default operating system. 98 00:03:28,770 --> 00:03:30,930 As somebody who is learning penetration testing 99 00:03:30,930 --> 00:03:33,090 I do not recommend using that option. 100 00:03:33,090 --> 00:03:35,820 Instead, you're gonna wanna use a virtual machine 101 00:03:35,820 --> 00:03:37,920 and that's what we're gonna use here up on the right. 102 00:03:37,920 --> 00:03:39,630 Go ahead and just click on virtual machines 103 00:03:39,630 --> 00:03:43,410 and then you're gonna select either 64 bit or 32 bit 104 00:03:43,410 --> 00:03:46,200 depending on the operating system of your host OS, 105 00:03:46,200 --> 00:03:49,140 and whether you're using VMware or VirtualBox. 106 00:03:49,140 --> 00:03:51,600 In my case, I'm gonna be using VirtualBox, 107 00:03:51,600 --> 00:03:53,820 and I'm gonna be using this 64 bit edition 108 00:03:53,820 --> 00:03:56,070 and you'll download it by clicking on the download link 109 00:03:56,070 --> 00:04:00,179 where it says 3.7 G which is 3.7 gigabytes. 110 00:04:00,179 --> 00:04:02,160 Now to help speed up this process, 111 00:04:02,160 --> 00:04:05,190 I've already downloaded that 3.7 gigabyte file 112 00:04:05,190 --> 00:04:06,840 and I have it in my downloads. 113 00:04:06,840 --> 00:04:09,090 We're gonna go to our applications folder. 114 00:04:09,090 --> 00:04:11,220 We're gonna scroll down until we find VirtualBox 115 00:04:11,220 --> 00:04:13,323 and then we're gonna open up VirtualBox. 116 00:04:14,160 --> 00:04:16,380 Now you can see here that there's nothing showing 117 00:04:16,380 --> 00:04:19,230 in VirtualBox because we haven't created any hardware 118 00:04:19,230 --> 00:04:22,290 to emulate yet and there's no virtual machines, 119 00:04:22,290 --> 00:04:25,557 but we did just download a Kali Linux Virtual Machine. 120 00:04:25,557 --> 00:04:27,210 And so if we wanna use that, 121 00:04:27,210 --> 00:04:29,400 we're simply gonna go to our downloads folder, 122 00:04:29,400 --> 00:04:30,960 and in my case, it's right there 123 00:04:30,960 --> 00:04:35,310 with this ova file, which is a VirtualBox system. 124 00:04:35,310 --> 00:04:37,620 So if I click on that, it's gonna open up 125 00:04:37,620 --> 00:04:41,280 and it's gonna ask to import this appliance into VirtualBox. 126 00:04:41,280 --> 00:04:43,500 I can go ahead and select the normal default settings 127 00:04:43,500 --> 00:04:44,370 that it gives me. 128 00:04:44,370 --> 00:04:46,650 In this case, you can see it's using Kali Linux. 129 00:04:46,650 --> 00:04:48,238 It's from Offensive Security. 130 00:04:48,238 --> 00:04:53,010 It is a rolling X64 version in 2021.4a 131 00:04:53,010 --> 00:04:54,480 which is the current version of Kali 132 00:04:54,480 --> 00:04:56,040 at the time of this recording. 133 00:04:56,040 --> 00:04:57,780 You can see the guest type of the operating system 134 00:04:57,780 --> 00:05:00,810 is a Debbie and Linux machine which is 64 bit. 135 00:05:00,810 --> 00:05:02,640 It's gonna give it two processor core 136 00:05:02,640 --> 00:05:05,340 from my computer and two gigabytes of ram. 137 00:05:05,340 --> 00:05:06,690 And if we go down a little bit further 138 00:05:06,690 --> 00:05:09,540 we do have an emulated DVD, USB controller, 139 00:05:09,540 --> 00:05:11,550 sound card, and network adapter, 140 00:05:11,550 --> 00:05:14,277 as well as some storage controllers for IDE and SATA, 141 00:05:14,277 --> 00:05:15,750 and a virtual disc image 142 00:05:15,750 --> 00:05:17,640 which is already being mounted for us, 143 00:05:17,640 --> 00:05:20,070 the base folder and the primary group. 144 00:05:20,070 --> 00:05:22,803 From here, we're gonna go ahead and hit import. 145 00:05:24,360 --> 00:05:26,103 From here, we'll then say agree, 146 00:05:28,020 --> 00:05:30,240 and now we're just gonna wait as it imports. 147 00:05:30,240 --> 00:05:32,340 Usually this'll take just a couple of minutes 148 00:05:32,340 --> 00:05:35,240 depending on the speed of your system and your hard drive. 149 00:05:40,500 --> 00:05:43,410 All right, once it's done, you can now see it listed 150 00:05:43,410 --> 00:05:46,200 in the left panel showing that I have one machine here 151 00:05:46,200 --> 00:05:50,580 which is Kali Linux 2021.4a as a virtual machine. 152 00:05:50,580 --> 00:05:52,470 And this means we'll be able to use this machine 153 00:05:52,470 --> 00:05:54,720 and be able to add settings to it, changes to it, 154 00:05:54,720 --> 00:05:58,530 or just load it up and use it as if was a real computer. 155 00:05:58,530 --> 00:06:00,570 Now this is great except for one thing, 156 00:06:00,570 --> 00:06:02,190 this is my attack machine. 157 00:06:02,190 --> 00:06:04,110 I have no targets right now 158 00:06:04,110 --> 00:06:06,780 and so if I wanna practice my penetration testing skills 159 00:06:06,780 --> 00:06:08,580 I need someone to hack against. 160 00:06:08,580 --> 00:06:10,920 Now, as we talked about, you need to have permission 161 00:06:10,920 --> 00:06:13,020 from the system owner before you hack them. 162 00:06:13,020 --> 00:06:16,560 So the best way to do this is to create your own systems 163 00:06:16,560 --> 00:06:18,630 and this is the great thing about virtual machines. 164 00:06:18,630 --> 00:06:20,670 You can create your own virtual machines 165 00:06:20,670 --> 00:06:22,320 and you can then hack against them 166 00:06:22,320 --> 00:06:24,660 and you have your own permission to do so. 167 00:06:24,660 --> 00:06:26,550 Now, to do this, one of the great websites 168 00:06:26,550 --> 00:06:28,767 that I find out there is called VulnHub, 169 00:06:28,767 --> 00:06:32,580 and if you go over here and go to vulnhub.com, 170 00:06:32,580 --> 00:06:34,740 you're gonna find hundreds and hundreds 171 00:06:34,740 --> 00:06:36,330 of virtual machines here. 172 00:06:36,330 --> 00:06:38,760 These are all free to download and free to use. 173 00:06:38,760 --> 00:06:40,590 And these have all been created by the community 174 00:06:40,590 --> 00:06:42,600 to create different levels of challenges 175 00:06:42,600 --> 00:06:45,390 for people who are practicing their pen-testing skills. 176 00:06:45,390 --> 00:06:46,950 Now, the bad thing about these 177 00:06:46,950 --> 00:06:48,810 is none of these are directly tied 178 00:06:48,810 --> 00:06:50,550 to the pen-test plus exam. 179 00:06:50,550 --> 00:06:52,140 For instance, you're not gonna find one here 180 00:06:52,140 --> 00:06:55,620 called pen-test plus objective 3.7 that you can download 181 00:06:55,620 --> 00:06:57,628 and practice those particular skill sets. 182 00:06:57,628 --> 00:06:59,730 Again, this is one of the good things 183 00:06:59,730 --> 00:07:02,400 about using something like CompTIA Certmaster Labs, 184 00:07:02,400 --> 00:07:05,610 or the labs at diontraining.com because we tie them directly 185 00:07:05,610 --> 00:07:08,430 to the objectives of the pen-test plus exam. 186 00:07:08,430 --> 00:07:10,200 But as you're building your skills 187 00:07:10,200 --> 00:07:14,370 and going beyond the exam, VulnHub is a great place to go. 188 00:07:14,370 --> 00:07:15,600 Now, what I'm gonna do here 189 00:07:15,600 --> 00:07:16,433 is point out the fact 190 00:07:16,433 --> 00:07:18,630 that there is different difficulties here 191 00:07:18,630 --> 00:07:19,710 and as you're starting out 192 00:07:19,710 --> 00:07:22,380 you definitely wanna stick to the easy ones. 193 00:07:22,380 --> 00:07:24,030 So what I'm gonna do is I'm just gonna download 194 00:07:24,030 --> 00:07:26,464 the one on the right here, which is an easy difficulty, 195 00:07:26,464 --> 00:07:29,460 and it says the secret to this box is enumeration. 196 00:07:29,460 --> 00:07:31,050 So that's their hint they're giving us 197 00:07:31,050 --> 00:07:32,280 and I'm gonna go ahead and choose that one 198 00:07:32,280 --> 00:07:34,380 because enumeration is really the next phase 199 00:07:34,380 --> 00:07:37,590 of penetration testing as you go into information gathering 200 00:07:37,590 --> 00:07:38,940 and vulnerability scanning. 201 00:07:38,940 --> 00:07:40,170 So we're gonna go ahead and use that one 202 00:07:40,170 --> 00:07:42,540 as one of our targets just so we can play around with it 203 00:07:42,540 --> 00:07:44,190 and have a target to play with. 204 00:07:44,190 --> 00:07:46,020 Now, to download it, you simply go over here 205 00:07:46,020 --> 00:07:47,010 and click on it. 206 00:07:47,010 --> 00:07:47,843 When you do that, 207 00:07:47,843 --> 00:07:49,500 you're gonna learn a little bit about the release, 208 00:07:49,500 --> 00:07:51,630 when it came out, who the author was, 209 00:07:51,630 --> 00:07:52,950 and then the links to download it. 210 00:07:52,950 --> 00:07:54,825 Now notice we have that ova file again, 211 00:07:54,825 --> 00:07:57,410 that is an appliance image for VirtualBox. 212 00:07:57,410 --> 00:07:59,400 So if I click that and download it, 213 00:07:59,400 --> 00:08:01,950 you can see this one is 827 megabytes 214 00:08:01,950 --> 00:08:03,540 and it'll take me less than a minute. 215 00:08:03,540 --> 00:08:04,950 Now below that, you can go down 216 00:08:04,950 --> 00:08:06,900 and you can see the description of this box. 217 00:08:06,900 --> 00:08:09,270 Some of these have better descriptions than others. 218 00:08:09,270 --> 00:08:11,310 This one doesn't have a very big description. 219 00:08:11,310 --> 00:08:13,740 It just says it's an easy difficulty box, 220 00:08:13,740 --> 00:08:15,630 the secret to the box is enumeration. 221 00:08:15,630 --> 00:08:17,460 If you have questions you can email the author 222 00:08:17,460 --> 00:08:18,810 at their Gmail address. 223 00:08:18,810 --> 00:08:21,330 And this works better with VirtualBox than VMware 224 00:08:21,330 --> 00:08:23,165 which is good because we're using VirtualBox. 225 00:08:23,165 --> 00:08:25,890 And down here they actually have some file information 226 00:08:25,890 --> 00:08:27,420 so if you wanted to check the hash 227 00:08:27,420 --> 00:08:29,010 and make sure it wasn't corrupted during the download 228 00:08:29,010 --> 00:08:30,030 you could do that, 229 00:08:30,030 --> 00:08:31,860 and then you could see what type of system it is. 230 00:08:31,860 --> 00:08:33,374 It's a virtual machine running Linux. 231 00:08:33,374 --> 00:08:36,690 It has DHCP enabled, and it has an automatic assignment 232 00:08:36,690 --> 00:08:39,360 of the IP address for that particular box. 233 00:08:39,360 --> 00:08:41,340 And there's two basic screenshots. 234 00:08:41,340 --> 00:08:43,590 Now that's all the information they're giving you. 235 00:08:43,590 --> 00:08:45,270 From here, you're gonna be able to try to hack 236 00:08:45,270 --> 00:08:47,229 into this box and figure it out on your own. 237 00:08:47,229 --> 00:08:48,660 If you get stuck though, 238 00:08:48,660 --> 00:08:51,510 I will tell you most of the boxes on VulnHub 239 00:08:51,510 --> 00:08:54,870 do have walkthroughs available and this one is no exception. 240 00:08:54,870 --> 00:08:56,700 There's actually a great video on YouTube 241 00:08:56,700 --> 00:08:58,230 that's about eight to nine minutes long 242 00:08:58,230 --> 00:09:00,165 of a pen tester walking through exactly 243 00:09:00,165 --> 00:09:02,220 how they crack this box, 244 00:09:02,220 --> 00:09:04,860 going through the enumeration, finding the passwords, 245 00:09:04,860 --> 00:09:06,720 using that creating reverse shells, 246 00:09:06,720 --> 00:09:08,220 and all the other exploits he does 247 00:09:08,220 --> 00:09:10,260 to win at this particular box. 248 00:09:10,260 --> 00:09:11,730 But for our purposes right now, 249 00:09:11,730 --> 00:09:14,550 I just wanted to have some machine that I can use 250 00:09:14,550 --> 00:09:17,070 inside a VirtualBox and be able to talk to it 251 00:09:17,070 --> 00:09:18,870 from the Kali Linux machine. 252 00:09:18,870 --> 00:09:21,690 So what I'm gonna do is just go down here to my downloads, 253 00:09:21,690 --> 00:09:25,770 and again, we have that file jengow.ova. 254 00:09:25,770 --> 00:09:26,790 Click on that. 255 00:09:26,790 --> 00:09:29,760 It'll do the same import process, click on import. 256 00:09:29,760 --> 00:09:30,720 This one's a little bit smaller 257 00:09:30,720 --> 00:09:32,670 so it should take less than a minute to import. 258 00:09:32,670 --> 00:09:34,560 And once I have both of those 259 00:09:34,560 --> 00:09:37,020 we're now gonna be able to start up our Kali Linux machine 260 00:09:37,020 --> 00:09:39,120 and this vulnerable machine. 261 00:09:39,120 --> 00:09:40,950 Now the great thing with VulnHub is 262 00:09:40,950 --> 00:09:44,070 these tend to be smaller images that are based on Linux. 263 00:09:44,070 --> 00:09:46,290 This one, for example, is only one gigabyte. 264 00:09:46,290 --> 00:09:49,080 So you saw I had two gigabytes assigned to Kali, 265 00:09:49,080 --> 00:09:51,480 I have one gigabyte assigned to this box, 266 00:09:51,480 --> 00:09:52,770 that's three gigabytes. 267 00:09:52,770 --> 00:09:54,900 My system has 16 gigabytes, 268 00:09:54,900 --> 00:09:57,060 so I can actually load up two, three, four, 269 00:09:57,060 --> 00:09:59,010 maybe five of these virtual machines 270 00:09:59,010 --> 00:10:01,200 and have a whole network of vulnerable machines 271 00:10:01,200 --> 00:10:04,353 for me to scan and attack from my Kali Linux machine. 272 00:10:05,640 --> 00:10:07,077 All right, now that I'm done with VulnHub, 273 00:10:07,077 --> 00:10:08,610 I'm just gonna go ahead and close that out 274 00:10:08,610 --> 00:10:09,900 and clear it outta the way. 275 00:10:09,900 --> 00:10:12,540 And now we wanna go ahead and start VirtualBox. 276 00:10:12,540 --> 00:10:14,580 Now on Mac, there is gonna be an error 277 00:10:14,580 --> 00:10:16,170 if I try to start this up right now, 278 00:10:16,170 --> 00:10:17,910 and I'm gonna show you that exactly. 279 00:10:17,910 --> 00:10:18,870 When you click on the machine, 280 00:10:18,870 --> 00:10:20,490 you wanna start and you click start. 281 00:10:20,490 --> 00:10:22,502 By default, you're gonna get this kernel driver 282 00:10:22,502 --> 00:10:24,172 not installed error. 283 00:10:24,172 --> 00:10:26,229 Now, what do you do if you get this error? 284 00:10:26,229 --> 00:10:27,870 Well, the first thing I would do 285 00:10:27,870 --> 00:10:29,297 is actually take that error message, 286 00:10:29,297 --> 00:10:32,460 put it into Google and it will tell me what the problem is 287 00:10:32,460 --> 00:10:33,570 and how to solve it. 288 00:10:33,570 --> 00:10:35,850 If you get an error on Windows or Linux, 289 00:10:35,850 --> 00:10:37,590 google the error and you'll be able to figure out 290 00:10:37,590 --> 00:10:38,640 what's wrong. 291 00:10:38,640 --> 00:10:41,010 Now, in this particular case, I know what the error is 292 00:10:41,010 --> 00:10:43,710 and it's the fact that the support driver is not installed 293 00:10:43,710 --> 00:10:45,180 and it hasn't been signed. 294 00:10:45,180 --> 00:10:48,387 So what I'm gonna do is actually go down here and hit okay, 295 00:10:48,387 --> 00:10:49,980 and I'm gonna ignore that error, 296 00:10:49,980 --> 00:10:52,080 and I'm gonna go to my system preferences. 297 00:10:52,080 --> 00:10:54,270 And underneath my security and privacy, 298 00:10:54,270 --> 00:10:56,790 this is a security setting on Macs that does this. 299 00:10:56,790 --> 00:10:58,950 I have to go in here and you'll see right here it says, 300 00:10:58,950 --> 00:11:01,110 system software developer Oracle America 301 00:11:01,110 --> 00:11:03,840 has been updated and nobody has allowed it yet. 302 00:11:03,840 --> 00:11:05,583 So I have to unlock my machine, 303 00:11:11,970 --> 00:11:14,520 and then I can allow that to happen. 304 00:11:14,520 --> 00:11:17,820 And then it's gonna require me to restart my computer. 305 00:11:17,820 --> 00:11:19,170 I'm gonna go ahead and restart my computer 306 00:11:19,170 --> 00:11:20,320 and I'll be right back. 307 00:11:22,830 --> 00:11:24,540 Okay, my machine has restarted 308 00:11:24,540 --> 00:11:25,947 and it brought me right back to here 309 00:11:25,947 --> 00:11:28,620 and it already loaded up VirtualBox for me. 310 00:11:28,620 --> 00:11:30,480 To verify that driver has now been signed 311 00:11:30,480 --> 00:11:32,370 and approved in security and privacy 312 00:11:32,370 --> 00:11:33,990 just click on that box and you'll see 313 00:11:33,990 --> 00:11:36,690 it's no longer listed here as something that's a problem. 314 00:11:36,690 --> 00:11:38,130 So I can close that window. 315 00:11:38,130 --> 00:11:39,660 And now we should be able to go ahead 316 00:11:39,660 --> 00:11:42,600 and click on Kali and then click on start. 317 00:11:42,600 --> 00:11:43,440 Once you do this, 318 00:11:43,440 --> 00:11:46,800 it should open up Kali in a window just like it did there. 319 00:11:46,800 --> 00:11:49,320 I'm gonna go ahead and move this over to my left side here 320 00:11:49,320 --> 00:11:50,760 and you'll see it's pretty small 321 00:11:50,760 --> 00:11:51,930 and I'm gonna go ahead and just hit enter. 322 00:11:51,930 --> 00:11:53,830 It's gonna go into the GUI environment 323 00:11:55,260 --> 00:11:57,510 and it will expand into a larger size 324 00:11:57,510 --> 00:11:58,950 as it starts booting up 325 00:11:58,950 --> 00:12:01,380 and getting the right things into it. 326 00:12:01,380 --> 00:12:03,810 In this case, VirtualBox wants access to my microphone. 327 00:12:03,810 --> 00:12:05,550 You can allow that or not. 328 00:12:05,550 --> 00:12:07,770 In my case, I have no need for my Kali machine 329 00:12:07,770 --> 00:12:10,800 to use my microphone so I'm gonna say don't allow. 330 00:12:10,800 --> 00:12:11,633 Then I'm gonna go ahead 331 00:12:11,633 --> 00:12:13,710 and get rid of these little boxes here 332 00:12:13,710 --> 00:12:15,540 and we are gonna make this a little bit bigger 333 00:12:15,540 --> 00:12:17,532 so we can see it by going here, 334 00:12:17,532 --> 00:12:20,070 and then we're gonna go here and go to scaled mode. 335 00:12:20,070 --> 00:12:21,390 This will stretch it out 336 00:12:21,390 --> 00:12:24,240 and make it so it'll be easier for us to see. 337 00:12:24,240 --> 00:12:26,400 Okay, to log into your Kali Linux machine 338 00:12:26,400 --> 00:12:29,610 you're gonna use the username Kali and the password Kali. 339 00:12:29,610 --> 00:12:32,160 This is the default on the 2021 version. 340 00:12:32,160 --> 00:12:34,830 In older versions, it was root as the username, 341 00:12:34,830 --> 00:12:37,980 toor which is root spelled backwards as the password. 342 00:12:37,980 --> 00:12:39,240 Now, once you're into the system 343 00:12:39,240 --> 00:12:40,530 we're gonna wanna make this larger 344 00:12:40,530 --> 00:12:41,880 so it'll be easier to work with. 345 00:12:41,880 --> 00:12:42,870 And as you can see here, 346 00:12:42,870 --> 00:12:45,570 because I'm using a MacBook with a retina display 347 00:12:45,570 --> 00:12:48,690 it is really gonna be a very small portion of my screen. 348 00:12:48,690 --> 00:12:50,550 Now, if you wanna make Kali Linux larger 349 00:12:50,550 --> 00:12:52,650 and take up more of your real desktop 350 00:12:52,650 --> 00:12:55,770 you need to make the virtual display a little bit larger. 351 00:12:55,770 --> 00:12:59,310 By default, it's only set to 800 by 600 pixels 352 00:12:59,310 --> 00:13:01,230 which is really small on a MacBook 353 00:13:01,230 --> 00:13:02,730 which has a retina display. 354 00:13:02,730 --> 00:13:04,800 So what I'm gonna do is just right click on the desktop, 355 00:13:04,800 --> 00:13:06,240 go to applications, 356 00:13:06,240 --> 00:13:09,600 go up to settings and then go over to display. 357 00:13:09,600 --> 00:13:12,030 When you do this, it will allow you to go here 358 00:13:12,030 --> 00:13:15,390 and create your virtual resolution for this display. 359 00:13:15,390 --> 00:13:18,420 Now here you can see my resolution is 800 by 600. 360 00:13:18,420 --> 00:13:20,580 I wanna go ahead and set that 361 00:13:20,580 --> 00:13:25,050 to something like 1920 by 1080, which is full hd, 362 00:13:25,050 --> 00:13:27,360 and then I'll just hit apply. 363 00:13:27,360 --> 00:13:29,940 Once I do that, it's now gonna say yes. 364 00:13:29,940 --> 00:13:31,920 Do I wanna keep this or do I wanna restore? 365 00:13:31,920 --> 00:13:34,140 I'm gonna say yes, keep the configuration. 366 00:13:34,140 --> 00:13:37,269 And now I can actually maximize my window 367 00:13:37,269 --> 00:13:39,120 and take up a lot more space 368 00:13:39,120 --> 00:13:42,000 and it now looks like a full machine that I can use. 369 00:13:42,000 --> 00:13:44,489 I'm gonna go ahead and close my display settings here 370 00:13:44,489 --> 00:13:46,080 and in the meantime, I'm gonna go ahead 371 00:13:46,080 --> 00:13:48,810 and take Kali and move it on the left side of my screen 372 00:13:48,810 --> 00:13:50,340 to get it out of the way. 373 00:13:50,340 --> 00:13:53,040 Now, on my Mac, I actually have a program called Better Snap 374 00:13:53,040 --> 00:13:55,380 which allows me to move things left and right 375 00:13:55,380 --> 00:13:56,760 just like you can on Windows. 376 00:13:56,760 --> 00:13:59,460 By default on your Mac, that setting does not exist 377 00:13:59,460 --> 00:14:01,980 so you'll have to resize the windows by yourself. 378 00:14:01,980 --> 00:14:03,690 Now, let's go back to VirtualBox. 379 00:14:03,690 --> 00:14:04,830 And over here on VirtualBox, 380 00:14:04,830 --> 00:14:07,590 we wanna start up the other machine which is our target. 381 00:14:07,590 --> 00:14:09,840 Just go in here, click start, 382 00:14:09,840 --> 00:14:11,760 and it's gonna go ahead and boot up. 383 00:14:11,760 --> 00:14:13,440 Now it is gonna say there's a problem here. 384 00:14:13,440 --> 00:14:15,810 It's saying the physical network interface was not found 385 00:14:15,810 --> 00:14:19,800 for VirtualBox host only ethernet adapter adapter one. 386 00:14:19,800 --> 00:14:21,090 Now, this happens sometimes 387 00:14:21,090 --> 00:14:23,160 when you download somebody else's virtual machines 388 00:14:23,160 --> 00:14:24,690 like we did from VulnHub. 389 00:14:24,690 --> 00:14:26,670 Sometimes their adapters are not the same 390 00:14:26,670 --> 00:14:28,230 as what's on your system. 391 00:14:28,230 --> 00:14:29,310 So to fix this, 392 00:14:29,310 --> 00:14:31,948 you'll just click on change network settings. 393 00:14:31,948 --> 00:14:35,670 Now from here, we can just select whichever adapter we want. 394 00:14:35,670 --> 00:14:37,560 Now, in this case, we have a host only adapter, 395 00:14:37,560 --> 00:14:38,580 so we're just gonna take that 396 00:14:38,580 --> 00:14:41,280 and we're gonna change that to a NAT adapter. 397 00:14:41,280 --> 00:14:43,860 And from there we are gonna hit the advanced tab 398 00:14:43,860 --> 00:14:45,540 and just make sure everything looks fine, 399 00:14:45,540 --> 00:14:48,735 it looks like it is, and we'll go ahead and hit OK, 400 00:14:48,735 --> 00:14:51,467 and now we should be able to start up this machine. 401 00:14:51,467 --> 00:14:54,030 Now, because I set it as a NAT adapter, 402 00:14:54,030 --> 00:14:55,410 that means that this machine 403 00:14:55,410 --> 00:14:56,940 can actually talk to the internet 404 00:14:56,940 --> 00:14:58,650 because it's using my internet connection 405 00:14:58,650 --> 00:15:01,450 to talk to the internet and the rest of my home network. 406 00:15:03,180 --> 00:15:04,770 Now here, we're having the same problem. 407 00:15:04,770 --> 00:15:07,770 You can see that it is a very small amount of my screen 408 00:15:07,770 --> 00:15:11,850 because it is using that 800 by 600 pixels by default. 409 00:15:11,850 --> 00:15:15,270 We'll give it a second here and let it load all the way up. 410 00:15:15,270 --> 00:15:16,170 There we go. 411 00:15:16,170 --> 00:15:17,640 Now we're at the login screen. 412 00:15:17,640 --> 00:15:19,080 Now we can't really do anything 413 00:15:19,080 --> 00:15:20,580 to fix this particular machine 414 00:15:20,580 --> 00:15:22,470 because we don't know the login credentials. 415 00:15:22,470 --> 00:15:24,600 That's part of what we want to hack 416 00:15:24,600 --> 00:15:26,610 and part of what we wanna have a challenge with. 417 00:15:26,610 --> 00:15:29,160 So what we wanna do first is we wanna figure out 418 00:15:29,160 --> 00:15:31,440 where that device is on the network. 419 00:15:31,440 --> 00:15:34,200 Now, as I said, right now, I use NAT for both of these, 420 00:15:34,200 --> 00:15:36,330 so these are both able to talk to the internet. 421 00:15:36,330 --> 00:15:37,807 And so if I go over here on my Kali machine, 422 00:15:37,807 --> 00:15:40,380 I'm gonna make it full screen real quick, 423 00:15:40,380 --> 00:15:42,530 I can go ahead and click on Firefox 424 00:15:42,530 --> 00:15:45,930 and I can go online and access any website I want. 425 00:15:45,930 --> 00:15:47,700 For instance, I can go to google.com 426 00:15:47,700 --> 00:15:50,070 because I'm tied to the internet, okay? 427 00:15:50,070 --> 00:15:51,420 If you don't wanna be able to do that 428 00:15:51,420 --> 00:15:53,970 and you want them to talk on their own isolated network 429 00:15:53,970 --> 00:15:55,890 as you're doing your hacking and practicing 430 00:15:55,890 --> 00:15:57,510 we can do that as well. 431 00:15:57,510 --> 00:16:00,810 Now that we have both the Kali machine and jengow set up 432 00:16:00,810 --> 00:16:02,880 we have an attacker and a target. 433 00:16:02,880 --> 00:16:04,620 We're gonna play a lot more with this environment 434 00:16:04,620 --> 00:16:05,670 as we go through the course, 435 00:16:05,670 --> 00:16:07,110 and I do some demonstrations 436 00:16:07,110 --> 00:16:09,510 to show you how we can find out what the IP address is 437 00:16:09,510 --> 00:16:12,660 of that target and how we can exploit and attack that target 438 00:16:12,660 --> 00:16:14,460 based on the vulnerabilities we find, 439 00:16:14,460 --> 00:16:15,690 and we'll go through and do this 440 00:16:15,690 --> 00:16:17,340 as we go through the course together. 441 00:16:17,340 --> 00:16:19,230 But for now, I just wanna make sure you could set up 442 00:16:19,230 --> 00:16:23,070 a basic environment consisting of VirtualBox, Kali Linux, 443 00:16:23,070 --> 00:16:24,870 and some form of vulnerable machine 444 00:16:24,870 --> 00:16:26,310 that you can attack against. 445 00:16:26,310 --> 00:16:27,720 It doesn't have to be jengow, 446 00:16:27,720 --> 00:16:29,640 that's just the one I'm using for this course. 447 00:16:29,640 --> 00:16:31,080 You can use any of the ones you want 448 00:16:31,080 --> 00:16:32,640 that you find on VulnHub, 449 00:16:32,640 --> 00:16:35,130 and as you go through, you'll play with multiple of those 450 00:16:35,130 --> 00:16:37,110 to increase your skills and get more comfortable 451 00:16:37,110 --> 00:16:39,260 with the tools as we go through the course. 34413