Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,830 --> 00:00:07,590
So let's use our first vulnerability and use it to exploit the machine and get through it.
2
00:00:07,800 --> 00:00:14,100
We're going to start with the first point that we're so open and that is this report number 21 and the
3
00:00:14,100 --> 00:00:20,310
service running behind it is an FPP service particularly at school vs FGP.
4
00:00:20,400 --> 00:00:26,850
Like I said your job as an ethical hacker or as a penetration tester is to investigate each and every
5
00:00:26,850 --> 00:00:30,820
single one of these ports and services running behind them.
6
00:00:30,840 --> 00:00:36,210
So the first thing that I want to do is I want to connect to this board and see what information I can
7
00:00:36,210 --> 00:00:37,660
get out of it.
8
00:00:37,740 --> 00:00:39,810
I'm going to switch to my command line.
9
00:00:40,080 --> 00:00:43,990
And as you can see here I have met us blood running in the background and ready already.
10
00:00:44,010 --> 00:00:45,490
Let me go to another one.
11
00:00:45,800 --> 00:00:52,030
And because it's an anti-peace arrest I'm going to try and connect to it using my FTB client to do that.
12
00:00:52,050 --> 00:00:54,460
I'd FTB and the IP address
13
00:00:57,090 --> 00:01:01,700
and it looks like on the most recent version of Ganley we don't have an FPP client.
14
00:01:01,770 --> 00:01:07,200
However we've already learned how we can manage packages install and install software on our can in
15
00:01:07,200 --> 00:01:08,700
an x.
16
00:01:08,860 --> 00:01:12,540
We do that using the APC gets commands.
17
00:01:12,630 --> 00:01:13,850
So I'm going to do.
18
00:01:14,190 --> 00:01:23,080
Get to know not send a note what's an app thinking about install FTB and Kelly will go and fetch the
19
00:01:23,080 --> 00:01:25,600
FTB client and install it for me.
20
00:01:26,310 --> 00:01:27,180
It will take a minute.
21
00:01:27,180 --> 00:01:32,710
So let's wait for it to gather and once it's done we can try again and connect to our target machine.
22
00:01:34,740 --> 00:01:41,110
Now that my FGP client is installed I can try to connect to it using the FTB commands.
23
00:01:42,310 --> 00:01:45,720
And I do FTB the IP address.
24
00:01:45,720 --> 00:01:52,290
The first thing that I'd like is not to say here is the version of the FTB server returns the name and
25
00:01:52,290 --> 00:01:59,720
the version actually so the name is vs FTB and the version is to point three point four and I'm getting
26
00:01:59,720 --> 00:02:03,620
prompted to log in using a user.
27
00:02:03,650 --> 00:02:08,940
There are instances when and after the server is configured to accept anonymous slogans.
28
00:02:09,020 --> 00:02:16,480
And with that I'm in the FTB is configured to take or accept a username of Anonymous and any password.
29
00:02:16,790 --> 00:02:19,970
So I'm going to try and see if that works here.
30
00:02:20,180 --> 00:02:26,700
I'm going to type the user name Anonymous and any password and get it.
31
00:02:26,750 --> 00:02:28,210
I am logged in now.
32
00:02:29,130 --> 00:02:34,650
Now that I'm locked in I want to see if I can find any information or any files laying around and its
33
00:02:34,760 --> 00:02:38,390
like that and that I can pull out and use to my advantage.
34
00:02:39,290 --> 00:02:44,740
If you've never used it before and don't know what commands you can run type of question why.
35
00:02:44,840 --> 00:02:48,230
And we'll show you a list of commands that you can use.
36
00:02:48,230 --> 00:02:53,210
You'll notice that some of these commands we've already seen for example the command like with C and
37
00:02:53,210 --> 00:02:58,820
Khalilah next is a command that we can use to list the contents of a directory.
38
00:02:58,820 --> 00:03:01,230
Man it looks like there's nothing here.
39
00:03:01,520 --> 00:03:03,040
So it looks like I'm a bit unlucky.
40
00:03:03,040 --> 00:03:08,400
I couldn't find anything useful to terminate the connection with the FTB server.
41
00:03:08,780 --> 00:03:11,020
I'm going to type by.
42
00:03:11,350 --> 00:03:17,590
Let me go back to the Zend map scam now that I've investigated the service from a higher level.
43
00:03:17,750 --> 00:03:23,510
I'm going to dig a little bit deeper into that particular FTB service and the particular version of
44
00:03:23,510 --> 00:03:25,440
that ATAPI service.
45
00:03:25,640 --> 00:03:30,560
So I'm going to copy that and go and try to research it a little bit and see if there are any vulnerabilities
46
00:03:30,560 --> 00:03:31,490
affecting it.
47
00:03:35,450 --> 00:03:40,610
And the second I type that into Google you'll see that multiple suggestions pop up on how to exploit
48
00:03:40,610 --> 00:03:42,040
this service.
49
00:03:42,290 --> 00:03:43,910
So it looks like we're in luck.
50
00:03:44,300 --> 00:03:49,500
And there might actually be an exploit that we can use to break into our target system.
51
00:03:49,550 --> 00:03:53,900
I'm going to look at the first results here which is an entry by a rapid 7.
52
00:03:53,930 --> 00:03:58,700
This is the company behind me at this point the company that created Methos Floyd and it looks like
53
00:03:58,700 --> 00:04:03,740
we're actually very lucky from the first service that we're investigating that exists Erewhon ability
54
00:04:03,740 --> 00:04:06,830
that we can use to break into our target system.
55
00:04:06,830 --> 00:04:10,540
And this is the name of the module and methods that we can use.
56
00:04:10,700 --> 00:04:14,650
So I'm just going to copy this and go back to my met the split.
57
00:04:14,840 --> 00:04:19,310
We've seen how to use the spot before so I'm not going to go through the details of it.
58
00:04:19,340 --> 00:04:25,950
I'm just going to go ahead and use the model there in full if you remember shows me a little bit more
59
00:04:25,950 --> 00:04:26,850
information.
60
00:04:26,880 --> 00:04:32,280
I'm just going to type this to verify that this is actually the model that I want to use.
61
00:04:32,730 --> 00:04:39,130
And as you can see here this time it's exactly the version that I have so all that is left now is to
62
00:04:39,130 --> 00:04:42,340
configure my exploits and run it to do that.
63
00:04:42,340 --> 00:04:46,800
Let me have a look at the options by typing show options.
64
00:04:46,820 --> 00:04:55,500
All I need to do here is to just configure the remote host remote host as we've seen in the beginner's
65
00:04:55,500 --> 00:05:04,020
video as my target IP address so I'll do a set host to the IP address and in methods below it.
66
00:05:04,090 --> 00:05:08,650
There are certain exploits that we can check whether they're are going to be successful or not.
67
00:05:08,680 --> 00:05:11,200
Before we actually run them.
68
00:05:11,380 --> 00:05:19,600
So before we execute and run the exploits and risk breaking a service or risk the exploit not succeeding
69
00:05:20,020 --> 00:05:24,940
we can try to check to see what the probability of our exploits succeeding is.
70
00:05:25,820 --> 00:05:28,700
Now this option exists but not every exploit.
71
00:05:28,700 --> 00:05:30,520
So let me see if this exists here.
72
00:05:30,530 --> 00:05:37,160
I'm going to run the check command and unfortunately it says that for this particular Mondial check
73
00:05:37,160 --> 00:05:38,420
is not supported.
74
00:05:38,420 --> 00:05:44,240
So all I'm left with is to run the exploit and I can do that in one of two ways either.
75
00:05:44,260 --> 00:05:53,210
I type run or I type exploits so I'll type exploit and hit enter and let methods do its magic.
76
00:05:54,530 --> 00:06:00,020
Once you start seeing these signs and green this is when you start getting excited because that means
77
00:06:00,110 --> 00:06:02,040
the exploit is actually working.
78
00:06:04,000 --> 00:06:10,420
And here we go we have a command shell session one open which means we now have a command shell open.
79
00:06:10,660 --> 00:06:13,580
I'm going to type I.D. and look at that.
80
00:06:13,600 --> 00:06:17,170
We actually got and as route which is fantastic.
81
00:06:17,290 --> 00:06:20,380
And again I'm going to double check that and type.
82
00:06:20,380 --> 00:06:21,130
Who am I.
83
00:06:21,130 --> 00:06:27,430
Which is another command that we've seen and it tells me that with roots and we ended up landing in
84
00:06:27,430 --> 00:06:29,520
the root directory.
85
00:06:29,520 --> 00:06:36,480
Now to terminate my session all I have to do is type exit and met the splits closes the command shell
86
00:06:37,170 --> 00:06:42,290
and I hit enter again to go back to my mother's voice command prompt.
87
00:06:42,320 --> 00:06:46,090
So we got lucky we managed to break in targeting the first service.
88
00:06:46,100 --> 00:06:51,860
However I'm going to assume now that we're not as lucky which is more of a realistic scenario.
89
00:06:51,950 --> 00:06:57,680
It's very rare that you managed to get through from the first service that you target on the first IP
90
00:06:57,680 --> 00:06:58,750
address that you target.
91
00:06:58,760 --> 00:07:01,520
This almost never happens.
92
00:07:01,640 --> 00:07:06,590
So to make things a little bit more realistic and a bit more challenging I'm going to assume that this
93
00:07:06,590 --> 00:07:12,380
service is no longer vulnerable and we're going to move on together to look at other services and see
94
00:07:12,380 --> 00:07:14,470
how we can exploit those.
95
00:07:14,480 --> 00:07:18,230
But before we do that here's your mission for the section.
96
00:07:18,310 --> 00:07:24,210
When we logged in as an anonymous user we did not find anything on that server.
97
00:07:24,340 --> 00:07:29,370
So what I'd like it to do for this mission is to log in using the default credentials that are provided
98
00:07:29,440 --> 00:07:35,880
which are the MSF admin user and MSF admin password and see what you can get.
99
00:07:35,880 --> 00:07:42,090
See if there's anything useful that you can find if you find anything on the FCP server figured out
100
00:07:42,090 --> 00:07:47,460
a way to download these files and directories to your Kalli machine.
101
00:07:47,460 --> 00:07:51,540
So not only list them but actually download them.
102
00:07:51,740 --> 00:07:58,880
Once you're done with this FTB server on port 21 there's another FGP server running on another port
103
00:07:59,480 --> 00:08:03,900
do the same thing try to connect to that FTB server and again try.
104
00:08:03,910 --> 00:08:08,350
Anonymous user if that does not work try the MSF admin user.
105
00:08:08,720 --> 00:08:14,390
And once you're logged in if you actually manage to log in see if there are any files or folders that
106
00:08:14,420 --> 00:08:18,800
you might find useful and figured out a way to download those as well.
107
00:08:19,100 --> 00:08:21,980
Once you're done let's move on to the next video.
11832
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.