Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,830 --> 00:00:07,590 So let's use our first vulnerability and use it to exploit the machine and get through it. 2 00:00:07,800 --> 00:00:14,100 We're going to start with the first point that we're so open and that is this report number 21 and the 3 00:00:14,100 --> 00:00:20,310 service running behind it is an FPP service particularly at school vs FGP. 4 00:00:20,400 --> 00:00:26,850 Like I said your job as an ethical hacker or as a penetration tester is to investigate each and every 5 00:00:26,850 --> 00:00:30,820 single one of these ports and services running behind them. 6 00:00:30,840 --> 00:00:36,210 So the first thing that I want to do is I want to connect to this board and see what information I can 7 00:00:36,210 --> 00:00:37,660 get out of it. 8 00:00:37,740 --> 00:00:39,810 I'm going to switch to my command line. 9 00:00:40,080 --> 00:00:43,990 And as you can see here I have met us blood running in the background and ready already. 10 00:00:44,010 --> 00:00:45,490 Let me go to another one. 11 00:00:45,800 --> 00:00:52,030 And because it's an anti-peace arrest I'm going to try and connect to it using my FTB client to do that. 12 00:00:52,050 --> 00:00:54,460 I'd FTB and the IP address 13 00:00:57,090 --> 00:01:01,700 and it looks like on the most recent version of Ganley we don't have an FPP client. 14 00:01:01,770 --> 00:01:07,200 However we've already learned how we can manage packages install and install software on our can in 15 00:01:07,200 --> 00:01:08,700 an x. 16 00:01:08,860 --> 00:01:12,540 We do that using the APC gets commands. 17 00:01:12,630 --> 00:01:13,850 So I'm going to do. 18 00:01:14,190 --> 00:01:23,080 Get to know not send a note what's an app thinking about install FTB and Kelly will go and fetch the 19 00:01:23,080 --> 00:01:25,600 FTB client and install it for me. 20 00:01:26,310 --> 00:01:27,180 It will take a minute. 21 00:01:27,180 --> 00:01:32,710 So let's wait for it to gather and once it's done we can try again and connect to our target machine. 22 00:01:34,740 --> 00:01:41,110 Now that my FGP client is installed I can try to connect to it using the FTB commands. 23 00:01:42,310 --> 00:01:45,720 And I do FTB the IP address. 24 00:01:45,720 --> 00:01:52,290 The first thing that I'd like is not to say here is the version of the FTB server returns the name and 25 00:01:52,290 --> 00:01:59,720 the version actually so the name is vs FTB and the version is to point three point four and I'm getting 26 00:01:59,720 --> 00:02:03,620 prompted to log in using a user. 27 00:02:03,650 --> 00:02:08,940 There are instances when and after the server is configured to accept anonymous slogans. 28 00:02:09,020 --> 00:02:16,480 And with that I'm in the FTB is configured to take or accept a username of Anonymous and any password. 29 00:02:16,790 --> 00:02:19,970 So I'm going to try and see if that works here. 30 00:02:20,180 --> 00:02:26,700 I'm going to type the user name Anonymous and any password and get it. 31 00:02:26,750 --> 00:02:28,210 I am logged in now. 32 00:02:29,130 --> 00:02:34,650 Now that I'm locked in I want to see if I can find any information or any files laying around and its 33 00:02:34,760 --> 00:02:38,390 like that and that I can pull out and use to my advantage. 34 00:02:39,290 --> 00:02:44,740 If you've never used it before and don't know what commands you can run type of question why. 35 00:02:44,840 --> 00:02:48,230 And we'll show you a list of commands that you can use. 36 00:02:48,230 --> 00:02:53,210 You'll notice that some of these commands we've already seen for example the command like with C and 37 00:02:53,210 --> 00:02:58,820 Khalilah next is a command that we can use to list the contents of a directory. 38 00:02:58,820 --> 00:03:01,230 Man it looks like there's nothing here. 39 00:03:01,520 --> 00:03:03,040 So it looks like I'm a bit unlucky. 40 00:03:03,040 --> 00:03:08,400 I couldn't find anything useful to terminate the connection with the FTB server. 41 00:03:08,780 --> 00:03:11,020 I'm going to type by. 42 00:03:11,350 --> 00:03:17,590 Let me go back to the Zend map scam now that I've investigated the service from a higher level. 43 00:03:17,750 --> 00:03:23,510 I'm going to dig a little bit deeper into that particular FTB service and the particular version of 44 00:03:23,510 --> 00:03:25,440 that ATAPI service. 45 00:03:25,640 --> 00:03:30,560 So I'm going to copy that and go and try to research it a little bit and see if there are any vulnerabilities 46 00:03:30,560 --> 00:03:31,490 affecting it. 47 00:03:35,450 --> 00:03:40,610 And the second I type that into Google you'll see that multiple suggestions pop up on how to exploit 48 00:03:40,610 --> 00:03:42,040 this service. 49 00:03:42,290 --> 00:03:43,910 So it looks like we're in luck. 50 00:03:44,300 --> 00:03:49,500 And there might actually be an exploit that we can use to break into our target system. 51 00:03:49,550 --> 00:03:53,900 I'm going to look at the first results here which is an entry by a rapid 7. 52 00:03:53,930 --> 00:03:58,700 This is the company behind me at this point the company that created Methos Floyd and it looks like 53 00:03:58,700 --> 00:04:03,740 we're actually very lucky from the first service that we're investigating that exists Erewhon ability 54 00:04:03,740 --> 00:04:06,830 that we can use to break into our target system. 55 00:04:06,830 --> 00:04:10,540 And this is the name of the module and methods that we can use. 56 00:04:10,700 --> 00:04:14,650 So I'm just going to copy this and go back to my met the split. 57 00:04:14,840 --> 00:04:19,310 We've seen how to use the spot before so I'm not going to go through the details of it. 58 00:04:19,340 --> 00:04:25,950 I'm just going to go ahead and use the model there in full if you remember shows me a little bit more 59 00:04:25,950 --> 00:04:26,850 information. 60 00:04:26,880 --> 00:04:32,280 I'm just going to type this to verify that this is actually the model that I want to use. 61 00:04:32,730 --> 00:04:39,130 And as you can see here this time it's exactly the version that I have so all that is left now is to 62 00:04:39,130 --> 00:04:42,340 configure my exploits and run it to do that. 63 00:04:42,340 --> 00:04:46,800 Let me have a look at the options by typing show options. 64 00:04:46,820 --> 00:04:55,500 All I need to do here is to just configure the remote host remote host as we've seen in the beginner's 65 00:04:55,500 --> 00:05:04,020 video as my target IP address so I'll do a set host to the IP address and in methods below it. 66 00:05:04,090 --> 00:05:08,650 There are certain exploits that we can check whether they're are going to be successful or not. 67 00:05:08,680 --> 00:05:11,200 Before we actually run them. 68 00:05:11,380 --> 00:05:19,600 So before we execute and run the exploits and risk breaking a service or risk the exploit not succeeding 69 00:05:20,020 --> 00:05:24,940 we can try to check to see what the probability of our exploits succeeding is. 70 00:05:25,820 --> 00:05:28,700 Now this option exists but not every exploit. 71 00:05:28,700 --> 00:05:30,520 So let me see if this exists here. 72 00:05:30,530 --> 00:05:37,160 I'm going to run the check command and unfortunately it says that for this particular Mondial check 73 00:05:37,160 --> 00:05:38,420 is not supported. 74 00:05:38,420 --> 00:05:44,240 So all I'm left with is to run the exploit and I can do that in one of two ways either. 75 00:05:44,260 --> 00:05:53,210 I type run or I type exploits so I'll type exploit and hit enter and let methods do its magic. 76 00:05:54,530 --> 00:06:00,020 Once you start seeing these signs and green this is when you start getting excited because that means 77 00:06:00,110 --> 00:06:02,040 the exploit is actually working. 78 00:06:04,000 --> 00:06:10,420 And here we go we have a command shell session one open which means we now have a command shell open. 79 00:06:10,660 --> 00:06:13,580 I'm going to type I.D. and look at that. 80 00:06:13,600 --> 00:06:17,170 We actually got and as route which is fantastic. 81 00:06:17,290 --> 00:06:20,380 And again I'm going to double check that and type. 82 00:06:20,380 --> 00:06:21,130 Who am I. 83 00:06:21,130 --> 00:06:27,430 Which is another command that we've seen and it tells me that with roots and we ended up landing in 84 00:06:27,430 --> 00:06:29,520 the root directory. 85 00:06:29,520 --> 00:06:36,480 Now to terminate my session all I have to do is type exit and met the splits closes the command shell 86 00:06:37,170 --> 00:06:42,290 and I hit enter again to go back to my mother's voice command prompt. 87 00:06:42,320 --> 00:06:46,090 So we got lucky we managed to break in targeting the first service. 88 00:06:46,100 --> 00:06:51,860 However I'm going to assume now that we're not as lucky which is more of a realistic scenario. 89 00:06:51,950 --> 00:06:57,680 It's very rare that you managed to get through from the first service that you target on the first IP 90 00:06:57,680 --> 00:06:58,750 address that you target. 91 00:06:58,760 --> 00:07:01,520 This almost never happens. 92 00:07:01,640 --> 00:07:06,590 So to make things a little bit more realistic and a bit more challenging I'm going to assume that this 93 00:07:06,590 --> 00:07:12,380 service is no longer vulnerable and we're going to move on together to look at other services and see 94 00:07:12,380 --> 00:07:14,470 how we can exploit those. 95 00:07:14,480 --> 00:07:18,230 But before we do that here's your mission for the section. 96 00:07:18,310 --> 00:07:24,210 When we logged in as an anonymous user we did not find anything on that server. 97 00:07:24,340 --> 00:07:29,370 So what I'd like it to do for this mission is to log in using the default credentials that are provided 98 00:07:29,440 --> 00:07:35,880 which are the MSF admin user and MSF admin password and see what you can get. 99 00:07:35,880 --> 00:07:42,090 See if there's anything useful that you can find if you find anything on the FCP server figured out 100 00:07:42,090 --> 00:07:47,460 a way to download these files and directories to your Kalli machine. 101 00:07:47,460 --> 00:07:51,540 So not only list them but actually download them. 102 00:07:51,740 --> 00:07:58,880 Once you're done with this FTB server on port 21 there's another FGP server running on another port 103 00:07:59,480 --> 00:08:03,900 do the same thing try to connect to that FTB server and again try. 104 00:08:03,910 --> 00:08:08,350 Anonymous user if that does not work try the MSF admin user. 105 00:08:08,720 --> 00:08:14,390 And once you're logged in if you actually manage to log in see if there are any files or folders that 106 00:08:14,420 --> 00:08:18,800 you might find useful and figured out a way to download those as well. 107 00:08:19,100 --> 00:08:21,980 Once you're done let's move on to the next video. 11832