Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,670 --> 00:00:05,840 In this lecture we're going to take a different twe for using Armytage. 2 00:00:05,970 --> 00:00:10,560 Let me give you a small scenario assumes that we have a victim machine. 3 00:00:10,560 --> 00:00:16,020 This is a Windows server could be Windows Server an Android device you know as I keep saying the concept 4 00:00:16,020 --> 00:00:19,760 upload anything but assumes that I have here a server. 5 00:00:20,340 --> 00:00:26,010 And I did some research but I was not able to figure out which exploit I can use. 6 00:00:26,010 --> 00:00:32,100 I mean it's different than the previous case where I news that there is one vulnerability or one exploits 7 00:00:32,100 --> 00:00:34,950 that can be used to choose our PC Diccon. 8 00:00:34,950 --> 00:00:40,950 But in my case right now I have a victim I know that he got when the server 2003 except I don't know 9 00:00:40,980 --> 00:00:49,820 exactly which version of which exploit I can use to exploit any vulnerability here and get access. 10 00:00:49,950 --> 00:00:51,500 Can I automate it. 11 00:00:51,510 --> 00:00:59,130 Can I make Armytage search for the right version for the vulnerability and the right exploit on the 12 00:00:59,130 --> 00:01:01,090 victim instead of doing that myself. 13 00:01:01,260 --> 00:01:07,270 So I don't have to go exploit D.B and search and I don't have all the security focus and search. 14 00:01:07,290 --> 00:01:09,420 Actually you can let's see how we can do that. 15 00:01:09,420 --> 00:01:15,440 So we have our victim machine here and the victim machine only knows the IP which is 1 and 2 and 6 it 16 00:01:15,480 --> 00:01:16,260 to 201. 17 00:01:16,260 --> 00:01:18,640 Honestly I'm going to assume that I even don't. 18 00:01:18,640 --> 00:01:20,970 Most operating system isn't. 19 00:01:21,180 --> 00:01:27,690 So what I'm going to do I'm going to go here with me to Armytage and we're going to go to host and I'm 20 00:01:27,690 --> 00:01:32,840 going to click on host and I can add one machine or more. 21 00:01:32,850 --> 00:01:37,720 I can even add the network a full network and he will scan all of them and try to compromise them. 22 00:01:37,770 --> 00:01:40,790 So I'm going to add one machine which is my victim machine. 23 00:01:41,100 --> 00:01:47,330 One more time I'm going to assume that I don't know even the operating system I only knows the IP on 24 00:01:47,350 --> 00:01:50,410 one story and you can add more IP if you want. 25 00:01:50,520 --> 00:01:56,960 Or a full letter but in my case I'm only going to add one IP and he can add the machine here. 26 00:01:57,540 --> 00:01:59,160 And as you can see it has a black screen. 27 00:01:59,170 --> 00:02:05,040 I mean you don't have any information about the computer on his IP and aromatase cannot discover anything 28 00:02:05,040 --> 00:02:05,970 right now. 29 00:02:05,970 --> 00:02:10,730 Then you can go to host one more time and do. 30 00:02:10,770 --> 00:02:17,160 And maps can show instead of scanning yourself you can tune in maps scan and type intensive scan and 31 00:02:17,160 --> 00:02:21,770 click on enter and he can verify his IP. 32 00:02:21,780 --> 00:02:23,330 Yes it's the same IP. 33 00:02:23,370 --> 00:02:24,860 And click on target. 34 00:02:24,990 --> 00:02:30,750 Now this may take time not too long but as you can see down his scanning the 35 00:02:33,540 --> 00:02:40,070 scanning the victim trying to discover what operating system what port what services and so on while 36 00:02:40,140 --> 00:02:45,000 I'm doing that please check on the right when you right click on the computer only find two options 37 00:02:45,000 --> 00:02:48,200 services and scan and post where you can move those. 38 00:02:48,240 --> 00:02:53,940 So you only have the option here because this will change within a few minutes and I'm going to wait 39 00:02:53,940 --> 00:03:01,650 until the Finnish scan how I'll be knowing that he finished scan beside following up down here once 40 00:03:02,040 --> 00:03:08,760 the scan is finished you will see that there will be a logo on the screen instead of having a black 41 00:03:08,760 --> 00:03:09,140 screen. 42 00:03:09,150 --> 00:03:16,170 It would be maybe windows maybe Linux so you'll find the logo change here indicating what operating 43 00:03:16,170 --> 00:03:17,940 systems or machine have. 44 00:03:18,120 --> 00:03:24,630 So while he's doing scan he will discover his operating system and he will give you a no go on the machine 45 00:03:24,630 --> 00:03:25,440 here. 46 00:03:26,040 --> 00:03:29,480 So let's give him a few seconds or maybe minutes. 47 00:03:35,120 --> 00:03:41,170 I don't know if I should post because this may take time or let me wait for like 30 seconds more. 48 00:03:41,360 --> 00:03:47,410 If he's taking longer time I'm going to pause until we finish but how I'll be knowing that he finished 49 00:03:47,450 --> 00:03:58,490 once the logo of the operating system will show on the screen. 50 00:03:58,530 --> 00:04:00,090 It seems that he finished 51 00:04:12,930 --> 00:04:14,000 but was taking. 52 00:04:14,010 --> 00:04:14,590 OK. 53 00:04:15,000 --> 00:04:20,820 Let's go to host one more time Lecky. 54 00:04:20,860 --> 00:04:28,960 Let's see if we need to do any other scanning because the rigorous scan should get the operating system 55 00:04:28,960 --> 00:04:31,910 let me do a quick scan as well. 56 00:04:33,100 --> 00:04:33,450 Yes. 57 00:04:33,520 --> 00:04:36,720 Quick scan with operating system detection. 58 00:04:36,850 --> 00:04:45,790 You don't have to let me writes IP 1 9 2 2 1 6 8 200 on Wednesday. 59 00:04:46,000 --> 00:04:52,710 Now you don't have to rush the process. 60 00:04:52,770 --> 00:04:58,910 But be patient because as much information as you can get about the victim and you are not the one who 61 00:04:58,910 --> 00:05:05,500 is getting the information you are letting Armytage getting the information for you but spending some 62 00:05:05,500 --> 00:05:12,640 good amount of time doing that this will help the Armytage to find the right vulnerability and the right 63 00:05:12,650 --> 00:05:21,030 expert as you can see finished and the operating system has been showing on the computer. 64 00:05:21,110 --> 00:05:23,100 It's Windows XP. 65 00:05:23,140 --> 00:05:29,900 Sometimes you know it will give you like a tiger it could be pure 2003 or 7 2008. 66 00:05:29,920 --> 00:05:31,030 So it doesn't matter. 67 00:05:31,030 --> 00:05:37,620 But since he was able to discover roughly what is the operating system excellent second part after discovery 68 00:05:37,620 --> 00:05:40,950 and getting support on the operating system I would go to attack. 69 00:05:41,620 --> 00:05:54,160 And I'm going to click Find attack and he will start searching the machines that we edit or host that 70 00:05:54,160 --> 00:05:54,740 we added. 71 00:05:54,760 --> 00:05:56,820 What attack can be implemented. 72 00:05:57,220 --> 00:06:03,210 So he's checking in his library according to his input to the information that he gathered. 73 00:06:03,730 --> 00:06:05,950 What attack can be implemented. 74 00:06:06,130 --> 00:06:07,090 Can we do this. 75 00:06:07,090 --> 00:06:08,180 Can we do that attack. 76 00:06:08,200 --> 00:06:11,390 So he already have information and is searching according to that. 77 00:06:11,560 --> 00:06:17,380 If he didn't do the scans the first time he will not be able to search because he has a big library 78 00:06:18,190 --> 00:06:19,090 to search from. 79 00:06:19,090 --> 00:06:26,360 So he said OK I find some vulnerability and I selected for you some exploit to be used to hackers was 80 00:06:26,380 --> 00:06:27,010 vulnerable. 81 00:06:27,310 --> 00:06:32,850 If you right click right now on your computer you'll find a new menu called ETEC Zeus Arza exploits 82 00:06:32,860 --> 00:06:34,250 that he found. 83 00:06:34,630 --> 00:06:35,840 And you can try. 84 00:06:36,160 --> 00:06:38,180 Not all of them will be working but you can try. 85 00:06:38,190 --> 00:06:39,510 So let's take the first one. 86 00:06:39,510 --> 00:06:43,050 Let me try this one which is still our PC one more time. 87 00:06:43,240 --> 00:06:49,210 Let's see if it can or cannot because he didn't use the vulnerability randomly he adds them according 88 00:06:49,210 --> 00:06:53,350 to the scans that he did and he said most probably this may work. 89 00:06:53,350 --> 00:06:56,190 Those two winnability an expert let me try this one. 90 00:06:56,650 --> 00:07:01,330 So you click on it now you don't need to change anything because all the information out there and you 91 00:07:01,330 --> 00:07:04,210 click on launch. 92 00:07:04,810 --> 00:07:08,400 If you got this red frame that's mean it has been compromised. 93 00:07:08,410 --> 00:07:09,290 Excellent. 94 00:07:09,370 --> 00:07:11,240 If not you try another one. 95 00:07:11,350 --> 00:07:12,800 If not you try one. 96 00:07:13,060 --> 00:07:14,220 And so on. 97 00:07:14,230 --> 00:07:16,630 So as you can see the first one was successful. 98 00:07:16,630 --> 00:07:24,070 Now I have a metal preparation to this machine where I have a full access and I can you know browse 99 00:07:24,070 --> 00:07:29,200 get the desktop do whatever I want on this machine. 100 00:07:29,200 --> 00:07:37,660 Let me try to do something desktop and see if I need to get that desktop access on the server. 101 00:07:43,070 --> 00:07:44,790 It's going to work or not I don't know why. 102 00:07:44,840 --> 00:07:49,470 Yeah you go on talking. 103 00:07:49,820 --> 00:07:52,050 Let me try and answer one better better 104 00:07:54,660 --> 00:07:55,870 interact. 105 00:07:55,950 --> 00:07:56,810 Let me see 106 00:07:59,970 --> 00:08:01,040 let me get a shell. 107 00:08:01,110 --> 00:08:03,260 What I can type so calm and my son. 108 00:08:03,510 --> 00:08:07,540 So it should show down. 109 00:08:07,920 --> 00:08:12,210 But the point is to go so we have a shell on the machine. 110 00:08:12,210 --> 00:08:16,160 The point is this is a different way for using Armytage. 111 00:08:16,250 --> 00:08:25,290 It's a more smart way smarter way in you know in the sense of I don't have to spend time searching for 112 00:08:25,380 --> 00:08:30,160 scanning first and then searching for vulnerability and searching for exploit. 113 00:08:30,160 --> 00:08:31,120 No no. 114 00:08:31,230 --> 00:08:38,970 You can let this application Armitage to Gisors this kind of information to look for is a weakness and 115 00:08:38,970 --> 00:08:43,460 vulnerability to suggest what exploit can be used from his library. 116 00:08:43,460 --> 00:08:49,190 And then you just right click on it and get my advice to you it's to not count on only one method. 117 00:08:49,200 --> 00:08:54,960 I explained three different missions the section Meta's plate Armytage and using Armytage in a different 118 00:08:54,960 --> 00:08:55,870 way. 119 00:08:56,460 --> 00:09:00,900 I suggest that you should be familiar with all the metal because sometimes this one will not work. 120 00:09:00,900 --> 00:09:02,480 You should try another way. 121 00:09:02,880 --> 00:09:08,530 But if you limit yourself to only one way I don't think this would be that effective. 122 00:09:08,760 --> 00:09:14,640 But after all is the object of this scope is to show you the exploitation framework and how it can be 123 00:09:14,640 --> 00:09:23,220 used next sections will be more into the attacks itself and many Android that actually going to see 124 00:09:23,610 --> 00:09:28,750 how to hack Android devices smartphone or tablet using different attack. 125 00:09:28,980 --> 00:09:34,140 But the attacks that we can implement will be based on this section and previous section. 126 00:09:34,260 --> 00:09:38,920 So the objective was to learn the tools first and then go through the attic. 127 00:09:38,970 --> 00:09:42,510 So we're going to have a section related to hacking Android device. 128 00:09:42,750 --> 00:09:46,710 And then another section which is hacking with Android device. 12638