Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,120 --> 00:00:04,920
Now on a part two hour scan results are done and we can tell because you've got a nice checkmark here
2
00:00:04,920 --> 00:00:05,950
that says complete.
3
00:00:06,570 --> 00:00:12,420
So we're going to click into our scan results and looking at the overview we can see here that we've
4
00:00:12,420 --> 00:00:20,030
got five critical 38 high fifty nine mediums ten loaves and sixty seven informational so we're gonna
5
00:00:20,060 --> 00:00:24,620
click on the vulnerabilities here and let me make this bigger.
6
00:00:24,620 --> 00:00:30,050
So we're gonna do is we're gonna take a peek at this and this new version of NASA's actually starts
7
00:00:30,050 --> 00:00:31,340
grouping these together.
8
00:00:31,670 --> 00:00:34,390
Let's go ahead and hit settings and disabled groups.
9
00:00:35,740 --> 00:00:38,740
And that'll show us by severity.
10
00:00:38,740 --> 00:00:47,120
So look what's coming back up Open SSL unsupported check it out.
11
00:00:47,120 --> 00:00:53,030
Zero point nine point six b one point one point zero Id say according to banner the motor is running
12
00:00:53,060 --> 00:00:57,260
Open SSL and it doesn't tell us much about it.
13
00:00:57,260 --> 00:01:00,060
We'd actually have to do a little bit of research click into this.
14
00:01:00,140 --> 00:01:02,270
See why it's such a bad thing.
15
00:01:02,390 --> 00:01:04,630
But this is absolutely out of date.
16
00:01:05,030 --> 00:01:11,080
OK so if we're making a screenshot here we're going to say hey this is out of date.
17
00:01:11,120 --> 00:01:12,710
We see this install version.
18
00:01:12,710 --> 00:01:15,230
It's recommended to patch to this version.
19
00:01:15,410 --> 00:01:20,230
So if you're taking notes you can go ahead and add that into your notes for your vulnerabilities.
20
00:01:20,240 --> 00:01:24,530
This is insufficient patching come back through here.
21
00:01:24,540 --> 00:01:28,320
It says even open SSA it has remote privilege escalation.
22
00:01:28,350 --> 00:01:36,450
It's got remote overflows so it looks like you could possibly perform an overflow against as the.
23
00:01:36,600 --> 00:01:42,750
So if you did some research and you were able to find a vulnerability with that that's cool and we come
24
00:01:42,750 --> 00:01:48,780
through here and you see the Apache has denial service cross-eyed scripting again Apache looks like
25
00:01:48,780 --> 00:01:57,000
insufficient patching and mod SSL shows up Open SSL shows up and I mean we just got vulnerability after
26
00:01:57,000 --> 00:02:03,060
vulnerability so we would write a lot of these up and depending on the assessment and how the assessment
27
00:02:03,060 --> 00:02:10,310
was going depends on the severity that we're going to write up now if we find remote code execution
28
00:02:10,330 --> 00:02:16,350
we get a lot of access to a client and a client just lights up like a Christmas tree when it comes time
29
00:02:16,350 --> 00:02:23,190
to reviewing your scans then a lot of these you know we might report on a lot of these and we might
30
00:02:23,190 --> 00:02:28,640
not report on a lot of lows or a lot of the mediums but if we're in the opposite situation where you
31
00:02:28,640 --> 00:02:34,590
know we aren't finding a lot but there's still stuff to report then we might report on like Hey Open
32
00:02:34,590 --> 00:02:39,990
SSL is you know it's out of you know it's out of date and then we go to the next page and we find a
33
00:02:39,990 --> 00:02:46,860
low and maybe there's like OK there's there's something in here that's related to SSL till s this one
34
00:02:46,860 --> 00:02:55,290
is an unsupported cipher we might report that as well just depending on the potential in how many vulnerabilities
35
00:02:55,290 --> 00:02:56,700
that there actually are.
36
00:02:56,700 --> 00:03:02,940
So as of right now it looks like this box is pretty critical but what we also do as penetration testers
37
00:03:02,970 --> 00:03:08,310
is we take all the results in front of us and what we'll do is we'll come in and we'll download this
38
00:03:08,580 --> 00:03:15,150
nexus file we'll take that nexus file and there's tools out there to convert a nexus file into an Excel
39
00:03:15,150 --> 00:03:19,220
document and it makes it nice and pretty and we'll hand it over to the client as well.
40
00:03:19,530 --> 00:03:25,160
And in the report it'll say hey look we've covered some of the vulnerabilities.
41
00:03:25,170 --> 00:03:29,700
There's no way for us to touch all of them because this is a time assessment we focused on the low hanging
42
00:03:29,700 --> 00:03:30,410
fruit.
43
00:03:30,450 --> 00:03:32,010
We focus on what we could.
44
00:03:32,040 --> 00:03:37,050
So please do go look at your NSA scan results in all the information that we provide to you because
45
00:03:37,050 --> 00:03:38,060
it's super important.
46
00:03:38,610 --> 00:03:42,810
So again if we have a client like this where we're going to have remote code execution we're gonna have
47
00:03:42,810 --> 00:03:46,720
a lot of vulnerabilities then these things just start to stack up.
48
00:03:46,920 --> 00:03:49,170
And this is what an essence result looks like.
49
00:03:49,200 --> 00:03:56,670
You can click into these you can get more information and possibly even you know details on how to exploit
50
00:03:56,670 --> 00:04:00,000
it and how to solve it as well.
51
00:04:00,000 --> 00:04:02,420
So there's useful links in here.
52
00:04:02,430 --> 00:04:07,120
A lot of the times in this you know they give you information but you should always go out and verify
53
00:04:07,140 --> 00:04:11,180
never trust your vulnerability scanner just because it says hey we detected it.
54
00:04:11,190 --> 00:04:15,720
You should go out and look and find it just like we had that screenshot from before with the Apache
55
00:04:15,720 --> 00:04:16,400
service version.
56
00:04:16,400 --> 00:04:17,840
We know this exists.
57
00:04:17,850 --> 00:04:23,850
We wouldn't provide a screenshot of the output of nexus we would go provide a screenshot that says hey
58
00:04:23,850 --> 00:04:28,290
we actually proved that we know it's there and you're out of date.
59
00:04:28,530 --> 00:04:33,360
So hopefully that gives you an idea of what we're doing with Nexus and why we're using it and how it
60
00:04:33,360 --> 00:04:34,960
could be an advantage to us.
61
00:04:35,040 --> 00:04:40,350
Sometimes we're so overwhelmed with everything around us that we might miss some vulnerabilities and
62
00:04:40,440 --> 00:04:47,700
it's nice to just have a scanner detect a lot of vulnerabilities just for us and it gives us something
63
00:04:47,700 --> 00:04:49,280
to look through something to verify.
64
00:04:49,290 --> 00:04:55,980
Double check etc. It's just an extra layer of vulnerability assessment for us.
65
00:04:55,980 --> 00:04:57,590
It's a friend in the game.
66
00:04:57,720 --> 00:05:01,430
So I own two programs as a pen tester.
67
00:05:01,530 --> 00:05:06,210
Two programs that I pay for NASA's license is one burp sweet Pro is the other.
68
00:05:06,210 --> 00:05:09,060
This one is twenty four one hundred dollars a month.
69
00:05:09,060 --> 00:05:10,110
Very expensive.
70
00:05:10,380 --> 00:05:12,630
Absolutely worth it.
71
00:05:12,850 --> 00:05:13,970
Pro is 400 dollars.
72
00:05:13,980 --> 00:05:17,010
We'll get into that later but absolutely worth it as well.
73
00:05:17,010 --> 00:05:23,790
So that's it for this section now we're going to move on to exploitation.
74
00:05:23,790 --> 00:05:26,090
Really start to get into the fun stuff.
75
00:05:26,100 --> 00:05:31,530
Talk about some different exploitation techniques you're going to see and then we'll do a bunch of box
76
00:05:31,550 --> 00:05:33,650
walkthrough and get it into exploit development.
77
00:05:33,660 --> 00:05:35,070
And it's about to get so fun.
78
00:05:35,070 --> 00:05:36,850
This is the fun part of the course.
79
00:05:36,960 --> 00:05:41,590
Up until this point it's just been scanning and admiration learning about the process.
80
00:05:41,760 --> 00:05:48,060
And it's been nine hours of course material so far almost eight hours of course material just to get
81
00:05:48,060 --> 00:05:49,000
to this point.
82
00:05:49,020 --> 00:05:54,230
That's how important I think that information gathering and scanning enumeration are.
83
00:05:54,300 --> 00:05:59,730
Along with the foundations and the materials you need to know all that before you can just start exploding
84
00:05:59,760 --> 00:06:00,240
machines.
85
00:06:00,270 --> 00:06:01,380
So now we're there.
86
00:06:01,380 --> 00:06:02,180
Congratulations.
87
00:06:02,180 --> 00:06:03,590
Pat yourself on the back.
88
00:06:03,600 --> 00:06:08,730
We're almost halfway through the exploitation part of this course.
89
00:06:08,790 --> 00:06:13,650
So once we get to the middle of the course Capstone I think it would be really fun and exciting.
90
00:06:13,680 --> 00:06:14,840
So that's it.
91
00:06:14,850 --> 00:06:15,660
End of spiel.
92
00:06:15,810 --> 00:06:17,990
I'll see over in the next section when we start learning.
93
00:06:18,000 --> 00:06:18,660
Exploitation.
9640
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.