Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,120 --> 00:00:04,920 Now on a part two hour scan results are done and we can tell because you've got a nice checkmark here 2 00:00:04,920 --> 00:00:05,950 that says complete. 3 00:00:06,570 --> 00:00:12,420 So we're going to click into our scan results and looking at the overview we can see here that we've 4 00:00:12,420 --> 00:00:20,030 got five critical 38 high fifty nine mediums ten loaves and sixty seven informational so we're gonna 5 00:00:20,060 --> 00:00:24,620 click on the vulnerabilities here and let me make this bigger. 6 00:00:24,620 --> 00:00:30,050 So we're gonna do is we're gonna take a peek at this and this new version of NASA's actually starts 7 00:00:30,050 --> 00:00:31,340 grouping these together. 8 00:00:31,670 --> 00:00:34,390 Let's go ahead and hit settings and disabled groups. 9 00:00:35,740 --> 00:00:38,740 And that'll show us by severity. 10 00:00:38,740 --> 00:00:47,120 So look what's coming back up Open SSL unsupported check it out. 11 00:00:47,120 --> 00:00:53,030 Zero point nine point six b one point one point zero Id say according to banner the motor is running 12 00:00:53,060 --> 00:00:57,260 Open SSL and it doesn't tell us much about it. 13 00:00:57,260 --> 00:01:00,060 We'd actually have to do a little bit of research click into this. 14 00:01:00,140 --> 00:01:02,270 See why it's such a bad thing. 15 00:01:02,390 --> 00:01:04,630 But this is absolutely out of date. 16 00:01:05,030 --> 00:01:11,080 OK so if we're making a screenshot here we're going to say hey this is out of date. 17 00:01:11,120 --> 00:01:12,710 We see this install version. 18 00:01:12,710 --> 00:01:15,230 It's recommended to patch to this version. 19 00:01:15,410 --> 00:01:20,230 So if you're taking notes you can go ahead and add that into your notes for your vulnerabilities. 20 00:01:20,240 --> 00:01:24,530 This is insufficient patching come back through here. 21 00:01:24,540 --> 00:01:28,320 It says even open SSA it has remote privilege escalation. 22 00:01:28,350 --> 00:01:36,450 It's got remote overflows so it looks like you could possibly perform an overflow against as the. 23 00:01:36,600 --> 00:01:42,750 So if you did some research and you were able to find a vulnerability with that that's cool and we come 24 00:01:42,750 --> 00:01:48,780 through here and you see the Apache has denial service cross-eyed scripting again Apache looks like 25 00:01:48,780 --> 00:01:57,000 insufficient patching and mod SSL shows up Open SSL shows up and I mean we just got vulnerability after 26 00:01:57,000 --> 00:02:03,060 vulnerability so we would write a lot of these up and depending on the assessment and how the assessment 27 00:02:03,060 --> 00:02:10,310 was going depends on the severity that we're going to write up now if we find remote code execution 28 00:02:10,330 --> 00:02:16,350 we get a lot of access to a client and a client just lights up like a Christmas tree when it comes time 29 00:02:16,350 --> 00:02:23,190 to reviewing your scans then a lot of these you know we might report on a lot of these and we might 30 00:02:23,190 --> 00:02:28,640 not report on a lot of lows or a lot of the mediums but if we're in the opposite situation where you 31 00:02:28,640 --> 00:02:34,590 know we aren't finding a lot but there's still stuff to report then we might report on like Hey Open 32 00:02:34,590 --> 00:02:39,990 SSL is you know it's out of you know it's out of date and then we go to the next page and we find a 33 00:02:39,990 --> 00:02:46,860 low and maybe there's like OK there's there's something in here that's related to SSL till s this one 34 00:02:46,860 --> 00:02:55,290 is an unsupported cipher we might report that as well just depending on the potential in how many vulnerabilities 35 00:02:55,290 --> 00:02:56,700 that there actually are. 36 00:02:56,700 --> 00:03:02,940 So as of right now it looks like this box is pretty critical but what we also do as penetration testers 37 00:03:02,970 --> 00:03:08,310 is we take all the results in front of us and what we'll do is we'll come in and we'll download this 38 00:03:08,580 --> 00:03:15,150 nexus file we'll take that nexus file and there's tools out there to convert a nexus file into an Excel 39 00:03:15,150 --> 00:03:19,220 document and it makes it nice and pretty and we'll hand it over to the client as well. 40 00:03:19,530 --> 00:03:25,160 And in the report it'll say hey look we've covered some of the vulnerabilities. 41 00:03:25,170 --> 00:03:29,700 There's no way for us to touch all of them because this is a time assessment we focused on the low hanging 42 00:03:29,700 --> 00:03:30,410 fruit. 43 00:03:30,450 --> 00:03:32,010 We focus on what we could. 44 00:03:32,040 --> 00:03:37,050 So please do go look at your NSA scan results in all the information that we provide to you because 45 00:03:37,050 --> 00:03:38,060 it's super important. 46 00:03:38,610 --> 00:03:42,810 So again if we have a client like this where we're going to have remote code execution we're gonna have 47 00:03:42,810 --> 00:03:46,720 a lot of vulnerabilities then these things just start to stack up. 48 00:03:46,920 --> 00:03:49,170 And this is what an essence result looks like. 49 00:03:49,200 --> 00:03:56,670 You can click into these you can get more information and possibly even you know details on how to exploit 50 00:03:56,670 --> 00:04:00,000 it and how to solve it as well. 51 00:04:00,000 --> 00:04:02,420 So there's useful links in here. 52 00:04:02,430 --> 00:04:07,120 A lot of the times in this you know they give you information but you should always go out and verify 53 00:04:07,140 --> 00:04:11,180 never trust your vulnerability scanner just because it says hey we detected it. 54 00:04:11,190 --> 00:04:15,720 You should go out and look and find it just like we had that screenshot from before with the Apache 55 00:04:15,720 --> 00:04:16,400 service version. 56 00:04:16,400 --> 00:04:17,840 We know this exists. 57 00:04:17,850 --> 00:04:23,850 We wouldn't provide a screenshot of the output of nexus we would go provide a screenshot that says hey 58 00:04:23,850 --> 00:04:28,290 we actually proved that we know it's there and you're out of date. 59 00:04:28,530 --> 00:04:33,360 So hopefully that gives you an idea of what we're doing with Nexus and why we're using it and how it 60 00:04:33,360 --> 00:04:34,960 could be an advantage to us. 61 00:04:35,040 --> 00:04:40,350 Sometimes we're so overwhelmed with everything around us that we might miss some vulnerabilities and 62 00:04:40,440 --> 00:04:47,700 it's nice to just have a scanner detect a lot of vulnerabilities just for us and it gives us something 63 00:04:47,700 --> 00:04:49,280 to look through something to verify. 64 00:04:49,290 --> 00:04:55,980 Double check etc. It's just an extra layer of vulnerability assessment for us. 65 00:04:55,980 --> 00:04:57,590 It's a friend in the game. 66 00:04:57,720 --> 00:05:01,430 So I own two programs as a pen tester. 67 00:05:01,530 --> 00:05:06,210 Two programs that I pay for NASA's license is one burp sweet Pro is the other. 68 00:05:06,210 --> 00:05:09,060 This one is twenty four one hundred dollars a month. 69 00:05:09,060 --> 00:05:10,110 Very expensive. 70 00:05:10,380 --> 00:05:12,630 Absolutely worth it. 71 00:05:12,850 --> 00:05:13,970 Pro is 400 dollars. 72 00:05:13,980 --> 00:05:17,010 We'll get into that later but absolutely worth it as well. 73 00:05:17,010 --> 00:05:23,790 So that's it for this section now we're going to move on to exploitation. 74 00:05:23,790 --> 00:05:26,090 Really start to get into the fun stuff. 75 00:05:26,100 --> 00:05:31,530 Talk about some different exploitation techniques you're going to see and then we'll do a bunch of box 76 00:05:31,550 --> 00:05:33,650 walkthrough and get it into exploit development. 77 00:05:33,660 --> 00:05:35,070 And it's about to get so fun. 78 00:05:35,070 --> 00:05:36,850 This is the fun part of the course. 79 00:05:36,960 --> 00:05:41,590 Up until this point it's just been scanning and admiration learning about the process. 80 00:05:41,760 --> 00:05:48,060 And it's been nine hours of course material so far almost eight hours of course material just to get 81 00:05:48,060 --> 00:05:49,000 to this point. 82 00:05:49,020 --> 00:05:54,230 That's how important I think that information gathering and scanning enumeration are. 83 00:05:54,300 --> 00:05:59,730 Along with the foundations and the materials you need to know all that before you can just start exploding 84 00:05:59,760 --> 00:06:00,240 machines. 85 00:06:00,270 --> 00:06:01,380 So now we're there. 86 00:06:01,380 --> 00:06:02,180 Congratulations. 87 00:06:02,180 --> 00:06:03,590 Pat yourself on the back. 88 00:06:03,600 --> 00:06:08,730 We're almost halfway through the exploitation part of this course. 89 00:06:08,790 --> 00:06:13,650 So once we get to the middle of the course Capstone I think it would be really fun and exciting. 90 00:06:13,680 --> 00:06:14,840 So that's it. 91 00:06:14,850 --> 00:06:15,660 End of spiel. 92 00:06:15,810 --> 00:06:17,990 I'll see over in the next section when we start learning. 93 00:06:18,000 --> 00:06:18,660 Exploitation. 9640