Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,090 --> 00:00:02,620 So now let's take a look at SS H. 2 00:00:02,970 --> 00:00:10,920 So from the original scan we saw that it was open and we saw open SS age two point nine P two. 3 00:00:10,950 --> 00:00:14,610 So we're going to copy this and just make a note of that in our notes as well. 4 00:00:14,610 --> 00:00:16,080 I think that's important. 5 00:00:16,140 --> 00:00:18,240 So us say SS age. 6 00:00:18,240 --> 00:00:19,950 We've got the version there. 7 00:00:19,950 --> 00:00:26,030 So let's take this and let's do a little bit of enumeration and talk through it. 8 00:00:26,030 --> 00:00:31,040 So sometimes you're going to get a scan back and your scans that can have really a version here it's 9 00:00:31,040 --> 00:00:36,130 just going to say SS age and we can go and try to find that out ourselves. 10 00:00:36,140 --> 00:00:39,110 And it's always good to attempt that. 11 00:00:39,110 --> 00:00:45,530 What we're gonna do is we're going to attempt to connect to SS H to this specific port and see if it 12 00:00:45,530 --> 00:00:48,000 gives us any information about what's running. 13 00:00:48,290 --> 00:00:50,910 And that's really yet at this point. 14 00:00:50,920 --> 00:00:55,280 It's that's most of the enumeration that we can do anything with SS age. 15 00:00:55,280 --> 00:01:02,300 The second that we attempt to make a log in attempt is going to be exploitation even if we just try 16 00:01:02,300 --> 00:01:02,940 one password. 17 00:01:02,940 --> 00:01:07,920 Guess that's exploitation so we're not going to do that right now. 18 00:01:07,940 --> 00:01:12,740 We're gonna say that for the exploitation part of the course but I do want to show you a connection 19 00:01:12,740 --> 00:01:15,030 and just something funky with this anyway. 20 00:01:15,200 --> 00:01:20,280 So let's go ahead and just go to our terminal and the typical way to SSA. 21 00:01:20,300 --> 00:01:27,400 If you've never done it before is you just say SS age and I want to ask sage to a specific IP address. 22 00:01:27,590 --> 00:01:33,620 So this is the IP address I want to I want to SSA to the issue with this box is this box is old. 23 00:01:33,620 --> 00:01:40,690 So when we go to try to SS H to it it's gonna say this hey we haven't found a matching key exchange. 24 00:01:40,700 --> 00:01:43,940 So they they're giving us a few different offers here. 25 00:01:44,210 --> 00:01:46,070 We're going to have to type in a little bit syntax. 26 00:01:46,070 --> 00:01:52,010 This is not common but this is also useful to have in your notes because this does come up occasionally. 27 00:01:52,010 --> 00:01:58,160 So we can just say a dash Oh we're gonna type Katy X like this and then algorithms 28 00:02:00,920 --> 00:02:08,470 equals plus sine and I'll stall for just a second so you can catch up and then I'm going to copy this 29 00:02:08,470 --> 00:02:17,360 will in here and then I'm going to paste it and you're going to see we're gonna get one more air and 30 00:02:17,360 --> 00:02:23,220 this is going to ask about a cipher so it says there's no cipher found we're going to do a dash C for 31 00:02:23,220 --> 00:02:32,050 a cipher or it's going to copy this and we're going to paste it in this should now provide the opportunity 32 00:02:32,050 --> 00:02:39,150 to connect says the authenticity can't be established we've got RSA fingerprint do you want to connect. 33 00:02:39,160 --> 00:02:40,320 We're gonna type in yes 34 00:02:42,940 --> 00:02:43,650 OK. 35 00:02:43,880 --> 00:02:50,510 And what's happening here is it's asking us for a password there's nothing here for us so I'm going 36 00:02:50,510 --> 00:02:53,230 to hack control C why did we do this. 37 00:02:53,230 --> 00:02:57,040 Why do we even attempt to make this connection. 38 00:02:57,050 --> 00:03:05,030 Well sometimes what happens is a banner is exposed and the banner will say Hey we're running we're running 39 00:03:05,060 --> 00:03:13,550 SSA version x y z and this is built by this person by this company etc. So here we're looking for a 40 00:03:13,550 --> 00:03:14,180 banner. 41 00:03:14,540 --> 00:03:17,550 Unfortunately there was no banner. 42 00:03:17,840 --> 00:03:19,660 So that doesn't give us a lot of information. 43 00:03:19,670 --> 00:03:26,800 But fortunately for us when we had our our scan here we were able to pull down at least the open SDH 44 00:03:26,870 --> 00:03:29,220 two point nine P two. 45 00:03:29,240 --> 00:03:30,830 So that's it. 46 00:03:31,160 --> 00:03:37,160 I told you in the beginning SSA isn't very exciting because there's not a lot of opportunities for remote 47 00:03:37,160 --> 00:03:38,590 code execution. 48 00:03:38,780 --> 00:03:43,430 Really the way we're going to have to do this is hammer it with brute force and we'll talk about the 49 00:03:43,430 --> 00:03:50,060 reasonings why later but we'll have to hammer with brute force and just prey spray and pray as we like 50 00:03:50,060 --> 00:03:51,360 to call it sometimes. 51 00:03:51,470 --> 00:03:53,760 But for now that's it for SSA. 52 00:03:53,790 --> 00:04:00,920 So we're gonna start moving into research different tools we can use to research vulnerabilities and 53 00:04:01,220 --> 00:04:02,930 additional videos on that. 54 00:04:02,960 --> 00:04:07,430 So I'll catch you over in the next video when we start digging into some of what we found. 5630