1
00:00:01,300 --> 00:00:09,010
Now we actually have complete bash shell so we can run any bash commands we want the exact same commands

2
00:00:09,010 --> 00:00:12,710
that we've seen in the Linux basic section at the start of this course.

3
00:00:13,000 --> 00:00:18,100
So when we go on about how you do man and how you do help to see how you use the commands I'm going

4
00:00:18,100 --> 00:00:23,440
to skip through that and I want to show you a few commands that are useful when you first gain access

5
00:00:23,440 --> 00:00:24,040
to a server.

6
00:00:24,040 --> 00:00:29,500
So the first thing you want to check is what's my privileges at the moment and the privileges depend

7
00:00:29,710 --> 00:00:31,550
on how you gained your access.

8
00:00:31,690 --> 00:00:35,620
So it depends on the page that you're getting your access through.

9
00:00:35,620 --> 00:00:41,830
So we got our access through this current page so dependent on what privileges This page is run and

10
00:00:41,870 --> 00:00:45,970
as we will get the same privileges when we get our first shell.

11
00:00:45,970 --> 00:00:47,020
Same goes for us.

12
00:00:47,140 --> 00:00:49,190
Same goes for everything really.

13
00:00:49,210 --> 00:00:50,750
So I'm going to do my

14
00:00:54,740 --> 00:00:58,500
and as you can see now my privileges are W.W. data.

15
00:00:58,580 --> 00:00:59,510
So I'm not rude.

16
00:00:59,540 --> 00:01:00,330
I'm not admin.

17
00:01:00,350 --> 00:01:03,240
I'm not MSF admin MWW data.

18
00:01:03,380 --> 00:01:08,720
And this is very important because when you're rude you can do anything you want on the server.

19
00:01:08,720 --> 00:01:15,380
When you are another user then you have less privileges or less permissions to do stuff on the current

20
00:01:15,470 --> 00:01:16,300
web server.

21
00:01:17,660 --> 00:01:23,150
So another thing that you want to check is the kernel version of the computer so you can do you name

22
00:01:23,150 --> 00:01:25,150
a.

23
00:01:25,350 --> 00:01:29,040
And this will display a lot of information other than the kernel version.

24
00:01:29,040 --> 00:01:32,930
So you see the computer name and you can see the version of the kernel.

25
00:01:32,970 --> 00:01:38,610
This is important if you're trying to run a local exploit to escalate your privileges to a higher privileges

26
00:01:38,610 --> 00:01:44,370
or maybe even get root privileges which will give you access to do anything you want on the on the whole

27
00:01:44,370 --> 00:01:48,320
server not only on this website.

28
00:01:48,340 --> 00:01:53,480
Now as I said you can run on and you know the commands that we learn so far.

29
00:01:53,520 --> 00:02:00,090
So you can do allow us to list the current files and we can see that there is help and index and source.

30
00:02:00,210 --> 00:02:09,150
You can do P.W. data to see where you are and we are currently at var w w w w o a vulnerability is an

31
00:02:09,150 --> 00:02:09,840
exec.

32
00:02:10,290 --> 00:02:15,280
So you can navigate through this exactly the same way you'd navigate with a normal index system.

33
00:02:15,480 --> 00:02:23,680
So we can do a CD that data go back do a PDB needed and we're at vulnerabilities again she did that

34
00:02:24,370 --> 00:02:26,750
and another she did that that.

35
00:02:26,800 --> 00:02:34,870
Now if I do a PDA you'll see that as var W W W and this is the document root at the moment.

36
00:02:34,900 --> 00:02:43,610
So if I do an l s l to get more information and note we can see here the permissions and before the

37
00:02:43,610 --> 00:02:44,150
permissions.

38
00:02:44,150 --> 00:02:50,330
Now if you see if you notice that there is a deal here that means that this is a directory it's not

39
00:02:50,330 --> 00:02:51,410
a file.

40
00:02:51,410 --> 00:02:54,080
And when you don't see that the that means it's a file.

41
00:02:54,080 --> 00:03:00,890
And here now you can see that we have access to all the other websites so we can access decie wiki website.

42
00:03:00,990 --> 00:03:08,600
We can also access demitted Today Web site and you can access the DVD right here.

43
00:03:08,610 --> 00:03:15,330
So what this shows you is if you managed to hack into any web site then most of the time you can actually

44
00:03:15,330 --> 00:03:18,300
navigate to the same websites on the same server.

45
00:03:18,420 --> 00:03:23,490
And this is what I said in the information gathering section I said it's very important because sometimes

46
00:03:23,610 --> 00:03:29,160
your target web site will not have any vulnerabilities but you might find something on the same server

47
00:03:29,580 --> 00:03:32,430
and from that you can navigate to your Web site.

48
00:03:32,430 --> 00:03:36,130
So for example we gained our access through DVD.

49
00:03:36,360 --> 00:03:41,160
And let's say Mattel today was our actual target but we couldn't find anything in it.

50
00:03:41,220 --> 00:03:44,050
So we hacked into the server through DVD.

51
00:03:44,310 --> 00:03:54,270
And I can navigate now to Mattel day so I can just see the Mathilde they and then I can do an ls l to

52
00:03:54,270 --> 00:04:00,720
see the files so you can remove files using the r.m command you can delete files you can do anything

53
00:04:00,720 --> 00:04:01,930
you want really now.

54
00:04:02,070 --> 00:04:07,650
And the other web site in Matilda even though we never actually got access to him until we got our access

55
00:04:07,890 --> 00:04:10,910
through D-B W.J..

56
00:04:10,960 --> 00:04:17,890
Now one of the very important commands is cat which allows you to read files and one very important

57
00:04:17,890 --> 00:04:21,130
file that you always want to read is the easy password.

58
00:04:21,130 --> 00:04:26,190
Now we actually try to read this used in the local file inclusion vulnerability.

59
00:04:26,350 --> 00:04:27,460
But I want to show you now.

60
00:04:27,460 --> 00:04:37,740
So if you do a cat it is password you can see that we can read all the content of this file right here.

61
00:04:38,140 --> 00:04:46,000
And what this file has it shows you the users installed on the current computer and it shows you the

62
00:04:46,000 --> 00:04:48,160
directory for these users.

63
00:04:48,160 --> 00:04:56,100
Now in this particular set up all the Web sites are stored in wire w w w So they are sold and bar them

64
00:04:56,140 --> 00:05:03,640
with W and then you can put divi W to access the DVD website or you can post Matile a day to access

65
00:05:03,640 --> 00:05:04,440
Matilda.

66
00:05:04,780 --> 00:05:08,040
Most of the time you won't see this in most websites.

67
00:05:08,080 --> 00:05:14,620
They actually create a user for each website and the user usually corresponds to the website name.

68
00:05:14,620 --> 00:05:19,780
So for example let's say your example your target was Facebook then the user would be called Facebook

69
00:05:19,810 --> 00:05:23,010
or Facebook user or something similar to that.

70
00:05:23,020 --> 00:05:32,220
So what you want to be doing is you want to go through this file and see the path for that for your

71
00:05:32,220 --> 00:05:33,080
target website.

72
00:05:33,090 --> 00:05:39,670
So let's say you hacked into this Web site through Google and Facebook is on the same server.

73
00:05:39,720 --> 00:05:44,160
Then look for a user called Facebook and then just navigate to that file.

74
00:05:44,160 --> 00:05:51,460
Now you can see that the deputy the readably data user right here and you can see that it has its directory

75
00:05:51,460 --> 00:05:54,070
stored at bar w w w.

76
00:05:54,070 --> 00:05:57,320
Again if you open that you'll see all the Web sites in here.

77
00:05:57,640 --> 00:06:04,150
So if we just do see the bar then we can list whatever you want.

78
00:06:04,610 --> 00:06:11,300
So take a lesson from this is that on a reverse shell you can basically run any command any linux command

79
00:06:11,300 --> 00:06:17,480
you have dependent on the privileges that you have the privileges depend on the page or the source that

80
00:06:17,480 --> 00:06:19,810
gave you the access.

81
00:06:19,830 --> 00:06:25,230
So whatever privileges that resource is running you'll actually get the same privileges the same permissions

82
00:06:26,010 --> 00:06:29,570
and once you're in a server the server is just a computer.

83
00:06:29,580 --> 00:06:33,450
So once you gain access to that server you can increase your privileges.

84
00:06:33,480 --> 00:06:37,920
You can escalate them and try to access other websites on the same server.

85
00:06:38,040 --> 00:06:42,350
How you access the other web sites is in the ATC password you listed.

86
00:06:42,390 --> 00:06:48,000
And you see the user corresponding to your target website and just open their directory using the CD

87
00:06:48,000 --> 00:06:54,990
command I'm going to attach a list of the bash commands that you can run so that you can go through

88
00:06:55,030 --> 00:06:57,260
them try them and see how they work for you.