1 00:00:00,900 --> 00:00:05,670 This video then I see you have to interact with really and some of the basic commands. 2 00:00:06,710 --> 00:00:10,440 So I'm going to connect to the show that we already uploaded and the previous video. 3 00:00:10,680 --> 00:00:13,340 So all I'm going to do is we really are L-word. 4 00:00:13,350 --> 00:00:19,650 The shell is located followed by the password to hit enter and then. 5 00:00:19,810 --> 00:00:23,580 So the first thing we're going to do is run the help command. 6 00:00:23,590 --> 00:00:29,640 So if you just type in help you'll see all the commands that you run using really. 7 00:00:30,010 --> 00:00:33,610 So these are all the functions that you can do. 8 00:00:33,850 --> 00:00:39,670 So you can see the name of the function followed by the description of what that function does. 9 00:00:39,670 --> 00:00:44,650 So the first thing the first thing that we're going to have a look on is system info which basically 10 00:00:44,650 --> 00:00:48,690 displays information about the current server that we have access to. 11 00:00:49,150 --> 00:00:53,910 So for any of these commands all they have to do is type it and it'll run. 12 00:00:53,920 --> 00:00:57,880 Now some of them require options and we'll see how we do that. 13 00:00:57,880 --> 00:01:04,450 So the first thing you want to do before you even run the command is you just type the command. 14 00:01:04,460 --> 00:01:12,480 So in our case it's system info and then type minus page to see the options. 15 00:01:12,540 --> 00:01:17,400 And they require some of them have required commands and some of them have on the optional arguments 16 00:01:17,400 --> 00:01:18,350 that you can give. 17 00:01:18,660 --> 00:01:25,170 So for this one you can specify what kind of information you want by put in minus info but generally 18 00:01:25,170 --> 00:01:30,270 you can just run system info and this will show you information about the current operating system. 19 00:01:30,270 --> 00:01:33,700 So I'm just going to run it normally so I'm just going to type system info 20 00:01:37,580 --> 00:01:41,360 and as you can see it collects information about the current server. 21 00:01:41,390 --> 00:01:45,960 So you can see the IP you can see where your shell is located. 22 00:01:47,440 --> 00:01:50,610 You can see the folder where the shell is located. 23 00:01:50,740 --> 00:01:55,150 You can see information about the operating system so you can see it's a Linux operating system. 24 00:01:55,180 --> 00:01:56,510 You can see the kernel version. 25 00:01:56,520 --> 00:02:02,410 And as I said before this is useful when you're trying to find local buffer overflow exploits so that 26 00:02:02,440 --> 00:02:05,190 you can escalate your privileges. 27 00:02:05,260 --> 00:02:06,940 You can see where the config is. 28 00:02:07,030 --> 00:02:09,320 And again we're gonna talk about that in the future. 29 00:02:09,580 --> 00:02:14,950 We can see the HP version again very useful when you're trying to bypass functions when you're trying 30 00:02:14,950 --> 00:02:16,870 to exploit vulnerabilities. 31 00:02:17,310 --> 00:02:23,210 And again we can see that it's a Linux operating system and our current user is the WW data. 32 00:02:23,210 --> 00:02:24,590 So it's the result of the Who. 33 00:02:24,600 --> 00:02:25,300 Who am I. 34 00:02:25,300 --> 00:02:32,200 Command and you can also see the document root which basically refers to the directory which Apache 35 00:02:32,200 --> 00:02:33,990 uses as its base. 36 00:02:34,060 --> 00:02:39,790 So you can see that or we know already that an hour with exploitable all the Web sites are stored and 37 00:02:39,800 --> 00:02:45,380 Vardaman WW and then after that if you put DVD-Video you'll be in DVD-Video. 38 00:02:45,550 --> 00:02:49,020 If you put Matel there you'll be in Matilda. 39 00:02:49,030 --> 00:02:54,030 So again this is very important information if you're trying to navigate from one website to another 40 00:02:56,820 --> 00:02:59,690 Speaking of navigating from one website to another. 41 00:02:59,880 --> 00:03:08,020 We've seen before how we can do cat ATC password and that'll give us the locations doesn't give us the 42 00:03:08,020 --> 00:03:13,660 users on the current operating system and the locations where the document root is. 43 00:03:13,660 --> 00:03:20,250 And I told you that you can use these locations to navigate within the server and go from one website 44 00:03:20,350 --> 00:03:26,650 to another Matile they also have a function that will automatically display this information for you 45 00:03:26,860 --> 00:03:35,060 without doing cat BTC password and the function is called If You just do the help the function is called 46 00:03:37,370 --> 00:03:39,150 audits it is password. 47 00:03:39,360 --> 00:03:42,720 So again all you have to do is just type in audit 48 00:03:45,420 --> 00:03:46,500 UTC password 49 00:03:49,530 --> 00:03:53,220 and before I run this again I'm going to do the minus page to see the help. 50 00:03:53,220 --> 00:03:55,690 And here you see why is this useful now. 51 00:03:55,710 --> 00:03:56,260 You're going to. 52 00:03:56,310 --> 00:03:58,730 You might think that why would I even need dysfunction. 53 00:03:58,730 --> 00:04:02,700 All I have to do is just do cat ATC password and I'll see the results. 54 00:04:02,700 --> 00:04:05,210 Why would I need this function why would I use it. 55 00:04:05,430 --> 00:04:09,010 And what's handy in here is the vector argument. 56 00:04:09,150 --> 00:04:17,130 So this argument allow you to do is it specifies the method of reading that file because depending on 57 00:04:17,190 --> 00:04:22,830 how you gained your shell access depending on the configuration on the server on the web applications 58 00:04:23,010 --> 00:04:29,680 on the current user and a lot of variables you might not be able to read what's inside that file. 59 00:04:29,760 --> 00:04:33,270 So you might do that UTC password and you get nothing. 60 00:04:33,300 --> 00:04:40,140 Or you get permission denied So what's useful with this command is you can specify a number of methods 61 00:04:40,140 --> 00:04:41,270 to read that file. 62 00:04:41,580 --> 00:04:47,850 And these methods are listed in here and the vector argument and if you can't get it with one method 63 00:04:48,030 --> 00:04:49,650 then just try the next one. 64 00:04:49,800 --> 00:04:51,540 So I'm going to show you how to do this now. 65 00:04:51,690 --> 00:04:57,600 And this is very useful because you have this vector argument with a lot of the functions in weekly 66 00:04:57,930 --> 00:05:02,670 and it's really handy because as I said depending on the permissions some of the functions might not 67 00:05:02,670 --> 00:05:06,540 work and you can just use a different vector and it'll work. 68 00:05:06,540 --> 00:05:14,310 So for our example we can just do all that ATC password and this will actually work. 69 00:05:14,350 --> 00:05:18,720 But what I want to do is I want to show you how to use the vector in case that didn't work for you. 70 00:05:18,910 --> 00:05:26,000 So all you have to do is just put in the vector argument followed by the vector that you want to use. 71 00:05:26,000 --> 00:05:29,280 So an example would be file right here. 72 00:05:29,380 --> 00:05:31,150 So all you have to do is just like a file 73 00:05:35,220 --> 00:05:37,920 and you can see that this particular vector didn't work. 74 00:05:40,000 --> 00:05:48,110 So we can just try a different vector and we're going to go with Fareed. 75 00:05:48,350 --> 00:05:49,670 Again this one didn't work. 76 00:05:49,670 --> 00:06:03,590 So we try another one and let's go with the file gueth contents. 77 00:06:03,770 --> 00:06:05,040 Again no luck. 78 00:06:05,210 --> 00:06:09,070 Let's go and try 4:6 get PDB ID. 79 00:06:13,330 --> 00:06:14,790 And here we go. 80 00:06:14,800 --> 00:06:21,040 So like I said in your example or in your case try all the vectors some of them will work some of them 81 00:06:21,040 --> 00:06:24,840 might not work depending on the configuration. 82 00:06:24,860 --> 00:06:30,270 So it's really handy option to use if the normal cat ATC password didn't work.