WEBVTT

00:00.330 --> 00:07.050
In previous lecture, we successfully installed at all other than the installed Metasploit Framework,

00:07.560 --> 00:08.430
so.

00:09.820 --> 00:11.260
With that, actually.

00:11.410 --> 00:20.180
Next, we need to initialize the Metasploit database using the MSF, the B in it, come here.

00:20.290 --> 00:26.350
Uh, so enter MSF db in it MSF db here in it.

00:28.810 --> 00:36.250
And as you can see, value in it, just ask us here, what do you like to interview observers?

00:36.460 --> 00:41.410
Yes, we have data service credential in immersive console.

00:42.980 --> 00:44.570
Um, here.

00:46.410 --> 00:48.690
Starting database, creating one.

01:06.070 --> 01:07.120
Actually now.

01:10.130 --> 01:13.400
Actually, let's run it again.

01:15.090 --> 01:17.310
Yes, there was a TV in it.

01:20.130 --> 01:21.150
Is the point here?

01:22.470 --> 01:26.430
This as a user and then.

01:27.690 --> 01:29.450
Himself to be in it.

01:34.710 --> 01:35.070
Yes.

01:36.610 --> 01:43.860
The existing data in the U.S. is there is a confusion in insurers have observers account user name.

01:44.880 --> 01:47.080
Um, MSF is.

01:48.270 --> 01:52.440
We've known for random password account password emissive also.

01:53.410 --> 01:56.800
Now it is attempting to start a massive service here.

01:58.700 --> 02:01.670
Um, as you can see, this is our account here.

02:01.970 --> 02:08.060
Um, as you can see, if you needed to manually reconnect, uh, to the data that was in, it was a,

02:08.630 --> 02:12.080
uh, console using, uh, this come on to you.

02:12.950 --> 02:19.490
So now actually, we will prompt you to set up a web service username and password during installation

02:19.700 --> 02:22.400
so that we can use Metasploit API.

02:22.730 --> 02:23.930
So copy this link.

02:23.930 --> 02:30.950
Actually, just open like that, right click or Poland clear and advanced if you if you get something

02:30.950 --> 02:34.550
like that in, uh, Firefox potential security risks ahead.

02:34.850 --> 02:36.020
This is just in your side.

02:36.030 --> 02:37.310
There's nothing risky here.

02:37.580 --> 02:42.260
Uh, click on Accept the risk and continue with an AP account.

02:42.260 --> 02:43.880
You are not currently logged in.

02:43.880 --> 02:45.770
Please click here to take on the log in page.

02:46.040 --> 02:53.030
So if we have to log in firstly, as you remember, our my username is emissive and password is also

02:53.030 --> 02:53.900
atmosphere.

02:54.500 --> 03:01.280
Uh, save password here, as you can see here with the Split API account, so.

03:04.610 --> 03:11.140
And here we can choose, uh, any desired username and password.

03:11.410 --> 03:20.290
So, uh, one successfully initializing database here, uh, you will be prompted to the uh, actually

03:20.710 --> 03:22.930
these screenshots here emissive.

03:24.450 --> 03:26.340
With documentation, as you can see here.

03:29.160 --> 03:33.450
As you can see here, we can see all of our databases here.

03:33.750 --> 03:38.280
And this means we we had successfully.

03:40.110 --> 03:44.760
Created our database, and we have pallets here and like that.

03:45.570 --> 03:55.760
So now we can, uh, run our massive, um, massive console here using a massive console here and here.

03:56.010 --> 03:58.800
Uh, welcome to my uh, please answer a few questions here.

03:59.900 --> 04:06.170
Despite what Rachel said, sort complete, as you can see here with this framework, initial setup complete.

04:07.600 --> 04:10.660
So we have successfully installed Metasploit.

04:12.910 --> 04:21.460
No, actually, let's focus on some of the basic fundamentals before moving on the, um, actual testing.

04:21.790 --> 04:28.990
So the fundamentals of Metasploit know that we have recovered the essential pieces of penetration test

04:29.170 --> 04:31.060
and initialized Metasploit.

04:31.570 --> 04:38.230
Well, let's talk about the big picture that is Metasploit Metasploit in a security project that provides

04:38.230 --> 04:44.200
exploits and tons of reconnaissance features to aid in a penetration tester.

04:44.800 --> 04:53.020
Metasploit was created by Steve Moore back in 2003, and since then its rapid development has led it

04:53.020 --> 04:57.910
to be recognized as one of the most popular penetration testing tools available.

04:58.300 --> 05:04.780
Metasploit was a natively rabid right wing project, but with its latest releases, it has this started

05:04.780 --> 05:08.170
to support Python and core modules as well.

05:08.620 --> 05:14.980
It is good, offers various exploits, post exploits and axillary scanner evasion, and exploit development

05:14.980 --> 05:15.430
tools.

05:16.000 --> 05:23.260
With the release of Metasploit five, a number of new capabilities have been added to Metasploit, some

05:23.260 --> 05:29.470
of which are a choice between database and the new HTTP based data servers.

05:29.890 --> 05:36.130
And in the reference We have evolution models, we have the automation API.

05:36.910 --> 05:45.730
Exploitation at a scale or interest has not changed to a horse so we can reach across and exploit model

05:45.910 --> 05:48.730
to be run over multiple targets.

05:49.360 --> 05:56.170
We have shared sessions now have a background command and uh, in the latest version of Metasploit,

05:56.470 --> 06:01.660
we have support support for goal language and Python language along with the Rabbit.

06:02.750 --> 06:03.160
So.

06:04.830 --> 06:12.060
The Metasploit version comes with two editions, so I want to show you here.

06:13.040 --> 06:15.650
Metasploit editions.

06:17.500 --> 06:17.950
Here.

06:19.100 --> 06:21.650
Um, actually, that's not quite.

06:27.670 --> 06:33.310
So actually, Metasploit here comes with pro and framework.

06:34.570 --> 06:43.510
So what uh, this, uh, is this vision is a commercial one and um offers tons of great features, of

06:43.510 --> 06:50.410
course, such as application scanning, exploitation and automated exploitation, and is quite suitable

06:50.410 --> 06:55.360
for precision professional penetration testers and I.T. security teams.

06:55.900 --> 07:02.290
The print is primarily used for professional, advanced and extensive titration tests and enterprise

07:02.290 --> 07:03.260
security programs.

07:03.940 --> 07:06.910
And we have them free versions as well.

07:06.910 --> 07:12.700
Along with Pro, this is the framework version of Metasploit.

07:13.060 --> 07:18.790
So, um, this is the Mississippi framework is that this is a common line here edition with all the

07:18.790 --> 07:24.100
manual tests provided, such as a manual exploitation, third party import and so on.

07:24.400 --> 07:32.680
So this version is suitable for the developers and the researchers, uh, as it is free and open source.

07:33.940 --> 07:40.090
So, uh, so that this course we will be using the Metasploit Framework edition.

07:40.100 --> 07:43.840
So this is the uh yeah, this is the pre Metasploit.

07:43.840 --> 07:52.450
So uh, but Metasploit also forced, uh, the various types of interfaces, uh, like the graphical

07:52.450 --> 07:53.290
user interface.

07:53.530 --> 07:59.260
So the graphical user interface Metasploit has all the options you will ever need available at the click

07:59.260 --> 07:59.860
of a button.

08:00.340 --> 08:05.110
So this is a user friendly interface that helps the provider clean vulnerability management.

08:05.440 --> 08:12.910
The user interface is offered as, uh, part of the Metasploit Pro only, and we have the console interface.

08:13.120 --> 08:16.720
So this is the preferred interface and the most popular one as well.

08:17.290 --> 08:23.350
Uh, so this interface provides an all in one approach to all options offered by Metasploit.

08:23.560 --> 08:27.730
So this interface is also considered one of the most stable interfaces.

08:27.740 --> 08:34.420
Through this course, we will be using the console interface the most and we have, uh, the normali

08:34.420 --> 08:39.520
interface as well, that the command line interface is, uh, the most powerful interface.

08:39.910 --> 08:45.670
So it supports launching exploits for activities such as parallel generation.

08:45.860 --> 08:51.190
So however, I remember in every month while using the common my interface is a difficult job.

08:53.560 --> 09:01.690
Um, now that we have, uh, set up Metasploit five, we know we are ready to perform our first penetration

09:01.690 --> 09:02.110
test.

09:03.280 --> 09:10.000
However, before we start the test, let's recall some of the social functions and terminologies used

09:10.000 --> 09:11.230
in Metasploit.

09:13.770 --> 09:24.030
So here, let's uh, I want to open notepad here, actually, and not text insertion here.

09:25.020 --> 09:25.530
Actually.

09:26.340 --> 09:27.450
OK, let's start with.

09:31.080 --> 09:32.310
Who sexually?

09:43.070 --> 09:44.570
References editor.

09:45.710 --> 09:48.110
Content calls, and here it is.

09:55.930 --> 09:57.310
Have tools here, shows.

09:59.460 --> 10:07.140
Insurrection, whatever it is, we want and call us system and 18.

10:10.890 --> 10:20.340
So now, uh, now I will, uh, what I hear some tape emerges of Metasploit, some a Metasploit.

10:20.380 --> 10:21.420
Um, we can.

10:22.630 --> 10:29.860
The list, all the useful comments available by comments available by typing help.

10:30.480 --> 10:38.710
Yes, as you can see here, uh, this uh, we will have this help command will help help us very closely

10:39.520 --> 10:40.060
and.

10:41.820 --> 10:47.820
Here so but I want to talk about a few terminologies in Metasploit here.

10:49.100 --> 10:59.330
So after the we have a basic terms used in the Metasploit, so, uh, I want.

11:00.480 --> 11:03.870
Um, talk about the most mandatory ones here.

11:03.930 --> 11:10.440
So the first is exploits should let's make it full screen here exploits.

11:11.070 --> 11:26.400
So what these exploits is, so this is a piece of code that, uh, that when executed, will exploit

11:26.970 --> 11:32.790
exploit the vulnerability of the target.

11:34.470 --> 11:39.510
And we have, I think, here, uh, for better understanding.

11:40.650 --> 11:44.010
Uh, so and we have a payload payload here.

11:44.100 --> 11:47.040
Page, what what payload is?

11:47.610 --> 11:56.000
So this is a piece of code that, uh, runs on the tower.

11:56.010 --> 11:58.200
Uh, target a target.

11:58.470 --> 12:02.280
After successful ops.

12:04.100 --> 12:04.760
So.

12:07.660 --> 12:09.410
We'll explore.

12:10.820 --> 12:11.300
Nation.

12:12.230 --> 12:23.270
So it's, uh, defines the actions we want to perform on the target system.

12:25.800 --> 12:29.220
Actually, that's make it a little bit easier.

12:30.790 --> 12:31.540
And we have.

12:37.420 --> 12:40.390
Here and we have auxiliary here.

12:41.250 --> 12:44.800
Oh, Hillary, oh, see, we are.

12:46.200 --> 12:47.220
So what this is.

12:48.060 --> 13:01.200
But these are modules that provide provide additional functionalities, such as scanning.

13:02.390 --> 13:03.080
Rising.

13:04.400 --> 13:05.180
Sniffing.

13:06.390 --> 13:07.320
And much more.

13:10.720 --> 13:12.070
And actually.

13:13.440 --> 13:19.920
Here so and we have encoders here and callers and callers.

13:21.980 --> 13:31.730
What in colors is encoders encoders are used to obfuscate models.

13:32.970 --> 13:50.400
To avoid detection by a, uh, protection mechanism, uh, such as an antivirus, anti virus or firewall.

13:52.600 --> 13:55.390
And we have MetaTrader as well.

13:55.840 --> 13:57.080
So what metadata is?

13:57.100 --> 13:59.260
I will write here.

14:00.710 --> 14:01.820
Motor protests.

14:03.730 --> 14:05.170
So the Metropolitan.

14:06.220 --> 14:09.460
Is Metropolitan is a payload.

14:10.620 --> 14:18.480
That uses in many movie deal injection staggers.

14:19.680 --> 14:20.640
It provides.

14:22.240 --> 14:22.810
Pro.

14:24.130 --> 14:26.260
Provides a variety.

14:27.210 --> 14:31.320
Of functions we can perform.

14:32.010 --> 14:34.260
Uh, per form.

14:35.690 --> 14:36.740
On the Harriet.

14:38.360 --> 14:44.990
Which makes it a popular choice movie to make, which makes it a popular.

14:46.250 --> 14:46.760
Choice.

14:49.720 --> 14:50.230
So.

14:53.610 --> 15:05.070
Actually, by writing help in massive concevoir running, it was a con. Um, you can list all of these

15:06.180 --> 15:06.950
terminals, you see.

15:07.300 --> 15:11.700
But this is the most important emerges in Metasploit here.

15:12.240 --> 15:16.020
So here, as you can see, I've seen what the what is that?

15:16.260 --> 15:18.840
So as you can see here?

15:20.050 --> 15:21.430
Uh, we can.

15:21.630 --> 15:29.280
An expert tells us how to run these, uh, we have developed a procurements here, credential backed

15:29.290 --> 15:32.050
Commons database making comments here.

15:32.050 --> 15:39.190
As you can see here, every Commons has description and job commons module for months.

15:39.910 --> 15:41.620
And like that here.

15:45.000 --> 15:50.970
So what's what is the benefits of penetration testing using Metasploit?

15:52.270 --> 15:53.540
So, um.

15:54.820 --> 15:55.320
Actually.

15:57.360 --> 16:00.930
Let's make it in, let's tell it.

16:01.260 --> 16:04.830
I mean, next election, because it's almost 60 Minutes.

16:05.160 --> 16:06.860
So I'm waiting you in the next lecture.

16:06.870 --> 16:07.710
Thank you for reaching.