WEBVTT 00:01.110 --> 00:08.610 Before we jump into an example, penetration test, we must know why we showed proof where Metasploit 00:08.760 --> 00:10.680 to manual exploitation techniques. 00:11.570 --> 00:13.230 Is it because of the hacker? 00:13.860 --> 00:17.010 Will that use as a professional or look? 00:17.310 --> 00:23.190 Or is there a different reason when exploit is a preferable choice compared to traditional manual tech 00:23.190 --> 00:26.430 news because of specific factors? 00:26.820 --> 00:28.710 We will discuss this in this lecture. 00:29.160 --> 00:33.600 So first of all, Metasploit is your open source. 00:33.960 --> 00:41.100 One of the top reasons why we should go with Metasploit Framework is because it is open source and actively 00:41.100 --> 00:46.800 developed with various other expensive tools exist for carrying out penetration testing. 00:47.100 --> 00:57.090 However, Metasploit it uses actually its source code and add their own custom modules. 00:57.570 --> 01:00.240 The provisions of Metasploit is chargeable. 01:00.390 --> 01:06.030 But for the sake of learning, the framework edition is mostly preferred. 01:07.290 --> 01:13.560 Support for testing large networks and natural naming conventions using Metasploit is easier. 01:14.220 --> 01:16.740 So now over here. 01:16.920 --> 01:22.560 Ease of use refers to a natural naming conventions for the comments here. 01:22.560 --> 01:23.190 So. 01:24.890 --> 01:30.020 Metasploit offers excellent comfort while conducing a massive network intrusion test. 01:30.350 --> 01:36.950 Consider a scenario where we need to test the network with 200 system instead of checking each system 01:36.950 --> 01:38.630 one after the other. 01:38.900 --> 01:48.080 Metasploit allows us to examine the entire range automatically using parameters such as subnet and classless 01:48.080 --> 01:49.060 internet domain routing. 01:49.070 --> 01:57.950 See IDR values Metasploit tests all the systems to exploit the vulnerability, whereas using manual 01:57.950 --> 02:02.750 techniques he might need to launch exploit manual onto 200 systems. 02:03.050 --> 02:11.390 Data for Metasploit saves a significant amount of time and energy, also Metasploit as smart payload, 02:11.630 --> 02:14.330 payload generation and submission mechanism. 02:14.660 --> 02:18.980 Most importantly, switching between payloads in Metasploit is easy. 02:20.330 --> 02:30.020 I'm sorry Metasploit provides quick access to change pilots using the, uh, here, said payload command. 02:31.050 --> 02:40.230 My comment, so therefore turning the matter operator or shale based excess into a more specific operation, 02:40.410 --> 02:47.310 such as adding a user and getting remote desktop desktop access becomes easy. 02:47.880 --> 02:54.040 Generating sheriff to use in the manual exploits also becomes easier by using the massive amount of 02:54.050 --> 02:59.940 venom application from the command line, which also features encryption in Metasploit. 03:00.150 --> 03:03.420 Five point zero release here. 03:06.560 --> 03:13.310 As you can see here, you can create programs with NSF Momentum Excellence Awards as well. 03:15.340 --> 03:21.850 Clean, it exists, so this is the one of the features of Metasploit, Metasploit is also responsible 03:21.850 --> 03:24.790 for making a much cleaner exit from the system. 03:25.570 --> 03:32.150 It has compromised a custom coded exploit, on the other hand, can crush the system while exiting exit, 03:32.170 --> 03:35.870 exiting its operations, making a clean exit. 03:35.920 --> 03:41.650 Indeed, an essential factor in cases where we know that the service will not restart immediately. 03:42.010 --> 03:44.920 Let's consider a scenario where we have compromised the web. 03:45.520 --> 03:49.690 And while we were making an exit, the exploit application crashed. 03:50.020 --> 03:55.330 The scrutiny of the maintenance time for the server is left with 50 days time on it. 03:55.630 --> 03:57.130 So what do we do? 03:57.570 --> 04:05.680 Shall we wait for the next 50 or the days for the servers to come up again so that we can exploit it 04:05.680 --> 04:06.100 again? 04:06.430 --> 04:11.590 Moreover, what if the servers come back after being patched? 04:12.190 --> 04:14.410 People don't end up kicking ourselves? 04:14.860 --> 04:22.310 This is also a clear sign of poor penetration testing skills that offer a better approach, albeit to 04:22.390 --> 04:23.650 the use of use. 04:23.660 --> 04:28.750 The Metasploit Framework, which is known for making much cleaner exist, as well as offering tools 04:28.750 --> 04:36.070 of post exploitation functions such as persistence, which can help maintain a permanent access to the 04:36.070 --> 04:36.490 server. 04:38.370 --> 04:44.730 So actually, we have reached into the domain controller case study here, so already the basics of 04:44.730 --> 04:51.570 Metasploit, we are all set to perform our penetration tests with Metasploit. 04:52.050 --> 05:01.260 So let's consider an on site scenario where we are asked to test an IP address and check if it is vulnerable 05:01.290 --> 05:02.070 to an attack. 05:02.730 --> 05:08.430 The sole purpose of this test is to ensure all the proper checks are in place, so this scenario is 05:08.430 --> 05:09.450 quite straightforward. 05:09.810 --> 05:15.870 We will presume that all the prior interactions have been carried out with the client and that the actual 05:15.870 --> 05:17.670 testing phase is going to start. 05:18.390 --> 05:29.730 Please refer to the questions here if you have a question site here, if you have any questions here. 05:31.000 --> 05:39.280 So now I want you to using the database in Metasploit DBS status here. 05:41.030 --> 05:48.080 So it's always better push to restore the results automatically when you're conducting penetration test. 05:48.830 --> 05:56.240 You're making use of the databases will help us build the knowledge base of horse services and vulnerabilities 05:56.240 --> 05:57.740 in the scope of penetration tests. 05:58.950 --> 06:04.620 Using databases and Metasploit also speeds up searching and improvise response time. 06:05.360 --> 06:14.400 Uh, so Metasploit 6.0 relies easily on data services such as post curious squirrel database and web 06:14.400 --> 06:18.090 servers in the installation phase. 06:18.120 --> 06:23.880 We learned how to initialize the database and web service for Metasploit to check if MetaStable is currently 06:23.880 --> 06:26.340 connected to a database or a web service. 06:26.700 --> 06:31.650 We can actually, of course, that's our Metasploit yet. 06:32.720 --> 06:40.310 And so to check if my display is currently connected to a database or web servers, we can just type, 06:40.670 --> 06:43.010 uh, actually DB status. 06:44.290 --> 06:50.230 So as you can see here, connected to remote data service to localhost connection type, it's hushed 06:50.270 --> 06:53.980 http connection name is local ETPs data servers. 06:54.220 --> 06:55.480 So let's open this link. 06:57.040 --> 06:59.560 And as you can see here, we have yet comment, David. 07:02.330 --> 07:03.280 So you can save. 07:09.490 --> 07:15.970 So there might be situations where we want to connect to a separate database or a web service, rather 07:15.970 --> 07:18.670 than the default Metasploit database. 07:19.120 --> 07:25.520 In such cases, we can make use of the DB Connect here. 07:26.250 --> 07:28.840 Uh, DB connect or spot the what is it? 07:29.440 --> 07:30.560 Because it gets sent. 07:31.390 --> 07:38.590 So in such, uh, such situations, we can use DB Connect and help. 07:39.590 --> 07:44.670 Unchecked and help, as you can see here we can. 07:44.730 --> 07:47.970 There is a possible connection comments here. 07:48.930 --> 07:51.810 This is the examples and this is the example it. 07:53.530 --> 07:53.890 So. 07:58.880 --> 07:59.750 Sure, here. 08:02.560 --> 08:06.760 Now, I want to be sure you here. 08:08.010 --> 08:18.480 The comments on motorsport, so we can believe this, and now we will start a new home, actually new 08:19.080 --> 08:23.580 text to show you the possible database comments here. 08:23.850 --> 08:26.580 So in us, we have analyzed here. 08:26.850 --> 08:28.770 So this comment? 08:29.550 --> 08:30.210 Analyze. 08:33.060 --> 08:34.890 Database information. 08:36.380 --> 08:45.350 Information about a target IP or a range, and we have DV connect here. 08:46.220 --> 08:55.550 So this command is used, is used to interact, is used to interact. 08:56.850 --> 08:59.880 These was the ways that. 09:03.190 --> 09:05.530 Is used to interact. 09:07.290 --> 09:07.500 Of. 09:09.790 --> 09:10.330 Sorry. 09:13.040 --> 09:23.780 Is it is used to interact, interacts with databases other. 09:24.700 --> 09:28.600 Then the, uh, actually default one. 09:30.960 --> 09:31.340 And. 09:34.280 --> 09:36.280 The old one. 09:37.980 --> 09:43.110 And we have another comment here, which is DB export. 09:47.150 --> 09:50.810 So, uh, this command is used. 09:51.830 --> 09:55.790 Is used to export the entire. 09:57.430 --> 10:11.380 Set of data stored in the database for the sake of the sake of creating reports or as inputs to another. 10:12.520 --> 10:13.540 No other tool. 10:15.380 --> 10:22.310 And we have the we and up here, uh, to be in the in map. 10:23.140 --> 10:29.660 So this comment, the actual these and be in the command command is used. 10:30.890 --> 10:41.600 Or scanning the target with an mop and storing the results in the methods employed. 10:43.890 --> 10:45.690 Lloyd database. 10:47.650 --> 10:54.190 And we have DBE status, but we have used this comment in this lecture. 10:54.640 --> 10:57.190 So you are there to know what I think. 10:57.430 --> 10:58.330 So this comment? 10:59.780 --> 11:04.000 Command is used to check whether. 11:05.430 --> 11:13.530 Uh, were there database connectivity is present or not? 11:14.310 --> 11:23.310 And we have, uh, the disconnect, uh, we have just a few to, uh, that I want to talk about here. 11:23.790 --> 11:24.720 So to be. 11:26.000 --> 11:28.190 Uh, deep disconnect. 11:31.980 --> 11:42.810 So now this command is used to disconnect from a poor particular database. 11:44.160 --> 11:54.870 And we have to import here last month that we will know that this command is used to import results 11:55.650 --> 12:10.080 from other tools like these are such and such, such as these in math and and actually others and others 12:10.770 --> 12:11.220 others. 12:12.530 --> 12:12.950 So. 12:14.480 --> 12:21.560 Now, actually, we have two or three command that I want to help you. 12:22.240 --> 12:33.160 Actually, we have a few comments to write here to which is done database rebuild church. 12:34.470 --> 12:41.970 So this command is used, used to rebuild the church. 12:43.610 --> 12:45.410 If that earlier. 12:47.100 --> 12:56.100 The church gets corrupted or is told with all the results. 12:58.490 --> 13:03.710 And we have to be removed here, they be removed. 13:04.520 --> 13:08.210 So this this is a simple command to this command removes. 13:09.220 --> 13:10.210 This saved. 13:11.100 --> 13:13.410 Data service entry. 13:15.410 --> 13:19.870 And last, commander, we will discuss about is the what's. 13:21.330 --> 13:22.710 They be safe. 13:23.850 --> 13:31.180 What this command does, so this command moment saves the current data. 13:31.650 --> 13:32.760 There is. 13:35.010 --> 13:42.750 His entry as the default saw that on its next start up. 13:44.380 --> 13:50.530 It reconnects who this service by default. 13:54.820 --> 13:59.620 Tourists look like the when starting a new penetration test. 14:00.310 --> 14:08.200 It's always good to separate previously scanned hosts and their respective data from the new penetration 14:08.200 --> 14:10.810 test so that they don't get merged. 14:11.350 --> 14:17.850 But we can do these images before starting a new penetration test by making use of the works of common, 14:18.410 --> 14:19.470 uh, like that. 14:19.830 --> 14:22.760 Here, let's change work. 14:23.990 --> 14:27.110 Face its default workspace. 14:27.430 --> 14:32.640 But way they do like that, uh, wall pays. 14:33.260 --> 14:33.860 But what's? 14:35.190 --> 14:42.000 Age, as you can see here, we can list of experts here and workspace. 14:42.570 --> 14:48.490 We will not be we you can see here we have just one worse, worse. 14:48.510 --> 14:51.270 Well, one, uh, works spacing in. 14:52.760 --> 15:00.320 So to the new workspace, we can use you the workspace, uh, a comment. 15:00.890 --> 15:08.510 Uh, so if I was by then followed by an identified so work space? 15:08.880 --> 15:10.820 Uh, actually not. 15:11.960 --> 15:12.890 Will say it's a. 15:13.100 --> 15:17.300 And then after that, we will test. 15:18.350 --> 15:20.120 SpaceX test, SpaceX, for example. 15:20.390 --> 15:21.860 And we added workspaces here. 15:22.100 --> 15:29.870 So when the UM exhibit is common for space, you can see here we have people than we have. 15:30.380 --> 15:33.470 They have different workspace and we have this space workspace. 15:34.640 --> 15:42.620 So here we can see that we have specifically the new workspace using the Um, this is a switch. 15:43.520 --> 15:47.690 So let's switch the workspace by merely using the workspace comment. 15:47.990 --> 15:52.010 So if it works for its name, uh, here, for example? 15:52.670 --> 15:53.310 No. 15:55.620 --> 16:04.940 Actually, we can also change these workspace work base after, uh, I think this comment. 16:05.120 --> 16:10.190 Just enter your creative workspace name, for example, in my case, is this test space. 16:11.330 --> 16:17.960 As you can see, we are now in space workspace, so we were right like that workspace. 16:18.260 --> 16:21.980 As you can see here, we are working in a workspace this space now. 16:28.050 --> 16:29.280 Um, and. 16:31.620 --> 16:38.340 So we can verify them in the current workspace, using the workspace common where the workspace should 16:38.340 --> 16:47.130 be in red here like that and have this symbol before as a prefix, meaning that the workspace is in 16:47.130 --> 16:48.410 use here. 16:48.750 --> 16:50.460 Let's change this to default. 16:53.620 --> 16:55.120 Workspace default. 16:58.810 --> 17:00.640 No, that's right, workspace again. 17:02.580 --> 17:05.340 As you can see, we are in default work suites.