1 00:00:00,280 --> 00:00:05,790 And Lou everybody when it comes to my advanced ethical hacking networking penetration texting cause 2 00:00:16,540 --> 00:00:25,610 in this lab this is going to be focused on the Sky Tower information and expectation Sky Tower is a 3 00:00:25,620 --> 00:00:33,280 venue new will reach our machine so that we can try to extract explode and then to enumerate some vulnerabilities 4 00:00:33,280 --> 00:00:36,760 inside so that we can get access into the system. 5 00:00:36,760 --> 00:00:38,470 So what you gonna do. 6 00:00:38,470 --> 00:00:46,330 You're going to first go to the link provided in the resource and then you click on the usage folks. 7 00:00:46,540 --> 00:00:47,650 Okay. 8 00:00:47,950 --> 00:00:48,980 What is it. 9 00:00:49,150 --> 00:00:50,000 Sky Tower here. 10 00:00:50,290 --> 00:00:57,130 And then you copy this thing and it was controlled see all you guys come in. 11 00:00:57,150 --> 00:01:02,110 See if you own my book and then you go here it was given me courtesy. 12 00:01:02,410 --> 00:01:08,040 It was in there so that you can download it actually being downloaded so you will have to double click 13 00:01:08,040 --> 00:01:13,070 on the V box file so that you imported into your virtual box. 14 00:01:13,650 --> 00:01:17,680 So after that you will make some few configurations and then yeah. 15 00:01:17,740 --> 00:01:21,110 So you have to double click it and studied okay. 16 00:01:21,240 --> 00:01:21,980 It's with a little bit 17 00:01:32,250 --> 00:01:32,900 OK. 18 00:01:32,920 --> 00:01:39,820 So now you have to click on Download me I would not click because I have already downloaded on my folder. 19 00:01:39,820 --> 00:01:43,160 I can call it where it is. 20 00:01:43,620 --> 00:01:44,060 OK. 21 00:01:44,080 --> 00:01:46,350 So now you have to double click it. 22 00:01:46,690 --> 00:01:47,740 So let's double click it 23 00:01:54,800 --> 00:01:55,350 OK. 24 00:01:55,450 --> 00:01:56,640 It's there. 25 00:01:56,690 --> 00:02:01,520 So now we're going to make some new configurations we'll go to jail. 26 00:02:02,240 --> 00:02:02,980 Good heavens. 27 00:02:03,740 --> 00:02:09,270 If you want you can try to modify these things and depended on us to get those guest photos. 28 00:02:09,350 --> 00:02:10,300 Oh. 29 00:02:10,450 --> 00:02:13,970 So it's not important plenty slow nothing exciting. 30 00:02:14,150 --> 00:02:14,910 OK. 31 00:02:15,250 --> 00:02:19,780 Display nine empty. 32 00:02:19,970 --> 00:02:24,740 So it doesn't matter to us no to input anything because it's a v box right. 33 00:02:26,560 --> 00:02:32,180 My well now we could have said the net up there. 34 00:02:32,240 --> 00:02:35,690 Exactly the same way as all kind of UNIX machine is sitting on. 35 00:02:35,930 --> 00:02:42,650 So before clicking on any thing let's whisk console and then go back to a cutting machine so that we 36 00:02:42,650 --> 00:02:44,110 can see configuration. 37 00:02:44,190 --> 00:02:49,150 I would instead still go to a network okay. 38 00:02:49,180 --> 00:02:54,340 It is a network adapter on which it adapter on Wi-Fi. 39 00:02:54,900 --> 00:03:08,470 Ok now go back to all our and then we can do for you modified which adapter I bought. 40 00:03:09,590 --> 00:03:10,090 OK. 41 00:03:10,170 --> 00:03:12,780 Now you can started my study. 42 00:03:12,920 --> 00:03:20,000 You restored it and then we can start at the same time kind of machine. 43 00:03:20,820 --> 00:03:29,340 Machine as you can see this kind of work is a Linux based machine. 44 00:03:29,720 --> 00:03:30,520 I'm going to read 45 00:03:36,360 --> 00:03:38,640 it. 46 00:03:38,970 --> 00:03:40,770 I think the guy's got a door. 47 00:03:40,910 --> 00:03:42,050 He's already. 48 00:03:42,050 --> 00:03:42,490 OK. 49 00:03:43,430 --> 00:03:46,580 So again can put it in beside it here. 50 00:03:46,710 --> 00:03:54,920 Now we can enter credentials but I can't minimize these okay. 51 00:03:55,640 --> 00:03:58,600 So it's good. 52 00:03:59,270 --> 00:04:01,040 So it is my password of course. 53 00:04:01,630 --> 00:04:04,370 So now it includes 54 00:04:16,280 --> 00:04:25,820 so he would go able with what we have two guys is now we have to go to terminal and then try to find 55 00:04:25,820 --> 00:04:29,460 a way to get the IP address of this gateway machine. 56 00:04:29,870 --> 00:04:31,550 So what are we going to do. 57 00:04:31,580 --> 00:04:37,490 We have to type net discover e d h zero. 58 00:04:37,600 --> 00:04:38,210 It's mine. 59 00:04:38,390 --> 00:04:41,050 So it is zero. 60 00:04:41,060 --> 00:04:41,780 It's mine. 61 00:04:41,860 --> 00:04:42,610 Oh OK. 62 00:04:42,650 --> 00:04:48,910 Here you have a really config so that you can notice that the orange wireless extension you will meet 63 00:04:48,940 --> 00:04:52,230 I'm on it is yours so I can change the color. 64 00:04:52,440 --> 00:04:55,110 Indeed. 65 00:04:56,040 --> 00:05:02,240 Luck with light on light yellow light. 66 00:05:02,490 --> 00:05:03,540 Okay. 67 00:05:03,730 --> 00:05:12,480 Cause I know we can type over and in my nose I of course. 68 00:05:12,960 --> 00:05:23,470 And then you type your indifference your interface is my interface is deeply zero and then you present. 69 00:05:23,700 --> 00:05:25,650 So this is how I make it. 70 00:05:25,950 --> 00:05:26,620 OK. 71 00:05:26,740 --> 00:05:30,640 So yeah we find the IP address. 72 00:05:30,670 --> 00:05:34,730 So you have to copy and then tried to scan it. 73 00:05:34,760 --> 00:05:35,650 Do we use it. 74 00:05:35,680 --> 00:05:39,050 It's as usual guys and mother minus a. 75 00:05:39,060 --> 00:05:40,500 And then you pass their 76 00:05:43,880 --> 00:05:48,390 O K now what we have to look for is on which. 77 00:05:48,400 --> 00:05:51,920 So for that different application is one. 78 00:05:51,930 --> 00:06:00,180 So as we see a posh server is on port 80 that's interesting in the S S H is one twenty two. 79 00:06:00,180 --> 00:06:04,800 So it puts these creative is on 3 1 2 8. 80 00:06:04,950 --> 00:06:07,470 So can can go now to Firefox or Google Chrome. 81 00:06:07,470 --> 00:06:13,110 It depends on but it was a site that you have and then you pass it there along with the depart. 82 00:06:14,430 --> 00:06:20,480 So as a D as a default so it can just please enter kind of dialog. 83 00:06:21,420 --> 00:06:33,330 So now we get the so we can try to put anything like test or I mean just to test it to see if it is 84 00:06:33,600 --> 00:06:34,410 in turmoil. 85 00:06:36,790 --> 00:06:37,740 All right. 86 00:06:37,930 --> 00:06:47,410 So we have a new will pop up that means it is full knowable to obscure injection. 87 00:06:47,410 --> 00:06:48,880 So again 88 00:06:55,130 --> 00:06:58,450 no try to inject some sort of code. 89 00:06:58,770 --> 00:07:08,110 There's loads of common injection just try to figure out the best thing. 90 00:07:08,220 --> 00:07:09,300 There is an annual 91 00:07:13,820 --> 00:07:19,560 the E will impact so it makes it so it is filtered. 92 00:07:19,600 --> 00:07:26,540 So we have to find a way so that we can bypass the filter because it has some restriction. 93 00:07:27,250 --> 00:07:29,770 And now we're going to try another one. 94 00:07:29,810 --> 00:07:36,970 This is all in logic mathematics sense in my school query which is true. 95 00:07:37,010 --> 00:07:43,930 That means a is bigger than sin and then we cooperate and pass it in the password field. 96 00:07:44,120 --> 00:07:55,600 Boom you see some Arabism fantastic okay. 97 00:07:55,640 --> 00:07:59,040 Now we can try to read what's there. 98 00:08:00,920 --> 00:08:07,580 The remainder of your contract and retirement fund has been paid and for security ways and you must 99 00:08:07,580 --> 00:08:10,310 log into sky township which is a cinch. 100 00:08:10,310 --> 00:08:11,680 OK good. 101 00:08:12,980 --> 00:08:18,280 So you can open up a new terminal and I'll go to the symptom No. 102 00:08:18,430 --> 00:08:19,040 No. 103 00:08:19,040 --> 00:08:23,230 Does it matter because there is nothing is winning and then child to go to the 104 00:08:26,130 --> 00:08:27,080 proxy list. 105 00:08:32,240 --> 00:08:33,890 You of doing this 106 00:08:38,720 --> 00:08:48,820 and there now the IP address of Sky Tower of the victim machine following a foot maybe put on wish disorder 107 00:08:48,830 --> 00:08:53,660 was winning in the 80s not that much silver and then save it a bit 108 00:09:00,860 --> 00:09:09,310 then you can try to possibly change this message John that we have had it and then the IP address protected. 109 00:09:09,390 --> 00:09:11,050 I mean this tower. 110 00:09:12,070 --> 00:09:12,560 Yes. 111 00:09:12,690 --> 00:09:18,750 So that you can get endurance and then copy that password finding there and then pass it to him. 112 00:09:21,520 --> 00:09:29,410 Now we have something we can try to a petition go to. 113 00:09:29,480 --> 00:09:32,750 All right. 114 00:09:41,230 --> 00:09:43,780 You can try to use the proxy chain. 115 00:09:44,070 --> 00:09:47,600 And but now you're going to make few changes. 116 00:09:48,130 --> 00:09:57,600 The IP address or type it and you trade the 80 and again it buys the password there. 117 00:09:58,130 --> 00:09:58,730 Okay. 118 00:09:58,940 --> 00:10:06,460 Oh well we we are able to execute some commands Okay so let's call it a war. 119 00:10:07,020 --> 00:10:13,160 And then instead of a little you know we try so that we can get to Shane C. 120 00:10:16,710 --> 00:10:19,280 Now we can try to type being this is 121 00:10:25,540 --> 00:10:34,210 we don't have access to that we told you that means we still lack some privileges this command is very 122 00:10:34,210 --> 00:10:35,020 helpful. 123 00:10:35,020 --> 00:10:39,310 It helps us to find dippy deputy should be fired. 124 00:10:39,430 --> 00:10:42,940 I mean all the peach bee fairies so that we can analyze them 125 00:10:46,300 --> 00:10:49,470 let's try to chip them. 126 00:10:49,520 --> 00:10:53,680 This is very important case to discuss and it's helpful. 127 00:10:55,310 --> 00:10:56,950 Access to Dubai. 128 00:10:57,510 --> 00:11:05,050 Who would like something interesting minus Q. 129 00:11:07,830 --> 00:11:09,080 So let's check it 130 00:11:12,460 --> 00:11:14,100 what it's done to try to escape. 131 00:11:18,800 --> 00:11:23,070 This might screw up when it would surely database wrong with the user. 132 00:11:24,490 --> 00:11:27,010 So that we can trade out 133 00:11:33,990 --> 00:11:42,550 skating is the database that we choose that we pick from them it has. 134 00:11:42,580 --> 00:11:44,370 Table which name is Logan. 135 00:11:45,310 --> 00:11:45,790 Okay. 136 00:11:47,620 --> 00:11:57,320 Now can try this in a while selecting everything from the logging towards in. 137 00:11:58,810 --> 00:12:06,600 Oh look the buzzword down there even in encrypted or a hatchet there. 138 00:12:06,670 --> 00:12:09,980 You know everything is there as plain text. 139 00:12:10,080 --> 00:12:10,910 Okay. 140 00:12:10,990 --> 00:12:14,280 So did you want to add Skype dates so we know it. 141 00:12:14,290 --> 00:12:15,040 So we already. 142 00:12:15,040 --> 00:12:21,580 So we can try to go to William Skype tech and then try to put the credentials outside to see if we can 143 00:12:21,700 --> 00:12:22,800 assess each it 144 00:12:32,660 --> 00:12:43,470 get and then you can type it couldn't show according to the user that you can speak in some late 145 00:12:53,910 --> 00:12:54,470 OK. 146 00:12:56,810 --> 00:12:59,540 Box would be kind of homes. 147 00:13:01,150 --> 00:13:01,800 We can't. 148 00:13:01,800 --> 00:13:02,960 So do we. 149 00:13:03,100 --> 00:13:04,300 19 different interests. 150 00:13:04,300 --> 00:13:04,870 So on. 151 00:13:04,880 --> 00:13:09,410 This was okay let's try to see the budget from 152 00:13:18,680 --> 00:13:24,740 let's try to view this file using quite common don't we know what the 153 00:13:31,260 --> 00:13:32,470 110 billion into 154 00:13:43,330 --> 00:13:50,170 what are we gonna try to do it is let's we move the Bush file so that we can get the access. 155 00:13:50,260 --> 00:13:51,750 Let's try to avoid 156 00:13:58,300 --> 00:14:05,040 now we can open and then what advice would we give them. 157 00:14:05,790 --> 00:14:06,200 OK. 158 00:14:08,690 --> 00:14:10,270 What we are there are so. 159 00:14:10,320 --> 00:14:15,930 So we have to keep this in mind literally do it to sort of read 160 00:14:20,200 --> 00:14:22,800 so we are able to do it 161 00:14:30,690 --> 00:14:31,910 now what we going to do. 162 00:14:31,920 --> 00:14:38,230 We're going to try to release the account so that we can see oil which are there. 163 00:14:38,260 --> 00:14:46,440 So as we have experienced before everything that you can try to figure out just to be able to escalate 164 00:14:46,470 --> 00:14:53,820 the privileges you chose do it because sometimes it might get a little bit much more complicated than 165 00:14:54,240 --> 00:15:01,740 when you when you try when you try to get the access and then you you your method does it quick and 166 00:15:01,740 --> 00:15:06,420 then you have to know many ways to try to get into it. 167 00:15:06,900 --> 00:15:18,460 So let's try to let's try to get out if if it means me work it'll be no kill say okay to into the press 168 00:15:18,460 --> 00:15:20,140 would call you sorry. 169 00:15:20,400 --> 00:15:20,810 Okay. 170 00:15:20,940 --> 00:15:23,360 So now let's try to go home territory. 171 00:15:23,890 --> 00:15:26,430 Because we don't have the access now 172 00:15:30,030 --> 00:15:30,610 boom. 173 00:15:30,650 --> 00:15:31,800 So we get it. 174 00:15:31,820 --> 00:15:32,660 It's fantastic. 175 00:15:33,190 --> 00:15:34,170 OK. 176 00:15:34,250 --> 00:15:40,980 So now we can try to sue Reed OK so we have it. 177 00:15:41,160 --> 00:15:50,430 So now you can use that card or get it oh the V.A. just to purify it so two guys you know so and then 178 00:15:50,430 --> 00:15:54,690 we going to try to make it to see if it will. 179 00:15:54,890 --> 00:15:55,950 Of course it work. 180 00:15:56,100 --> 00:15:56,840 Let's see. 181 00:15:56,870 --> 00:15:57,670 Come on guys. 182 00:15:58,080 --> 00:15:58,410 Yeah. 183 00:15:59,320 --> 00:16:00,790 So this isn't so. 184 00:16:00,820 --> 00:16:03,210 So we get it. 185 00:16:03,280 --> 00:16:05,350 This is the person they would do. 186 00:16:05,440 --> 00:16:08,520 Is this our right 187 00:16:12,020 --> 00:16:13,190 now what are we going to do. 188 00:16:13,190 --> 00:16:16,410 We're going to try to again look silly is it. 189 00:16:16,460 --> 00:16:23,480 But now that we discover a command I mean that we decide our user of what we do would use it because 190 00:16:23,480 --> 00:16:27,140 now here we have the password of the would. 191 00:16:27,140 --> 00:16:29,650 Okay so let's so I'm going to try it now. 192 00:16:30,110 --> 00:16:33,450 OK let's see let's see. 193 00:16:33,540 --> 00:16:44,630 So the proxy change again this message and then would the IP address and the prisoner in trying to put 194 00:16:45,100 --> 00:16:47,690 the password despite our way. 195 00:16:48,190 --> 00:16:49,340 Voila. 196 00:16:49,800 --> 00:16:51,370 So we get into it. 197 00:16:51,610 --> 00:16:54,750 So this is so nice. 198 00:16:55,320 --> 00:16:55,800 OK. 199 00:16:55,830 --> 00:16:58,670 Nice so we thank you. 200 00:16:58,680 --> 00:17:01,170 We thank you so much for watching this video. 201 00:17:01,290 --> 00:17:06,750 And then we hopefully think that it was really helpful you and then very understand neighbor how to 202 00:17:06,750 --> 00:17:07,230 make it work. 203 00:17:07,230 --> 00:17:08,820 How do we wait. 204 00:17:08,930 --> 00:17:15,510 So we will know it will assist them in some kind of exploitation so that you get the word access. 205 00:17:15,510 --> 00:17:19,050 I mean the admin did full access of this system. 206 00:17:19,060 --> 00:17:19,870 OK. 207 00:17:20,430 --> 00:17:21,350 OK being there. 208 00:17:21,630 --> 00:17:23,690 We can try to do something too. 209 00:17:23,730 --> 00:17:31,700 We can try to use these credentials for someone in the hacking process. 210 00:17:31,730 --> 00:17:37,760 The penetration in hacking phase so that you trade on that virtual machine. 211 00:17:37,830 --> 00:17:38,460 OK. 212 00:17:38,520 --> 00:17:42,290 Let's let's go there and try to make it. 213 00:17:42,300 --> 00:17:48,880 All right. 214 00:17:49,090 --> 00:17:49,510 All right. 215 00:17:49,840 --> 00:17:59,290 So now we assume that you remember the password phone if not you can just go up to a terminal and then 216 00:18:00,490 --> 00:18:02,840 try to try to get it back. 217 00:18:02,870 --> 00:18:04,000 It depends what it was. 218 00:18:04,090 --> 00:18:06,250 This guy out on small. 219 00:18:06,270 --> 00:18:06,790 It is. 220 00:18:06,850 --> 00:18:07,860 OK. 221 00:18:07,930 --> 00:18:08,480 So yeah. 222 00:18:08,770 --> 00:18:09,220 OK. 223 00:18:09,250 --> 00:18:13,090 Let's go back to all skydiving machine. 224 00:18:13,150 --> 00:18:13,990 So let's begin here. 225 00:18:14,810 --> 00:18:15,340 OK. 226 00:18:15,340 --> 00:18:22,380 So they're looking for state was world wide and it was in there and then it was this guy down on small 227 00:18:22,400 --> 00:18:28,930 letters Big Sky Tower were in there. 228 00:18:28,930 --> 00:18:29,910 Here we are guys. 229 00:18:29,950 --> 00:18:30,570 You see. 230 00:18:31,090 --> 00:18:32,380 Fantastic. 231 00:18:32,380 --> 00:18:32,830 OK. 232 00:18:32,860 --> 00:18:37,330 So we hopefully think that you really enjoy watching this video with us. 233 00:18:37,330 --> 00:18:39,780 And then that said just keep trying. 234 00:18:39,840 --> 00:18:40,450 Trying. 235 00:18:40,450 --> 00:18:48,400 So a lab might not be the same way to get access to but it's just keep trying. 236 00:18:48,400 --> 00:18:50,610 And then so that you get your go. 237 00:18:50,770 --> 00:18:50,990 OK. 238 00:18:51,010 --> 00:18:51,790 Thank you. 239 00:18:51,790 --> 00:18:54,610 So see you in the next video. 240 00:18:57,800 --> 00:18:59,460 Absolutely. 241 00:19:00,600 --> 00:19:01,110 Nancy.