1 00:00:01,440 --> 00:00:05,050 In this lecture we will start our hands on practicing. 2 00:00:05,050 --> 00:00:07,110 We exploit. 3 00:00:07,110 --> 00:00:17,330 So we can lunch meat exploit by clicking here or from the terminal. 4 00:00:17,850 --> 00:00:30,540 So let us first conduct and in map scan for the meat exploitable the M with the third option. 5 00:00:30,630 --> 00:00:38,680 So here in the results we see that we have he was degree secure all database on the move explode. 6 00:00:38,690 --> 00:00:46,790 Well we m with the ECB board of five thousand four hundred and thirty two. 7 00:00:46,790 --> 00:00:57,110 And with this virgin and he can get the same results using the meat exploit frameworks or so I will 8 00:00:57,110 --> 00:00:59,150 Will to know the meat exploit framework. 9 00:00:59,310 --> 00:01:06,210 So MSF console we see that the framework is starting now 10 00:01:10,550 --> 00:01:19,500 so let us search for the port scan modules 11 00:01:22,950 --> 00:01:27,750 and here we see that we have a module for DCP board scan. 12 00:01:28,290 --> 00:01:29,770 So let us use that one. 13 00:01:29,820 --> 00:01:35,590 So use auxiliary scanner 14 00:01:38,390 --> 00:01:39,240 port scan 15 00:01:42,250 --> 00:01:42,810 DTV 16 00:01:47,070 --> 00:01:55,610 and we can get info about that one using the info comment or use d show options comment 17 00:01:59,130 --> 00:02:08,600 and you can also use the set command to get the options that you have to set. 18 00:02:08,600 --> 00:02:17,810 So here we see that the ports are by default from one to 10000 and the unit hosts parameters are not 19 00:02:18,080 --> 00:02:18,440 set. 20 00:02:18,440 --> 00:02:31,970 So I will see those using the shared command so it ports it is configured that we from five thousand 21 00:02:32,000 --> 00:02:43,220 to six thousands to include the port of the ports degree and I would say the 22 00:02:46,410 --> 00:02:56,970 our hosts to be the IP address of 1 to 3 with VDI Raiders Of The Lost Boys will VM it does check for 23 00:02:56,970 --> 00:03:07,280 our configuration so we see that keyboard on the IP address are configured now. 24 00:03:07,410 --> 00:03:14,320 So now we can use the run command or the exploit comment. 25 00:03:15,550 --> 00:03:22,420 So now we see that the abort of the first degree is open. 26 00:03:22,420 --> 00:03:28,480 We can also get the legend of the particular that I using the 27 00:03:31,360 --> 00:03:35,700 first degree version module 28 00:03:39,220 --> 00:03:40,380 and we have to set to 29 00:03:43,760 --> 00:03:56,270 our hosts to EDI I read this one to three and then we can use the exploit command foreign command. 30 00:03:56,270 --> 00:03:59,810 So here we see that the version was found. 31 00:03:59,810 --> 00:04:13,580 Let us now try to find if we can log in into the database using the log in module and then should the 32 00:04:15,140 --> 00:04:18,290 host and then usually around command 33 00:04:21,670 --> 00:04:29,110 we see that we have one successful log in using these credentials. 34 00:04:29,110 --> 00:04:31,750 Let us now try to access the database using the 35 00:04:34,480 --> 00:04:37,180 auxiliary admin 36 00:04:39,890 --> 00:04:42,080 post degree and then 37 00:04:45,070 --> 00:05:03,810 school module and set the you won't host and the school statement to be for example. 38 00:05:03,810 --> 00:05:04,410 Select 39 00:05:06,940 --> 00:05:15,670 database name from the B database 40 00:05:18,480 --> 00:05:22,450 and then run. 41 00:05:22,540 --> 00:05:27,580 Here we see that we have error because of the our host. 42 00:05:27,580 --> 00:05:35,520 So why would you sit com and you see that we have to set the our host. 43 00:05:35,720 --> 00:05:37,810 But and we talk about not the our hosts so 44 00:05:43,440 --> 00:05:49,200 I may sit that one and then run again. 45 00:05:49,730 --> 00:06:01,860 And here we see that we have three databases the post degrees the template zero on template 1. 46 00:06:02,530 --> 00:06:11,050 And also we can use the army days which is a good way for the meta broad framework. 47 00:06:11,050 --> 00:06:14,710 So I would click here. 48 00:06:14,710 --> 00:06:16,270 So now I will click on Connect 49 00:06:19,090 --> 00:06:19,680 and then yes 50 00:06:24,260 --> 00:06:30,080 so now we have to find the IP address of the computer that will be attacked which is the one the three 51 00:06:30,080 --> 00:06:31,590 IP address. 52 00:06:32,510 --> 00:06:44,630 And then I will track that one here and then I will search in the gallery for the scanners and then 53 00:06:49,960 --> 00:06:55,570 postgres and I will try to use the 54 00:06:58,360 --> 00:07:00,490 Logan module. 55 00:07:00,520 --> 00:07:04,650 Here we see that the parameters are configured. 56 00:07:04,780 --> 00:07:07,240 So I will click now on like 57 00:07:10,130 --> 00:07:21,990 so we see that we have one successful log in you the same logging that we have discovered using the 58 00:07:21,990 --> 00:07:23,810 command line of the sprite. 59 00:07:25,620 --> 00:07:36,960 So in this lecture we have explored how to work with the meta spotlight framework using both the command 60 00:07:36,960 --> 00:07:41,450 line and using the glory of the army take.