1
00:00:00,610 --> 00:00:01,270
Welcome back.

2
00:00:01,870 --> 00:00:08,920
It is time we switch things up a little bit and move on to a different target for the next few videos,

3
00:00:08,950 --> 00:00:12,070
we're going to be attacking Windows seven machine.

4
00:00:12,760 --> 00:00:18,430
And the difference between exploding Windows seven and the anticipatable that we were attacking in the

5
00:00:18,430 --> 00:00:21,400
past few videos is inside of Windows seven.

6
00:00:21,670 --> 00:00:25,000
We are not going to install any additional software.

7
00:00:25,540 --> 00:00:31,990
So these exploits will work on anyone that uses Windows seven and hasn't updated their operating system,

8
00:00:32,650 --> 00:00:36,580
which is most likely everyone running some pirated version of Windows.

9
00:00:37,000 --> 00:00:40,720
For this, you will need to install Windows seven virtual machine.

10
00:00:41,110 --> 00:00:43,080
And I got my right here.

11
00:00:43,120 --> 00:00:48,400
It is currently up and running and you will need to install them inside of your virtual box.

12
00:00:48,400 --> 00:00:52,690
First, you can take a look at YouTube, how you can download Windows seven.

13
00:00:52,930 --> 00:00:58,630
So far, since the ISO file is something that you will need for the installation of virtual box windows

14
00:00:58,630 --> 00:00:59,050
machine.

15
00:00:59,290 --> 00:01:06,790
And if you can try to download the 64 bit version of Windows seven, once you get the ISO file, the

16
00:01:06,790 --> 00:01:08,860
installation process is rather easy.

17
00:01:09,730 --> 00:01:13,510
Just go to the virtual box, then click on New Right here.

18
00:01:14,260 --> 00:01:15,910
You can type in anything you want.

19
00:01:15,910 --> 00:01:18,580
You can call it Windows seven.

20
00:01:19,060 --> 00:01:23,860
You can select right here which version you got either 32 bit or 64 bit.

21
00:01:24,250 --> 00:01:26,530
And once you select it, click on next.

22
00:01:27,480 --> 00:01:30,600
Let me just say right here, cannot create this folder already exists.

23
00:01:30,780 --> 00:01:35,850
Yeah, this folder already exists because I have already created the Windows seven machine, but if

24
00:01:35,850 --> 00:01:41,250
I call it, for example, Windows seventy seven, just so I can change the name of the virtual machine,

25
00:01:41,610 --> 00:01:43,500
click on next here.

26
00:01:43,500 --> 00:01:47,070
What you want to do is you want to add at least two gigabytes of RAM.

27
00:01:47,760 --> 00:01:52,440
Now in case you don't have two gigabytes of RAM, feel free to add one gigabyte.

28
00:01:52,770 --> 00:01:57,900
But in that case I'm not sure whether it will work since I haven't really tried it.

29
00:01:58,530 --> 00:02:04,240
Once you create a virtual machine and set the frame, you can click on next right here, select create

30
00:02:04,240 --> 00:02:05,110
the virtual hard disk.

31
00:02:05,130 --> 00:02:10,200
Now the next, next, next here you can select the hard disk size.

32
00:02:10,650 --> 00:02:11,840
You'll need to go to match.

33
00:02:11,850 --> 00:02:14,570
You can just choose something like 20 to 30 gigabytes.

34
00:02:14,580 --> 00:02:18,150
Click on create and your virtual machine will be right here.

35
00:02:18,450 --> 00:02:21,980
Once you do all of that, there are just a few more settings that you need to set up.

36
00:02:22,170 --> 00:02:24,690
So just go right here onto the settings.

37
00:02:26,200 --> 00:02:33,640
And in the storage, you want to delete this empty right here and under the controller, you want to

38
00:02:33,640 --> 00:02:35,900
add the Windows ISO file.

39
00:02:36,250 --> 00:02:40,770
So in my case, here is mine, Windows seven, Ultimate X 64 Doti.

40
00:02:40,790 --> 00:02:47,110
So I would choose that one and then I would proceed to the network settings and change from the net

41
00:02:47,320 --> 00:02:48,790
to the breached adapter.

42
00:02:49,360 --> 00:02:52,360
Select your adapter right here and click on Create.

43
00:02:53,170 --> 00:02:59,440
After you do all of this, you can start your process of installing Windows seven and the process is

44
00:02:59,440 --> 00:03:01,130
rather easy, as I already mentioned.

45
00:03:01,210 --> 00:03:07,060
However, there is one important step that you need to pay attention to, and I got the screenshot of

46
00:03:07,060 --> 00:03:09,790
that step right here on my desktop.

47
00:03:11,020 --> 00:03:15,400
As far as I remember, this step happens, I believe, at the very end of installation.

48
00:03:15,580 --> 00:03:21,830
And here it asks us, help protect your computer and improve windows automatically.

49
00:03:22,210 --> 00:03:28,180
Here we want to select the last option, which is ask me later, it says, for that option until you

50
00:03:28,180 --> 00:03:32,140
decide your computer might be vulnerable to security threats.

51
00:03:32,680 --> 00:03:39,970
And by selecting this, we are simulating a vulnerable Windows seven machine that wasn't regularly updated.

52
00:03:40,780 --> 00:03:43,570
Once you do all of this, you should be ready to go.

53
00:03:43,960 --> 00:03:46,240
The other steps of installation are not important.

54
00:03:46,240 --> 00:03:51,410
Just remember, once you get to this step, select, ask me later, OK?

55
00:03:51,430 --> 00:03:55,780
So right now I got both of these machines up and running.

56
00:03:55,780 --> 00:03:57,610
I got clinics and Windows seven.

57
00:03:58,060 --> 00:04:04,990
And if I go to my virtual box right here and besides this, Windows seventy seven machine right here

58
00:04:05,080 --> 00:04:06,280
that I created right now.

59
00:04:06,280 --> 00:04:10,180
So I will just delete it since I don't really need to.

60
00:04:10,180 --> 00:04:12,580
Windows machines besides it.

61
00:04:12,760 --> 00:04:19,510
You will see I got these two Windows seven machines, so I got Windows seven thirty two bit and Windows

62
00:04:19,510 --> 00:04:24,880
seven sixty four bit and both are installed with a different ISO file.

63
00:04:25,630 --> 00:04:32,560
And the reason why I got two of them is just to show you that sometimes some of the experts won't work

64
00:04:33,040 --> 00:04:36,250
and that doesn't mean you didn't perform the exploit correctly.

65
00:04:36,550 --> 00:04:39,490
It's just that sometimes they just don't work.

66
00:04:39,820 --> 00:04:43,510
Whether it is due to architecture or some windows update, it doesn't matter.

67
00:04:43,930 --> 00:04:48,850
Just you will see that, for example, some of the experts will work on this version of Windows seven.

68
00:04:49,300 --> 00:04:51,520
But on this one, it will not work.

69
00:04:52,460 --> 00:04:58,310
Now, there is also one thing that we must do on the target machine before we actually attack it.

70
00:04:58,640 --> 00:05:03,440
So once you install Windows seven and you have it up and running, go to it.

71
00:05:03,710 --> 00:05:07,490
And from the desktop, you want to type control panel.

72
00:05:09,070 --> 00:05:13,070
And in the control panel, we want to disable the firewall.

73
00:05:13,660 --> 00:05:19,270
The reason we do that is because the attack that we are going to perform targets support for four or

74
00:05:19,270 --> 00:05:22,670
five, which is by default, open on Windows machines.

75
00:05:22,870 --> 00:05:29,740
However, it is also by default being filtered by a firewall that is automatically on every time you

76
00:05:29,740 --> 00:05:31,090
install Affinitas machine.

77
00:05:31,510 --> 00:05:38,650
So for our experts to work, Target has to have that port unfiltered by the firewall for us to be able

78
00:05:38,650 --> 00:05:44,400
to exploit it in companies and larger networks, that usually is the case.

79
00:05:44,650 --> 00:05:47,530
This port will be open and unfiltered.

80
00:05:47,950 --> 00:05:48,360
Why?

81
00:05:48,820 --> 00:05:52,590
Well, because it is a simple protocol or server message block protocol.

82
00:05:52,900 --> 00:05:59,500
It is used in network file sharing and it allows applications on the computer to read and write files

83
00:05:59,620 --> 00:06:03,530
and to request services from server programs in a computer network.

84
00:06:04,150 --> 00:06:10,020
It is basically used for different directory access or for printer access or something similar.

85
00:06:10,630 --> 00:06:15,460
That's why it is usually open inside companies without any firewall whatsoever.

86
00:06:16,360 --> 00:06:17,440
Let me show you what I mean.

87
00:06:18,100 --> 00:06:25,450
If it go right here and under the system and security like the Windows firewall, I already have it

88
00:06:25,690 --> 00:06:26,350
disabled.

89
00:06:26,590 --> 00:06:29,260
But by default you should have it like this.

90
00:06:29,740 --> 00:06:31,810
So you should have firewall up and running.

91
00:06:33,050 --> 00:06:40,490
If I leave the firewall up and running and I go to my Linux machine and scan it real fast to student

92
00:06:40,520 --> 00:06:42,530
and map, we are going to use the same skin.

93
00:06:43,340 --> 00:06:50,000
In order for this to work, I need to know the IP address of my Windows seven machine cell type IP config

94
00:06:50,000 --> 00:06:53,420
inside of the command prompt and it will tell me it is I to that one.

95
00:06:53,420 --> 00:06:54,020
Sixty eight.

96
00:06:54,350 --> 00:06:55,470
That one, that eight.

97
00:06:56,300 --> 00:06:59,540
So if I go back and scan that IP address.

98
00:07:02,230 --> 00:07:03,520
Input my password.

99
00:07:05,440 --> 00:07:11,590
This shouldn't take more than just a few seconds, and you will see right here that these ports are

100
00:07:11,590 --> 00:07:15,560
open, but for you they will probably not be open.

101
00:07:15,610 --> 00:07:16,030
Why?

102
00:07:16,180 --> 00:07:19,360
Well, because you haven't really disable the firewall yet.

103
00:07:19,900 --> 00:07:26,380
So even though I scanned it right now, once again, while the firewall is on, you can see in the scan

104
00:07:26,380 --> 00:07:28,880
results ports are set to be open.

105
00:07:29,680 --> 00:07:35,050
What you are going to see in case you haven't disable the firewall already is you will most likely see

106
00:07:35,440 --> 00:07:37,480
one thousand ports filtered.

107
00:07:38,200 --> 00:07:44,560
And to fix that, what you can do is go right here, click on Turn Windows Firewall on or off.

108
00:07:45,790 --> 00:07:51,820
Then select right here, turn off Windows Firewall and turn off Windows firewall in the second option

109
00:07:51,820 --> 00:07:56,390
as well, click on OK, and now the firewall is off.

110
00:07:57,130 --> 00:08:02,380
Now if you go and perform, this can once again for me, I will have the same results.

111
00:08:02,620 --> 00:08:06,030
But for you, you will have much more ports open.

112
00:08:06,820 --> 00:08:11,770
And I also get some ports open that weren't open once the firewall was enabled.

113
00:08:12,070 --> 00:08:18,750
Besides all of those ports, you should also see the port one three nine being open and the port four

114
00:08:18,750 --> 00:08:22,530
for five being open and those are assembly ports.

115
00:08:23,200 --> 00:08:28,900
So the key thing to get from this is go to the windows and disable the firewall once again, control

116
00:08:28,900 --> 00:08:32,470
panel system and security and then Windows firewall.

117
00:08:33,040 --> 00:08:35,890
After we do all of that, you are ready to go.

118
00:08:36,250 --> 00:08:42,340
In the next video, we are going to see how to perform one of the most known recent exploits called

119
00:08:42,340 --> 00:08:43,230
Eternal Blue.

120
00:08:43,780 --> 00:08:44,860
See you in the next video.