1
00:00:00,390 --> 00:00:04,830
Welcome to another attack that we will perform on our anticipatable machine.

2
00:00:05,760 --> 00:00:08,760
And this one is aimed on telnet.

3
00:00:09,730 --> 00:00:16,570
Keep in mind that this vulnerability is only possible due to information disclosure, and you will see

4
00:00:16,570 --> 00:00:18,100
by the end of this video why.

5
00:00:19,000 --> 00:00:26,560
So I got my scan right here and we can see that the telnet is running on Port twenty three, if we check

6
00:00:26,560 --> 00:00:29,860
out the version, it says Linux down at the.

7
00:00:31,020 --> 00:00:35,310
That doesn't seem to give us that much of information about the actual version.

8
00:00:36,190 --> 00:00:38,890
If we just copy this version right here.

9
00:00:40,250 --> 00:00:41,420
Open another terminal.

10
00:00:42,490 --> 00:00:49,480
We could just do the same thing that we did with the FDA version so we could type split and then based

11
00:00:49,480 --> 00:00:50,260
Deverson name.

12
00:00:51,700 --> 00:00:54,720
And it seems that we got two different results.

13
00:00:55,700 --> 00:00:59,690
And from looking at them, they don't seem to be useful for us.

14
00:01:00,290 --> 00:01:07,370
The first one says netiquette down at zero point seventeen and it says in brackets that it's for fedora

15
00:01:07,380 --> 00:01:08,060
thirty one.

16
00:01:08,900 --> 00:01:12,610
And the second one doesn't seem to be something we're looking for either.

17
00:01:13,370 --> 00:01:15,930
We can't get the exact version of Telnet.

18
00:01:16,040 --> 00:01:17,690
So what are we going to do?

19
00:01:18,780 --> 00:01:23,610
Well, we know the telnet requires username and password in order to log in.

20
00:01:24,570 --> 00:01:32,370
So let's maybe try the default credentials to try them and to connect to the telnet port on some machine

21
00:01:32,850 --> 00:01:39,630
we can type in our terminal, let's first clear the screen telnet and then the IP address of the machine

22
00:01:39,630 --> 00:01:40,620
that we want to connect to.

23
00:01:40,860 --> 00:01:43,620
In my case, I want to do that 168.

24
00:01:43,620 --> 00:01:44,010
That one.

25
00:01:44,010 --> 00:01:44,490
That five.

26
00:01:45,710 --> 00:01:47,240
And I press here, enter.

27
00:01:49,610 --> 00:01:57,230
Do you see it not only do we get the banner for the Telnet, but we also get some additional information

28
00:01:57,260 --> 00:01:58,820
that shouldn't be here.

29
00:02:00,000 --> 00:02:05,790
We get the statement that says Log-in with MSF admin, slash MSF admin.

30
00:02:07,030 --> 00:02:13,960
And if you remember this banner and these things are exactly the same as the banner that forget once

31
00:02:13,960 --> 00:02:19,050
we log in to the anticipatable, as you can see right here, these two are exactly the same.

32
00:02:19,870 --> 00:02:23,620
They just hosted the same banner on the telnet open port as well.

33
00:02:24,560 --> 00:02:29,990
So if they already gave us username and password, let's use it, let's see whether it will work on

34
00:02:29,990 --> 00:02:36,440
Telnet if I type MSF admin and MSF admin as the password.

35
00:02:38,400 --> 00:02:42,750
Here we are once again, we are on the anticipatable machine.

36
00:02:43,710 --> 00:02:48,290
Just this time, you will notice that we are not full account, so if we type, who am I?

37
00:02:48,510 --> 00:02:51,600
We are the MSF admin, we are not the food account.

38
00:02:52,290 --> 00:02:54,960
And this is something that we can easily bypass.

39
00:02:55,530 --> 00:03:03,060
If I type the command pseudo assume it will ask me for the password for the MSF admin and we already

40
00:03:03,060 --> 00:03:04,440
know it from the banner.

41
00:03:04,470 --> 00:03:06,730
It is also MSF admin.

42
00:03:07,130 --> 00:03:09,030
I type it in press enter.

43
00:03:10,930 --> 00:03:17,500
And now we are brought to account, as we can see right here, and also for type who am I?

44
00:03:18,910 --> 00:03:20,980
It will tell me we are through the count.

45
00:03:21,730 --> 00:03:23,140
Now, I know what you're thinking.

46
00:03:23,500 --> 00:03:24,910
This is too easy.

47
00:03:25,220 --> 00:03:27,970
Something like this will never happen in real life.

48
00:03:28,510 --> 00:03:29,710
And you are correct.

49
00:03:29,950 --> 00:03:32,320
These types of vulnerabilities will rarely happen.

50
00:03:32,810 --> 00:03:36,760
However, we are slowly processing to higher and higher vulnerabilities.

51
00:03:37,510 --> 00:03:43,840
The last two were just configurations and information disclosure, while the first FCP vulnerability

52
00:03:44,050 --> 00:03:46,000
had a vulnerable software rudnic.

53
00:03:46,870 --> 00:03:52,090
After we finish showing a few more vulnerabilities for the metals political machine, we're going to

54
00:03:52,090 --> 00:03:58,120
go on to the windows machines and you will see that we will manage to exploit them without them having

55
00:03:58,120 --> 00:04:00,940
any additional softwares like Anticipatable does.

56
00:04:01,330 --> 00:04:04,370
So things are soon about to get even more interesting.

57
00:04:05,020 --> 00:04:05,950
See you in the next video.