1
00:00:01,020 --> 00:00:02,370
Instructor: Welcome back.

2
00:00:02,370 --> 00:00:03,270
In this video

3
00:00:03,270 --> 00:00:06,930
I want to show you another example of a NASA scan.

4
00:00:06,930 --> 00:00:09,450
So in the previous one, we scanned our (inaudible)

5
00:00:09,450 --> 00:00:11,250
which is a Linux machine.

6
00:00:11,250 --> 00:00:14,520
Right now we are going to see what results can we get

7
00:00:14,520 --> 00:00:16,203
scanning a Windows machine.

8
00:00:17,130 --> 00:00:20,490
So I have right here Windows 7 virtual machine.

9
00:00:20,490 --> 00:00:22,410
And what's special about this machine

10
00:00:22,410 --> 00:00:26,010
is that it hasn't been updated in a year.

11
00:00:26,010 --> 00:00:28,680
And keep in mind there are a lot of people in the world

12
00:00:28,680 --> 00:00:32,640
that don't regularly update their operating systems.

13
00:00:32,640 --> 00:00:34,170
This machine specifically

14
00:00:34,170 --> 00:00:36,720
doesn't have any additional software installed

15
00:00:36,720 --> 00:00:38,490
and running on open ports.

16
00:00:38,490 --> 00:00:41,430
The only open ports it has are these ones

17
00:00:41,430 --> 00:00:43,740
and most of them are open by default,

18
00:00:43,740 --> 00:00:45,960
once you install Windows 7.

19
00:00:45,960 --> 00:00:47,700
Let us see what our NASA scan

20
00:00:47,700 --> 00:00:52,170
will manage to find on an un-updated Window 7 machine.

21
00:00:52,170 --> 00:00:54,780
So let's go right here and go onto newest scan.

22
00:00:54,780 --> 00:00:56,970
We already know how we can perform the scan,

23
00:00:56,970 --> 00:00:59,220
so I will not be explaining the details.

24
00:00:59,220 --> 00:01:00,690
We navigate to the basic scan

25
00:01:00,690 --> 00:01:03,990
and we can type right here, Windows 7.

26
00:01:03,990 --> 00:01:06,330
The IP address I checked out right here

27
00:01:06,330 --> 00:01:09,270
it is 192.168.1.6.

28
00:01:09,270 --> 00:01:10,923
And if I scan it,

29
00:01:12,930 --> 00:01:14,850
go to the discovery,

30
00:01:14,850 --> 00:01:16,860
we can scan all ports.

31
00:01:16,860 --> 00:01:18,720
In the assessment, we're going to scan for

32
00:01:18,720 --> 00:01:20,910
known web vulnerabilities.

33
00:01:20,910 --> 00:01:23,520
In the report we'll leave everything default

34
00:01:23,520 --> 00:01:26,580
and in the advanced we'll leave it on default.

35
00:01:26,580 --> 00:01:31,233
I will click on save and I will just run my scan.

36
00:01:32,280 --> 00:01:34,890
This will start scanning my Windows 7 machine

37
00:01:34,890 --> 00:01:38,130
and in a few minutes we will receive the entire scan

38
00:01:38,130 --> 00:01:40,150
and all the vulnerabilities it managed to find

39
00:01:40,150 --> 00:01:42,930
for our Windows 7 machine.

40
00:01:42,930 --> 00:01:44,400
Once again, keep in mind,

41
00:01:44,400 --> 00:01:47,850
that it doesn't have any additional software installed.

42
00:01:47,850 --> 00:01:50,130
I just installed an operating system

43
00:01:50,130 --> 00:01:52,620
and connected it to my network.

44
00:01:52,620 --> 00:01:54,660
Let's wait for the scan to finish

45
00:01:54,660 --> 00:01:57,453
and we are going to see what it will manage to find.

46
00:01:59,250 --> 00:02:00,870
Okay, the scan has finished.

47
00:02:00,870 --> 00:02:04,560
Let us check out the results (inaudible) has gave us.

48
00:02:04,560 --> 00:02:07,080
If I click on my Windows seven, we will see,

49
00:02:07,080 --> 00:02:09,900
it managed to find four critical vulnerabilities

50
00:02:09,900 --> 00:02:11,913
and two high vulnerabilities.

51
00:02:12,810 --> 00:02:13,860
And these are the vulnerabilities

52
00:02:13,860 --> 00:02:16,770
it found on Windows Machine that hasn't been updated.

53
00:02:16,770 --> 00:02:18,600
Let us check them out.

54
00:02:18,600 --> 00:02:21,390
If I click on this and click on Microsoft Windows,

55
00:02:21,390 --> 00:02:26,390
multiple issues, we will see four critical vulnerabilities.

56
00:02:27,240 --> 00:02:30,240
Unsupported Windows OS.

57
00:02:30,240 --> 00:02:32,310
This means that the windows has not been updated.

58
00:02:32,310 --> 00:02:35,160
As it says right here, it's either missing a service packet

59
00:02:35,160 --> 00:02:37,200
or is no longer supported.

60
00:02:37,200 --> 00:02:40,770
This simply means it hasn't been updated in a while.

61
00:02:40,770 --> 00:02:42,720
As a result, it is likely to contain

62
00:02:42,720 --> 00:02:44,973
security vulnerabilities, and that is true.

63
00:02:46,320 --> 00:02:49,470
We get the MS 14, which it says right here,

64
00:02:49,470 --> 00:02:52,590
vulnerability and channel could allow remote code execution.

65
00:02:52,590 --> 00:02:54,063
Uncredentialed check.

66
00:02:54,990 --> 00:02:56,400
And down here,

67
00:02:56,400 --> 00:02:59,820
we also get what type of vulnerability it is.

68
00:02:59,820 --> 00:03:02,040
So we could just search for that vulnerability,

69
00:03:02,040 --> 00:03:03,510
search for an exploit,

70
00:03:03,510 --> 00:03:06,153
and gain access to our Windows 7 machine.

71
00:03:07,170 --> 00:03:10,290
We also get this RDP RCE

72
00:03:10,290 --> 00:03:13,530
or also known as the Blue Keep attack.

73
00:03:13,530 --> 00:03:15,300
And as you can see right here,

74
00:03:15,300 --> 00:03:17,400
this attack is relatively new.

75
00:03:17,400 --> 00:03:19,770
It's from 2019.

76
00:03:19,770 --> 00:03:22,530
So for example, if there was anyone running Window 7

77
00:03:22,530 --> 00:03:26,700
that hasn't updated their machine since 2019,

78
00:03:26,700 --> 00:03:29,310
they are vulnerable to this attack.

79
00:03:29,310 --> 00:03:32,220
This attack exploits remote desktop protocol

80
00:03:32,220 --> 00:03:35,730
which is running over the port 3389.

81
00:03:35,730 --> 00:03:36,690
Cool, right?

82
00:03:36,690 --> 00:03:38,820
We manage to discover vulnerabilities

83
00:03:38,820 --> 00:03:43,020
and critical vulnerabilities for the Windows 7 machine.

84
00:03:43,020 --> 00:03:45,330
This NASA tool is really amazing.

85
00:03:45,330 --> 00:03:48,270
However, there are also some vulnerabilities

86
00:03:48,270 --> 00:03:51,000
that it didn't manage to find.

87
00:03:51,000 --> 00:03:54,660
And I'm talking about really high vulnerabilities.

88
00:03:54,660 --> 00:03:56,340
So it is finally time.

89
00:03:56,340 --> 00:03:57,480
In the next section,

90
00:03:57,480 --> 00:03:58,350
we're going to see

91
00:03:58,350 --> 00:04:01,350
how we can exploit bunch of these vulnerabilities.

92
00:04:01,350 --> 00:04:03,240
How we can gain access to the target,

93
00:04:03,240 --> 00:04:05,310
steal information from the target.

94
00:04:05,310 --> 00:04:06,143
We'll see also

95
00:04:06,143 --> 00:04:08,040
how we can maintain access on the target

96
00:04:08,040 --> 00:04:11,430
and we will see how we can cover our tracks.

97
00:04:11,430 --> 00:04:13,683
See you in the exploitation section.