1
00:00:00,690 --> 00:00:01,890
Instructor: Welcome back.

2
00:00:01,890 --> 00:00:04,680
It is time we switch things up a little bit

3
00:00:04,680 --> 00:00:07,170
and move on to a different target.

4
00:00:07,170 --> 00:00:09,030
For the next few videos,

5
00:00:09,030 --> 00:00:12,750
we are going to be attacking Windows 7 machine.

6
00:00:12,750 --> 00:00:15,960
And the difference between exploit and Windows 7

7
00:00:15,960 --> 00:00:18,180
and the Metasploitable that we were attacking

8
00:00:18,180 --> 00:00:19,650
in the past few videos,

9
00:00:19,650 --> 00:00:21,690
is inside of Windows 7,

10
00:00:21,690 --> 00:00:25,530
we are not going to install any additional software.

11
00:00:25,530 --> 00:00:27,510
So these exploits will work

12
00:00:27,510 --> 00:00:29,640
on anyone that uses Windows 7

13
00:00:29,640 --> 00:00:32,610
and hasn't updated their operating system,

14
00:00:32,610 --> 00:00:34,500
which is most likely everyone running

15
00:00:34,500 --> 00:00:37,020
some pirated version of Windows.

16
00:00:37,020 --> 00:00:41,130
For this, you'll need to install Windows 7 virtual machine.

17
00:00:41,130 --> 00:00:43,140
And I got mine right here.

18
00:00:43,140 --> 00:00:45,270
It is currently up and running,

19
00:00:45,270 --> 00:00:46,680
and you will need to install them

20
00:00:46,680 --> 00:00:49,620
inside of your VirtualBox first.

21
00:00:49,620 --> 00:00:51,060
You can take a look at YouTube

22
00:00:51,060 --> 00:00:53,490
how you can download Windows 7 ISO file,

23
00:00:53,490 --> 00:00:56,340
since the ISO file is something that you will need

24
00:00:56,340 --> 00:00:59,340
for the installation of VirtualBox Windows machine.

25
00:00:59,340 --> 00:01:00,570
And if you can,

26
00:01:00,570 --> 00:01:04,530
try to download the 64-bit version of Windows 7.

27
00:01:04,530 --> 00:01:06,600
Once you get the ISO file,

28
00:01:06,600 --> 00:01:09,750
the installation process is rather easy.

29
00:01:09,750 --> 00:01:14,310
Just go to the VirtualBox, then click on New right here.

30
00:01:14,310 --> 00:01:15,870
You can type in anything you want.

31
00:01:15,870 --> 00:01:19,080
You can call it Windows 7.

32
00:01:19,080 --> 00:01:21,300
You can select right here which version you got,

33
00:01:21,300 --> 00:01:24,270
either 32-bit or 64-bit.

34
00:01:24,270 --> 00:01:26,673
And once you select it, click on Next.

35
00:01:27,510 --> 00:01:28,410
Let me just see it right here.

36
00:01:28,410 --> 00:01:30,810
Cannot create, this folder already exists.

37
00:01:30,810 --> 00:01:32,340
Yeah, this folder already exists

38
00:01:32,340 --> 00:01:35,460
because I have already created the Windows 7 machine.

39
00:01:35,460 --> 00:01:38,580
But if I call it, for example, Windows 77

40
00:01:38,580 --> 00:01:41,640
just so I can change the name of the virtual machine,

41
00:01:41,640 --> 00:01:43,080
click on Next.

42
00:01:43,080 --> 00:01:45,510
Here what you want to do is you want to add

43
00:01:45,510 --> 00:01:47,760
at least two gigabytes of RAM.

44
00:01:47,760 --> 00:01:50,400
Now, in case you don't have two gigabytes of RAM,

45
00:01:50,400 --> 00:01:52,770
feel free to add one gigabyte.

46
00:01:52,770 --> 00:01:56,070
But in that case, I'm not sure whether it'll work

47
00:01:56,070 --> 00:01:58,530
since I haven't really tried it.

48
00:01:58,530 --> 00:02:00,300
Once you create the virtual machine

49
00:02:00,300 --> 00:02:03,000
and set the RAM, you can click on Next.

50
00:02:03,000 --> 00:02:06,210
Right here select Create the virtual hard disk now,

51
00:02:06,210 --> 00:02:08,220
click on Next, Next, Next.

52
00:02:08,220 --> 00:02:10,680
Here, you can select the hard disk size.

53
00:02:10,680 --> 00:02:11,820
You don't need to go too much.

54
00:02:11,820 --> 00:02:14,550
You can just choose something like 20 to 30 gigabytes,

55
00:02:14,550 --> 00:02:17,250
click on Create, and your virtual machine

56
00:02:17,250 --> 00:02:18,480
will be right here.

57
00:02:18,480 --> 00:02:19,560
Once you do all of that,

58
00:02:19,560 --> 00:02:22,200
there are just a few more settings that you need to set up.

59
00:02:22,200 --> 00:02:24,843
So just go right here onto the settings.

60
00:02:26,280 --> 00:02:27,870
And in the storage,

61
00:02:27,870 --> 00:02:31,350
you want to delete this Empty right here.

62
00:02:31,350 --> 00:02:33,060
And under the Controller,

63
00:02:33,060 --> 00:02:36,270
you want to add the Windows ISO file.

64
00:02:36,270 --> 00:02:37,890
So in my case here is mine,

65
00:02:37,890 --> 00:02:41,550
windows_7_ultimate_x64.iso.

66
00:02:41,550 --> 00:02:43,140
I would choose that one,

67
00:02:43,140 --> 00:02:45,420
and then I would proceed to the Network settings

68
00:02:45,420 --> 00:02:49,380
and change from the NAT to the Breached Adapter.

69
00:02:49,380 --> 00:02:53,220
Select your adapter right here and click on Create.

70
00:02:53,220 --> 00:02:54,900
After you do all of this,

71
00:02:54,900 --> 00:02:58,260
you can start your process of installing Windows 7.

72
00:02:58,260 --> 00:03:01,230
And the process is rather easy as I already mentioned.

73
00:03:01,230 --> 00:03:03,090
However, there is one important step

74
00:03:03,090 --> 00:03:05,280
that we need to pay attention to.

75
00:03:05,280 --> 00:03:08,070
And I got the screenshot of that step

76
00:03:08,070 --> 00:03:09,843
right here on my desktop.

77
00:03:11,100 --> 00:03:12,000
As far as I remember,

78
00:03:12,000 --> 00:03:13,200
this step happens

79
00:03:13,200 --> 00:03:15,600
I believe at the very end of installation.

80
00:03:15,600 --> 00:03:19,590
And here it asks us help protect your computer

81
00:03:19,590 --> 00:03:22,260
and improve Windows automatically.

82
00:03:22,260 --> 00:03:24,240
Here we want to select the last option,

83
00:03:24,240 --> 00:03:25,980
which is Ask me later.

84
00:03:25,980 --> 00:03:27,690
It says for that option

85
00:03:27,690 --> 00:03:30,600
until you decide your computer might be vulnerable

86
00:03:30,600 --> 00:03:32,700
to security threats.

87
00:03:32,700 --> 00:03:34,560
And by selecting this,

88
00:03:34,560 --> 00:03:37,710
we are simulating a vulnerable Windows 7 machine

89
00:03:37,710 --> 00:03:40,800
that wasn't regularly updated.

90
00:03:40,800 --> 00:03:43,920
Once you do all of this, you should be ready to go.

91
00:03:43,920 --> 00:03:46,260
The other steps of installation are not important.

92
00:03:46,260 --> 00:03:48,690
Just remember once you get to this step,

93
00:03:48,690 --> 00:03:51,060
select Ask me later.

94
00:03:51,060 --> 00:03:54,930
Okay, so right now I got both of these machines

95
00:03:54,930 --> 00:03:55,830
up and running.

96
00:03:55,830 --> 00:03:58,140
I got Kali Linux and Windows 7.

97
00:03:58,140 --> 00:04:02,160
And if I go to my VirtualBox right here.

98
00:04:02,160 --> 00:04:05,070
And besides this Window 77 machine right here

99
00:04:05,070 --> 00:04:06,210
that I created right now,

100
00:04:06,210 --> 00:04:08,460
so I will just delete it

101
00:04:08,460 --> 00:04:11,850
since I don't really need two Windows 7 machines.

102
00:04:11,850 --> 00:04:16,260
Besides it, you will see I got these two Windows 7 machines.

103
00:04:16,260 --> 00:04:21,060
So I got Windows 7 32-bit and Windows 7 64-bit.

104
00:04:21,060 --> 00:04:25,680
And both are installed with a different ISO file.

105
00:04:25,680 --> 00:04:27,870
And the reason why I got two of them

106
00:04:27,870 --> 00:04:29,220
is just to show you that

107
00:04:29,220 --> 00:04:33,090
sometimes some of the exploits won't work.

108
00:04:33,090 --> 00:04:35,040
And that doesn't mean you didn't perform

109
00:04:35,040 --> 00:04:36,510
the exploit correctly,

110
00:04:36,510 --> 00:04:39,810
it's just that sometimes they just don't work.

111
00:04:39,810 --> 00:04:42,630
Whether it is due to architecture or some Windows update,

112
00:04:42,630 --> 00:04:43,920
it doesn't matter.

113
00:04:43,920 --> 00:04:46,050
Just you will see that, for example,

114
00:04:46,050 --> 00:04:49,320
some of the exploits will work on this version of Windows 7,

115
00:04:49,320 --> 00:04:51,663
but on this one it will not work.

116
00:04:52,500 --> 00:04:55,260
Now there is also one thing that we must do

117
00:04:55,260 --> 00:04:58,650
on the target machine before we actually attack it.

118
00:04:58,650 --> 00:05:00,780
So once you install Windows 7

119
00:05:00,780 --> 00:05:03,750
and you have it up and running, go to it.

120
00:05:03,750 --> 00:05:05,130
And from the desktop

121
00:05:05,130 --> 00:05:07,593
you want to type control panel.

122
00:05:09,090 --> 00:05:11,070
And in the Control Panel,

123
00:05:11,070 --> 00:05:13,467
we want to disable the firewall.

124
00:05:13,467 --> 00:05:16,170
The reason we do that is because the attack

125
00:05:16,170 --> 00:05:17,670
that we are going to perform

126
00:05:17,670 --> 00:05:19,920
target port for 445,

127
00:05:19,920 --> 00:05:22,890
which is by default open on Windows machines.

128
00:05:22,890 --> 00:05:27,120
However, it is also by default being filtered by firewall.

129
00:05:27,120 --> 00:05:29,070
That is automatically on

130
00:05:29,070 --> 00:05:31,500
every time you install a Windows machine.

131
00:05:31,500 --> 00:05:33,960
So for our exploits to work,

132
00:05:33,960 --> 00:05:37,770
target has to have that port unfiltered by the firewall

133
00:05:37,770 --> 00:05:40,290
for us to be able to exploit it in.

134
00:05:40,290 --> 00:05:42,510
In companies and larger networks,

135
00:05:42,510 --> 00:05:44,640
that usually is the case.

136
00:05:44,640 --> 00:05:48,810
This port will be open and unfiltered, why?

137
00:05:48,810 --> 00:05:50,880
Well, because it is SMB protocol

138
00:05:50,880 --> 00:05:52,523
or Server Message Block protocol.

139
00:05:52,523 --> 00:05:55,200
It is used in network file sharing

140
00:05:55,200 --> 00:05:57,720
and it allows applications on the the computer

141
00:05:57,720 --> 00:05:59,670
to read and write the files

142
00:05:59,670 --> 00:06:02,370
and to request services from server programs

143
00:06:02,370 --> 00:06:04,170
in a computer network.

144
00:06:04,170 --> 00:06:06,960
It is basically used for different directory access

145
00:06:06,960 --> 00:06:10,650
or for printer access or something similar.

146
00:06:10,650 --> 00:06:13,290
That's why it is usually open inside companies

147
00:06:13,290 --> 00:06:16,380
without any firewall whatsoever.

148
00:06:16,380 --> 00:06:18,120
Let me show you what I mean.

149
00:06:18,120 --> 00:06:22,230
If I go right here and under the System and Security,

150
00:06:22,230 --> 00:06:24,390
I click on Windows Firewall,

151
00:06:24,390 --> 00:06:26,610
I already have it disabled.

152
00:06:26,610 --> 00:06:29,760
But by default, you should have it like this.

153
00:06:29,760 --> 00:06:31,910
So you should have firewall up and running.

154
00:06:33,060 --> 00:06:35,610
If I leave the firewall up and running,

155
00:06:35,610 --> 00:06:39,900
and I go to my Kali Linux machine and scan it real fast,

156
00:06:39,900 --> 00:06:43,380
so sudo nmap, we're going to use the SYN Scan.

157
00:06:43,380 --> 00:06:44,820
In order for this to work,

158
00:06:44,820 --> 00:06:48,270
I need to know the IP address of my Windows 7 machine.

159
00:06:48,270 --> 00:06:51,180
So I'll just type ipconfig inside of the Command Prompt

160
00:06:51,180 --> 00:06:56,180
and it'll tell me it's 192.168.1.8.

161
00:06:56,280 --> 00:06:59,673
So if I go back and scan the IP address,

162
00:07:02,250 --> 00:07:03,633
input my password,

163
00:07:05,370 --> 00:07:08,580
this scan shouldn't take more than just a few seconds.

164
00:07:08,580 --> 00:07:12,660
And you will see right here that these ports are open.

165
00:07:12,660 --> 00:07:16,170
But for you they will probably not be open, why?

166
00:07:16,170 --> 00:07:19,830
Well, because you haven't really disabled the firewall yet.

167
00:07:19,830 --> 00:07:22,650
So even though I scan it right now once again

168
00:07:22,650 --> 00:07:25,050
while the firewall is on,

169
00:07:25,050 --> 00:07:27,090
you can see in the scanned results

170
00:07:27,090 --> 00:07:29,730
ports are set to be open.

171
00:07:29,730 --> 00:07:31,080
What you are going to see,

172
00:07:31,080 --> 00:07:33,630
in case you haven't disabled the firewall already,

173
00:07:33,630 --> 00:07:38,280
is you will most likely see 1000 ports filtered.

174
00:07:38,280 --> 00:07:41,940
And to fix that, what you can do is go right here,

175
00:07:41,940 --> 00:07:44,703
click on Turn Windows Firewall on or off,

176
00:07:45,810 --> 00:07:49,020
then select right here Turn off Windows Firewall,

177
00:07:49,020 --> 00:07:52,830
and Turn off Windows Firewall in the second option as well.

178
00:07:52,830 --> 00:07:53,793
Click on OK.

179
00:07:54,630 --> 00:07:57,150
And now the firewall is off.

180
00:07:57,150 --> 00:08:00,210
Now if you go and perform the scan once again,

181
00:08:00,210 --> 00:08:02,640
for me, I will have the same results.

182
00:08:02,640 --> 00:08:06,870
But for you, you will have much more ports open.

183
00:08:06,870 --> 00:08:09,330
And I also get some ports open

184
00:08:09,330 --> 00:08:12,090
that weren't open once the firewall was enabled.

185
00:08:12,090 --> 00:08:13,590
Besides all of those ports,

186
00:08:13,590 --> 00:08:17,430
you should also see the port 139 being open

187
00:08:17,430 --> 00:08:20,203
and the port 445 being open.

188
00:08:20,203 --> 00:08:23,190
And those are SMB ports.

189
00:08:23,190 --> 00:08:24,900
So the key thing to get from this

190
00:08:24,900 --> 00:08:27,720
is go to the Windows and disable the firewall.

191
00:08:27,720 --> 00:08:30,690
Once again, Control Panel, System and Security,

192
00:08:30,690 --> 00:08:33,090
and then Windows Firewall.

193
00:08:33,090 --> 00:08:36,240
After you do all of that, you are ready to go.

194
00:08:36,240 --> 00:08:38,520
In the next video, we are going to see

195
00:08:38,520 --> 00:08:41,880
how to perform one of the most known recent exploits

196
00:08:41,880 --> 00:08:43,673
called EternalBlue.

197
00:08:43,673 --> 00:08:44,973
See you in the next video.