1
00:00:00,240 --> 00:00:06,920
So in this section, what we are seeing here is how to attack such a site now to do this.

2
00:00:06,930 --> 00:00:13,320
First, we are going to use information gathering, which is used to so us the install program operating

3
00:00:13,320 --> 00:00:19,770
system on the target system and running services on the target and put associated with these services

4
00:00:20,130 --> 00:00:21,870
from these installed services.

5
00:00:21,870 --> 00:00:24,440
We can try and get into the system.

6
00:00:25,260 --> 00:00:28,300
We can do this by trying the default passwords also.

7
00:00:28,410 --> 00:00:32,520
So there is a lot of people that install services and configure them.

8
00:00:32,850 --> 00:00:35,920
So we will have another example of this as well.

9
00:00:36,450 --> 00:00:42,960
So the first problem with these services is that sometimes a lot of services are designed to give someone

10
00:00:43,270 --> 00:00:49,970
remote access to that computer, but they obviously need to have some security implementations.

11
00:00:50,460 --> 00:00:57,090
People often miss configure these services so we can take advantage of these misconfiguration and gain

12
00:00:57,090 --> 00:00:58,720
access to these computers.

13
00:00:59,370 --> 00:01:04,630
And the problem with these services is that some of them might even have bad news.

14
00:01:05,070 --> 00:01:13,590
A lot of them will have winnability like remote before overflow code execution, winnability, and this

15
00:01:13,590 --> 00:01:16,560
will allow us to gain full access to the computer system.

16
00:01:17,130 --> 00:01:23,620
So the simplest way of doing this is something that we have already seen, which is Zinnemann.

17
00:01:24,120 --> 00:01:32,070
So we use MAP with the IP on the Web site using ZENN map, we will get a list of all the services and

18
00:01:32,070 --> 00:01:36,900
then Google each one of them to see if they contain any vulnerabilities.

19
00:01:37,530 --> 00:01:42,420
We have seen before that the actual device is actually a website.

20
00:01:43,020 --> 00:01:46,920
If we want to get the IP of the website, we have to do.

21
00:01:47,790 --> 00:01:55,560
For example, if we want to get the IP on Facebook, so we have to ping Facebook dot com and we will

22
00:01:55,560 --> 00:01:57,360
get their IP now.

23
00:01:58,410 --> 00:02:04,980
We will be able to rensin map against Facebook IP and get a list of all the services on Facebook, but

24
00:02:04,980 --> 00:02:11,340
in the section we are going to rinse and map made multispectral device, which basically a computer

25
00:02:11,340 --> 00:02:11,700
device.

26
00:02:11,730 --> 00:02:18,240
OK, so we are going to meet this war ZENN map in the same way as we did before.

27
00:02:19,550 --> 00:02:22,160
To open the map, we will open the terminal.

28
00:02:23,750 --> 00:02:24,330
And.

29
00:02:26,110 --> 00:02:31,130
Let's zoom it first and type here, Zend map, OK, and hit enter.

30
00:02:32,020 --> 00:02:35,680
So now we will bring up the application.

31
00:02:36,070 --> 00:02:40,030
OK, so we can put any IP, which we want to test.

32
00:02:40,040 --> 00:02:48,330
But in this video, we are going to enter the IP target of the device, which is then the to door.

33
00:02:49,130 --> 00:02:57,310
OK, so we are going to scan and then this will give us a list of all the install applications.

34
00:02:57,340 --> 00:03:01,180
OK, so we are going to do intensive scan and hit on a scan.

35
00:03:01,370 --> 00:03:02,650
It will take some time.

36
00:03:03,400 --> 00:03:06,180
Not more than two to three minutes, but it will take some time.

37
00:03:08,750 --> 00:03:11,600
So you have to wait till the completion of all these things.

38
00:03:12,630 --> 00:03:14,370
OK, you have to wait.

39
00:03:16,810 --> 00:03:18,250
Because it's going to.

40
00:03:19,190 --> 00:03:25,500
A can, a limitless electoral device, or we can see a virtual machine, so it will take some time.

41
00:03:25,910 --> 00:03:32,510
So please make sure that your calendar next multispectral device should be in the same network, which

42
00:03:32,510 --> 00:03:33,560
is not OK.

43
00:03:34,010 --> 00:03:35,630
So this varies.

44
00:03:36,230 --> 00:03:42,650
It will be very easy for us to understand how all these attacks and how to perform all these attacks.

45
00:03:43,100 --> 00:03:51,560
OK, so as you can see that the scan is running and we are having here and map output so we can see

46
00:03:51,560 --> 00:03:57,570
the output and we have both source topologies whose details and is.

47
00:03:58,640 --> 00:04:02,900
So we are here inside the unmap output.

48
00:04:02,900 --> 00:04:09,630
So whatever it will is scan, it will come inside this particular tape, which is an output.

49
00:04:10,160 --> 00:04:13,040
So this is for operating system.

50
00:04:13,040 --> 00:04:15,880
This is for all services host, OK.

51
00:04:17,310 --> 00:04:22,050
So you have to wait till the completion of all this process, because it is a scanning something and

52
00:04:22,050 --> 00:04:23,210
it will take some time.

53
00:04:23,220 --> 00:04:26,820
So let's see here next ping.

54
00:04:28,540 --> 00:04:30,490
OK, OK, OK, OK, I.

55
00:04:34,950 --> 00:04:36,440
Need to open it again.

56
00:04:37,540 --> 00:04:38,440
ZENN map.

57
00:04:39,400 --> 00:04:43,240
OK, so now not typed in door to door and heading to.

58
00:04:44,980 --> 00:04:48,370
So it will start scanning, so this is a road map.

59
00:04:48,410 --> 00:04:49,600
So this is the.

60
00:04:51,630 --> 00:04:57,100
God, all this is what we can see the syntax of doing intensive scan when you're using an map.

61
00:04:57,140 --> 00:05:01,770
OK, so this is what we get from the scan machine.

62
00:05:01,830 --> 00:05:04,290
OK, so this is what you can see here.

63
00:05:05,320 --> 00:05:13,150
So the process is going on, so you have to wait till the financing of this because we need some very

64
00:05:13,780 --> 00:05:17,120
important and juicy data from this particular scam.

65
00:05:17,150 --> 00:05:19,750
So we have to wait till the completion of all this process.

66
00:05:20,140 --> 00:05:22,490
So we are having a port or topologies.

67
00:05:22,490 --> 00:05:27,310
So we are not having anything inside all of these tabs.

68
00:05:28,020 --> 00:05:29,110
OK, so this is the.

69
00:05:30,100 --> 00:05:37,660
We this is the way to scan and map, so just click on and map output, let's see.

70
00:05:37,990 --> 00:05:38,710
Is it.

71
00:05:40,570 --> 00:05:42,200
Completed or not?

72
00:05:43,170 --> 00:05:43,500
OK.

73
00:05:44,870 --> 00:05:45,280
OK.

74
00:05:47,730 --> 00:05:51,330
So the information that we want is now completed.

75
00:05:51,360 --> 00:05:56,150
OK, so once the scan is finished, we will have open ports and a lot of services.

76
00:05:56,520 --> 00:06:04,140
Now we will go to and map output and the shake board by board and read for the services and Google the

77
00:06:04,140 --> 00:06:05,880
name of the services, for example.

78
00:06:06,360 --> 00:06:15,660
And what we can do here is we can see we have Potente, which is FPP Port EFTPOS, a type of service

79
00:06:15,660 --> 00:06:20,460
that is installed to allow people to upload and download files from a remote server.

80
00:06:20,880 --> 00:06:28,140
FPP service, which is also called file transfer protocol, usually uses username and password, but

81
00:06:28,140 --> 00:06:34,740
we can see that this service has been mis configured and it allows an anonymous FPP login.

82
00:06:35,040 --> 00:06:39,240
So in this we will be able to login without a password.

83
00:06:39,630 --> 00:06:47,230
OK, so all we have to do is we should download FTP clients such as Fiscella.

84
00:06:47,400 --> 00:06:53,130
Now we will be able to connect using IP address on Potente when we can.

85
00:06:53,130 --> 00:07:03,030
Also Google and FPP server, which is in which is in our case is BSF deeply to dot three, dot four

86
00:07:03,030 --> 00:07:12,660
and see whether it has any issue or if it has any misconfiguration or if it is has any monochord execution

87
00:07:12,660 --> 00:07:14,350
exploit or anything else.

88
00:07:14,580 --> 00:07:21,310
So once we Google this, we can see that we as FPP has Batool installed with it.

89
00:07:21,750 --> 00:07:25,890
It literally came with the back door when it has released.

90
00:07:27,090 --> 00:07:34,570
We need to Google the service one by one and check whether they have any any misconfiguration or any

91
00:07:34,570 --> 00:07:35,460
exploit installed.

92
00:07:35,760 --> 00:07:37,560
Okay, so now look at the port.

93
00:07:37,560 --> 00:07:38,370
No.

94
00:07:39,240 --> 00:07:40,890
Flight one to.

95
00:07:42,770 --> 00:07:45,500
Which is OK, which is, I think, here.

96
00:07:45,540 --> 00:07:47,570
OK, so this is the 5.2.

97
00:07:48,380 --> 00:07:50,960
OK, so this is a post put number five.

98
00:07:51,950 --> 00:07:57,190
So now let's assume we went on them one by one and we could not find anything.

99
00:07:57,200 --> 00:08:00,610
And we reached the number five, went to Turkey.

100
00:08:01,370 --> 00:08:08,810
OK, so now we are going to Google the service that is running on five went to port because we don't

101
00:08:08,810 --> 00:08:10,190
know what it is.

102
00:08:10,520 --> 00:08:16,130
After Googling, we know that net out as it is a remote execution program.

103
00:08:16,610 --> 00:08:22,320
If you managed to login with this, we will be able to execute on the target computer.

104
00:08:22,670 --> 00:08:31,370
So this program uses art as such login, which is a program that starts with Linux similar to SSL.

105
00:08:32,560 --> 00:08:39,110
It allows us to execute remote commands or control on the computer system or the target computer.

106
00:08:39,320 --> 00:08:44,030
So now let's go back and see how we can connect to the OT as such.

107
00:08:44,030 --> 00:08:45,260
Our login service.

108
00:08:45,260 --> 00:08:46,400
Let's look at that.

109
00:08:46,940 --> 00:08:50,420
How to install or how to get net get package.

110
00:08:50,420 --> 00:08:51,770
And we can see that.

111
00:08:52,650 --> 00:08:58,410
The that will divide this open to so the target computer running on one, two, and we can see that

112
00:08:59,190 --> 00:09:02,650
in here, it uses the art as a service to connect.

113
00:09:02,910 --> 00:09:09,060
So we need to install art as such plain package to connect to that service.

114
00:09:09,060 --> 00:09:12,660
And it is a clean program for remote connection.

115
00:09:12,990 --> 00:09:17,850
Now, what are we going to do here is we are going to simply open the terminal window here.

116
00:09:19,650 --> 00:09:20,630
Let's make it zoom.

117
00:09:21,030 --> 00:09:23,490
OK, let's minimize all the windows.

118
00:09:23,520 --> 00:09:31,110
OK, so what we are going to do here is we are going to type, abnegate, install or as such.

119
00:09:33,600 --> 00:09:37,360
So this is the command abnegate is going to install and configured it for us.

120
00:09:37,400 --> 00:09:39,000
OK, now heading into.

121
00:09:41,100 --> 00:09:48,690
So once it installed, we are going to use our log in to log in because the hospital told us that it

122
00:09:48,690 --> 00:09:55,170
uses our logging program to facilitate the logging process, we are going to do our logging again and

123
00:09:55,890 --> 00:10:01,500
we don't know how to use this app so we can choose help like logging.

124
00:10:05,210 --> 00:10:10,580
So this is the baby, how we can use this, so the next thing that I'm going to do here is I'm going

125
00:10:10,580 --> 00:10:15,450
to simply type our login, OK, hyphen.

126
00:10:15,800 --> 00:10:17,180
So what is hyphen L?

127
00:10:17,180 --> 00:10:19,000
Hyphen L is nothing word.

128
00:10:19,450 --> 00:10:21,710
This is the important thing.

129
00:10:21,710 --> 00:10:34,130
Are the user name and host, which is the target IP address and root and ordinator to I think OK five

130
00:10:34,700 --> 00:10:35,540
now hit enter.

131
00:10:36,430 --> 00:10:41,800
So now, as you can see that we are having information related to Target here.

132
00:10:41,870 --> 00:10:45,700
OK, as you can see that we are having the information.

133
00:10:46,940 --> 00:10:48,110
About the target.

134
00:10:48,300 --> 00:10:53,180
OK, so this is the information that we want to get from the target site.

135
00:10:53,210 --> 00:10:57,890
OK, so I log in L and door to door 2.5.

136
00:10:57,890 --> 00:10:58,910
So everything is correct.

137
00:10:58,920 --> 00:11:01,910
So this is information that we want to get from the target site.

138
00:11:02,180 --> 00:11:07,250
So this is the basic manual way of getting access to the target computer by exploiting the misconfiguration

139
00:11:07,490 --> 00:11:09,070
of an install service.

140
00:11:09,350 --> 00:11:12,210
So the login services are not configured properly.

141
00:11:12,530 --> 00:11:13,790
All we had to do.

142
00:11:14,840 --> 00:11:21,890
Just Google what came with that boat, and we managed to log in and gain access to the target computer.

143
00:11:22,430 --> 00:11:23,900
So this is all for this lecture.