1
00:00:00,900 --> 00:00:07,540
Now we are going to have more advanced look at my desk and we are going to see how to use it to exploit

2
00:00:07,540 --> 00:00:10,790
the winnability that exist in the service.

3
00:00:11,430 --> 00:00:16,600
It is a code execution venerability that will give us full access to the computer target.

4
00:00:17,160 --> 00:00:23,970
Now, going back to over the resulting map, we are going to do the same thing that we did before we

5
00:00:23,970 --> 00:00:28,290
copy the service name and see whether it has anyone ability or not.

6
00:00:28,650 --> 00:00:36,720
OK, so now we will look at the number one three nine, which has a service and three dots, just like

7
00:00:36,720 --> 00:00:38,690
the previous video section.

8
00:00:38,970 --> 00:00:42,390
We are going to go to Google and search for.

9
00:00:43,770 --> 00:00:48,270
OK, first of all, let me open a browser and hear.

10
00:00:52,770 --> 00:00:55,710
It will take some time actually opening it first time.

11
00:00:57,020 --> 00:01:01,340
OK, so now we are having here this particular browser.

12
00:01:01,380 --> 00:01:06,770
So what I'm going to do here is I'm going to type Google dot com and so I've been looking into you.

13
00:01:06,900 --> 00:01:09,160
You'll see this Google search engine.

14
00:01:09,350 --> 00:01:11,510
So now I'm going to search some.

15
00:01:14,690 --> 00:01:16,550
Three ex.

16
00:01:17,770 --> 00:01:20,430
X-Rite and Jitender.

17
00:01:22,060 --> 00:01:27,510
So what happened here is we will see that there are a number of reasons, but we are interested in rapid

18
00:01:27,520 --> 00:01:29,920
seven, OK, rapid seven.

19
00:01:29,950 --> 00:01:33,130
OK, so number seven is a company that makes them a desperate family.

20
00:01:33,220 --> 00:01:39,860
So that's why we choose this particular exploit their service, choosing this particular exploit.

21
00:01:40,540 --> 00:01:41,490
Okay.

22
00:01:41,530 --> 00:01:44,170
Did you do this one at seven?

23
00:01:45,460 --> 00:01:46,120
Sumba.

24
00:01:47,260 --> 00:01:49,570
OK, that's all we have to do in this particular.

25
00:01:52,060 --> 00:01:52,930
Website.

26
00:01:52,960 --> 00:01:56,650
OK, so this is the next flight that we have here.

27
00:01:57,100 --> 00:02:02,760
OK, so the next thing that I want to do it is I'm going to simply open our terminal window.

28
00:02:02,800 --> 00:02:09,720
So first to what the next thing that I'm going to do here is I'm going to simply look.

29
00:02:22,780 --> 00:02:26,760
It is not working properly, actually, so it is creating some problem.

30
00:02:28,740 --> 00:02:33,380
OK, so next to them, we just good this, OK, so opening this Domhnall window.

31
00:02:34,240 --> 00:02:41,470
And let's see what I'm doing to do this and when to zoom it off, assuming it, I'm going to type a

32
00:02:41,470 --> 00:02:45,010
massive console and hutting and.

33
00:02:46,670 --> 00:02:55,340
So what it will do, it will simply open up a framework for us with the help that we can perform this

34
00:02:55,340 --> 00:03:01,310
particular attack, so it will take some time because it is a huge framework, as I have told you earlier,

35
00:03:01,310 --> 00:03:03,450
that it is a huge framework.

36
00:03:03,470 --> 00:03:09,850
So the command idea going to you simply, we are going to type, use, exploit multi sumba, use a map.

37
00:03:10,310 --> 00:03:15,440
So this is the name of this particular exploit so that we are going to use.

38
00:03:16,010 --> 00:03:16,540
OK.

39
00:03:16,580 --> 00:03:19,940
So as you can see, that is starting to Desplat framework console.

40
00:03:20,090 --> 00:03:21,110
It will take some time.

41
00:03:21,290 --> 00:03:23,330
You have to wait till the completion of this.

42
00:03:27,460 --> 00:03:31,960
And as you can see, that we successfully completed this particular process.

43
00:03:32,000 --> 00:03:36,290
Now what I'm going to do is I'm going to use, use, exploit.

44
00:03:37,590 --> 00:03:38,460
Marty.

45
00:03:40,230 --> 00:03:41,180
Sumba.

46
00:03:43,640 --> 00:03:44,480
Use a map.

47
00:03:47,940 --> 00:03:53,730
OK, is this script now hit enter so often and I can see that we are inside it.

48
00:03:53,760 --> 00:03:58,300
OK, so we are currently or no no put it up in default.

49
00:03:58,320 --> 00:03:59,890
CMT focus.

50
00:03:59,910 --> 00:04:01,590
So currently I'm OK.

51
00:04:01,650 --> 00:04:02,460
We are inside this.

52
00:04:02,460 --> 00:04:05,430
So this thing that I'm going to do, I'm going to do so options.

53
00:04:06,090 --> 00:04:09,610
And besides, you can see that this is swing us the opposite.

54
00:04:09,630 --> 00:04:16,980
OK, so what we are going to do here is we are going to simply set something, OK, so we are going

55
00:04:16,980 --> 00:04:22,520
to set something that is as you can see, this is the holster, okay.

56
00:04:22,540 --> 00:04:24,430
Which is always disembody.

57
00:04:24,480 --> 00:04:29,000
So I'm going to select those host, which is the IP address of Target.

58
00:04:29,010 --> 00:04:33,300
So what are the IP does I need to see what is the IP address of Target.

59
00:04:35,850 --> 00:04:37,890
So this is the targeted machine that.

60
00:04:39,420 --> 00:04:50,730
We are having is it does this suspend to gift and so this is IP address now again, sort of since as

61
00:04:50,730 --> 00:04:56,850
you can see that dot, which is being said now, it's time, as you can see, for disconnect now at

62
00:04:56,850 --> 00:05:01,920
Hostess's IP address as well as Iapetus of Aromasin.

63
00:05:03,560 --> 00:05:07,460
So what I'm going to do is I'm going to see.

64
00:05:09,450 --> 00:05:15,480
Some payloads also, so why we need Volodia, so in the proceeding we do, we need a bad dude that was

65
00:05:15,480 --> 00:05:17,340
already installed on their target computer.

66
00:05:17,350 --> 00:05:23,160
So all we had to do was connect to the backboard and then we could run analytics on that particular

67
00:05:23,160 --> 00:05:25,970
operating system on or on that particular system.

68
00:05:25,980 --> 00:05:29,280
But in this video, the computer does not have a backbone.

69
00:05:29,550 --> 00:05:33,910
So it has a normal program that has a command ability and buffer overflow.

70
00:05:34,260 --> 00:05:37,650
So the program does not have any code that allows us to run Linux.

71
00:05:37,650 --> 00:05:38,010
Come on.

72
00:05:38,340 --> 00:05:42,570
So it has a certain flow that will let us on a small piece of code.

73
00:05:42,570 --> 00:05:45,360
And these small piece of coal is called a payload.

74
00:05:45,680 --> 00:05:52,950
OK, so what we need to do is to create a pilot and then run it on to the computer using the winnability

75
00:05:52,950 --> 00:05:59,520
that we found and the PS4 and the piece of code will allow us to do is it's a different thing.

76
00:05:59,600 --> 00:06:02,550
OK, so there are various types of people.

77
00:06:02,880 --> 00:06:12,240
So we will look at in the future and that might lead us to do is come on and we can run the field also.

78
00:06:12,870 --> 00:06:17,850
So before running it, I need to figure out each and everything is correct or not.

79
00:06:18,970 --> 00:06:24,580
OK, El Al host is now Boat No.

80
00:06:26,010 --> 00:06:28,380
Alpert is correct and both.

81
00:06:30,130 --> 00:06:36,180
OK, I think everything is working fine, so I'm going to just type so payload.

82
00:06:38,230 --> 00:06:39,070
And soft.

83
00:06:39,340 --> 00:06:45,040
And as you can find that we are having these many payloads, well, when you scroll it up, you will

84
00:06:45,040 --> 00:06:46,930
see these computers that we have here.

85
00:06:47,990 --> 00:06:55,540
So now the fellows are the small piece of code that will be executed on a target computer once the winnability

86
00:06:55,540 --> 00:06:56,620
has been exploited.

87
00:06:57,010 --> 00:07:01,770
When we exploit the vulnerability, the code that we are going to pick will be executed.

88
00:07:02,110 --> 00:07:07,300
Now, depending on the type of payload we choose, the payload will do something that is useful to us

89
00:07:07,870 --> 00:07:10,980
so we can see that all the payloads come online.

90
00:07:10,990 --> 00:07:14,950
So they let us run our command on that computer.

91
00:07:15,190 --> 00:07:17,730
So there are two types of first.

92
00:07:17,830 --> 00:07:19,940
One is buying payload and the second one is robust payload.

93
00:07:20,110 --> 00:07:25,480
So if we talk about buying payload, so they open the port on the target computer and then we connect

94
00:07:25,840 --> 00:07:27,970
to that particular port, but.

95
00:07:28,970 --> 00:07:34,430
Let's talk about reverse payload, reverse payload is opposed to the payload, they open the port in

96
00:07:34,430 --> 00:07:37,730
our machine and then disconnect from the target computer.

97
00:07:38,570 --> 00:07:44,630
So this payload is useful because this allows us to bypass firewalls, firewalls, filter any connection

98
00:07:44,630 --> 00:07:45,950
going to that attack machine.

99
00:07:46,250 --> 00:07:53,540
And but if the target machine connect to us and we don't have a firewall, then we will be able to bypass

100
00:07:53,540 --> 00:07:54,080
the firewall.

101
00:07:54,570 --> 00:07:55,650
OK, is this correct?

102
00:07:55,670 --> 00:07:59,110
Now, what I'm going to do here is to set the payload.

103
00:07:59,110 --> 00:08:02,210
So for setting the payload, I'm going to use said.

104
00:08:03,370 --> 00:08:03,910
Pillared.

105
00:08:04,960 --> 00:08:05,690
Is this correct?

106
00:08:05,740 --> 00:08:06,740
Now, Commander?

107
00:08:06,790 --> 00:08:11,050
I'm going to use order that I'm going to use ACMD Unix.

108
00:08:13,210 --> 00:08:13,930
Retrievals.

109
00:08:15,690 --> 00:08:16,470
Nutcake.

110
00:08:17,480 --> 00:08:24,200
OK, this is the payload, not enter, so operating, and as you can see, that we have successfully

111
00:08:24,200 --> 00:08:25,100
selected the payload.

112
00:08:25,340 --> 00:08:28,250
OK, so the next thing that I'm going to do is so.

113
00:08:29,680 --> 00:08:30,580
Options.

114
00:08:32,090 --> 00:08:37,100
So getting it done now, let's see what we are having here is.

115
00:08:38,630 --> 00:08:39,280
OK.

116
00:08:41,940 --> 00:08:43,200
Let me scroll it up.

117
00:08:44,970 --> 00:08:50,380
Marty Sambor, if motivation is discouraged, is going to Dysport, no.

118
00:08:50,910 --> 00:08:54,900
And this is the host of mine and this is Albert.

119
00:08:55,360 --> 00:08:58,260
Okay, I think everything is looking very fine.

120
00:08:58,260 --> 00:09:02,970
So the next thing that I'm going to do is I'm going to simply.

121
00:09:05,310 --> 00:09:06,810
User like.

122
00:09:07,970 --> 00:09:14,390
Said, First of all, I need to search the airport, which is fight, fight, fight, fight.

123
00:09:14,430 --> 00:09:17,150
OK, now again, so.

124
00:09:18,580 --> 00:09:24,570
Options here so that you can see that we have successfully set our host.

125
00:09:25,850 --> 00:09:27,920
Airport closed airport.

126
00:09:27,980 --> 00:09:33,430
OK, now what I'm going to do is and I'm just simply going to exploit this period.

127
00:09:34,570 --> 00:09:40,300
It enter so often hitting enter, as you can see, that the next thing that I'm going to do is I'm going

128
00:09:40,300 --> 00:09:42,110
to sue the current Wilkening directly.

129
00:09:42,510 --> 00:09:45,260
Now, we are currently inside the route now.

130
00:09:46,090 --> 00:09:47,280
It will tell us the Idy.

131
00:09:47,560 --> 00:09:51,150
So this is the ID and I want to know your name.

132
00:09:51,280 --> 00:09:54,370
So this is a second we exploit anyone ability.

133
00:09:56,880 --> 00:10:01,900
So this as a user name, and now I want to see how many files inside does so indirectly.

134
00:10:01,940 --> 00:10:03,640
So these are the files that we have inside it.

135
00:10:03,930 --> 00:10:06,650
So this is how you can find winnability using Zend map.

136
00:10:07,380 --> 00:10:16,320
So the basic process here is you open the map and the target IP address and all of the IP address,

137
00:10:16,320 --> 00:10:18,240
you will find there are some open ports.

138
00:10:18,290 --> 00:10:25,410
OK, so after seeing some open borders, you just Google them and learn about them and see how many,

139
00:10:25,650 --> 00:10:28,650
what kind of exploits and what kind of pillars of.

140
00:10:29,340 --> 00:10:35,520
And after taking all this information, you can exploit that particular vulnerability or what what kind

141
00:10:35,520 --> 00:10:37,270
of credibility it contains inside it.

142
00:10:37,500 --> 00:10:39,410
I'm talking about ports, OK?

143
00:10:39,480 --> 00:10:41,900
So this is how we can exploit all kinds of unknowability.

144
00:10:42,120 --> 00:10:43,600
So this is all for this lecture.

145
00:10:43,990 --> 00:10:45,510
So what in this lecture?