1 00:00:00,880 --> 00:00:07,030 ‫So since we were going to see the interpreter command in the post exploitation section in detail, right 2 00:00:07,030 --> 00:00:11,440 ‫now, we're only going to look at a few examples of the basic interpreter commands. 3 00:00:12,850 --> 00:00:17,380 ‫So there are minor differences between Windows and Linux interpreter sessions. 4 00:00:17,980 --> 00:00:21,280 ‫This is why I'd like to show you the interpreter session in both machines. 5 00:00:22,460 --> 00:00:27,440 ‫In our last lecture, we had a maturity session on Metasploit of a Linux machine. 6 00:00:27,950 --> 00:00:31,340 ‫Let's continue to see the basic interpreter commands on that session. 7 00:00:33,150 --> 00:00:39,090 ‫So a good habit to get into is looking at this system info, which is the first command that I run when 8 00:00:39,090 --> 00:00:44,790 ‫I interact with a maturity session just so I can see which system I am in. 9 00:00:46,020 --> 00:00:47,170 ‫Never to double check. 10 00:00:47,190 --> 00:00:48,690 ‫OK, I'm on Metasploit. 11 00:00:49,670 --> 00:00:52,070 ‫Help is the second command I'd like to show. 12 00:00:52,850 --> 00:00:57,110 ‫And surprisingly, it shows the available commands in this miniature session. 13 00:00:58,230 --> 00:01:04,200 ‫Commands are grouped, and we'll talk about it more in the following lectures, but the command names 14 00:01:04,200 --> 00:01:08,760 ‫are at the left hand side in the descriptions of commands are on the right hand side. 15 00:01:09,600 --> 00:01:11,970 ‫And here's another command group anyway. 16 00:01:12,720 --> 00:01:17,490 ‫So first of all, let's see how we can manage interpreter sessions. 17 00:01:18,760 --> 00:01:24,640 ‫If you're in a interpretive session, you can go back to MSF's console with the background command. 18 00:01:25,420 --> 00:01:27,520 ‫And now we're on MSF show. 19 00:01:28,660 --> 00:01:35,530 ‫Sessions L is to list the active sessions now, the sessions may or may not be interpreted as sessions, 20 00:01:35,950 --> 00:01:39,760 ‫but you'll see the session tape in the third column of the Sessions list. 21 00:01:40,630 --> 00:01:46,630 ‫In fact, the sessions command with no parameter lists the sessions as well, so you don't need to use 22 00:01:47,020 --> 00:01:47,950 ‫the L parameter. 23 00:01:48,980 --> 00:01:55,730 ‫The first column of the list shows the ID numbers of the Sessions information column shows the user 24 00:01:55,730 --> 00:02:02,210 ‫and the system connected, and the connection column shows the attacker and the victim systems, IP 25 00:02:02,210 --> 00:02:04,310 ‫addresses and the connected ports. 26 00:02:05,640 --> 00:02:11,130 ‫Use this session's command with the eye parameter to interact with any of these sessions. 27 00:02:11,760 --> 00:02:15,140 ‫Simply give the ID number the session you want to interact with. 28 00:02:16,360 --> 00:02:20,190 ‫And we're in the MetaTrader session of the Metasploit of Linux again. 29 00:02:21,670 --> 00:02:24,730 ‫Now to see our current position in the target system. 30 00:02:25,680 --> 00:02:28,020 ‫We'll use the D command. 31 00:02:29,460 --> 00:02:35,610 ‫OK, if you are familiar with the Linux system, you already know that the command is a standard Linux 32 00:02:35,610 --> 00:02:37,680 ‫command to print working directory. 33 00:02:38,520 --> 00:02:41,380 ‫Well, you're wrong here. 34 00:02:41,400 --> 00:02:47,640 ‫It's a mature predicament, and it runs under the other operating system sessions as well, which I'll 35 00:02:47,640 --> 00:02:48,840 ‫show you in a couple of minutes. 36 00:02:49,910 --> 00:02:55,010 ‫The interpreter filesystem commands are mostly similar to the Linux file system commands. 37 00:02:56,540 --> 00:03:02,000 ‫We're on the root folder, we can use the Alaska man to see the files in this folder. 38 00:03:03,020 --> 00:03:08,510 ‫The CD command to change or to move to another folder, for example, Etsy. 39 00:03:09,550 --> 00:03:12,130 ‫And now we are in its full. 40 00:03:14,430 --> 00:03:18,900 ‫So we can use the CD command to go back to the root folder again. 41 00:03:20,290 --> 00:03:22,570 ‫The next command is debt UUID. 42 00:03:23,720 --> 00:03:26,720 ‫It's used to show which user you are on that system. 43 00:03:26,960 --> 00:03:31,460 ‫We are the root user, which is very good for us, but not for the victim. 44 00:03:32,390 --> 00:03:40,460 ‫Get PID is to see the ID number, the process that we are injected into, but it seems it's not available 45 00:03:40,460 --> 00:03:41,480 ‫on Linux systems. 46 00:03:41,870 --> 00:03:44,030 ‫OK, I'll show it on a Windows system soon. 47 00:03:44,570 --> 00:03:45,170 ‫Stay tuned. 48 00:03:46,190 --> 00:03:50,390 ‫The peace command is to see the running processes on that system. 49 00:03:54,510 --> 00:04:01,470 ‫So hash dump is a very useful command for ethical hackers, as you might guess, it lists the hashes 50 00:04:01,470 --> 00:04:02,670 ‫of the user of this system. 51 00:04:03,420 --> 00:04:08,340 ‫But remember, you can access the hash files if you have the root or the admin privileges. 52 00:04:08,730 --> 00:04:11,730 ‫Otherwise, interpreter cannot gather the hashes. 53 00:04:13,220 --> 00:04:17,480 ‫But don't worry, there are a few tricks up our sleeves to escalate the privilege. 54 00:04:19,280 --> 00:04:24,650 ‫Well, now it seems interpreted does not have the harsh don't command for Linux systems. 55 00:04:25,190 --> 00:04:29,270 ‫But again, no worries because we can use a post module to gather hashes. 56 00:04:29,870 --> 00:04:33,100 ‫We'll see that in detail in the post exploitation lecture. 57 00:04:33,110 --> 00:04:36,740 ‫So just to show you that we have alternatives. 58 00:04:37,190 --> 00:04:39,500 ‫Let's run this post exploitation module. 59 00:04:40,600 --> 00:04:41,470 ‫Run post. 60 00:04:42,490 --> 00:04:45,340 ‫Slash wind, no, not Windows. 61 00:04:45,400 --> 00:04:46,480 ‫It's a Linux system. 62 00:04:47,440 --> 00:04:51,220 ‫Slash gather, slash, hash dump and hit enter. 63 00:04:51,820 --> 00:04:55,930 ‫Remember Metasploit framework and interpret her have code completion. 64 00:04:56,910 --> 00:04:59,850 ‫So you can just use the tab key to complete the words. 65 00:05:00,540 --> 00:05:03,120 ‫And here are the usernames and the password hashes. 66 00:05:04,640 --> 00:05:10,940 ‫Now, I don't know if I need to stress to you that this is very important data, so will use these hashes 67 00:05:10,940 --> 00:05:13,490 ‫for some of our purposes a little bit later. 68 00:05:14,850 --> 00:05:20,880 ‫But first, let me show you that idle time is another useful motivator command, which displays the 69 00:05:20,880 --> 00:05:25,920 ‫number of seconds that the user at the remote machine has been idle. 70 00:05:27,080 --> 00:05:30,650 ‫If you'd like to log out the user or restart the system for any reason. 71 00:05:30,980 --> 00:05:37,130 ‫You better look at the idle time first, so you understand if the user is using the machine at that 72 00:05:37,130 --> 00:05:39,500 ‫time or if he or she is away. 73 00:05:41,780 --> 00:05:48,710 ‫And again, it seems that the idle time command doesn't work for the Linux systems, so I'll show it 74 00:05:48,710 --> 00:05:50,470 ‫to you for the Windows system. 75 00:05:52,510 --> 00:05:56,860 ‫If config command displays the network interfaces and addresses on the remote machine. 76 00:05:59,690 --> 00:06:03,170 ‫Alternatively, IPconfig does the same thing. 77 00:06:04,730 --> 00:06:09,140 ‫Some interpreter also has a commands to interact with a local file system. 78 00:06:10,410 --> 00:06:15,660 ‫Now, because you're on the maternity session in the terminal window, you don't see the current position 79 00:06:15,660 --> 00:06:16,440 ‫by default. 80 00:06:18,470 --> 00:06:22,880 ‫So you want to use the LP, WD Command to see the local position. 81 00:06:24,070 --> 00:06:27,460 ‫Think of it as the abbreviation of local print working directory. 82 00:06:28,560 --> 00:06:30,310 ‫And it changed the local position. 83 00:06:30,360 --> 00:06:33,360 ‫You can use the LCD command. 84 00:06:34,580 --> 00:06:42,600 ‫And double dot brings us one folder out and give the path you want to go to as a parameter of the LCD 85 00:06:42,620 --> 00:06:43,010 ‫command. 86 00:06:48,010 --> 00:06:53,200 ‫Now, as you know, search command is used to look for the modules in a Metasploit Framework console 87 00:06:53,680 --> 00:06:54,730 ‫interpreter. 88 00:06:55,000 --> 00:06:57,760 ‫The search command has a completely different purpose. 89 00:06:58,360 --> 00:07:02,350 ‫It provides a way of locating specific files on the target host. 90 00:07:03,070 --> 00:07:07,840 ‫The command is capable of searching through the whole system or specific folders. 91 00:07:08,410 --> 00:07:15,160 ‫Wild cards such as Star can also be used when creating the file pattern to search for. 92 00:07:15,880 --> 00:07:19,030 ‫So give the file name with the F parameter. 93 00:07:19,870 --> 00:07:22,930 ‫You will find it and show the position if it exists. 94 00:07:26,840 --> 00:07:27,500 ‫So here it is. 95 00:07:27,770 --> 00:07:30,920 ‫Shadow file is under the Etsy folder. 96 00:07:36,340 --> 00:07:37,900 ‫Now, don't fall into the trap. 97 00:07:38,110 --> 00:07:42,820 ‫This is El PWI command, so it shows the local position. 98 00:07:43,880 --> 00:07:51,230 ‫And we can use the cat command in to see the content of the shadow file and hear the password hashes 99 00:07:51,440 --> 00:07:52,100 ‫once again. 100 00:07:53,510 --> 00:07:53,870 ‫All right. 101 00:07:54,170 --> 00:08:02,120 ‫So lastly, if you'd like to have a shell access to the target machine, you can use the shell material 102 00:08:02,120 --> 00:08:02,660 ‫to command. 103 00:08:04,040 --> 00:08:08,720 ‫So the channel has created no command prompt, but it's OK, we have the show. 104 00:08:11,290 --> 00:08:17,050 ‫To see the list of files and folders, if config to see the IP address. 105 00:08:18,340 --> 00:08:23,740 ‫And because we in a Linux shell, we cannot use interpreter search command to find a file, we have 106 00:08:23,740 --> 00:08:26,410 ‫to use the Linux find command instead. 107 00:08:30,480 --> 00:08:36,420 ‫And type exit to exit the shell interaction, and we're in the maturity recession again.