WEBVTT 00:01.300 --> 00:02.920 Hello, guys, and welcome. 00:03.250 --> 00:08.410 We'll start a series of lectures on penetration, testing and exploitation. 00:09.430 --> 00:13.750 Taking your first steps with penetration testing can be difficult. 00:14.560 --> 00:19.510 I assume you don't want to conduct your first penetration test on your production network. 00:20.110 --> 00:21.700 This can be really dangerous. 00:23.190 --> 00:30.090 The recommendation is to set up a testing lab environment, and this is where Metasploit table comes 00:30.090 --> 00:30.720 into play. 00:31.650 --> 00:38.820 Metasploit double is a Linux, a vector machine that contains several intentional vulnerabilities for 00:38.820 --> 00:39.710 you to exploit. 00:40.590 --> 00:49.740 Metasploit Uppal is essentially a penetration testing lab in a box available as a VMware or VirtualBox 00:49.740 --> 00:50.160 VM. 00:50.640 --> 00:54.630 This VM can be used to conduct security trainings. 00:54.720 --> 00:59.580 Best security tools and practice common penetration testing techniques. 01:01.060 --> 01:05.800 Metasploit cabal is created by the Rapid7 Metasploit team. 01:07.370 --> 01:10.130 You can download data from rapid7. 01:10.220 --> 01:11.120 Dot com. 01:12.890 --> 01:15.530 Or from SourceForge dot net. 01:19.260 --> 01:24.270 If you download it from rapid7 dot com, you have to first create a free account. 01:25.530 --> 01:32.790 A company email address is required, but you can use a random email address if you don't have one. 01:33.120 --> 01:35.070 It doesn't have to be confirmed. 01:36.210 --> 01:42.060 Or you can choose to download it from SourceForge that limit and no account is required. 01:43.150 --> 01:45.790 I've already downloaded Metasploit about. 01:47.160 --> 01:48.990 It comes as a zip file. 01:49.170 --> 01:53.610 So after downloading it honestly, the file two seeks contents. 02:03.140 --> 02:04.660 This is ex-convicts. 02:05.690 --> 02:11.090 In this video, I'll use the virtual box, but you can use the VMware as well. 02:11.870 --> 02:18.200 So in virtual box I'll create a new VM X name will be Metasploit able to. 02:21.770 --> 02:29.300 He type will be Linux and the version other Linux 64 bit. 02:32.080 --> 02:40.060 And I'm clicking on next, the memory size will be 1024 megabytes. 02:42.090 --> 02:47.010 Next month, I'll use an existing virtual hard disk drive. 02:48.120 --> 02:52.440 This is the Metasploit double date VM decay file. 02:52.710 --> 02:54.090 I've just unzipped. 02:58.340 --> 03:07.580 So Ed, I'm going to my desktop of the directory where I have unzipped Metasploit and I'm selecting 03:07.820 --> 03:12.320 Metasploit double data, VM, D.K. and open. 03:13.850 --> 03:18.980 And finally I'm clicking on Choose and Create. 03:20.810 --> 03:21.220 Okay. 03:21.680 --> 03:22.250 He's done. 03:22.640 --> 03:24.260 Let's start the VM. 03:28.160 --> 03:30.290 Metasploit table is starting. 03:39.820 --> 03:47.470 Bill Metasploit The Linux operating system has started in Tyler Login using the default username, which 03:47.470 --> 03:49.090 is MSF admin. 03:50.180 --> 03:51.380 MSF admit. 03:53.050 --> 03:56.470 And the password is the same MSF admin. 03:59.210 --> 03:59.480 Okay. 03:59.480 --> 03:59.900 Sorry. 04:00.410 --> 04:02.560 I've written off the incorrect bastard. 04:11.720 --> 04:16.250 If you want to become a ruth or execute cummings is ruth using sudo? 04:16.520 --> 04:19.580 You use the same password which is massive for admin. 04:20.150 --> 04:29.420 For example, i'm becoming sudo, so enter the password will be MSF admin and I'm good. 04:32.440 --> 04:39.680 This is an intentional, vulnerable VM and you should never expose it to an untrusted network. 04:40.120 --> 04:41.530 It can be easily hacked. 04:42.570 --> 04:47.310 In Virtual Box or VMware use net or host only mode. 04:49.530 --> 04:56.160 In the next two lectures, I'll use Kali Linux as the machine that will conduct the pantsed or run the 04:56.160 --> 05:00.120 exploits, and the Metasploit table will be the victim machine. 05:01.260 --> 05:08.430 So in Vector Box, I'm going to create a network for these two VMs, Kali and Metasploit Able. 05:08.850 --> 05:10.500 So I'm going to tools. 05:11.910 --> 05:12.900 Preferences. 05:14.360 --> 05:18.770 Network and then add new met network. 05:20.360 --> 05:20.720 Okay. 05:20.960 --> 05:23.240 I have added a new net network. 05:23.990 --> 05:27.470 All options remain if they are default values. 05:29.230 --> 05:29.490 And. 05:31.850 --> 05:39.080 Then I'll select Metasploit, Uppal and Kali and connect them to the newly created Map Network. 05:40.040 --> 05:49.970 So Metasploit Table Settings Network, Map Network, and the name is Mathematica. 05:50.150 --> 05:52.820 And look in the same for Kali Linux. 06:05.680 --> 06:13.390 The net network includes its own DHCP server, so you have to request a new IP address or restart the 06:13.390 --> 06:13.690 VM. 06:14.590 --> 06:16.420 I'm going to restart the VMS. 06:18.150 --> 06:20.130 And by restarting Caylee as well. 06:30.560 --> 06:34.880 I want to check the connection between Kali and the Metasploit table. 06:37.780 --> 06:42.820 I'm logging into Carly and I want to check its IP address. 06:44.230 --> 06:48.250 And its IP address is ten but 0.2.6. 06:48.820 --> 06:56.140 Let's check the IP address of Metasploit double MSF admin and MSF admin. 06:58.870 --> 06:59.260 Okay. 06:59.290 --> 07:00.520 They are in the same network. 07:02.560 --> 07:04.060 And I'm thinking, Carly. 07:07.960 --> 07:11.470 Exciting end from Carli Metasploit double. 07:13.620 --> 07:14.160 Perfect. 07:17.290 --> 07:20.440 The penetration testing environment was set up. 07:20.860 --> 07:22.140 We'll take a short break. 07:22.150 --> 07:25.720 And in the next lecture, we'll continue with Metasploit.