WEBVTT

00:01.840 --> 00:05.140
Let's go straight into Metasploit and see how to use it.

00:05.530 --> 00:08.620
I'll show you a real exploit on a vulnerable server.

00:09.160 --> 00:13.510
The hackers machine will be Kali Linux and the victim's machine.

00:13.720 --> 00:19.270
The Metasploit double VM, the one we've installed is set up in a previous lecture.

00:20.900 --> 00:27.470
These two machines are connected to the same NAP network and we can check the network connection.

00:27.590 --> 00:31.190
Using ping, I'm logging into Metasploit double.

00:37.050 --> 00:42.150
And by morning I have config on both VMs to see their IP addresses.

00:42.660 --> 00:57.810
This is then but 0.2.7 and the this is a ten .20. 2.15 so being Bambaataa 0.2.7 and he's asking and

00:58.020 --> 01:00.180
I'm pinging a Carly as well.

01:05.820 --> 01:06.120
Great.

01:07.540 --> 01:11.910
Ina this lecture, I'll show you how heck he's performed from the beginning.

01:12.600 --> 01:19.740
The first step of an attack is called reconnaissance, which means collecting and discovering information

01:19.860 --> 01:20.850
about the system.

01:21.690 --> 01:28.290
So let's scan the target for vulnerabilities using an amp, which is probably the most well known a

01:28.290 --> 01:30.120
network scanner uncle.

01:30.630 --> 01:31.700
I'm running through it.

01:32.450 --> 01:38.730
And an amp minus capital A and the target's IP address.

01:51.460 --> 01:53.080
And thus Ken is done.

01:53.620 --> 01:57.370
Metasploit dabble his some intentional vulnerabilities.

01:57.760 --> 02:01.150
In a real case scenario, hackers will do the same.

02:01.570 --> 02:08.530
They will scan for vulnerabilities, and if there are any, they will try to exploit those vulnerabilities.

02:12.400 --> 02:20.440
The End Map report shows important information about the services that are running their version and

02:20.440 --> 02:21.310
the vulnerabilities.

02:22.550 --> 02:25.190
And they see there are lots of vulnerabilities.

02:27.440 --> 02:32.720
Let's take the stage server and the search on Google for exploits.

02:32.780 --> 02:33.770
For that, the version.

02:38.900 --> 02:41.420
And you notice there are some exploits available.

02:41.730 --> 02:45.170
Those exploits can be executed using Metasploit.

02:52.730 --> 03:00.380
Let's focus on v s ftb d version 2.3.4, which seems vulnerable.

03:01.160 --> 03:07.190
This vulnerability will provide us with a route shell using a backdoor command execution.

03:07.610 --> 03:11.480
This means we'll have full root access to the vulnerable system.

03:15.090 --> 03:17.790
We can see information about the exploit.

03:19.210 --> 03:20.380
Now back to Metasploit.

03:20.650 --> 03:24.250
I'm starting the console by running MSF console.

03:28.000 --> 03:28.990
He's starting.

03:31.000 --> 03:35.830
Once started, we can search for a vulnerability or for a service by name.

03:36.430 --> 03:38.710
I'm running a search voice.

03:38.710 --> 03:39.400
FTD.

03:44.320 --> 03:54.250
And it has found an available exploit for voice ftb d and the IT we have to select the exploit I'm running

03:54.250 --> 04:08.770
use and the path to that exploit so exploit Unix, FTB and the vs if the PD 234 backdoor.

04:09.950 --> 04:18.080
I'm hitting enter the exploit was selected and the next step is to check the options required to run

04:18.080 --> 04:18.260
it.

04:20.610 --> 04:22.410
I'm running show options.

04:25.060 --> 04:27.550
We notice there are two options available.

04:28.180 --> 04:30.340
Our hosts and our port.

04:31.090 --> 04:34.960
Our hosts is the target or the victim's IP address.

04:35.830 --> 04:40.030
In this example, it will be the IP address of the Metasploit table VM.

04:42.820 --> 04:48.910
So said our hosts and the victim's IP address then.

04:48.910 --> 04:51.910
But 0.2.7.

04:54.390 --> 05:00.660
The other option our port is the remote port on which fsd pedi listens.

05:01.170 --> 05:02.700
The final step is to run.

05:02.730 --> 05:04.860
The exploit run.

05:13.590 --> 05:17.340
It found Herschel opened a station in.

05:17.340 --> 05:18.720
The Target was hacked.

05:21.700 --> 05:25.990
We have gained access to Metasploit double VM remotely.

05:27.310 --> 05:31.840
A shell has opened and allows us to fully control the machine.

05:32.170 --> 05:36.040
We own that machine and we are connected to it, as would.

05:37.580 --> 05:41.000
I'm running some comics on the Metasploit double, the Hecht Machine.

05:46.240 --> 05:46.870
You see here.

05:47.650 --> 05:49.180
This is IP address.

05:49.630 --> 05:52.780
These comics are run on Metasploit double.

05:59.510 --> 06:01.970
I'm creating a file on the Hecht machine.

06:18.160 --> 06:18.730
Okay.

06:19.030 --> 06:21.550
I've shown you how a system gets compromised.

06:21.880 --> 06:28.330
We've intentionally used a vulnerable machine in a lab environment, but the same could happen in a

06:28.330 --> 06:29.650
real world scenario.

06:30.430 --> 06:36.040
We are taking a short break and in the next lecture will go over how to use MSF console.