WEBVTT 00:00.500 --> 00:04.490 In this lecture will see what is the common Metasploit workflow. 00:05.270 --> 00:10.160 The first step is to discover the target in the vulnerability services that are running. 00:10.730 --> 00:16.910 There are lots of vulnerability scanners, but most of the time and map is the tool of choice. 00:18.040 --> 00:28.120 From Linux is what I'm skinning the exploitable VM using and map and the minus capital option which 00:28.120 --> 00:30.790 enables OS inversion detection. 00:31.060 --> 00:32.890 Script skinning entails good. 00:35.660 --> 00:38.810 And MIP is a scanning metasploit able. 00:44.050 --> 00:52.480 And there are many vulnerabilities because this VM was especially designed for penetration and exploitation 00:52.480 --> 00:55.240 testing in a real case scenario. 00:55.600 --> 00:57.010 Hackers will do the same. 00:57.400 --> 00:59.560 They will skin four vulnerabilities. 00:59.860 --> 01:04.030 And if there are any, they will try to exploit those vulnerabilities. 01:10.590 --> 01:12.330 Let's take a look at this one. 01:13.880 --> 01:14.540 On path. 01:14.600 --> 01:16.430 Six, six, six, seven. 01:17.230 --> 01:19.280 I RCD is listening. 01:21.490 --> 01:28.420 A hacker would search for exploits for that service information on Google or on specific forums. 01:34.330 --> 01:42.310 And the first result takes us to the Rapid7 website and we can see that there's a backdoor command execution 01:42.310 --> 01:43.930 available for that service. 01:44.970 --> 01:49.770 This version contains a backdoor that went unnoticed for months. 01:50.370 --> 01:54.780 By the way, Rapid7 is the company that develops the Metasploit. 01:55.810 --> 02:03.640 And if we scroll down, we notice that there is also a Metasploit module that exploits the vulnerability. 02:04.090 --> 02:06.130 They even show us how to use it. 02:07.330 --> 02:09.910 Let's return to Kali and the start. 02:10.180 --> 02:10.930 Metasploit. 02:11.910 --> 02:12.540 I'm running. 02:12.540 --> 02:13.620 MSF canceled. 02:22.550 --> 02:24.230 Once it has started. 02:24.470 --> 02:26.930 I'm searching for I rcd. 02:27.110 --> 02:27.770 So search. 02:29.300 --> 02:31.010 I are sidi. 02:35.060 --> 02:40.940 And there is one module available to find more information about it. 02:41.180 --> 02:44.690 Execute the info in the name with the full path. 02:45.260 --> 02:46.070 So info. 02:47.280 --> 02:48.810 Exploit Unix. 02:49.050 --> 02:50.210 I rc. 02:50.710 --> 02:51.360 Unreal. 02:51.750 --> 02:53.370 I asked vector. 02:55.630 --> 02:58.750 To select a specific module type use. 03:00.190 --> 03:02.230 And the full path to the module. 03:08.660 --> 03:13.160 And if you want to go back or to exit the module, execute back. 03:20.080 --> 03:23.560 The next step is to see what are the options of the module. 03:24.930 --> 03:26.430 Show options. 03:29.460 --> 03:34.830 Our host comes from a remote host and is the target IP address. 03:36.900 --> 03:38.300 I'm setting it set. 03:38.760 --> 03:45.300 Our host and the target's IP address bambaataa 0.2.7. 03:45.990 --> 03:48.350 The appearance of metasploit upon. 03:50.980 --> 03:53.290 Next will have to select a payload. 03:54.820 --> 03:59.050 A payload is a piece of code to be executed for the exploit. 04:00.610 --> 04:09.480 In fact, what to do after the target is exploited to see all compatible payloads for this exploit run 04:09.520 --> 04:10.780 show payload. 04:14.680 --> 04:21.700 Most of the time, a hacker would like to get the shell to the machine so that he can further install 04:21.700 --> 04:27.670 malware or on other comings or consolidate his position on the machine or on the network. 04:29.880 --> 04:32.520 I am setting up reverse shell as payload. 04:32.940 --> 04:37.430 So set payload and the path to the payload payload. 04:38.690 --> 04:42.030 CMD unix reverse. 04:45.780 --> 04:46.260 This one. 04:47.960 --> 04:50.420 After sitting the pilot, you can forget about a check. 04:50.420 --> 04:52.820 What are the payload available options? 04:53.300 --> 04:55.190 I'm running show options again. 04:59.670 --> 05:02.580 And there are two options for the payload. 05:04.330 --> 05:13.240 L host and L port l host is the local listening address and I am setting it to the IP address of Metasploit. 05:14.770 --> 05:19.420 So said l host and the IP address of Metasploit. 05:19.780 --> 05:21.730 Let's see IP address again. 05:23.710 --> 05:27.910 Remember that you can run Shell Comics directly in MSF console. 05:36.810 --> 05:38.490 And by morning the exploit. 05:42.720 --> 05:45.900 The exploit is running and the machine was hacked. 05:46.620 --> 05:51.360 I am locked in assault and I can execute any comment in the reverse shell. 05:53.690 --> 05:55.520 Earth Station was opened. 05:57.270 --> 05:58.830 I'm on Metasploit double. 05:59.840 --> 06:01.130 On the hacked machine. 06:03.040 --> 06:03.940 Take a look here. 06:04.240 --> 06:07.210 This is the IP address of Metasploit double. 06:07.480 --> 06:09.850 The command was run on the hacked machine. 06:11.250 --> 06:12.270 Honor this machine. 06:20.440 --> 06:21.910 I'm locked in, is what? 06:23.680 --> 06:28.600 Now we are in the phase of the epic called post exploitation. 06:28.900 --> 06:32.650 It refers to any action taken after a session is opened. 06:33.640 --> 06:37.480 A session is an open shell from successful exploitation. 06:37.660 --> 06:45.610 Like in this case, after successfully hacking the target, the attacker will be asking himself what 06:45.610 --> 06:46.240 to do next. 06:47.590 --> 06:53.740 In general, he wants to gain further access to the target's internal network or to cover his tracks 06:54.010 --> 06:56.770 as he progresses from system to system. 06:57.160 --> 07:02.680 Or maybe he wants to set up a backdoor to maintain more permanent system access. 07:03.340 --> 07:08.770 In this example, if the victim machine is restarted, the access will be lost. 07:09.460 --> 07:16.570 Of course, the hacker could run the exploit again, but the admin could pick or uninstall the valuable 07:16.570 --> 07:17.080 service. 07:17.980 --> 07:24.910 So utilizing these techniques will ensure that some level of access is maintained. 07:25.210 --> 07:28.300 And next, why post exploitation is so important. 07:29.050 --> 07:29.530 Okay. 07:29.740 --> 07:31.000 Thank you, vixen.