1
00:00:00,800 --> 00:00:01,160
Hello.

2
00:00:01,870 --> 00:00:08,560
Uh, in his lecture, I shall we will, uh, I have installed the Metasploit Framework, which is the

3
00:00:08,570 --> 00:00:10,580
vulnerable Linux, actually.

4
00:00:11,030 --> 00:00:15,620
So in Metasploit exploit, not Metasploit, well, operating system.

5
00:00:15,920 --> 00:00:24,480
So this is the vulnerable operating system that you can find kind of, uh, vulnerable relatives, uh

6
00:00:24,590 --> 00:00:27,740
and, uh, Metasploit designed for exploit.

7
00:00:27,740 --> 00:00:31,520
And so this, uh, operating system is not secure.

8
00:00:31,940 --> 00:00:42,260
So in this lecture, we will um actually try some penetration testing, uh, in this Metasploit here.

9
00:00:42,920 --> 00:00:51,440
So I put and they captured in installation video how, uh, these images below eatable operating systems,

10
00:00:51,770 --> 00:00:55,700
uh, do lots of instance in your virtual machine.

11
00:00:56,330 --> 00:01:02,630
Uh, so let's get started by, um, inputting some commands.

12
00:01:03,020 --> 00:01:07,340
So, uh, we will conduz a person with Metasploit here.

13
00:01:07,940 --> 00:01:10,940
So, uh, all these.

14
00:01:11,350 --> 00:01:20,480
Uh, let's get informed with, uh, in my year clear and map s we uh, we will also do an operating

15
00:01:20,480 --> 00:01:21,740
system determination here.

16
00:01:21,740 --> 00:01:24,320
For this, we have to use sudo command here.

17
00:01:24,680 --> 00:01:26,780
And um, actually.

18
00:01:29,230 --> 00:01:34,540
If confusing, what is our IP address is one and 32, so.

19
00:01:38,360 --> 00:01:38,970
Zero.

20
00:01:39,520 --> 00:01:40,490
Uh, twenty four.

21
00:01:40,640 --> 00:01:43,880
So I will uh, you will learn what this twenty four is.

22
00:01:44,080 --> 00:01:45,590
Uh, so just.

23
00:01:47,930 --> 00:01:56,300
Now, consider this um, this went for that, I am telling up scan from zero to 255.

24
00:01:57,830 --> 00:02:05,920
So, um, this feels kind of, uh, networks in our um, no.

25
00:02:07,170 --> 00:02:17,190
Local area network, so because of that, as you can see here, the netmask is 255.255.255.0 zero,

26
00:02:17,520 --> 00:02:21,330
so this means the zero can change, but these will stay.

27
00:02:21,960 --> 00:02:24,300
So as you can see here, we had.

28
00:02:27,930 --> 00:02:35,760
Tried and my scan here, you can see this is the our vulnerable Metasploit Apple operating system,

29
00:02:35,760 --> 00:02:38,870
as you can see here running on Linux 2.6 point.

30
00:02:39,390 --> 00:02:42,630
Um Horses', which is portable local domain.

31
00:02:44,070 --> 00:02:51,300
Here and this, you can see we have several open ports, which is these ports are basically vulnerable.

32
00:02:51,750 --> 00:02:57,710
So I think as you can see here, this is somebody's assembly, which is has lots of exploits on it.

33
00:02:58,320 --> 00:03:02,220
Um, actually, as you can see, we we have a road show here.

34
00:03:02,220 --> 00:03:04,440
We have a vulnerable mice girl.

35
00:03:04,440 --> 00:03:07,410
Actually, I think this is the vulnerable version of my scale.

36
00:03:07,860 --> 00:03:11,240
Uh, this had this to some kind of exploit or what?

37
00:03:11,820 --> 00:03:15,980
Um, as you can see here, we have we can see, uh, over really.

38
00:03:16,070 --> 00:03:24,630
I see here protocols and we have so many, um, things that has vulnerabilities in it.

39
00:03:25,080 --> 00:03:33,510
So, uh, now we will do these same techniques, uh, using, uh, using massive console.

40
00:03:33,510 --> 00:03:34,560
So let's get started.

41
00:03:34,590 --> 00:03:36,820
It was a console here.

42
00:03:36,900 --> 00:03:39,210
We started our research console here.

43
00:03:39,900 --> 00:03:43,040
Um, actually what you like web service?

44
00:03:43,050 --> 00:03:43,860
Yes.

45
00:03:43,890 --> 00:03:44,610
Actually voice.

46
00:03:45,650 --> 00:03:53,650
Is it because, uh, my savings still actually see the desktop unless, of course so.

47
00:03:55,640 --> 00:03:55,940
Oops!

48
00:03:57,630 --> 00:03:58,260
And yes.

49
00:04:00,820 --> 00:04:02,230
I think it was OK in.

50
00:04:03,100 --> 00:04:03,850
Yes.

51
00:04:06,830 --> 00:04:07,540
It was if.

52
00:04:08,590 --> 00:04:09,250
Very safe.

53
00:04:10,000 --> 00:04:10,390
Yes.

54
00:04:13,270 --> 00:04:17,670
We saw it again as she revealed the A terms, a message.

55
00:04:18,310 --> 00:04:19,330
It's very authentication.

56
00:04:20,220 --> 00:04:23,980
So it's and as you can see it, our massive is started.

57
00:04:24,490 --> 00:04:31,960
So now I will use DB in my comment db nib in map here.

58
00:04:32,290 --> 00:04:40,240
So after that, these we can, um, just put your basics or in parameters here.

59
00:04:40,600 --> 00:04:45,730
So consider this that we are using a tool.

60
00:04:46,180 --> 00:04:48,360
So now see, we will.

61
00:04:48,640 --> 00:04:49,450
You will see it.

62
00:04:50,140 --> 00:04:51,820
As you remember our Metasploit.

63
00:04:52,240 --> 00:04:58,480
Um, we determined that our Metasploit IP address look like Pedraza and fit 135.

64
00:04:58,900 --> 00:05:01,930
So in that amount to two point.

65
00:05:05,720 --> 00:05:11,060
Here now, we are doing actually a port scanning here.

66
00:05:11,420 --> 00:05:19,730
So now, uh, this will tell us that, uh, which port is open and uh, was what this port is working

67
00:05:19,730 --> 00:05:20,030
for?

68
00:05:21,200 --> 00:05:25,550
As you can see here, we have, um, actually.

69
00:05:27,100 --> 00:05:28,090
Ports open.

70
00:05:28,550 --> 00:05:36,060
Uh, there's these ports has, uh, vulnerabilities in it, and we will break this policy.

71
00:05:36,460 --> 00:05:48,580
So, uh, actually here and we can see that we run the B in, uh, d b in here, uh, um, command.

72
00:05:49,690 --> 00:05:59,200
So uh, actually, now I will run this command again, but with p and uh, parameter here, p and parameter.

73
00:05:59,500 --> 00:06:08,710
So what this p m parameter will do, um, is that it may will give us more detailed.

74
00:06:09,980 --> 00:06:10,790
Information.

75
00:06:12,080 --> 00:06:14,800
And we are waiting for it, waiting.

76
00:06:15,010 --> 00:06:20,050
And as you can see, I'm a said British police reports on incorrect results, as you can see here.

77
00:06:20,440 --> 00:06:21,280
Michelle is.

78
00:06:22,270 --> 00:06:26,290
He was pretty similar results, so never mind.

79
00:06:26,770 --> 00:06:35,530
So the first, uh, we had the ping request has um, we had to set the P and switch in the in common,

80
00:06:35,530 --> 00:06:38,980
which denotes no ping scan here.

81
00:06:39,670 --> 00:06:41,200
This means no ping scan.

82
00:06:41,650 --> 00:06:48,360
Uh, we can see we have also defined and uh, essary here, uh, which denotes inversion scan.

83
00:06:48,370 --> 00:06:55,810
So having several servers up and running, we can see that the target has, um, the ports open.

84
00:06:56,200 --> 00:07:02,680
Uh, so as you can see, a report one hundred forty five, uh, open.

85
00:07:02,920 --> 00:07:05,290
So this is the netball's, uh, port.

86
00:07:06,310 --> 00:07:07,450
Uh, so.

87
00:07:10,490 --> 00:07:17,750
In actually in Windows Port 445, mean eternal blue, eternal romance port.

88
00:07:18,110 --> 00:07:24,890
So actually, this port have proven to be very successful against Windows seven and Windows Server.

89
00:07:25,370 --> 00:07:26,130
Um.

90
00:07:27,580 --> 00:07:36,400
To handle the two thousand eight and so on, so in this sport, so this port, um exploits me, this

91
00:07:36,400 --> 00:07:38,620
port exploit named was a tunnel blow.

92
00:07:38,620 --> 00:07:44,760
So you actually it's um made a vulnerable if someone's very vulnerable port and service.

93
00:07:44,770 --> 00:07:54,430
And actually the service was I yeah, I say remember, the service was eternal service and used four

94
00:07:54,430 --> 00:07:58,110
hundred four to five ports or in some Windows versions.

95
00:07:58,120 --> 00:08:00,460
It can't, um, open.

96
00:08:00,820 --> 00:08:01,600
Uh, we did.

97
00:08:02,660 --> 00:08:03,260
So.

98
00:08:06,470 --> 00:08:08,150
And that said so.

99
00:08:09,360 --> 00:08:13,340
But we are, uh, using, uh.

100
00:08:13,960 --> 00:08:18,210
Uh, actually, we are using Metasploit about, uh, as.

101
00:08:19,460 --> 00:08:23,030
Uh, well, a tech machine, Typekit machine now.

102
00:08:23,330 --> 00:08:27,860
So if we used windows, we can hack these this field.

103
00:08:27,860 --> 00:08:33,880
But in Linux case, this is the I know there's no port, so I think this is the vulnerable.

104
00:08:34,040 --> 00:08:39,640
Well, because it's a Metasploit will almost be very attached and all of there are more.

105
00:08:39,650 --> 00:08:42,470
No, so this is the penetration testing.

106
00:08:42,590 --> 00:08:43,010
Um.

107
00:08:45,540 --> 00:08:48,350
Operating system, uh, some.

108
00:08:49,590 --> 00:08:52,960
Signs, we are not sure about the operating system.

109
00:08:53,760 --> 00:08:56,880
We can run in screams so.

110
00:09:05,490 --> 00:09:13,230
So now, actually, we do here, as simple as you can see, this is the assembly, the UH, as well.

111
00:09:13,410 --> 00:09:22,830
But now we will actually run the assembly, the UM script in the map to determine which version is using

112
00:09:22,830 --> 00:09:29,040
this port, actually, which, um, operating system and we and we is using.

113
00:09:29,040 --> 00:09:31,260
So, uh, let's get started.

114
00:09:31,290 --> 00:09:40,740
So, uh, in the here, we will use same command, um, db and map here.

115
00:09:41,220 --> 00:09:42,930
And um.

116
00:09:44,470 --> 00:09:47,980
And we will add here, um, Pete, in.

117
00:09:49,270 --> 00:09:58,180
P and P four hundred forty five is Miss Port 445, because we will scan this and we will scan almost

118
00:09:58,510 --> 00:10:05,300
all of the reports as well, and we will use scripts because now we've allowed the script parameters

119
00:10:05,320 --> 00:10:16,080
script and here we will, uh, use this script that named SMB was discovery SMB, uh, OSS.

120
00:10:17,210 --> 00:10:17,840
Discovery.

121
00:10:20,670 --> 00:10:23,410
Here and we will give.

122
00:10:23,700 --> 00:10:28,260
And we will give an IP address of a machine Typekit machine.

123
00:10:28,590 --> 00:10:33,660
So one hundred ninety one hundred ninety two point sixty eight.

124
00:10:35,290 --> 00:10:38,380
Eight point one hundred thirty five, right?

125
00:10:39,220 --> 00:10:40,690
Yes, this was thirty five.

126
00:10:41,020 --> 00:10:44,140
And after that, uh, just click interface.

127
00:10:44,710 --> 00:10:51,220
And as you can see here, uh, we can get information here.

128
00:10:51,220 --> 00:10:52,300
So let's um.

129
00:10:54,180 --> 00:10:58,080
Well, let's find out at the end of the reports.

130
00:10:58,530 --> 00:11:00,600
To find more information about it.

131
00:11:01,850 --> 00:11:12,020
So this week's 11 port is up for actual I think it's the graphic drivers port for Linux here, as you

132
00:11:12,020 --> 00:11:16,040
can see here, almost we have so many ports in it.