1
00:00:00,470 --> 00:00:03,840
Go ahead and open up your terminal and start PostgreSQL.

2
00:00:03,840 --> 00:00:04,190
Well.

3
00:00:08,030 --> 00:00:16,010
And because you need database operations, start MSF, DB and MSF console.

4
00:00:19,710 --> 00:00:24,270
And then before starting the exploitation, let's list the host again.

5
00:00:26,410 --> 00:00:28,620
And I'm going to start with the Linux machine.

6
00:00:29,660 --> 00:00:31,970
So let's list the services.

7
00:00:34,660 --> 00:00:42,010
Although this is kind of artificial because it's in a course, I'm not going to give you an exploit

8
00:00:42,010 --> 00:00:47,670
name and say exploit this, I don't want to do something like that.

9
00:00:48,370 --> 00:00:53,290
I want you to search and create relations between what the results are.

10
00:00:53,800 --> 00:00:57,940
And that's how you're going to sort of get a taste of real penetration testing.

11
00:00:59,990 --> 00:01:03,830
So you can try to exploit all the services on metastable to.

12
00:01:05,510 --> 00:01:08,930
Because there are lots of services with vulnerabilities.

13
00:01:10,020 --> 00:01:11,220
So I'm going to do two of them.

14
00:01:12,640 --> 00:01:16,750
And then let's have a look at the services on metter, spoiled two again.

15
00:01:19,140 --> 00:01:22,500
And here is the Ruby Derby RMI service.

16
00:01:23,950 --> 00:01:25,780
And you can see his version number also.

17
00:01:27,410 --> 00:01:28,820
So I'm going to copy this and.

18
00:01:29,670 --> 00:01:35,710
I have a search to find an exploit or look at the result of a Nessa's scan.

19
00:01:37,480 --> 00:01:39,790
Also going to type XPoint.

20
00:01:41,660 --> 00:01:46,670
Now, when you search, of course, you'll immediately see Rapid Seven's website, and that has the

21
00:01:46,670 --> 00:01:48,020
XPoint module name.

22
00:01:49,110 --> 00:01:54,270
But below, there are some topics about the vulnerability.

23
00:01:55,350 --> 00:01:59,790
So let's go back to MSF console and search.

24
00:02:01,440 --> 00:02:01,830
Be.

25
00:02:03,300 --> 00:02:04,560
So here are the module names.

26
00:02:06,240 --> 00:02:10,860
All right, so I'm going to use Darbee remote code execution.

27
00:02:12,320 --> 00:02:13,520
So the options.

28
00:02:15,940 --> 00:02:18,130
Set the R host value.

29
00:02:20,550 --> 00:02:25,680
Set payload to command Eunuch's Reavers.

30
00:02:27,720 --> 00:02:32,100
And the reverse connection requires L host and L port.

31
00:02:33,640 --> 00:02:41,110
Set down host to 10 that tend to one one and set Allport.

32
00:02:42,090 --> 00:02:44,100
To 878.

33
00:02:45,900 --> 00:02:46,980
So only the options again.

34
00:02:49,240 --> 00:02:50,680
Then XPoint.

35
00:02:54,460 --> 00:02:57,340
So MSF warns us that a session is open.

36
00:02:58,680 --> 00:03:07,530
Now, you can type the Linux commands here, type ID and who am I see who you are.

37
00:03:09,250 --> 00:03:13,420
And if config to see a network configuration.