1 00:00:00,120 --> 00:00:07,440 The first step of attacking is analyzing, so we need to gather up the information that we gathered 2 00:00:07,440 --> 00:00:13,320 during our information, like all of our passive active reconnaissance and, you know, analyze it and 3 00:00:13,320 --> 00:00:14,610 figure out what we're going to do. 4 00:00:15,510 --> 00:00:21,150 So this includes, you know, for example, looking at the resources and map and any other scans that 5 00:00:21,150 --> 00:00:27,030 you might have done or any of the testing you might have done in compiling a list of IP addresses, 6 00:00:27,600 --> 00:00:29,790 operating systems of host names. 7 00:00:30,600 --> 00:00:32,760 You know, like at what ports are open. 8 00:00:32,790 --> 00:00:39,450 You going to see if you discover network shares, going to look at discovered user accounts and then 9 00:00:39,450 --> 00:00:42,700 also, you know, potential vulnerabilities that we might have found. 10 00:00:42,930 --> 00:00:50,370 So with what we did, we already kind of know, you know, the targets. 11 00:00:50,370 --> 00:00:52,320 We know what the operating system is. 12 00:00:52,320 --> 00:00:54,420 We know we're doing better split-Level right now. 13 00:00:55,020 --> 00:01:00,060 And we also have like a Windows 10 machine that we can also target as well. 14 00:01:00,330 --> 00:01:07,920 And we know the IP addresses and we kind of saw, you know, the different services and such, you know, 15 00:01:07,950 --> 00:01:12,350 that were listed when we did like MRI scan and a version scan and stuff. 16 00:01:12,600 --> 00:01:17,730 So let's go ahead and look at that information really quick and see what we can, you know, start to 17 00:01:17,880 --> 00:01:19,860 start to get our brain going a little bit. 18 00:01:20,070 --> 00:01:30,780 OK, so I'm back on my Linux machine and I put the results from a map scanned into a text file so I 19 00:01:30,780 --> 00:01:34,300 can look at it, you know, where I need to and just see what ports open. 20 00:01:34,320 --> 00:01:35,730 So I see all these ports open. 21 00:01:35,880 --> 00:01:38,420 And also I did like I believe I did a Virgin scan as well. 22 00:01:38,520 --> 00:01:41,450 We go down and start to get more information on what's running. 23 00:01:41,450 --> 00:01:49,980 So like, for example, Port 21 running versus FTD two point three point four and anonymous FTP login 24 00:01:49,980 --> 00:01:50,710 is allowed. 25 00:01:50,840 --> 00:01:54,480 That's something that you want to write down and actually go ahead and verify. 26 00:01:54,480 --> 00:01:58,800 You know, that that's that's an attack right there, like trying to connect via FTP and see if, you 27 00:01:58,800 --> 00:02:00,720 know, we could transfer files back and forth. 28 00:02:01,530 --> 00:02:06,540 Sea Port 22 is open and is running open, as is age seven. 29 00:02:07,020 --> 00:02:07,760 He won. 30 00:02:07,770 --> 00:02:15,240 So we want to do is actually go and, you know, look up exploits, you know, for this version and 31 00:02:15,240 --> 00:02:22,350 see if there's something that some type of information or something we can gain from taking advantage 32 00:02:22,350 --> 00:02:25,260 of, you know, that service being run for us. 33 00:02:25,500 --> 00:02:30,900 Specifically, Port 23 is open, so telnet might be used. 34 00:02:30,900 --> 00:02:35,970 So that's a as you know from the networking section, Telnet is unencrypted. 35 00:02:35,970 --> 00:02:42,180 So if you were to find a way to use that traffic, you can gain, you know, usernames, passwords, 36 00:02:42,180 --> 00:02:43,910 sensitive information, all kinds of stuff. 37 00:02:44,280 --> 00:02:44,990 So interesting. 38 00:02:45,010 --> 00:02:49,620 So what you really want to do is, you know, go through and start to look at these different courts. 39 00:02:49,650 --> 00:02:54,570 You start to get an idea coming right down or just one by one, you know, go through what we're going 40 00:02:54,570 --> 00:02:57,870 to what we're about to do for, like, searching for exploits. 41 00:02:58,500 --> 00:03:04,540 Soon we you can just go through one by one and just search for exploits for, you know, these different 42 00:03:04,560 --> 00:03:05,130 things right here. 43 00:03:05,130 --> 00:03:09,390 Apache, EBD, two point two point eight. 44 00:03:09,390 --> 00:03:14,670 You will look for X, Y specifically for that and just look through these things and start to get an 45 00:03:14,670 --> 00:03:17,310 idea of, you know, what you can do. 46 00:03:17,730 --> 00:03:19,470 This thing is very exploitable. 47 00:03:19,470 --> 00:03:20,940 That's why it's called metastable. 48 00:03:21,480 --> 00:03:23,250 So there's a lot of different things that we can do. 49 00:03:23,490 --> 00:03:29,460 So let's just jump right into a really basic attack first and then we're going to start to get into 50 00:03:29,460 --> 00:03:30,030 exploits.