1
00:00:00,120 --> 00:00:07,440
The first step of attacking is analyzing, so we need to gather up the information that we gathered

2
00:00:07,440 --> 00:00:13,320
during our information, like all of our passive active reconnaissance and, you know, analyze it and

3
00:00:13,320 --> 00:00:14,610
figure out what we're going to do.

4
00:00:15,510 --> 00:00:21,150
So this includes, you know, for example, looking at the resources and map and any other scans that

5
00:00:21,150 --> 00:00:27,030
you might have done or any of the testing you might have done in compiling a list of IP addresses,

6
00:00:27,600 --> 00:00:29,790
operating systems of host names.

7
00:00:30,600 --> 00:00:32,760
You know, like at what ports are open.

8
00:00:32,790 --> 00:00:39,450
You going to see if you discover network shares, going to look at discovered user accounts and then

9
00:00:39,450 --> 00:00:42,700
also, you know, potential vulnerabilities that we might have found.

10
00:00:42,930 --> 00:00:50,370
So with what we did, we already kind of know, you know, the targets.

11
00:00:50,370 --> 00:00:52,320
We know what the operating system is.

12
00:00:52,320 --> 00:00:54,420
We know we're doing better split-Level right now.

13
00:00:55,020 --> 00:01:00,060
And we also have like a Windows 10 machine that we can also target as well.

14
00:01:00,330 --> 00:01:07,920
And we know the IP addresses and we kind of saw, you know, the different services and such, you know,

15
00:01:07,950 --> 00:01:12,350
that were listed when we did like MRI scan and a version scan and stuff.

16
00:01:12,600 --> 00:01:17,730
So let's go ahead and look at that information really quick and see what we can, you know, start to

17
00:01:17,880 --> 00:01:19,860
start to get our brain going a little bit.

18
00:01:20,070 --> 00:01:30,780
OK, so I'm back on my Linux machine and I put the results from a map scanned into a text file so I

19
00:01:30,780 --> 00:01:34,300
can look at it, you know, where I need to and just see what ports open.

20
00:01:34,320 --> 00:01:35,730
So I see all these ports open.

21
00:01:35,880 --> 00:01:38,420
And also I did like I believe I did a Virgin scan as well.

22
00:01:38,520 --> 00:01:41,450
We go down and start to get more information on what's running.

23
00:01:41,450 --> 00:01:49,980
So like, for example, Port 21 running versus FTD two point three point four and anonymous FTP login

24
00:01:49,980 --> 00:01:50,710
is allowed.

25
00:01:50,840 --> 00:01:54,480
That's something that you want to write down and actually go ahead and verify.

26
00:01:54,480 --> 00:01:58,800
You know, that that's that's an attack right there, like trying to connect via FTP and see if, you

27
00:01:58,800 --> 00:02:00,720
know, we could transfer files back and forth.

28
00:02:01,530 --> 00:02:06,540
Sea Port 22 is open and is running open, as is age seven.

29
00:02:07,020 --> 00:02:07,760
He won.

30
00:02:07,770 --> 00:02:15,240
So we want to do is actually go and, you know, look up exploits, you know, for this version and

31
00:02:15,240 --> 00:02:22,350
see if there's something that some type of information or something we can gain from taking advantage

32
00:02:22,350 --> 00:02:25,260
of, you know, that service being run for us.

33
00:02:25,500 --> 00:02:30,900
Specifically, Port 23 is open, so telnet might be used.

34
00:02:30,900 --> 00:02:35,970
So that's a as you know from the networking section, Telnet is unencrypted.

35
00:02:35,970 --> 00:02:42,180
So if you were to find a way to use that traffic, you can gain, you know, usernames, passwords,

36
00:02:42,180 --> 00:02:43,910
sensitive information, all kinds of stuff.

37
00:02:44,280 --> 00:02:44,990
So interesting.

38
00:02:45,010 --> 00:02:49,620
So what you really want to do is, you know, go through and start to look at these different courts.

39
00:02:49,650 --> 00:02:54,570
You start to get an idea coming right down or just one by one, you know, go through what we're going

40
00:02:54,570 --> 00:02:57,870
to what we're about to do for, like, searching for exploits.

41
00:02:58,500 --> 00:03:04,540
Soon we you can just go through one by one and just search for exploits for, you know, these different

42
00:03:04,560 --> 00:03:05,130
things right here.

43
00:03:05,130 --> 00:03:09,390
Apache, EBD, two point two point eight.

44
00:03:09,390 --> 00:03:14,670
You will look for X, Y specifically for that and just look through these things and start to get an

45
00:03:14,670 --> 00:03:17,310
idea of, you know, what you can do.

46
00:03:17,730 --> 00:03:19,470
This thing is very exploitable.

47
00:03:19,470 --> 00:03:20,940
That's why it's called metastable.

48
00:03:21,480 --> 00:03:23,250
So there's a lot of different things that we can do.

49
00:03:23,490 --> 00:03:29,460
So let's just jump right into a really basic attack first and then we're going to start to get into

50
00:03:29,460 --> 00:03:30,030
exploits.