1 00:00:00,210 --> 00:00:06,570 OK, so now let's talk about searching and understanding exploits, so the next step in launching an 2 00:00:06,570 --> 00:00:12,510 attack, you know, after we're actually looking through, you know, we went through into detail nothing 3 00:00:12,510 --> 00:00:15,840 just because that's something that doesn't really require an exploit, just something that you could 4 00:00:15,840 --> 00:00:16,680 just go and do. 5 00:00:17,430 --> 00:00:24,150 So, but when you get past that or maybe Tonette is an open, you're going to want to search for an 6 00:00:24,150 --> 00:00:26,050 exploit to use. 7 00:00:26,310 --> 00:00:31,470 So typically, you're going to be using public exploits to compromise systems. 8 00:00:31,470 --> 00:00:37,080 You're not going to be creating on your own exploits unless you, you know, become like a super, super 9 00:00:37,350 --> 00:00:39,180 elite, you know, level of hacker. 10 00:00:39,900 --> 00:00:41,610 You become like a security researcher. 11 00:00:41,610 --> 00:00:43,100 And that's something that you do. 12 00:00:44,040 --> 00:00:48,030 It's a very advanced skill and it's definitely something I encourage you to do. 13 00:00:49,320 --> 00:00:56,070 But when you're typically when you're penetration testing, ethical hacking assessments and successful 14 00:00:56,070 --> 00:01:01,740 companies, you're typically going to be using public exploits because your job is to uncover was there 15 00:01:01,740 --> 00:01:04,270 and what someone else could exploit. 16 00:01:05,400 --> 00:01:10,110 It's kind of outside of the scope of this course, you know, to actually create exploits. 17 00:01:10,380 --> 00:01:14,990 But you can take some of the skills and actually create, in a way, your own kind of exploits. 18 00:01:15,120 --> 00:01:19,050 So and you can search for these exploits in a variety of ways. 19 00:01:19,200 --> 00:01:21,480 And we're going to go over, you know, each one of these. 20 00:01:22,590 --> 00:01:30,960 So the first is exploit Debe, so this is a website with literally thousands of public exploits and 21 00:01:30,960 --> 00:01:37,290 you can download all of them, you can visit the site and just search for the excuse that you want pretty 22 00:01:37,290 --> 00:01:39,770 easily with the search function. 23 00:01:39,770 --> 00:01:42,090 And he gave you just like a little search bar at the top of the page. 24 00:01:42,090 --> 00:01:45,720 I believe that we already went before too long for the Google hacking stuff. 25 00:01:45,720 --> 00:01:50,880 So you can just search up there and under the explicative section, you can search and find stuff that 26 00:01:50,880 --> 00:01:51,450 you want to like. 27 00:01:51,450 --> 00:01:58,350 For example, you can search like Windows seven or Firefox, find exploits related to your search terms 28 00:01:58,530 --> 00:02:04,170 so that your URL just once again for you guys have it is xiphoid DB dot com. 29 00:02:04,350 --> 00:02:11,850 So let's actually switch over to our Callear machine, browse to this site and actually try to find, 30 00:02:11,850 --> 00:02:18,840 you know, like an exploit that we could potentially use for exploded by this political machine. 31 00:02:19,200 --> 00:02:21,360 OK, so back into the machine. 32 00:02:21,360 --> 00:02:23,910 So I loaded up the Exploit DB Web site. 33 00:02:24,180 --> 00:02:29,520 So as you can see, it's pretty safe for this is a listing believe this looks like a listing, like 34 00:02:29,520 --> 00:02:33,480 the latest exploits that have been uploaded to the website. 35 00:02:34,170 --> 00:02:35,580 So you take a look at those if you want. 36 00:02:35,580 --> 00:02:38,970 But what we want to use is this search box. 37 00:02:39,120 --> 00:02:43,590 So you had the option here to check, you know, if it's been verified or not, which means it's been 38 00:02:43,590 --> 00:02:50,100 verified, you know, that it actually that actually works when you when you would use it, because 39 00:02:50,100 --> 00:02:52,460 some of these that have expired, they may work. 40 00:02:52,470 --> 00:02:53,250 I mean, I work. 41 00:02:53,250 --> 00:02:55,710 And it might be something that you have to, like, modify yourself. 42 00:02:55,870 --> 00:03:04,340 So be careful with those ones of the not what's called EDI, EDB verified and just be careful with those. 43 00:03:05,250 --> 00:03:08,510 So when I want to do is use a search box right here. 44 00:03:08,730 --> 00:03:10,250 So that's for example. 45 00:03:10,260 --> 00:03:16,920 So we remember that there was an FTP service that was called V as afte PD. 46 00:03:17,100 --> 00:03:22,230 So this type of GSF, the D, there we go. 47 00:03:22,470 --> 00:03:31,790 And I remember specifically I forgot the t v e f so we remembered the version actually looks right here. 48 00:03:31,800 --> 00:03:40,590 Hey Vince ftp PD two point three point four backdoor come in execution and it's a Métis boy, which 49 00:03:40,590 --> 00:03:45,840 is something that I'll go ahead and talk to you guys about as well so we can just click into this one 50 00:03:45,840 --> 00:03:47,240 and read a little bit more about it. 51 00:03:49,050 --> 00:03:55,080 So let this load and it's going to give us information, actually show us the expertise, so it's a 52 00:03:55,080 --> 00:04:00,000 part of the display framework, which is pretty much like a hacking made easy tool. 53 00:04:00,900 --> 00:04:02,820 And I'm going to get into that with you guys as well. 54 00:04:02,840 --> 00:04:08,340 But so this one is already going to be available to you on your colonics machine because colonics already 55 00:04:08,340 --> 00:04:09,030 has just one. 56 00:04:09,070 --> 00:04:14,970 And so what you're going to want to do, like, you know, here, like, for example, you can I believe 57 00:04:14,970 --> 00:04:19,170 that you can still download X when you use it, but it will require my display. 58 00:04:19,440 --> 00:04:23,400 So it's better to just launch something like this from a display we're going to get and how to do that 59 00:04:23,400 --> 00:04:23,890 stuff later. 60 00:04:23,910 --> 00:04:28,400 So we actually launched this one in a little bit later on in this section. 61 00:04:28,440 --> 00:04:34,020 You can go ahead and look at look at the exploit, kind of get a feel for what's going on. 62 00:04:34,680 --> 00:04:36,020 It has pseudocode in here. 63 00:04:36,030 --> 00:04:39,590 So you kind of understand what's telling you kind of like what's going on. 64 00:04:39,630 --> 00:04:43,860 You also just want to make sure that you're not getting anything that's malicious. 65 00:04:43,860 --> 00:04:49,710 Like if you're conducting a test of someone's network, you definitely want to make sure that you read 66 00:04:49,710 --> 00:04:55,470 over these things and make sure that they're not, you know, doing anything that will harm, you know, 67 00:04:55,470 --> 00:04:56,610 your client systems. 68 00:04:57,480 --> 00:05:02,140 So this is actually verified and it will be good to go before they go over any name at this point. 69 00:05:02,790 --> 00:05:04,230 So I do that in a little bit. 70 00:05:04,560 --> 00:05:07,980 But just remember, you can just search for exploits here. 71 00:05:08,280 --> 00:05:11,760 Let's search for another one that we might be able to find the CI. 72 00:05:13,530 --> 00:05:19,100 So something I was just like for example, like, I don't know, like from there we go on, let's say 73 00:05:20,100 --> 00:05:20,480 I see. 74 00:05:21,330 --> 00:05:27,740 So as you can see, there's very specific growing regions, you know, those exploits that are available. 75 00:05:27,750 --> 00:05:31,110 And some of these are going to require measures where you'll see that. 76 00:05:31,650 --> 00:05:36,870 But also other times you're going to see that you could just download these things and just run them 77 00:05:36,870 --> 00:05:37,730 from the command line. 78 00:05:37,740 --> 00:05:40,930 So that's something that, you know, we'll get into as well. 79 00:05:41,040 --> 00:05:45,570 But this is a great option for you guys to actually be looking for your public exploits.