1
00:00:00,120 --> 00:00:04,440
Welcome to the mid course Capstone.

2
00:00:04,610 --> 00:00:12,530
Now this capstone is going to be utilizing a Web site called The hacked the box hack the box is a fantastic

3
00:00:12,530 --> 00:00:13,550
resource.

4
00:00:13,550 --> 00:00:18,630
Now to go to hack the box open up a web browser and go to hack the box dot E.U..

5
00:00:18,800 --> 00:00:25,340
You'll be brought to this Web site now getting into hack the box is a little bit tricky.

6
00:00:25,350 --> 00:00:27,950
You actually have to hack your way in.

7
00:00:28,230 --> 00:00:31,800
Now it is against terms of service for me to help you do that.

8
00:00:32,370 --> 00:00:39,270
However if you do some googling which is reconnaissance you will be able to figure out how to do it

9
00:00:39,270 --> 00:00:41,000
pretty easily.

10
00:00:41,010 --> 00:00:46,670
Now for this specific part of the course we're going to be utilizing the IP.

11
00:00:46,680 --> 00:00:52,080
And let me show you a little bit of the difference of what hack the box has to offer what the IP is

12
00:00:52,080 --> 00:00:53,890
and then why we're using it.

13
00:00:54,030 --> 00:00:59,960
And then you can either watch this course or you could just you could practice along with me.

14
00:00:59,970 --> 00:01:01,920
So bear with me here for a second.

15
00:01:01,920 --> 00:01:03,560
This is what hack the box looks like.

16
00:01:03,570 --> 00:01:08,370
Once you're logged in now you have access to this left side here.

17
00:01:08,370 --> 00:01:14,460
And on the left side there's something called machines machines is the main way to access this.

18
00:01:14,490 --> 00:01:14,880
OK.

19
00:01:14,880 --> 00:01:21,150
So you come in here and there's all if you come into all here you're going to be able to see two different

20
00:01:21,150 --> 00:01:22,280
types of machines.

21
00:01:22,380 --> 00:01:25,620
You're gonna be able to see active machines and active machines.

22
00:01:25,620 --> 00:01:30,220
Are the machines that are currently active and can be attacked by anybody.

23
00:01:30,300 --> 00:01:36,270
So you see difficulty levels the higher the difficulty here you can see the harder it is.

24
00:01:36,270 --> 00:01:41,100
So if you're a newbie and you want to start working on these you might want to start with the ones that

25
00:01:41,100 --> 00:01:42,930
are kind of lower in the green.

26
00:01:42,930 --> 00:01:48,660
This is a fantastic Web site that you do not have to pay any money for if you do not want to to start

27
00:01:48,660 --> 00:01:51,360
practicing and playing around with hacking.

28
00:01:51,360 --> 00:01:55,800
Now caveat is a lot of these machines are super unrealistic.

29
00:01:55,860 --> 00:01:59,820
A lot of what I'm teaching in this course is practical that's why we're calling it a practical course

30
00:02:00,330 --> 00:02:05,370
and we don't do a lot of the tools and techniques that you might need to be successful there might be

31
00:02:05,370 --> 00:02:10,010
a lot of research time put in here to actually be successful in the course.

32
00:02:10,020 --> 00:02:14,700
However it's still a great way to learn and practice especially if you're going to do something like

33
00:02:14,730 --> 00:02:17,030
a certification exam like the OSP.

34
00:02:17,070 --> 00:02:20,710
This is a good way to kind of get towards that level.

35
00:02:20,760 --> 00:02:29,090
Now you see the active machines here are the retired machines there are over a hundred retired machines.

36
00:02:29,090 --> 00:02:31,870
Look at all these now as a free user.

37
00:02:31,880 --> 00:02:36,080
You get access to the active machines which is 20 at any given time.

38
00:02:36,080 --> 00:02:39,970
Right now we have one hundred and thirty of nine machines which means that there are one hundred and

39
00:02:39,970 --> 00:02:42,400
nineteen retired machines.

40
00:02:42,410 --> 00:02:45,720
The nice thing about the retired machines is you can pick on difficulty.

41
00:02:45,830 --> 00:02:47,630
You have filters over here to do so.

42
00:02:47,840 --> 00:02:50,810
And we could say Hey I just want all the easy ones.

43
00:02:51,020 --> 00:02:51,860
Let's just do that.

44
00:02:51,890 --> 00:02:57,230
I want to try all the easy ones let me clear through those first and then we'll work our way up and

45
00:02:57,230 --> 00:03:00,980
we can pick easy ones and we just go from there.

46
00:03:00,980 --> 00:03:06,350
And the nice thing to do is you come into here and you say like OK you know I want to look at this box

47
00:03:06,470 --> 00:03:09,390
and I'm struggling I I'm on it I'm struggling.

48
00:03:09,410 --> 00:03:10,650
I don't know what I'm doing.

49
00:03:10,670 --> 00:03:12,890
You click in here you scroll through.

50
00:03:12,890 --> 00:03:17,680
There are all kinds of user submitted walkthrough as some of these have videos for them.

51
00:03:17,960 --> 00:03:19,400
So if you're ever stuck.

52
00:03:19,400 --> 00:03:24,790
The nice thing about a retired machine is somebody has probably already done it and can have a walkthrough

53
00:03:24,800 --> 00:03:25,070
for you.

54
00:03:25,070 --> 00:03:29,300
There's a guaranteed walkthrough out there for a machine in case you do get stuck.

55
00:03:29,300 --> 00:03:33,220
So on top of this you do have access to different challenges.

56
00:03:33,260 --> 00:03:38,270
So if you like challenges or you want to practice for what like a capture the flag might be like a capture

57
00:03:38,270 --> 00:03:38,570
the flag.

58
00:03:38,570 --> 00:03:43,050
Competition is basically a bunch of challenges where you score points for solving problems.

59
00:03:43,220 --> 00:03:48,960
And if you win you get some cool stuff sometimes as there's a bunch of those over here which are neat.

60
00:03:49,130 --> 00:03:53,930
And then there's prolapse as well which are great if you're looking to get into Active Directory kind

61
00:03:53,930 --> 00:03:58,190
of stuff but these are really kind of on the advance side and do cost quite a bit of money.

62
00:03:58,400 --> 00:04:02,830
So the hack the box VIP is ten dollars.

63
00:04:02,900 --> 00:04:08,120
If you're 10 euros a month it equates to about 13 US dollars a month.

64
00:04:08,120 --> 00:04:14,510
I do not know anywhere else on the conversion but if you come into here and you see what is VIP it kind

65
00:04:14,510 --> 00:04:19,270
of tells you a little bit more you have less crowded labs and you have access to all the retired machines

66
00:04:19,280 --> 00:04:24,640
so there's quite a few people on the active off site.

67
00:04:24,670 --> 00:04:30,130
So the VIP membership just gives you access to VIP side so your labs are more stable.

68
00:04:30,260 --> 00:04:31,440
And that's really nice.

69
00:04:31,460 --> 00:04:37,310
And there's some other benefits here as well but essentially once you're signed up and you have access

70
00:04:37,370 --> 00:04:44,120
you just come to this access tab and you'll download a VPN file and you just say download a VPN file

71
00:04:44,150 --> 00:04:49,400
and it tells you what to do how to run it and you get connected to the VPN you'll come to a machine

72
00:04:49,400 --> 00:04:55,070
over here and say I'll pick a machine and you'll say hey I want to just go ahead and just start this

73
00:04:55,070 --> 00:04:58,790
machine up and you start that machine up and you're allowed to have one machine running at any given

74
00:04:58,790 --> 00:05:04,430
time so you can start a machine and you can actually reset a machine if you need to.

75
00:05:04,430 --> 00:05:06,410
And then you submit your flags here when you find them.

76
00:05:06,410 --> 00:05:12,170
So basically your goal is to have this machine find a flag and then submit the flag and there's always

77
00:05:12,200 --> 00:05:17,940
a user flag and a root flag and we'll kind of cover what that looks like as we go through these.

78
00:05:17,960 --> 00:05:24,260
So the premise of this course getting into this is that the premise of this capstone is that these are

79
00:05:24,470 --> 00:05:29,470
all going to be VIP machines they're all going to start off kind of easy.

80
00:05:29,480 --> 00:05:31,460
And then we're going to crescendo.

81
00:05:31,460 --> 00:05:37,070
And what I'm going to do is I'm going to list the machine name and all this the machine name in the

82
00:05:37,070 --> 00:05:39,580
title of the video.

83
00:05:39,590 --> 00:05:47,600
So before you watch it if you have the VIP you're more than welcome to try the try to solve the machine

84
00:05:47,600 --> 00:05:49,070
yourself if you can't.

85
00:05:49,070 --> 00:05:49,880
That's fine.

86
00:05:49,880 --> 00:05:50,630
Watch the video.

87
00:05:50,630 --> 00:05:53,320
Figure out where you went wrong and go from there.

88
00:05:53,330 --> 00:05:57,190
The second thing about these upcoming videos they're all pre-recorded.

89
00:05:57,200 --> 00:06:00,830
These are all coming from a mini series that I did on YouTube.

90
00:06:00,830 --> 00:06:02,550
There are 10 of these videos.

91
00:06:02,750 --> 00:06:07,130
There is going to be repeat information but I think that is for good reason.

92
00:06:07,130 --> 00:06:10,760
Again as I said in the last couple of videos I think repeat information is good.

93
00:06:10,760 --> 00:06:14,960
So you're going to see a little bit of repeat but this course is going to crescendo.

94
00:06:14,990 --> 00:06:15,700
OK.

95
00:06:15,800 --> 00:06:20,600
We're going to crescendo all the way through ten videos you're going to start off super easy.

96
00:06:20,630 --> 00:06:25,790
And by the time you get to the 10 video I think you're going to be very comfortable with exploding machines.

97
00:06:25,850 --> 00:06:30,260
You're going to be very comfortable with just the idea of these machines and you're gonna be really

98
00:06:30,260 --> 00:06:34,120
comfortable with a theory and I want to get you if you do not practice along.

99
00:06:34,130 --> 00:06:34,820
That's OK.

100
00:06:34,820 --> 00:06:38,930
Please do not skip these videos please understand the theory.

101
00:06:38,930 --> 00:06:45,620
This is how an attacker thinks this is the mindset of an attacker you have to understand that because

102
00:06:45,680 --> 00:06:51,910
after we get through this we're going to start getting into some heavier stuff some more complex stuff.

103
00:06:52,040 --> 00:06:56,840
And I want you to be comfortable with the basics before we start diving into that or else you're just

104
00:06:56,840 --> 00:06:58,750
going to start getting a little bit lost.

105
00:06:58,970 --> 00:07:02,150
So watch these videos understand what you're seeing.

106
00:07:02,330 --> 00:07:04,400
It's OK to watch repeat information.

107
00:07:04,430 --> 00:07:08,360
There won't be a ton of it but there will be some of it and I think it's going to help.

108
00:07:08,360 --> 00:07:12,070
So the first video we're going to do in this series is going to be legacy.

109
00:07:12,080 --> 00:07:14,220
So we're going to cover legacy here.

110
00:07:14,240 --> 00:07:19,090
So my challenge to you is to do some googling.

111
00:07:19,220 --> 00:07:23,190
Sign up for an account and come to the site.

112
00:07:23,200 --> 00:07:24,300
If you do the VIP.

113
00:07:24,300 --> 00:07:29,260
Go ahead get the VIP started download the access come in here.

114
00:07:29,270 --> 00:07:33,590
Press start and scan this machine with the scanning lesson that I taught you.

115
00:07:33,590 --> 00:07:36,140
If you do not want to take that route that's fine.

116
00:07:36,140 --> 00:07:41,510
The other route that you can take is you could watch the video first then go back and try it on your

117
00:07:41,510 --> 00:07:43,790
own and see if you can improve upon it.

118
00:07:44,300 --> 00:07:44,880
OK.

119
00:07:44,990 --> 00:07:51,020
So I'm going to have eight to 10 videos upcoming and we'll pick and choose those videos out and then

120
00:07:51,080 --> 00:07:55,150
you should be really good to move on into the exploit development part of the section.

121
00:07:55,280 --> 00:07:58,390
So I will see you guys over in the next section.

122
00:07:58,400 --> 00:08:01,240
Once you're through this capstone look forward to seeing you over there.