1
00:00:00,090 --> 00:00:07,130
Let's briefly cover our notes so far so we have covered a little bit of this right.

2
00:00:07,140 --> 00:00:13,800
We cover the fact that we have our own map in here and what we saw in court twenty two or 80 etc. and

3
00:00:13,800 --> 00:00:19,380
we had a couple of findings from before we had default web page on Apache and we had this information

4
00:00:19,380 --> 00:00:21,330
disclosure as well.

5
00:00:21,390 --> 00:00:23,020
Now we've done some exploding.

6
00:00:23,130 --> 00:00:25,810
So I've gone ahead and just put in here.

7
00:00:26,010 --> 00:00:30,470
I put the S&amp;P exploit so I put an example of what it looks like when we run it.

8
00:00:30,660 --> 00:00:32,590
And you could see that the.

9
00:00:32,610 --> 00:00:35,610
Who am I and the host names in there and then I've got the IP address.

10
00:00:35,610 --> 00:00:37,080
This is just for my notes.

11
00:00:37,140 --> 00:00:39,120
You can make this as detailed as you want.

12
00:00:39,120 --> 00:00:44,670
By the way you could say Hey I ran this at this specific time and I ran it against this host.

13
00:00:44,700 --> 00:00:50,270
And here is the attack I ran etc. and we'll get more into what your report should look like.

14
00:00:50,280 --> 00:00:55,430
But as long as you know at least for me as long as I know I have a screenshot of proof that I did it

15
00:00:55,830 --> 00:00:58,110
and I have the IP address that I ran it against.

16
00:00:58,170 --> 00:00:59,220
That's pretty much enough.

17
00:00:59,220 --> 00:01:01,580
I can remember the rest and then type out the report.

18
00:01:02,160 --> 00:01:08,400
And same here with the mod SSL attack on port 80 and four for three and I don't have a copy of it right

19
00:01:08,400 --> 00:01:12,680
now but the shadow file we did uncover the shadow file as being a root user.

20
00:01:12,680 --> 00:01:19,920
So this just notes for us perhaps we could use the shadow file information and crack the passwords or

21
00:01:19,920 --> 00:01:25,160
we could go on and try to pass the password or pass the hash round which we'll get to in later videos.

22
00:01:25,710 --> 00:01:30,310
And another thing that add in here to was undetected malicious activity.

23
00:01:30,330 --> 00:01:35,940
So this is something that you're going to see on a report and we talked about in the the brute forcing

24
00:01:35,940 --> 00:01:40,980
video where if we're doing any kind of brute forcing we're doing it not only to see if we get hit with

25
00:01:40,980 --> 00:01:43,680
bad password but to see if the client catch us.

26
00:01:43,710 --> 00:01:46,410
So this example I'm using to say hey they didn't catch us.

27
00:01:46,410 --> 00:01:48,430
Here's an example what we did.

28
00:01:48,480 --> 00:01:52,350
Also scanning in there as well if you're not seeing a scan that's something that we're going to report

29
00:01:52,350 --> 00:01:53,050
back.

30
00:01:53,070 --> 00:01:56,580
So this would be typically a low finding these would also be low findings.

31
00:01:56,610 --> 00:02:02,340
Anytime we get access to a machine this is obviously critical finding.

32
00:02:02,340 --> 00:02:07,010
So we just want to keep know of what kind of things we're finding take good pictures et cetera.

33
00:02:07,010 --> 00:02:12,020
So I'm hoping that you are getting the gist now of what your notes should look like.

34
00:02:12,030 --> 00:02:15,470
Again Make these your own however it feels good to you.

35
00:02:15,540 --> 00:02:17,000
This is just how I kind of do it.

36
00:02:17,010 --> 00:02:21,210
I don't have to put a ton of information in there for me to remember as long as I have my screenshots

37
00:02:21,300 --> 00:02:24,960
which are most important because that's your proof that you were actually there and you did it.

38
00:02:24,990 --> 00:02:28,020
Otherwise it's just he said she said kind of thing.

39
00:02:28,050 --> 00:02:29,640
So that is it for this video.

40
00:02:29,640 --> 00:02:31,350
That is it for this section.

41
00:02:31,350 --> 00:02:33,840
Congratulations again for making it this far.

42
00:02:34,170 --> 00:02:38,280
Now we're going to move into some of the fun stuff where we get to look at a bunch of different attacks

43
00:02:38,670 --> 00:02:43,420
and gradually just get a little bit more complex and learn some new things along the way.

44
00:02:43,470 --> 00:02:49,620
And I like to call it a capstone because we're capping off where all the things we learned so far.

45
00:02:49,650 --> 00:02:53,490
We're going to actually build upon it so you're going to learn a bunch of new little techniques as we

46
00:02:53,490 --> 00:02:55,480
do this little midcourse Capstone.

47
00:02:55,650 --> 00:02:58,570
And then we're gonna get into really fun stuff once we get to act director.

48
00:02:58,590 --> 00:03:00,070
I'm really excited for that.

49
00:03:00,120 --> 00:03:02,310
So I will catch you over in the next section.