1
00:00:00,150 --> 00:00:01,640
Welcome to the pivoting section.

2
00:00:01,680 --> 00:00:06,870
So first before we can pivot we're going to have to set up the lab a little bit differently.

3
00:00:06,870 --> 00:00:12,610
So what I want you to do is I want you to go ahead and shut down both of your Windows 10 machines.

4
00:00:12,610 --> 00:00:14,300
So I'm going to shut this one down.

5
00:00:14,320 --> 00:00:22,030
I shut this one down and we're going to modify the network settings on these just a little bit.

6
00:00:22,750 --> 00:00:30,040
So what we're going to do and the concept of pivoting here is that this Windows machine for example

7
00:00:30,070 --> 00:00:36,970
let's say that we have a network a network a is in its own domain and it is in the subnet we've been

8
00:00:36,970 --> 00:00:41,940
in the whole time 1 9 2 1 6 8 57 0 slash 24.

9
00:00:42,040 --> 00:00:49,420
Now it has the domain controller living there and we have this Windows 10 machine and it's in subnet

10
00:00:49,420 --> 00:00:49,790
A.

11
00:00:50,290 --> 00:00:53,060
But there's also a second Nick on this sub.

12
00:00:53,140 --> 00:00:58,430
This machine that has a subnet of Ten Top Ten Top Ten dot zero slash 24.

13
00:00:58,720 --> 00:01:04,390
And we can utilize that to see what the heck it might be talking to on that Ten Network.

14
00:01:04,540 --> 00:01:11,230
So that Ten Network is not available to us when we're sitting there on a pen test and we're pen testing

15
00:01:11,230 --> 00:01:13,570
the 1 9 2 1 6 8 fifty seven to zero.

16
00:01:14,380 --> 00:01:19,370
But if we were to exploit this machine that has the dual home network then guess what.

17
00:01:19,420 --> 00:01:23,230
We have that 10 dot tend to attend a zero network available to us now.

18
00:01:23,230 --> 00:01:25,300
So we have a second network.

19
00:01:25,300 --> 00:01:31,270
And what's going to be living on this other machine it's going to be this 10 dot 10 dot 10 dot whatever

20
00:01:31,330 --> 00:01:33,910
it's going to be machine over here with Windows.

21
00:01:34,030 --> 00:01:37,150
And this is not going to be on the one I need to network anymore.

22
00:01:37,150 --> 00:01:44,200
So we're going to actually access a machine that we have no way of accessing through a intermediary

23
00:01:44,200 --> 00:01:45,880
machine here and this is called pivoting.

24
00:01:46,240 --> 00:01:50,590
So let's go ahead and go into our file.

25
00:01:50,590 --> 00:01:53,370
We're going to edit into a virtual network.

26
00:01:53,380 --> 00:02:02,160
Ed and in here as of right now I'm going to bring this over if it's going to let me know.

27
00:02:02,230 --> 00:02:03,000
It's not gonna let me.

28
00:02:03,070 --> 00:02:03,340
OK.

29
00:02:03,370 --> 00:02:04,600
We'll do it like this.

30
00:02:04,600 --> 00:02:13,890
So we should have a host only of 1 9 to actually a net of 1 2 1 6 8 50 7 0.

31
00:02:13,990 --> 00:02:21,650
And I'm going to go ahead and just say change settings and that's going to UAC here and now what we're

32
00:02:21,650 --> 00:02:24,420
gonna do is we're going to add a network.

33
00:02:24,800 --> 00:02:28,150
So I'm going to add VM that will to say 7.

34
00:02:28,340 --> 00:02:29,630
OK.

35
00:02:29,720 --> 00:02:33,170
And we're going to make this its own little thing here.

36
00:02:33,170 --> 00:02:36,420
So the net sevens host only that's fine.

37
00:02:36,500 --> 00:02:43,550
We're going to make this a 10 10 that 10 0 slash 24 network OK.

38
00:02:43,550 --> 00:02:45,490
So the net here is OK.

39
00:02:45,560 --> 00:02:47,680
When I do 168 fifty seven not zero.

40
00:02:47,690 --> 00:02:50,240
And then we have a 10 that 10 that 10 dot 0.

41
00:02:50,300 --> 00:02:59,440
So we'll apply that and then what we're gonna do is we're going to bring back up the configurations

42
00:02:59,440 --> 00:03:01,200
here for both of the machines.

43
00:03:01,200 --> 00:03:06,400
Once this is done doing the install of being at 7 so this might take just a second.

44
00:03:06,400 --> 00:03:13,210
Go ahead and pause if you need to and then return back once your install is complete okay.

45
00:03:13,230 --> 00:03:14,250
My install is complete.

46
00:03:14,250 --> 00:03:14,670
I'm in here.

47
00:03:14,680 --> 00:03:25,540
OK and then I'm going to bring over the windows 10 machine here MSA edit virtual settings so we're going

48
00:03:25,540 --> 00:03:28,780
to edit this and I've got one network adapter here.

49
00:03:28,790 --> 00:03:34,610
I'm actually going to add a second network adapter so go ahead and add network adapter and hit finish

50
00:03:36,080 --> 00:03:41,610
and then what I'm going to do is I'm going to say custom on this one and we're just going to save the

51
00:03:41,620 --> 00:03:43,520
Internet seven.

52
00:03:43,590 --> 00:03:48,550
So this is going to have the net here and VM seven.

53
00:03:48,770 --> 00:03:49,290
We're gonna hit.

54
00:03:49,290 --> 00:03:55,810
OK and then on this one we're gonna edit this virtual machine setting

55
00:03:58,890 --> 00:04:03,850
and we're going to come into here and we're gonna change this to a specific network of seven.

56
00:04:03,870 --> 00:04:08,490
So now the Peter Parker machine this is the second one here.

57
00:04:08,490 --> 00:04:11,510
This is going to be on 10 10 that 10 dot zero.

58
00:04:11,520 --> 00:04:18,240
Only this machine is going to be dual harmed and able to talk to the Domain Controller and itself.

59
00:04:18,240 --> 00:04:18,540
Right.

60
00:04:18,570 --> 00:04:25,350
So let's go ahead and just power on this virtual machine and I'm going to go ahead and power on the

61
00:04:25,350 --> 00:04:26,910
other virtual machine as well.

62
00:04:28,030 --> 00:04:30,850
And I'm gonna get logged back into Cally Linux

63
00:04:33,770 --> 00:04:36,830
and get ready for our next lesson here.

64
00:04:36,860 --> 00:04:41,080
So I still have the bloodhound stuff up as you can see.

65
00:04:41,410 --> 00:04:48,110
So I'm gonna open up a new terminal and I want you to boot up Metis boy.

66
00:04:48,130 --> 00:04:54,020
So go ahead and just load Metis flight for this and let's double check that the lab is ready to go.

67
00:04:54,070 --> 00:05:00,730
So I'm going to go back over and I'm just going to log in as Frank Castle here and I'm going to check

68
00:05:00,730 --> 00:05:05,580
the command and make sure we know the IP address of Frank Castle and the IP addresses man.

69
00:05:05,590 --> 00:05:10,180
So we can log into both actually and I'll just log in as Adam and here

70
00:05:13,020 --> 00:05:18,790
and let's go ahead and check the configurations and see how they showed up.

71
00:05:18,870 --> 00:05:28,220
So we've got a command and we're just gonna say IP config and you can see now that 1 9 2 1 6 8 57 one

72
00:05:28,220 --> 00:05:34,890
forty is where he's lived this entire time ten that ten ten that 128 is new.

73
00:05:35,680 --> 00:05:44,280
And then we come over here and we go to command on the second machine and we say IP config and this

74
00:05:44,280 --> 00:05:47,250
is ten dot ten not ten not one twenty nine.

75
00:05:47,250 --> 00:05:56,540
So in theory we should be able to ping tend to end up 10 not one twenty nine and that will talk and

76
00:05:56,550 --> 00:06:01,290
we should also be able to ping 141 from our Cally machine.

77
00:06:01,830 --> 00:06:07,430
So we say ping 1 9 2 1 6 8 fifty seven one forty one that talks.

78
00:06:07,530 --> 00:06:07,890
OK.

79
00:06:07,890 --> 00:06:13,250
And so from here what we're gonna do is we're going to pause.

80
00:06:13,260 --> 00:06:20,460
We'll take a pit stop and we'll move into the next video and we actually load up the exploit we exploit

81
00:06:20,460 --> 00:06:26,090
this machine and then we're gonna go ahead and pivot and attack slash scan this machine.

82
00:06:26,100 --> 00:06:28,670
So let's go ahead and do that.

83
00:06:28,740 --> 00:06:30,170
I'll catch you over in the next video.