OWASP

Course
Time
4 hours 32 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:01
in the last video, we went ahead and ran a quick scan with Nick. Go to look for and see if we found out robots dot text file, which we did. We then use w get to actually take a look at the disallowed file in there. The cg I dash been. So we took a look at that file. And then what we noticed in there is that we noticed that was running a boon to
00:21
12.4 dot five
00:23
s. So it was an older version of a boon to Lennox, and that told us, Well, we kind of knew the answer based off this lab. But if we were experience and we're an experienced attacker, we would know that that may be vulnerable to the shellshock virus and shellshock exploits. So we're gonna go ahead now and actually
00:40
set up that exploit inside of medicine points. We're gonna use medicine point as our tool,
00:45
and we'll use a menace boy framework to go ahead and build that out. And then we'll actually run that command.
00:50
So we're gonna start off in step 13 for this particular video. So we're gonna run pseudo, and then we're gonna open up the medicine boy Framework Consul.
00:58
So it's going to do that now.
01:00
So what is gonna type in pseudo space, M s F consul and then just type the enter key on your keyboard,
01:07
and it's gonna take a moment. So it actually launched the consulate. Takes takes, you know, anywhere up to like, 30 seconds or so, Sometimes longer, depending on your particular Kelly version. You'll see. There it started in the background, and we'll let that run for a little bit.
01:21
So once it finally launches for us again, it may take a moment or so here, toe finished pulling up. Once it launches, we're gonna type in search shell sack at our command. Prompt. So you see, in the background, their minds for me finally pulled up. So we're gonna type in search
01:38
and then space and then shell shock
01:41
shell ***, but shell shock. There we go. All right. Press enter into keyboard is going to show you all the various
01:49
exploits that are available. We're actually gonna be using this very top one. Here. The axillary scanner One scroll back down. We'll go back to our lab document
01:59
now. I encourage you If you want to be a penetration tester, you'll definitely want to know medicine. Lloyd. You'll definitely want to know. Callie Lennox. I'll see you want to get good with those and you definitely want experience, right? Like it's not penetration. Testing is not something that anyone gets out of the box. And I know we're on just an old lost course. But since we're doing a lot of things that a pen tester might do and throughout this course as faras tools,
02:17
I always like to bring that up that if this is something that interests you,
02:21
you find it fascinating. That may be a career path you want to check out, and by the way, not to self plug but shameless plug right here. We do have a career platform that on cyber. So if that interests you, definitely check that out.
02:31
All right, enough die aggression there. Let's go ahead and get back into our lab. So the next thing we're gonna do is we're at step 15 here, So we're gonna take this long command in here, and we're gonna do it step by step, as we normally do. We'll go ahead and run that and then we'll move through the rest of the lab. So first things first, we're gonna put use space auxiliary ery and then
02:52
Ford flash scanner.
02:53
So let's take that in now. So use
02:57
space
02:58
auxiliary eri
03:00
four slash scanner.
03:02
Let's go back for a lab document.
03:04
So the next part we want a type in here is gonna be four slash http ford slash Apache. So we'll take that part next.
03:13
All right, so four slash http for slash Apache.
03:17
Okay, let's go back to our lab document.
03:20
Now we're gonna do underscore em. OD underscore c g i
03:25
So we're going to underscore in Moby underscore c g i.
03:30
And then finally we're gonna do underscore bash, underscore e in the
03:37
so where to do Underscore Bash underscore e n V. Once we type that in, just double check yourself. And then once you feel confident, go ahead and press enter
03:45
and you'll see it Didn't seem like anything happened, but it did. We've gone ahead and switched here. So now what we're gonna do is we're gonna take the info command.
03:53
So what that's gonna do is show us more about this particular module that we're working with inside of medicine points. So that's one type info,
04:00
and then just press enter and you'll see it'll show you a little bit about the modular. Give me a description of the module. Give you some other CV details about show shock itself, which is an older exploit. However, it's something that's still in use out there. So just f y I on that. A lot of companies air still using older things, for example, like that, You boo, too.
04:19
The older version is not that far out of a thing to use
04:24
a SZ faras like finding that in the company. If you do get into penetration, testing and, you know, look at different companies, especially on a global scale.
04:31
All right, again, I digress there for a second, but it's definitely relevant. So we'll keep going in our laugh here. So Step number seventeen's where we're at now, so we're gonna type in set our host Mattila Day, and then once we press enter, then we'll type in this second command here.
04:46
So let's go and do that now. So here in our command, prompt here, we're gonna type set
04:51
R H host
04:53
and then me till today
04:55
then just press enter.
04:57
Now. One thing to keep in mind is that if you talk this wrong and may not give you their message, so you may not know until we actually try to go run stuff.
05:04
All right, so our host Mattila Day So we took that in there. Now we're gonna do this next one here. So we're gonna type in. We'll take this one step by step for everybody. So what type and set and then target U R I
05:15
type in set space target. You are high all in capitals.
05:19
We'll put another space,
05:21
and then we're gonna type in four slash cg I dash and been So let's go and do that. Now
05:27
type and ford slash cg I dash been
05:31
and then we'll finish out the rest of our command here, So we're gonna put ford slash status dot c g I.
05:36
So we're type in Ford flash status
05:40
docked
05:41
CD I All right. So once we have that and just go ahead and run that one as well.
05:47
All right, so now we've said our parameters on this particular tool. So now we're just gonna go ahead and run it and we'll see what kind information we get back.
05:55
So all we have to do to run it's pretty simple. We just run
05:58
in our command from there, and then this press enter
06:00
and you'll see it's gonna take a second or so to run.
06:03
All right, so
06:05
we see results from the i D command. So we see the user. I d. Right there. The u I. D 33 wrestle. See the group i d 33 groups, 33 groups.
06:15
So we see that information in there.
06:17
So now, eh? So basically, we've determined that the service won't, but we're gonna actually use shellshock now to go ahead and attack the vulnerable service.
06:25
All right, so the next step here is step 20. We're gonna go ahead and type this along command here. So again, like we've been doing, what is gonna go step up step the type, all that it.
06:34
So we're a tight use exploit first, So you space exploit,
06:40
and then we're gonna type in ford slash multi ford slash h T t p.
06:46
So where to? Type in four slash multi ford slash http.
06:51
And then we're gonna type in Apache. So where it happened forward slash Apache underscore em OD.
06:58
Well, type it four slash patchy underscore m o d.
07:02
And then we're gonna type in underscore cg I underscore Bash.
07:06
So underscore CG I underscore. Bash.
07:13
Next, we're gonna type underscore e n v underscore e x e c
07:18
We're typing. Underscore the envy
07:21
lower case there and then underscore e x e c.
07:26
All right, so, again, just like before, Just double check yourself. Make sure you take that correctly once you talk that and go ahead and press enter into keyboard
07:33
and then our next step here in step 21 we want type and show options.
07:39
Let's go and do that now. So we're just gonna type in show options. We'll see what kind of options we have with this particular attack and even scroll up and take a look at these. Like, what kind of attack do you want to do? You know, you want to do it against the target I targeted. Address that target port number. Like, what do you want to do here?
07:56
All right, so for us, we want to set our options. So we're gonna come down here to step 2023. Excuse me
08:01
and where to type and set our host. Mathilda. You'll notice it's not our host. It's our host. Just know s there at the end.
08:09
So it's going Type that in? No. So sit or host
08:13
me till today.
08:16
All right, then just press enter into keyboard,
08:18
and then we want to set our next one here as well. So we're gonna type in initially set target. You are high. So is going type that in now. So set all over case and then our target you are I just like before was all capitals.
08:31
And then we're gonna put a ford slash cg I dash and been So let's go and do that now.
08:37
So forth slash cc I dash been
08:41
And next we'll type in ford slash status dot c g i So it's going to do that now If it affords last status
08:46
dot c g I
08:48
now, then just press enter into keyboard to run it.
08:54
All right, so next up, we're gonna specify the reverse shell as our payload for the for this particular attack. But I'm not gonna hit pause a video before we jump into that, and we'll just pick this back up in the next video

Up Next

OWASP

Established in 2001, the Open Web Application Security Project (OWASP) offers free security tools and resources to help organizations protect critical apps. Cybrary’s OWASP training course covers the organization’s popular “Top 10” risk assessment.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor