Time
14 hours 43 minutes
Difficulty
Advanced
CEU/CPE
15

Video Transcription

00:01
Hello, folks. Um,
00:03
welcome to episode number. Tree Basic surfaces to use in Cali. My name is Alejandro G. Now, and I'll be instructor for today's session.
00:13
Well, the learning our objectives of this session is to understand the basic leaning service is that you can use and be able to use those service is to implement hacking techniques.
00:24
Maybe not. So hack into Nick's, but techniques that will definitely help view in European penetration testing.
00:32
Well, let's get down to business, shall we,
00:36
uh, first, before we start, you know, this this video I would like to give you a word of advice. If you use the standard version, you know, kind of out of the box of Kali, this might be exposing several ports on service is by default.
00:56
Um, I recommend you to stop those service's and start them whenever needed.
01:00
Also, you know, the route bodies were despite the fall toward this is nothing new. So you should, you know, change that, Um if you're actually going to expose those service is to the internet.
01:14
Well, having said that, let's start with the first basic. If I say basic, I mean, you know something that must you must use and you will use during your penetration testing.
01:26
And is this in this case, we will start with the S a ts server. You know, we can't start Well 1st 1st of all, let me just give you here.
01:37
This is the I. P. M. Yusen and I have another windows machine. Um, waiting here. Ah, thio to act as the server.
01:48
So, uh, first you know, the first basic usage off the off the S H service is just typing, say server an and then day p order the main aim of the server. In this case, I will just tape a sage and i p of the windows Machinist
02:07
This one.
02:10
So as you can see, I didn't type any user name. It is requested the route. But I don't actually have a route user here, so I will just, you know, type. You can either put the dash l option and and then specified that that used her name.
02:30
You can just tied the use her name
02:32
fall about full but the I P number or the domain name.
02:42
So as you can see now it's Western Impossible for for my use her name that is all hands working out, and I will just tie the pas word, and
02:52
and as you can see, I'm already on the on the windows. Um, come on line. You know,
03:01
that's, you know, the really basic usage of the of the com line on S H. You can do way more stuff than that than that. Like, for example, specify. Let's just dash l just to show you here
03:20
and again, the same thing happens. But you can also specify the port because, you know, for any security policy or any security recent actually changed the port, which by the fullest twin to you can just to specify, to swell with minus p
03:36
option and then 22 then die. Pete No, nothing new. Nothing fancy,
03:40
but it gets the work done.
03:43
Uh, something really useful with, um shh. Is that you can actually
03:50
not use a password at all. And you can use us or defecates to actually look in our case, you know, the basic of the pool with clean for structure. You can use those keys to actually look in. And you can do that. I mean, you can create, actually create your
04:06
your keys by using the command.
04:11
Let me just type it right here
04:14
on the screen,
04:15
which is a S h that dash key, Jen.
04:21
So you will go to AA. Seriously, steps. I mean, nothing new here. I don't want to waste any time showing you, Dad, but you can, you know it will. It will request some directories where you will save that. The keys, maybe some positive words. And then you can enable that. So any remote user actually looking in
04:41
to your S S h service or server?
04:44
Ah, I can use that. Those certificates and kiss instead of a password. And you can even in that enable to mean something. You have in something, you know, to two factor authentication, if you like. Uh, yeah, that s h has this that capability.
05:01
Ah, but, you know, let's get to the kind of pen testing part or hacking part those commands that will be useful during your penetration testing. And first of all, you can actually rank amounts from remotely. For example, you can, in case you don't you don't want to stay locked in
05:18
because you want to cover your tracks or something like that.
05:21
So you just have to type sssh again. The same the same, Actually. Just go up here, you can just type the same and then type the command, um, that you want to execute. For example, I peek and fig,
05:38
so I just
05:39
enter the password,
05:42
and actually, the command is executed not seeing fancy here, but again, if you don't, maybe you don't wanna do to stay locked in because you don't want to show that connection. Um, being, you know, established. You can just do that. And, you know, maybe changed the body's worth something.
05:59
A little bit of releases here. Like, for example,
06:01
Nat to you, sir.
06:04
And you know his work?
06:06
I don't know. Ah. And then boom, that the puzzle was changed. And the and the use of cannot longer love being to this session. This is just, you know, an idea. How would you can actually perform that, um, you can actually also use Maybe if if traffic is that I'm sorry. If
06:25
you're you're back, bang with it is you know, it's limited, or you don't actually want to make any nicey connections to the server. You can just a dash C Um option to To To that
06:40
in what this will do is that it will compress the traffic.
06:44
Ah, you know, said to say, vying with are you know, you wanna do you want to be a stealthy? It's possible just just that minus c parameter or option, just like that. And then again, they'd be nothing here.
06:59
And you will be connecting using, you know, compression to compress it a traffic country
07:05
on And then we can have, you know, you can use Also, pour forward in for forwarding is useful is a very useful feature you know, provided by S. H. You know, in summary performer in this tunnel in the local remote system, ports to each other.
07:24
For example, if you want to connect to,
07:27
uh google dot com from your local system true, a remote system you can use pour forward and the most common one. Or, I don't know, maybe the easiest one to play man is local port forward and ah, local poor forward. And you know the local port. It will be, as the name suggests, forwarded to to the remote system
07:47
on then to the destination system host in port,
07:50
for example, First you have to type, um, local port,
07:58
then destination host and then destination port. Let me just give you an example here, for example, s age
08:05
minus or dash L, which is, you know, the option for local poor forwarding. And then 2222 and then a school that come.
08:18
And then,
08:20
uh,
08:20
And 80 for example.
08:22
And then that,
08:24
as I told you, local poor destination for destination that sends your host and destination port.
08:31
Uh,
08:33
then just put in here and you'll come again. This is just because I don't have any much servant servers or I don't have any surfer. I went to forward this traffic too, but you can actually use different service right here. So after indeed this coming after we connected to the remote system.
08:50
Luck of poor true. 2222
08:54
or turning to 22 is happening on the local system. We can check. Ah, look, a port city full. You know, just let me hit here
09:03
and he will create a
09:07
Let me just type them. See the lift, man, and okay,
09:11
nets dot Dash and P.
09:16
Oh,
09:18
grip,
09:20
Turn two.
09:24
And they will have it
09:28
if you can actually go to, uh, let me just
09:33
stop here for here.
09:35
And you're thinking you can, you know, pope put any other i p here. Like, for example, I know maybe the i p of the Windows machine,
09:43
Uh,
09:43
and, uh the
09:48
oh, I didn't
09:50
actually
09:52
giggle. I'm just
09:56
This will not work that I don't have. You know, the route is not I use her in the the revote.
10:07
Okay.
10:11
Okay. So I connected with Miss Eve that created Okay. Did you have it?
10:18
So what? This command is actually performing. I'm just exit right here.
10:24
What this command is actually performing is that is again forward in the traffic
10:31
from the local
10:33
hosted it to their mo host.
10:35
So let me just type around here again. A cz you can see the connection is dead. No, no, no traffics being forwarded. Let me just, uh, sorry.
10:46
Lemieux's type here again.
10:52
So
10:54
again, as you can see. So what this command is actually doing
10:58
is, uh, actually,
11:01
if I go to the that toast on port 22 22 it will ready, Recommit to google that come. So as you can see, local poor forward in is something you can actually do. Maybe when the ports are closed, or maybe with the port you hacked the machine and you want to You want to jump to a different machine,
11:20
that command can be very useful. Or that capability can be very useful when you're trying to
11:26
move, you know, trying to, uh, move to another machine.
11:33
Okay,
11:37
you have remote poor forwarding and dynamic pour forward in remote for forwarding is just, you know, the reverse of local poor forwarding. The ho's name provider for the forwarding will be to note from remote system through the local system. That's it.
11:52
And dynamic for poor forward in this a little bit more complicated because it uses sucks.
11:58
No. S O C k s, um, you know, which is generally used by crumb Firefox. You know all the browsers. Um,
12:07
this is kind of more completed because it uses maybe the tor network. And you can also use proxy chains with this technique. But, you know, we'll see that later in the course. For now, you just have to know that there's a local performer than remote pull forward and and dynamic for forwarding, which were very helpful
12:28
to you
12:28
when you're trying to jump to a machine. Or maybe you're trying to have a high traffic because you're trying to down lower our upload something
12:37
and, you know, another really useful command provided by the SS h is s a p ece peas and a crime from secure copying is use primarily, as the name suggests for copying. Files are for the S H connection.
12:56
You know, let me just give you an example here for several will copy the local file to a remote system.
13:05
Let me just type the command here and then explain it back to you.
13:09
So ah, on the local file, I have,
13:13
as you can see,
13:16
I'm in the root. That's the file's directory. If I type. Alas, you will see a lot of files here. But let me just stretch copy these jobs squared that t x t to the remote system. Just great. A connection right here. So we can actually see that that being performed.
13:58
Okay. So as you can see nothing here, just that test that t x t fire
14:01
s o. Let me just put this command here. I will spill into U. S. C. P.
14:09
So first. I will go to the directory when I want to copy the files. She as we told you, I told you that JavaScript that t x t will be the one. And then I after the connection,
14:24
the same server,
14:28
and then I just typed directory went to copy,
14:33
as as it is a window. So they have to go to the path
14:50
que fais work,
14:52
and it's transferring files.
14:54
I said, as you can see Well, let me just cut up again, give you the common here. I just go into the local file I want to transfer to
15:05
Okay. And then I loved into the remote server true s s age. And then I told him where I wanted to copy those files. Which is this Z on? Sorry, I forget about that.
15:18
I didn't read it.
15:26
Oh, did you go?
15:31
Oh, there it is.
15:33
Oh, so again, just going to the Winters directory, which is the server. Um, again, I'm located right here. If I go to do as you can see, the file so pretty there. It wasn't there before, but it's now there,
15:46
so this is really useful. When you went to transfer your Maybe your exploits. This will become really handy when you're trying to escalate privileges in your luck on your remote machine
16:00
and you can get the same but Bob backwards. I mean, you can actually get files. I mean, as you can see, I don't have anything called test that t x c here. And but I can actually get that from from the remote A CZ you can see. I do have a text that 60 right here.
16:18
So I will get that from the from the remote server.
16:22
With this. I just put that dash dash T command so he can ignore that. The backslash on the windows path?
16:32
Not Not so ignore. But, you know, translate or be able to understand. So I loved in again
16:45
Go to the directory. Went I want to get the files.
17:03
Oh, sorry.
17:07
And I just tell them where I want to put it.
17:18
Spots were again. Okay. Says transferred. So I had just have two. L s here and there you go.
17:23
I have me. I didn't have it before. I never have.
17:26
So this is comes really handy when you're trying to send or receive files from the remote or they hacked machine.
17:34
Another basic service. You have to know. I mean, nothing that I can actually explains to come in line. Is the http server. She becomes handy again when you're trying. Maybe Trish I scripting the victim and read right? You know, directing the users to your malicious webpage.
17:53
Um,
17:56
so, uh, Apache is the one that comes bundled with Callie. So
18:03
just let me start here,
18:06
and I go here
18:10
and we can, you know,
18:15
as you can see,
18:15
it's up. You can, you know, maybe type something really, really basic just to show you the Echo command here.
18:27
Hello,
18:30
Cy Breeze students.
18:33
And then just, uh,
18:36
send that to
18:37
did that.
18:41
The main way. Pitch of the route Web page that you have.
18:47
I'm sorry.
18:52
And that's good
18:55
if I go here
18:56
tape again.
18:59
Hello, cyber students. And maybe you can again put put here a pdf with them with a back door or at the, um,
19:07
executed a file. If they were targeting a Windows machine, you can do whatever you want. I mean, maybe we'll see that when we're actually performing the hacking or the penetration testing
19:19
and another service that you can use is the FTP service. Ah, really? F becomes really handy when you're trying to again upload and download files again. I'm just going to connect to the Windows server at B. I have here,
19:37
you know, really? Basic man. Nothing. You
19:42
and you know, uh, enough thing here to check is that some servers by the full support, anonymous luck ins. You know, you'll you should always checks that.
20:00
And then you have I in the desktop directory, because that would I complicated my server. But you can use the comments, like put or get to execute the same as we did with the recipe command. For example. Um,
20:15
I was in the in the file's directory when I created that the FTP connection.
20:21
So I can just put used the command put and remember that we have ah, file called. Finished That. That Titan. I just put that and you know, if I will again, again to the desktop, Miss if X Oh, there is
20:37
You can just do just work put or just a what? I'm sorry. The command foot or the command get to do They sack. Same thing we just did with the S. A p commands.
20:48
Well, folks, um,
20:52
those are the tree main service is that you can actually use to to
21:02
No.
21:03
Can it create
21:03
tunnels and and do some bassist basic stuff? Um
21:10
true, True. True. There. Penetration testing. You have
21:15
so plus assessment questions. What is the command? Uh, where's the commune? Used to copy files. Through S H A s A P way. We just saw that what is executed by did S H Dash l Command. Whoa. It creates local port forwarding.
21:33
What is the command used to upload files through F B? Well, you can use the put command to upload files. True on FTP connection.
21:44
Ah, In this video, we saw the basic Shh. Command some basic, http or https. Just cases and some basic after peak man seeking use.
21:56
Ah, supplemental materials. I also requires you to go to over the wire War games is that it's a web based where you can practice all the linens commands.
22:07
Looking forward in an Expedia. Well, we'll see some commands used to manage some Cali service is Well, that's it for today, folks. Thank you for watching. And I see you soon

Up Next

Offensive Penetration Testing

This is a deep course about penetration testing. In this course, you’ll learn from basic to the most advanced and modern techniques to find vulnerabilities through information gathering, create and/or use exploits and be able to escalate privileges in order to test your information systems defenses.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor