2.6 Exploitation and Installation

00:01

Welcome back to the cyber Celtic course. This is other than the name and today we recover exploitation and insulation.

00:09

So

00:11

going back to the cyber guilty and we started with reconnaissance were we gathered as much information as we can about the target of the attack.

00:20

Then we decided doing reconnaissance

00:23

that we

00:26

we'll attack a wonders machine

00:31

and it seemed like

00:34

the best way to deliver this is through social engineering.

00:39

So we move to phase two organization and an organization. Now that we know that we're going to attack you Windows machine, We created a weapon using MSF venom and then we created another one just for the for, for to show you how to evade protection tools using unicorn.

00:58

And then we moved to delivery where a we we went through social doing, took it and sending an email using social Jing took it.

01:07

And now an exploitation.

01:10

So the assumption is were attacking owned this machine, the windows machine, the payload that we're going to share or going to send

01:19

ah will be delivered using a human weakness or human vulnerable to using a social engineering

01:26

technique

01:29

and to exploit that weakness and then move on to instigation. So today we're going to cover a face four and five cause in our example, that kind of integrated.

01:40

Okay, so an exploitation and I like to call the step that the hacking begin. A lot of people disagree, but

01:47

all this is speaking when you talk about hacking you, the first thing you think about his exploitation.

01:52

So it's just something that I like to call, but it's not really ah

01:57

agreed upon in these type of security and Issy

02:00

so an exploitation. The goal is to exploit weaknesses in the victim's security.

02:07

And the idea can. The idea here, or what we're doing here is we're we're targeting the weakest link in any security chain, which is the human weakness that you human weakness, eyes often triggered, is often

02:25

used during attacks. Social engineering and

02:30

fishing is one of the most famous ways to exploit a system.

02:35

So what we're going to do is we're going to send the Lincoln and again we're not going through the technicality of sending an ink that was covered during ah

02:45

delivery and using the search engine took it. It's one of the documents that are available. Resource is However, the assumption is a link is being sent. A ah

02:55

a and e mails being sent a link is malicious. In this link, there's an eye frame, the automatically downloads the payload.

03:04

So

03:05

that's why I said, it's kind of in our example. Expectation on insulation are working hand in hand. However, it's not, uh,

03:15

uncommon

03:16

for hikers to go to face 56 and go back to fire his five times two immortals go back to six. And so on the news this mellower that we installed at the beginning, Tunes told more and more example. Moron. More tools on example is installing that cat,

03:35

which we're going to do through ah, before the end of

03:38

the tour before the end of the course, to extract data out of the ah, the victim's machine.

03:46

So let's jump light into our example.

03:51

And

03:52

as I said, we're going to use I myself Council, which is meat exploit.

03:58

And our goal is to, ah to utilize the pillow that we did together in the previous and face to video and organization.

04:08

So we're going to do is we're going to create that it's not all,

04:12

uh, here, which is exploit

04:15

multi

04:16

handed.

04:18

And here we're going to create our payload.

04:21

So we said we're going to use Windows

04:26

Interpreter.

04:28

So diverse.

04:31

So reverse Underscore TCP

04:34

our host.

04:36

Sorry,

04:38

the host is one and two. The only 68. That 121

04:46

our report.

04:48

It's going to be triple for

04:51

And just to verify, Let's show options.

04:57

So there you go. You have

04:59

your host, your

05:00

airport and our

05:03

haloed

05:05

on our model.

05:08

So let's

05:09

starts start the listener.

05:13

So the listener is now waiting for connectivity.

05:17

What we're going to do is we're going to jump to our Windows machine,

05:24

which

05:26

already has the link,

05:29

which is basically hosted on the same machine

05:31

for the purpose of

05:33

the, uh, course

05:36

again, as you saw Biscuit, as soon as I enter, I got this doing to solve this payload, Doc.

05:44

Uh, e x c obviously a

05:46

It's more successful. Attack would be at least now call it Kayla.

05:53

So I'm gonna learn it

05:54

again for the purpose off off, uh,

05:58

to achieve the objective off the example.

06:01

So

06:02

if you and now we go back

06:04

and that's all we want from the victim's machine doing does

06:09

machine. If we go back,

06:11

you can see it changed a bit.

06:15

So now

06:16

we have one session open. So now I successfully

06:23

exploited on Dhe installed

06:26

a payload on the victim's side.

06:30

Okay, so we went through insulation and exploitation in one session. I know there's a lot of information here. I try to make that simple. It's possible, however, to make sure that we covered the whole thing. What is the difference between exploitation and installation?

06:46

As I said, exploitation were trying to exploit the system to get beyond the skirt controls. An installation. What we're trying to do is tune saw install

06:55

am L A. Or a factor that would allow us to communicate with the victim or the machine that we used during the exploitation to get inside the victim's network.

07:10

Second is true or false and exploitation. The purpose is to find a vulnerability to exploit. Actually, this is not really true because finding the vulnerability and discovering the vulnerability happens earlier. Doing

07:25

organization s Are we doing reconnaissance on an organization we create the

07:30

tool or the application of the payload that would exploit that vulnerability.

07:38

Finally, why is installation an important step? As I said from insulation were in the network. We need to have a successful installation to be able to move on to the following steps.

07:49

So

07:51

and the following two steps, we're going to use the same tool. We're going to use the same basically the mature, bitter ah session that we have. And then we're going to run a number of commands on the victim's machine to make sure that

08:07

it is a successful attack.

08:11

So today we covered exploitation and installation. We're on a victim's a quote on the victim's machine. On dhe. We received a collectivity session with

08:22

the Attackers machine

08:24

and the next video we'll cover. We will cover command and control.