Hello, everybody. Welcome to the episode number 10 off the RCP course Medicine. Ball of Basics. My name's Alejandra gonna nlb instructor for today's session.
The learning oddities is to understand the basic medicine believe functionalities in options and use, man exploit, implement hacking and information gathering to makes.
Okay, let's get down to business.
Well, first of all, you can simply start Marissa ploy by using the command MSF console.
By the way, you can actually also use the graphic user interface of medicinally, which is not mad. Exploit made eyes, something called arma Tash. It's amazing. I mean, I really like it. But again, um, I stick with the
terminal version of it.
Oh, are not graphic version off medicine ploy as it again, As your penetration testing career girl goes on, you will realize that you end up using terminal most of the time, but, you know, hands our arm attached. If you're a graphic user interface guy harm Atash. It has a great you know,
user interface at it as itself,
and it's quite easy to use and has something called Hail Mary, which is kind of a joke. But it's true you can lunch
any exploit available against your server. I mean, if you are done with the server and you cannot find a way in, I mean this Hail Mary option. You will throw anything at the server again. You can imagine there is really no easy and it can affect performance. But then again,
you can also use it. Well, uh, for example, let me start by showing you the basic stuff off exploit, For example, you can simply search for simple force gun search
for skin, and you know it will. It will show you several modules. Things are called modules, by the way you can actually use. So let me just use, uh, the forced guns Sin
And you have to type.
I'm a lazy guy. So I just copy and paste that stuff. Use mean that stick a man use and you space at the module, and then you can, you know, shower options.
And it will tell the elicit options in which are mandatory to set in, which are not. Uh Then again, remote host is the only one there is missing. That is monetary. So you can weaken. Set that. So we said remote host and we have to. We actually have to be a little machines. Machines were waiting for for the scan.
let me just copy and paste the I p from one of them. And by the way, you can also use, uh,
this is kind of an option that is the same as that came up,
you know? You know, you can actually use devi map. We'll see that later in the course, but you can just give him up. So all the results are safe in the medicine Phillip database. But I am. Let me just use that one. Ah, set to the remote host, set our host,
and we can just type the i p
off for machine. I said, you know again, lazy guy.
Don't judge me. Oh, I didn't actually copy that.
Oh, I will have to debt to type it, then.
Okay. I said the remote host and to actually run it. I just have to ask the town's type the word or the command Run or execute, you know, again, lazy guy, judge me on, Just wait for the results. You know,
geeking actually run em up from the MSF consult.
That's one thing that is really cool. I mean, you can actually run several other commands. Wild. You're in the in the MSF council terminal. Let me just wait for this to to end and give you some other pointers
while it ends. For example, you can actually also use a command. Called him up. I just told you
and these who what this does is to it runs an atom up script or end my like man. And the point is all that saved
in the Mansfield database, so you can later use it for other purposes. But boy needs some. We'll get into more detail later in the course when we're actually using, ah, bowling ability scanners, Uh, deaf. That's for now. You can actually
you can actually search for modules. And, you know,
um, use use them to perform whatever task um,
you want. Let me just stop. Stop this. Stop this right here. You can, you know, see that the porter up and you will be seeing more results later. But, you know, just to show you use outs, which, in your axillary model, and if I double top that
Yeah, we have several possibilities. Let me just display Yeah, we actually want that, and you can see several modules. And maybe you're actually looking for http. So you can, you know, I'm sorry.
Uh, use, uh, she'll axillary that mean in http. And you know it contains more
Oh, are some specific module seeking use? Ah, for example, at the s. You know, for the server that I just I was scanning the S and P port, maybe open port a one true, 135 And
And for 45139 AM Sorry. And four for fight. Listen to me
saying none nonsense. You can actually search for specific modules for For this. Let me just show you here, for example, You can search, use option Ilary at mean hasn't be, and it will display a lot off modules
Maybe you're looking for a specific, um,
ballin ability, but yeah, you know, if you're actually just looking forward, you know,
test a specific bullet ability, you can actually do that. So, for example, maybe we're actually looking for the well known, uh,
eternal blue or eternal Romans exploits so we can use that one m s
and we're here. So show options
Are you gonna even type show targets right away?
Oh, it doesn't. It's not working here. Yeah, you can. You can actually show targets. Uh oh. Because I'm using Ah, axillary. But when you're actually you seen unexploited when we'll see that later in the media, you actually type show targets. Uh, for now, let me just set the
and it's asking me to set the remote host now. Remote board is for for five.
Makes sense. Right? And we can just set
Oh, come on. Our host and tidy I pee off Or Windows server in this case is
Look at that. I'm not that Lacey after all, uh, against show option. Used to be sure.
Again, we don't want to launch this again. Uh, I'm serving. We don't own or we're not due to have permissions to run this against that.
and there with percent mint controller Davila. You can see that it's actually vulnerable to this apple's inability, by the way. So, yeah, you can
use thes facility to actually test that,
Uh, you know, simple is that we'll see how to use medicine ball as a kind of led ability scanner. But that's not the main point off disappointments, boys, acid towns to exploit liabilities. But you just have to know that there will be no letters are there.
Or maybe, you know, you can again, we'll see that later in the chorus and see how to use Madis plea.
It's a kind of Lin abilities, Connor, but at this point, Ah, we already know, Or we knew already that, um
we had a Windows mission and b of the Windows machine. And that is it's a really all Windows machine that is actually vulnerable to this. Um um um,
well, the ability in windows, which is, you know, eternal Romans or eternal blue eso we had used to show you how easy it is to exploit that. Let me just use this module. So I will just go to this use.
Let me just copy paste this here.
as in b o as in Obie?
Okay. P s. Except for example, it was Just show you how many modules are for these vulnerability. you can just any of them. But I would just PS except
show options. And if I say show targets should work here. Okay, that's dirties, but you know for sure options,
um, again, Just have to enter the remote host.
And that should be it.
And you know, you can even set pay it said a payload by default a TTE this point in time. But if all medicine blow, it uses a pale cold matter. Matter matter predator. Um,
it's actually kind of a shell, but in no way a lot of muscle behind it can perform anything that a shell or a common line or a terminal came perform but can execute way more commands, for example, weaken True. Let me just show you, shall we?
Is run here. Uh, this matter predator can actually, before a lot of stuff, for example, we will really have the machine. By the way, we have remote control over the machine. Let me just hope over day
so you can see the machine. Aah! And you know it didn't throw any alert at all. I mean, I know that you have you guys say that this is the Windows XB and whatever, but believe me, this will work. That's just just as fine. If the machine is not is not protected. Origin is not up to date.
As a matter of fact, if you just go to, for example, the D v i. R.
you will see that most of the time they're still there Still hits and confirmed hits for the eternal blue blue ability. People are still getting hacked because they don't actually update our operator operating system.
And I don't have any patch management
at hole, so yeah, you can still use that. And you can actually execute that. A simple as I did with a non patch or not updated machine, it could be Windows 80 r. I'm sorry. Windows 2000 a witness 2017 16. I'm sorry.
Windows X p windows, Mr. Wind of seven, Windows eight. We understand
whatever brand of windows, it is not up today. You can still see that most of the time The stargates window seven. But you know,
that's the point is a simple Is that
now that we have remote controlled, for example, this was standard with this. Dangerous about the matter Predator Shell is that is file is kind of a file. A small word. It means that it never touches the disc.
So if you're trying to perform a forensic, analyses
this will issue are a really big challenge for you. So you know, kind of the cool thing if you're the good guy trying to perform the penetration testing. But if you're the bad guy and you're the good guy trying to defend against that, it's kind of pain, and you know where so, for example, let me just
give you a simple you can, you know, just take shell and way have windows shell.
Uh, you know, let me just quit here. But if you actually type commands like hash Dump
Boom, you already half the intel, um, hashes Andi, we already know that, um, this is kind of ah, easy thing to do. I mean, you can just go online and in
crack. The hash is online.
Uh, yeah, it shouldn't take You know
that much. You can just you know, let me see if, actually, if it works here,
you can You can just crack those hashes
online and he shouldn't, you know, again, take that long, especially. You know, they has. She isn't complicated at all. Uh, just copy this entire thing.
Ah, but the point is that Is that a simple Is that mean? As you can see, I just executed the hashtag man and indeed ing as Mick for anything else or something like that. You know, you can do that. That's the beauty and magic of the murder of Mary. Better shell
again. I show you had to,
uh, get a shell a window shell. But you can actually, for example, execute the command.
and as you can see, is wiping records application system in security records from the windows. Oh, my God. This is something out of this world.
What happens if you're actually the cysts have in and someone hacks into our system and it wipes out all your records? I know you'll beast. You're saying OK, this is
this isn't usual activity. So someone hacked me. But who? That's the point. And this is really scary. Especially if you don't have a backup plan. You have backups. Overdose
traces for something you can, uh,
execute the command, download and upload and just specify the path where you want to actually put that but fired you one for sample. I wanna upload,
Oh, but I'm being actually
and, you know, he's go to root off. Sorry.
files and you know, you can do whatever you want here and of loud and download whatever you want. It's kind of an FTP, but you know, on the fly and you can actually use them. Migrate, you can migrate. Maybe you you're actually attached to some servicing windows.
You can migrate to another process on the victim machine because you know that maybe that maybe that process is in that reliable are all
you can do. That simple is that, for example, is this mine? Not work sometimes. So don't worry about it. Sometimes it will take two, or to try to or three tries. But, you know, it's worth trying, making, you know,
Really sure that the process you're right now is not that reliable. Are also emigrated from one process to another process. You know, I
they didn't get the results. I was looking for ever. I migrated from from deal d d l l I'm sorry to a No, but But, you know, to get the point, that's the point. And you can actually search for files. Maybe you're already compromising machines. So you actually went to
for example, search and specific file for for example. Uh, I can't tell you. Uh, Mona,
this is all Sorry, Dash, have
Mona that I'm sorry, Dash. Master. That's it.
And it's tell me that is here. You will see what what this is all about Later were saying when we're discussing the buffer overflow, let ability, You know, that's a point. Um,
you know, you can actually use both this flotation modules.
Amused type that right here,
for example, You can actually this doesn't have a weapons, that beautiful machine web cam, and you can snap
which, you know, drives a picture from the web. Cam, You know, the target doesn't have a webcam, But you can do that so you can see how dangerous can this be? And you know how powerful useful can be if you're actually trying to pin test a server, You know, I served you actually have information on,
but yeah, this is it, guys.
hope? Sorry, I already
Tim a python tree. This is embarrassing.
What command you have to use to select a module? Well, I already gave me to you. Is the command use welcome that you have to use to take you to model? Well, you actually can use the word execute. You know, I prefer to you their work run.
What is the matter of predator? Well, it's actually kind of a shell, but, you know, a lot of muscle with a lot of extra muscle. It went to the gym and he got beefy. And you can actually execute several other commands. Like as we sell you contro dumb hash is you can actually take a snap from the webcam.
Whatever malicious thing you can think of
is most likely that matter. Predator can actually do it.
Ah, we saw, you know, just summary. We saw the most common man explore options to perform some hacking techniques, were executed some options over the server to see the functionalities and results
supplemental materials, the medicine like unleash course. I do believe that this the best materials, you can actually go for it. He has the course, but it has a lot of complimentary material that you can go true and search it.
Looking forward in a nice video will cover Google hacks. Well, that's it for today, folks, I hope in your day video and talk to you soon.