Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:01
Hi. Welcome back to the course. So we just wrapped up our module on system hacking
00:06
in the labs. We're gonna go ahead and configure our T FTP server, and then we're also gonna plan a backdoor in a machine.
00:13
So in this introduction video, we're gonna do a quick pre lab knowledge check to see if you understand any of these concepts yet and then we're also going to talk about some of the concepts we're gonna go over in the lab itself.
00:25
So
00:26
if you want, go ahead and pause this video and look through the attached document. It's just a few questions on the pre lab knowledge check. I'm gonna go and read through these all polish for a moment to give you a chance to answer him in your head or outloud whether you want to scream at the computer screen or just jot them down, that's fine. But then I'm gonna tell you the answer to the question,
00:44
so let's go ahead and get started. So question number one T f t p stands for what?
00:49
So which one of those is it?
00:55
All right, so if you guessed answer, be trivial file transfer protocol you are correct. So
01:00
we'll go through this a little bit more in greater detail in a second here. But just keep in mind that at a simplistic level, T F T P is a very simplistic type of protocol.
01:11
So question number two at a simplistic level, T f T p can be used to do what? So now that you know, it stands for trivial file transfer protocol, what can it be used for?
01:25
All right, So if he chose answer A, you are correct. So it allows the client to get a file from,
01:30
you know, from a remote host or push a file to a remote host.
01:37
All right, let's move on to question number three. So this one's a little tricky if you're not familiar with our f sees or request for comments.
01:44
So
01:44
this particular RC helps to find how the t f T. P. Protocol works. So go ahead, take a guest there if you're not familiar with it.
01:57
All right, So if you guessed
02:00
answer C R. C 13 50 you are correct. Now let's go over this. Other ones are C 9 59 That's gonna be for FTP, so file transfer protocol.
02:09
Answer be. There are sea 7 93 s for TCP. So transmission control protocol protocol. And then finally the answered either r c 13 21. That's actually for the MD five. So, Mrs Digest five hash
02:23
protocol.
02:25
So let's move on to question number four.
02:28
So these so whatever this is can allow an attacker to open a command line shell on your computer and collect your information.
02:35
So go ahead, take a guest there.
02:40
All right, so if you guess backdoor Trojans answer. Bur correct. So we're actually gonna talk about back doors and it will actually push one on a target machine in this particular lab.
02:51
All right, good job. So, again, that was just a test your knowledge level right now
02:54
on this particular subject. So let's go ahead. And we're gonna keep going through this particular document here in the intro video. So we did discuss that TFT pia does stand for trivial file transfer protocol. And again, it's a very simplistic protocol for transferring files to or from a remote host. Now, the transfer request themselves
03:12
are initiated on port 69. But that doesn't mean that the communication
03:16
stays on that port. Actually, it's normally defined by the host or the person trying to push it.
03:22
A couple things that differentiate the FTP from other protocols is it cannot do use your authentication and also doesn't list the directory. So again, it's very, very simple protocol.
03:34
Now let's talk about back doors for minutes. You might hear in the media different backdoor Trojans out there. And you might be like, kind of wondering, like, What do they do? What's the advantage of them? So what they do is related to our system hacking as we can maintain access. So remember that if you're gonna take the sort of political hacker examination, remember that
03:51
back doors allow you to maintain access. So some of the things that they allow Attackers to do, of course, collector information that can even run scripts to turn on your webcam and, you know, record you on your webcam, doing whatever a lot of people have gotten taken advantage of because they are put their laptop in their bedroom.
04:09
And then people are you know, they're you know, they're getting dressed or undressed or whatever,
04:13
and they got the laptop open and the Web cam. You know hackers put it back door on, so they're just recording all sorts of stuff on it. It's a very tragic thing that occurs for people. So you can always use the high tech method on your on your Web cam there of covering it with a piece of duct tape or a piece of tape or something like that, or even a sticky note. So
04:31
or you could just buy different things online that will do that for you. But honestly, just
04:34
this tape was sticking out or to put a piece of duct tape over it, and it'll cover it for you.
04:40
So some of the things that can do it can allow the attacker to terminate different tasks for processes that can also allow them to run different task and processes or different scripts on there. They can also download additional files at once they have control that can download files on the target machine that could also just upload those through command shell.
04:58
Um, again. Here you can open a command line shell.
05:00
Uh, they can also use that as part of a botnet so they can put it back to our near machine and then use. That machine is part of a bottle, and we'll talk about botanist in just a second here. So again, that denial of service, that's where that comes into play.
05:14
They could change the computer settings where they can mess with you by turning turning computer off for restarting it. That sort of stuff
05:18
we did talk about Heart of C 13 50 defines the TFT Protocol on how it works. So I encourage you to check out our C 13 fifties Google It, if you're interested in our fees, aren't the most user friendly documents. They're not the most exciting documents, but you can read about it. Learn a little more about it.
05:35
So a couple examples that you might have heard of in the media about rap back doors you got Ghost, which is one that is used frequently out there. There's a link right there to it, a little article about it, where you can learn a little more information on it and then, of course, in a mirror botnet that everyone probably has heard of because it took down a lot of
05:56
common websites
05:57
back in. I believe this was back in 2016 2017 but it basically took out a lot of stuff. So that was the Internet of things about dancing. A lot of I empty devices like security cameras, that sort of stuff were compromised because they ran out limits. So they were compromised as part of this pot in it. And again, this was, ah, remote access Trojan
06:15
taken advantage of that,
06:17
allowing you to that the Attackers to basically take all these machines, all these devices and create a huge botnet and then just do a huge distributed denial of service attack on the Internet. Essentially, they did an Internet service provider attack and wiped out white down and knocked down
06:36
a lot of big name companies.
06:40
So down here, I've just got a sample of some code there of what this particular remote access Trojan is doing. Now there's a lot of them out there, but this is just a screen shot. I was able to pull up here so you'll see on the right side here. It's shown us that, you know, it's got a shell as part of it there. That allows us to open a command line shell on this particular machine.
07:00
So that was just kind of a brief introduction for this lab on system hacking. In the next video, we're gonna jump right into configuring our key FTP server, and then we're gonna jump into the next video after that of planning our back door.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor