5.3 Malware Stinger EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
Hi. Welcome back to the course. In the last video, we didn't brief introduction to what we're gonna cover in this lab. We also time for about some of the tools and terminology you're going to need to know.
So in this lab, or to go over several different tools, we're gonna use a tool called Stinger that's just gonna basically let us run a male wear skin. So you can even on your own computer, you could just runem our skin with whatever particular thing you use, whether it's male, whereby it's her McAfee or something like that.
We're also going to use tools like airports in TCP view to see the different types of port information on the machine. We're gonna use a tool called What's Running that's gonna allow us to see the different processes running. And then finally, we're gonna wrap up with a tool called hash Talc. We're gonna practice doing some different hash calculations based on the settings of the tool.
So if you haven't watched the previous video, that kind of explains all this a little more in depth. Go ahead, pause a video? No. And go back to that video. It's gonna help you a lot as we go through this of understanding the topics.
If you've already watched that video, let's go ahead and get started. So step number one just log into the cyber labs. If you're not familiar with how to do that, just look into your cyberia. Count on. Then it's gonna take you to this page. Here we have a little search box. So we're gonna search for the certified ethical hacker
So just searched that hit Enter on your keyboard there.
Well, pull up a few results here. It's gonna be this bottom one here so we could just click on start now. No, I've actually got the labs open, so I'm not gonna click that button. You can go ahead and click it, though, and it's gonna launch the labs for you.
So it should take you to this page here where you have the practice laps. Ethical hacker
If for some reason, it drops you back a page into this one where you've got programming, et cetera, Just click on the ethical Hacker one and you'll put beer in the right spot.
So next we want to select the Trojan Protection Lab. So that's about halfway down here. It's gonna be this one right here. Go ahead and click on that,
and then just click on the start button here that's gonna actually launch the lap for us
next if your machines aren't turned on and I've already turned all my non, but if they're not turned on, just hover over them and click the turn on option and it might take a second or so for all of them to boot up for you.
All right, so that was step number five. Once the boots out for you, we're gonna collect this connect. Excuse me to the P lab. The Windows 10 machines century.
So this one right here and I'm already connected to it. If you're connected to and you're good to go,
our next step here is we're gonna open up Internet Explorer to go to the Internet page, and then we're gonna select tools hacking tools. And then we're gonna be looking for this file right here. The stinger, 32 files. So let's go ahead and do that.
So we're to scroll out here, just launch Internet Explorer.
We're gonna click on tools, and then we're gonna go down to a hacking tools
right there. Go ahead and click on that.
And now we're gonna look for our stinger. 32 e p o phile. So we're just gonna scroll down here until we see the stinger. 32 e p o phile.
So you see, it's right here for us.
So we're gonna go ahead and click on that
down at the bottom is gonna ask us what we want to do with it. Now,
if you look at the lab document here, we actually want to save it, and then we're gonna open it in the folder. So let's go ahead and do that. So we're gonna say safe,
and then it's gonna profits again, and we're gonna say, Opening folder
Now what you're gonna see is already downloaded to hear because I've actually ordered it, installed the tool and ran a scan simply because the scan texting while this tool we'll talk about that a little later when we do the scan.
So we've downloaded to hear Let's go back to our lab document.
Next, we want to right click on our ZIP file, and then we're gonna extract all. So let's go ahead and do that,
and it's also gonna pop a pill box. We're just gonna select the extract button here so we'll go ahead and do that now. So we're gonna right click on it.
We're gonna say, extract all.
It's gonna give us his papa box here. We just say extract.
I'm just gonna extract everything and open it up for us so we could see what's in that particular folder.
All right, so you see here, Step 15 and new window opens showing the extracted files, and that's what we see right here. Not what we're gonna do is we're gonna actually click in that window, and we're gonna
type cnd weren't eventually open a command prompt.
So we're gonna click right here in this little menu bar here.
Just type cnd and press enter.
If I highlight it there and take that out
highlighted, that'll work a lot better.
and then enter that's gonna pop open. This for us now would basically just want to
initialize the Stinger.
And so then we're gonna rescue this. Gonna run a batch file. We're not gonna notice any actual action on the command line window. It's gonna look like nothing happened, but that's fine in the background. It's actually initializing the installation.
So the way we're gonna do that, once the command prompt window opens up,
we're gonna type Stinger with a capital s and then the letter C all over case and then dot be 80.
So let's go ahead and do that.
So here's the command line. We're in a type stinger.
dot Be 80. And this press center again. You're not gonna see any type of action here. It'll but that's fine. You can go ahead and close the command window. No.
All right, let's go back to our lab document.
So we went ahead and initialized the installation using this Commander, I hear the stinger. See? You got that
again. Step 20 Here. Nothing will appear to happen, but the batch file has been initialized. So we've closed command prompt. And now we're ready to go move on to our next steps here. So we're gonna double click on the Stinger file, and then it's gonna prompt us with user account control. We're just going to say yes to that. So let's go ahead and do that now.
So we're gonna double click on the Stinger application files. So this one right here,
we're gonna get the prompt from user account control. What is going to say yes to that?
And now you see here, I'm gonna get this air measures. Now, I'm gonna walk through the rest of the lab, but I'm getting this because I've already got the tool installed and running. And again, that's only because the skin takes a long time to run. So I've already scanned everything so we could move on to that section.
So I'm just gonna say okay to that now for you. What you're gonna get is it's gonna open up the installation wizard for you.
So you're gonna want you to select yes, et user account control. It's gonna give you an option that says update, Stinger, you're just gonna click the continue button
and then it's gonna take you to ah, Page that says, Hey, here's our license agreement. You'll just accept that
once you do that, you're gonna see a button that says scan. Now, that's where I'm out of the process. I've already ran the scan for us, so you'll go ahead and click scan again. It takes a while to complete it takes several minutes. For me, it's about 5 to 6 minutes. So for you might be a little longer, depending on your particular machine.
So one scanning completes, we're gonna cook the view, logged one. So let's go ahead and go to the scan that I've done.
So I'm just gonna go ahead and ex out of these windows here and close the Internet page,
and I'm screwed on a little bit. You'll see down here, actually, have the skin going here.
So you see, it's run the scan. It didn't find any threats. And now we're gonna click the view log button here. So step number 27. Once the scan complete and again, your scans probably still going. Just go and click the view log button. So if your scans still running, go ahead. Applause. This video if you want you to wait on your scan or you could just continue on with this So you know what you're doing
once we click on that view log, but it's gonna open a Web browser for So let's go ahead and do that. We're just gonna click on view log
and you see it opens up and shows us the results of our skin.
Okay, now, if you get any type of air rushes and I didn't get it here, But if Internet Explorer's blocking any scripts on the Web page for this particular lab, we just won't allow all the blacks content.
So now we can review the scan results again. It didn't find anything, and then we're just gonna close the browser window.
Okay, so
it's ready to scan. They didn't find anything at all, So nothing infected it'll. So let's go ahead and close it out.
All right, let's move on to the next step of her lap. So with Stinger Papa box, we're just gonna select the done, but it's gonna take us back to the main Stinger page,
and then we're gonna select a log tap at the top there. So just click on done here.
You'll see a Texas back to this main page here, and then just click on the log. But
what this is gonna allow us to do is if we ran several scans throughout different days would see him all listed here so we could click and review the logs again for that particular scan.
So the next step in our labs. We actually just want to click on log setting. So step 33 we're gonna click on the log settings you so we could see what kind of settings are allowed there.
Okay, so click on log settings.
You'll see that we can include all scan files or not. We can also choose where we want to save the log location to Normally, we would just defaulted to whichever location we want, and I'm just gonna x out of that.
All right, So our next step here after we close the lock settings page is instead 36. Where did click on the advanced and then the settings tab at the top. Right. So we're gonna click on Advanced right up here
So that little drop down arrow and then click on the settings tab
That's just gonna show us some other things that we can do. Now let's move on to the next step of a lab here because we do have one change we're gonna make here.
So we see under the on threat Detection column,
we need to select the remove option and then just say that.
So let's go ahead and do that now. So under this on threat detection column,
we're gonna select the remove
and then just click on safe. So basically, that's gonna allow us
to once we detect something is gonna automatically remove it for us. So let's go back to our lab document here. So now we can close the Stinger application, so I actually kind of answer Question one for you already. So why would you want to select a remove option under the on threat detection column that's located under the event setting? So
we all probably know the answer already, cause I just said it,
and the reason for that is so that way, something to detective is removed right away, and it doesn't require your action as a user or even, you know, if you're configuring this tool for user, it doesn't require their action to get rid of it automatically deletes it. Now. Most mount where scanners out there, like Miller bites, for example, will automatically have the setting set
where you know the verbiage is a little different there, but
it'll have the setting set where it automatically removes, you know, it blocks male wear, so you don't have to worry about that of user action.
So in this lab, we went over the tool called Stinger. We just did a quick scan on it on again. When I say quick, it's really let go anywhere from 5 to 6 minutes scan on your machine, and we didn't find anything on this particular machine. But we would just basically run a scan with different types of Mandalore scanners out there to see what we might find
on the machine. Now
that being said, a lot of malware is designed to test against, you know, different scanners. So a lot of times you might have to just look at what processes reports are running on the machine to try to figure out what's going on with it.
So in the next video, we're gonna use that tool called Cure Ports. And again, that's just gonna get some visibility on the different ports running on this particular machine.
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By