Exploitation (part 6) Attaching to an IP Address

00:04

all right. One last

00:06

example. Let's take a look at our network file system,

00:10

would you? A show Mt

00:15

on our Lennox. You see, we have export Georgia a couple of our vulnerability scanners. Foulness is available that everyone typically, you'd probably see it just available to a certain network. But since I had out this V m

00:29

and who knows what your home network I P addresses R or the I P addresses at the classroom? I Matt,

00:35

we just put a star here so it's available to everybody,

00:40

so we have to figure out how to mount it. This is something you may Google A cz. Well, is this syntax for mount convey? A little bit complicated. Let's see if I remember Mount

00:52

Dashti for type network file system

00:56

on. Then we want

01:00

I p address we want Thio attached to

01:03

and then we want a colon and then export.

01:08

You're gonna and then we need where we want to put it. Which I didn't create a mount point for it. Uh,

01:15

let's make one for so make their temp

01:19

Georgia.

01:22

And then we want now type in a fresh

01:26

on a month to that wanted A that one about 80 Cool and sport

01:33

merger on Put it a Georgia

01:36

that's going to complain and say, Are you twos

01:40

for PC? Stat isn't running, but then it tells us we can use Dad's Oh, no locks

01:46

to six inches

01:48

along with their messages. That makes sense. That should mount just fine.

01:53

We could go into 10 Georgia and again this

01:56

syntax here is, of course, in the slide. So all of our Syntex is so don't worry about reading it off the video.

02:02

Gonna chimp Georgia.

02:07

We actually copied this credit card stop text over in our previous example

02:14

band.

02:15

Our idea. Our setup of an I. D. R. Say, you shouldn't have I used to this be Emma's a target. And like in a lab exercise in a class. I was running for someone a couple weeks ago, and

02:28

money obviously didn't get the exercise quite correct. So years probably doesn't have those,

02:35

But if we do that LF, uh, a little shows are hidden directories and we noted invulnerability. Scanning

02:43

that darkness is H directory might be interesting, but that's where we keep our keys.

02:50

So we have a couple of ways we can do this Since we have right access, we can actually create a key and add it to this authorized keys.

02:59

Well, cat that out.

03:01

Currently, there's just this one, but we can actually add another.

03:07

Or what we can do is copy

03:08

Georgia's private, which is this one on public keys.

03:15

That's what we'll do. So I want to put it in route.

03:17

Not necessary. It showing my thoughtlessness age directory

03:30

cannot create regular file room daughters his age.

03:38

I have a daughter Mrs H Directory on this version of Cali.

03:43

Really? I do.

03:47

Really? No.

03:50

So

03:54

killer

03:58

that is already installed.

04:02

Okay,

04:05

well, that's odd.

04:10

Um, she just let me do this. What if it has t uh,

04:15

it does have us as a child, so I should just be able to create one. This is Ah, there's definitely one on earlier

04:20

versions of Cali.

04:24

What I get for upgrading to a newer version of Cali for our videos.

04:29

We'll always create the daughters this age directory and then

04:41

copy over.

04:43

Same thing with dot pub.

04:57

No, there

04:58

now for do It s his age as it'll add my identity into Sshh. That's my key now. So we stole George, is key, and now that's our key. So what will happen if we try and log end

05:12

as the user? Georgia,

05:14

uh,

05:16

my next box,

05:20

Instead of prompting us for a password, the first thing is gonna do is check and see if we have the correct he. And sure enough we do. We are. We have the key. That's on that authorized keys list,

05:32

so we're actually able to bypass password off such occasions. There were only a regular user. Georgia is a sewer. But not having George's password we're not gonna be able to studio is Georgia.

05:45

But would you have a certain level of access here? Certainly pretty good. So in our post exploitation, we'll see about turning this and some of our other Luke. Privileged access is into

05:56

complete control of the systems,