Time
14 hours 26 minutes
Difficulty
Advanced
CEU/CPE
15

Video Description

This video discusses using an auxiliary module in Metasploit. This is different as no payload is needed as nothing is being exploited.

Video Transcription

00:04
Now, let's take a look at using an auxiliary module in MSF council we looked at using an exploit in the previous video. Using an auxiliary module is going to be very similar. Just going to be a couple of differences. One, we don't need a payload. We are actually exploiting anything with an auxiliary module.
00:21
Our facilities are gonna be used for various purposes. In this case, we're just going to gather some information, particularly. We want to know which s and B pipes are listening on our X p target. So in our previous example, we saw that s and B pipe option. We actually see it here. I'm still in the context of that Emissary Bos 67 exploit here.
00:41
Why do you show options?
00:43
I can see the S and B pipe option, which wonderful. Is that the browser? And in the previous video, I just told you to believe me that that is correct.
00:51
That may not always be the case. We look at the description here, also have the option of using this as RVs, VC pipe as well. So browser may not always be correct. So there is an artillery model. We can use that will attach
01:06
to S and B and ask what the view pipes are. Basically just enumerated everything that's listening
01:11
so you can see it. Browsers actually their course. We know it is because the exploit worked,
01:18
but in the future, we might wanna check it out. I use auxiliaries a lot, particularly for verifying vulnerabilities. A table nobility scanner found. I need to verify them manually. A lot of the medicine auxiliary modules are great for that,
01:32
of course, information gathering and some vulnerability analysis as well, so we'll use lots of auxiliaries throughout the class. There's even some servers will set up like A S and B server
01:42
for our post exploitation for capturing some traffic and post exploitation. So
01:49
we'll see lots of oxiris. Let's just start with one.
01:53
We can, of course, you do the info command if we want to. But let's start with used this time
01:57
and again. You can drop off the word auxiliary and the first lodge if you want to you,
02:04
but then you can't top complete, So let's do auxiliary slide and then I want scanner
02:15
flush.
02:16
SMD flash pipe underscore. Auditor way. Show our options here going to be a little bit different
02:29
for auxiliaries instead of our hosts that we see on our network exploits. We see our hosts with an S so we can ask it to scan multiple hosts. This case, we only want to scan one. There are many different ways we can specify those hosts. In fact, we even have it read from a file
02:46
which will do a bit later on when we're running through a contest.
02:50
For now. Just set our host within us
02:53
to the I p address of wonders X p Again, make sure it's the I P address. If you're with those x p, I'm not mine or else it undoubtedly will not work.
03:04
S and B domain is that the workgroup rxb box is actually not a member of the domain are Windows seven. Box is a member of a domain. But when his ex is just a member of the work group so we can leave that as is
03:15
but also have options for us and be passing s and the user. So we wanted to give it a user name and password off syndicate as we could do so here. We're just interested in what pipes were available to the anonymous user who can use R. M s 08067 exploit
03:30
so we could just leave those blank. We see they're not required to see no here for required. Who could just leave those blank and it will still work. Fine. Also see threads Currently sits one. If we wanted to scan lots of different hosts, we may want to up the threads. Make it multi threaded.
03:47
We'll go faster in that case, but we're always getting one who's so one is just fine
03:53
thinking. We don't need to set up a load here. We're not actually exploiting anything so we can say exploit. I always kind of just say exploit no matter what. But you can also say Run for your auxiliaries, run or exploiting and I always go with exploit. It always works so easier for me to remember than having to know £2
04:14
you could do either,
04:15
and not quite as exciting. Exploit. Of course, who's always did here was gather some information, particularly what named pipes air this thing on the S and B server, and the only one that's listening is that browser pipe was good that we left
04:30
the named Piper, as in Be Pipe is the option is cold for the M O sotto 67 model
04:36
that we left it his brother. So that is indeed the only one this listening, So it's the only way it would work. So again, just a little information here. We'll use lots of auxiliaries throughout the class, but main points being that it's our hosts instead of our host, and it's also
04:54
no paler required. Otherwise, you may see different options. Well, you will see different options depending on
05:00
what the auxiliary is in this case, since it's talking to S and B, that hasn't be domain, pass and user, but say we were working with an FTP server or we would see different options are the options you can always to show options to see them are going to vary.
05:18
But in general, using all the medicine white module, that's pretty much the same

Up Next

Advanced Penetration Testing

The Advanced Penetration Testing course teaches the cyber attack lifecycle from the perspective of an adversary. Become more familiar with the most widely used penetration-testing tools, manipulate network traffic, and perform web application attacks such as cross-site scripting and SQL injection.

Instructed By

Instructor Profile Image
Georgia Weidman
Founder and CTO at Shevirah and Bulb Security
Instructor