My name is Dean Pompilio
and we are about to embark on a medicinally adventure.
I got a bunch of great things I want to show all of you. We're gonna learn a lot of different techniques,
get to see a lot of different tools
and hopefully give you a chance to build up your pen testing confidence in your pen testing tool kit
to the point where you feel comfortable sitting down and going to work
All right, so where do we begin
This is a rapid seven product. Some of you may be familiar with the company.
They also make fantastic scanners like Next Pose.
And unfortunately, next Post is not
currently compatible with the version of Cali that I'm using for this course.
So if I decide to run it on a separate Windows VM later, maybe we'll we'll compare some scan results between next Pose and Ness's, for instance.
In any case, medicinally is the
the penetration testing framework that will be exploring. There's a lot of different
aspects to Mattis point.
Uh, as we can see, there is a free download,
basically the equivalent of what you get when you install Callie Lennox,
and we'll cover that just here in a minute.
But the one thing that you can get
and by downloading this
free version of Venice, Italy, is the Community Edition, which is a a Web based
interface from Menace Boy
and the Web is interfaces is pretty handy for a lot of different things.
We'll start out with the text based interface, but eventually we will work our way over to the
We'll also explore Armitage,
which is another gooey interface that one's
actually older than the Web based interface, from from my own knowledge anyway.
So we'll try both of those. And then we'll also do a lot of work with the command line.
I personally prefer the command line. I think that
you can learn the tool much better, more thoroughly.
You can also understand a lower level how the different actions take place within the framework, and the interaction with the database is much more direct.
So we'll start there and then work our way up to some of the time saving futures of using the buoys.
You'll notice I'm at callie dot or GE
This is the website where you can download your pen testing platform.
And what will we doing here in this next segment is going over the basic set up to get your
you're penetration testing lamp up and running.
So there's several components
which are required in order to make this,
when the first things you want to think about is
Vienna, where workstation
I have a work station, 12 pro, highly recommended. If you have the money to spend on a product like this, it's a huge
time saver. If you do a lot of work with virtual machines,
I'm not sure about the exact price because I've upgraded a few times, but I think it's about to 50 to 300 U. S. Dollars.
Otherwise, if you don't
or the need to use workstation pro,
you could always go to.
I was going to Vienna, where dot com
helps with your spell it right
and go to their download section,
and you'll notice that you have via more player.
So the more player is free,
and you can get this for Windows or or letting systems. As you can see,
and the player really does offer a similar
amount of functionality to work. Station some of the big differences our viewer player does not allow
you. Thio capture a snapshot. For instance,
there's a couple there
advanced features that the work station offers the ability to have all of your V EMS in a tabbed interface, for instance,
and just some other nice features. Be able to set up a Server
four via more clients to connect you.
We're not gonna really use any of those features to any of those futures, rather for this course.
But regardless, the more players here available. If you have another player that you like to use, you can certainly
trying to use the same V ems with that player of your choice. If you like
the Microsoft Hyper V player or
Virtual Box from Oracle, for instance, you might got to find ways to get this off of work.
But the classes designed around Vienna, where
and Kelly Lennox and medicine portable,
so you might be wondering what menace plausible is.
I know I'm kind of jumping around here a little bit but
I think you'll agree that
We can see offensive security offers this,
and you can download it from a bunch of different places.
you do have to register with Rapid seven's website nor to get medicine portable. And what this is is a virtual machine,
And these vulnerabilities are due to things like lack of patching
or using software that has known bugs that just hasn't been removed or shut down.
There's several different ways to go about attacking this this virtual machine,
and I think that, uh,
if you can grab this V M in addition to the Cali VM, you should be able to replicate all of the labs that will be doing the demonstrations that I'll be doing throughout this course.
There are some basic things to think about.
For instance, let's go back to our Callie Lennox.
Callie lyrics from the Cali dot award website.
You'll notice we have several different versions here,
depending on if you have the aware workstation or via more player, you can download pre built
virtual machines that will work with those. Stop those piece of software.
I had a little trouble
with the latest version of Cali
downloading as a V M, where image.
But in any case, dollar, the Esso image is pretty straightforward.
So you simply download this, save it to a, uh,
a location of your choosing.
It's gonna cancel that since I don't need it.
And then you simply open up the image
in your view, more player or in via my workstation.
So going back to work station.
Once I have the so image downloaded, I just create a new virtual machine. This is similar if you have the aware player,
and then we just pointed to the ice. So image file wherever that ISS. So there's my Callie Lennox.
So it'll take a moment to read the file.
All right tells me you cannot detect the operating system. That's fine.
If you're using the n word player
and you want to do the same operation, you basically go to file menu.
There should be an option there that says open or new, and you do the same thing. You point to the ice, so image
and we'll click next. This is a guest operating system of Lennox Debian 6 64 bit should do the job. You have a lot to choose from here,
but Callie Lennox is based on Debbie in
and, uh, six. Version 6 64 bit is the setting that I use with
with the last version.
So we'll go ahead and click next.
Don't call this, um,
callie test because I already have my Callie image, but we're gonna just kind of step through this a little bit. You can see what it looks like.
All right onto the disk size. The default comes up with 20 gig.
Uh, if you got the space
on your hard drive and recommend upping that to 30 you can also use the buttons here, if you like.
By 30. Gig is good, Because if you build a fully functional
instance of Callie and you start adding more tools and have you got some databases with a bunch of your information besides congrats. Oh, it's better. Just plan ahead.
I always prefer to have my discus a single file. If you're moving v EMS around,
this is a little bit more convenient and depending on how you partition your disk or how you provision of this. Rather, you might have some different care considerations for how much space will eventually use. It will just change this to store the discus. A single file.
We're looking at a hardware noticed that the network setting is Nat.
I met my settings for the V M right now,
if you want to keep your
relatively safe from the network that you're on, you should at least be using Nat Mode.
This means that I'll be sharing my i p address of my host.
I am allowed to get out to the Internet from this V M.
But I'm just basically using different source sports when I'm a connection to the outside.
If you're concerned about complete isolation and complete privacy for doing your pen testing work
that you could go into host on Lee mode.
So when the VM boots, it will get an address that's local to your host
itself and cannot get to the outside network
for our purposes. We're going to use that because we wanna be able to get to the Internet. We want to be able to do certain things which require Internet access.
I got a great T shirt on here. One shorter. One.
Hope you're having fun with cyber Eri.
I know what's out. It's a nice pleasure to be able to contribute to the videos. I know a lot of people really
are getting a lot of benefit from this.