Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

This video and the next provide an introduction to the Metasploit course taught by Dean Pompilio. The course is an introduction to pentesting based on the Metasploit framework from Rapid7. Dean lays out the fundamental components used in the course, where to obtain them, and how they should be configured. The components are Kali Linux available for download from kali.org and Metaspoitable from Offensive Security.

Video Transcription

00:04
Hello, everyone.
00:06
My name is Dean Pompilio
00:08
and we are about to embark on a medicinally adventure.
00:13
I got a bunch of great things I want to show all of you. We're gonna learn a lot of different techniques,
00:18
get to see a lot of different tools
00:20
and hopefully give you a chance to build up your pen testing confidence in your pen testing tool kit
00:28
to the point where you feel comfortable sitting down and going to work
00:32
right away.
00:34
All right, so where do we begin
00:38
that exploit?
00:40
This is a rapid seven product. Some of you may be familiar with the company.
00:44
They also make fantastic scanners like Next Pose.
00:50
And unfortunately, next Post is not
00:53
currently compatible with the version of Cali that I'm using for this course.
00:58
So if I decide to run it on a separate Windows VM later, maybe we'll we'll compare some scan results between next Pose and Ness's, for instance.
01:11
In any case, medicinally is the
01:15
the penetration testing framework that will be exploring. There's a lot of different
01:19
aspects to Mattis point.
01:22
Uh, as we can see, there is a free download,
01:26
and this is, uh,
01:26
basically the equivalent of what you get when you install Callie Lennox,
01:30
and we'll cover that just here in a minute.
01:34
But the one thing that you can get
01:38
and by downloading this
01:40
free version of Venice, Italy, is the Community Edition, which is a a Web based
01:47
interface from Menace Boy
01:49
and the Web is interfaces is pretty handy for a lot of different things.
01:55
We'll start out with the text based interface, but eventually we will work our way over to the
02:01
to the gooey.
02:02
We'll also explore Armitage,
02:06
which is another gooey interface that one's
02:08
actually older than the Web based interface, from from my own knowledge anyway.
02:15
So we'll try both of those. And then we'll also do a lot of work with the command line.
02:19
I personally prefer the command line. I think that
02:22
you can learn the tool much better, more thoroughly.
02:25
You can also understand a lower level how the different actions take place within the framework, and the interaction with the database is much more direct.
02:36
So we'll start there and then work our way up to some of the time saving futures of using the buoys.
02:43
Okay, so
02:44
I'm Drew Callie.
02:46
You'll notice I'm at callie dot or GE
02:50
This is the website where you can download your pen testing platform.
02:54
And what will we doing here in this next segment is going over the basic set up to get your
03:02
you're penetration testing lamp up and running.
03:06
So there's several components
03:07
which are required in order to make this,
03:10
uh,
03:13
course possible
03:15
when the first things you want to think about is
03:20
Vienna, where workstation
03:23
I have a work station, 12 pro, highly recommended. If you have the money to spend on a product like this, it's a huge
03:30
time saver. If you do a lot of work with virtual machines,
03:34
I'm not sure about the exact price because I've upgraded a few times, but I think it's about to 50 to 300 U. S. Dollars.
03:42
Otherwise, if you don't
03:43
have the funds to
03:46
or the need to use workstation pro,
03:49
you could always go to.
03:52
I was going to Vienna, where dot com
03:54
helps with your spell it right
03:55
and go to their download section,
03:59
and you'll notice that you have via more player.
04:06
Here it is.
04:11
So the more player is free,
04:14
which is nice,
04:15
and you can get this for Windows or or letting systems. As you can see,
04:20
uh,
04:21
and the player really does offer a similar
04:26
amount of functionality to work. Station some of the big differences our viewer player does not allow
04:31
you. Thio capture a snapshot. For instance,
04:35
there's a couple there
04:38
advanced features that the work station offers the ability to have all of your V EMS in a tabbed interface, for instance,
04:45
and just some other nice features. Be able to set up a Server
04:48
four via more clients to connect you.
04:50
We're not gonna really use any of those features to any of those futures, rather for this course.
04:56
But regardless, the more players here available. If you have another player that you like to use, you can certainly
05:02
trying to use the same V ems with that player of your choice. If you like
05:10
the Microsoft Hyper V player or
05:13
Virtual Box from Oracle, for instance, you might got to find ways to get this off of work.
05:17
But the classes designed around Vienna, where
05:20
Workstation
05:21
and Kelly Lennox and medicine portable,
05:26
so you might be wondering what menace plausible is.
05:29
I know I'm kind of jumping around here a little bit but
05:32
I think you'll agree that
05:34
unexplainable is a
05:39
fantastic resource.
05:42
We can see offensive security offers this,
05:46
and you can download it from a bunch of different places.
05:54
But the
05:57
you do have to register with Rapid seven's website nor to get medicine portable. And what this is is a virtual machine,
06:04
which has
06:05
intentional vulnerabilities.
06:09
And these vulnerabilities are due to things like lack of patching
06:12
or using software that has known bugs that just hasn't been removed or shut down.
06:19
There's several different ways to go about attacking this this virtual machine,
06:24
and I think that, uh,
06:27
if you can grab this V M in addition to the Cali VM, you should be able to replicate all of the labs that will be doing the demonstrations that I'll be doing throughout this course.
06:38
There are some basic things to think about.
06:40
For instance, let's go back to our Callie Lennox.
06:45
We can download
06:46
Callie lyrics from the Cali dot award website.
06:49
You'll notice we have several different versions here,
06:55
depending on if you have the aware workstation or via more player, you can download pre built
07:02
virtual machines that will work with those. Stop those piece of software.
07:08
I had a little trouble
07:10
with the latest version of Cali
07:12
downloading as a V M, where image.
07:16
But in any case, dollar, the Esso image is pretty straightforward.
07:21
So you simply download this, save it to a, uh,
07:27
a location of your choosing.
07:29
It's gonna cancel that since I don't need it.
07:31
And then you simply open up the image
07:35
in your view, more player or in via my workstation.
07:44
So going back to work station.
07:46
Once I have the so image downloaded, I just create a new virtual machine. This is similar if you have the aware player,
07:56
and then we just pointed to the ice. So image file wherever that ISS. So there's my Callie Lennox.
08:01
I so image.
08:09
So it'll take a moment to read the file.
08:11
All right tells me you cannot detect the operating system. That's fine.
08:16
If you're using the n word player
08:18
and you want to do the same operation, you basically go to file menu.
08:22
There should be an option there that says open or new, and you do the same thing. You point to the ice, so image
08:30
and we'll click next. This is a guest operating system of Lennox Debian 6 64 bit should do the job. You have a lot to choose from here,
08:39
but Callie Lennox is based on Debbie in
08:43
and, uh, six. Version 6 64 bit is the setting that I use with
08:48
with the last version.
08:50
So we'll go ahead and click next.
08:54
Don't call this, um,
08:56
callie test because I already have my Callie image, but we're gonna just kind of step through this a little bit. You can see what it looks like.
09:03
All right onto the disk size. The default comes up with 20 gig.
09:07
Uh, if you got the space
09:11
on your hard drive and recommend upping that to 30 you can also use the buttons here, if you like.
09:16
By 30. Gig is good, Because if you build a fully functional
09:20
pen testing
09:20
instance of Callie and you start adding more tools and have you got some databases with a bunch of your information besides congrats. Oh, it's better. Just plan ahead.
09:31
I always prefer to have my discus a single file. If you're moving v EMS around,
09:39
this is a little bit more convenient and depending on how you partition your disk or how you provision of this. Rather, you might have some different care considerations for how much space will eventually use. It will just change this to store the discus. A single file.
09:54
We're looking at a hardware noticed that the network setting is Nat.
10:01
This is important.
10:03
I met my settings for the V M right now,
10:05
if you, um
10:07
if you want to keep your
10:09
your pen testing VM
10:13
relatively safe from the network that you're on, you should at least be using Nat Mode.
10:16
This means that I'll be sharing my i p address of my host.
10:20
I am allowed to get out to the Internet from this V M.
10:24
But I'm just basically using different source sports when I'm a connection to the outside.
10:28
If you're concerned about complete isolation and complete privacy for doing your pen testing work
10:35
that you could go into host on Lee mode.
10:37
So when the VM boots, it will get an address that's local to your host
10:41
itself and cannot get to the outside network
10:46
for our purposes. We're going to use that because we wanna be able to get to the Internet. We want to be able to do certain things which require Internet access.
10:54
Oh, by the way,
10:54
I got a great T shirt on here. One shorter. One.
10:58
Hope you're having fun with cyber Eri.
11:01
I know what's out. It's a nice pleasure to be able to contribute to the videos. I know a lot of people really
11:07
are getting a lot of benefit from this.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor