Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

In this module we discuss vulnerability scanning and kick things off in this video by examining how to probe logins. In this example, Dean demonstrates the SMB login module of Metasploitable and discusses the various methods for probing vulnerabilities with the login process of the target.

Video Transcription

00:04
All right. Welcome to the vulnerability scanning module.
00:07
In this portion of the course, we're going to be using various tools, some built into medicinally framework, some external
00:16
in order to find weaknesses or vulnerabilities in our target system.
00:21
This is ideally
00:22
your next step so that you can identify those areas where you may be able to penetrate the system to get a command show.
00:29
Or maybe, um, interpreter Shell.
00:32
We're calling some other kind of desirable action.
00:35
All right, so first we'll start off with
00:38
Let's say you were able to gather
00:42
a valid user name and password
00:45
for a particular system. What you could try
00:49
is trying to use the s and the log in module.
00:52
And this should allow you to
00:57
chest out, test that log in, or do other kinds of work.
01:02
So, you know. So I'm doing my tab complete
01:06
and should be smb log in. There it is.
01:11
All right,
01:14
Now, keep in mind that this is
01:17
noisy on the network, right? You're not. If you every time you fail to log in
01:22
that will generate a log event and made generate an I. D. S event or
01:27
some other kind of
01:32
you know your security information. Event manager assim device might also generate alert. So you have to be careful with these techniques.
01:40
So a couple of things you want to think about
01:44
we want to make sure that the gun our host set
01:49
and that it's there because I used the global setting earlier
01:56
and
01:57
blake passwords is true, so we can try those.
02:01
We can also specify a password file. If you If you had a dictionary file, you could
02:08
specified that here
02:10
and 11 entry per lying. You could have millions of words in there, so you can definitely do a brute force. But again, that's very noisy.
02:19
I'm just gonna show you.
02:21
Um,
02:22
I tried this previously from one of the
02:25
accounts and I thought I could guess that I've got
02:29
user name, a victim, a passport of past
02:32
You can set these manual here. Of course, if I tried to run the exploit,
02:38
it comes out back and says the log and brute force has failed
02:43
because that log in and password combination does not work. I know what can log in
02:49
directly to
02:51
met, exploit
02:53
using post rest, so we could try that
02:55
I could try set SMB user to post GREss
03:01
Set us and be users are doesn't be passed to post GREss.
03:12
Well, but also failed.
03:15
So that's not a log in which could be used for,
03:20
uh, S and b type access
03:23
so we could try MSF admin.
03:30
And this is the default
03:32
medicine avoidable,
03:35
huh?
03:36
Credentials that I'm I'm using here.
03:44
Yeah, so none of those worked, but, um,
03:46
it's just a way to illustrate another possibility for gaining access to a system.
03:53
There may be other things to think about,
03:58
such as, Ah, viene see, So we can give that a world.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor