All right. Welcome to the vulnerability scanning module.
In this portion of the course, we're going to be using various tools, some built into medicinally framework, some external
in order to find weaknesses or vulnerabilities in our target system.
your next step so that you can identify those areas where you may be able to penetrate the system to get a command show.
Or maybe, um, interpreter Shell.
We're calling some other kind of desirable action.
All right, so first we'll start off with
Let's say you were able to gather
a valid user name and password
for a particular system. What you could try
is trying to use the s and the log in module.
And this should allow you to
chest out, test that log in, or do other kinds of work.
So, you know. So I'm doing my tab complete
and should be smb log in. There it is.
Now, keep in mind that this is
noisy on the network, right? You're not. If you every time you fail to log in
that will generate a log event and made generate an I. D. S event or
you know your security information. Event manager assim device might also generate alert. So you have to be careful with these techniques.
So a couple of things you want to think about
we want to make sure that the gun our host set
and that it's there because I used the global setting earlier
blake passwords is true, so we can try those.
We can also specify a password file. If you If you had a dictionary file, you could
and 11 entry per lying. You could have millions of words in there, so you can definitely do a brute force. But again, that's very noisy.
I'm just gonna show you.
I tried this previously from one of the
accounts and I thought I could guess that I've got
user name, a victim, a passport of past
You can set these manual here. Of course, if I tried to run the exploit,
it comes out back and says the log and brute force has failed
because that log in and password combination does not work. I know what can log in
using post rest, so we could try that
I could try set SMB user to post GREss
Set us and be users are doesn't be passed to post GREss.
Well, but also failed.
So that's not a log in which could be used for,
uh, S and b type access
so we could try MSF admin.
And this is the default
Credentials that I'm I'm using here.
Yeah, so none of those worked, but, um,
it's just a way to illustrate another possibility for gaining access to a system.
There may be other things to think about,
such as, Ah, viene see, So we can give that a world.