Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

In this video we begin looking at how exploits are uncovered. Dean provides an example of examining a target running MS Windows. With information gathered in a previous step, he then knows to look for services specific to a Windows host such as MSSQL Server. Some of the exploits targeting MSSQL Server are hash dumps, privilege escalation, and launching an XP command shell. This fits into the strategy of enumerating services on the target and then methodically probing them for vulnerabilities.

Video Transcription

00:04
You know, I happen to know that this target is Olynyk system. But
00:07
it doesn't mean that you wouldn't be searching for
00:11
Microsoft Systems as well. We may. We may introduce a Microsoft target later in the courts.
00:18
So if I search for M s equal
00:21
now, I've got sequel server considerations. I've got
00:24
scanners like you'd expect. I can try to get a contract to a paying to see if the servers running. I can try to do Hash Thompson control log in.
00:33
There's other auxiliary modules for doing things like escalating the database owner to a higher privilege level. That could be really interesting
00:43
trying Thio. Use X p command shell.
00:48
This is a dangerous feature of M s seat well, where you're allowed to pass instructions to a command shell which runs on the underlying operating system of that database server.
00:57
Pretty fascinating stuff if you find a system that's got that enabled.
01:00
There's also things like logging utilities sound very specific things like the slammer worm or,
01:08
uh, hello overflows and so on. So a lot of things to explore here.
01:17
The idea, though, is to again
01:21
look at the service is
01:26
the service Is that you discovered and
01:27
methodically probe them one by one to see what what might be possible. Ftp right at the top. We can do a quick search,
01:37
see if I have anything for V sftp directly. And I do.
01:42
There's a command execution
01:45
for be sftp. So I know there's at least
01:48
one vulnerability someone's written a model for
01:53
and there might be others.
01:55
Uh, and we could do some search on that,
01:57
searching on that when we get a little bit further along.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor