Part 4 - GUI Overview

Video Activity

This lesson offers a GUI overview. In GUI, you can examine services as well as notes following an exploit. In GUI, there's a modules tap you can use to launch exploits directly. There are also advanced options and is very detailed.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Description

This lesson offers a GUI overview. In GUI, you can examine services as well as notes following an exploit. In GUI, there's a modules tap you can use to launch exploits directly. There are also advanced options and is very detailed.

Video Transcription
00:04
so after looking at some service is information weekend
00:08
also examined some notes.
00:10
I exploited this NFS
00:15
export can see what that looks like. It also populated the file shares Tab.
00:23
Because of this, under the models tab, you've got some
00:26
different exploits you can try to launch directly.
00:29
Some of these may not work
00:31
as as you may have to tweak the, uh,
00:34
the parameters a little bit.
00:37
Furby sftp.
00:40
If you try to run this module as is, we should be able to get my interpreter host and tries to
00:46
do the log in with the smiling face and the and the credentials. As I mentioned before,
00:53
you could look at the advanced options
00:56
so it gives you quite a bit of granular control. And this is basically very similar to
01:03
what we would see for show options. Except it's a little more detail.
01:06
Show options from the
01:07
from the command line
01:10
version of Menace Ploy.
01:18
If I go back to modules,
01:26
I actually need to go.
01:34
And the navigation within the the communication could be a little bit
01:41
less than ideal.
01:42
There's a samba username, acting script exploits here
01:47
looking for my NFS mounts. I ran earlier
01:52
and it tries to see if I can, uh,
01:56
detect
01:57
and if s exported file systems
02:00
again. We have some advanced options and so on.
02:05
And if I run the module, it finds that the hoops
02:09
that I am exporting the entire route file system of things, particular system.
02:25
So if I go back to my results
02:28
once you've run that, then file shares will show up with with Route, as we see here.
02:34
And one of my notes will also mention that that happened.
02:37
Ah, there's other notes
02:38
related to the fingerprinting of the colonel
02:43
information about other in pits of information about the host itself.
02:49
There's no current sessions active, but if there had a mature precession or another type of show, that would be here and you could interact with it the same way you would by using the command line edition
03:00
a CZ I've mentioned before. I actually prefer command line,
03:04
but maybe with more exposure to the gooey, I might grow to like, a little bit better. I guess they've been a little bit old school in that way.
03:13
Not done.
03:15
The the buoys definitely has some advantages in that you can make it larger collections of hosts a little bit more easily. Since you can see the information visually,
03:24
you can set up campaigns where you've got a group of
03:29
systems that you're working on and you wanted, you know, categorize your information or keep it organized and so on.
03:35
So very useful.
03:38
But, uh,
03:38
that's a nice little of you. Off what mess Black Community Edition looks like. It's definitely worth installing this and playing around with it. Keep in mind, though, that the database instance.
03:50
Four Community Edition isn't necessarily going to,
03:53
um, be the same one that you're used from the medicine Lloyd framework.
03:58
Uh, mess boy, Cobb
04:00
free More counsel.
04:02
There are ways to export import data from one database to the other.
04:06
But, uh, if you choose to go to stick with the command line
04:12
of counsel
04:14
or command line related tools,
04:15
then when you go into the community edition, you're not going to see your information there unless you import it to that other post GREss database and vice versa. If you started with Julie, but you want to switch to command line,
04:27
you'd have to export the data from one database, um, important to the other two separate instances of Post Press that sit on your Callie system.
04:36
All right, that's the end of the stick. This section. Thanks. And I'll see you in the origin section.
Up Next
Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By