00:04
All right. So for our next task we're going to do is export
00:11
from the necessary tool
00:12
and imported into Mattis place. So we can have,
00:17
uh, access all this information
00:21
exported. Unnecessary format. You see, you've got some other options available.
00:27
You also have the necessary data base
00:29
format, but we're just gonna put it in
00:32
export, or rather, in straight necessary format.
00:37
And this should get sent to my
00:46
Let's not go downloads L s sellers. Hello, Seller. T. There is my file
00:57
back in mass ploy. I'm gonna want to do a D B import.
01:07
I can see All I do is give it the foul into the file on it understands all these different file types.
01:12
Next post scans X amount. All found stone at you, Net IX and map.
01:19
And, of course, Ness's there.
01:22
That's Parker Spice works right now.
01:26
It's pretty good, huh?
01:27
Selection of a lot options there.
01:30
So I know my file is in route downloads
01:34
and I'll paste that last bit there.
01:38
So it was necessary XML and automatically determines the file type
01:44
successfully imported.
01:49
Now, if I want my service is command again.
01:52
I do see more things here, uh, than previously
02:02
the R. P. C info has been added and a couple other things. The list is a little bit longer, so that's good.
02:13
Also, if I look at my vulnerabilities, look at all the stuff that's here. This should be. This should match the 103 109
02:21
vulnerabilities that were discovered,
02:24
and these all have their
02:28
associate information.
02:34
So now, even though I'm still in the man's boyfriend work, I'm I'm able to look at Ness's
02:42
pretty, pretty neat.
02:45
And this is in my database now as well.
02:47
So this is Ah, big improvement over just having,
02:53
you know, two separate applications
02:55
and trying to merge that information together when you're you're looking for ways to do your next exploit,
03:10
you know, loot yet, but we'll see what that looks like. Some point we know we have some credentials
03:20
logging that we tried earlier.
03:23
You have to do this from within the framework for that to get registered in the database like I did the Tomcat log in. But that was
03:30
through the Web browser which is outside the framework, so it doesn't know that I've tried that.
03:42
So if I do a quick search for Tomcat,
03:46
I probably could find a
03:53
I'm Andrew Log in that looks like it.
04:12
I could make this window a little bit bigger.
04:15
I don't like when my lines wraparound.
04:24
It's snowing. Sorry about that.
04:29
All right, so we see that I've got a user name and password.
04:38
our host is not defined. Probably cause I started,
04:42
a different version of framework and didn't save those settings.
04:46
There is a safe command within the framework, and I'll run that after I do this.
04:57
I'm gonna go ahead and
04:58
go ahead and save my configuration. Tells me where it is.
05:02
No, I will set my password to Tomcat because we know that's what it was from the previous exploit,
05:11
and I'll set user name to Tomcat.
05:16
So basically, set passport and use her name.
05:20
Now if I show my options again,
05:28
I could set blank passwords, too.
05:31
True. That might help,
05:34
but I might have enough information.
05:39
Let's let's do a couple things I set blank
05:54
confidence of this Exploit will actually do something.
05:59
It says the connection was refused on port, eh?
06:02
I think this waas pour it 81 80. So that's the problem is the remote port. Let's change that
06:15
now. I will try the exploit.
06:20
So I tried a bunch of defaults,
06:28
Scared one of one hosts,
06:32
I don't see our successful there on a server at the top. I looked right past it,
06:39
so log in for Tom Cat Tomcat was successful. Now, if you look back at our options, we can see we've got a password file, a user name and password file. So these were checked
06:56
but the one that actually supplied because I knew that information worked.
07:01
as you would expect, my credentials portion of the database holds two new credentials. I know I can connect to this host on port 81 80 using ah, user name and password of Tomcat and Tomcat.
07:14
Pretty neat. Gotta admit.
07:15
Okay, so this wraps up our vulnerability scanning
07:19
and what we're gonna, uh
07:21
look at a little bit after this is some of what's involved in actually developing developing exploits for menace, Boy. Not gonna go into a tremendous amount of details a little bit beyond the scope of this class.
07:33
But what leads Touch on a few topics, and I'll give you some understanding of what's involved.