all right. Now you have the terrain map.
You know the vulnerabilities. It's not time to get access. When it comes to gaining access, A few options are available.
The version of the piece of software has published vulnerabilities. This could be used to gain access
gain access if a service is using default, usually my credentials.
But if no credentials or vulnerabilities have found,
users can be targeted as well to gain access. It's very easy to G O around an organization's parking lot and drop a USB or a CD that has a
backdoor written on it, that
there's a plug it into their machine
gets executed and now you have access.
A lot of people will see a CD with
something like, uh, music Next 2015 or they'll find a thug driving. They'll say, Hey, what's on this? I'm gonna plug it in, plug it in. Boom! You have access to their network very, very easy to use the human element to gain access. But I talked about Ama Taj, and I talked about our montage being ableto
get you some access with a Hail Mary.
Let's take a look at what the hell Mary looks like.
All right, here we are, back in our Callie box.
No, I haven't tried to hail Mary on this yet. So let's give it a shot, See if we get anything.
So the guy who appear to attacks
and we're gonna do a Hail Mary.
Now, what this is doing is running every single, exploiting, throwing every exploit. This machine it was, could cause machine that keel over and die,
Or it can give you a back door.
So it's kind of dangerous to do again on,
like, I c s systems or some kind of
connected to something
his life or death such as? Ah, hospital. So you won't want to do this there. But since this is an environment that
we know is something that
isn't gonna kill somebody, that's
All right, throughout all of the ah
getting all the sessions together, and it's compiling the lesson that's going to tell us.
And 15 seconds if we
successfully exploit the machine.
Oh, and we got no sessions. Unfortunately,
no, it was a good try
because I find attacks against the machine.
They also view the attacks are available against machine. I go to attack
and seeing possible attacks up here
because of you possible attacks by
light clicking on the machine
all these different kinds of attacks here
So you can go through and, you know, determine whether or not
you actually went to
try some of these and see some of these just have windows that just keep going and going of exploits.
You know what? For that of it, let's check the exploits.
I was gonna run through all those kinds of exploits that were there in those lists and
tested. See if it's exploitable.
There's another way you can perform your enumeration as well.
I was gonna keep going and going and going through that massive list of exports we saw there. So,
as you can see, it tells you
as it does it, whether or not it's actually vulnerable to those exploits. So soon as you see, one of those exploits say Hey
You know, you've got yourself a winner,
but I'm going to stop this so we can move on to our next portion