Hello, viewers. Ah, this video is a bit of an aside from the rest of the program, it's not actually part of the
information gathering or the back door ing or the covering tracks. But it's something that I wanted to take time to cover very quickly because, like the slides that I had a beginning of this the lecture portion.
Ah, this is something that you're going to want to know what you're working on. This sort of thing at this specific thing I am talking about is T f T p u. I'm sure you've heard of FTP,
which is file transfer protocol ity. FTP is just the trivial wire transfer fire file transfer protocol. It's ah, the UDP version. It doesn't use much checking and
it's a little bit less reliable, but it is good for being stealthy.
just to demonstrate how it works,
I went ahead and created a file which is just this text dot text,
and we're going to drop that on two.
The fire machine on which I currently have a T F TV server running. What you would be doing is on whether you're outside machine was the handle the tools and things on it that you wanted. You would just set that up with whatever your favorite FTP server might be or t ftp server might be. There's some great open tours out with great open sources out there checking out, get hubs. Where's forwards. Anything like that
is a great way to find them.
So you've got that set up on your farm machine, huh?
And then on this on your target in this case will use linen ex biggest and easy set up, and I can demonstrate it very quickly.
So you have to 50 feet,
and then you just hit enter,
and it brings up a special problem. Which is the tea ftp prompt. I'm as
far fewer commands to get help in this one. To find out what the Commander, you just put a question mark.
Ah, you see, Connect mode put. Get quick. Riposte. Trace status mine area. Asking its owner.
Uh, what's the first thing we're gonna want to do is
We're gonna go ahead and do it. Connect Now. These can be abbreviated, so all you need is actually the first letter. I tend to write a few letters in Just that. I know what I'm talking about. You can keep track.
We're gonna connect to that. We're going to connect to the TV reports 69 which is just
what's configured on the farm machine. You can configure it to any port. This actually isn't the native TFT port, but that's not important.
So we're going to connect to that.
And then we're gonna go ahead into a put. So put is to send files out
your call. We've been doing the totally not hacking your stuff, not text file for a while.
Once you've finished all of that, you gathered all the data you want.
Then you obviously put this in there.
You would put that file on your target, the FTP server.
So you do put, you see, it sent 10 bites. It was just a quick little bit to show you that it sends it and it shows you what it's actually doing.
And then we're gonna exit this.
We're gonna exit T f T p.
You see, that file obviously is still here. We're gonna change that. Remove it.
So we condone straight getting
So you're back in RTL TV. We
But for most bone back on, we can act still 19 to 1 to save one's a 71
All right, we got it. So then we quit out.
And l s and sure enough, the files back
and thats useful in handy in terms of this sort of vague concept. But
what about something a little bit more interesting? Maybe getting rid of the earth may be pushing out the password in shadow files.
these files are Lennox native files files that pretty much everyone should know about.
Um, two. They didn't really cover in our information gathering step
just because I showed you where you would find those files. And generally speaking, going into this, it's sort of expected that you'll know
about those particular password files.
but in case you aren't aware of what they are
shadow, which is the etc shadow, opa, etc. Shadow file.
We're heading less that
So you have to have. I've been at this delicate shadow, which is important because you can see
he contains password. Hash is
which is very handy you also see that on this generic computer machine? There are lots of things that I don't actually have passwords, you know, whatever.
So you see a password hash right here
and ah, that's basically
well, it's not basically, that's just how the passwords are stored. It will hash the password you entered when you're trying to verify as being someone specific.
And that's how it will compare to see if you got the right password.
That's the password,
does not contain passwords.
Contains user names, groups, all sorts of information about that. But it has an X where the password hash would be located.
It also contains your default shell
on all sorts of fun. You user i d group i d et cetera.
we're gonna go ahead new, sooty FTP
we're gonna do put what we're gonna do a connect first
192168 Once in zone one,
they're gonna try putting etc shadow.
So that's kind of an interesting problem that you run into with That's a shadow
His lineage doesn't want you to do that. You can't just straight drop those. So what you gotta do
and make sure we're using the right commands were gonna copy.
then we're going to copy
password to password. But T esti Now notice here. And this is another useful little quick clinics trick that you want to check out
in this one. We type the full path and this one just type the relative path.
The difference is simple. This is so that we can address something that in another
place in the overall directory, where is this?
We'll just drop it into our current directory so we don't have to move her up.
So he left to make sure they're both here.
Cool, they are. And we opened back up. Artie ftp
BC one and $216817.1 that one.
password dot t x t shadow dot t x c.
Let's go ahead and change that. So what I actually just did, rather than what I intended to d'oh
was actually Ah, put 25 Put that file
under a different name on the far server so we'll do it this way. So we actually have it a Rio put
So since I made a boo boo, I'm gonna have to do shadow one dot t x c.
Anything can happen on a live show, folks,
including Ah, fun little permissions problem.
So why are we running into that?
this is another example. Another case where we can
do some linens, food, learned some interesting stuff,
and we see that the shadow is owned and controlled by route.
So now we've got to do something little fancy.
It actually is a password change.
Now, there are lots of very specific, very careful things you should be doing. You should understand what each of these means if you're going to be changing permission so that you can precisely change it
and make sure you don't mess up any file information or put anything where it shouldn't be.
You should always be very, very careful. And you should not do
what I'm about to do,
which is to wholesale change shadow dot t x t
to full permissions.
So we do. L s tak l s I A. This time we'll grab for shadow
and we see that it is willing to do anything we tell it, it will attempt to execute this file, which tends to go poorly. But we can try it out,
as you can see tends to go poorly.
But we know that we're allowed to touch it now. So maybe that will fix our problem.
so it looks like it worked. Everything seems to be
We're going to remove shadow dot text.
We're going to remove password, not text.
for everything, not text.
And we see only our old file that we downloaded a little bit ago is there.
that's all good to go. And we're ready set. So we're gonna do t f t p one more time.
Make sure we can actually see And to get those files back,
And you see that with the FTP And I mentioned before that it's supposedly ah,
reliability particle one that doesn't take too much care and making sure it's got the right thing But you see that it came through just fine. In general, most of your software, most of your tools are gonna come through without any problems.
Data transfer over the short network space is not typically very hard, and you're not gonna have a problem with it. But again, you did see
you have to be works, and it is very useful for sending and receiving vials. We also got to do a little bit of linens learning while we were in the process, just so you could get a sense of what passed files to look after,
and just to kind of get a sense of where everything's stored.
So with that, I pretty well leave you on this video. And I think
you're pretty well ready to go with the FTP. Obviously, if you're uncomfortable with it or even if you are comfortable with it, but you'd like to be more comfortable with it. Go ahead and download your own server, run your own client and kind of play around with it and see how it works.
It will be an invaluable tool to you as you go forward in the post exploitation world.
With that, I'm residents me, Joseph, very signing off until next time. I hope you learned a bunch