Part 1 - Login Attempt

All right. Welcome to the vulnerability scanning module. In this portion of the course, we're going to be using various tools, some built into medicinally framework, some external in order to find weaknesses or vulnerabilities in our target system. This is ideally your next step so that you can identify those areas where you may be able to penetrate the system to get a command show. Or maybe, um, interpreter Shell. We're calling some other kind of desirable action. All right, so first we'll start off with Let's say you were able to gather a valid user name and password for a particular system. What you could try is trying to use the s and the log in module. And this should allow you to chest out, test that log in, or do other kinds of work.

‍

So, you know. So I'm doing my tab complete and should be smb log in. There it is. All right, Now, keep in mind that this is noisy on the network, right? You're not. If you every time you fail to log in that will generate a log event and made generate an I. D. S event or some other kind of you know your security information. Event manager assim device might also generate alert. So you have to be careful with these techniques. So a couple of things you want to think about we want to make sure that the gun our host set and that it's there because I used the global setting earlier and blake passwords is true, so we can try those. We can also specify a password file. If you If you had a dictionary file, you could specified that here and 11 entry per lying. You could have millions of words in there, so you can definitely do a brute force.

‍

But again, that's very noisy. I'm just gonna show you. Um, I tried this previously from one of the accounts and I thought I could guess that I've got user name, a victim, a passport of past You can set these manual here. Of course, if I tried to run the exploit, it comes out back and says the log and brute force has failed because that log in and password combination does not work. I know what can log in directly to met, exploit using post rest, so we could try that I could try set SMB user to post GREss Set us and be users are doesn't be passed to post GREss. Well, but also failed. So that's not a log in which could be used for, uh, S and b type access so we could try MSF admin. And this is the default medicine avoidable, huh? Credentials that I'm I'm using here. Yeah, so none of those worked, but, um, it's just a way to illustrate another possibility for gaining access to a system. There may be other things to think about, such as, Ah, viene see, So we can give that a world.