1
00:00:01,000 --> 00:00:04,000
We're actually going to be going through this challenge together as we wrap up this skill.

2
00:00:05,000 --> 00:00:11,000
Now as I had previously mentioned earlier in the previous video, I was actually supposed to be doing fixing exploits here.

3
00:00:12,000 --> 00:00:17,000
But there is a reason that I wanted to go through and show you how to find them and how to leverage them.

4
00:00:18,000 --> 00:00:27,000
Because if you don't know they exist and you don't know what they do, you can't really figure out where they are and why the reason it is that we need to fix them.

5
00:00:27,000 --> 00:00:32,000
So yes, I did kind of nickel and dime over the ability to fix them.

6
00:00:33,000 --> 00:00:40,000
And that's because we get more value out of knowing as pen testers and security technicians what it is that they actually do to our systems.

7
00:00:41,000 --> 00:00:47,000
And everything that I told you in the previous portion of this skill is applicable in order to fix those vulnerabilities.

8
00:00:48,000 --> 00:00:56,000
Now with that being said, we're going to go over to our lab and kind of walk through together doing the exact same thing to a POSIX-based system.

9
00:00:57,000 --> 00:01:06,000
Except we're going to see how many vulnerabilities that we can find that are exploitable according to Metasploit.

10
00:01:07,000 --> 00:01:13,000
Now to do this, we are going to go over to our Kali system and we're going to start up sudo msfconsole.

11
00:01:14,000 --> 00:01:20,000
And if you would like to take a page out of the last skill and automate this test, by all means go ahead.

12
00:01:21,000 --> 00:01:23,000
That's in the scripts folder and also in the last skill.

13
00:01:23,000 --> 00:01:32,000
Now we are inside of msfconsole. We're going to set our payload in accordance to what our actual file is that msfvenom was created with.

14
00:01:33,000 --> 00:01:37,000
So in this particular case, we're going to set the payload, but not before I forget to set my multi-handler first.

15
00:01:38,000 --> 00:01:40,000
Ah, see, I didn't forget.

16
00:01:41,000 --> 00:01:44,000
Now we'll set our payload to Linux.

17
00:01:45,000 --> 00:01:50,000
And sometimes we have to nudge it because it's looking for everything behind the scenes.

18
00:01:51,000 --> 00:01:58,000
Where it's searched, but x64 into Metapreter and reverse.

19
00:01:59,000 --> 00:02:01,000
Did I spell that right? TCP.

20
00:02:02,000 --> 00:02:04,000
We're going to set our L-host to us.

21
00:02:04,000 --> 00:02:24,000
And we're going to say run and then I'll go over to the Ubuntu real quick and run dummy.

22
00:02:25,000 --> 00:02:27,000
Ah, yes, I need to run this in terminal.

23
00:02:28,000 --> 00:02:31,000
Yep, it was in session one.

24
00:02:31,000 --> 00:02:32,000
It was in session one.

25
00:02:33,000 --> 00:02:35,000
Or port 4445 is what we made it with in the last skill.

26
00:02:36,000 --> 00:02:37,000
So I had to run it in the background.

27
00:02:38,000 --> 00:02:49,000
So now we're going to go ahead and use post-multi-recon-local-exploit-suggestor.

28
00:02:50,000 --> 00:02:53,000
Now remember, you have to tie this to an actual session.

29
00:02:54,000 --> 00:02:57,000
So at this point you would say sessions, figure out which one you're on.

30
00:02:58,000 --> 00:02:59,000
I'm on two because I goofed.

31
00:02:59,000 --> 00:03:02,000
So set sessions to two.

32
00:03:03,000 --> 00:03:09,000
And then if you're like me and you just want to double check, do show options to see if there's anything else that we need to take a look at.

33
00:03:10,000 --> 00:03:11,000
And there's not.

34
00:03:12,000 --> 00:03:14,000
So at this point you would say run and let it go through.

35
00:03:15,000 --> 00:03:20,000
And I'm going to skip to the end when it shows all of them together and what our final tally is.

36
00:03:21,000 --> 00:03:22,000
Now I won't pull your leg on this.

37
00:03:23,000 --> 00:03:24,000
That actually took about 10 minutes to run for the first time.

38
00:03:25,000 --> 00:03:27,000
Your experiences may vary.

39
00:03:27,000 --> 00:03:28,000
But that's why I paused here.

40
00:03:29,000 --> 00:03:36,000
So really the question that we're wanting to look at now is how many possible vulnerabilities are there for us to be able to play with?

41
00:03:37,000 --> 00:03:38,000
And the answer to this is eight.

42
00:03:39,000 --> 00:03:46,000
Now I would like to challenge you at home to go ahead and go through these and just use them, experiment with them.

43
00:03:47,000 --> 00:04:05,000
And see if you can actually get the Ubuntu system to lock into a new process using another PID running or even trying to elevate your account status from user to administrative rights.

44
00:04:06,000 --> 00:04:10,000
Now do remember you'll have to go through and create a user on that actual Ubuntu system.

45
00:04:11,000 --> 00:04:13,000
Because right now learner is an admin.

46
00:04:13,000 --> 00:04:19,000
And you want to try to do this against an actual user account just to see if one, you can connect.

47
00:04:20,000 --> 00:04:26,000
Two, if you can get the vulnerability to get hooked on to by one of these exploits.

48
00:04:27,000 --> 00:04:30,000
And three, if you can get administrative privileges through that.

49
00:04:31,000 --> 00:04:34,000
Oh man, have you got the biggest bang for your buck on this one.

50
00:04:35,000 --> 00:04:44,000
Because this is basically opening up the Pandora's box for pen testers and hackers to be able to go through and wreak havoc on the actual systems themselves.

51
00:04:45,000 --> 00:04:52,000
But primarily for us, it's a way for us to be able to do a hash dump like we've done in previous skills already on these systems.

52
00:04:53,000 --> 00:04:58,000
And go through and start cracking passwords to see if you can access other systems due to shared passwords.

53
00:04:58,000 --> 00:05:00,000
There's a whole lot of different possibilities on this.

54
00:05:01,000 --> 00:05:06,000
But like I said, the purpose behind this skill was to actually teach the ability to fix these memory exploits.

55
00:05:07,000 --> 00:05:14,000
But I feel it's important to know how these exploits exist and what their capabilities are for us as pen testers.

56
00:05:15,000 --> 00:05:20,000
And go through and then fix them after we leverage them and make everybody worry themselves first.

57
00:05:21,000 --> 00:05:24,000
I hope this has been informative for you and I'd like to thank you for viewing.