Hack the box academy : Using the Metasploit Framework Pt 1.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

yo what's going on guys and welcome back today we are doing the Metasploit framework hack the Box Academy um I've done one of the other hack the Box academies and I like them I think they do a good job the problem is that most of their modules are very large so I will have to do them you know in chunks so this is part one um we'll get all the way up to where we capture the first flag and then we'll do part two after that um as you can tell I'm a little sick so don't worry about that um but one thing you guys will notice too is I get a lot of requests to do some of the more um expensive we'll say boxes on here and the reason I say that is because the way their pricing model is is kind of weird but um before we get too far deep into it guys go and hit that like button hit that sub button helps out tremendously I'm gonna keep doing the hack the Box Academy I think it's a very good resource um but like I said I get a lot of requests to do the um more expensive ones or harder ones however you want to say them because some of them I think are easier but more expensive um anyway the reason I haven't done those yet is because I try to keep my channel as much as um what you can do for free as possible and the reason for that is because I want everybody to have a chance to do it so if one of the boxes costs 10 bucks and someone doesn't have 10 bucks they just have to watch like that that kind of sucks so keep in mind that if I get a bunch of requests if you drop a bunch of comments below and say hey we really want to see you do this one I'll do it but um I don't want to necessarily exclude anybody so okay preface this with um some good information here so tools can indeed in some cases present us with some downsides this is true so create a comfort zone that will be hard to break out of and learn new skills so this is huge what happens here is and by the way these are going to be longer videos because I really like the teaching style um but anyway these tools create a comfort zone that is hard to break out of and learn new skills it's 100 true if you use a tool over and over and over and over there's a misconception that you know what you're doing and what I mean by that is like for instance a lot of people use John the Ripper and um crack hashes do they actually know what they're doing prob some do you know but some don't so it creates that comfort zone where you're like yeah I know how to crack hashes but then someone says okay don't use John the Ripper and you say uh uh I don't know then and that for instance my dog just cried but anyway so that for instance [Music] um creates that comfort of false sense of confidence in a sense um creating a security risk just because they were published online for everyone to see and use this is obvious um people publish tools vulnerabilities all the time so it creates a little bit of a security risk but I also think it on the opposite side of that it does two things one it forces companies to patch and fix things so for instance um if a vulnerability exists in Microsoft we'll say which happens all the time um if they don't fix it and someone publishes it now they're forced to fix it because otherwise there's going to be an uproar right so sometimes that's a good thing because sometimes companies will sit on these for years create tunnel vision effect if the tool cannot do it neither can I this is something I see all the time I see people say is this possible can you do this can you do that anything's possible if you try and I know that sounds like cliche but in I.T it really is like there is a vulnerability in everything you can break anything it's can you figure it out right so don't rely on tools to do things that you can't I use tools as a um good helper but it's not the only thing I I use right I'm not gonna if I if a tool can't do it I'm not gonna say I can't do it I'm gonna figure out another way all right so what is metasplay so there's two type two um modules if you will of Metasploit there's the Metasploit Pro and there's Metasploit framework um the framework's open or the free version the pro is the paid version pretty simple pretty self-explanatory um here's the difference with the pro you have task change social engineering capabilities vulnerability validations a GUI and quick start Wizards so one thing I'll tell you with the GUI don't ever use it um maybe if it gets better but the gui's really really bad so I don't recommend it um and you can see they're just kind of comparing the two if if you've used my display before you've probably used the open source the free version that's the command line that you'll see us use today but that's what we're going to use so that's what we're going to focus on now the framework console what is Metasploit right Metasploit is a framework okay it's a it holds all these vulnerabilities or um all these basically exploits in them are in it and it allows you to use them valid and you're validating that you have the correct one so the reason Metasploit came around if you've ever heard the owner or the Creator talk about it was because back in the day when you were a hacker um you knew of new vulnerability came out and what'd you do you had to go talk to your buddies your hacker friends and say hey can you send me that vulnerability I want to try it I want to check it out well the problem was you didn't always get the correct thing you might have got another hacker might have been messing with you and sent you malware or you know you don't know what you're getting and you they're not validated so metasplate came along and said well we're going to take all the vulnerabilities we can get we're going to put them in here to where you can use them for one for pen testing it's huge because I don't have to have them all in this stored area and the other thing is I know what I'm getting and I trust it so on the flip side of that obviously hack attackers you know illegal hackers are going to use it the same tool just like they always do so understanding the architecture okay so to fully operate whatever tool we're using we must first look under its Hood that's true it's good practice and can offer us better insight into what we're doing look it is essential not to have any wild cards that might leave you or your client explo exposed to data breaches okay so you don't want it and wild cards are a big No-No in the security field typically so just keep that in mind um by default all the base files related to metasplate can be found here so if we go here on our so they use parrot distro I have this is on parrot right now so we're going to use parrot I use parrot um not saying it's better or worse or anything like that I know um hack the Box uses it but that's not why I use it I used it before they switched over so um here you can see the modules if you look and you'll see that in when we're actually using the Metasploit these modules start to make sense so what I mean is here they're listing user share Med split framework modules and you have auxiliary encoders evasion exploits knobs nopes payloads and post okay and then you have plugins and you can see uh plugins offer the pen tester more flexibility since they usually they can easily be manual or automatically loaded so you can actually add these and you can see it's written in Ruby um you can see interpreter functionality and other useful scripts so these are scripts like interpreter Powershell resource shells so again with these they're showing you the file structure because you can add remove whatever you want to do a lot of people remove them um not here specifically but there's light versions of Metasploit and these are rain on like Raspberry Pi's and stuff like that so if you're looking for like light versions or if you say you have a pen test that you want to run on like a nano computer and you literally just need two two metasploy um modules you can put them on there and it's very thin very light and you don't need necessarily the whole back-end database loading everything so now tools command line utilities that can be called directly so these are the tools that you can actually directly call from um the msf console which you're going to see us do um so now which version of Metasploit can comes equipped with a GUI and that's metasplate Pro again Metasploit Pro is good but Metasploit GUI is terrible don't maybe it's maybe it gets better I don't know I have not seen it good we'll say that which version of mezplay is free and can be used through the client and that is msf console so that's the one we're going to use today that's the one that you're probably most familiar with you've seen hackers use before now to start interacting with Metasploit framework we need to type msf console so I'm going to do that now and the only reason I'm going to do that now is because it does take a second but you can see as I run it we'll go ahead and scroll down and you can see here they've got a little picture of a guy this runs a different one every time it's not completely random there's a total amount of them or whatever but you can see if you run msf console Tech queue it's quiet I guess is what it stands for um but it won't display a banner some people think the banner is annoying some people think it's important they really like it so it's important to them to see it so now you can see if you haven't installed it if you're using a fresh install of Linux or if you have a Linux version that you want to install it you just do sudo app update and install meta display framework obviously I have it updated and install it so I'm not going to do that so now here the MS the Metasploit framework engagement structure can be divided in five main categories so this is just kind of showing you their version of um in my opinion the whoops the attack framework um I don't really think that's what they're going for but that's kind of the way I read it um so you can see here they start with enumeration then they service validate and they do this with passive scanning passive scanning as we know means you're not actually touching the system um you're you're not creating a source here it says interactive with Services legitimately some people call that password some people call it active meaning if you go to their website yeah it's legit activity so it could be passive but also you're creating logs somewhere that show you you were there so I consider it active but it doesn't really matter um then you have vulnerability research so once you get the information once you get the service validation and you know what you're looking at you're going to start researching it right so then you can see they're saying okay now proceed to to preparation so once you get everything you need you're proceeding to prep so now you're looking at prep right dependency checks custom modules you're getting everything ready to to do your exploit you're getting everything you need any dependencies any custom modules that you're creating whatever you need and then you're exploiting now when you run it locally what they're saying is you're going to run it you're going to set your parameters you're going to do everything so what this means is you're you're not actually running the module you're loading the module if you will you're getting it ready then you're setting the parameters then you're running it and that's going to go against the Target now privilege escalation once you're in um once you actually have control of the target you're going to escalate privileges and that's this is just common pen testing methodology but with Metasploit specifically there's certain things that you can do to go ahead and do that and that's what we're going to follow in this so then post exploitation um you can see that you're going to Pivot you're going to gather more credentials you're going to x-fill data and at the very end you're going to clean it all up you don't want to be busted you don't want to be seen later all right so now modules as we covered them you can see that there's different types of modules and this is the way that they're going to be labeled and it's important that you know this because when you're searching for modules which you'll do quite often in metasploy if you know the actual um syntax it's really easy to search so you can see you're looking for type so type is exploit whether it's a exploit payload auxiliary whatever the type is and then you can see the OS so obviously Windows Linux whatever then service so FTP and then the name of it and then you can see there's a script FTP list so this is the syntax the way it's going to be presented to you it's important to know that like I said because when you go to search something if you search exploit slash Windows slash SSH right it's only going to list me the SSH ones it's not I don't have to look through every SSH capability because I did the windows xplay I don't have to look through the auxiliary the payloads the whatever I can just look at the exploits um so it'll save you a lot of time if you actually know how to search okay so the index number Tag will be displayed so this the tag is actually important the number because if you have like this number here if you search and there's a number you can actually just say use that number instead of type the whole thing out and actually reference it that way and you'll see what I mean by that um the OS tag specifically or specifies which operating system which makes sense the service tag refers to what service it's using makes sense the name explains the actual action and you'll see when you do the search um so you can see there there's the help menu with the search you can see when we actually search like here we're going to search Eternal romance and we're gonna actually do this because this is what they want us to do so we're going to say search Eternal romance and you can see we actually get two we have one is auxiliary admin and then SMB right so the auxiliary admin isn't what we want we want the exploit we don't want the auxiliary we want the actual x-plate so I'm going to say use I'm going to put one because remember the number we can reference that so use number one and you can see it's going to load it for me I didn't have to do anything I didn't have to go and actually type this whole thing out because you could type use exploit Windows SMB ms-17 blah blah you could do all that or you could do it the way I just did it and it's way faster um so now msf specific search so you can see here if we do the the search specifically like I was saying before you could search type exploit platform Windows cve Rank and you can get very granular with these search results and then instead of having 15 20 for one thing you only have three this saves you a ton of time if you know what you're looking for so now module selection here's we're going to start getting the meat and potatoes of it you can see they're going to have you go ahead and module selection there they did an in-map search and so one thing that's cool about metasplate that they don't talk about but um they actually show that they backed out and went somewhere else um what you could actually do is run commands just like normal on meta switch so all right I'm back so basically like if I did you know whatever I wanted to if I cd'd into a different directory right now or lsed into a different direct or LS to directory right now it wouldn't really matter because what Metasploit does is at the end of it if you actually uh or at the end of it what am I saying in Metasploit if you run a command and it's not recognized by an interpreter or Metasploit um command it will actually run locally so what I mean by that is if I ran LS right now it's going to run like normal it's going to tell me um the list of in this directory so keep that in mind like when it shows us in map scan you can run that without actually um getting out of Metasploit I always recommend opening a new tab and doing it but I'm just saying you can run commands without ending metasplay because meta split can take or it can take a couple of minutes to boot up so all right so we're in the one we want we're using the module we want we showed how to do that you just use exploit and we did one so here they here's theirs and we did theirs is actually listed as zero but ours was listed as one so make sure you know which one you're looking at you're looking for the exploit not the auxiliary and then we'll go through and then you can see here's where you want to go ahead and say info and this will give us a little bit of info about the exploit that or the vulnerability that we're looking at you can see you got a little name you got the module you got the platform um Who provided it and then you can see that it'll give you a little bit more information about it this module will exploit SMB with vulnerabilities so it tells you actually a little bit more information about what you're looking at um the the next thing you'll always do and you want to do this in in pretty much all um things is in all Metasploit is just go to options and options are just things you see that the ones that say required those have to have a setting here or else it won't run so I always look at options um now keep in mind make sure if you're using your own machine see how this has a local IP address I want to set this to I just set it to my um ton zero that's the VPN that I've been connected to for hack the box I just set it to that interface rather than a specific IP but make sure you're setting it appropriately because otherwise it won't work I'm going to scroll down and get the IP here so now we see that we have that and we have so we change the L host to uh our uh interface so now it'll come back to us now the other thing we have to set is the r hosts you see our host it doesn't have anything but it says it's required so we have to say our host and that's your target it's always going to be your target so 10 129 222 149 that is our Target okay so now we have the Target that we're gonna actually attack and then the L host is your interface that you're going to listen on so what it's going to do is it's going to set up a listener I'm interpreter listener on that host or on that um IP or in this case on that interface so that anything coming back it receives so then we can just say run if you're feeling real crazy and you're feeling wild you can just say exploit and you can see it's running it it's running it and I'll tell you right now this will probably fail it failed oh it didn't fail okay it failed like three or four times for me the first time if that happens to you it's fine run it again run it again I know it sounds crazy but some of these um some of these don't work right away and it's it could be for a multitude of things if you're getting all the way to this point where it's saying um sending stage or service start timed out okay if running command and then it just dies just run it again it's something's going on it's probably just um an older vulnerability and it's a legacy thing and and you just need to keep trying um if you do it 10 15 times and it's not working okay then you can start looking now here's the really cool thing about mature so now we have a meterpreter session so what I mean by that is this is not a regular shell so this is a Windows box right so I can use Windows commands like dur and you'll see it's going to load a bunch of things here there we go or I can also use LS like wind or like Linux so whichever one you prefer it's going to allow you to do that so now I know that most the time you're looking for the flag on a desktop that's just common that people put them on desktop so that way you're not just searching for flag.txt forever because that's a waste of everybody's time so we'll just say we want to go to change directory to C and then users is always one on Windows and if you know windows uh [Music] we'll see if it's this way Okay so now if we hit LS you can see all right I'm gonna guess it's on the admin dashboard or desktop I don't know that but I'm guessing so I'm changing directory into administrator hitting LS and then you can see there's a desktop so we'll say desktop LS and then you can see there's flag.txt so cat flag.txt and boom there you go so there's your flag so it's pretty simple to do um this is just a very simple exploit but it gets you familiar with Metasploit and the Metasploit framework and how it works I definitely recommend this for everybody once this is done this um once you finish this you can keep going if you want I'm going to keep making videos for the next couple um I'll probably be a couple days but until I'm not feeling sick because my throat's kind of hard to talk but once you guys get past this comment below and let me know you guys are done so that way I could go ahead and start making the next one because I want you guys to be able to follow along with this and I want everybody to be able to do this one together because I actually don't know what's gonna happen because I haven't done the rest of it I literally did this right before the video and I'm gonna do the next one I don't know um like I said how far this box takes me and I don't know you know how deep this Metasploit knowledge gets so hopefully you guys like it hopefully you guys like part one and look forward to part two thanks guys and have a great day

Info

Channel: stuffy24

Views: 4,903

Rating: undefined out of 5

Keywords: hacking, tryhackme tutorial, tryhackme cyber defense, cyber security, cyber defense, Hack the box, hack the box linux fundamentals walkthrough, htb linux fundamentals walkthrough, htb linux fundamentals, htb linux fundamentals answers, hack the box linux fundamentals answers, hack the box academy, hack the box academy linux fundamentals, hack the box academy getting started walkthrough, hack the box metasploit, using the metasploit framework, academy metasploit

Id: DnEU8ywLtpA

Channel Id: undefined

Length: 20min 44sec (1244 seconds)

Published: Thu Feb 02 2023