KALI LINUX - METASPLOIT (Hacking Metasploitable SMB and VSFTPD protocols)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Metasploit gain remote access to a machine via Metasploit and its Associated modules Metasploit can be used for gaining access to a remote machine for installation of malware privilege escalation Etc this is for educational purposes and should never be tried on the public internet one conduct a scan of your network subnet or Target machine to find the potential vulnerabilities here we have two machine means C Linux is the attacker on the left metas blable the target is on the right we are going to be using nmap to then enumerate the device and find its vulnerabilities within various Protocols of which there are many gather information from your scan and place in a notepad file so you know the ports and services to check for vulnerabilities this is a very useful Habit to get into as you will be gathering a lot of information during the pen test process Good Housekeeping and note taking is [Music] essential two now it is time to use the information from your scan to try and gain access start the Metasploit console type msf console and press enter this will take a little while to load but not enough time to make a coffee Metasploit is starting three search within Metasploit for the services displayed on nmap this will help with the remote access we will be using modules within the services to achieve our goal here we have taken a specific piece of text saris MB 3.0.2 and we'll search this in Metasploit on the left it has found an exploit for this selects the specific module that will be used for exploitation type use followed by the module number in this case use zero you are now in the correct module context and will be using the options within this module to begin the exploit five configure the details that you are going to use for exploit information such as the Local Host remote host port numbers Etc here I am setting the remote host IP address which is metas [Music] sploit six the phase where we aim to take control of the target machine using exploit you will now own the remote machine [Music] we have now gained remote access to metas sittable using a weakness in the SMB protocol we can perform all kinds of operations on here commands or drop malware on the device if we so wish the application on metasploitable has been built poorly we broke in using a vulnerability in the SMB [Music] protocol seven time for one more exploit this time we are going to try exploiting FTP vsftpd to be precise perform the same action Again by taking the information from the nmap scan and searching for it in metas sploit perfect there is only one exploit for [Music] vsftpd do the same actions Again by providing the relevant details for the [Music] options set the our host's IP address hit exploit and you will find that we have gained access [Music] again we are now logged in as rout on this system and have full access again the owner is unaware at this stage and a good hacker will mask his [Music] access I have created my own folder and can drop any files in here I wish I can also exfiltrate [Music] data this is a very high level overview of Metasploit and its basic functions for ethical hacking there is a lot more to met exploit and we have only just scratched the surface thanks to Gman for another easy to follow video like And subscribe see you soon

Info

Channel: G Man

Views: 8,180

Rating: undefined out of 5

Keywords: Metasploit, ethical hacking, pen testing, nmap, remote access, hackers, black hat, grey hat, white hat, kali linux, proxychains, modules, options, ncat, reverse shell, forward shell

Id: JSPvBLDDzzc

Channel Id: undefined

Length: 5min 44sec (344 seconds)

Published: Wed Jan 10 2024