1
00:00:01,260 --> 00:00:08,920
An exploit is a targeted attack on a specific moner Bill Bill exploit kit tools like Angler or unpack

2
00:00:09,160 --> 00:00:17,320
can be used to easily exploit system vulnerabilities to try and compromise a host of exploits can be

3
00:00:17,320 --> 00:00:24,400
classified as either local or remote remote exploit is when an exploit is performed remotely over the

4
00:00:24,400 --> 00:00:30,760
network without already having access to a vulnerable system and a local exploit will require prior

5
00:00:30,760 --> 00:00:34,040
local access to the vulnerable system.

6
00:00:35,700 --> 00:00:42,660
To discover what vulnerabilities can be exploited on a system you can use exploit software like modestly

7
00:00:43,780 --> 00:00:51,130
exploit is one of the most well known exploit testing programs and it is included with cal.

8
00:00:51,190 --> 00:00:58,150
Let's jump back in the Kelly lab and I will demonstrate how to use a split right from the Kelly desktop

9
00:00:58,210 --> 00:00:59,690
on the left hand side.

10
00:00:59,770 --> 00:01:06,460
There are some application icons and the display framework application can be launch straight from there

11
00:01:07,090 --> 00:01:15,620
or you can go up to the applications dropdown go down to exploit tools and then launch it from there.

12
00:01:17,940 --> 00:01:23,430
Once amount of Sloyd done launching we could run all of our exploits right from the terminal by using

13
00:01:23,550 --> 00:01:31,200
Madis boy terminal commands but what we're going to do is use another application called Armitt Taj

14
00:01:31,530 --> 00:01:34,470
which is a GUI front and interface format.

15
00:01:34,590 --> 00:01:40,530
So instead of the terminal commands you have a nice user friendly interface that makes it a lot easier

16
00:01:40,530 --> 00:01:45,730
to run exploits now that white is loaded.

17
00:01:45,760 --> 00:01:55,270
I'm going to minimize this go back to applications and exploit tools and then launch the army Tajh application

18
00:01:57,560 --> 00:02:00,200
when this window pops up are going to want to hit connect

19
00:02:03,220 --> 00:02:05,990
and then YES to start the RBC server.

20
00:02:11,750 --> 00:02:17,010
And then this box will run for a few seconds and finally launch the application.

21
00:02:23,090 --> 00:02:25,670
OK so here is the Armond Tajh application.

22
00:02:25,670 --> 00:02:31,970
It actually shows you in the council the terminal version of the commands and output that will be launched

23
00:02:32,390 --> 00:02:37,160
when we run the GUI commands in this rectangular area.

24
00:02:37,160 --> 00:02:46,640
Here is where our hosts will be once we discover them to pull in host information for the hosts that

25
00:02:46,640 --> 00:02:49,900
we want to scan for exploits.

26
00:02:49,940 --> 00:02:58,940
You can click on hosts you could manually just add a host import hosts later on and map scan and map

27
00:02:58,940 --> 00:03:07,000
as a network mapping tool that is used to discover networks and for security auditing it will Ron and

28
00:03:07,000 --> 00:03:12,730
Chuck what ports are open on devices as well as operating system information.

29
00:03:12,910 --> 00:03:19,300
So I'll just run a quick scan with OS detection so we get some operating system information

30
00:03:22,540 --> 00:03:27,620
and then I'm going to put in the IP address of the server that I want to scan.

31
00:03:27,640 --> 00:03:31,170
You can also put a whole network in but that will take a little bit longer.

32
00:03:33,060 --> 00:03:35,280
OK.

33
00:03:35,810 --> 00:03:41,480
And then you'll see the command that it actually is running in the background in the terminal for this

34
00:03:41,480 --> 00:03:43,060
scan.

35
00:03:43,350 --> 00:03:46,240
And this may take a little while to run through the scan.

36
00:03:54,780 --> 00:03:56,780
Ok so my scan is complete.

37
00:03:57,210 --> 00:03:58,460
OK.

38
00:03:59,180 --> 00:04:04,610
And we can look through the terminal here to see what map discovered for this house.

39
00:04:06,470 --> 00:04:11,960
If you hover over the host that shows we're operating system that found this actually isn't accurate

40
00:04:11,960 --> 00:04:14,330
because it's a Windows 2000 Server.

41
00:04:14,330 --> 00:04:15,900
It's showing it as XP.

42
00:04:16,130 --> 00:04:22,580
I could run additional scans to try to get more accurate information for the operating system but this

43
00:04:22,580 --> 00:04:30,590
is OK for this demonstration if you right click on the host you can love the click services to see what

44
00:04:30,590 --> 00:04:35,020
services are running on the host.

45
00:04:35,150 --> 00:04:38,540
Next I'll go to a tax and hit find the tax.

46
00:04:38,540 --> 00:04:48,280
So this will populate some possible exploits that we could run on this host.

47
00:04:48,590 --> 00:04:51,600
All right so the attack analysis has completed.

48
00:04:51,720 --> 00:04:52,680
OK.

49
00:04:52,820 --> 00:05:00,110
And now when I right click on my host there is an attack option with different categories of attacks

50
00:05:00,110 --> 00:05:04,670
that I can try to exploit on my machine.

51
00:05:04,670 --> 00:05:10,670
What's really cool is some of them have chucked exploits so it will actually do a quick check to see

52
00:05:10,670 --> 00:05:15,740
if the host is vulnerable for any of these exploits.

53
00:05:16,220 --> 00:05:17,460
I'll run this check for.

54
00:05:17,510 --> 00:05:20,710
I asked exploits.

55
00:05:21,230 --> 00:05:23,930
And then you can see down below in the terminal.

56
00:05:23,930 --> 00:05:25,520
If it was vulnerable or not

57
00:05:29,660 --> 00:05:36,170
some exploits may pop up and say that it does not support the check.

58
00:05:36,200 --> 00:05:42,770
So here this is saying that this exploit would not be successful on the sun point based on the information

59
00:05:42,770 --> 00:05:44,840
that it has.

60
00:05:44,860 --> 00:05:51,880
OK so it chucked all these exploits against my host that fortunately or unfortunately for for this demonstration

61
00:05:52,540 --> 00:05:56,130
the target is not exploitable for these exploits.

62
00:05:56,470 --> 00:06:01,180
If it were it would show in green that yes this target is exploitable then you could run that exploit

63
00:06:01,960 --> 00:06:05,380
against the machine to try to exploit it.

64
00:06:06,280 --> 00:06:10,390
If you want to just run an exploit regardless of if it passes the check or not.

65
00:06:11,920 --> 00:06:17,080
Right click on your machine go to attack and then just pick any of these exploits and you can actually

66
00:06:17,080 --> 00:06:24,720
just click it and it will run the ex-boy.

67
00:06:24,730 --> 00:06:33,320
So here's a description of the exploit that it's going to attempt to run on my machine at launch.

68
00:06:33,490 --> 00:06:34,600
Definitely don't do this.

69
00:06:34,600 --> 00:06:41,190
Playing around in a production environment because it could be quite intrusive on your machines.

70
00:06:48,950 --> 00:06:52,850
So it looks like the exploit failed on the host in the lab.

71
00:06:52,850 --> 00:06:57,920
Sorry if you were looking forward to seeing me hack into one of my machines.

72
00:06:57,920 --> 00:07:04,070
I really just wanted to demonstrate my display so that you had an idea of how you could play around

73
00:07:04,070 --> 00:07:09,740
with it and get to see for your own eyes how attackers could potentially try to compromise machines

74
00:07:10,130 --> 00:07:15,230
because the more you understand what an attacker could potentially do the better you could protect your

75
00:07:15,230 --> 00:07:18,400
network as a cyber security engineer.