1 00:00:00,300 --> 00:00:01,050 Welcome back. 2 00:00:01,470 --> 00:00:08,460 In this video, we're going to cover and talk about misconfiguration and also in this very video, we 3 00:00:08,460 --> 00:00:12,510 will cover the easiest possible vulnerability that you could ever find. 4 00:00:12,990 --> 00:00:15,700 You might have already noticed it while we can. 5 00:00:15,740 --> 00:00:16,390 Anticipatable. 6 00:00:16,590 --> 00:00:20,960 And if you didn't, I will give you a chance to find it right now. 7 00:00:21,600 --> 00:00:27,120 So what I did right here is I performed operations can on the anticipatable virtual machine. 8 00:00:27,450 --> 00:00:31,560 You can do the same or you can just take a look at the results right here. 9 00:00:32,130 --> 00:00:38,520 And do you by any chance see something that sticks out right here, something that shouldn't be here? 10 00:00:39,500 --> 00:00:44,840 Now, you should be able to figure it out based on what we learned for now, so I will just give you 11 00:00:44,840 --> 00:00:45,650 a few seconds. 12 00:00:50,160 --> 00:00:51,370 And time has come. 13 00:00:51,990 --> 00:00:53,140 Have you managed to find it? 14 00:00:54,030 --> 00:00:56,970 It is this find shell right here. 15 00:00:58,350 --> 00:01:05,160 And under the version it says matters, potable water shall I mean, just by its name, we can see that 16 00:01:05,160 --> 00:01:06,930 something doesn't seem right. 17 00:01:07,500 --> 00:01:09,270 We know what Biechele is right. 18 00:01:09,690 --> 00:01:15,780 So if this service doesn't have any type of authentication, we can just try to connect to this port 19 00:01:16,230 --> 00:01:25,100 that hosts this potential in case Port one five to four over Tsipi and we will be given a road shell 20 00:01:25,140 --> 00:01:25,970 on that machine. 21 00:01:27,250 --> 00:01:29,320 Can't be that easy, right? 22 00:01:29,980 --> 00:01:34,040 Well, it is, and I wouldn't even consider this an expert. 23 00:01:34,390 --> 00:01:38,030 This is just an example of what a misconfiguration could look like. 24 00:01:38,500 --> 00:01:43,630 Now, this would be a critical misconfiguration that would almost never happen. 25 00:01:44,200 --> 00:01:46,540 But sometimes even stuff like this can happen. 26 00:01:47,050 --> 00:01:52,630 Maybe an administrator set up something like this so he can access that machine from his home or from 27 00:01:52,630 --> 00:01:53,290 somewhere else. 28 00:01:53,800 --> 00:01:56,290 But he forgot to put the location on it. 29 00:01:56,530 --> 00:01:57,280 You never know. 30 00:01:58,060 --> 00:02:01,240 OK, so how can we establish connection to this port? 31 00:02:02,190 --> 00:02:06,000 Well, we won't be using metal framework for this particular thing. 32 00:02:06,990 --> 00:02:14,520 Instead, we're going to use a tool called Net Cat and Net Cat is a program that allows us to establish 33 00:02:14,520 --> 00:02:21,510 network connections with other machines using both Tsipi and UDP to run the Net Cat Help menu. 34 00:02:21,780 --> 00:02:26,160 We can type and see Desh H, which stands for help. 35 00:02:27,360 --> 00:02:30,740 And here we can see menu isn't that big at all. 36 00:02:31,170 --> 00:02:33,120 It only has a few options right here. 37 00:02:34,200 --> 00:02:40,770 And at the beginning of the menu, we also got these two main options we can either connect to somewhere 38 00:02:41,700 --> 00:02:49,650 or we can listen for the import or incoming connections since our anticipatable target machine has a 39 00:02:49,650 --> 00:02:53,280 bandshell, that means we must connect to somewhere. 40 00:02:53,940 --> 00:02:59,910 And the Syntex is just and see then the hostname or the IP address and then the port. 41 00:03:01,700 --> 00:03:07,700 Let's try it out if I go down here and type and see and then the IP address on them anticipatable, 42 00:03:08,270 --> 00:03:09,470 I go and check out. 43 00:03:09,470 --> 00:03:12,190 Over which port is the Biden show being hosted? 44 00:03:12,320 --> 00:03:19,760 It is over port fifteen, twenty four and I will type space and then the port or let me just clear the 45 00:03:19,760 --> 00:03:26,450 screen first and type and see pointed to the 168 ad funded five and that space one five to four. 46 00:03:27,930 --> 00:03:28,830 Press enter. 47 00:03:29,880 --> 00:03:31,380 And it worked. 48 00:03:32,100 --> 00:03:39,960 We are again, havruta count on the political machine, and as in the previous video, we can do anything 49 00:03:39,960 --> 00:03:40,470 we want. 50 00:03:40,860 --> 00:03:43,580 See, for type two, am I look and see if we are different. 51 00:03:43,590 --> 00:03:47,820 Account Less tells us what directorate's we have. 52 00:03:48,000 --> 00:03:50,550 And remember the test directory from the previous video. 53 00:03:50,700 --> 00:03:51,380 Here it is. 54 00:03:51,990 --> 00:03:55,340 I have config will give us the IP address of the matter. 55 00:03:55,350 --> 00:03:56,250 Split the machine. 56 00:03:57,150 --> 00:03:59,880 So everything works as in the previous video. 57 00:04:00,510 --> 00:04:04,850 We are route count and we can execute the comments on the target system. 58 00:04:06,450 --> 00:04:09,340 Now, don't get used to this type of exploitation. 59 00:04:09,930 --> 00:04:15,510 Matter of fact, I won't even consider this an exploitation because the vulnerability wasn't in software, 60 00:04:15,780 --> 00:04:23,150 but in a person who said something like this up without ever authenticating stuff like this rarely happens. 61 00:04:23,370 --> 00:04:27,540 But I wanted to show you this just to see whether you will notice it in our scan. 62 00:04:28,460 --> 00:04:33,860 In the next video, we're going to check out another quick vulnerability that is based on information 63 00:04:33,860 --> 00:04:34,380 disclosure. 64 00:04:35,000 --> 00:04:40,790 After that, we're getting slowly into harder and harder experts see in the next video.