1
00:00:00,510 --> 00:00:01,210
Welcome back.

2
00:00:01,530 --> 00:00:08,340
And now that we got our Windows 10 machine set up, we want to perform a vulnerability scan real quick

3
00:00:08,340 --> 00:00:14,130
to see whether it is vulnerable, and then we'll show you a tool that we can use to press the target

4
00:00:14,130 --> 00:00:14,540
system.

5
00:00:15,180 --> 00:00:20,960
So, first of all, open up both of your clinics and Windows 10 machines right here.

6
00:00:20,970 --> 00:00:25,440
I ran the IP config command to check out the IP address of the Winterstein machine.

7
00:00:25,800 --> 00:00:35,160
And what I'm going to do is I'm going to scan it real quick just to see what port it has open and whether

8
00:00:35,190 --> 00:00:37,680
our setup was correct from the previous video.

9
00:00:38,740 --> 00:00:45,570
OK, great, we got the port four, four, five open, that is all we need now.

10
00:00:45,700 --> 00:00:52,030
I have also performed unnecessary vulnerability scan this morning on 10 machine and for some reason

11
00:00:52,030 --> 00:00:55,890
it didn't manage to find this ghost vulnerability.

12
00:00:56,350 --> 00:01:03,640
Now, that could be some type of a bug, maybe, perhaps since if I type locate and then the vulnerability

13
00:01:03,640 --> 00:01:10,540
name, which is KVI dash two zero two zero dash zero seven nine six.

14
00:01:11,170 --> 00:01:13,960
And this is just the name for this particular vulnerability.

15
00:01:14,260 --> 00:01:15,520
And I type enter.

16
00:01:16,490 --> 00:01:21,960
Here it will find the path to the Nessus with the module for that vulnerability.

17
00:01:22,160 --> 00:01:26,720
So it seems that it has a plug in for that vulnerability and it should be able to discover it.

18
00:01:27,110 --> 00:01:30,180
But once again, for me personally, it didn't manage to find it.

19
00:01:30,380 --> 00:01:35,780
You can try it out, you know, right now how to use Nessa's to just open it up, open your windows

20
00:01:35,960 --> 00:01:42,800
machine and run a scan in Nessus on your machine and see if you can come up with this vulnerability

21
00:01:42,800 --> 00:01:43,210
from there.

22
00:01:44,030 --> 00:01:47,420
But what we want to do right now is we want to copy this name.

23
00:01:48,500 --> 00:01:50,420
And we want to go to the Firefox.

24
00:01:52,210 --> 00:01:58,090
Since remember, this is something that we do not have in mental framework, we must find the exploit

25
00:01:58,090 --> 00:01:58,800
ourselves.

26
00:02:00,480 --> 00:02:03,780
Once the Firefox opens up based upon unknowability name.

27
00:02:05,000 --> 00:02:12,070
Right here, and I'll just type it real quick to two zero two zero zero seven nine six and we can add

28
00:02:12,290 --> 00:02:12,670
it up.

29
00:02:12,890 --> 00:02:17,710
Let us check out whether there are some available tools on GitHub repository.

30
00:02:18,530 --> 00:02:21,410
So we've got the few responses right here.

31
00:02:22,740 --> 00:02:29,880
And what you want to go with first is the vulnerability and what I mean by the scanner is we want the

32
00:02:29,880 --> 00:02:36,480
tool that will tell us whether the target machine is vulnerable to this attack without crashing or exploiting

33
00:02:36,480 --> 00:02:36,660
it.

34
00:02:36,930 --> 00:02:38,700
So we'll go to this link right here.

35
00:02:39,720 --> 00:02:43,030
And it seems that this is the tool that we need.

36
00:02:43,290 --> 00:02:46,500
It says the vulnerability name scanner that.

37
00:02:47,880 --> 00:02:54,890
Identifying and mitigating the CV two zero two zero zero seven nine six four in the flight.

38
00:02:55,940 --> 00:02:57,350
So let's check it out.

39
00:02:57,380 --> 00:03:04,010
Let's go to the name of this vulnerability, then we'll go to our desktop and we will get clone that

40
00:03:04,010 --> 00:03:06,980
repository to our desktop directory.

41
00:03:09,740 --> 00:03:11,630
Once it finishes downloading, we can type.

42
00:03:12,650 --> 00:03:14,340
Here it is right here.

43
00:03:14,930 --> 00:03:21,120
Let's change the rectory to their by typing CD and let's see which files we have.

44
00:03:21,410 --> 00:03:25,210
So we have only this scanner dot file.

45
00:03:25,490 --> 00:03:26,900
So it is a python file.

46
00:03:27,170 --> 00:03:32,240
Let us go to this page and just check real quick whether it is a Python two or three program.

47
00:03:32,240 --> 00:03:37,630
And by the usage that we can see right here, it seems that it is a python free program.

48
00:03:38,180 --> 00:03:39,470
So let's test that.

49
00:03:39,890 --> 00:03:43,280
If I go right here, check out the IP address of Windows Tennesseean.

50
00:03:43,550 --> 00:03:48,830
For me, it is one to that 168 of the five letters from the program, Python three.

51
00:03:51,080 --> 00:03:53,660
And then type the IP address.

52
00:03:55,750 --> 00:04:00,650
Well, we get a response that we wanted, it says right here, vulnerable.

53
00:04:01,360 --> 00:04:06,640
Great, now we can test other tools that will crash and exploit the target.

54
00:04:07,240 --> 00:04:11,830
First, I want to show you a tool that you can use to just crash the target.

55
00:04:12,040 --> 00:04:17,830
And with this tool, we don't need anything else besides the IP address of the target machine.

56
00:04:18,040 --> 00:04:23,860
So you can crash any target just by knowing its IP address for the exploit that we will cover in the

57
00:04:23,860 --> 00:04:24,490
next video.

58
00:04:24,790 --> 00:04:26,820
We're going to cheat a little bit.

59
00:04:26,860 --> 00:04:29,620
We need something in order for the expert to work.

60
00:04:29,740 --> 00:04:32,040
And I will show you that in the next video.

61
00:04:32,050 --> 00:04:38,020
For now, we want to see how we can crash the target machine, see if we go all the way down.

62
00:04:38,440 --> 00:04:40,330
You will see this GitHub link.

63
00:04:40,330 --> 00:04:44,950
It is from Geon sitting and it has the name of our vulnerability.

64
00:04:45,940 --> 00:04:52,330
If I go right here, we can see we got a few falls once again, this is a python tool under here.

65
00:04:52,340 --> 00:04:53,210
We got to use it.

66
00:04:53,230 --> 00:04:56,140
So we got a demo gif here.

67
00:04:56,140 --> 00:04:58,030
We can see the comment that he's running.

68
00:04:58,270 --> 00:05:00,940
And if we go right here and copy the tool.

69
00:05:03,310 --> 00:05:07,810
And once again, we can go to our desktop and get cloned to name.

70
00:05:08,790 --> 00:05:17,130
The link based right here, wait for the download to finish, and if I type S, we now have two directories.

71
00:05:17,610 --> 00:05:21,340
This one is scanner and this one is the one that we just downloaded.

72
00:05:21,600 --> 00:05:24,380
So let's go CD CVT.

73
00:05:25,200 --> 00:05:29,090
We got the demo, give the README file and the vulnerability itself.

74
00:05:29,910 --> 00:05:36,060
Of course, if we want to, we can now know the vulnerability file or the python file and we can scroll

75
00:05:36,060 --> 00:05:39,150
all the way down to see the code of this exploit.

76
00:05:39,300 --> 00:05:41,670
And down here we get the usage.

77
00:05:41,910 --> 00:05:46,610
So all we need to specify, as it says right here, is the target IP address.

78
00:05:47,340 --> 00:05:48,260
Let's try it out.

79
00:05:48,690 --> 00:05:55,980
If I go right here and type Python, I believe it's Python three once again and then KVI Dogpile and

80
00:05:55,980 --> 00:05:58,290
then the IP address of the target machine.

81
00:05:58,770 --> 00:06:04,560
Before I run it, I will lower the screen so we can see both of our targets before running this program.

82
00:06:05,460 --> 00:06:07,530
And right here, if I press enter.

83
00:06:08,920 --> 00:06:13,470
Well, here it is, we successfully crashed the target machine.

84
00:06:14,500 --> 00:06:21,060
It got the blue screen of death, as we can see right here, and it is now restarting and this is also

85
00:06:21,070 --> 00:06:22,230
critical vulnerability.

86
00:06:22,690 --> 00:06:27,940
Once again, I need to mention that you should never be able to crash the target machine just by knowing

87
00:06:27,940 --> 00:06:28,810
it's IPEX.

88
00:06:29,500 --> 00:06:35,560
This is something that we would also 100 percent write down inside the bubble and a testing report.

89
00:06:36,810 --> 00:06:41,880
Now that we managed to scan the target to see whether it is vulnerable and we used another tool to crash

90
00:06:41,880 --> 00:06:49,060
the target, let's see in the next video how we can exploit the target machine and gain Shell back inside

91
00:06:49,060 --> 00:06:50,180
the Linux machine.

92
00:06:51,210 --> 00:06:52,190
See you in the next video.