1
00:00:00,560 --> 00:00:07,310
‫Before going deep on exploitation frameworks, let's see how we can find and run and exploit manually.

2
00:00:08,220 --> 00:00:13,290
‫Because it's not the subject of the course, I'll not show you how to develop an exploit.

3
00:00:13,620 --> 00:00:16,770
‫But we are going to use the exploit from exploit databases.

4
00:00:18,090 --> 00:00:24,810
‫So in this demo, let's say that we think that the target system has a massive three underscore 026

5
00:00:24,810 --> 00:00:28,740
‫vulnerability to exploit the vulnerability will follow these steps.

6
00:00:29,310 --> 00:00:35,070
‫First will search for the exploit MS 03 underscore 026.

7
00:00:36,210 --> 00:00:39,990
‫Then compile the code if there are errors in the code.

8
00:00:40,260 --> 00:00:43,830
‫We have to find and fix the errors or find another exploit.

9
00:00:45,230 --> 00:00:47,090
‫And finally will run the exploit.

10
00:00:48,120 --> 00:00:54,150
‫Now, if we're lucky enough, we can successfully exploit the target system and have a command show

11
00:00:54,150 --> 00:00:54,390
‫on it.

12
00:00:56,260 --> 00:01:05,440
‫So go to Carly and open a Web browser type exploit DB to search for the exploit database, I click the

13
00:01:05,440 --> 00:01:07,420
‫first link, which is Exploit Divide.

14
00:01:07,550 --> 00:01:08,110
‫Com.

15
00:01:09,420 --> 00:01:11,850
‫Now click search at the upper right hand corner.

16
00:01:13,580 --> 00:01:14,060
‫Right.

17
00:01:14,340 --> 00:01:22,520
‫MS 03 underscores 026 in the search bar and prove that you are not a robot and like search.

18
00:01:30,420 --> 00:01:36,750
‫We found three exploits in the database, so let's try the oldest one, which is developed by H.D. Moore,

19
00:01:37,290 --> 00:01:39,870
‫who is the developer of Metasploit Framework, by the way.

20
00:01:40,380 --> 00:01:41,220
‫So click the link.

21
00:01:42,780 --> 00:01:45,090
‫And here's a source code of the exploit.

22
00:01:45,420 --> 00:01:48,690
‫So let's download the code and save the code to Carly.

23
00:01:50,310 --> 00:01:55,680
‫Now open a terminal screen and go to the folder where the exploit code is downloaded.

24
00:01:58,770 --> 00:02:01,860
‫And here's a source code six six, not see.

25
00:02:02,780 --> 00:02:09,420
‫It's a source code of C programming language, and we can compile it using the CC compiler.

26
00:02:10,190 --> 00:02:17,660
‫The Ganiyu Compiler Collection GCSE is a compiler system produced by the new project supporting various

27
00:02:17,660 --> 00:02:18,740
‫programming languages.

28
00:02:19,520 --> 00:02:26,750
‫GCSE is a key component of the Canute tool chain and the standard compiler for most Unix like operating

29
00:02:26,750 --> 00:02:27,290
‫systems.

30
00:02:28,450 --> 00:02:33,970
‫Originally named the Ganiyu C compiler when it only handled the C programming language in the first

31
00:02:33,970 --> 00:02:34,360
‫release.

32
00:02:35,080 --> 00:02:44,800
‫Then it was extended to compile C++, Objective-C, Objective, C++, Fortran, Java, Ada and Go,

33
00:02:44,800 --> 00:02:45,490
‫among others.

34
00:02:46,420 --> 00:02:55,330
‫So anyway, type GCSE give the source file name and then output file name with dash o parameter and

35
00:02:55,330 --> 00:02:55,810
‫hit enter.

36
00:02:57,190 --> 00:03:00,100
‫Use the last command to see the file produced.

37
00:03:00,490 --> 00:03:00,940
‫Here it is.

38
00:03:01,480 --> 00:03:05,050
‫JCC compiled and produced an executable binary file.

39
00:03:06,110 --> 00:03:09,260
‫Typekit slash and file name to run the executable.

40
00:03:10,260 --> 00:03:11,850
‫And it shows that helped by default.

41
00:03:12,420 --> 00:03:12,750
‫Right?

42
00:03:12,780 --> 00:03:13,470
‫Good for us.

43
00:03:13,710 --> 00:03:16,410
‫So because here we learn how to use the executable.

44
00:03:17,260 --> 00:03:19,070
‫The first parameter is Target ID.

45
00:03:19,760 --> 00:03:22,130
‫So we have to learn the target operating system.

46
00:03:23,150 --> 00:03:29,270
‫And we can use and map the network map or tool to interrogate the operating system of the target.

47
00:03:30,480 --> 00:03:36,360
‫Now, I'm not going to tell you more about end map here, because it's the subject of the network scanning

48
00:03:36,360 --> 00:03:36,780
‫course.

49
00:03:37,530 --> 00:03:39,870
‫Well, let's create the map query.

50
00:03:41,020 --> 00:03:43,810
‫Dash as v for version detection.

51
00:03:44,260 --> 00:03:49,600
‫Dash, oh, for the operating system detection now is a target IP.

52
00:03:51,380 --> 00:03:53,330
‫And top 10 ports to scan.

53
00:04:03,790 --> 00:04:10,000
‫Here the results are in map query, he says that the target operating system is either Windows 2000

54
00:04:10,000 --> 00:04:16,390
‫with a service back zero to four or Windows XP with Service Pack zero or one.

55
00:04:17,870 --> 00:04:22,010
‫We can try the result set one by one, but to give it quick.

56
00:04:22,460 --> 00:04:23,930
‫Let's look at the target system.

57
00:04:25,070 --> 00:04:30,710
‫So here's the target system, right click my computer select properties.

58
00:04:31,640 --> 00:04:34,340
‫The system is Windows XP with Service Pack one.

59
00:04:35,180 --> 00:04:39,350
‫OK, so back to Cali, let's remember the usage of our exploit again.

60
00:04:43,300 --> 00:04:52,000
‫Now, first parameter is Target I.D., and it's a six second parameter is a target IP, which is one

61
00:04:52,000 --> 00:04:56,350
‫seven two one six nine nine two zero seven for me.

62
00:04:59,470 --> 00:05:01,930
‫And yes, we got the shell from the target system.

63
00:05:03,130 --> 00:05:04,630
‫So let's look at the IP address.

64
00:05:06,710 --> 00:05:08,540
‫It says two, zero seven.

65
00:05:09,760 --> 00:05:12,190
‫So I'll go to the target system to check if it's true.

66
00:05:13,590 --> 00:05:21,510
‫So I'll open a command line type ipconfig, and yes, the IP of the target is two zero seven.

67
00:05:22,470 --> 00:05:26,060
‫So turn back to college now and type exit to close the show.

68
00:05:27,250 --> 00:05:31,090
‫Now, look at the target system as you see the system crashed.

69
00:05:31,630 --> 00:05:38,740
‫All the exploits may have had some side effects, so you better test it before using on the live systems.