1
00:00:00,780 --> 00:00:05,670
‫And now, if I'm reading your mind correctly, I'm hearing that boy, wouldn't it be better if we could

2
00:00:05,670 --> 00:00:06,450
‫go faster?

3
00:00:06,960 --> 00:00:08,070
‫And yes, you're right.

4
00:00:09,140 --> 00:00:12,800
‫Automation is a key factor to speed up the penetration tests.

5
00:00:13,400 --> 00:00:17,300
‫But first, let's learn more about the exploitation frameworks.

6
00:00:19,090 --> 00:00:24,010
‫In a previous lecture, we found the exploit code and exploited the target system manually.

7
00:00:25,160 --> 00:00:28,760
‫So let's list the difficulties of running the exploit codes manually.

8
00:00:29,670 --> 00:00:32,850
‫You have to manually find out the appropriate exploit code.

9
00:00:34,120 --> 00:00:38,230
‫In most cases, there will be more than one exploit code for a vulnerability.

10
00:00:38,650 --> 00:00:41,350
‫And you've got to choose the ideal one.

11
00:00:42,560 --> 00:00:49,130
‫You have to compile the exploit code with a right compiler and fix the compilation errors and bugs yourself.

12
00:00:50,230 --> 00:00:56,200
‫In most cases, you have to find the operating system and its version to apply the correct exploit.

13
00:00:57,260 --> 00:01:02,270
‫Exploit code may not be stable and may cause some denial of services.

14
00:01:02,930 --> 00:01:05,300
‫You remember our manual exploitation experience.

15
00:01:05,690 --> 00:01:09,920
‫The target system was inadvertently shut down after the exploitation.

16
00:01:11,680 --> 00:01:14,530
‫All the exploit codes run with a single payload.

17
00:01:15,770 --> 00:01:18,470
‫Dynamic payload usage is not possible.

18
00:01:19,430 --> 00:01:20,900
‫Be able to use another payload.

19
00:01:21,320 --> 00:01:27,320
‫You have to change the exploit code, change the payload, recompile the code and exploit the target

20
00:01:27,320 --> 00:01:28,370
‫system again.

21
00:01:29,330 --> 00:01:36,180
‫So to get rid of all these difficulties, the exploit frameworks come in to help now with these tools.

22
00:01:36,380 --> 00:01:41,990
‫You don't need to find and compile the appropriate exploit codes, and you can dynamically use different

23
00:01:41,990 --> 00:01:44,190
‫payloads with an exploit cetera.

24
00:01:44,690 --> 00:01:47,600
‫So what are the exploit frameworks?

25
00:01:48,230 --> 00:01:48,920
‫Good question.

26
00:01:49,800 --> 00:01:55,980
‫One vulnerability is oftentimes the only necessary piece needed to gain a foothold in an environment.

27
00:01:56,730 --> 00:02:04,110
‫As an example, a network could be compromised due to a vulnerability found in out-of-date office productivity

28
00:02:04,110 --> 00:02:09,180
‫software, a PDF viewer or even a browser exploitation framework.

29
00:02:09,180 --> 00:02:14,370
‫Tools contain capabilities to detect and exploit these particular vulnerabilities.

30
00:02:15,930 --> 00:02:20,610
‫The vendors of these software packages are continually adding exploits to their platform.

31
00:02:21,360 --> 00:02:28,500
‫Internal security teams and malicious actors alike can use the same tools to detect and exploit vulnerabilities

32
00:02:29,280 --> 00:02:31,950
‫as some of the software exploitation tools are free.

33
00:02:32,370 --> 00:02:38,760
‫The bar of entry is minimal and can open up organizations to easy to perform attacks.

34
00:02:40,160 --> 00:02:43,700
‫So let's see a few examples of these exploit frameworks.

35
00:02:44,810 --> 00:02:46,580
‫Core impact isn't cheap.

36
00:02:47,240 --> 00:02:49,280
‫Be prepared to spend at least $30000.

37
00:02:49,790 --> 00:02:54,350
‫But it is widely considered to be the most powerful exploitation tool available.

38
00:02:55,010 --> 00:03:01,460
‫It supports a large, regularly updated database of professional exploits and can do any tricks like

39
00:03:01,460 --> 00:03:07,160
‫exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit

40
00:03:07,160 --> 00:03:07,850
‫other boxes.

41
00:03:09,050 --> 00:03:15,050
‫Canvas is a commercial vulnerability exploitation tool from David tells Immunity SEC.

42
00:03:16,440 --> 00:03:23,640
‫It includes more than 370 exploits and is less expensive than core impact or the commercial versions

43
00:03:23,640 --> 00:03:24,420
‫of Metasploit.

44
00:03:25,020 --> 00:03:29,310
‫It comes with full source code and occasionally even includes zero day exploits.

45
00:03:30,530 --> 00:03:34,130
‫Now, throughout this course, we're going to use Metasploit Framework.

46
00:03:35,190 --> 00:03:36,210
‫So let's get started.