1
00:00:00,620 --> 00:00:03,560
‫OK, so if we understand how past the hash works.

2
00:00:04,960 --> 00:00:10,300
‫Let's see it in action and try to hack some systems, even though they don't have any exploitable vulnerability.

3
00:00:10,660 --> 00:00:17,080
‫But before that, I'd like to show you the sharing system of the modern Windows systems and prepare

4
00:00:17,080 --> 00:00:19,960
‫my Windows eight system for the realistic demonstration.

5
00:00:22,660 --> 00:00:23,830
‫So here's you already know.

6
00:00:25,360 --> 00:00:29,500
‫I have a Windows eight virtual machine with an IP address of two, two three.

7
00:00:30,340 --> 00:00:32,230
‫First, let me ping the call system.

8
00:00:33,700 --> 00:00:35,260
‫OK, no problem on the network.

9
00:00:36,070 --> 00:00:39,450
‫Now I go to the Colli and bring the Windows eight VM.

10
00:00:44,680 --> 00:00:52,720
‫Now, as you see, there is no response at the moment, but we know that we can ping Carly VM from Windows

11
00:00:52,900 --> 00:00:55,120
‫VM, so there isn't a problem on the network.

12
00:00:55,900 --> 00:01:01,030
‫And we know that Windows eight VM is alive and its IP addresses two to three.

13
00:01:01,990 --> 00:01:06,010
‫So let's make a standard Nmap query through the Windows eight VM.

14
00:01:13,350 --> 00:01:19,230
‫All the ports of the system look like they're filtered because we got no response from any of the ports.

15
00:01:20,240 --> 00:01:26,570
‫So in a typical business or home network, you don't see such computers much because it's a trusted

16
00:01:26,570 --> 00:01:29,390
‫network and, you know, computers interact with each other.

17
00:01:30,380 --> 00:01:36,920
‫In addition, system admins have to manage the systems and they should be able to manage them remotely.

18
00:01:37,860 --> 00:01:43,590
‫Otherwise, life becomes a, I don't know, commuter disaster for them having to run to each single

19
00:01:43,590 --> 00:01:44,160
‫computer.

20
00:01:45,370 --> 00:01:51,580
‫So my point is there should be some interaction points, such as open ports or shared folders.

21
00:01:52,960 --> 00:01:54,340
‫And now I'm in a Windows eight.

22
00:01:55,180 --> 00:02:02,950
‫So right click on the network icon bottom right and click Open Network and sharing center in the advanced

23
00:02:02,950 --> 00:02:04,210
‫settings sharing window.

24
00:02:04,570 --> 00:02:05,960
‫Select Change.

25
00:02:05,980 --> 00:02:09,580
‫Advanced sharing settings from the left hand side panel.

26
00:02:10,440 --> 00:02:17,700
‫As you see here, current profile is guest or public, and network discovery and file and printer sharing

27
00:02:17,760 --> 00:02:19,680
‫are closed in this profile by default.

28
00:02:20,310 --> 00:02:25,560
‫This is why we can't get any replied who are buying queries so we can change these settings here.

29
00:02:25,560 --> 00:02:30,210
‫Or the better way is to change the network profile of my VM.

30
00:02:31,260 --> 00:02:34,560
‫I'll change the network profile, so I'll close this window for now.

31
00:02:35,340 --> 00:02:38,820
‫Click on Settings and then the network icon.

32
00:02:39,760 --> 00:02:44,380
‫Now, right click on the connected label and select Turn sharing on or off.

33
00:02:45,600 --> 00:02:51,450
‫This is how you can change the network profile in the Windows eight system if you use another modern

34
00:02:51,450 --> 00:02:57,090
‫Windows system such as Windows 10, please Google around a bit to find out how to change the network

35
00:02:57,090 --> 00:02:58,020
‫profile there.

36
00:02:59,430 --> 00:03:06,510
‫But here, choose yes, to turn on the sharing and connect to devices option because this is a simulation

37
00:03:06,510 --> 00:03:07,440
‫of a work network.

38
00:03:08,480 --> 00:03:08,780
‫All right.

39
00:03:08,990 --> 00:03:11,390
‫So let's look at the advanced sharing settings again.

40
00:03:14,850 --> 00:03:18,040
‫And look at that the network profile is private now.

41
00:03:18,420 --> 00:03:22,650
‫And network discovery and file sharing is turned on.

42
00:03:25,590 --> 00:03:27,750
‫So now I go back to Cali Ping, Windows eight.

43
00:03:28,350 --> 00:03:30,660
‫And now it replies to our ping request.

44
00:03:32,200 --> 00:03:34,360
‫So let's make a standard map query once again.

45
00:03:40,980 --> 00:03:45,570
‫Now we have some open ports, which are mostly needed for sharing and remote connections.