1
00:00:00,730 --> 00:00:04,330
‫So let's go get some hash domes to use in the further hands-on experiment.

2
00:00:06,640 --> 00:00:10,480
‫Go to Carly, hack a Windows system and dump its ash file.

3
00:00:10,840 --> 00:00:13,600
‫I'll keep it fast because we've seen these steps several times.

4
00:00:14,610 --> 00:00:17,730
‫Over an internal screen, start MSF's console.

5
00:00:19,670 --> 00:00:25,670
‫I'll use Exact to open an interpreter session on the victim search for the exploit module.

6
00:00:27,330 --> 00:00:29,250
‫Now I'll set an appropriate payload.

7
00:00:33,050 --> 00:00:34,010
‫So the options.

8
00:00:35,260 --> 00:00:41,750
‫Sent our host as my Windows XP, VM two, seven and L host as my colleague two.

9
00:00:45,150 --> 00:00:52,730
‫Remember, the user is the administrator in the password is one two three four QQQ uppercase Q, but

10
00:00:52,740 --> 00:00:54,270
‫please don't mind this.

11
00:00:54,270 --> 00:00:58,290
‫It's just an intermediate step that we need to retrieve the hash file.

12
00:01:01,790 --> 00:01:03,350
‫Now we're ready to run the export.

13
00:01:04,680 --> 00:01:06,270
‫Interpreter Sessions open.

14
00:01:06,780 --> 00:01:10,500
‫Use hash dump command to get the hashes, and here they are.

15
00:01:10,680 --> 00:01:14,880
‫So let's copy them all and place them into a text file, which will be our hash file.

16
00:01:16,980 --> 00:01:19,590
‫I'll use the nano editor for this purpose.

17
00:01:20,370 --> 00:01:23,790
‫I'll open a new text file named Hash XP that text.

18
00:01:25,220 --> 00:01:26,720
‫Right click and paste.

19
00:01:27,980 --> 00:01:34,280
‫Control X to exit, Y to save changes and hit enter, to save the file that we named at the beginning.

20
00:01:35,570 --> 00:01:37,460
‫Now look at the upper left corner.

21
00:01:38,180 --> 00:01:40,010
‫Now we have a hash file on the desktop.

22
00:01:41,970 --> 00:01:45,720
‫So now I want to get the hash file of my Windows eight VM as well.

23
00:01:46,820 --> 00:01:52,610
‫I said in the current maturity session to the background, I'll use peace exec once more for Windows

24
00:01:52,610 --> 00:01:53,840
‫eight VM this time.

25
00:01:54,560 --> 00:01:56,120
‫Our host is 2:58.

26
00:01:57,290 --> 00:01:59,660
‫Username is a Meydan.

27
00:02:00,560 --> 00:02:05,450
‫Suppose that we collect this data in the exploitation phase and run the exploit.

28
00:02:10,100 --> 00:02:17,450
‫Now I have an interpreter session on Windows eight p.m., So run hash dump to collect the hashes, huh?

29
00:02:17,480 --> 00:02:18,020
‫It fail.

30
00:02:18,560 --> 00:02:19,610
‫Will it stop us?

31
00:02:20,030 --> 00:02:21,590
‫I don't think so.

32
00:02:22,310 --> 00:02:29,570
‫Remember, we have another hash dump method one post windows, gather hash dump and hit enter.

33
00:02:30,500 --> 00:02:34,040
‫This method runs in a different way from the previous hash dump method.

34
00:02:37,280 --> 00:02:43,430
‫And here's the hash them for Windows eight p.m. again, open a text editor and create a new text file

35
00:02:43,430 --> 00:02:44,690
‫to keep these hashes.

36
00:02:51,520 --> 00:02:57,100
‫So let's just for fun, have one more harsh tone, this time from a Linux system.

37
00:02:58,170 --> 00:03:01,260
‫I send the second interpreter session to the background.

38
00:03:02,740 --> 00:03:10,270
‫Now, I remember that my Metasploit of Linux VM has Java RMI server, insecure default config vulnerability.

39
00:03:10,810 --> 00:03:14,410
‫So that's what I searched for Java RMI keywords.

40
00:03:14,710 --> 00:03:16,390
‫And let's pick this one.

41
00:03:17,870 --> 00:03:20,570
‫Show payloads to select an appropriate one.

42
00:03:21,290 --> 00:03:26,900
‫I'll set Java interpreter, reverse DCP show options and set the option.

43
00:03:27,920 --> 00:03:35,690
‫Our host is Metters voidable Linux two zero six L host is Kali to to to leave the ports with the default

44
00:03:35,690 --> 00:03:37,850
‫values and run the exploit.

45
00:03:41,040 --> 00:03:42,840
‫More than one session open.

46
00:03:43,350 --> 00:03:47,520
‫So I use Sessions I to interact with one of them.

47
00:03:47,790 --> 00:03:53,250
‫For example, session three and I have a session on Metasploit or Linux VM.

48
00:03:54,700 --> 00:04:02,070
‫Metaphor to has no hash don't function for Linux systems by default, so I'll use a post module type

49
00:04:02,080 --> 00:04:05,560
‫run post, Linux hash dump and hit enter.

50
00:04:08,200 --> 00:04:11,800
‫And once again, we have the dump, the password hashes of the victim.

51
00:04:12,700 --> 00:04:17,170
‫So let's create a third hash file for Metasploit able to VM same method.

52
00:04:17,680 --> 00:04:22,330
‫Copy the ashes of an a text editor, paste them and save the file.

53
00:04:34,170 --> 00:04:39,330
‫So at the end, we have three hash files for three of our victims.