1
00:00:00,180 --> 00:00:02,760
Hello everybody and welcome to the website.

2
00:00:02,770 --> 00:00:04,770
Penetration Testing section.

3
00:00:04,950 --> 00:00:09,950
Now before we begin with explaining some of the basic terms and things you'll need to know we.

4
00:00:10,020 --> 00:00:17,400
Let me just show you where you can download the intentionally impermeable machine the tool used as the

5
00:00:17,430 --> 00:00:19,350
pen testing machine.

6
00:00:20,340 --> 00:00:29,970
So you just go I'll open up your Google Chrome and type this thing into your search bar which is a CPS

7
00:00:30,060 --> 00:00:32,630
source forge dot net slash projects.

8
00:00:32,650 --> 00:00:42,640
That's o w o ASP e w a when you type that it will lead you to this page where you basically just click

9
00:00:42,640 --> 00:00:44,650
here on the download.

10
00:00:44,770 --> 00:00:50,290
Once you click here on the download it should start downloading the one point seven gigabytes large

11
00:00:50,290 --> 00:00:57,760
fire zip file which you which will take some time to install but once it does the process of installing

12
00:00:57,760 --> 00:01:01,750
the virtual machine itself is rather easy and fast.

13
00:01:02,020 --> 00:01:10,960
So since I have already this zip file installed on my Windows 10 host machine I will close this installation

14
00:01:10,960 --> 00:01:12,940
process or downloading process.

15
00:01:12,940 --> 00:01:21,050
You just wait for it to finish and you will basically end up with this file right here on this file.

16
00:01:21,050 --> 00:01:30,090
This file right here which is the OS the broken web apps we end one point two point seven Zi file as

17
00:01:30,090 --> 00:01:38,460
you can see is a file and it is zipped it is the size of one point sixty nine gigabytes and once you

18
00:01:38,670 --> 00:01:41,850
get this file you want to extract it.

19
00:01:41,970 --> 00:01:48,710
So just extract it to any folder you want and you will get all of these files right here.

20
00:01:48,710 --> 00:01:52,170
Now you might be asking why we have all of these in the case right here.

21
00:01:52,260 --> 00:02:00,260
Well we only are interested in the first one which isn't any type of s 0 0 1 0 0 2.

22
00:02:00,300 --> 00:02:02,320
You will use only this one.

23
00:02:02,580 --> 00:02:07,200
And I will show you how to make the virtual machine right now so open up your little box.

24
00:02:07,200 --> 00:02:14,380
Once you extracted all of these files you just go here on the new.

25
00:02:14,910 --> 00:02:20,680
And here you type here the name of your regular machine you can name it call us if you want to.

26
00:02:20,700 --> 00:02:29,190
You sure you pick the Linux and here you pick the open to a 64 bit so find one to 64 bit and just type

27
00:02:29,190 --> 00:02:33,790
your next cannot create the machine folder that's been burned.

28
00:02:33,860 --> 00:02:34,260
OK.

29
00:02:34,280 --> 00:02:40,790
So all that we have this machine so can just type your old USB one and here you can leave it on five

30
00:02:40,790 --> 00:02:42,890
hundred and twelve megabytes it doesn't matter.

31
00:02:42,890 --> 00:02:44,180
So this week you're next.

32
00:02:44,180 --> 00:02:51,500
And under the hot disk you go to the use an existing root or hard disk and you try to find that they

33
00:02:51,530 --> 00:02:57,950
just show you if you open up the extracted folder you want to click on the first one which is the always

34
00:02:58,020 --> 00:03:02,220
broken web apps minus S.L. one dot we indicate.

35
00:03:02,450 --> 00:03:07,340
So you pick that one and click here open and choose.

36
00:03:07,580 --> 00:03:12,590
Once you choose that just click here on create and you created your virtual machine

37
00:03:16,890 --> 00:03:20,640
so in order to start your work machine just click here on start.

38
00:03:20,880 --> 00:03:26,420
And basically it will finish the process of installation the vector machine by itself.

39
00:03:26,430 --> 00:03:30,860
So we'll just wait for it since it doesn't take that long.

40
00:03:31,260 --> 00:03:38,070
After that it will prompt you with the user name and password for the virtual machine which while this

41
00:03:38,070 --> 00:03:42,610
is installing let me write you into the note that file.

42
00:03:42,840 --> 00:03:57,630
So the user name will be where is the equal sign will be route and the password will be a W B W eight.

43
00:03:58,590 --> 00:04:04,180
So once and prompts you with the user name and password just type these two right there.

44
00:04:04,210 --> 00:04:11,730
Now this also as well as not applicable is not a good machine it was basically it is basically a command

45
00:04:11,730 --> 00:04:18,000
line machine so you will all be able to execute comments from here as we can see it prompted us to log

46
00:04:18,000 --> 00:04:18,240
in.

47
00:04:18,240 --> 00:04:21,400
So always be w a log in type here load.

48
00:04:21,990 --> 00:04:27,580
And as a password type here or w e w h o w b.

49
00:04:28,500 --> 00:04:35,700
And once you do that it will locking into your command line and the only thing we want to do from here

50
00:04:35,790 --> 00:04:42,440
is basically consumer our IP address in order to be a part of our local network.

51
00:04:42,450 --> 00:04:51,390
Now be careful you don't expose this machine to the untrusted network as it is a machine full of possibilities.

52
00:04:51,450 --> 00:05:00,660
So if you can just keep it in host only or on the net but in my case I will just put it on the pitch

53
00:05:00,700 --> 00:05:07,460
debtor since I will perform scans from another machine that is also on the bridge adapter.

54
00:05:07,500 --> 00:05:13,320
So we want to make them both belong to our local host.

55
00:05:13,380 --> 00:05:16,920
So in order to do that first of all just close this machine.

56
00:05:17,010 --> 00:05:21,120
So you need to close it up here.

57
00:05:21,190 --> 00:05:21,950
OK.

58
00:05:21,970 --> 00:05:28,930
Go on to the settings for that machine basically which is do the same thing that we did for our clinics

59
00:05:29,510 --> 00:05:35,410
go under network find Bridget adapter and choose your network interface.

60
00:05:35,620 --> 00:05:41,920
Once you do that also make sure cable connected is checked and click here OK and you are set to go.

61
00:05:41,950 --> 00:05:50,700
So right here if we type here if we open up our machine I'll show you what things do we get from it

62
00:05:52,390 --> 00:05:57,280
and in the next lectures I will teach you some of the basic stuff you need to know in order to continue

63
00:05:57,420 --> 00:06:01,290
my testing now just wait for it to blow it up.

64
00:06:01,290 --> 00:06:04,960
And once you get it will prompt you with the name and password.

65
00:06:07,080 --> 00:06:09,660
And once he does that we are good to go.

66
00:06:09,660 --> 00:06:19,630
Our machine is up and running bunch of open vulnerable programs that we can test.

67
00:06:20,040 --> 00:06:23,250
So here you can see it is starting a bunch of these programs

68
00:06:27,470 --> 00:06:37,130
palm cat web server and here it even says in all these cases you can use a root as user name and password.

69
00:06:37,400 --> 00:06:38,500
Always VBA.

70
00:06:39,040 --> 00:06:47,560
So in case you forgot you can just read it from up here and type here the password and it will log in

71
00:06:47,560 --> 00:06:49,990
to you to your command line.

72
00:06:49,990 --> 00:06:56,720
So if we type here once again I have config we will have IP address one wanted to that 168 the quantum

73
00:06:56,770 --> 00:07:00,400
9 which belongs to our local network now.

74
00:07:00,460 --> 00:07:04,300
Let me show you what happens when we receive that IP address.

75
00:07:04,300 --> 00:07:07,570
So just go onto your card machine or from your host machine.

76
00:07:07,570 --> 00:07:08,560
It doesn't even matter.

77
00:07:09,280 --> 00:07:16,100
Open up your Firefox and type here the IP address of your machine.

78
00:07:16,840 --> 00:07:23,770
It will lead you to this page and you will see a bunch of these options right here which you can click

79
00:07:23,770 --> 00:07:31,810
on for example if we go all last right here you will get a bunch of as you can see malicious file execution

80
00:07:31,810 --> 00:07:36,160
information leakage in proper error handling.

81
00:07:36,160 --> 00:07:42,010
This is just a bunch of programs running for you to test and we will cover most of them not all of them

82
00:07:42,010 --> 00:07:47,380
since that will take a lot of time but most of them you can even see somebody log in pages as we can

83
00:07:47,380 --> 00:07:49,770
see authentication required.

84
00:07:49,930 --> 00:07:52,540
We have no idea how to get in here.

85
00:07:52,570 --> 00:07:59,170
But we will find out soon enough as we can see Apache tomcat.

86
00:07:59,170 --> 00:08:04,960
It gives us the version a bunch of vulnerable problems that we will test in the future videos.

87
00:08:05,230 --> 00:08:10,210
But until then you can experiment and see what kinds of things we have right here.

88
00:08:10,240 --> 00:08:16,540
And we will test them later on after I finish explaining some of the basic stuff you need to know in

89
00:08:16,540 --> 00:08:17,910
order to continue.

90
00:08:17,920 --> 00:08:26,010
So this sit for this lecture will cover the HDP protocol in the next lecture and I hope I see you there.

91
00:08:26,020 --> 00:08:26,410
Take care.