1 00:00:00,150 --> 00:00:04,280 Hello everybody and welcome back to the system hacking section. Now 2 00:00:04,320 --> 00:00:10,050 in the previous videos we saw how we can actually create some of the exploits for the OWASP virtual machine, 3 00:00:10,380 --> 00:00:15,980 and we were able to hack a Linux server with PHP meterpreter shell. 4 00:00:16,030 --> 00:00:24,870 Now as we are finished with those Tomcat and Apache 2 exploits, now we are going to continue to the Windows 5 00:00:24,870 --> 00:00:25,850 exploits. 6 00:00:25,860 --> 00:00:30,810 Now these are some of the more important parts since most people use Windows, 7 00:00:30,810 --> 00:00:36,090 and since most most vulnerable software is actually run on Windows. 8 00:00:36,090 --> 00:00:43,200 So out of all of the other operating systems, Windows is the most vulnerable one. In the past bunch 9 00:00:43,200 --> 00:00:48,020 of these vulnerabilities such as the one I told you about before, 10 00:00:48,020 --> 00:00:50,280 the Eternal Blue, which we will be doing. 11 00:00:50,310 --> 00:00:58,370 It is a vulnerability for the Windows 7 all packs and Windows, I believe, Server 2008. And 12 00:00:58,380 --> 00:01:02,100 they have some additional Metasploit modules for Windows 8 and Windows 10, 13 00:01:02,160 --> 00:01:07,560 but I couldn't seem to get those to work. So we will be doing the regular eternal blue exploit. 14 00:01:08,220 --> 00:01:15,180 But before we actually continue with exploiting Windows with Metasploit, let us just install a program 15 00:01:15,660 --> 00:01:17,590 that we will need 16 00:01:18,180 --> 00:01:24,650 now in this section, and we also need once we start actually coding our own programs in Python. 17 00:01:24,690 --> 00:01:33,960 The program is called Wine. Now Wine is basically programmed for Linux that allows Linux users to 18 00:01:33,990 --> 00:01:37,500 actually run Windows programs in Linux. 19 00:01:37,560 --> 00:01:44,430 What I mean by that is basically, for example, the executable windows extension is .exe. 20 00:01:44,820 --> 00:01:50,570 Every .exe file that you run is basically only executable on Windows. 21 00:01:50,580 --> 00:01:52,670 You cannot run it on Linux. 22 00:01:52,740 --> 00:01:59,790 So in order for us to run some of the programs that are .exe or .msi, basically, we will need 23 00:01:59,790 --> 00:02:03,090 to install wine, in order to do that on Linux. 24 00:02:03,090 --> 00:02:06,070 Now there are two reasons why we need it currently. 25 00:02:06,270 --> 00:02:13,080 One of them is that wine is actually required as a program in order to be able to run the eternal blue 26 00:02:13,080 --> 00:02:18,770 NSA exploit on Windows 7, which is one of the more important exploits that we will do. 27 00:02:18,900 --> 00:02:25,900 And the other reason is that we will need wine in order to make our python programs in Linux .exe, 28 00:02:26,130 --> 00:02:29,670 later on when we start coding our own programs. 29 00:02:29,670 --> 00:02:33,090 So let us start off by actually downloading it. 30 00:02:33,090 --> 00:02:35,910 So I already have it installed. 31 00:02:36,090 --> 00:02:44,580 I will show you how to perform that, and we will also install our first Windows program and use it in our 32 00:02:44,670 --> 00:02:45,980 wine program. 33 00:02:46,080 --> 00:02:52,410 We will install Python for Windows and use it as a wine installer. So you will see what I mean soon 34 00:02:52,410 --> 00:02:53,310 enough. 35 00:02:53,310 --> 00:02:57,480 Let me just enlarge this so you can see a little bit better what I am doing. 36 00:02:57,810 --> 00:03:04,410 So if you just type here wine in Kali Linux, wine --help, you should get prompted with this since 37 00:03:04,410 --> 00:03:11,460 I believe wine is already pre-installed in Kali Linux. But if you run a 64 bit version of Kali Linux, I believe 38 00:03:11,460 --> 00:03:16,050 that you will need to upgrade and add some architecture for the 32 bit. 39 00:03:16,050 --> 00:03:19,890 So we also want to install wine 32 bit. 40 00:03:20,340 --> 00:03:25,480 Now I already installed it and I will show you what the command is in order to perform the installation. 41 00:03:25,480 --> 00:03:28,170 So just type in your terminal, 42 00:03:28,530 --> 00:03:34,090 dpkg --add-architecture. 43 00:03:37,430 --> 00:03:42,690 And basically what you want is i386 for the 32 bit version. 44 00:03:42,720 --> 00:03:46,350 Now this is just one of the three commands that we want to run in order to install, 45 00:03:46,350 --> 00:03:49,600 so let us actually run all three at the same time. 46 00:03:49,710 --> 00:03:56,830 So let me add these && in order to continue with another command, and apt-get update &&. 47 00:03:58,080 --> 00:04:05,070 And the third command which we want to do is apt-get install wine32. 48 00:04:05,070 --> 00:04:11,550 So as we can see, first of all, we are adding the architecture for i386, and then we are updating our 49 00:04:11,880 --> 00:04:16,590 repositories, and after that we are actually installing the wine 32 bit. 50 00:04:16,590 --> 00:04:22,260 Now the apt-get install wine 32 bit won't really work without this command. 51 00:04:22,270 --> 00:04:23,910 So we need to run this first. 52 00:04:23,910 --> 00:04:29,280 Now since I already ran this before, I will not be running it at the moment since I already have wine 53 00:04:29,370 --> 00:04:29,880 installed. 54 00:04:30,330 --> 00:04:31,470 And what you want to do, 55 00:04:31,470 --> 00:04:37,230 basically, this process I believe, especially if you didn't update your Kali Linux repositories for 56 00:04:37,650 --> 00:04:43,230 long time, it will take around 20 to 30 minutes. If you did update your repositories, 57 00:04:43,230 --> 00:04:47,320 however, it shouldn't take too long. So you will be good to go. 58 00:04:47,480 --> 00:04:56,300 So after you run that what you want to do is, basically, let us go to the Python Web site and actually 59 00:04:56,300 --> 00:04:59,100 download the MSI installer for Python 2. 60 00:04:59,300 --> 00:05:06,950 So, I already did all of that but I will show you how you can do it, since it is important for 61 00:05:06,950 --> 00:05:13,640 future videos. Now Python, we do not need it for the exploit module that we will use in the next 62 00:05:13,640 --> 00:05:17,800 videos, but we will need it in our coding section. 63 00:05:18,050 --> 00:05:27,140 So, start new session, we want to start a new one, and what we want to do is just go to your web page 64 00:05:27,200 --> 00:05:28,280 and just type here, 65 00:05:28,510 --> 00:05:33,950 https://www.python.org 66 00:05:34,310 --> 00:05:35,660 https://www.python.org 67 00:05:35,660 --> 00:05:38,540 And basically where you want to go is to this link right here, 68 00:05:38,540 --> 00:05:48,430 so /downloads/release/python-2714, which is 69 00:05:48,430 --> 00:05:49,560 Python 2. 70 00:05:49,570 --> 00:05:56,200 Now the reason why we are not using Python 3 is because most all of the programs, and all of the modules 71 00:05:56,200 --> 00:05:59,790 and libraries in Python, are still supported in Python 2. 72 00:06:00,340 --> 00:06:08,500 And, fortunately, Python 2 is basically a little easier since it doesn't include some brackets 73 00:06:08,500 --> 00:06:13,910 and all that which I always forget to include in Python 3. But, I will show you the syntax for both. 74 00:06:13,930 --> 00:06:15,670 once we get to that. For now 75 00:06:15,670 --> 00:06:17,790 I just want to show you how you can install this. 76 00:06:18,310 --> 00:06:24,190 So once you're on this page you want to scroll down, and you will get a bunch of versions of python 77 00:06:24,250 --> 00:06:31,910 right here, or basically the installer for python. What you want to do is basically go all the way down to 78 00:06:31,910 --> 00:06:35,330 the Windows x86 MSI installer. 79 00:06:35,330 --> 00:06:41,300 Once you do that, go click on it. It will ask you, do you want to install python-2.7.14.msi 80 00:06:41,300 --> 00:06:48,530 python-2.7.14.msi. The size is 18 megabytes. You want to save that file, and it will save that file 81 00:06:48,530 --> 00:06:57,280 right here in your downloads folder. As we can see if I open my downloads folder, it will show two copies of 82 00:06:57,280 --> 00:07:04,690 python-2.7.14 because I already installed one yesterday. So we can just delete 83 00:07:04,690 --> 00:07:13,800 one, or let me open in terminal and then I will delete it. 84 00:07:16,470 --> 00:07:22,080 It doesn't matter, one of them has to go. Or, doesn't. I just want to delete it so I don't have 85 00:07:22,080 --> 00:07:28,650 the duplicate. And what you want to do after that is basically you can just, let me just close this. 86 00:07:28,650 --> 00:07:30,960 We do not need this browser open anymore. 87 00:07:33,060 --> 00:07:41,490 What you want to do is change your directory to downloads. And if you click here ls, you will see your 88 00:07:41,490 --> 00:07:48,400 python file right here. And the next thing you want to do wine msiexec 89 00:07:48,440 --> 00:07:51,200 /i 90 00:07:51,230 --> 00:07:53,290 and then python. 91 00:07:55,100 --> 00:07:57,240 I believe the syntax looks something like this, 92 00:07:57,240 --> 00:07:59,280 we will check it right now. 93 00:07:59,300 --> 00:08:00,050 It should work. 94 00:08:00,050 --> 00:08:03,400 And after that it should start loading your wine program. 95 00:08:04,730 --> 00:08:10,730 Now since I already did install it, what you want to do is basically just click on Next everywhere, and 96 00:08:10,730 --> 00:08:17,030 basically you want to install it in the C drive. It will create a virtual C drive for your Kali Linux machine. 97 00:08:17,130 --> 00:08:20,470 And once you click finish the installation, just click on finish, 98 00:08:20,500 --> 00:08:23,500 I will click on X right here since I already have it. 99 00:08:23,530 --> 00:08:29,300 Do you want to cancel installation, yes. And then finish. So everything has finished now. 100 00:08:29,300 --> 00:08:35,580 Once you finish the installation, what you want to do is basically navigate to your C drive. 101 00:08:35,720 --> 00:08:42,860 Now the C Drive is something you find in Windows, not in Linux, but for Wine it created a virtual C drive with 102 00:08:42,860 --> 00:08:49,280 basically Windows, modules, libraries, and all of that, that allow us to run Windows executables. 103 00:08:49,280 --> 00:08:52,970 So, in order to go there you need to go to the root. 104 00:08:53,500 --> 00:08:58,610 Then if you click on the root ls, you will notice that there is nothing named 105 00:08:58,670 --> 00:08:59,470 as wine. 106 00:08:59,480 --> 00:09:06,030 Now wine basically is a hidden file in this directory and you can find it in two ways. 107 00:09:06,080 --> 00:09:12,620 One of them is, basically, you can just go through the directory, right click I believe, and you 108 00:09:12,620 --> 00:09:14,330 can go properties. 109 00:09:14,330 --> 00:09:21,330 Not really sure if...access files, access files, change permissions. 110 00:09:21,530 --> 00:09:25,520 I thought it would be something like show hidden files, but it doesn't matter. 111 00:09:26,030 --> 00:09:31,670 Another way that you can do this is just type ls -la, which is a command that we covered. So you will see 112 00:09:31,730 --> 00:09:34,750 all of the files including hidden files as well. 113 00:09:34,850 --> 00:09:41,870 So, if you look closely you will see that we have our .wine directory, which is a hidden directory. 114 00:09:41,870 --> 00:09:47,750 So, basically, everything that starts with . will be a hidden file in your directory, and we want to 115 00:09:47,750 --> 00:09:54,740 go to that directory. So just type cd .wine. And then if we clear the screen and type ls once 116 00:09:54,740 --> 00:10:01,970 again, you will see that we actually have our drive_c directory. So we change our directory 117 00:10:01,970 --> 00:10:03,280 to there, 118 00:10:03,650 --> 00:10:09,800 we can ls, and right here you will see that we actually have basically all of the Windows files 119 00:10:09,860 --> 00:10:12,280 installed. Program Files, Program Files (x86), 120 00:10:12,290 --> 00:10:17,480 windows, users, Python 27 is the python that we installed previously. 121 00:10:17,480 --> 00:10:24,560 So, this is not currently in need for us, but we will be using, as I said, it later on. 122 00:10:24,560 --> 00:10:30,850 So, it is good to show you an example of making a windows file executable on Linux. 123 00:10:30,860 --> 00:10:38,330 So now if you, for example, if I change my directory to Python, and I ls here, you will see Python.exe, 124 00:10:38,390 --> 00:10:42,400 which is a Windows executable. In order for you to run it, 125 00:10:42,430 --> 00:10:49,850 you would need to type wine python.exe. So you will not be able to run it with 126 00:10:49,880 --> 00:10:56,490 ./python.exe, you would need to specify wine before that. 127 00:10:56,600 --> 00:11:01,210 So, I just wanted to show you that. This is just a basic wine installation. 128 00:11:01,400 --> 00:11:07,400 What we will do in the next videos is we will start exploiting both Windows 7, Windows 10, and maybe Windows 129 00:11:07,430 --> 00:11:15,350 XP. And I will show you how you can craft your own payloads with MSF Venom in more detail, and how you 130 00:11:15,350 --> 00:11:23,610 can actually exploit Windows both with the payload being delivered by you, and without the payload 131 00:11:23,700 --> 00:11:27,450 even being delivered, with zero day exploits such as Eternal Blue. 132 00:11:27,450 --> 00:11:32,960 Well I mean they were zero day exploits, now they are mostly patched. But I'll show you how they work 133 00:11:32,970 --> 00:11:39,390 since a lot of the devices are still vulnerable to that attack. Since it is an attack on Windows 7, 134 00:11:39,390 --> 00:11:47,280 most people still do use Windows 7, and most people do not update their Windows. So you will be able 135 00:11:47,280 --> 00:11:52,920 to find some of the devices that are still vulnerable to this attack. But more about that in the next 136 00:11:52,920 --> 00:11:53,510 videos. 137 00:11:53,520 --> 00:11:59,390 I just wanted to show you this wine installation, and we will continue hacking in the next lecture. 138 00:11:59,400 --> 00:12:01,390 Hope I see you there and take care. 139 00:12:01,440 --> 00:12:01,940 Bye!