1
00:00:00,090 --> 00:00:04,590
Welcome welcome welcome to the exploit development part of our cause.

2
00:00:05,310 --> 00:00:09,330
I'm really excited about this because we get to start putting together some of the things we've been

3
00:00:09,330 --> 00:00:16,160
learning including python and MSF venom to build our own payloads and it's going to be really fun.

4
00:00:16,170 --> 00:00:23,280
So what we're gonna be doing in this course is we're going to be using an attack machine and a victim

5
00:00:23,280 --> 00:00:31,090
machine so the victim machine has to be a Windows machine so you can run it in a VM.

6
00:00:31,110 --> 00:00:37,560
I have a VM here or you can utilize your own windows machine if you're running through this course on

7
00:00:37,560 --> 00:00:39,300
a Windows based machine.

8
00:00:39,300 --> 00:00:44,940
If you're running on a Mac or you're running on Linux then you're going to have to virtualize this Windows

9
00:00:44,940 --> 00:00:46,140
machine.

10
00:00:46,140 --> 00:00:51,690
Now shouldn't be too big of a deal if you're already running in a VM where situation or virtual box

11
00:00:51,690 --> 00:00:53,000
situation.

12
00:00:53,130 --> 00:00:59,730
All we have to do is go out to the Interweb to here and if you go to Google and you just type in Windows

13
00:00:59,730 --> 00:01:06,700
evaluation the first thing that comes up should be Microsoft Evaluation Center and you just click into

14
00:01:06,720 --> 00:01:12,660
their and we scroll down just a little bit and it says check out the latest products.

15
00:01:12,660 --> 00:01:17,770
We're going to say check out windows and right here assess Windows 10 enterprise.

16
00:01:17,820 --> 00:01:19,130
That's fine.

17
00:01:19,320 --> 00:01:23,500
Now I'm going to be running the whole course through Windows 10 pro.

18
00:01:23,640 --> 00:01:27,070
It really doesn't matter as long as you're on Windows 7 or newer.

19
00:01:27,360 --> 00:01:30,780
So if you have Windows 7 8 or 10 that's absolutely fine.

20
00:01:31,110 --> 00:01:36,480
And then you just click through here say I want the ISO enterprise and then just fill out all of your

21
00:01:36,480 --> 00:01:43,620
information Hey continue get the iso file and download it and then load the iso file into your VM where

22
00:01:44,100 --> 00:01:49,200
that is the option if you are running it virtualize if you again if you're on a Windows machine as I

23
00:01:49,200 --> 00:01:51,030
will be when I'm running through the course.

24
00:01:51,030 --> 00:01:53,190
You do not have to download this part.

25
00:01:53,310 --> 00:01:58,200
Now there are two items you will need to download both of these are going to be on your Windows machine.

26
00:01:58,650 --> 00:02:03,390
So on your victim machine we're going to have something called Von server if you go to Google and say

27
00:02:03,390 --> 00:02:09,180
Vulcan server Von server is the vulnerable server that we're going to be attacking.

28
00:02:09,180 --> 00:02:11,970
So this is a server that we're going to have running on this machine.

29
00:02:12,060 --> 00:02:17,130
It's going to allow us to write a custom exploit against this and get a reverse shell.

30
00:02:17,120 --> 00:02:18,520
It's got to be really fun.

31
00:02:18,540 --> 00:02:22,680
So we're going to actually use the grey corner right here from 2010.

32
00:02:22,680 --> 00:02:26,700
You click on this and scroll down.

33
00:02:26,700 --> 00:02:35,470
There is a download button down here it says Vulcan server does it now windows may actually block this

34
00:02:35,530 --> 00:02:37,600
download if Windows blocks is download.

35
00:02:37,600 --> 00:02:40,200
Go ahead and turn off your defender.

36
00:02:40,240 --> 00:02:42,240
I'm going to actually have you turn it off.

37
00:02:42,370 --> 00:02:49,000
Once we start the spiking video but you can go into defender and just turn it off in here and Windows

38
00:02:49,000 --> 00:02:51,100
Defender settings if you need to.

39
00:02:51,790 --> 00:02:56,320
So you have virus and threat protection right here you can see that I have it turned off you can just

40
00:02:56,320 --> 00:03:04,900
have it turned off so from here we can just download our attachment and I'm just going to hit open because

41
00:03:04,900 --> 00:03:06,790
it's a dot zip.

42
00:03:06,790 --> 00:03:10,380
So again you're going to need a dot zip of some sort.

43
00:03:10,540 --> 00:03:17,860
And then I just like to extract this out to my desktop is fine just somewhere easy to be able to get

44
00:03:17,860 --> 00:03:18,620
to it.

45
00:03:18,940 --> 00:03:24,850
And then we can extract the actual or unzip this whole thing right to our desktop or we'll just call

46
00:03:24,850 --> 00:03:26,860
this phone server like this.

47
00:03:26,860 --> 00:03:29,190
Something similar this is absolutely fine.

48
00:03:29,200 --> 00:03:33,610
What's important is that we're able to have all these files on our desktop.

49
00:03:33,640 --> 00:03:35,050
So that's exactly what we want here.

50
00:03:36,110 --> 00:03:39,610
And then the second part is immunity debugger.

51
00:03:39,680 --> 00:03:42,170
So we come over one tab here.

52
00:03:42,410 --> 00:03:45,500
We've got immunity debugger from immunity Inc.

53
00:03:45,560 --> 00:03:47,840
And this is the link we want to click on.

54
00:03:47,840 --> 00:03:54,890
Now what this is going to do is this is going to allow us to run the program through this debugger and

55
00:03:54,890 --> 00:03:57,420
then we can see all sorts of cool stuff.

56
00:03:57,440 --> 00:03:59,080
It's a program debugger.

57
00:03:59,150 --> 00:04:05,810
So when we are triggering different types of exploits we can see how it's affecting the memory the stack

58
00:04:05,840 --> 00:04:10,100
how it's affecting the program and it'll make a lot more sense once we're in there.

59
00:04:10,100 --> 00:04:12,040
But it's really really nice.

60
00:04:12,050 --> 00:04:16,820
So if you scroll down just a little bit you can see it says download and says download immunity debugger

61
00:04:16,820 --> 00:04:17,760
here.

62
00:04:18,080 --> 00:04:19,050
This is all we got to do.

63
00:04:19,050 --> 00:04:20,790
And you could put a fake name in here.

64
00:04:20,900 --> 00:04:29,120
You can put Joe Schmo and then however you'd spell that and then put a one to three fake street etc

65
00:04:29,150 --> 00:04:34,310
fake at fake dot com and then fake here and it should let you download it.

66
00:04:34,450 --> 00:04:38,360
You have to put in your real information and see it just works right away.

67
00:04:38,450 --> 00:04:39,200
Hit save.

68
00:04:39,740 --> 00:04:43,340
And then once it's done downloading we're going to go ahead and get this installed.

69
00:04:43,340 --> 00:04:48,660
So if it takes you some time for this download go ahead and just pause your video and then we're gonna

70
00:04:48,680 --> 00:04:50,690
go ahead and keep going.

71
00:04:50,780 --> 00:05:01,680
So I'm going to say run on this and say yes and it's going to say that he needs to install Python two

72
00:05:01,680 --> 00:05:02,760
point seven.

73
00:05:02,820 --> 00:05:15,110
So we're gonna say yes and say I accept next and install close that now it's going to launch the python

74
00:05:15,110 --> 00:05:17,690
installer where it is going to do for all users.

75
00:05:17,690 --> 00:05:22,250
If you have an issue with that you can stall it just for you as well next.

76
00:05:22,310 --> 00:05:29,970
Next Next let this load and it's all very very point and click on this.

77
00:05:29,990 --> 00:05:38,240
So our goal here is to be able to write our own exploit code by the end of this and it's going to actually

78
00:05:38,240 --> 00:05:39,520
be really fun.

79
00:05:39,530 --> 00:05:42,320
So let's go check and make sure that immunity ran

80
00:05:45,100 --> 00:05:48,520
and this is what immunity looks like the first time you load it up.

81
00:05:48,550 --> 00:05:52,130
So from here we've got everything installed.

82
00:05:52,240 --> 00:05:57,280
We're going to watch a short video on what a buffer overflow is and how we are going to leverage it

83
00:05:57,760 --> 00:06:05,200
and then we're going to get right into the hands on portion of attacking this victim machine here from

84
00:06:05,200 --> 00:06:10,010
our Cally machine and getting a reverse shell off of this victim machine.

85
00:06:10,060 --> 00:06:14,350
So I'll catch you over the next video when we start covering what a buffer overflow actually is.