1
00:00:00,270 --> 00:00:06,480
In this will be taking a look at this assembly enumeration before an operating assembly, but we will

2
00:00:06,480 --> 00:00:13,290
take a look at some of this assembly assembly stands for several months, message broke and it's widely

3
00:00:13,290 --> 00:00:16,470
used in those systems and also in Linux systems.

4
00:00:16,980 --> 00:00:19,820
Uh, this is my resume, those systems.

5
00:00:19,980 --> 00:00:27,990
But coming to this Linux systems, there is a software called Sumba and we can connect to those Windows

6
00:00:28,140 --> 00:00:30,930
as some Batiatus using this summer software.

7
00:00:31,350 --> 00:00:39,450
So what this is ambitious admin's assembly is a protocol allows you to, uh, share your resources to

8
00:00:39,450 --> 00:00:41,150
other computers in an organization.

9
00:00:41,580 --> 00:00:45,570
It's used for network sharing, your first order network.

10
00:00:46,360 --> 00:00:53,950
Uh, it's useful for sharing the files, printers and any whatever resource you are working properly.

11
00:00:54,120 --> 00:01:01,650
So if you set up any, like, domain of some network third party computers and if you erode a folder

12
00:01:01,650 --> 00:01:08,490
for the, uh, file sharing, then you can access using the can you can access the file using this,

13
00:01:08,790 --> 00:01:10,130
uh, assembly port.

14
00:01:10,500 --> 00:01:13,170
So that is the function of this assembly service.

15
00:01:13,440 --> 00:01:19,800
And this assembly service is like favourite one of the favorite ports for the protesters, because there

16
00:01:19,800 --> 00:01:22,830
are so many exploits, uh, regarding this assembly.

17
00:01:22,830 --> 00:01:24,800
And it is also very vulnerable.

18
00:01:25,110 --> 00:01:32,490
And you can see that, um, a few years ago, the recent attacks were occurring, ransomware.

19
00:01:32,700 --> 00:01:39,360
And it is based on this assembly learnability, uh, attackers, they took advantage of this some vulnerability

20
00:01:39,360 --> 00:01:45,470
and then, uh, they created a ransomware and then attacked these Windows XP machines.

21
00:01:45,840 --> 00:01:48,450
So this assembly is very popular.

22
00:01:48,450 --> 00:01:53,360
And if you find any assembly, what you need to be careful depends upon.

23
00:01:53,580 --> 00:01:55,170
So let's get started.

24
00:01:55,430 --> 00:02:00,690
Uh, my mother, Swedwood, too, is running and we can just do that and quickly.

25
00:02:02,840 --> 00:02:03,920
And it's.

26
00:02:07,120 --> 00:02:11,890
Let me just quickly do the things we.

27
00:02:32,180 --> 00:02:38,090
So this is my daughter and this is my fault, this is my colonics machine, and this one may be the

28
00:02:38,240 --> 00:02:39,410
hardest part to read.

29
00:02:39,810 --> 00:02:40,820
It is check this one.

30
00:02:49,060 --> 00:02:56,710
This matters to so many open boats, as you can see, it made vulnerable for all these boats and this

31
00:02:56,710 --> 00:03:05,350
assembly, but we're going to put, based on the saga that is under Tenent and for the fate of these

32
00:03:05,350 --> 00:03:08,880
two boats can be used for a civil service.

33
00:03:08,890 --> 00:03:13,690
You can see there is two service running on that bus and Microsoft deals.

34
00:03:13,690 --> 00:03:15,700
So these are the assembly services.

35
00:03:16,120 --> 00:03:22,300
And let me scan only these two ports.

36
00:03:24,740 --> 00:03:28,810
So I'm giving the minus B option and for everyone to come forward.

37
00:03:29,450 --> 00:03:33,130
So we are concentrating only on these two spots in this video.

38
00:03:37,860 --> 00:03:41,040
So, OK, no, let me do the Russians scanning.

39
00:03:58,580 --> 00:04:06,620
So we have got this Russians who wanted to know it's been four, four and four, five, so the same

40
00:04:06,620 --> 00:04:14,030
server is running and the Russian ambassador is in between three point three and four.

41
00:04:14,040 --> 00:04:20,340
So you can just Google for those assembly Russian exploit assembly experts based on these Russian numbers.

42
00:04:21,410 --> 00:04:26,570
So what we can do is we can also run the default scripts.

43
00:04:31,260 --> 00:04:35,010
We are running these different groups only on these two pots, one that and for four.

44
00:04:36,090 --> 00:04:38,940
So meanwhile, I will show you the NASA scripts.

45
00:04:39,180 --> 00:04:47,300
How can we use these NASA scripts to take a look at Tennessee and we will get our the groups.

46
00:04:47,490 --> 00:04:51,680
I want to read some so that I want to for a summit.

47
00:04:52,020 --> 00:04:52,470
Right.

48
00:04:54,560 --> 00:05:06,190
So you can see there are so many scripts ready to a certain group for the purpose of the parser and

49
00:05:06,190 --> 00:05:12,770
the enumeration scripts that will get the domain and names and the process and services associations

50
00:05:12,770 --> 00:05:22,040
and shares, you can pretty much use this as assembly to get some part files are your files and photos

51
00:05:22,040 --> 00:05:24,590
are being shared on those server.

52
00:05:25,610 --> 00:05:33,380
And you can also read their computer and you can see here the important ones are assembling a quiz.

53
00:05:33,440 --> 00:05:45,230
So these are we can perform this server metastable to whether to check, if any, uh, if that machine

54
00:05:45,230 --> 00:05:48,540
is vulnerable to any of these, uh, experts or not.

55
00:05:49,700 --> 00:05:51,810
So sorry, I ordered a copy.

56
00:05:52,010 --> 00:05:56,150
So we have got some more information by using the different groups.

57
00:05:57,020 --> 00:06:03,200
This is a matter spreadable and this is the domain name and it has a workgroup.

58
00:06:03,200 --> 00:06:06,970
And we have also got this oil discovery using this assembly service.

59
00:06:07,850 --> 00:06:16,350
So we got the computer running is a Unix and the computer is portable and that computer networks is

60
00:06:16,350 --> 00:06:19,070
a matter of basic input output system.

61
00:06:19,430 --> 00:06:22,660
And this computer does not have enough personnel.

62
00:06:22,910 --> 00:06:24,080
I don't think so.

63
00:06:24,500 --> 00:06:30,260
So this computer can be easy to access any shares using this computer, not instead of IP.

64
00:06:30,710 --> 00:06:32,380
So it has a domain name relevant.

65
00:06:32,690 --> 00:06:37,130
And the fully qualified domain name is Matt Spreadable Domain.

66
00:06:38,630 --> 00:06:43,070
And you can see as basically a account user ID level user.

67
00:06:43,070 --> 00:06:51,260
So they use their username and password, maybe use anyone, any administrator can use it in the passwords.

68
00:06:51,800 --> 00:06:57,410
But what we're going to do is we are going to enumerate some what you can say scripts to.

69
00:06:58,430 --> 00:07:00,380
So let me check.

70
00:07:00,380 --> 00:07:02,800
Are these vulnerabilities?

71
00:07:03,560 --> 00:07:08,450
What I want to take is SMB Wallner.

72
00:07:09,860 --> 00:07:11,540
So what is common in all this?

73
00:07:11,540 --> 00:07:12,800
I can say when I start.

74
00:07:32,360 --> 00:07:39,260
So no previous information has been caught again about this as we watch watching numbers and also you

75
00:07:39,260 --> 00:07:47,030
can see the results as some beat, whether not this and must spend 054 is false and I Mustansiriya six

76
00:07:47,030 --> 00:07:47,410
one four.

77
00:07:47,420 --> 00:07:53,940
So these are two experts so you can also see it executer some scoop.

78
00:07:54,020 --> 00:07:59,840
And it also felt so like this where if there are any true cases and my source for us.

79
00:08:01,880 --> 00:08:11,780
So let me do the in shares to check any shares available to restore the forests that are being shared

80
00:08:11,780 --> 00:08:12,620
on that server.

81
00:08:27,650 --> 00:08:35,380
So there are some shares we can see, uh, conduce that means anonymous login is allowed.

82
00:08:35,390 --> 00:08:41,320
We can see at Windorah this is that Mindshare and AIPAC dollar and you can see up.

83
00:08:42,780 --> 00:08:53,490
And you can see also the absolute but the paint dollar, which is generally used for any printers and

84
00:08:53,490 --> 00:08:58,700
I can see there is a term for that is also being shipped and it has the comment on us.

85
00:08:58,920 --> 00:08:59,280
OK.

86
00:09:00,920 --> 00:09:08,760
So one more comment on what to use and we can put a stop to tell that the name of this machine.

87
00:09:09,200 --> 00:09:11,710
Do you want to reuse and scan the IP address?

88
00:09:11,720 --> 00:09:11,960
Other.

89
00:09:17,360 --> 00:09:25,120
So we have got this not so in the previous and my purse can we did not get the Bush name from the NYPD,

90
00:09:25,130 --> 00:09:28,870
can we can get this embarrassment, that birth that these mothers were able to.

91
00:09:31,920 --> 00:09:40,920
Oh, no, I want to say that we need to use some tools to connect to these assumptions.

92
00:09:41,250 --> 00:09:43,530
Those are assembly map and some bickering.

93
00:09:48,240 --> 00:09:57,690
So there there are a lot of options you can use for this assembly map, so we'll use the basic options.

94
00:09:57,930 --> 00:10:05,050
You can see the example, a simple map minus your username and password and our domain name and the

95
00:10:05,080 --> 00:10:06,900
host and the IP address.

96
00:10:06,930 --> 00:10:15,960
So let us use this so we know that there is an anonymous login because we have got those shares.

97
00:10:16,410 --> 00:10:18,150
Let's take this anonymous login.

98
00:10:18,540 --> 00:10:22,830
If you don't give any username and password for this and we map, it will assume that analyzation are

99
00:10:22,830 --> 00:10:23,730
the anonymous login.

100
00:10:32,290 --> 00:10:35,420
So I think negotiations are not almost bargains are different.

101
00:10:35,440 --> 00:10:42,460
So ID I on this IP address, so let me type in username.

102
00:10:50,310 --> 00:10:55,770
I know this will be wrong, just to the answer to that, you can log in if you have the username and

103
00:10:55,830 --> 00:10:59,750
password, can see authentication, are unwilling to do that once you should.

104
00:11:01,030 --> 00:11:07,500
OK, this is the assembly map and you see another one called as ambigram.

105
00:11:11,390 --> 00:11:20,900
And all you need to do is assembly line minus a minus capital to restore the shares from this from the

106
00:11:20,900 --> 00:11:24,620
computer one and two to the ones you should not.

107
00:11:28,250 --> 00:11:36,110
So if you use the Windows, uh, WiFi access versions from the windows, you can see you can connect

108
00:11:36,110 --> 00:11:40,960
to disfellowshipped using the black backslash that Windows convention.

109
00:11:41,450 --> 00:11:45,160
If you if you remember that, it will be the double breakfast.

110
00:11:45,410 --> 00:11:51,260
But in the reenacts, this back contains some, uh, special value.

111
00:11:51,260 --> 00:11:53,680
To remove that, we need to put another break through.

112
00:11:54,890 --> 00:12:00,560
So let me hit enter so you can see this protocol negotiation failed this character.

113
00:12:00,800 --> 00:12:04,730
So this is the error I got from this current quantitative machine.

114
00:12:05,000 --> 00:12:09,560
And I searched for this error.

115
00:12:09,560 --> 00:12:11,600
And I have got the solution.

116
00:12:12,560 --> 00:12:17,100
And what I want you to put a double ferocious.

117
00:12:17,120 --> 00:12:18,770
I need to set an option.

118
00:12:21,950 --> 00:12:25,820
A kind of minimum protocol is equal to 21.

119
00:12:33,090 --> 00:12:42,680
So this minimum protocol will use used for assembly if the, uh, the Sarasate protocol is very old

120
00:12:42,690 --> 00:12:43,000
version.

121
00:12:43,410 --> 00:12:47,940
Now I want to type in my car the next Passacaglia and there we go.

122
00:12:47,940 --> 00:12:51,150
What the shell of shares names.

123
00:12:51,510 --> 00:12:58,750
And we can see the exact shape names we got from the and map as an assembly item shares script.

124
00:12:59,430 --> 00:13:09,800
We see the print term of ABC admin, etc. So now we connect to these, uh, shares and let's see what

125
00:13:10,080 --> 00:13:11,730
it's inside these shapes.

126
00:13:20,060 --> 00:13:30,530
So can I just remove this shell and I need to specify, let's set them up so I could open the password

127
00:13:31,760 --> 00:13:38,060
so you can see anonymous login, successful and I can say help to get the comments I can run.

128
00:13:38,210 --> 00:13:44,270
So this is similar to this, uh, FPP a coming right address.

129
00:13:46,010 --> 00:13:47,920
So we have got these files.

130
00:13:49,010 --> 00:13:52,620
I think these are not very much interested.

131
00:13:53,900 --> 00:13:58,880
So let me ask this and let me go into this.

132
00:14:04,190 --> 00:14:15,440
So it says that I like, but we got the debate because anonymous login is not enough for this app and

133
00:14:15,440 --> 00:14:20,840
we try to log in as every lawyer, maybe we get the same error.

134
00:14:27,260 --> 00:14:34,460
So all these samadhi shirts are allowed for the anonymous login and some other shows are not available

135
00:14:34,460 --> 00:14:35,310
for the Anonymous.

136
00:14:36,800 --> 00:14:40,510
So these are these comments you need to remember.

137
00:14:40,760 --> 00:14:44,240
But there is one more tool called in on for Linux.

138
00:14:44,240 --> 00:14:53,580
This will do every enumeration possible for the SMB assembly server assembly service, oddly enough,

139
00:14:53,630 --> 00:14:56,790
for Linux, minus, say, for all types of enumeration.

140
00:14:56,810 --> 00:14:58,550
I need to specify the IP address.

141
00:15:02,990 --> 00:15:05,540
So as you can see, you've got a bunch of information.

142
00:15:06,590 --> 00:15:13,480
This is Target and other deviants and the user name Blank Parcel is blank non user names, it just brutal.

143
00:15:13,490 --> 00:15:20,630
The user names, administrative domain through, admin through and etc. And they've got the main work

144
00:15:20,630 --> 00:15:22,100
group now that is workgroup.

145
00:15:24,560 --> 00:15:31,190
And you can see there are so many services, you can see the Mercado's are nurse and session taking

146
00:15:31,190 --> 00:15:39,100
on this I.P. address server does not at all session using username and password.

147
00:15:39,320 --> 00:15:48,240
Not so since we do not get this, you know, for the next failure to log in via Anonymous, then it

148
00:15:48,270 --> 00:15:50,420
aborted the ending of.

149
00:15:51,920 --> 00:15:55,060
So these are pretty much these tools.

150
00:15:55,070 --> 00:15:59,900
You can use this as somebody in operation to get much more juicy information.

151
00:16:01,580 --> 00:16:08,400
Um, get excited about this submarine operation, if you will.

152
00:16:08,480 --> 00:16:09,080
Conclusive?

153
00:16:09,120 --> 00:16:09,590
No.

154
00:16:10,460 --> 00:16:18,950
Then we will do some other rooms and then I will show you how these actually connect to the ships and

155
00:16:18,950 --> 00:16:20,140
how we get information.

156
00:16:20,540 --> 00:16:22,130
So no need to worry about these.

157
00:16:22,550 --> 00:16:27,080
We just are just to demonstrate that these tools are available for these purposes.