1
00:00:00,420 --> 00:00:07,620
So it's harder to further next escalation is password reuse, so if you before getting any reversal,

2
00:00:07,620 --> 00:00:12,120
you may have face some current are usernames or something.

3
00:00:12,420 --> 00:00:15,950
So if you gain any credentials, you try to use them.

4
00:00:15,960 --> 00:00:19,800
Uh, if that user will have the room privileges.

5
00:00:20,190 --> 00:00:24,390
So you can always use the, uh, gather credentials.

6
00:00:24,760 --> 00:00:29,810
OK, and also you can sit in the home territory.

7
00:00:29,820 --> 00:00:31,410
That is the best.

8
00:00:32,250 --> 00:00:38,190
So generally a normal testing this file can be labeled so you cannot treat.

9
00:00:39,810 --> 00:00:43,760
This fight, so sometimes it may be the intentional way to get the route.

10
00:00:44,340 --> 00:00:45,500
So are you today.

11
00:00:45,760 --> 00:00:53,640
Uh, she got started, so it will be are the contents of the first.

12
00:00:55,310 --> 00:01:02,300
That is the natural history and history, etc. And so you can see, uh, this is my previous comment

13
00:01:03,260 --> 00:01:11,900
and, uh, and you can see there is a MySQL connection to the host and the user is rude and the password

14
00:01:11,900 --> 00:01:12,020
is.

15
00:01:16,210 --> 00:01:22,240
So that means this some horse, not Rockall, maybe our own IP address.

16
00:01:22,550 --> 00:01:26,920
Also, let's get see if she.

17
00:01:37,000 --> 00:01:37,840
Was.

18
00:01:41,240 --> 00:01:47,400
So they're to be in the role of any other local address and some not local.

19
00:01:47,870 --> 00:01:52,280
So you can bring that if I think it's our own.

20
00:01:52,970 --> 00:02:00,100
So what you can do is you can say suru switch to root and type the password password one, two, three.

21
00:02:00,350 --> 00:02:03,000
So you can do that so you can see we are successful.

22
00:02:03,680 --> 00:02:07,630
So there is a username and password nerdish profile.

23
00:02:08,600 --> 00:02:10,260
So now let's add zip.

24
00:02:10,970 --> 00:02:14,240
So we have some of the profile.

25
00:02:14,270 --> 00:02:16,010
You can also be the content of the.

26
00:02:20,190 --> 00:02:29,700
And you can see there is a connection and then other users pass, the credentials are stored in this

27
00:02:30,240 --> 00:02:30,750
order.

28
00:02:31,410 --> 00:02:40,170
Let's get you the contents of the two can see the root password and the password so you can use this

29
00:02:40,170 --> 00:02:41,290
to switch to register.

30
00:02:42,380 --> 00:02:49,080
And another thing you can do is you can go to the router three and you can search for any hidden files.

31
00:02:50,670 --> 00:02:53,260
So 105 you can do is not a sausage.

32
00:02:53,430 --> 00:02:59,580
So if you have the private key access, then you can use that to logging into the register without any

33
00:02:59,580 --> 00:03:00,150
password.

34
00:03:00,390 --> 00:03:02,010
Let's go to the directory.

35
00:03:04,230 --> 00:03:06,460
That's a less minister.

36
00:03:14,260 --> 00:03:17,960
So you can see how that relaxes, OK?

37
00:03:17,980 --> 00:03:27,150
So that means we need to set the currency for and see it more in case if you have the right access unit.

38
00:03:27,820 --> 00:03:29,850
So that means this is it.

39
00:03:29,990 --> 00:03:36,200
Uh, ID only works with this, uh, four zero zero all the through permissions.

40
00:03:37,090 --> 00:03:40,890
So in this case, it's not required because we have one to permissions.

41
00:03:41,230 --> 00:03:53,080
So now with this, uh, ID you can use I to identify this rootkit and then you can see a route at this

42
00:03:53,080 --> 00:03:53,950
IP address.

43
00:03:55,390 --> 00:03:59,470
It's sort of been copied, this IP address and paste here.

44
00:04:01,870 --> 00:04:09,670
And say yes, and you can see we the root, so in this way you can root the passwords we have and you

45
00:04:09,670 --> 00:04:13,760
can also search for any files that is having something, any juicy information.

46
00:04:14,350 --> 00:04:23,890
So always check for the user passwords and take for match three and and these private keys and also

47
00:04:23,890 --> 00:04:29,860
any other suspicious files that can also hold to that passwords.

48
00:04:30,850 --> 00:04:41,740
So you can also go to the city where available w the less CDH diamond the less so generally there is

49
00:04:41,740 --> 00:04:50,110
only one had offer in case PSP is installed on this box, then it can in some configuration files.

50
00:04:50,290 --> 00:04:57,240
So you can also view those configuration files to get any juicy information like log in to MySQL, etc..