1
00:00:00,480 --> 00:00:06,600
OK, yes, and this ruling within the works machine, and this is the return mission to this mission,

2
00:00:06,610 --> 00:00:11,070
we need to subscribe to the VIP subscription and which cards to work.

3
00:00:12,210 --> 00:00:13,010
Fifteen dollars?

4
00:00:13,230 --> 00:00:13,950
I think so.

5
00:00:15,210 --> 00:00:17,500
It's four dollars per month, OK.

6
00:00:18,660 --> 00:00:20,930
So after a subscription, you can shut the machine.

7
00:00:34,260 --> 00:00:40,980
So copy this IP address, and they have already done that and map scans for the box using the transfer

8
00:00:41,520 --> 00:00:42,710
or the timing for.

9
00:00:42,780 --> 00:00:48,580
And we have these ports and you can see here receptively, server 201 four.

10
00:00:49,020 --> 00:00:51,390
So what we need is we need to cover this.

11
00:00:51,840 --> 00:00:59,100
And basically here now, you can see here, two, that the its own website saying that this has the

12
00:00:59,100 --> 00:01:00,480
vector current execution.

13
00:01:03,070 --> 00:01:05,310
So you can see them at a support expert here.

14
00:01:05,390 --> 00:01:10,990
Years of corporate and corporate reform underscore back to, OK, that is we are going to use No.

15
00:01:13,180 --> 00:01:22,590
So you can just set for years of tippity now you can see the expert here who use that used Girot.

16
00:01:25,390 --> 00:01:33,340
So, Garrett, let me take the show options and now you can see the are and airport since airport piece

17
00:01:33,340 --> 00:01:39,320
21, that is if we can simply put the aHUS where we can see said G.

18
00:01:40,880 --> 00:01:41,870
Our first.

19
00:01:47,120 --> 00:01:48,220
And then three.

20
00:01:52,940 --> 00:01:57,110
So now what do you need to do is you need to executer Ranka.

21
00:02:10,940 --> 00:02:16,760
So now you can also do the manual exploitation using the python, so you can see there is a link for

22
00:02:16,760 --> 00:02:21,110
the ghetto python expert so you can click on this or you can download this one.

23
00:02:22,430 --> 00:02:25,610
And I have already done all this research here.

24
00:02:26,390 --> 00:02:30,230
So you can see this is the python years after we could refer to it.

25
00:02:30,710 --> 00:02:33,430
So that python three weeks.

26
00:02:34,610 --> 00:02:37,040
So we use of Tibaldi and minus.

27
00:02:37,040 --> 00:02:45,080
Hej, so this is IBRD support and cover so that for Pendent and three.

28
00:02:48,410 --> 00:02:52,190
And the boat is 21, and it's the comment I want the executives who are my.

29
00:02:56,580 --> 00:03:02,940
So it's OK to go back to attempting to control the battle so you can see them despite expert computer,

30
00:03:02,940 --> 00:03:04,270
but no decision was created.

31
00:03:04,800 --> 00:03:13,680
So actually, this machine was not there to exploit this where there is a firewall to obstruct on the

32
00:03:13,680 --> 00:03:15,450
board, six two zero zero from the back.

33
00:03:15,870 --> 00:03:19,090
So that's what we are unable to connect to a backdoor.

34
00:03:19,650 --> 00:03:26,220
So if ever whenever you find this we of people to differentiate, you can run this exploit are the matters.

35
00:03:26,220 --> 00:03:26,430
Right?

36
00:03:27,630 --> 00:03:30,150
So in our case, this box is not one.

37
00:03:30,710 --> 00:03:33,510
We are not for this expert, even though it has this.

38
00:03:34,440 --> 00:03:39,780
Now, what we can do is we can go on tour and my screen and you can see what other airports you can

39
00:03:39,780 --> 00:03:41,350
see around and forward.

40
00:03:41,370 --> 00:03:46,770
If I, uh, Sumba assembly protocol is open.

41
00:03:46,990 --> 00:03:51,330
Now, what you can do is you can copy this and you can it in Google.

42
00:03:55,320 --> 00:04:03,240
So you can see that rabbit, his own Web side we have this is a map script to cover an execution so

43
00:04:03,240 --> 00:04:05,820
you can see your user map.

44
00:04:05,820 --> 00:04:09,630
And so we are going to use this expert to spread the machine.

45
00:04:11,040 --> 00:04:13,380
So now search for.

46
00:04:15,020 --> 00:04:18,480
User map, so you can see this is the expert.

47
00:04:18,770 --> 00:04:23,860
Now you can simply say use Google to show options.

48
00:04:25,520 --> 00:04:29,030
So I said that that is more zero adapter.

49
00:04:29,390 --> 00:04:36,980
And that said, our hosts, we are set as a global ZG, transparent, independent country and entertainment.

50
00:04:37,250 --> 00:04:42,940
And what you need to do is you can simply run the better exploit.

51
00:04:42,950 --> 00:04:46,880
So you can see comment section one open.

52
00:04:46,880 --> 00:04:55,860
You cannot see any, uh, shell or at least you can say you can say less here and you'll get all you

53
00:04:56,000 --> 00:05:00,950
can also upgrade to the tuition or we can just take care to.

54
00:05:03,940 --> 00:05:21,070
Router B, so we can say Kreenholm, unless there is a user Makahs, so we can see Caird make this user

55
00:05:21,070 --> 00:05:22,120
not be.

56
00:05:25,880 --> 00:05:29,570
Connie Mack is a Las.

57
00:05:35,410 --> 00:05:44,170
Card you not it's so OK, we have actually got these two friends and you can also say who you are.

58
00:05:44,320 --> 00:05:48,180
This is the Russians, so we are successfully building this machine.

59
00:05:48,610 --> 00:05:51,810
So this is using the matters right now.

60
00:05:51,820 --> 00:05:56,310
What I'm going to do is bring a manual explanation that is without widespread.

61
00:06:00,950 --> 00:06:04,040
So, OK, now we have this SUV.

62
00:06:04,910 --> 00:06:15,530
Now let's use the same I to see any listing of ships before that, I want to show you something that

63
00:06:15,530 --> 00:06:17,730
is looking at a similar configuration file.

64
00:06:19,250 --> 00:06:22,520
So you need to modify some changes.

65
00:06:23,630 --> 00:06:24,410
So on.

66
00:06:28,390 --> 00:06:35,620
They've been your computer password, now you need to add these two lanes, so that is kind of protocol

67
00:06:35,620 --> 00:06:40,410
and B1 and Max protocol and cemetery, so otherwise you'll get this error.

68
00:06:40,690 --> 00:06:41,980
So I will show you the error.

69
00:06:46,790 --> 00:06:53,150
So some background inventory, so you can do this, you can see protocol, negotiation for now, we

70
00:06:53,150 --> 00:06:59,060
need to add this to and so add these two lines I have already added before I can just promote this comment.

71
00:07:01,500 --> 00:07:02,250
I'm sorry.

72
00:07:06,480 --> 00:07:07,670
You know, I of.

73
00:07:10,420 --> 00:07:12,960
So we have a the file.

74
00:07:13,040 --> 00:07:21,670
Now, what we can do is we can run the same comment, lifting the ships, hit, enter and type in the

75
00:07:21,670 --> 00:07:22,260
password.

76
00:07:23,720 --> 00:07:31,230
Now, again, CNN was successful, beginning to bring together three of the ABC and you can also see

77
00:07:31,270 --> 00:07:31,760
temporary.

78
00:07:32,080 --> 00:07:35,200
So that means it's almost writable.

79
00:07:35,260 --> 00:07:42,340
So we can connect to this Tumblr, get some background IP address.

80
00:07:46,220 --> 00:07:46,510
Tim.

81
00:07:49,090 --> 00:07:50,200
They've been the for.

82
00:07:52,500 --> 00:07:59,540
So you can say help govern so you can read all these comments, so now it is using a cemetery protocol

83
00:07:59,540 --> 00:08:02,350
to know how to execute some payload.

84
00:08:03,300 --> 00:08:10,620
So that means we need to find this user script like a manual battle so far that we need to use such

85
00:08:10,650 --> 00:08:13,800
spread since Friday samba.

86
00:08:16,050 --> 00:08:18,060
Sombat 3.0.

87
00:08:21,970 --> 00:08:29,860
You can see here the part so not choose the innocent and also remote one, so you can see here using

88
00:08:29,860 --> 00:08:30,370
a map.

89
00:08:30,730 --> 00:08:33,340
So this is a manual Rubyfruit.

90
00:08:33,370 --> 00:08:38,610
So what we can do is we can copy this one and we need to get the location of this.

91
00:08:38,620 --> 00:08:40,240
Look at this.

92
00:08:41,650 --> 00:08:42,680
So it's here.

93
00:08:43,000 --> 00:08:47,460
So let's go with this and let's see the contents of this Ruby script.

94
00:08:49,610 --> 00:08:49,820
So.

95
00:08:51,290 --> 00:08:58,540
So this is the other and architecture and proper type is coming.

96
00:08:58,670 --> 00:08:59,110
OK.

97
00:09:02,560 --> 00:09:03,340
No.

98
00:09:04,780 --> 00:09:12,180
So username is equal to this one, so we are going to change the user name to this one, so she's going

99
00:09:12,190 --> 00:09:15,610
to know her comment.

100
00:09:15,870 --> 00:09:22,840
OK, now we can switch to go use the note using the log on current log on.

101
00:09:22,960 --> 00:09:26,560
And what you need to do is you need to push this button here.

102
00:09:27,190 --> 00:09:34,680
So let's push together right now and we need to put the command here.

103
00:09:34,990 --> 00:09:40,810
So instead of their normal comment, what I can do is I can start the net cut with.

104
00:09:45,440 --> 00:09:48,690
So now we are visiting on the boat, one, two, three, four.

105
00:09:49,010 --> 00:09:54,320
Now we can see and see and we put the IP address of our battered machine.

106
00:10:00,410 --> 00:10:09,590
IP address and executed been a search, OK, now know the.

107
00:10:16,540 --> 00:10:24,190
Now, the coalition's quote in this comment, I think we have done enter and password dental, so the

108
00:10:24,190 --> 00:10:25,330
comment will be executed.

109
00:10:25,960 --> 00:10:31,560
You can connect to our from or not and then three or four on this on it.

110
00:10:31,570 --> 00:10:35,820
So we are going to say we are my group.

111
00:10:36,640 --> 00:10:39,480
So you can also display the text for.

112
00:10:45,250 --> 00:10:51,860
OK, so in this way, you can use the search Sprite to find the manner to find the actual expert first,

113
00:10:51,880 --> 00:10:55,390
and you can try the coordinate and execute in a similar way.

114
00:10:55,690 --> 00:10:58,710
So it's a is like a template for these experts.

115
00:10:58,710 --> 00:11:02,440
You can directly run the command, but in the background it will execute the payload.

116
00:11:02,830 --> 00:11:08,620
So, yeah, we have successfully partnered up the machine from the box.