1
00:00:01,150 --> 00:00:07,390
So far in this course we've seen how to discover and exploit a large number of vulnerabilities.

2
00:00:07,960 --> 00:00:14,590
We've seen how we can exploit these vulnerabilities such as skill injections for inclusion and code

3
00:00:14,620 --> 00:00:21,310
execution and even file upload and get a reverse shell so that we'll actually have access to the server

4
00:00:21,310 --> 00:00:22,200
itself.

5
00:00:23,100 --> 00:00:29,580
And the file upload example we were able to upload a weekly show which gives us a lot of capabilities

6
00:00:29,610 --> 00:00:31,100
and a lot of features.

7
00:00:31,860 --> 00:00:37,770
In simpler examples like the code execution and in the SQL injection we only managed to get a reverse

8
00:00:37,770 --> 00:00:38,880
shell.

9
00:00:39,000 --> 00:00:43,830
So in this section we're going to see how we can interact with a reverse shell with Wheatley's shell

10
00:00:44,220 --> 00:00:49,150
and we'll see what can we do now that we actually have access to the target server.

11
00:00:50,010 --> 00:00:55,250
So I'm going to start with the reverse gel because it doesn't give us as much capabilities as we've

12
00:00:55,250 --> 00:00:55,730
lived.

13
00:00:55,890 --> 00:01:01,200
And then we'll see how we can escalate that to a shell and then we'll see what we can do after that.

14
00:01:01,650 --> 00:01:09,680
So first of all here I'm just going to listen on port 8 8 8 8 and so that I just want to get a reverse

15
00:01:09,680 --> 00:01:11,600
connection on this computer.

16
00:01:11,690 --> 00:01:16,440
Now I'm going to get my IP by running ifconfig.

17
00:01:16,520 --> 00:01:23,080
My IP is 10 2014 to 13.

18
00:01:23,190 --> 00:01:30,600
So I'm just going to go to my DVD and exploit the code execution vulnerability just so that we can have

19
00:01:30,660 --> 00:01:33,370
a reverse shell and then we'll see how we can interact with it.

20
00:01:33,370 --> 00:01:43,130
So I'm going to do this quickly because we've already spoke about it in the code execution lecture.

21
00:01:43,290 --> 00:01:45,960
So I'm just going to say at the security level to low

22
00:01:48,750 --> 00:01:56,110
and then go on the command execution make this bigger.

23
00:01:56,330 --> 00:01:59,000
And as you remember we used to put an IP address.

24
00:01:59,010 --> 00:02:05,630
I'm just going to put anything at the semicolon and then the code that we want to run and I want to

25
00:02:05,690 --> 00:02:08,960
get a connection using netcat so I'm going to do se

26
00:02:13,140 --> 00:02:15,340
and then with the port.

27
00:02:15,360 --> 00:02:20,720
Now this is the same code that we use and the scale injection we on Europe this in ph code.

28
00:02:20,730 --> 00:02:26,050
It's the same code that we use with the file inclusion vulnerabilities as well.

29
00:02:26,070 --> 00:02:31,620
So we'll actually be getting the same access as what we're getting in here when we exploit the other

30
00:02:31,620 --> 00:02:36,090
vulnerabilities the SQL injection and the local file inclusion.

31
00:02:36,110 --> 00:02:45,650
So if we go here now we actually have complete bash shell so we can run any bash commands we want the

32
00:02:45,650 --> 00:02:52,070
exact same commands that we've seen in the Linux basic section at the start of the scarse.

33
00:02:52,280 --> 00:02:57,530
Now in all of the previous lectures we used to stop once we get to this point and in the file upload

34
00:02:57,650 --> 00:03:01,630
as I said we got a weekly shell which gives us more more capabilities.

35
00:03:01,860 --> 00:03:07,780
So the first thing I'm going to teach you what can you do now with this access with their virtual access.

36
00:03:07,790 --> 00:03:12,260
Then once we know what you can do with that we're going to see how you could escalate this unconverted

37
00:03:12,260 --> 00:03:19,580
to a weekly show which allows you to do more attacks or allow you to do more things on the target computer.

38
00:03:19,580 --> 00:03:25,970
Once we have a weekly shell I will be at the same level as what you would gain when you exploit a file

39
00:03:25,970 --> 00:03:27,280
upload vulnerability.

40
00:03:27,290 --> 00:03:32,570
We'll see what could you do with that so you'll you'll learn a large number of powerful attacks like

41
00:03:32,570 --> 00:03:33,760
running system commands.

42
00:03:33,760 --> 00:03:38,360
Even if there are security on the target server you'll learn how to navigate to other web sites on the

43
00:03:38,360 --> 00:03:45,110
same server read upload and download files and access the database and bypass security measurements

44
00:03:45,380 --> 00:03:47,960
that might prevent you from doing these things.

45
00:03:49,450 --> 00:03:54,880
So the next lecture I'm going to start from here and we're going to keep building up on our access and

46
00:03:54,880 --> 00:03:57,160
we'll see what can we do on the target server.