1 1 00:00:03,089 --> 00:00:05,523 So I've had a lot of students ask in the Q&A, 2 2 00:00:05,523 --> 00:00:07,694 "You showed us some techniques that work on Windows XP. 3 3 00:00:07,694 --> 00:00:10,700 "But will these same techniques work in Windows 7 or above?" 4 4 00:00:10,700 --> 00:00:12,119 Well yes the well. 5 5 00:00:12,119 --> 00:00:14,202 Now the particular exploit that we use, 6 6 00:00:14,202 --> 00:00:18,035 the Microsoft 08 tack 067 netapi vulnerability 7 7 00:00:18,960 --> 00:00:21,301 was very specifically geared toward Windows XP 8 8 00:00:21,301 --> 00:00:22,463 and Windows 2003. 9 9 00:00:22,463 --> 00:00:24,662 And it would work on some Windows 7 systems 10 10 00:00:24,662 --> 00:00:26,937 if they weren't patched against that vulnerability. 11 11 00:00:26,937 --> 00:00:29,386 Now that particular example, there isn't a whole lot 12 12 00:00:29,386 --> 00:00:31,871 like that when you start getting into the new 13 13 00:00:31,871 --> 00:00:34,004 operating systems like 7, 8, and 10 14 14 00:00:34,004 --> 00:00:35,432 because Microsoft has done a much better job 15 15 00:00:35,432 --> 00:00:37,784 of patching those type of vulnerabilities. 16 16 00:00:37,784 --> 00:00:39,320 Most of the exploits you're gonna find 17 17 00:00:39,320 --> 00:00:41,646 inside Windows 7, 8, and 10 are gonna be things 18 18 00:00:41,646 --> 00:00:43,996 that require some degree of social engineering, 19 19 00:00:43,996 --> 00:00:46,070 whether that is something that requires a user 20 20 00:00:46,070 --> 00:00:48,200 to click on a link to go to a particular website, 21 21 00:00:48,200 --> 00:00:50,111 to open a particular file that has viruses 22 22 00:00:50,111 --> 00:00:52,943 or trojans embedded that might give you some access 23 23 00:00:52,943 --> 00:00:54,690 or anything else of that nature. 24 24 00:00:54,690 --> 00:00:57,091 Now there was one that was recently released 25 25 00:00:57,091 --> 00:00:59,624 a couple weeks ago that is referred to 26 26 00:00:59,624 --> 00:01:01,036 as the eternal blue. 27 27 00:01:01,036 --> 00:01:04,292 So eternal blue came from a leak of documents 28 28 00:01:04,292 --> 00:01:06,479 and tool sets that this hacking group 29 29 00:01:06,479 --> 00:01:08,343 called Shadow Broker had found. 30 30 00:01:08,343 --> 00:01:10,674 And part of those leaks, somebody had taken the code 31 31 00:01:10,674 --> 00:01:12,757 and there's an SMV vulnerability 32 32 00:01:12,757 --> 00:01:15,397 very similar to what we did in the Windows XP stuff. 33 33 00:01:15,397 --> 00:01:18,028 And they actually turned that into a ransomware 34 34 00:01:18,028 --> 00:01:21,023 called WannaCry that has really made headlines. 35 35 00:01:21,023 --> 00:01:22,511 Well this particularly vulnerability 36 36 00:01:22,511 --> 00:01:23,797 that we're gonna use is actually called 37 37 00:01:23,797 --> 00:01:26,714 Microsoft 17 tack 010 eternal blue. 38 38 00:01:28,167 --> 00:01:31,172 And we're gonna use that here on a Windows 7 machine. 39 39 00:01:31,172 --> 00:01:33,380 Now Metasploit does have the ability to do this. 40 40 00:01:33,380 --> 00:01:34,532 You have to download the latest version 41 41 00:01:34,532 --> 00:01:36,289 of Metasploit by updating it. 42 42 00:01:36,289 --> 00:01:37,642 And if you're not sure how to do that, 43 43 00:01:37,642 --> 00:01:39,899 just google how to update my Metasploit. 44 44 00:01:39,899 --> 00:01:41,511 And you'll be able to connect your Metasploit terminal 45 45 00:01:41,511 --> 00:01:44,555 to the internet and download those latest patches. 46 46 00:01:44,555 --> 00:01:46,609 This one actually came out only four days ago. 47 47 00:01:46,609 --> 00:01:49,527 So this is May of 2017 when I'm filming this. 48 48 00:01:49,527 --> 00:01:51,572 And this is a brand new exploit 49 49 00:01:51,572 --> 00:01:53,234 that we're gonna be using. 50 50 00:01:53,234 --> 00:01:54,914 Now when we go into the next video I'm gonna 51 51 00:01:54,914 --> 00:01:57,092 show you step by step how this gonna work, 52 52 00:01:57,092 --> 00:01:59,264 how we're gonna set this up inside Kali Linux. 53 53 00:01:59,264 --> 00:02:00,946 It's gonna look very similar to what we did 54 54 00:02:00,946 --> 00:02:02,788 with our Windows XP stuff 55 55 00:02:02,788 --> 00:02:06,491 except that we're gonna be attacking a Windows 7 server. 56 56 00:02:06,491 --> 00:02:08,968 The ones that are vulnerable are Windows 7 57 57 00:02:08,968 --> 00:02:13,874 and Windows 2008 server, and they have to be 64-bit version. 58 58 00:02:13,874 --> 00:02:15,545 There is a version of this that people are 59 59 00:02:15,545 --> 00:02:17,426 in development for for Windows 8 and Windows 10 60 60 00:02:17,426 --> 00:02:19,328 but they're not released just yet. 61 61 00:02:19,328 --> 00:02:21,477 But again, these same techniques work all the time. 62 62 00:02:21,477 --> 00:02:22,706 If you just start doing some googling, 63 63 00:02:22,706 --> 00:02:24,309 you'll figure out what are the latest exploits 64 64 00:02:24,309 --> 00:02:26,018 and what the newest things are out there. 65 65 00:02:26,018 --> 00:02:27,801 I'll see you in the lab in the next video.