1
00:00:01,140 --> 00:00:03,300
What exactly is a vulnerability?

2
00:00:04,220 --> 00:00:10,610
We talked about process of gaining access and making target executable commands, but let us explain

3
00:00:10,910 --> 00:00:13,310
what happens once we exploit the vulnerability.

4
00:00:14,030 --> 00:00:15,630
Well, let's start like this.

5
00:00:15,950 --> 00:00:22,220
And trust me, if it sounds a little complicated, it will be more clear once we get to practical examples

6
00:00:22,430 --> 00:00:23,380
in the next few weeks.

7
00:00:24,430 --> 00:00:32,380
For now, let's explain it like this, we know that developers write programs, they use their code,

8
00:00:32,530 --> 00:00:38,980
which can be written in any language, whether it is Python, Java, C or some other language.

9
00:00:39,370 --> 00:00:44,080
The goal for developer is to create a software using a programming language.

10
00:00:44,560 --> 00:00:48,580
And as we mentioned, that software can be based on any language whatsoever.

11
00:00:49,060 --> 00:00:54,520
Once the software is complete and it goes through a few test checks and security checks, then that

12
00:00:54,520 --> 00:00:58,750
software gets deployed on machines and it can be run from those machines.

13
00:01:00,050 --> 00:01:01,860
This can be any type of software.

14
00:01:01,910 --> 00:01:09,080
It doesn't matter, however, the problem occurs once that software is open to the Internet, for example,

15
00:01:09,500 --> 00:01:13,760
FTP is open and some machines and servers for file transfer protocol.

16
00:01:14,630 --> 00:01:22,210
S.H. could also be open for secure connection, HTP could be open to host a Web page that clients connected.

17
00:01:22,970 --> 00:01:29,720
Basically if your software is hosted on an open port, then it is also open for possible attacks from

18
00:01:29,720 --> 00:01:30,340
the outset.

19
00:01:31,130 --> 00:01:36,170
And as we already know, that the software is consisted of code that developers wrote.

20
00:01:37,120 --> 00:01:44,170
Problem occurs if that code is not well written, if it has some bugs now, it doesn't necessarily mean

21
00:01:44,170 --> 00:01:47,350
that if there is a bug that we can exploit the target.

22
00:01:47,920 --> 00:01:54,340
But sometimes those bugs can be critical and the attacker could use that bug to make software act in

23
00:01:54,340 --> 00:01:56,350
a way that it is not intended to.

24
00:01:57,130 --> 00:01:59,620
That's called exploitable vulnerability.

25
00:02:00,160 --> 00:02:07,240
Usually once exploited, we drop a payload or a shell back so we can control that machine and do what

26
00:02:07,240 --> 00:02:07,890
we want with it.

27
00:02:08,470 --> 00:02:14,040
Once a bug or vulnerabilities discovered, it gets that name that we've seen for vulnerabilities in

28
00:02:14,050 --> 00:02:19,540
cases that starts with CVT and then the year or when the vulnerability first occurred.

29
00:02:20,350 --> 00:02:28,090
I want ability that exists and has not been patched yet by the vendors is called zero day, usually

30
00:02:28,090 --> 00:02:32,500
as soon as critical zero days discovered, it gets patched almost immediately.

31
00:02:32,920 --> 00:02:38,520
But you will see examples of zero days that were used for months before anyone found out about them.

32
00:02:39,250 --> 00:02:43,690
The most recent one was in 2017, when they want to cry.

33
00:02:43,690 --> 00:02:47,500
Ransomware occurred and infected a bunch of hospitals and police stations.

34
00:02:48,010 --> 00:02:53,830
It was based on an exploit called Eternal Blood, which was created and used by NSA.

35
00:02:54,430 --> 00:03:00,340
They never reported it and used it for their attacks until those exploits got stolen from them and got

36
00:03:00,340 --> 00:03:00,760
leaked.

37
00:03:01,370 --> 00:03:05,650
We will see in this course a lot of reasons, zero days that are now patched.

38
00:03:06,040 --> 00:03:09,760
Some of them will even be as recent as just a few months ago.

39
00:03:10,360 --> 00:03:14,290
However, all of this makes sense if the target has a vulnerability.

40
00:03:14,980 --> 00:03:19,400
But remember, vulnerabilities don't always have to be of technical nature.

41
00:03:20,080 --> 00:03:27,190
Imagine a company with a bunch of networked servers and machines fully secured and also protected by

42
00:03:27,190 --> 00:03:28,440
the best firewall.

43
00:03:29,170 --> 00:03:31,660
No security holes, no vulnerabilities.

44
00:03:32,260 --> 00:03:38,020
We can't even scan the target to figure out its infrastructure because its protection is so good.

45
00:03:38,880 --> 00:03:46,140
Now, imagine an employee that works there, let's call him John and let's focus on John at the moment.

46
00:03:47,310 --> 00:03:48,610
John likes cars.

47
00:03:49,170 --> 00:03:56,130
He usually searches for car pictures and videos while working one day he gets an email from a person

48
00:03:56,130 --> 00:03:58,980
that has email name exactly the same as his colleague.

49
00:03:59,730 --> 00:04:02,280
In that email, there is a car picture.

50
00:04:02,760 --> 00:04:06,720
He sees that the email is coming from his colleague, so he doesn't question it.

51
00:04:07,080 --> 00:04:11,790
Therefore, he opens that picture at work and it indeed is a car picture.

52
00:04:12,390 --> 00:04:18,600
But does he know that email was spoofing an email for him so that at the first glance it looks like

53
00:04:18,600 --> 00:04:25,080
it comes from his colleague and that picture opened a car image, but it also ran over a malicious program

54
00:04:25,080 --> 00:04:25,920
in the background.

55
00:04:26,900 --> 00:04:35,540
What happens next now, John, Super Computer is infected and he doesn't even know it, and from his

56
00:04:35,540 --> 00:04:41,630
computer, we can compromise the entire network and the entire inside of the company.

57
00:04:42,510 --> 00:04:45,810
Now, this is just an example, but stuff like this happens a lot.

58
00:04:46,470 --> 00:04:52,380
Matter of fact, most of the hacking that happens that you read about happens this way and not by someone

59
00:04:52,380 --> 00:04:55,570
finding a zero day vulnerability on a fully secured company.

60
00:04:56,310 --> 00:04:59,310
Remember, people are always the weakest spot.

61
00:04:59,640 --> 00:05:05,070
So if you can hack something through them, why would you bother trying to discover a technical vulnerability

62
00:05:05,070 --> 00:05:06,660
that might not even be there?

63
00:05:07,440 --> 00:05:08,340
In the next video?

64
00:05:08,640 --> 00:05:14,010
We're only left to talk briefly about shells and different types of shells that we want to drop once

65
00:05:14,010 --> 00:05:15,000
exploiting the target.

66
00:05:15,580 --> 00:05:21,530
After that, we are ready to get our hands dirty and start gaining access to our target machine.

67
00:05:22,200 --> 00:05:23,190
See you in the next video.