1
00:00:00,800 --> 00:00:01,510
Welcome back.

2
00:00:02,090 --> 00:00:08,930
In this small section, we are going to cover some big ghost Windows 10 vulnerability since there is

3
00:00:08,930 --> 00:00:12,900
no manual available for the metal plate framework regarding this vulnerability.

4
00:00:13,490 --> 00:00:21,260
We are going to need to exploit it manually and by manually, I mean, we will have to find a working

5
00:00:21,260 --> 00:00:28,240
exploit ourselves, run it ourselves and redirect the connection to our Linux machine ourselves.

6
00:00:29,260 --> 00:00:35,410
All of these tasks met this framework did for us automatically, and since we can't really rely on tools,

7
00:00:35,590 --> 00:00:41,140
we're going to learn through this window stand vulnerability, how we can do all of that ourselves.

8
00:00:41,950 --> 00:00:45,450
Now, the possibility that we're exploiting is rather new.

9
00:00:45,790 --> 00:00:49,290
I believe it got disclosed in June 2020.

10
00:00:49,300 --> 00:00:53,500
And for this we will need to install Windows 10 virtual machine.

11
00:00:54,100 --> 00:00:57,070
Not all versions are vulnerable since it got patched.

12
00:00:57,280 --> 00:01:01,900
So we will have to install a vulnerable version of Windows 10 machine.

13
00:01:02,410 --> 00:01:09,910
Since this as well is an SMB ability, we won't need any additional software to run on our target machine

14
00:01:09,910 --> 00:01:15,460
for this exploit work, which makes it even more dangerous, just like the previous two vulnerabilities

15
00:01:15,700 --> 00:01:18,010
which were eternal blue and the blue keep.

16
00:01:18,340 --> 00:01:19,980
But they were attacking Windows seven.

17
00:01:20,140 --> 00:01:22,180
This one attacks Windows 10.

18
00:01:23,020 --> 00:01:29,260
All our target needs to have eSport for four or five open and some previous version of Windows 10.

19
00:01:30,150 --> 00:01:37,140
The exact vulnerable version that we are looking for is either Windows 10, 19 or three or Windows 10

20
00:01:37,140 --> 00:01:38,060
ninety nine.

21
00:01:38,700 --> 00:01:42,360
So you will need ISO file, as usual, to create this machine.

22
00:01:42,720 --> 00:01:46,530
And both of these versions are vulnerable to the SMB ghost attack.

23
00:01:47,130 --> 00:01:52,490
Let me show you right now where we can download a previous version of Windows 10 ISO file.

24
00:01:52,950 --> 00:01:58,980
And by the way, we will be using this Windows machine in the next section as well to test the payloads

25
00:01:58,980 --> 00:01:59,910
that we will create.

26
00:02:00,630 --> 00:02:02,040
But more about that later on.

27
00:02:02,250 --> 00:02:06,690
For now, let's focus on creating our virtual environment for this attack.

28
00:02:07,440 --> 00:02:14,550
So what you want to do first is you want to navigate to this Rufous, that IEEE website and this software

29
00:02:14,550 --> 00:02:20,130
right here that we're going to download is used to create bootable USB drives with the ISO files.

30
00:02:20,490 --> 00:02:23,540
Now, you might be asking, well, why are we going to need this?

31
00:02:23,550 --> 00:02:27,140
We're not going to put into our computer over USB drive.

32
00:02:27,150 --> 00:02:30,210
We are installing a virtual machine, and that is true.

33
00:02:30,630 --> 00:02:37,000
But this software also offers us to download some previous versions of Windows and Operating System.

34
00:02:37,590 --> 00:02:43,770
That's why you want to go down here, click on this Rufous three point eleven and download the file.

35
00:02:44,070 --> 00:02:46,470
It is the size of one point one megabyte.

36
00:02:46,860 --> 00:02:51,240
Once you download it, you should be having this file right here on the desktop.

37
00:02:52,250 --> 00:02:56,600
Double click on that file and ask for the password you want to click on.

38
00:02:56,600 --> 00:02:58,330
Yes, or type in the password.

39
00:02:58,910 --> 00:03:04,070
And right here where we want to go is this arrow next to the select button.

40
00:03:04,910 --> 00:03:06,250
Now, here's a small advice.

41
00:03:06,920 --> 00:03:09,800
Sometimes this arrow right here will not appear.

42
00:03:10,130 --> 00:03:14,840
And it actually did not appear to me once I downloaded this software for the first time.

43
00:03:15,150 --> 00:03:19,460
So what I did is I tried restarting this program several times.

44
00:03:19,460 --> 00:03:23,660
So just close this, open this again, close it and open it again.

45
00:03:23,900 --> 00:03:24,730
That might work.

46
00:03:24,740 --> 00:03:31,130
And what also might work is going right here to the application settings and changing this check for

47
00:03:31,130 --> 00:03:34,790
updates, then click on close, restart the program.

48
00:03:34,940 --> 00:03:42,170
And eventually this error right here should appear once it appears, click on it and click on download.

49
00:03:42,590 --> 00:03:48,380
And once you select the download, click on download once again and this will start running download

50
00:03:48,380 --> 00:03:50,510
script in just a few seconds.

51
00:03:50,810 --> 00:03:54,080
You should have this small window pop up here.

52
00:03:54,080 --> 00:03:59,270
We want to select what operating system we want to download if I click on here.

53
00:04:00,980 --> 00:04:06,260
It will ask me if I want Windows eight or Windows 10, I want to select Windows 10, click on Continue.

54
00:04:07,640 --> 00:04:11,740
In the next step, it will ask me which exact police do I want to select?

55
00:04:11,750 --> 00:04:20,930
And right here we want to go with this one, which is 1981, built one eight three six two, the three

56
00:04:20,930 --> 00:04:21,620
five six.

57
00:04:21,920 --> 00:04:27,290
And it says right here, the date is two thousand nineteen September or ninth month.

58
00:04:28,010 --> 00:04:31,390
So click on this right here, then click and continue.

59
00:04:32,120 --> 00:04:33,950
You can select Windows 10 home.

60
00:04:35,240 --> 00:04:36,350
And continue here as well.

61
00:04:37,310 --> 00:04:39,140
Language we can leave on English.

62
00:04:41,410 --> 00:04:48,040
And the last step, which is architecture, we can leave on x 64, then you can click on download right

63
00:04:48,040 --> 00:04:50,820
here or you can download using a browser.

64
00:04:51,070 --> 00:04:55,080
If you simply just click on download, it will open the file explorer.

65
00:04:55,120 --> 00:04:58,670
And here you can pick where you want to save it on your desktop.

66
00:04:59,020 --> 00:05:04,120
Keep in mind that the size of the file is around five gigabytes, so this will take some time since

67
00:05:04,330 --> 00:05:05,240
they have it downloaded.

68
00:05:05,380 --> 00:05:07,720
I will not be downloading it again for you.

69
00:05:07,720 --> 00:05:11,230
Just wait for the download to finish and you should have Windows 10.

70
00:05:11,480 --> 00:05:17,160
I so far already make sure that you pick the exact same version that I did right here.

71
00:05:17,410 --> 00:05:20,910
And once all of that is finished, you can close this program.

72
00:05:21,760 --> 00:05:25,460
The next step is to install Windows 10 virtual machine.

73
00:05:26,260 --> 00:05:28,810
So already got one running right here.

74
00:05:28,840 --> 00:05:32,330
And for you, you can do it the same way that we did with any other machines.

75
00:05:32,330 --> 00:05:34,060
So just type windows.

76
00:05:35,060 --> 00:05:42,260
Then select right here, Microsoft Windows, Windows 10, 64 bit, click on next, choose two gigabytes

77
00:05:42,260 --> 00:05:45,470
of RAM or choose the same amount of RAM that you use for the Windows seven.

78
00:05:45,530 --> 00:05:46,370
Click on Next.

79
00:05:46,760 --> 00:05:48,800
Here, we want to create a virtual hard disk.

80
00:05:48,830 --> 00:05:51,620
All of these steps we can expect next here.

81
00:05:51,620 --> 00:05:59,120
I got twenty five gigabytes in my case and you can choose whatever you want right here and this will

82
00:05:59,120 --> 00:06:00,690
create your virtual machine.

83
00:06:01,130 --> 00:06:03,650
Now, since I already have it, I will delete it.

84
00:06:03,650 --> 00:06:09,650
But before I deleted another two settings that you want to choose is as we did with the Windows seven

85
00:06:09,650 --> 00:06:17,030
machine, under the storage, under the empty, you want to remove and you want to add the Windows 10

86
00:06:17,750 --> 00:06:19,670
file, which I have right here.

87
00:06:20,610 --> 00:06:26,820
The next setting that you want to change is from that to bridge the chapter, once you do all of that,

88
00:06:26,970 --> 00:06:30,190
you can start the process of installing Windows 10.

89
00:06:30,990 --> 00:06:34,790
Now, there is not an important step in Windows 10 installations.

90
00:06:34,810 --> 00:06:41,250
You can do it however you want, but just to protect once it gets to the part where it asks you for

91
00:06:41,250 --> 00:06:47,250
the account creation, where you need to specify an email address and all of that, you can skip that

92
00:06:47,250 --> 00:06:54,180
part by unplugging your device from the Internet and then it will allow you to create and offline Windows

93
00:06:54,180 --> 00:06:58,260
account so you won't need to create an e-mail for the Windows 10 account.

94
00:06:58,590 --> 00:07:00,330
All of the other steps are not important.

95
00:07:00,360 --> 00:07:06,180
You can do them as you like, and once you do all of that, you can start your Windows 10 machine.

96
00:07:07,280 --> 00:07:13,370
Another thing that we need to do to get our Winterstein machine fully ready for this attack is to disable

97
00:07:13,400 --> 00:07:14,000
the firewall.

98
00:07:14,330 --> 00:07:16,640
So go down here type control panel.

99
00:07:18,110 --> 00:07:23,000
And the way we disable it on Windows 10 is the same way that we disabled it on Windows seven.

100
00:07:23,430 --> 00:07:25,400
So click on Control Panel right here.

101
00:07:26,090 --> 00:07:27,860
Click on System and Security.

102
00:07:29,740 --> 00:07:31,030
Windows defender fútbol.

103
00:07:32,250 --> 00:07:38,320
And turn it off in this button right here, which says, Turn Windows Defender, follow on or off.

104
00:07:38,610 --> 00:07:40,020
Mine is currently off.

105
00:07:40,680 --> 00:07:42,810
Once you do that, everything is ready.

106
00:07:42,810 --> 00:07:48,240
And you should be good to go for the next video where we are going to try to search for the exploit

107
00:07:48,240 --> 00:07:51,900
for this particular attack, see in the next video.