1 00:00:00,510 --> 00:00:00,980 All right. 2 00:00:00,990 --> 00:00:04,530 So we're at the very last video for egg hunters. 3 00:00:05,880 --> 00:00:10,230 I think it's time for you to show you the actual exploit as it runs. 4 00:00:11,710 --> 00:00:12,630 So let's see. 5 00:00:12,670 --> 00:00:13,610 Command prompt. 6 00:00:13,630 --> 00:00:18,520 See my documents downloads up on server on 999. 7 00:00:20,120 --> 00:00:24,200 And is more time and metasploit. 8 00:00:25,780 --> 00:00:26,260 Sir. 9 00:00:28,120 --> 00:00:28,260 Oh. 10 00:00:28,300 --> 00:00:30,110 Host 000. 11 00:00:30,520 --> 00:00:32,650 Payload window flashing. 12 00:00:32,650 --> 00:00:34,270 Interpreter Flashers. 13 00:00:36,900 --> 00:00:37,700 Sad though. 14 00:00:37,710 --> 00:00:39,960 How close to 0.01.0.0. 15 00:00:40,680 --> 00:00:42,300 Remember when you generate the payload? 16 00:00:42,420 --> 00:00:45,690 The payload itself just has to have the connect back address. 17 00:00:46,110 --> 00:00:52,620 When you're touching the shell, you can always just specify yourself as 0.0.0.0 and it just means that 18 00:00:52,620 --> 00:00:54,300 you'll be listening on your whole machine. 19 00:00:56,380 --> 00:00:59,940 So since it's the last session of. 20 00:01:02,460 --> 00:01:06,690 Monastic the lesson navigate to. 21 00:01:09,590 --> 00:01:11,690 Our Dog control module. 22 00:01:17,030 --> 00:01:24,950 So this is really listening times to your C to the pie and we open up a mature show. 23 00:01:28,680 --> 00:01:32,010 So let's go in session one. 24 00:01:33,920 --> 00:01:34,290 See. 25 00:01:35,560 --> 00:01:35,950 How? 26 00:01:38,310 --> 00:01:39,790 Let's see if we can get the system. 27 00:01:40,170 --> 00:01:40,830 System? 28 00:01:43,030 --> 00:01:44,770 Got system via TikTok one. 29 00:01:48,170 --> 00:01:48,740 And let's see. 30 00:01:48,740 --> 00:01:50,240 We can dump the ashes. 31 00:01:53,710 --> 00:02:00,160 So now we have trackable intel, them hashes for administrator myself. 32 00:02:00,640 --> 00:02:02,290 All the other accounts are made. 33 00:02:06,890 --> 00:02:10,910 And let's see if we can drop in our shows and ask yourself the new user. 34 00:02:16,370 --> 00:02:20,510 All right, so let's see that user and I'll allow password. 35 00:02:20,590 --> 00:02:21,820 L allow that. 36 00:02:23,360 --> 00:02:27,200 That local group administrators. 37 00:02:29,570 --> 00:02:30,560 Well, flash at. 38 00:02:33,410 --> 00:02:35,130 See if we can get. 39 00:02:38,020 --> 00:02:38,500 I'm sorry. 40 00:02:38,510 --> 00:02:40,060 I always go into T-shirts. 41 00:02:47,030 --> 00:02:48,830 Let's enable more desktop protocol. 42 00:02:51,260 --> 00:02:52,280 Not so far. 43 00:02:52,280 --> 00:02:52,820 A wall. 44 00:02:53,420 --> 00:02:54,770 Service time. 45 00:02:55,940 --> 00:02:56,570 That's time. 46 00:02:57,710 --> 00:02:59,270 So it will enable. 47 00:03:04,710 --> 00:03:09,000 And let's log in to their victim using Gallo Allen now lol. 48 00:03:09,600 --> 00:03:15,060 So I'm actually SS aged into my casual work session from a bum two. 49 00:03:15,300 --> 00:03:19,200 That's why you get these wonky looking, you know, icons right here. 50 00:03:19,500 --> 00:03:20,780 But let's see if remote desktop works. 51 00:03:20,790 --> 00:03:21,360 I'm curious. 52 00:03:22,000 --> 00:03:23,910 Let's go to my column. 53 00:03:23,910 --> 00:03:25,110 And it's hypervisor. 54 00:03:28,940 --> 00:03:29,430 Yeah. 55 00:03:29,450 --> 00:03:33,500 Let's see our desktop user AOL password l allow. 56 00:03:35,560 --> 00:03:36,310 Six. 57 00:03:36,610 --> 00:03:42,770 Resolution six divided by nine 100 192168112 125. 58 00:03:42,770 --> 00:03:44,230 This my victim XP machine. 59 00:03:44,500 --> 00:03:45,640 Windows XP machine. 60 00:03:49,770 --> 00:03:51,000 That's like that guy out. 61 00:03:59,480 --> 00:04:00,680 It usually takes a while. 62 00:04:11,110 --> 00:04:14,080 There we go, Farai. 63 00:04:17,350 --> 00:04:20,620 And now we just grant you remote access to the machine. 64 00:04:20,950 --> 00:04:29,230 Using exploit from application for server Q and we now have 4G you access.