1
00:00:00,790 --> 00:00:06,820
In this lecture, we are going to see what is Metasploit and how we can hack Windows ten with Metasploit.

2
00:00:11,000 --> 00:00:16,910
Metasploit framework is a set of tools that allow information gathering, scanning, exploitation,

3
00:00:17,240 --> 00:00:20,750
exploit development, cost exploitation and much more.

4
00:00:21,350 --> 00:00:28,250
While the primary uses of Metasploit framework focuses on testing domain, it is also useful for vulnerability

5
00:00:28,250 --> 00:00:30,230
research and exploit development.

6
00:00:31,620 --> 00:00:34,860
Metasploit has three major components and must have.

7
00:00:34,860 --> 00:00:37,770
Console is the main command line interface.

8
00:00:38,630 --> 00:00:45,350
Then there are modules, the core components, which includes exploits, payloads and scanners sector.

9
00:00:46,880 --> 00:00:48,170
Third are the tools.

10
00:00:48,500 --> 00:00:54,900
These are the standalone tools that help vulnerability research, vulnerability assessment or testing.

11
00:00:54,920 --> 00:00:57,020
For example, MSF venom.

12
00:00:58,840 --> 00:01:01,180
Metasploit comes preinstalled with Kali.

13
00:01:04,319 --> 00:01:04,650
No.

14
00:01:04,650 --> 00:01:08,220
Let's see how we can hack Windows ten with Metasploit.

15
00:01:10,870 --> 00:01:17,830
First of all, we need to scan the target and map, locate the target and check for open holes.

16
00:01:19,480 --> 00:01:24,400
If the command is shown on the screen and map is the name of scanner we are using.

17
00:01:24,730 --> 00:01:33,080
A flag is used to gather most important information about the target, including OS etc. SC flag runs

18
00:01:33,190 --> 00:01:35,530
and map default scripts against the target.

19
00:01:35,950 --> 00:01:38,580
We are going to cover and map in detail now.

20
00:01:38,590 --> 00:01:39,640
Future lectures.

21
00:01:42,740 --> 00:01:48,590
So once we have scanned, we will know exactly what type of system we are trying to hack and what are

22
00:01:48,590 --> 00:01:49,790
open posts on it.

23
00:01:51,670 --> 00:01:54,250
The second step is to start MSF consult.

24
00:01:57,110 --> 00:02:03,080
No search for eternalblue exploit and use the command as shown to use the particular module.

25
00:02:06,120 --> 00:02:11,150
Those that are also said the target and set lost as you can imagine it.

26
00:02:14,210 --> 00:02:18,290
No execute the exploit and you will gain a better, better session.

27
00:02:21,770 --> 00:02:27,590
My typewriter is essentially an attack platform that gets injected into the memory of a learning process.

28
00:02:28,250 --> 00:02:35,450
That's why detection by different detector systems, as well as bypass the limitation of operating system

29
00:02:35,450 --> 00:02:36,750
native command share.

30
00:02:39,250 --> 00:02:45,400
It can be used to perform different actions on the machine, which includes taking screenshot, get

31
00:02:45,400 --> 00:02:51,280
a live screen or the target webcam, record keystrokes, or get a share or sector.

32
00:02:53,540 --> 00:02:53,870
No.

33
00:02:53,870 --> 00:02:55,610
Let's see the actual demonstration.

34
00:02:57,440 --> 00:03:03,710
So here we are on our target machine and we can check the IP address of the machine with IP config command.

35
00:03:09,340 --> 00:03:10,600
Your tech walks.

36
00:03:11,970 --> 00:03:14,240
An end map scan against the target.

37
00:03:17,650 --> 00:03:19,240
The commander shown on the screen.

38
00:03:20,950 --> 00:03:23,380
It will gather all information about the target.

39
00:03:25,540 --> 00:03:30,150
So we can see that board four or five is open and it is a Windows ten system.

40
00:03:32,810 --> 00:03:34,190
Open in the terminal.

41
00:03:38,970 --> 00:03:42,510
And launch Metasploit, the MSF console command.

42
00:03:49,180 --> 00:03:49,390
No.

43
00:03:49,390 --> 00:03:51,520
Look for Eternalblue exploits.

44
00:03:59,160 --> 00:04:04,710
If we are going to use M17 zero ten as exact module for Eternalblue.

45
00:04:09,750 --> 00:04:14,880
Normally we need to set the payload, but in this case it has already defaulted.

46
00:04:14,880 --> 00:04:16,200
Our payload to windows met.

47
00:04:16,260 --> 00:04:17,940
Operator Reverse TCP.

48
00:04:21,380 --> 00:04:26,100
They'll give the option command to check all other options that we need to provide.

49
00:04:29,430 --> 00:04:32,340
You'll need to set the R host as a target IP.

50
00:04:34,020 --> 00:04:37,410
Instead, I'll host as your colleague IP machine IP.

51
00:04:44,920 --> 00:04:46,810
They'll give the command of exploit.

52
00:04:50,500 --> 00:04:54,040
And you can see that we have gained access to the machines remotely.

53
00:04:55,610 --> 00:04:57,260
He can learn different commands.

54
00:04:58,560 --> 00:05:01,200
We can see the processes running on the target machine.

55
00:05:05,550 --> 00:05:07,620
You can take a screenshot if you want.

56
00:05:10,480 --> 00:05:13,900
If you get an error, it means you do not have the necessary privileges.

57
00:05:14,200 --> 00:05:16,390
Let's migrate to some other process.

58
00:05:22,750 --> 00:05:25,210
Here I am migrating to a slower process.

59
00:05:31,510 --> 00:05:33,880
And now let's try to take screenshot again.

60
00:05:36,480 --> 00:05:38,760
So move the screenshot to your home directory.

61
00:05:44,440 --> 00:05:45,370
And open it.

62
00:05:48,240 --> 00:05:51,330
And you can see that we have successfully taken the screenshot.

63
00:05:52,260 --> 00:05:57,660
Similarly, we can perform some other actions against our target asset, which we are going to cover

64
00:05:57,660 --> 00:05:58,950
in the next lectures.

65
00:06:00,260 --> 00:06:03,470
I hope you like this lecture and see you in the next lecture.