1
00:00:00,120 --> 00:00:04,920
Now on a part two hour scan results are done and we can tell because you've got a nice checkmark here

2
00:00:04,920 --> 00:00:05,950
that says complete.

3
00:00:06,570 --> 00:00:12,420
So we're going to click into our scan results and looking at the overview we can see here that we've

4
00:00:12,420 --> 00:00:20,030
got five critical 38 high fifty nine mediums ten loaves and sixty seven informational so we're gonna

5
00:00:20,060 --> 00:00:24,620
click on the vulnerabilities here and let me make this bigger.

6
00:00:24,620 --> 00:00:30,050
So we're gonna do is we're gonna take a peek at this and this new version of NASA's actually starts

7
00:00:30,050 --> 00:00:31,340
grouping these together.

8
00:00:31,670 --> 00:00:34,390
Let's go ahead and hit settings and disabled groups.

9
00:00:35,740 --> 00:00:38,740
And that'll show us by severity.

10
00:00:38,740 --> 00:00:47,120
So look what's coming back up Open SSL unsupported check it out.

11
00:00:47,120 --> 00:00:53,030
Zero point nine point six b one point one point zero Id say according to banner the motor is running

12
00:00:53,060 --> 00:00:57,260
Open SSL and it doesn't tell us much about it.

13
00:00:57,260 --> 00:01:00,060
We'd actually have to do a little bit of research click into this.

14
00:01:00,140 --> 00:01:02,270
See why it's such a bad thing.

15
00:01:02,390 --> 00:01:04,630
But this is absolutely out of date.

16
00:01:05,030 --> 00:01:11,080
OK so if we're making a screenshot here we're going to say hey this is out of date.

17
00:01:11,120 --> 00:01:12,710
We see this install version.

18
00:01:12,710 --> 00:01:15,230
It's recommended to patch to this version.

19
00:01:15,410 --> 00:01:20,230
So if you're taking notes you can go ahead and add that into your notes for your vulnerabilities.

20
00:01:20,240 --> 00:01:24,530
This is insufficient patching come back through here.

21
00:01:24,540 --> 00:01:28,320
It says even open SSA it has remote privilege escalation.

22
00:01:28,350 --> 00:01:36,450
It's got remote overflows so it looks like you could possibly perform an overflow against as the.

23
00:01:36,600 --> 00:01:42,750
So if you did some research and you were able to find a vulnerability with that that's cool and we come

24
00:01:42,750 --> 00:01:48,780
through here and you see the Apache has denial service cross-eyed scripting again Apache looks like

25
00:01:48,780 --> 00:01:57,000
insufficient patching and mod SSL shows up Open SSL shows up and I mean we just got vulnerability after

26
00:01:57,000 --> 00:02:03,060
vulnerability so we would write a lot of these up and depending on the assessment and how the assessment

27
00:02:03,060 --> 00:02:10,310
was going depends on the severity that we're going to write up now if we find remote code execution

28
00:02:10,330 --> 00:02:16,350
we get a lot of access to a client and a client just lights up like a Christmas tree when it comes time

29
00:02:16,350 --> 00:02:23,190
to reviewing your scans then a lot of these you know we might report on a lot of these and we might

30
00:02:23,190 --> 00:02:28,640
not report on a lot of lows or a lot of the mediums but if we're in the opposite situation where you

31
00:02:28,640 --> 00:02:34,590
know we aren't finding a lot but there's still stuff to report then we might report on like Hey Open

32
00:02:34,590 --> 00:02:39,990
SSL is you know it's out of you know it's out of date and then we go to the next page and we find a

33
00:02:39,990 --> 00:02:46,860
low and maybe there's like OK there's there's something in here that's related to SSL till s this one

34
00:02:46,860 --> 00:02:55,290
is an unsupported cipher we might report that as well just depending on the potential in how many vulnerabilities

35
00:02:55,290 --> 00:02:56,700
that there actually are.

36
00:02:56,700 --> 00:03:02,940
So as of right now it looks like this box is pretty critical but what we also do as penetration testers

37
00:03:02,970 --> 00:03:08,310
is we take all the results in front of us and what we'll do is we'll come in and we'll download this

38
00:03:08,580 --> 00:03:15,150
nexus file we'll take that nexus file and there's tools out there to convert a nexus file into an Excel

39
00:03:15,150 --> 00:03:19,220
document and it makes it nice and pretty and we'll hand it over to the client as well.

40
00:03:19,530 --> 00:03:25,160
And in the report it'll say hey look we've covered some of the vulnerabilities.

41
00:03:25,170 --> 00:03:29,700
There's no way for us to touch all of them because this is a time assessment we focused on the low hanging

42
00:03:29,700 --> 00:03:30,410
fruit.

43
00:03:30,450 --> 00:03:32,010
We focus on what we could.

44
00:03:32,040 --> 00:03:37,050
So please do go look at your NSA scan results in all the information that we provide to you because

45
00:03:37,050 --> 00:03:38,060
it's super important.

46
00:03:38,610 --> 00:03:42,810
So again if we have a client like this where we're going to have remote code execution we're gonna have

47
00:03:42,810 --> 00:03:46,720
a lot of vulnerabilities then these things just start to stack up.

48
00:03:46,920 --> 00:03:49,170
And this is what an essence result looks like.

49
00:03:49,200 --> 00:03:56,670
You can click into these you can get more information and possibly even you know details on how to exploit

50
00:03:56,670 --> 00:04:00,000
it and how to solve it as well.

51
00:04:00,000 --> 00:04:02,420
So there's useful links in here.

52
00:04:02,430 --> 00:04:07,120
A lot of the times in this you know they give you information but you should always go out and verify

53
00:04:07,140 --> 00:04:11,180
never trust your vulnerability scanner just because it says hey we detected it.

54
00:04:11,190 --> 00:04:15,720
You should go out and look and find it just like we had that screenshot from before with the Apache

55
00:04:15,720 --> 00:04:16,400
service version.

56
00:04:16,400 --> 00:04:17,840
We know this exists.

57
00:04:17,850 --> 00:04:23,850
We wouldn't provide a screenshot of the output of nexus we would go provide a screenshot that says hey

58
00:04:23,850 --> 00:04:28,290
we actually proved that we know it's there and you're out of date.

59
00:04:28,530 --> 00:04:33,360
So hopefully that gives you an idea of what we're doing with Nexus and why we're using it and how it

60
00:04:33,360 --> 00:04:34,960
could be an advantage to us.

61
00:04:35,040 --> 00:04:40,350
Sometimes we're so overwhelmed with everything around us that we might miss some vulnerabilities and

62
00:04:40,440 --> 00:04:47,700
it's nice to just have a scanner detect a lot of vulnerabilities just for us and it gives us something

63
00:04:47,700 --> 00:04:49,280
to look through something to verify.

64
00:04:49,290 --> 00:04:55,980
Double check etc. It's just an extra layer of vulnerability assessment for us.

65
00:04:55,980 --> 00:04:57,590
It's a friend in the game.

66
00:04:57,720 --> 00:05:01,430
So I own two programs as a pen tester.

67
00:05:01,530 --> 00:05:06,210
Two programs that I pay for NASA's license is one burp sweet Pro is the other.

68
00:05:06,210 --> 00:05:09,060
This one is twenty four one hundred dollars a month.

69
00:05:09,060 --> 00:05:10,110
Very expensive.

70
00:05:10,380 --> 00:05:12,630
Absolutely worth it.

71
00:05:12,850 --> 00:05:13,970
Pro is 400 dollars.

72
00:05:13,980 --> 00:05:17,010
We'll get into that later but absolutely worth it as well.

73
00:05:17,010 --> 00:05:23,790
So that's it for this section now we're going to move on to exploitation.

74
00:05:23,790 --> 00:05:26,090
Really start to get into the fun stuff.

75
00:05:26,100 --> 00:05:31,530
Talk about some different exploitation techniques you're going to see and then we'll do a bunch of box

76
00:05:31,550 --> 00:05:33,650
walkthrough and get it into exploit development.

77
00:05:33,660 --> 00:05:35,070
And it's about to get so fun.

78
00:05:35,070 --> 00:05:36,850
This is the fun part of the course.

79
00:05:36,960 --> 00:05:41,590
Up until this point it's just been scanning and admiration learning about the process.

80
00:05:41,760 --> 00:05:48,060
And it's been nine hours of course material so far almost eight hours of course material just to get

81
00:05:48,060 --> 00:05:49,000
to this point.

82
00:05:49,020 --> 00:05:54,230
That's how important I think that information gathering and scanning enumeration are.

83
00:05:54,300 --> 00:05:59,730
Along with the foundations and the materials you need to know all that before you can just start exploding

84
00:05:59,760 --> 00:06:00,240
machines.

85
00:06:00,270 --> 00:06:01,380
So now we're there.

86
00:06:01,380 --> 00:06:02,180
Congratulations.

87
00:06:02,180 --> 00:06:03,590
Pat yourself on the back.

88
00:06:03,600 --> 00:06:08,730
We're almost halfway through the exploitation part of this course.

89
00:06:08,790 --> 00:06:13,650
So once we get to the middle of the course Capstone I think it would be really fun and exciting.

90
00:06:13,680 --> 00:06:14,840
So that's it.

91
00:06:14,850 --> 00:06:15,660
End of spiel.

92
00:06:15,810 --> 00:06:17,990
I'll see over in the next section when we start learning.

93
00:06:18,000 --> 00:06:18,660
Exploitation.