1 00:00:00,540 --> 00:00:06,540 So in this spirit, will we do the insecure service executables so these executives are writable by 2 00:00:06,540 --> 00:00:07,290 our users? 3 00:00:07,470 --> 00:00:14,640 OK, we will be finding those executables writable executables and then we will see the permissions, 4 00:00:15,240 --> 00:00:21,220 the services with the writable permissions, and then we will change that part, OK? 5 00:00:21,630 --> 00:00:23,050 So let's get started. 6 00:00:23,430 --> 00:00:29,130 We will use the access check to check the binaries that we have the right access. 7 00:00:32,240 --> 00:00:40,700 So you specify for suppressing any errors and then w for taking the writable and if you want to check 8 00:00:40,700 --> 00:00:45,670 for writable services, you need to mention C, so no, we are not going to mention C here. 9 00:00:45,890 --> 00:00:50,510 We need to mention recordset and verbose. 10 00:00:51,320 --> 00:00:52,990 So that's true. 11 00:00:53,240 --> 00:00:56,620 And then what we need to do is you need to specify our user name. 12 00:00:56,630 --> 00:01:02,100 So that is user and from where you need to find the records you want. 13 00:01:02,570 --> 00:01:03,780 So that is a program for. 14 00:01:10,820 --> 00:01:19,100 So from your program files, you need to rigorously search for the binaries that are read right by the 15 00:01:19,100 --> 00:01:28,040 user, so run this and you can see we have the uncoated service, but we have our file access and then 16 00:01:28,040 --> 00:01:34,130 we have our current program program and then we have the file permissions service file product as a 17 00:01:34,130 --> 00:01:35,380 file service. 18 00:01:36,440 --> 00:01:40,910 So in this will be doing this one file service. 19 00:01:42,980 --> 00:01:50,000 So what we're going to do is you need to use the WNYC service, which to brief. 20 00:01:52,430 --> 00:01:59,780 And then what we're going to search for, find this, dear, we are great for our fire. 21 00:02:01,910 --> 00:02:06,710 So no hit enter and you can see fire, but it has been stopped. 22 00:02:06,710 --> 00:02:07,780 And it was Banwell. 23 00:02:08,120 --> 00:02:16,330 And I think we can also use the AC, let's see, security, security and retender. 24 00:02:16,400 --> 00:02:18,140 You get all the services in that. 25 00:02:18,140 --> 00:02:22,120 What we are going to do is we are going to grab for the same firepower. 26 00:02:26,840 --> 00:02:29,330 So I think it was only the 27 00:02:32,660 --> 00:02:37,580 running process, so the reserve file said it did not yet started. 28 00:02:41,620 --> 00:02:44,830 So this is the portrait, so copied this part. 29 00:02:54,620 --> 00:03:03,020 So you can use the access to on this till we get the right access so that what they have done here, 30 00:03:03,020 --> 00:03:04,370 so you can copy this one. 31 00:03:05,600 --> 00:03:07,340 So still you'll get the same answer. 32 00:03:07,370 --> 00:03:07,730 OK. 33 00:03:11,750 --> 00:03:17,600 So you can see we are the users, users have filed our taxes, so this is the same that we have seen 34 00:03:17,690 --> 00:03:18,410 this before. 35 00:03:18,620 --> 00:03:23,510 Now, what you can do is you can replace our reverse 64 you to this one. 36 00:03:40,530 --> 00:03:42,460 OK, now the fire has been copied. 37 00:03:42,510 --> 00:03:45,210 All you need to do is copy this one. 38 00:03:54,340 --> 00:03:58,020 So compared to this one, is this one. 39 00:03:58,060 --> 00:04:01,660 So this one that you can copy are the part. 40 00:04:04,060 --> 00:04:07,030 So since we had the permissions, it should be. 41 00:04:10,980 --> 00:04:13,680 Yes, Fred, I think you need to change the name. 42 00:04:22,150 --> 00:04:24,220 Yes, no, it's. 43 00:04:35,340 --> 00:04:37,750 OK, so the content has been changed. 44 00:04:38,150 --> 00:04:41,360 Now all you need to do is start there is not. 45 00:04:50,990 --> 00:04:52,190 And then it studies are. 46 00:04:56,410 --> 00:04:57,220 When we get this. 47 00:05:00,030 --> 00:05:01,110 So we are the system. 48 00:05:01,530 --> 00:05:08,950 So in this, we have found the files that are readable by the current user and then we have replaced 49 00:05:09,090 --> 00:05:13,910 the river shall be accessed, and then we have started the service and we got the shirt.