all right welcome back to another
hacking tutorial from stealth data zero
in this video i'm going to show you guys
a little bit of a different video like i
said i'm trying to mix it up
and change things up a little bit
um i'm listening to you guys comments
and i will try to get to all the topics
you guys have mentioned but you guys
mentions literally hundreds of topics
so for the meantime check out my
playlist
because i do have
some website hacking i have a little bit
of everything up already
and we'll get more into detail on those
subjects also i have a three-part course
for newbies and beginners
this is pen testing so this is basically
going to be a hack over the lan
um of course you could simulate it over
the wlan using
like amazon servers or
even just a virtual box on another
network
which is quite easy to do you can do
that in your own house you can have two
networks in your own house and it would
literally simulate um what it'd be like
hacking over across the world
it's just in the same house because it's
on two different
um networks
so we're going to go in like i was doing
a pen test now obviously it's not going
to be exactly
like if i was going to do a pen test at
a job um because i know
you know what i'm looking for
um but we're gonna try to you know make
it realistic as possible
so let's say we're going into this
we open up our cali box
um we don't know anything about the
company i mean we did our research you
know we know the company's name we might
know some
of the employees names we wouldn't know
the wi-fi ssid because we checked it
with our computer
we know the basics that's it
so the first thing i would do is try to
break in
to their wi-fi connect to their wi-fi
somehow connect to their wi-fi that has
their main computers on it there's many
ways to hack in the wi-fi there's many
ways to get access to
a computer that is already on that wi-fi
and then hack from that computer um so
you have to use your
imagination with this one but for just
for uh demo purposes we're going to say
that we're already on the network and
some pen test you do already start on
the network
um so we're on the network of the um
network of the company
that they want us to attack
so
i would i have config
to see
um
what my ip address is on this network
okay
so we know that i would do an nmap scan
oh first before you do that you want to
do route
attack and
and this is going to tell your default
gateway you take your default gateway
and then you do your nmap scan of the
whole entire default gateway so nmap
attack a
attack
or lowercase v
um
tak t
ip address of the router
and then slash 24 for the whole subnet
mask mask so that means going to scan
everything on that network
it's going to scan every single computer
device computer whatever
okay let me uh
redo that scan because i have the t
placed incorrectly
taxi
attack me for referrals
so i do apologize
i'm not even going to edit that out
um
i'm just going to check on zen map which
is the gui version of
nmap um
on what i'm doing wrong i've i
haven't used a map
t4
see
it's attack t4 attack
t4 and it's going to perform an
aggressive scan
a very detailed scan
you can do many many many different
types of scans with maps you can test
for vulnerabilities and map is an
essential tool
another tool you can use is net discover
so open up another
another
terminal
and then if you did ifconfig you would
see that you're working with eth0 as
your interface so you would do net
discover
attack i for interface eth0
bam it's gonna start collecting uh our
packets and it's gonna start listing um
all of devices
on the network that you are currently
attached to
so you can do it that way as well
and gives you mac addresses and ip
addresses which are very important
but what's more important is open ports
open ports
uh what
type of device it is
what software it's running
and what version it's running because
you want to look for exploits and you
need to know what type of malware you
need to send at that device now as a pen
tester if i seen this um i know it's
game over because look at all these open
ports let's just look at them
this is clearly a server
uh with a ton of open ports now this is
metasploitable
of course it's uh obviously exploitable
but we can see that we have
the port
uh 23 open
so that's ftp
so we know that we could ftp into this
device we know that we could telnet into
this device because it's port 21. now
that's pretty insecure because telnet is
unencrypted
so
now we have multiple attack vectors
right off the bat um
main ways to get into a system
uh weak passwords
exploits and client-side attacks i
demonstrate all on this channel
you use things that need passwords you
gain passwords different ways
by snooping on the the
network and then you can get into remote
desktop telnet ftp ssh the list goes on
and on we can see that there's obviously
a server of some type running on port
8080 on the router which is obviously
probably the router's ip address or the
router's uh
the router's uh administrator made it
administrative page um so you could try
the default credentials for that for
whatever type of router it is so
if you don't know the default
credentials off hand what you should do
is you should just google it you know
google default credentials for netgear
router default credentials for comcast
business router
and then once you start getting good at
pen testing you'll just know
the
permissions
or the default passwords
off the rip and then also you can use
tools like hydra to try to brute force
them you can use tools like better cap
to try to capture
a man in the middle uh a human mental
attack to try to capture information
that could contain those passwords
all right so
nmap's going to take quite a bit of time
to scan but we can see there's lots and
lots of devices with lots of lots of
open ports which means lots and lots of
attack vectors
you don't always want to go for the most
obvious path it could be a honeypot
which could be a trap
set there
to detect for hackers
also you want to learn what
services run on what port
because
um you could tell like this just by port
22
i know that that's ssh
um so then you can just see the port and
know what it is
another tool you can use is once you
find out version numbers which and map
will reveal to us soon
um you know what version it is what uh
service is running on that port you can
use something called search split
so search ploy is a way to look for
exploits
so if i wanted to look for
an exploit for ftp i would type search
ftp and then you would type the version
number to get more um accurate
information
um
but as you can see it gives you the the
uh
information here and these can be used
by exploit database or they're already
installed inside of metasploit
you can also google
for um
exports as well as soon as you know what
version it is and what not as you can
see i met a sport started service
postgresql start and then
the command msf console
um so normally when i start a pen test i
start snooping tools so
um better cap man in the middle which is
made of middle attack
that's kind of aggressive
could be flagged
but
something that's very passive like a
wire shark you should be good to go with
you want to do an nmap scan and map
scams
can actually get caught
but most of the time won't
um
but
you want to use at least wireshark and
there's another tool called responder
which you can actually um in a one pen
test
i actually got into the
domain
name
or the the domain server um simply
because i used responder
um the system administrator
um did some fat fingering on the
keyboard
hit the wrong thing
um
or or i think it was the fishing
uh
the fishing um
uh page it sends out that asks for the
credentials but
anyways it gives you straight admin
credentials and once you own the domain
server i mean you own the network and
that's a game over
but
you could very easily get in with weak
passwords um most pen testers say they
they get in actual weak passwords and
not some fancy exploit or some fancy uh
type of malware
okay so like i said mmap's gonna take
quite some time so we're gonna move on
okay so
um i'm not gonna demonstrate the weak
passwords on here again i have videos on
every single type of method that i'm
explaining here client-side attacks
weak passwords and how to gain those
passwords
which you can either guess or gain
or
if it's unencrypted traffic um you know
the list goes on and on and then of
course client-side attacks send inside
some type of shell some type of code
shell code
program malicious script whatever you
want to call it to the device take it
over
and
get into it that way
um so what we're gonna do is we're going
to use an exploit
um
i'm going to use an exploit to get into
this device here because i see that has
many many many many open ports just
10.0.0.9
another thing that i like to do on
networks is
once you get in um
something that you know
normally
i would say 75 or more out of the time
happens if you just enter the router's
ip address
which in this case is 10.0.0.1
and we know that from that map scan we
know that from the route tech end
you can
use the default credentials like i was
saying and get right into the device
and then for proof of concept i'm just
going to do some ftp
um so we're going to do
ftp
10.0.
0.94
and you can see it's asking for a name
so you'd have to know the password again
this could be gained
various ways
login successful so now you can see that
i could transfer files and it would
pretty much be game over for this
particular server because i'd be able to
transfer whatever file i wanted into it
um you could tell that into it
and that was because port 23 was open
this is because port this is because
port 23 is open or 21
23s ftp
so you can always just try these as soon
as you see
um that those ports are open
which can be done by any
uh port scanner
and it can be done remotely or locally
and as you can see i'm telling that it
into the um
the
linux slash unix
uh
server in this case we're gonna say this
is the server that they run their
website off of
so at this point i could deface their
website
um i could do a lot of damage and i
would report to the customer that you
know that their website is highly
vulnerable to
being attacked
and i would also go on to see what else
i could get into by affecting other
computers using this server to pivot
to the other computers and so on so and
so forth
all right so now that we have that
just showing what weak passwords
can do and telnet and all that stuff
and we found that out just from the map
scan
again port 23 ftp
which we demonstrated port 21 and then
we could also do ssh
now we see
that
um
it obviously has some type of uh
and here you could brute force this and
again you could brute force ftp telnet
ssh all that good stuff but here you
could log into the default gateway
and gain access to the default gateway
and own the router itself so at this
point
um i would own the router and i would
own a server already
so i want a pretty good start
um
we're going to enter the ip address of
the server
and as you can see it pulls up a web
page
and you can see that you know this could
this for example could be an admin web
page it's php my admin so i mean it's
the uh
php admin page but again it's another
admin page that you could gain access to
and the more access you gain
uh
the better
so you always want to type in the ip
addresses of anything that you see
running a server um
on port 80 or 443
or whatever the case may be
again and a system administrator can run
whatever
um on whatever service on whatever port
um but normally they're on the correct
port
um so you can see how easy it is
to get into an initial pen test
and easily start taking over a network
especially if it's not that well secured
so you can see the nmap scans returning
um actual
uh
uh actual um
you know uh
services and telling you what versions
it is and then that's when you'd want to
do the um
the exploit searching
so
let's go ahead and try and exploit
let's just say when we let the nmap scan
finished um we found something we
thought was interesting
we know there's an exploit for it so we
know this server is running php we know
it's running php
um
and
there is a way to find out
but what i know that it's running and
out of
or a specific version of php that's
vulnerable to an exploit
you can also search for exploits inside
of metasploit so you just type search
and then you would type like php and
then type exploit
and it will find it for you
so we're going to use this exploit here
you would do the show options if you're
not sure about the exploit
you could do uh show
info
it'll tell you about it so
this affects versions 5.3.12
and
5.4.2 i happen to know that it's running
that and again once that map scan
finished or if you dug did a little bit
digging around on the web page
um you would find that out because with
servers there's double ways to attack
you can attack it from the front end the
web page itself or the back end the code
so let's go ahead and launch this attack
so set our host which would be the
target
ip address of the
server
and then we're going to go ahead and hit
exploit
some exploits need more um information
than others
but some do not as you can see it's
sending a stage already
and it's going to set up a merger but
herself for us
we could do sis info
and see that we're inside the metamath
machine with the phd
php slash select server with the type
help and see what type of commands the
php
um
interpreter gives us which is great
we could drop into a shell
um and because it's linux it runs python
and all kinds of
languages stock and create more shells
we could do pivoting and all kinds of
things back dooring
and gain constant access into the
network because once you get into a
network and once you get to a device
what you want to do is back door
that way you have a way back in because
if you lose yourself once you might not
get back in
so basically we own this server
and we own the router at this point
um
now if there is like android someone you
know one of the uh employees were having
their android on there we could attack
that
and of course there would be like
windows computers attached to the server
and we would attack those as well i'm
not going to go that into detail
but i'm hoping that you guys get the
idea of what you need to do during an
initial pen test so the first thing is
information gathering
you want to do a lot of recon a lot of
recon
that's a big part of hacking it's not
like the movies um a lot of recon
and then
[Music]
you want to
do a lot of
mapping and scanning of the network
and then you can
you know find different ways in
as i showed you here in the video very
shortly i showed you multiple ways it to
get in just this server alone to get
into the router if there was a windows
computer on it i could show you multiple
ways to get into that as well and we
will get to all that stuff but this is
just a basic video
on how you would start an initial pen
test or if you're just on a network and
wanted to start trying to take over
and see what you could do
so you know you've seen how i search for
exploits
um
and again you would use nmap to
determine what exploits you can and
can't use because uh what version things
are running um and things of that nature
let me see there's a samsung on here um
let's see some code
and it gives you you and map gives you
huge amount of information you can see
the virgin numbers and all that good
stuff
you see this windows machine
but again hopefully you found the video
informative if you did go ahead and drop
a like subscribe for more content like
this i'll be doing more live streams i
will be doing more
videos i'll be doing hack the box box
videos i'm gonna i have a lot of things
in the works
um i started my patreon uh please join
that if you can
if you can't just like share comment
um that always helps
um even if you dislike it then go ahead
and click the dislike button um because
it helps every comment every like every
dislike
all of that is engagement all of that
helps and i appreciate it and i
appreciate all the love that you showed
me guys
um i have a lot of social media
um stuff you can find that all in the
description below and as always have fun
stay safe and keep pen testing
peace out