We're sunsetting PodQuest on 2025-07-28. Thank you for your support!
Export Podcast Subscriptions
cover of episode #284: Metasploit

#284: Metasploit

2021/5/17
logo of podcast David Bombal

David Bombal

Shownotes Transcript

Daniel demonstrates how to gain access to a Windows and Linux server using metasploit. This is one of his favourite tools. Big thanks to ITPro.TV for sponsoring this video. In future videos, he will show us additional tools.

====== Menu:

Menu: We like win: 0:00 I am administrator: 0:25 Linux access: 0:40 Password hashes: 1:20 Introduction: 1:35 Metasploit framework overview: 1:50 Why is this one of your favourite tools? 2:28 Windows and Linux: 4:05 This is a local lab: 4:43 Windows Metasploit demo: 5:40 Eternal Blue overview: 6:35 Start eternalblue: 7:24 Check attack viability: 8:35 Specify target (RHOSTS): 9:35 Exploit (check hosts): 10:32 Gain access: 10:50 Reverse shell :11:30 Set rhosts: 13:01 Set payload: 13:28 Set lhost: 14:08 Set lport: 14:30 Run exploit: 14:53 Win: 15:58 Shell access gained: 16:10 Full Admin access: 17:20 Summary of what was done: 18:14 This is much easier - use automation: 18:49 Why did this work? 20:35 What about Linux? 21:15 Linux demo example: 21:48 Linux shell bug: 22:29 Use option 5: 23:50 Set header: 24:39 Set rhosts: 25:06 Set targeturi: 25:35 Set lhost: 26:17 Exploit: 26:33 shell created: 26:55 Make pretty: 27:07 Use Linux commands: 28:01 Which user account is used: 28:27 Got a remote shell :28:51 Escalate priv: 29:00 Get admin and root accounts: 30:28 Summary of what we have done: 30:49 What other tools are you going to show us: 33:03

======================== Download software and VMs:

VM used: https://www.vulnhub.com/entry/bwapp-b...

Kali Linux: https://www.kali.org/downloads/

================ Links:

ITProTV Free Training: http://davidbombal.wiki/freeitprotv

My ITProTV affiliate link: http://davidbombal.wiki/itprotv

==================== Connect with Daniel:

LinkedIn: https://www.linkedin.com/in/daniellowrie

Blog: https://blog.itpro.tv/author/daniello...

================ Connect with me:

Discord: https://discord.com/invite/usKSyzb

Twitter: https://www.twitter.com/davidbombal

Instagram: https://www.instagram.com/davidbombal

LinkedIn: https://www.linkedin.com/in/davidbombal

Facebook: https://www.facebook.com/davidbombal.co

TikTok: http://tiktok.com/@davidbombal

YouTube: https://www.youtube.com/davidbombal

metasploit metasploit framewaork eternalblue eternal blue ethernal champion smb windows linux linux apache apache kali kali linux cybersecurity cybersecurity careers ceh oscp itprotv ejpt cissp ceh v10 elearn security oscp certification

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!