1
00:00:00,240 --> 00:00:05,040
Hey, guys, hackish Lloyd, you're back again with another video and in this video, we're going to

2
00:00:05,040 --> 00:00:09,600
be continuing where we left off, where I'm going to be showing you how to use Métis Floyd to run an

3
00:00:09,600 --> 00:00:10,830
exploit on a service.

4
00:00:11,220 --> 00:00:16,320
In this case, we're going to be using a display table and we're going to be exploiting the FTP port

5
00:00:16,710 --> 00:00:21,610
so that we can upload and download files to and from the Web server.

6
00:00:21,720 --> 00:00:22,740
So let's get started.

7
00:00:23,040 --> 00:00:29,010
So in the previous video, I actually I showed you guys how to set up or how to use Metters Floatable

8
00:00:29,790 --> 00:00:33,300
to basically exercise or test your skills in exploiting.

9
00:00:33,480 --> 00:00:41,400
So essentially what we did is we scanned the IP address, the local IP address for Metters Floatable,

10
00:00:41,400 --> 00:00:45,900
and we essentially give it an MRI scan to find out what services were running.

11
00:00:46,080 --> 00:00:50,100
And the ports that we found that were open were obviously going to be all the ports.

12
00:00:50,220 --> 00:00:53,900
And that's because the display table is configured to be that way.

13
00:00:54,480 --> 00:00:59,340
So the main thing that we're going to be doing now is I'm going to show you how to run an exploit on

14
00:00:59,340 --> 00:01:05,040
one of these services, more specifically the FTP service, because a lot of you guys thought that I

15
00:01:05,040 --> 00:01:11,300
didn't know how to use my display, but I just breezed over it because I wanted to do that in this video.

16
00:01:11,520 --> 00:01:16,230
So we're actually going to be using MLO in this video and I'll show you how to use it.

17
00:01:16,240 --> 00:01:18,430
So let's get started.

18
00:01:18,690 --> 00:01:23,450
So we know that the portal that we're targeting is the FTP report, which is both 21.

19
00:01:23,670 --> 00:01:25,790
So we know that it's configured correctly.

20
00:01:25,980 --> 00:01:32,100
Now, the service that it's running or the service version that it's running is GSF, DPD, two point

21
00:01:32,100 --> 00:01:32,830
three point four.

22
00:01:33,000 --> 00:01:38,670
So what we did is we Google this service to find exploit for it.

23
00:01:39,340 --> 00:01:43,220
Again, you can use any other website to search for exploits, any search engine.

24
00:01:43,620 --> 00:01:49,170
Many people like to search on Exploit DBE or exploit database because that's where you'd find most of

25
00:01:49,200 --> 00:01:49,960
the exploits.

26
00:01:50,850 --> 00:01:54,750
So I found the exploit on Rapide seven dot com.

27
00:01:54,930 --> 00:02:01,620
Now Rapide seven is the company that develops my blit and they essentially have an exploit for this

28
00:02:01,620 --> 00:02:08,880
service, which is EBD, which is the FTP service for this specific version, two point three point

29
00:02:08,889 --> 00:02:16,950
for which the exploit is a backdoor command execution, which allows you documents to be executed a

30
00:02:16,950 --> 00:02:19,900
bit like what you would have in a reverse shell.

31
00:02:20,820 --> 00:02:24,980
So what we're going to do is we already have the exploit here, the module here.

32
00:02:25,530 --> 00:02:30,950
So we're when talking about Métis, Beloit, which is what we're going to be using a lot better floatable.

33
00:02:30,960 --> 00:02:33,630
Now, let us just start it up.

34
00:02:33,630 --> 00:02:37,800
So to start up metastable point, you just open up your terminal again.

35
00:02:37,800 --> 00:02:38,790
I'm running paratus.

36
00:02:38,790 --> 00:02:42,330
It really doesn't matter what testing or is here using.

37
00:02:42,330 --> 00:02:45,520
So MSF console.

38
00:02:45,840 --> 00:02:46,290
All right.

39
00:02:46,290 --> 00:02:50,550
MSF console and just give it a few seconds to start up.

40
00:02:51,270 --> 00:02:56,010
It shouldn't take too much time and we should be good to go so.

41
00:02:56,010 --> 00:02:57,150
Well that starting up.

42
00:02:57,870 --> 00:02:59,040
Let me explain what matters.

43
00:02:59,220 --> 00:03:00,180
It is all right.

44
00:03:00,180 --> 00:03:03,960
Métis Floyd is a large database of exploits.

45
00:03:03,990 --> 00:03:04,250
Right.

46
00:03:04,260 --> 00:03:09,360
And it essentially allows you to use these exploits to your advantage and to exploit systems.

47
00:03:09,360 --> 00:03:13,020
Now, whatever you systems you try and exploit, that's up to you with.

48
00:03:13,020 --> 00:03:18,420
The good thing about me display is it allows you to create your own your own exploits, which is awesome.

49
00:03:18,420 --> 00:03:24,360
So if you're an advanced user and you actually you are working with websites or services most of the

50
00:03:24,360 --> 00:03:30,900
time and you find vulnerabilities, you can create an exploit for the purpose of security and patching.

51
00:03:31,260 --> 00:03:32,190
So that's up to you.

52
00:03:32,310 --> 00:03:34,560
So as you can see here, it's going to take a while.

53
00:03:34,560 --> 00:03:40,150
It's going to start the Šemeta split a framework console and we should begin there we are.

54
00:03:40,650 --> 00:03:45,060
So as you can see, it is pretty, pretty simple to navigate.

55
00:03:45,060 --> 00:03:46,740
You have your information.

56
00:03:47,640 --> 00:03:52,830
So it's as it's telling you to check out my pro, which is a very good option if you're going to use

57
00:03:52,830 --> 00:03:53,610
this tool a lot.

58
00:03:54,240 --> 00:03:59,970
In terms of the other information, we have 1662 exploits, which is pretty awesome.

59
00:03:59,970 --> 00:04:02,640
And yeah, let's get started now.

60
00:04:03,270 --> 00:04:04,710
Yeah, pretty much.

61
00:04:04,710 --> 00:04:10,650
There are a bunch of commands that you have to be familiar with with Métis, and one of them is obviously

62
00:04:10,650 --> 00:04:12,090
the help command.

63
00:04:12,090 --> 00:04:16,440
So if we type in help it's going to give us information or help really.

64
00:04:16,470 --> 00:04:18,810
So this is essentially the user's manual?

65
00:04:19,079 --> 00:04:24,270
No, I'm just going to tell you the most important commands that will really, really help you right

66
00:04:24,270 --> 00:04:24,660
now.

67
00:04:24,930 --> 00:04:32,460
So the most important commands right now are the obviously the massive console command which will start

68
00:04:32,790 --> 00:04:33,600
to deploy for you.

69
00:04:33,840 --> 00:04:36,210
You then have the use command, right.

70
00:04:36,210 --> 00:04:40,530
So that's as simple as that which allows you to use an exploit.

71
00:04:40,530 --> 00:04:40,830
Right.

72
00:04:40,830 --> 00:04:48,000
You then have the show command, you show command, allows you to show the exploits or the options available

73
00:04:48,000 --> 00:04:48,930
for the exploit.

74
00:04:49,260 --> 00:04:49,590
Right.

75
00:04:49,590 --> 00:04:56,520
You then have your set command, you set command, allows you to configure on an exploit or an option.

76
00:04:56,910 --> 00:04:59,560
And you have finally your exploit or.

77
00:04:59,950 --> 00:05:05,590
Which essentially makes you run the exploit that you're currently that you currently want to run.

78
00:05:06,100 --> 00:05:07,220
So it's really very simple.

79
00:05:07,240 --> 00:05:15,760
Now, what we need to do is we need the we need the name of the of the exploit.

80
00:05:15,760 --> 00:05:21,640
In this case, the module name is right here and it'll just give it to you in the form that you need

81
00:05:21,640 --> 00:05:21,750
it.

82
00:05:21,760 --> 00:05:27,520
So just copy this, because this is the name of the module or the exploit for this matter.

83
00:05:27,520 --> 00:05:28,360
And it matters.

84
00:05:29,410 --> 00:05:35,050
What you want to do is just type in use because that's the exploit that we want to use and just based

85
00:05:35,050 --> 00:05:35,870
in the name.

86
00:05:36,250 --> 00:05:36,670
All right.

87
00:05:37,420 --> 00:05:39,430
Now, let me just minimize this.

88
00:05:39,430 --> 00:05:40,600
That could be a distraction.

89
00:05:40,910 --> 00:05:41,260
All right.

90
00:05:41,270 --> 00:05:44,080
So once you have hit that well, just hit enter.

91
00:05:44,080 --> 00:05:50,230
And as you can see, it's going to automatically detect that, you know, that this exploit is correct

92
00:05:50,230 --> 00:05:52,620
and it is a valid exploit now.

93
00:05:52,780 --> 00:05:55,450
Or what you can do is you can show the options.

94
00:05:55,880 --> 00:05:56,230
Right.

95
00:05:56,240 --> 00:05:56,770
So sure.

96
00:05:56,770 --> 00:05:57,300
Options.

97
00:05:57,310 --> 00:06:03,520
And essentially this will show you the options that you can change and configure according to what or

98
00:06:03,520 --> 00:06:05,680
how you want the exploit to run.

99
00:06:06,040 --> 00:06:11,740
Now, in the previous video, I touched upon this very lightly, and you guys thought that I changed

100
00:06:12,370 --> 00:06:13,270
the things incorrectly.

101
00:06:13,270 --> 00:06:15,760
And the reason being is I did it really, really quickly.

102
00:06:15,760 --> 00:06:19,930
And my job was not to actually show you the exploit, but let's do it correctly.

103
00:06:19,930 --> 00:06:24,220
Now, know, what we need to do is we need to understand a few things.

104
00:06:24,220 --> 00:06:27,190
First, the our host is your is the target address.

105
00:06:27,190 --> 00:06:27,580
All right.

106
00:06:27,880 --> 00:06:34,300
And the airport, which is already configured to 21, is correct because we know the port is configured

107
00:06:34,300 --> 00:06:34,810
correctly.

108
00:06:34,810 --> 00:06:40,480
If it was configured to something like twenty 22 by mistake, that could also be something that you

109
00:06:40,480 --> 00:06:46,780
need to change now to change the AH host to what we want, which is the IP of the Métis deployable machine,

110
00:06:47,290 --> 00:06:48,970
the machine that we want to exploit.

111
00:06:48,970 --> 00:06:54,820
In this case we need to essentially say set our host right.

112
00:06:54,820 --> 00:06:57,520
So set our host and we use the IP.

113
00:06:57,520 --> 00:07:02,710
So 192 168 point two point one twenty nine.

114
00:07:02,860 --> 00:07:03,310
All right.

115
00:07:03,310 --> 00:07:10,570
And if we said that, it's going to say our host is equal to and now we can essentially just check,

116
00:07:11,260 --> 00:07:12,160
we can say, sure.

117
00:07:12,160 --> 00:07:16,940
Options to make sure that everything is configured correctly before we run out exploit.

118
00:07:16,960 --> 00:07:20,230
And as you can see, the host is that to the IP address?

119
00:07:20,230 --> 00:07:25,450
And our port is configured correctly because, as I said, the port that we are trying to target here

120
00:07:25,510 --> 00:07:28,150
is is going to be port anyone.

121
00:07:28,270 --> 00:07:33,850
And the IP address is right there, one ninety two point one sixty eight point two point one twenty

122
00:07:33,850 --> 00:07:34,210
nine.

123
00:07:34,210 --> 00:07:37,780
And again, you can ping yours to test it if it's still running.

124
00:07:37,780 --> 00:07:43,720
And you know, what we can do now is all we have to do is say exploit.

125
00:07:44,400 --> 00:07:44,840
Right.

126
00:07:44,860 --> 00:07:45,970
As simple as that.

127
00:07:45,970 --> 00:07:47,110
And we hit enter.

128
00:07:48,220 --> 00:07:50,630
And let's see what we get right.

129
00:07:50,980 --> 00:07:57,010
And there we are, so it's going to start Dibella capture and it's going to say manchild session, one

130
00:07:57,010 --> 00:07:57,310
open.

131
00:07:57,310 --> 00:08:04,830
So it's open a special session, which means this system is Linux, obviously, and we can run our Linux

132
00:08:04,840 --> 00:08:05,350
cleanse.

133
00:08:05,650 --> 00:08:07,120
So pretty, pretty awesome.

134
00:08:07,150 --> 00:08:09,940
And as you can see, we can send commands back and forth.

135
00:08:10,300 --> 00:08:11,680
So let's try a few commands.

136
00:08:11,890 --> 00:08:14,680
Let's see if we can run a task manager.

137
00:08:15,490 --> 00:08:17,380
Oops, we do not.

138
00:08:17,390 --> 00:08:20,440
I don't think that installed on the display machine.

139
00:08:21,220 --> 00:08:22,820
Let's see if we can run the clear command.

140
00:08:22,840 --> 00:08:23,370
There we are.

141
00:08:23,380 --> 00:08:23,900
Awesome.

142
00:08:23,920 --> 00:08:27,230
So now we have a clear batch or shell.

143
00:08:27,250 --> 00:08:28,090
Sorry about that.

144
00:08:28,270 --> 00:08:38,380
And we can try something like you name or oops you name are and it's going to tell us the server version.

145
00:08:38,400 --> 00:08:45,390
You have your name A and there we are the next anticipatable blah blah blah.

146
00:08:45,760 --> 00:08:48,220
We then we can also list all the files available.

147
00:08:48,220 --> 00:08:53,350
And while there's a lot of files in there and I guess you guys can see the power of this, if you have

148
00:08:53,350 --> 00:08:58,860
a server that has this vulnerability, depending on the service that it's running, you get the idea.

149
00:08:58,870 --> 00:09:05,320
It's very, very powerful and you can run a plethora of commands, you know, so it's it's pretty,

150
00:09:05,320 --> 00:09:06,150
pretty awesome.

151
00:09:06,970 --> 00:09:07,660
That's going to be it.

152
00:09:07,660 --> 00:09:12,510
For this video is a little bit of a short video, but this is a very important introduction to.

153
00:09:13,270 --> 00:09:17,650
It's what's not important is the fact that we're using a simple exploit.

154
00:09:17,770 --> 00:09:22,290
It's very important that I'm showing you guys how to use it and how to get comfortable with it.

155
00:09:22,570 --> 00:09:24,730
So I hope you guys found value in that video.

156
00:09:24,730 --> 00:09:26,620
If you did, please, if I like on below.

157
00:09:26,620 --> 00:09:32,050
If you have any questions or suggestions, let me know in the comments section on below or you can hit

158
00:09:32,050 --> 00:09:34,600
me up on my social networks.

159
00:09:35,170 --> 00:09:36,850
The links will also be in the description.

160
00:09:37,180 --> 00:09:43,240
If you have any personal questions, you know, hit me up on Kik for the latest hacking news and resources,

161
00:09:43,240 --> 00:09:49,060
check out my website link between the description and have a fantastic day, Beest.