1
00:00:00,270 --> 00:00:04,170
‫Here we have some scripts which are very helpful in penetration tests.

2
00:00:05,160 --> 00:00:10,740
‫The scripts that end with bruta perform brute force password guessing against the name services.

3
00:00:11,970 --> 00:00:16,080
‫The scripts ending with info gets the information about the name services.

4
00:00:17,230 --> 00:00:26,920
‫DNS recursion checks of a DNS server allows queries for third party names, DNS, Zohn transfer request

5
00:00:26,920 --> 00:00:30,370
‫asone transfer a zaffar from a DNS server.

6
00:00:31,000 --> 00:00:37,120
‫If the query is successful, all domains and domain types are returned along with common type specific

7
00:00:37,120 --> 00:00:47,470
‫data as a way Amex and aspart or a HTP slow loris check test a web server for vulnerability to the slow

8
00:00:47,470 --> 00:00:52,000
‫loris dos attack without actually launching a Dossi attack.

9
00:00:52,450 --> 00:00:59,950
‫MMS as QOL info attempts to determine configuration and version information for Microsoft SQL Server

10
00:00:59,950 --> 00:01:00,640
‫instances.

11
00:01:01,150 --> 00:01:01,650
‫Ms.

12
00:01:01,660 --> 00:01:09,760
‫Eskild dump hashes dump's the password hashes from an MSC Ewalt Server in a format suitable for cracking

13
00:01:09,760 --> 00:01:16,930
‫bi tools such as John the Ripper and Bistrot attempts to retrieve the target's net bios, names and

14
00:01:16,930 --> 00:01:18,970
‫Mac address by default.

15
00:01:18,970 --> 00:01:21,970
‫The script displays the name of the computer and the logged in user.

16
00:01:22,570 --> 00:01:27,220
‫If the verbosity is turned up, it displays all the names the system thinks it owns.

17
00:01:27,940 --> 00:01:35,290
‫SMB Enum Users attempts to enumerate the users on a remote window system with as much information as

18
00:01:35,290 --> 00:01:35,890
‫possible.

19
00:01:36,830 --> 00:01:42,590
‫The goal of this script is to discover all user accounts that exist on a remote system, this can be

20
00:01:42,590 --> 00:01:50,060
‫helpful for administration by seeing who has an account on a server or for penetration testing or network

21
00:01:50,060 --> 00:01:53,630
‫footprinting by determining which accounts exist on a system.

22
00:01:54,500 --> 00:02:02,030
‫SMB enum shares attempts to list shares, finding open shares is useful to a penetration tester because

23
00:02:02,030 --> 00:02:09,380
‫there may be private files shared or if it's writable, it could be a good place to drop a Trojan or

24
00:02:09,620 --> 00:02:11,830
‫to infect a file that's already there.

25
00:02:12,950 --> 00:02:18,650
‫Knowing where the share is could make those kinds of test more useful, except that determining where

26
00:02:18,650 --> 00:02:22,430
‫the share is requires administrative privileges already.

27
00:02:23,310 --> 00:02:28,860
‫In a penetration test, you should try to pass the hash method to compromise systems, and the last

28
00:02:29,070 --> 00:02:35,070
‫three scripts will be very helpful for your pass the hash attacks here you see some useful brute force

29
00:02:35,070 --> 00:02:44,550
‫or dictionary attack scripts for FTP databases such as MySQL, Oracle or Msika SMP.

30
00:02:45,740 --> 00:02:47,210
‫Telnet, etc..