1
00:00:00,780 --> 00:00:05,620
‫And now, if I'm reading your mind correctly, I'm hearing that, boy, wouldn't it be better if we

2
00:00:05,620 --> 00:00:06,470
‫could go faster?

3
00:00:06,990 --> 00:00:08,130
‫And yes, you're right.

4
00:00:09,150 --> 00:00:15,930
‫Automation is a key factor to speed up the penetration tests, but first, let's learn more about the

5
00:00:15,930 --> 00:00:17,340
‫exploitation frameworks.

6
00:00:19,080 --> 00:00:24,030
‫In a previous lecture, we found the exploit code and exploited the target system manually.

7
00:00:25,170 --> 00:00:28,800
‫So let's list the difficulties of running the exploit code manually.

8
00:00:29,700 --> 00:00:32,880
‫You have to manually find out the appropriate exploit code.

9
00:00:34,110 --> 00:00:40,230
‫In most cases, there will be more than one exploit code for a vulnerability, and you've got to choose

10
00:00:40,440 --> 00:00:41,400
‫the ideal one.

11
00:00:42,560 --> 00:00:49,190
‫You have to compile the exploit code with a right compiler and fix the compilation errors and bugs yourself.

12
00:00:50,230 --> 00:00:56,260
‫In most cases, you have to find the operating system and its version to apply the correct exploit.

13
00:00:57,250 --> 00:01:02,300
‫Exploit code may not be stable and may cause some denial of services.

14
00:01:02,950 --> 00:01:05,340
‫You remember our manual exploitation experience.

15
00:01:05,710 --> 00:01:09,970
‫The target system was inadvertently shut down after the exploitation.

16
00:01:11,700 --> 00:01:14,580
‫All the white codes run with a single payload.

17
00:01:15,800 --> 00:01:22,610
‫Dynamic payload usage is not possible to be able to use another payload, you have to change the exploit

18
00:01:22,610 --> 00:01:28,430
‫code, change the payload, recompile the code and exploit the target system again.

19
00:01:29,320 --> 00:01:36,250
‫So to get rid of all these difficulties, the exploit frameworks come in to help now with these tools,

20
00:01:36,400 --> 00:01:42,040
‫you don't need to find and compile the appropriate exploit codes and you can dynamically use different

21
00:01:42,040 --> 00:01:44,260
‫payloads with an exploit, etc..

22
00:01:44,710 --> 00:01:47,650
‫So what are the exploit frameworks?

23
00:01:48,280 --> 00:01:48,940
‫Good question.

24
00:01:49,840 --> 00:01:56,020
‫One vulnerability is oftentimes the only necessary piece needed to gain a foothold in an environment

25
00:01:56,710 --> 00:02:04,150
‫as an example network could be compromised due to a vulnerability found in out-of-date office productivity

26
00:02:04,150 --> 00:02:09,250
‫software PDF viewer or even a browser exploitation framework.

27
00:02:09,250 --> 00:02:14,410
‫Tools contain capabilities to detect and exploit these particular vulnerabilities.

28
00:02:15,930 --> 00:02:21,900
‫The vendors of these software packages are continually adding exploits to their platform, internal

29
00:02:21,900 --> 00:02:28,560
‫security teams and malicious actors alike can use the same tools to detect and exploit vulnerabilities

30
00:02:29,310 --> 00:02:36,060
‫as some of the software exploitation tools are free, the bar of entry is minimal and can open up organizations

31
00:02:36,510 --> 00:02:38,820
‫to easy to perform attacks.

32
00:02:40,160 --> 00:02:43,760
‫So let's see a few examples of these exploit framework's.

33
00:02:44,840 --> 00:02:46,680
‫Core impact isn't cheap.

34
00:02:47,270 --> 00:02:52,820
‫Be prepared to spend at least thirty thousand dollars, but it is widely considered to be the most powerful

35
00:02:52,820 --> 00:02:54,390
‫exploitation tool available.

36
00:02:55,010 --> 00:03:02,060
‫It supports a large, regularly updated database of professional XPoint and can do any tricks like exploiting

37
00:03:02,060 --> 00:03:07,460
‫one machine and then establishing an encrypted tunnel through that machine to reach and exploit other

38
00:03:07,460 --> 00:03:07,910
‫boxes.

39
00:03:09,100 --> 00:03:15,100
‫Canvas is a commercial vulnerability exploitation tool from David Telx Immunity PSEC.

40
00:03:16,440 --> 00:03:23,670
‫It includes more than 370 exploits and is less expensive than core impact or the commercial versions

41
00:03:23,670 --> 00:03:24,450
‫of motorsport.

42
00:03:25,050 --> 00:03:29,340
‫It comes with full source code and occasionally even includes zero day exploits.

43
00:03:30,560 --> 00:03:34,220
‫Now, throughout this course, we're going to use Métis Boit framework.

44
00:03:35,180 --> 00:03:36,240
‫So let's get started.