1
00:00:00,330 --> 00:00:06,990
‫OK, everybody, I admitted I made a mistake in a previous scan and I disable the windows plug ins,

2
00:00:06,990 --> 00:00:14,250
‫although two of my three targets are Windows, it's just a really big mistake that affects results.

3
00:00:14,250 --> 00:00:20,430
‫So that clearly shows that we should be very careful while configuring the tools such as a vulnerability

4
00:00:20,430 --> 00:00:20,880
‫scanner.

5
00:00:22,260 --> 00:00:28,320
‫Now, I scanned the target machines once again and I didn't disable the windows plug ins this time.

6
00:00:29,210 --> 00:00:35,480
‫So these are the result, two zero seven is Windows XP and two to three is Windows eight.

7
00:00:36,400 --> 00:00:39,140
‫I click on the Windows XP to see the vulnerabilities.

8
00:00:39,590 --> 00:00:43,460
‫As you see, there are a lot of critical vulnerabilities.

9
00:00:44,390 --> 00:00:46,640
‫I'll click on one of them just to see its details.

10
00:00:47,600 --> 00:00:53,040
‫So here is the name in the description about the vulnerability and scrolling down.

11
00:00:53,570 --> 00:00:57,850
‫Yes, it says the vulnerability is exploitable with Métis Point.

12
00:00:59,390 --> 00:01:00,990
‫Let's go back to vulnerabilities.

13
00:01:01,340 --> 00:01:04,310
‫I want to show you another vulnerability for XP system.

14
00:01:05,540 --> 00:01:12,590
‫This is a vulnerability M0, a Dash 067, which has a very stable exploit.

15
00:01:14,100 --> 00:01:21,000
‫Rolling down a bit and Nessus says we can exploit this vulnerability using motor sport, so let's do

16
00:01:21,000 --> 00:01:21,130
‫it.

17
00:01:21,630 --> 00:01:22,860
‫I think it's an invitation.

18
00:01:24,090 --> 00:01:26,850
‫Open a terminal screen and start MSF console.

19
00:01:31,790 --> 00:01:33,920
‫Search for the vulnerability, Ms.

20
00:01:34,340 --> 00:01:36,650
‫08 six 067.

21
00:01:39,000 --> 00:01:41,400
‫Here is the exploit let's use.

22
00:01:46,600 --> 00:01:49,570
‫Look for the available payloads using show payloads.

23
00:01:59,190 --> 00:02:03,330
‫I want to use Shell payload with buying TCP Stager for this time.

24
00:02:04,560 --> 00:02:05,400
‫Joe options.

25
00:02:08,080 --> 00:02:10,180
‫Set the remote host, that was.

26
00:02:12,910 --> 00:02:14,950
‫Well, let me look at the Nessa's page again.

27
00:02:17,170 --> 00:02:19,030
‫Yes, two zero 07.

28
00:02:26,590 --> 00:02:33,550
‫And the board is for four or five, the default value is correct, so the options again and we're ready

29
00:02:33,550 --> 00:02:34,450
‫to run the XPoint.

30
00:02:39,380 --> 00:02:44,270
‫Here is the shell of the target system, exploitation is successful once again.