0:00
Hackers can easily take control of a
0:02
machine if they can find the right flaw
0:03
to exploit. There are many tools
0:05
specifically designed to find and attack
0:07
these flaws and ultimately take over and
0:09
cause chaos. You're going to see how a
0:11
hacker can gain full access to a victim
0:13
machine in the simplest way possible.
0:15
But before we begin, I want to use this
0:17
opportunity to tell you that there's so
0:19
much I can't share on YouTube. Whether
0:21
it's because of platform rules or
0:22
because some skills need deeper hands-on
0:25
explanations. Many of my videos got
0:27
deleted and that's why I created a
0:28
policy point learning community for you.
0:30
A place where I can share everything.
0:32
When you join, you're not just getting
0:34
another course. You're getting access to
0:36
complete ethical hacking guides, the
0:38
tools and techniques I wish someone had
0:40
handed me when I was starting out. And
0:41
here's the kicker. This is the stuff I
0:43
don't teach on here. No watered down
0:45
content, no clickbait, just raw,
0:47
actionable knowledge. On top of that,
0:49
you'll join an exclusive community on
0:50
Discord. I pinned the link in the
0:52
comments section below, but it's not for
0:54
everyone. The link is only available for
0:55
those who are serious about the journey.
0:57
Now, step one, scanning. In front of us,
0:59
we have a machine that we would like to
1:00
attack. It's accessible via this IP
1:03
address. So, you may be wondering, how
1:05
do hackers even know where to attack
1:06
from? This is where scanning comes into
1:08
play. Scanning involves probing a
1:10
network or system to gather information
1:12
about its structure, services, and
1:14
potential vulnerabilities. Just like a
1:16
burglar casing a building, a hacker
1:18
scans for weaknesses in a target system.
1:20
There are various scanning tools
1:21
available and one popular choice is N
1:24
MAPAP. N MAPAP allows us to discover
1:26
active hosts, open ports and services
1:28
running on those ports. By understanding
1:30
the targets network topology, we can
1:32
pinpoint potential entry points and
1:34
vulnerabilities. I have created an
1:36
entire video on N MAPAP. If you want to
1:38
learn more about the tool, we start by
1:40
running N MAPAP to discover all the open
1:42
ports on the server to see what
1:44
potential entry points we have. As you
1:45
can see, we have many exposed ports on
1:47
the machine. Maybe some of them are
1:49
vulnerable. Maybe some of them are not.
1:51
After the initial scan, we want to pay
1:52
special attention to the banner
1:54
information or service version that is
1:56
often disclosed by the target system.
1:57
So, we run end mapap again and this time
1:59
we specify that we want to get deeper
2:01
information about the services running
2:03
on the ports. This might take some time.
2:05
So, I want to do only the first port
2:07
which is port 21. As a result, we can
2:09
see that the service is VSFTPD version
2:12
2.3.4. Now, armed with the knowledge
2:14
that we have, we go to the next step,
2:16
step two research. Once we confirm the
2:18
presence of VSSFTPD in its version, we
2:21
refer to publicly available databases or
2:23
security resources that catalog known
2:25
vulnerabilities associated with specific
2:27
software versions. In the case of
2:29
VSSFTPD from the get- go, just from a
2:31
quick search on Google, we find that
2:33
this specific version of VSFTPD has a
2:35
known vulnerability named backdoor
2:37
command execution and it even has a
2:39
script available that can exploit the
2:41
vulnerability. Apart from looking
2:42
online, we can use a tool on our Collie
2:44
machine named search exploit. We give
2:46
the name of the service and optionally
2:48
the version and let it look for some
2:50
known scripts. We can see in the results
2:52
that we find the same backdoor command
2:53
execution exploit that we found on
2:55
Google. What's noticeable is that it's
2:57
mentioned twice and one of the results
2:58
contains the word metas-ploit. This
3:00
means that we can use the tool called
3:02
metas-ploit to perform this attack which
3:04
makes it easier for us. Metas-ploit is a
3:06
versatile open-source tool used in cyber
3:09
security to find and examine weaknesses
3:11
in computer systems, networks, and
3:13
software applications. It provides a
3:15
range of readytouse features for
3:17
identifying and exploiting
3:18
vulnerabilities, making it an essential
3:20
resource for penetration testers. In
3:22
other words, Metas-ploit makes our job
3:24
easier by simplifying tasks related to
3:26
vulnerability assessment and
3:28
exploitation. Step three, preparing the
3:30
attack. Now that we know what attack we
3:32
are going to execute, let's prepare our
3:34
attack environment. So, let's fire up
3:36
Metas-ploit. And once we have
3:37
metas-ploit running, we search for the
3:38
exploit that we talked about earlier. We
3:40
use the command search to look for an
3:42
exploit and we add vssftpd to see what
3:44
metas-ploit has in store for us for this
3:46
particular service. Perfect. We find the
3:48
vulnerability that we are looking for.
3:50
Now we type the user command and we type
3:52
either the number one since the exploit
3:53
has the ID one or the name of the
3:55
exploit itself. Now that we have told
3:57
metas-ploit that we want to use the
3:59
exploit, we just need to perform some
4:00
configuration for the exploit to work.
4:02
We do that by typing show options and
4:05
seeing what needs to be done. We can see
4:06
that from all the configurations needed
4:08
only the Rhost and R port are required
4:11
which is the IP address of the victim
4:13
and the port of the service on the
4:14
victim machine. The port is correctly
4:16
configured because it's 21 and we just
4:18
need to configure the host. So we type
4:20
set our host and the IP address of the
4:22
victim. Before we move on, I just need
4:24
you to keep this in mind. Hacking
4:26
someone without authorization from the
4:27
owner will have serious legal
4:29
consequences potentially leading to
4:30
imprisonment and fines. It is crucial to
4:32
refrain from exploiting vulnerabilities
4:34
without explicit permission. Instead, I
4:37
strongly advise you to report any
4:39
identified vulnerabilities to the owner.
4:41
This will not only contribute to making
4:43
you gain reputation, but also offers the
4:45
opportunity to earn money or bounties.
4:47
At this point, there is only one thing
4:50
left to do, and I think you already know
4:52
what it is. Step four, launching the
4:54
attack. The challenging part is over.
4:56
The work has been done. The only thing
4:57
left to do is to type the exploit
4:59
command and let the magic happen.
5:00
Metas-ploit launches the attacks and
5:02
then informs you that the attack was
5:03
successful and tells you that you gained
5:05
a shell on the machine. What's even
5:07
better is that the user that we
5:08
compromised on the machine is the root
5:10
user. In other words, we have become the
5:12
admin of the machine. We can use our
5:14
shell to execute whatever command we
5:16
want. We can look at any file we want.
5:18
We can look at the sensitive files on
5:20
the machine. Step five, chaos. Now that
5:22
we have taken full control of the
5:23
machine, we are able to do anything. We
5:26
are able to exfiltrate data. we are able
5:28
to do anything we want on the website.
5:30
So I just decided to completely destroy
5:32
the machine by deleting everything on
5:34
it. And when I say everything, I mean
5:37
everything. Using the command rmrf, I
5:40
just initiated the deletion of
5:41
everything on the system. When looking
5:43
at the web server hosted on the victim
5:45
machine, you can see that it's slowly
5:46
dying because of the files being deleted
5:48
in real time. And that is how a hacker
5:50
can take over your machine. You seem to
5:52
be a fan of pentesting since you're
5:53
still watching. So here's another web
5:55
application pen testing video on the
5:56
channel membership. If you want to learn
5:58
how to become a hacker yourself, I'm a
