Gaining Access - Web Server Hacking - Metasploitable - #1 Video Lecture

hey guys hackers Floyd here back again
with another video and in this video
we're going to be looking at hacking web
servers or basically gaining access to
web servers so let's get started so this
video is gonna be about gaining access
to web servers so essentially these are
going to be server-side attacks now this
essentially means that the VA or the
real thing that you need here is the
target or the server's IP address which
we are lucky in most cases is usually
going to be static or will not change
very much so for example if you had a
domain like facebook.com and I'm just
saying you wanted to attack facebook.com
the first thing you would do I'm running
power to us as my operating system of
choice for this video again I just
wanted to have some a bit of mixing here
with Kali Linux and the parrot OS etc
etc so as I was saying you know to get
the server IP address you essentially
need to check if it's running and the
one way you could do this is by pinging
it so we can try and ping something like
facebook.com/ and if let's see if we get
a response here we do get a response so
we know that facebook.com is up and
running and we have the IP address and
this IP address may be changing here and
there but for the most part it'll stay
the way it is so that's a very good
thing know the difference between server
side and client side is that the client
set requires a bit of user interaction
so for example if we wanted to exploit a
person's computer it would require the
user to perform a bit of interaction
like running a program or running a file
that contains malware or an exploit you
know something like reverse TCP shell
something like that etc etcetera I hope
you guys are getting the idea now as I
said when we're talking about servers
one of the best ways to practice this is
by using Metasploit able all right more
specifically Metasploit about able to
now Metasploit able is an operating
system a Linux operating system that is
essentially made to be vulnerable and is
there to allow you to customise your lab
so it works as a virtual lab that
you to learn and to practice your pen
testing skills against server based
systems so it comes pre-installed with
the whole lot of services that are
vulnerable and the operating system as I
said is designed to be vulnerable so
that's what we are going to be using to
be testing out our attacks now I'm going
to be linking the download in the
download link in the description for
Metasploit so go ahead and download it
it's a virtual machine file so you can
only open it through a virtual machine
and it really does not details of system
resources as you can see I have it open
here and I'm just using the default
login credentials haven't created a user
and it's as vanilla as can be so the
most essential thing as a set is getting
the IP so I'm on my local network again
you can use your public IPS to target
machines which is one of the ways we'll
be using
for client-side attacks and also for
server-side attacks but I'm gonna be
working on my network because the
virtual machines are on my network
obviously but the the principle stays
the same
now make sure that your virtual machine
is make sure that your virtual machine
is running in the in that mode on your
network essentially meaning that you've
created a domain for it all right so
it's gonna share the host IP address now
let's find out what the local IP address
is for the Metasploit uber virtual
machine so I'm just gonna hit I have
config it does not have a graphical user
interface or a desktop environment but
you can install that and you can use it
like that but I'm just going to keep it
as vanilla as possible so ifconfig
alright to get the the local IP and as
you can see the local IP is 182 point
one sixty eight point two point 129 all
right so that's what we're going to be
trying to connect to now as I said this
is a web server
alright Metasploit able is going to act
as a web server or a server so if we go
back to paradise and I open up a browser
and let this open up Firefox really
really quickly I don't know why it's
taking so much time
this is alright there we go so now what
I'm gonna do is I'm gonna enter the IP
address of the Metasploit able machine
alright so I'm just gonna hit one ninety
two point one sixty eight point two
point one twenty nine I already have it
in my search bar and as you can see if I
enter the IP address of the Metasploit
able machine it's going to give me the
web server so I entered the the IP
address of the Metasploit able machine
and we can access it as the server so
that means it's working and the first
thing you realize is that there there's
no security so anyone can essentially
log into this server which is why net
exploitable is encouraged to be run in a
virtualized environment so Metasploit
able as you can see warning never
exposed this VM to an untrusted Network
and you can contact it them so it
basically comes with all of these cool
things like PHP my admin for PHP you
have Mattila Day which is awesome for
testing your PHP scripts and
vulnerabilities which we'll be looking
at no no no doubt about that
with enough the damn vulnerable web
application which again is one of the
things you'll be trying to crack and
here we are we have a notification from
YouTube and we have one of these fake
comments saying for fake driver's
license I'm gonna deal with him later
anyway that's beside the point
so this is essentially the server now
when trying to attack a server what are
you looking for well one of the things
you're looking for is because right now
we are still in the information
gathering phase we need to gather
information about the server so one of
the tools we can use is nmap or Zen map
I would encourage you to use that map if
you're a beginner to have a good
understanding of how things that display
they've always recommended that so let's
move let's just go to applications and
in Parratt OS it's in information
gathering and Zen map all right
so it's starting up Xena and all you
have to do is just enter the IP in the
target again it can be a local IP
address or a public IP at
and we can just go ahead and use the
intense scan and here are the commands
if you want to use it in nmap you're
pretty much scanning you for posting
information you're getting all these
services and the ipv4 information so if
we scan for this it's going to
essentially show us all the or what
ports are open what services are running
so you can then move on from there so
let's give it a scan and it essentially
show us what's running on this server so
as you can see right off the bat you
have a plethora of awesome ports open
here like if you saw this on a server of
course not a server built for
vulnerability this would be like the you
know the goldmine for pen test or an
ethical hacker or a hacker for that
matter so as you can see you have all
your TCP you have your FTP ports open
which is super to say the least so as
you can see I believe this scan is done
let's see is it done yeah there we go so
you really can just scroll through the
results that it gives you and if you go
down here to the port so there we go so
we have it has what anyone is open which
is FTP I believe it was configured
wrongly that's the way it's designed to
be so with FTP it means you can
basically upload and download files from
the server using this software right
here which I'll get to in a second you
then have SSH awesome awesome awesome
stuff there so SSH is essentially secure
shell which means you can connect to the
server
alright granted you have the username
and the password to go along with it so
we can actually try that out right now
from my power to s so let's say we
wanted to we can see that the SSH put is
open and let's say we have the username
and password so what we can do or if
there's an exploit we could use that
would be even better so I'm going to
just use SSH alright and the username
for the Metasploit virtual machine is
MSF admin alright at
the IP address which is one Langley -
oops no in sixty eight point two point
one twenty nine and that should connect
us we don't have to specify the port the
port is always going to be port 22 and
if we enter yes it's going to ask us for
the RSA key and there we are so the
password is MSF admin by default and
there we are we are in the Metasploit
able machine and we can list the files
and those are the current files in there
we can also you know view the IP address
if we wanted to like so Ethernet there
we are that's the IP address Who am I
you named our and there we are that's
the server so awesome so that means we
can actually you know go through SSH but
again some of you may be saying yes it
is vulnerable and I understand that I'm
just showing you how one would approach
it so let me just log out of the EM the
Metasploit able machine there and if we
go back here again you can just move on
to the ports and hosts tab right here
and it's going to show you all the ports
with the services that they're running
so for the SSH port you have Debian is
based off there be any of your telnet
which is just a shame at this point you
know because that is it can easily be
cracked you have your Samba web servers
what else do you have
Metasploit a table root shell hmm and
we're going to be looking at that so we
have MySQL databases so this is really
Metasploit a table is really an
operating system designed to be
vulnerable and you can customize how
vulnerable it is to test your skills now
the essence here or what I was getting
at is as you can see with the
information that we've gathered already
we can perform a plethora of attacks now
we have this F FTP server here and what
hacker would do in this case is he would
look for an exploit for this software or
for the service that it's running in
this case it's using vs FTP D alright
which is version two point three point
four so we can actually just google it
it's as simple as that you know so we
can just
Google in his google it I know I don't
encourage you to use Google but you know
we were not doing anything really
dangerous right now
so VF v SF v SF T P D 2.3.4 let me just
change that back to there we are
and again just search for exploits
alright and so there we are immediately
immediately right just right off the bat
you have rapid7
the company that or the the people that
made Metasploit already have a an
exploit here so it's a backdoor command
execution so this module exploits a
malicious backto that was added blah
blah blah the backdoors introduced and
essentially it's a backdoor and gives
you full access and allows you to use a
command execution so that is awesome now
again this is going to be using the
you're obviously going to be using
Metasploit right so you can go ahead and
start using Metasploit for that but I
want to keep that for a later video
because Metasploit really deserves its
own video for exploiting ad server or
you can actually just try it right now
MSF console and it really gives you all
the information you need in terms of the
exploit so just let it start up again
this is one of the things I was trying
to avoid they start up on this is always
a long time and we got another
notification there let me just clear
that out but essentially what I'm trying
to put across his here is it's really
really important that you have good
information gathering skills again you
have your HTTP server port open and
that's running Apache so again Apache
exploits go ahead and search for that
you find one you can use Metasploit
which is what most people would use or
they'll try and connect through SSH but
many people want to install a backdoor
for example or find remote code
execution or reverse shell etcetera
etcetera things like that but that's a
basic way of gaining access
to a server now I know it's not the most
advanced way but we'll be moving on to
using things like Metasploit and stuff
like that but in the meantime we can
actually just try and use we can just
try and use this let me just go back to
my browser here so use exploit I don't
want to type this right now that will
just be wasting time for you guys as
well so I'm just going to use the
exploit that it's saying here so
Metasploit knows what exploit we want to
use so there we are it's recognized it
so now we want to show the targets show
targets ID name nothing there right now
and you can show options or but first
obviously you have to set your target ID
so let's first show the options for some
of you who know how to use so let's set
target set targets whoops set target the
target address and we put it in there so
to point one sixty eight point two point
one twenty nine I believe that set the
target and we can then finally exploit
it so let's run it and let's see if we
get anything in return there we are
expert completed but session but no
session was created and I'll have to
look into that but anyway you guys get
the idea I really didn't want to put
emphasis on Metasploit right now there's
a lot of other much better exploits that
you can be using especially when looking
at web service will be configuring the
Metasploit able machine to be a bit more
secure so we can actually test our
skills more effectively anyway guys
that's gonna be it for this video this
is just gonna be one video in the series
of gaining access where they be server
side or client side attacks I hope you
guys found value in this video if you
did please leave a like down below if
you have any questions let me know in
the comment section or you can hit me up
on my social networks if you have any
personal questions you can hit me up on
kik for the latest hockey news and
resources
check out my website link will be in the
description and I hope you have a
fantastic day
peace