So in the second part of the nessus vulnerability scan, we're going to see what we can do with the scan results. So I've scanned my network, I have found that I have a machine that is currently holding five, severe, one critical and a number of meetings. So what I want to do is I want to focus on those five critical Now normally in a pentesting situation, we don't go after everything. We identify the severes and the criticals. We put them in a list, we submit them to the CIO, or whoever on the network can authorize us to go after those vulnerabilities. And then they pick the vulnerabilities they want us to go after we go after those, and if we can confirm it, we put it into report.

And that's our justification. So what we're going to do now is we're going to go ahead and export this, the results, we're going to create a PDF. Now I've already done this. So I'm going to go and I'm going to show you where the PDF is stored somewhere. minimize this real quick, go to my files, then I'm going to go to my downloads and there's the report open this up. And it's kind of a nice executive summary.

Some people wouldn't accept this to be as professional as it needs to be, but it's okay. It actually gives you a lot of information. Now, what we want here are the severe, we want the severe, or the criticals. So that we can look these up under meta sploit, doing a search. And that's going to help us confirm our findings. And that's what we're going to do next.

So for this demonstration, I'm going to use a well known Microsoft security alert, which is the MS 08 dash 067. We kind of work on this in some other labs, but it's well known and I know that it's going to work. I'm going to go ahead and copy this. What I'm going to do now is go ahead and close this out. I'm going to bring up a couple Command Prompt. And we're going to launch Metasploit.

So at the prompt, I'm just going to type an MSF console and then I'm going to hit Enter. And that begins the process of launching meniscal. misquote is our go to tool for all of our hacking and the exploitation of machines on our network. There are other machines or other tools that we can use. But we're mostly concerned with the MS console or medicine boy, this is the tool that's going to allow us to get the most bang for the buck. As always, before you conduct any pen tests, or you get out on the road and you start doing security auditing, make sure that your Kali and Manasquan and all your tools are always up to date.

So once we have our scan results from an SS we want to take those and we want to look for Microsoft Security Bolton's up inside of meta sploit. These exploits are going to be using the same Microsoft Security Bolton numbers with their title and that's how we're going to find them up inside of Metasploit. So now I'm just going to go ahead and hit enter and it's going to search the cache and we'll see what it comes up with in just a moment. So your scan results can be for server 2012 it can be for 2016 it can be for 2003 2008 it can be for Linux. Now regardless of what the scan results are for, if it comes with a enough information about a Microsoft Security bulletin, you can update your meta sploit and then you can search to see if that Microsoft Security Bolton has an exploit up inside of meta sploit available Now we see that I was able to search the Microsoft Security bolt in the 08 dash 067.

And I came up with one. Now if I would like some information about this particular exploit, I can now type in the word info, followed by the entire path of the exploit, and I'll get all the information I need. Let's go ahead and try that. So I type in info followed by the name of the actual exploit, and I'm going to go ahead and hit Enter. And there it gives me some more information about the exploit that I can use in my report. So all this fun stuff that I'm seeing here is just stuff that I can add to my report.

It gives me more ammo, you see. So it tells me all the targets that it is capable of exploiting. It gives me information about when it was founded, who the who the developer was and the ranking. The ranking is very important. There. ranking tells you whether or not the exploit works good.

It works fine. It works great. You want Great, okay. So we know that if we if this exploit, it has a great ranking that we're going to have some success with. And you can see that it goes all the way up to server 2003, Windows 2000 besides XP, and so we can continue to exploit other machines with it not just Windows XP, and it tells you the basic options. So we got to set the our host, which is the remote host, the remote machine, the port is already set course that is for SM V, which is Port 445.

And we also got to select the local host, okay, and we got to then select the payload. All right, we're going to do all that in just a moment. So you're going down your list of exploits and now you want to see if you can actually get into the machine and compromise it or take it over using this wonderful exploit up inside administrator. Well, that's fine. We're going to type in us. And now I'm going to right click, I'm going to paste the name again, inside of the command prompt, and I'm going to hit enter.

Notice that my prompt changes to show that I'm now using the exploit. I want to know the options are going to look at the options again, I can use the show command. So I just type in show typing options. And I hit Enter. And there they are, there is the remote host, there is the port. And that's just about all the information is going to give us but that's that's enough.

Okay. So once we've done the show options, then we're going to do something else called show payloads because we have to pick a payload for the exploit to deliver. In this case, we want to use the meta printer, a reverse shell. So we're going to scroll on down until we find The meterpreter reverse shell payload. The payload we're going to use for this particular exploit is going to be the windows meterpreter. Reverse TCP payload.

So I'm gonna go ahead and highlight that I want to go ahead and copy that, because I'm going to paste that into the payload command. So I'm gonna go back up here to my prompt. And you see we've got the payloads, go back down here to my prom. Okay, now we're gonna go ahead and set the remote host. And I'm gonna use the set command. So we know we got some options to configure.

The first one is the remote machine. So I'm gonna go ahead and type in set, and I'm going to type in our host. Now, I'm also going to give it the IP address of this remote host. So I'm gonna type in 192 dot 168 dot 145 dot 135 Okay, now I'm going to go ahead and hit Enter. And the remote host is now set. Now I need to set for the localhost.

This is the IP address of my Kali machine. So as I've done with every pen test and with every exploit, and with every lab, I always confirm my network connectivity. And I know that my IP address for my local host is a dot 132. So I'm gonna type in set. local host is L host. And now I'm going to follow that up with 192 dot 168 dot 145 dot 132.

That is the IP address of my Kali machine. The 135 is the target the target that I want to exploit. Go ahead, hit enter. Now I'm going to use the set payload Man, and I'm going to type in or copy and paste the payload I want to use. Now once I've done that, I just go ahead and hit enter. Now all we got to do is type in exploit.

And if everybody is where there needs to be on the network, that is to say, my target, and everything is configured correctly, we will get a meta predator prop when this is over with someone typing exploit. And I'm gonna hit Enter. And it starts up and we'll see what happens here with this particular exploit and it succeeded successfully. So now I am actually on the remote machine. And I can see this by just typing in shell to get a command prompt. Now that is the command prompt of Windows XP, not it's not a calorie crop, okay?

And I can actually go in and I can use whatever commands I want. At this point and exploit and take over this Windows XP machine, but what I've done here is I have done a proof or proof of concept that yes, the machine actually is vulnerable for Ms 08, dash 067, Microsoft Vulcan. That's what we've done. And so what I would do is I would copy or I would actually take a screenshot of this and I would copy and paste this into my report, so that the client would actually see that Hmm, yes, I do have a problem with a critical vulnerability up here on that Windows XP machine. And of course, if you go back into their results, if you go back into the results, you can click on that particular vulnerability and you can get a solution on how to fix it. This is also part of what we do for the client when we do a pen test or where the network administrator or where their offices manager or whatever it is we, what we are, if we click on the bulletin, it'll probably take us out and give us the link for the Microsoft download patch or to tell us how to get to it.

Okay? And that's what we need. And there are the patches right here. All right, so we can get down and we can download the update, the, the update, the critical update that we need to fix that vulnerability. Alright, so that's all I got for this short video presentation. But now, you should know that if you do a NASA scan, you can bro fire up meta sploit.

And you can search for those vulnerabilities. I only searched for one but you're free to search for as many of those vulnerabilities that you want to find up inside of Manasquan. And that's how we do it.