Public Exploit Lab Walkthrough

00:00

Welcome to the public exploit lab walkthrough.

00:06

So let's search and maps can.

00:08

Yeah,

00:13

S. V S C.

00:23

If you realize I make a lot of mistakes with my keyboard, it's because I have a mechanical keyboard here and I don't want to be two Clickety clackety

00:30

when I'm doing these demos. So I'm going off of my

00:34

max uh, keyboard, which I'm not as used to.

00:39

So you'll notice I get I see port 21 21 is open,

00:43

which is our clue. Our first clue.

00:52

So what's port 21

00:55

ftp. Right.

01:00

And you'll notice in these scans there are other ports open and that's to kind of throw you off.

01:08

But you may also see these in the UK labs or whatever. CTF you're doing

01:12

that multiple ports are open and it's a little confusing.

01:26

All right.

01:30

So what's so important 21 21 It's Konica Minolta ftp utility. It was FTp. I should be able to interact with it

01:42

and I did kind of throw this one at you because I changed the port.

01:49

So you'll see that it's on Port 21 21. I can log in trying to log in with anonymous

01:55

and you can see that I don't so I need to figure out how to get on this.

02:00

Well if you google, what's the default

02:02

username and password ftp,

02:06

it's admin,

02:07

pass word

02:10

and you can see you're logged in now. Right,

02:15

So that's our clue there.

02:17

The other clue of course is we have a folder on the desktop that gives us an exploit.

02:23

So Konica Minolta ftp utility 10 is what we're dealing with. Right,

02:29

well let's look at this code here so we know there's MSF venom involved. We know that there's a hard coded I. P. So we of course need to change this

02:40

and I will tell you if you're frustrated in the labs uh and you watch these videos and you're like this takes clint like so it's not it takes them so quickly. So at doing this.

02:53

Well

02:54

the exploitation path when you do it it is quick. It just it takes you hours to figure this out. Sometimes sometimes it doesn't sometimes it takes two minutes.

03:04

So I'm changing this to the I. P. Address of our victim or are other windows box

03:12

And Port 21 21.

03:14

So I need to change this too. Right?

03:16

It's not anonymous.

03:19

It's admin is our user and our password is password.

03:25

Yeah.

03:27

So now what I need to do is take MSF venom.

03:37

Mm.

03:40

You have to love the little

03:44

screen

03:46

from the labs.

03:53

So I'll take this.

03:57

I need to modify this.

04:00

Mhm.

04:00

Yeah.

04:01

Yeah.

04:03

Mhm.

04:04

All right.

04:06

Yeah.

04:08

So we need to make this our box.

04:15

Yeah,

04:15

Listening Ports 4 444.

04:21

Mhm.

04:27

Okay.

04:29

So he grabbed this

04:31

copy it.

04:32

Mhm.

04:36

And what we'll do now is change this.

04:43

Yeah,

04:45

we'll save this.

05:00

Mhm.

05:01

Yeah.

05:09

We need our listener.

05:16

What's your mod plus?

05:19

Mhm.

05:20

X. On exploit.

05:26

And then exploit.

05:28

Doesn't like that.

05:30

Do python two.

05:33

Mhm.

05:35

And there we see we have our show.

05:45

You'll see. I typically run the same command when I'm in a box. Right? Who am I? Or

05:48

I. P.

05:50

Or I'd if I'm on Lennox

05:54

I just want to know who I am and I want to know that I. P. Address to make sure I'm actually on the box that I intended to.

05:59

Sometimes you might find out you're on a different box. So that's always interesting.

06:02

But we know our victim is 1921681175.

06:08

So this can be a short one if people not to modify code and look at it.

06:14

Um or if you're just learning, this could take you a long time to figure out,

06:17

but it's just getting that practice down of looking at that code and modifying it to fit your environment.