Metasploit

Daniel demonstrates how to gain access to a Windows and Linux server using metasploit. This is one of his favourite tools.
Big thanks to ITProTV for sponsoring this video.
In future videos, he will show us additional tools.
======
Menu:
======
Menu:
0:00 ▶ We like win
0:25 ▶ I am administrator
0:40 ▶ Linux access
1:20 ▶ Password hashes
1:35 ▶ Introduction
1:50 ▶ Metasploit framework overview
2:28 ▶ Why is this one of your favourite tools?
4:05 ▶ Windows and Linux
4:43 ▶ This is a local lab
5:40 ▶ Windows Metasploit demo
6:35 ▶ Eternal Blue overview
7:24 ▶ Start eternalblue
8:35 ▶ Check attack viability
9:35 ▶ Specify target (RHOSTS)
10:32 ▶ Exploit (check hosts)
10:50 ▶ Gain access
11:30 ▶ Reverse shell
13:01 ▶ Set rhosts
13:28 ▶ Set payload
14:08 ▶ Set lhost
14:30 ▶ Set lport
14:53 ▶ Run exploit
15:58 ▶ Win
16:10 ▶ Shell access gained
17:20 ▶ Full Admin access
18:14 ▶ Summary of what was done
18:49 ▶ This is much easier - use automation
20:35 ▶ Why did this work?
21:15 ▶ What about Linux?
21:48 ▶ Linux demo example
22:29 ▶ Linux shell bug
23:50 ▶ Use option
24:39 ▶ Set header
25:06 ▶ Set rhosts
25:35 ▶ Set targeturi
26:17 ▶ Set lhost
26:33 ▶ Exploit
26:55 ▶ shell created
27:07 ▶ Make pretty
28:01 ▶ Use Linux commands
28:27 ▶ Which user account is used
28:51 ▶ Got a remote shell
29:00 ▶ Escalate priv
30:28 ▶ Get admin and root accounts
30:49 ▶ Summary of what we have done
33:03 ▶ What other tools are you going to show us
========================
Download software and VMs:
========================
VM used: www.vulnhub.com/entry/bwapp-bee-box-v16,53/
Kali Linux: www.kali.org/downloads/
================
Links:
================
ITProTV Free Training: davidbombal.wiki/freeitprotv
My ITProTV affiliate link: davidbombal.wiki/itprotv
====================
Connect with Daniel:
====================
LinkedIn: www.linkedin.com/in/daniellowrie
Blog: blog.itpro.tv/author/daniellowrie/
================
Connect with me:
================
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

I like how you are covering every topic in individual videos so we can get a better understanding of what happens in reality.Thanks a lot.

your channel mr Bombal is going step by step to be one of the best of youtube hope it reach 1m subscribers soon because you deserve it

This series is very beneficial for self-taught learners like me. Keep em coming! Love your videos

Thank you David and Daniel for this Video. As always super exciting to watch.

That is just an amazing content from start to finish. Gave you and idea on how to even start your own exploit once you understand the fundamentals which David platform is giving and creating for us. Thank you so much David, Cheers David

I really like how these videos are detailed and beginner friendly .I think you should do more of these hacking tools videos.

David let me tell you something :
YOU ARE AMAZING 🤩
I learn a lot from you and from this channel ..
well done

love the way that you explain, it makes so easy to follow. cheers from argentina!

Now I find this video. Spent 4.5 hrs last on my Kali VM/metasploit FW against Metasploitable 2 VM just to learn what was shown here in 30 minutes. hahahaha. Love this channel. Break it to learn it.

David you and your guest and mean all of them are great Thank you and keep it up

Amazing introduction for beginners like me, thank you 😊

Wow. Very detailed.. when i see other videos its too complicated but in video its very detailed and understandable. I like to change my career and i have a plan to study as cybersecurity. They say for a beginner they offered me penetration testing.

Always Amazing content Mr. David. So helpful and Highly resourceful 💥💥💯

Great and informative. I'm really looking forward to the Burp Suite video.

Love these videos. Metasploit is crazy powerful....one of my favorite tools

Thank youuuuuuuu sooooooo much David everytime I was asking you about bring the metasploit session and here we go , thanks David

Fair Play David as always great content. Big fan of your channel, keep up the good work mate

Thank you David, your channel is helping me to learn alot

The way he build a shell out of python was the most interesting part of this series.💫 Soo cool !

TNice tutorials is much more simple than I thought with you explaining it. Currently half way through and I feel like I know everytNice tutorialng already lmao

As always a another video for helping beginners.
Thank You :)
David

Looking forward to the burp suite episode. Great videos, thanks.

He explained this well. Very detailed

Kami selalu kagum dan tertarik dengan konten Anda Mr. David Bombal
Salam hormat dari INDONESIA

Love these videos! Thanks for the great content

English is not my native but your subtitle is really good for someone like me. Love you david for become youtuber

I was waiting so badly for this video !!

Thanks david your videos are very helpful for me ❤️❤️

Very well done. Easy to follow

Thanks again David and Daniel.

U are really working hard on us

A big thanks from india 🍻
Best metasploit video I've ever seen

Notification in my phone and i'm here .
Thank you for this video..
Keep supporting us.

Big thank you to you David, really appreciate your awesome content

LOVE your videos ❤️ big love from India 🇮🇳

Thanks for the video Sir David!

really nice video! Thank you

When you first meet Daniel you’ll think he’s your neighborhood pharmacist till he owns your machine lol that’s cool man

This is epic I don't have any words😁😁

👍👍👍👍👍great tool-sets to pentest!
Would you guys be showing Tools or Resources that we can use to harden the security. Perhaps tools like: hay i ve found & successfully compromised the target - what would you like me to do next?
1) AutoFix vulnerability [xx% recommended]
2) List tools & resources tt is useful to fix/harden system

Finally, that's I have been waiting for. Hell yes Metaspolit.

Thanks David it's just what i needed cause,i need to make malware to demo on school thanks David

Big thnx to ITPROTV !

Thanks sir for lovely video I needed it ! Thanks sir

Thanks for a great video ..
video idea : what if we don’t have a metasploit, how the exploit can be done? (manually). To know more about what are doing behind the scenes
Thx,

Thanks u so much sir love ur content love from india 🇮🇳

Al fin david, metasploit, saludos desde cuba-españa

Hoping that one day offsec allows us to use this great tool for the oscp :)
Also when Daniel exploits the machines, u can elevate the session from a normal shell to a meterpreter session
U gotta background the session by typing "background" and type y and then type sessions -u Session no. of the shell, where -u means upgrade. Meterpeter sessions r very useful for post exploitation

Another amazing stuff i see

Great Video. Happy to see more hacking content . I have learned alot. But one thing is missing where is MACOS exploits.

Thank you Daniel.

This video makes me want to jump to my computer and play around with it straight away

Everything is great what you do. Please do some videos on CLOUD(AWS)....

Great video like always, may i know if there is any video in your channel how to get the Rhosts from the target and know more information about this kind of protocols.
Thank you David🙏

Awesome content!

Daniel needs to update his Kali, he's still running msf5 i am running msf6. I love your content David.

Congratulations great. good continuation

Thanks for sharing !!😊

Found it! Thanks!

Nice video bro 👍👍

Thank you so much for this video. I love your channel David, lots of information for beginners like me!
I have a question though...why when talking about hacking they always refer to hack Linux and windows but not IOS..? is it because Mac can't be hacked? please bare with me I'm new to the field. Thanks

Very useful video

Love it Mr Bombal

Love u David THxxxxx for HELPPPPP
U are the BESTT!!!!!!!!!!!!!!!!!!!

Great videos as always but the issue I have is trying to get access to a Laptop on my network it comes up with the error This module only supports x64 (64-bit) targets. Anyway round this ?

I want more daniel and david together
On hydra tool , medusa and also social engineeeing toolkit

Metasplot ohh my fav tool

"nah dawg" is one of my favorite phrases to hear from fellow nerds. Don't ask me why but it's something about the strange looks people give me when I say it.

Hi David, thanks for this video. There is an error as below:
Errno::ECONNRESET:Connection reset by peer , any idea what is the issues?? Please advise !!!

what a great vid david

Excellent

David sir please explain me the difference between metasploitable and metasploit also msfvenom?

Hey David, loving Your videos!
I noticed your intro music has changed, can you provide where you too the music from?

is this an appropriate tool for someone trying to break into Bug Bounties? I'm taking cybersecurity courses online as well as HTB entry level CTF's and labs but it is slow going and some instances of their VM's are borked on occasion so following their walkthroughs becomes pointless at times. Thank you in advance.

Thank you guru.

Amazing 👊❤️

Eager to see hash cracker and burbsuit hope also to add login in to window GUI using those creaditial

Is there a good vulnerable VM that works on M1 Macs? Like Metasploitable 3 ? Thanks

Nice David glad to be one of the first vieuwers

This really puts into perspective how much I got to learn and continue learning...so scared of transitioning into an I.T career. Think I got a fighting chance at 30?

Love metasploit

Thanks so much sir can make an bug bounty series on your youtube channel

finally metasploit thanks

thank david I have a question some people say using Metasploit is considered as script kiddy is that true ?

Please make a video on social engineering please
Love you from india🇮🇳🇮🇳🇮🇳

this things should be done when u are in same network

Can you send a book about Metasploit, Python and Ruby, and about Kali Linux in Arabic, and how much will the price of these books be and how much will they be shipped to Iraq?

thanks :)

are the first two addreses from the attacker or from the victim?

-Good video Professor David.
-Well I am a professional IT network engineer preparing me for Linux Administration certification and after Windows AD.
-Analyzing the video in what I understand the cool would be in the next video to explain the exploits.
-Just download and use a ready-made script that goes and gives you access is very kid script for me.
-The cool for me is to analyze and know each command used to gain access to those behind the purchased script.
-In the windows example first, there is a flaw in the windows file tracing protocol in the samba v1 (SMBv1) protocol, it was an exploit that the NSA took in 2017 and warned microsoft and it corrected the following month.
-Including this exploit is suspected to have been created by the NSA (which they deny) and after they fulfilled the objective, they advised Microsoft to do the Path.
-The script must use this exploit to be able to send the payload and with the payload installed it passes you the reverse shell, possibly the script uses DoublePulsar backdoor implant tool and finally having a shell with Admin is game over.
-Better to always use SMBv3 which is the latest version with less vulnerabilities.
-Already on the Linux machine the script made a reverse terminal using Shellshock exploit on port 80 (www do apache server).
-Shellshock 2014 which is a bug caused Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values ​​of environment variables.
-It is already path in any Linux after 2014.
-To set up the shell was at www, again on a drupal server, there it was just going to the path admin and reading the saved password without hash that was the same as the admin of the machine and that's it.
-Cool see this video but only using the script for me is boring so I take one popcorn and ok, and before write this.
-Scritpts for me like this are only funny when I take them and analyze the code to understand what commands Python does in each exploit, but because I'm a blue team and knowing what they use to access vulnerabilities is on my list of what to do to make my network secure.
-In this case just update the system.
-Thanks for the knowledge Professor David ... !!!

Thank you M.r

Plz, teach us how to bypass an antivirus when using eternalblue 🙏

Hi!!!
Can you please put a video on exploiting a machine/android (preferred) using an external IP address, because I couldn't understand port forwarding much plus my router configuration control is completely on my ISP hands, so.... got a lot of doubts in exploiting a device outside my LAN...
Thnx in Advance...

Please do a video about login bypass

Just noticed that Daniel Lowry is in a Prison set up !!!

amazing ❤️❤️❤️❤️❤️❤️❤️❤️

ur a fcking legend dude honestly

❤️‍🔥❤️‍🔥❤️From Sri Lanka

Sir David OP