You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint.
This video just popped up in my feed, and had a wee peek at your other videos!! Can’t wait to binge watch them all!! Just curious why I didn’t find your channel sooner..of course I subscribed right away!!
NOP is an instruction in assembly that means no operation, as in "do nothing and go to the next instruction". Its quite useful for many things in the vulnerability/exploit world. They can be used to easily byte patch something, or create a nop sled to make sure the instruction pointer gets to your payload after you've jumped too far if you're still doing buffer overrun challenges from years ago
I knew what metasploit was and what it was used for before today but honestly couldn’t do more than nmap scan, but with using this video, I was able to crack my first server, which was a completely different database and wasn’t able to use any of the methods used in this video which is saying because it didn’t just teach me how to complete a specific task it taught me how to use the tool independently, which is awesome. Really good job making this video.❤❤
hey nielsen, with this video I will finish your series on pentesting, thanks a lot. Though I would like to ask where you would recommend for us to test (legally ofc) these new acquired skills? or should we set up VMs and test it on them?
Thanks for the kind words, but you have one more to watch that I just released on Wireshark. :) As for practice, a virtual lab with a few VM's, or tryhackme or hackthebox are good.
Awesome content 👏👏 your presentation is excellent. Im studying my CEH, when i run the labs im often lost on how they draw conclusions on the command sets they chose and its not explained due to the vast array of tools they cram in show casing. Your break downs represent proper "hacking" (problem solving on the fly). Well done!
Hi sir, thank you for sharing your experience with us, I appreciate it. But i have a troubleshooting with module postgres_readfile, it worked fine with file /etc/passwd, when i changed to /etc/shadow, it showed up File Insufficient Permissions even I run as sudo or root user. Do you have any measures for me, sir , thanks.
I love your hacking Skills i learnt more information above msf thank you and one more i like that you don't cut out your errors, it's much more realistic than the clickbait "how to hack" videos i always see
Good question, and the third time it's been asked, so I am going to be lazy and cut and paste my reply from down below. "You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint."
It's all done within a VirutalBox environment. I may provide a video on how to create your own lab in the future, if that is something people would have interest in seeing.
I was about to ask the same question as @messmess3438. would be nice to see how to set a lab like this or even if you could do a video in some already-build labs for pen-testing such as hackthebox or so.@@NNAdmin
The -sS flag in nmap -sS -A specifically tells Nmap to use a SYN scan, also known as a half-open scan. This technique can be stealthier than a full connection because it doesn't complete the TCP handshake. It sends a SYN packet and waits for a response, helping to avoid detection.
wagwan bro i am loving the content,but i am having a slight issue i am running nh kex on my phone and i was following your video up until you used nmap to scan the ip address, it displays permission denied what might be the problem??
Please Consider Subscribing by clicking here: studio.th-cam.com/channels/39GKRsNps38x7UzydcOZ9w.html
Follow me on Twitter: twitter.com/NielsenNTWKING
Chapters:
00:00 Introduction
01:42 Metasploit Modules
05:14 Kali Linux Metsaploit Module Location
07:37 Nmap Network Discovery
09:45 Nmap Targeted Scan and Services Review
11:58 Metasploit Login Module for Postgresql
16:52 Metasploit Database Query
19:39 Metasploit Data Exfiltration
23:28 Cracking Hashes with John The Ripper
27:18 Metasploit Meterpeter Shell for Postgresql
31:09 Metasploit VNC Brute Force
36:08 Metasploit NFS Permisson Module (Remotely mount target machine)
40:34 Closing Arguments :)
i like that you don’t cut out your errors, it’s much more realistic than the clickbait “how to hack” videos i always see
Been watching ethical hacking for a while now, you are the very first one that actually knows how to explain extremely well so congrats!
Thank you for your kind words!
FYI there is no need to use the -sV flag when using the -A flag. The -A enables -sV, -O, -sC and -traceroute automatically (nmap)
You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint.
Just found your channel, and must say this video was nothing short of brilliant. You've got a new sub !
Thanks and welcome!
This video just popped up in my feed, and had a wee peek at your other videos!! Can’t wait to binge watch them all!! Just curious why I didn’t find your channel sooner..of course I subscribed right away!!
Welcome!!
NOP is an instruction in assembly that means no operation, as in "do nothing and go to the next instruction". Its quite useful for many things in the vulnerability/exploit world. They can be used to easily byte patch something, or create a nop sled to make sure the instruction pointer gets to your payload after you've jumped too far if you're still doing buffer overrun challenges from years ago
honestly you are an amazing instructor/teacher....subscribed!
Thank you, and Welcome aboard!
THANK You for giving out the whole bunch of brilliant knowledge!!!!!!!!!!!!!!!!!!!!!!!!👍👍👍👍👍👍
So nice of you
your channel is so wholesome idk why, subbed and liked
Thank you!
I knew what metasploit was and what it was used for before today but honestly couldn’t do more than nmap scan, but with using this video, I was able to crack my first server, which was a completely different database and wasn’t able to use any of the methods used in this video which is saying because it didn’t just teach me how to complete a specific task it taught me how to use the tool independently, which is awesome. Really good job making this video.❤❤
Thank you, I am so happy to hear you enjoyed it. :) Take care!
hey nielsen, with this video I will finish your series on pentesting, thanks a lot. Though I would like to ask where you would recommend for us to test (legally ofc) these new acquired skills? or should we set up VMs and test it on them?
Thanks for the kind words, but you have one more to watch that I just released on Wireshark. :) As for practice, a virtual lab with a few VM's, or tryhackme or hackthebox are good.
@@NNAdmin good to hear, wireshark video is the next on list then! thank you for all the help 🙂
Nicely done. Thank you for putting the time in on this. Learned a few nice little details.
Glad you enjoyed it!
Like before watching and now ready to watch!
Great video. Content is very valuable randomly show ur video but its great explanation with simple easy to understand 🙌
Thanks a lot 😊
The podcast from Jack Resyder with the creator of Metasploit,HD was awesome!!great vid as usual!
Awesome content 👏👏 your presentation is excellent. Im studying my CEH, when i run the labs im often lost on how they draw conclusions on the command sets they chose and its not explained due to the vast array of tools they cram in show casing. Your break downs represent proper "hacking" (problem solving on the fly). Well done!
Glad it was helpful!
Hi sir, thank you for sharing your experience with us, I appreciate it. But i have a troubleshooting with module postgres_readfile, it worked fine with file /etc/passwd, when i changed to /etc/shadow, it showed up File Insufficient Permissions even I run as sudo or root user. Do you have any measures for me, sir , thanks.
You can try changing the permissions of the shadow file if you are trying to copy?
I love your hacking Skills i learnt more information above msf thank you and one more i like that you don't cut out your errors, it's much more realistic than the clickbait "how to hack" videos i always see
Glad you like them!
Good In depth Tutorials, Can't believe i only found you know
great tutorial! thanks
Glad you enjoyed it!
Thanks bro
Any time
Excellent video.
Glad you liked it!
Great video! Did you work a cyber security job ?
Among many other responsibilities.
Thank you! I really enjoy your presentation style. 🙂 I didn’t mind your old keyboard ….!
Oh thank you!
Old keyboard best keyboard
Keep clickity clackyting 👍
Nice video bro! Btw where did you learn all that ?
School, but mostly self taught using available resources like the internet, forums, etc. Real life experience, practice, etc.
Love these videos
Why do a -sS (stealth) and a -A (aggressive) together? Doesn’t the -A defeat the purpose of the stealth can? Thanks for your response!
Good question, and the third time it's been asked, so I am going to be lazy and cut and paste my reply from down below.
"You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint."
what is the laboratory environment used? where do you take vulnerable client machines to test attacks on them?
It's all done within a VirutalBox environment. I may provide a video on how to create your own lab in the future, if that is something people would have interest in seeing.
yes! and above all how to obtain vulnerable Windows or Linux machines on which we can train to execute exploits, scans, attacks...@@NNAdmin
@@NNAdmin That would be great to see!
@@NNAdmin It would be awesome if you make a video on creating a lab!
I was about to ask the same question as @messmess3438. would be nice to see how to set a lab like this or even if you could do a video in some already-build labs for pen-testing such as hackthebox or so.@@NNAdmin
Great content! Why do you combine the -sV with -A doesn't do this version scan already? Just curious, probably I am missing something😅
The -sS flag in nmap -sS -A specifically tells Nmap to use a SYN scan, also known as a half-open scan. This technique can be stealthier than a full connection because it doesn't complete the TCP handshake. It sends a SYN packet and waits for a response, helping to avoid detection.
Love you bro 😊❤
is this for begginers?
This is not really for beginners, but it still may be valuable for you to get a glimpse of one of the tools in the industry.
wagwan bro i am loving the content,but i am having a slight issue i am running nh kex on my phone and i was following your video up until you used nmap to scan the ip address, it displays permission denied
what might be the problem??
Are you root or using sudo, when you run the command?
thanks for sharing your knowledge ///!
My pleasure!
Like the content... but dang tab to autocomplete. Keyboard sound is okay, this is the first video of yours I've seen.
Thanks
Fantastic videos as always
P.S. your keyboard is still loud lol
so this is on local network but u could do this on public one?
i am now a script kittens. 😂 Thanks for the video.
Have fun!
Sir can you provide me names for the box. Because in my metasploitable I've only two ports open 1 ssh 2 FTP
yes.
Please how can I test intrusion detection system for false positives
So symbolic
💚💚💚
I need that old keyboard of yours please.. 😅
Haha, I'll bring it back from time to time :P
god level content. I wish i could become a hacker like Aiden Pearce.
can you show me to make postgresql or vsftpd vurnable..
why cant i run search postgresql command, thanks before
Fun stuff!
Please try zoom in more
danish?
Very well put together tutorial and very pleasant host
Thank you for your kind words!