1
1

00:00:00,090  -->  00:00:01,600
<v Instructor>Now in the next lectures,</v>
2

2

00:00:01,600  -->  00:00:05,280
we're gonna start talking about server side attacks.
3

3

00:00:05,280  -->  00:00:07,210
I'm gonna teach you what a server is,
4

4

00:00:07,210  -->  00:00:09,660
and we're gonna talk about that in details.
5

5

00:00:09,660  -->  00:00:11,710
But before we jump into this,
6

6

00:00:11,710  -->  00:00:14,530
we need to have a computer or a machine
7

7

00:00:14,530  -->  00:00:19,530
that acts as a server so that we can try to hack into it.
8

8

00:00:19,580  -->  00:00:22,400
So similar to the way that we had a Window's machine
9

9

00:00:22,400  -->  00:00:26,500
to practice attacks that we can launch against normal users,
10

10

00:00:26,500  -->  00:00:28,840
we need to have another virtual machine
11

11

00:00:28,840  -->  00:00:31,090
that behaves like a server,
12

12

00:00:31,090  -->  00:00:34,490
so that we can practice server side attacks against it,
13

13

00:00:34,490  -->  00:00:37,183
and see how we can hack into servers.
14

14

00:00:38,240  -->  00:00:39,770
So the machine that we're gonna use
15

15

00:00:39,770  -->  00:00:43,370
is called Metasploitable and it's a virtual machine
16

16

00:00:43,370  -->  00:00:45,010
that's built on Linux.
17

17

00:00:45,010  -->  00:00:47,870
And it contains a number of services
18

18

00:00:47,870  -->  00:00:51,130
that's typically used by servers.
19

19

00:00:51,130  -->  00:00:54,160
It also contains a number of web applications
20

20

00:00:54,160  -->  00:00:57,660
that act exactly like normal web applications
21

21

00:00:57,660  -->  00:01:01,430
and use the same technologies used by normal servers
22

22

00:01:01,430  -->  00:01:04,100
and normal web applications,
23

23

00:01:04,100  -->  00:01:06,210
so we're gonna install this machine.
24

24

00:01:06,210  -->  00:01:07,700
And then in the future,
25

25

00:01:07,700  -->  00:01:09,800
we're gonna use it as a target
26

26

00:01:09,800  -->  00:01:12,060
to learn how to hack into servers,
27

27

00:01:12,060  -->  00:01:15,330
and how to hack into websites.
28

28

00:01:15,330  -->  00:01:17,880
You can download this from the following link.
29

29

00:01:17,880  -->  00:01:20,610
Now, I've also included this link in the resources
30

30

00:01:20,610  -->  00:01:21,690
of this lecture,
31

31

00:01:21,690  -->  00:01:25,780
which you can access from the top left of each lecture.
32

32

00:01:25,780  -->  00:01:27,230
If you click on this link,
33

33

00:01:27,230  -->  00:01:28,680
you'll get this page
34

34

00:01:28,680  -->  00:01:32,320
which will allow you to download Metasploitable
35

35

00:01:32,320  -->  00:01:33,900
Before you can download it,
36

36

00:01:33,900  -->  00:01:36,950
you're gonna have to fill your information in here.
37

37

00:01:36,950  -->  00:01:39,710
So I'm just gonna fill up anything for a company
38

38

00:01:39,710  -->  00:01:41,743
and anything for a phone number.
39

39

00:01:42,880  -->  00:01:44,800
Now, one thing I'd like to note
40

40

00:01:44,800  -->  00:01:46,980
when it asks you for your email,
41

41

00:01:46,980  -->  00:01:50,250
if you use a normal Gmail account like this one
42

42

00:01:50,250  -->  00:01:51,740
and tries to download
43

43

00:01:52,840  -->  00:01:54,510
you'll see that it's gonna say,
44

44

00:01:54,510  -->  00:01:57,163
this must be a valid company email.
45

45

00:01:58,080  -->  00:02:00,270
So if you do not have a company
46

46

00:02:00,270  -->  00:02:02,840
you can use a fake email in here,
47

47

00:02:02,840  -->  00:02:05,720
all you have to do is just write a name
48

48

00:02:05,720  -->  00:02:08,070
at any company name you want.
49

49

00:02:08,070  -->  00:02:12,633
So I'm just gonna say is Zaid@imaginarcompany.com.
50

50

00:02:13,570  -->  00:02:16,090
Now don't use imaginary company as well,
51

51

00:02:16,090  -->  00:02:17,700
because I don't want a lot of people
52

52

00:02:17,700  -->  00:02:19,970
using the same fake email.
53

53

00:02:19,970  -->  00:02:22,680
But the idea is you just wanna use a name
54

54

00:02:22,680  -->  00:02:25,210
at some other name.com.
55

55

00:02:25,210  -->  00:02:27,750
And this will allow you to bypass all of this.
56

56

00:02:27,750  -->  00:02:30,250
And once you click on submit,
57

57

00:02:30,250  -->  00:02:32,130
you go to the download page.
58

58

00:02:32,130  -->  00:02:35,410
And if we click on download Metasploitable now,
59

59

00:02:35,410  -->  00:02:37,053
it'll download it for me.
60

60

00:02:38,350  -->  00:02:39,960
Now, once it's downloaded,
61

61

00:02:39,960  -->  00:02:41,830
you're gonna have a zip file.
62

62

00:02:41,830  -->  00:02:43,710
And I've already downloaded this.
63

63

00:02:43,710  -->  00:02:46,273
So I have the zip file right here.
64

64

00:02:47,220  -->  00:02:49,180
Sorry, not this one, like this one.
65

65

00:02:49,180  -->  00:02:50,750
So once you uncompressed it,
66

66

00:02:50,750  -->  00:02:52,780
you'll get this directory
67

67

00:02:52,780  -->  00:02:56,860
double click it and you'll see the following files.
68

68

00:02:56,860  -->  00:02:58,620
So we're gonna create a new machine here,
69

69

00:02:58,620  -->  00:03:02,363
in virtual machine and I'm gonna call it Metasploitable.
70

70

00:03:05,100  -->  00:03:07,323
And this is going to be a Linux machine.
71

71

00:03:09,580  -->  00:03:12,030
And I'm gonna hit continue along,
72

72

00:03:12,030  -->  00:03:14,500
and I'll only gonna give it a gigabyte of RAM
73

73

00:03:14,500  -->  00:03:15,350
should be enough.
74

74

00:03:18,310  -->  00:03:21,210
And then I'm gonna use remember with Kali Linux,
75

75

00:03:21,210  -->  00:03:23,630
we created a new virtual hard disk.
76

76

00:03:23,630  -->  00:03:26,390
With this, we're gonna use an existing one.
77

77

00:03:26,390  -->  00:03:28,563
The reason for that is because,
78

78

00:03:29,510  -->  00:03:32,010
the image that we have right now is actually
79

79

00:03:32,010  -->  00:03:34,250
it's designed for VMware Player.
80

80

00:03:34,250  -->  00:03:36,600
So what we're going to do is we're gonna import
81

81

00:03:37,630  -->  00:03:40,990
the hard disk file or the hard disk image in here,
82

82

00:03:40,990  -->  00:03:43,370
so that we're gonna have an already installation
83

83

00:03:43,370  -->  00:03:44,950
without having to install it,
84

84

00:03:44,950  -->  00:03:47,160
the way we installed Kali Linux.
85

85

00:03:47,160  -->  00:03:50,513
So we're just gonna use an existing virtual hard disk file.
86

86

00:03:51,520  -->  00:03:53,040
And I'm just gonna navigate,
87

87

00:03:53,040  -->  00:03:54,530
to select what it is.
88

88

00:03:54,530  -->  00:03:57,560
I'm gonna go into the Metasploitable directory
89

89

00:03:57,560  -->  00:04:02,250
and I'm gonna select the .VMDK file.
90

90

00:04:02,250  -->  00:04:04,003
So it's this file right here.
91

91

00:04:04,980  -->  00:04:09,980
I'm gonna click on open, and create.
92

92

00:04:12,030  -->  00:04:14,493
So we're gonna start this machine right now.
93

93

00:04:17,330  -->  00:04:20,360
Okay, so the machine has run now it's completely installed.
94

94

00:04:20,360  -->  00:04:22,440
As I said, you don't really need to install anything,
95

95

00:04:22,440  -->  00:04:25,890
we just imported a ready installation already hard disk.
96

96

00:04:25,890  -->  00:04:28,400
So it's asking me for the username,
97

97

00:04:28,400  -->  00:04:30,033
and the username is msfadmin.
98

98

00:04:33,561  -->  00:04:37,100
And the password is the same, so it's msfadmin as well.
99

99

00:04:37,100  -->  00:04:40,820
Now you might notice once you start typing the password,
100

100

00:04:40,820  -->  00:04:44,060
you'll see nothing displayed on screen.
101

101

00:04:44,060  -->  00:04:45,950
This is a security feature
102

102

00:04:45,950  -->  00:04:50,330
so that the password is not visible to people beside you.
103

103

00:04:50,330  -->  00:04:52,790
So once you get asked for the password,
104

104

00:04:52,790  -->  00:04:56,430
type msfadmin, and then hit enter.
105

105

00:04:56,430  -->  00:04:58,460
Now I've actually already typed it.
106

106

00:04:58,460  -->  00:05:02,860
So now when I hit Enter You'll see it's gonna log me in.
107

107

00:05:02,860  -->  00:05:05,900
Now this machine already has a terminal interface,
108

108

00:05:05,900  -->  00:05:07,800
as you can see here.
109

109

00:05:07,800  -->  00:05:09,010
And it's giving you a warning
110

110

00:05:09,010  -->  00:05:11,930
that you should never expose this machine
111

111

00:05:11,930  -->  00:05:13,750
to external internet connection
112

112

00:05:13,750  -->  00:05:15,720
because it is a vulnerable machine
113

113

00:05:15,720  -->  00:05:17,420
it is designed to be vulnerable.
114

114

00:05:17,420  -->  00:05:20,290
Now, right now it's only inside our lab,
115

115

00:05:20,290  -->  00:05:22,800
it's on the installed as virtual machine.
116

116

00:05:22,800  -->  00:05:25,900
So literally nobody outside our lab can access it.
117

117

00:05:25,900  -->  00:05:29,070
So this is a really good way of using it.
118

118

00:05:29,070  -->  00:05:31,140
Now this is if the machine is installed.
119

119

00:05:31,140  -->  00:05:32,410
As I said in the future,
120

120

00:05:32,410  -->  00:05:35,380
we're gonna talk about how we're gonna try
121

121

00:05:35,380  -->  00:05:36,730
and hack into this machine.
122

122

00:05:36,730  -->  00:05:38,840
Again, don't be intimidated by the terminal.
123

123

00:05:38,840  -->  00:05:40,170
We're gonna be using it a lot
124

124

00:05:40,170  -->  00:05:43,620
and we're gonna learn how to use it step by step.
125

125

00:05:43,620  -->  00:05:46,090
So at the moment, just we have this installed,
126

126

00:05:46,090  -->  00:05:47,850
and we're gonna move on to the next step.
127

127

00:05:47,850  -->  00:05:49,560
And we will talk about this,
128

128

00:05:49,560  -->  00:05:52,170
once we actually need to use it in the future.
129

129

00:05:52,170  -->  00:05:53,560
So if you wanna turn off this machine,
130

130

00:05:53,560  -->  00:05:57,453
all you have to do is just typing power off and hit Enter.
131

131

00:05:59,830  -->  00:06:01,570
I was telling you that you need to be root.
132

132

00:06:01,570  -->  00:06:04,140
So, again, I'll talk about this later
133

133

00:06:04,140  -->  00:06:05,793
for now sudo power off.
134

134

00:06:07,670  -->  00:06:09,423
So just run the command like this.
135

135

00:06:11,290  -->  00:06:13,483
And it's asking you for the admin password.
136

136

00:06:16,140  -->  00:06:17,840
And that's it, it's going off now.
137

137

00:06:19,300  -->  00:06:21,050
And here we go, the machine is off.