Hands on, Interactive, Penetration Testing & Ethical Hacking

Prep for OSCP, Learn Ethical Hacking and Penetration Testing, Metasploit, BYPASS AnitVirus, Pivoting, Powershell EMPIRE

Created byNick Smith

Last updated 6/2017

English

What you'll learn

Choose the right exploitation methods with 100% practical hands on examples of real life scenarios.
Be able to 'hack' into a system by understanding flaws and weakness's in configurations using your logic and problem solving skills.
Be able to 'hack' into a system by understanding flaws and weakness's in configurations using your logic and problem solving skills.
Be able to 'hack' into a system by understanding flaws and weakness's in configurations using your logic and problem solving skills.

Course content

2 sections • 23 lectures • 3h 6m total length

Navigation around the Console, Shortcut Keys, Searching and Time Saving Key Tips14:34
In this video, we go over the key navigation points within Metasploit and touch on Handlers, Payloads, Jobs and sessions.
Understanding OS Finger Printing for Information Gathering Purposes7:07
Learn how to gather information on your targets, this is arguably the most important phase of all. This is also known as "reconnaissance" and without it you wont be able to focus your energy in the right area. Spend a lot of time gathering as much information about your targets as this will help you to understand how to conquer them.
Understanding the famous MS08_067_netapi Exploit7:00
Description - Link https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi
"This module exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP targets seem to handle multiple successful exploitation events, but 2003 targets will often crash or hang on subsequent attempts. This is just the first version of this module, full support for NX bypass on 2003, along with other platforms, is still in development."
Upgrading Command Shells to Meterpreter5:06
In this lecture we gain a Command Shell (which is a DOS Prompt to you and I), and upgrade that DOS prompt to a meterpreter Shell. This will give us the ability to utilize more advanced exploitation techniques than simply having a shell and is usually the first point of getting any Command Shell. The Meterpreter session sits in memory so doesn't get triggered by Anti Virus Software of which is vital to being undetected whilst running through engagements.
Denial Of Service - MS12-020 MS Remote Desktop Use After Free7:32
During any Penetration Test, you will come across techniques that might, by design, perform a Denial Of Service which will leave the machine you are attacking, frozen, Blue Screened if in Windows, or simply reboot. It is important to know what these are so you don't accidentally try them. Your scope with your client will probably not allow you to perform DOS attacks intentionally, so make sure you're confident of what you're doing before your do it. This example in Windows (MS12020) has an availability checker that you can report to your clients the susceptibility of the DOS.
Exploitation - Web Script Delivery in PowerShell14:08
This time we look at the 'Web script Delivery' module. This module is a great module to learn as it gives you a quick and easy route to gather a new session to the box if you already have access to it. Say you manage to find the credentials and RDP onto a box, you can generate a script in PowerShell, run it and receive a session back on that box.

This also comes in PHP and Pearl flavors if these are relevant to your scenario.

This demonstration shows the bare bones of how to create a session, but in reality it would be rather unlikely for the victim to copy the code into a command box as shown in the video.

Part of being on the attacker side is to think of ways to execute code like this. You could for example, embed the code into a Macro of a Windows Excel or Word Document to automatically run when the file is opened.
Creating AutoRun Scripts for Fast Code Execution5:08
Using an AutoRunScript can be a great technique to automate tasks and also allow you to speed up manual tasks & remove human error. This is great for migrating process's to evade antivirus when touching disk.
Post Exploitation - Gathering Hashes - Cracking with JTR and OPHCRACK6:22
During your pentest, you will you will need to move around into different machines and gather credentials in order to do so. Here we look at how to gather hashes and crack them to re use these on other systems.
We look at using the popular tools like JTR (John The Ripper) & OPHCrack
Post Exploitation - Mimikatz Usage for Password Recovery7:14
Here we look at harnessing the power of Mimikatz.
Mimikatz is a post exploitation tool to gather passwords from compromised machines. Mimikatz isn't documented very well from within the Metasploit Module, so it's useful to see it in action fully.
Post Exploitation - 'Pass the Hash' - (update) What it is and how to use it10:21
Pass the Hash or PTH - Is a post exploitation method designed to allow you to give the NTLM Hash discovered from a previous exploit or from a 'hashdump' directly into the password field. This is an incredibly useful method when you don't have the time nor the resources to crack the hashes and need to gain further access and compromise your next machine.
Post Exploitation - 'Pivoting' (Compromise Sessions through Sessions!)19:23
In this lecture we look at Pivoting.
Pivoting is used to access internal networks by utilizing the initial exploited machine.
Post Exploitation - Using the 'ask' Module6:32
This Lecture looks at the 'ask' module. This module is uses as a Privilege Escalation Tactic that displays a message to the user 'asking' the user if it's 'ok' to run a program. If the user agrees, and has local admin privileges, then a new session is spawned with NT AUTHORITY\SYSTEM.
Persistence5:47
This lecture is all about Persistence.
Persistence is the method of resuming a session after the compromised machine has crashed, been restarted on simply that the session has died for some other reason.
Covering Your Tracks! - Don't Get Caught.....4:00
After we have completed our engagement we now need to remove all traces that we connected. In this video we look at clear the windows Event log in Event Viewer. We wouldn't want anyone to know what we've been doing now would we ....

Installation and Basic Setup5:56
In this video we look at how to install, update and configure Empire ready for use.
Navigation around the Console, Shortcut Keys, Searching and Time Saving Key Tips8:02
In this video we look at the key commands needed to move around the Empire application to familiarize ourselves with the application.
Creating Base64 encoded Powershell Stagers14:08
In this video we will look at the differences between different types of encoded payloads. Starting from a standard powershell payload to a base64 encoded payload and how these are executed by looking at the pros and cons of how they are deployed.
Creating a Component Scriptlet Stager to create shells!3:01
This time we look at the creating a Windows component script-let file that we execute by using the "unregister" function! This is a nifty way to create shells.

As always we also bypass Anti-Virus and Endpoint Security Systems as the payload inside the script-let doesn't touch disk-space..
Interacting with 'Agents'6:37
This time we look at how we interact with our Empire Agents that are now established on our system.
Privilege Escalation - 'Bypass UAC' - 3 Different Methods!6:41
Privilege Escalation - 'Ask' Module5:08
This video looks out attempting privilege escalation using the 'BypassUAC' method through Empire.
Migrate to a 'SYSTEM' user and *Try to use mimikatz!6:15
Like with all things in PenTesting, you don't always get the results you want!
This video is about trying different methods to achieve our goal.
Empire to Metasploit to Harvest passwords10:04
Now we go to migrate between Empire and Metasploit in order to use different modules when we have issues with one application.
If at first you don't succeed.....

Requirements

Students are requested to have root access to a system with multiple Operating Systems to mirror exactly what the course describes to illustrate learning. Please make sure you have a 500GB HDD and create sufficient space on each Virtual Machine.
You need to have a passion for computing, with this you can go far. Without it, you will get bored.

Description

This course has been designed to fill a hole in the market that no other course will give you with hands on step by step tutorials that this visual learning experience provides. This course allows you to follow, in real time, each stage of the engagement that you can tweak and train your skills from over and over again!

You will get the latest tools and techniques using Rapid 7's Superb tool, 'Metasploit', to exploit targets as well as run post exploitation techniques and utilize PowerShell with 'Empire'

The course will visually engage with 'Empire', a post exploitation tool, used to harness the power of Powershell to further exploit Microsoft Windows Operating systems where poor configurations and overlooked policy have been deployed.

The course will start with an understanding of how to move around Metasploit, basic key strokes to get from one section of the framework to another, and together, we will exploit our first system, work out what we can and cant do, how to keep it if something goes wrong, and how to leave the session without being tracked. We will learn how to not be seen by Intrusion Detection Systems and Evade Anti-Virus Software used by professional Penetration Testers around the globe. The course will then look at Empire, again we will start with the basics of moving around, how to gain our sessions known as 'agents', escalate our privileges if required and migrate over to the Metasploit framework. This gives us the beast of both worlds!

You will learn how to be professional in your methodology and help you to gain a foothold in the field.

I will teach you by visual learning and not simply speaking over presentations. Theory is good but this course will get you up and running with little to no knowledge at all. This is the course I really wish i had learning Penetration Testing as it answers the questions that are not a simple Google away.

Who this course is for:

This course is designed at anyone with a passion for Network Security. If your a Red Team member looking to exploit weakness's and expose vulnerabilities for you clients or a Blue Teamer looking to protecte your network perimeter or mitigate from insider threats these labs will help your understanding by using visual examples to prove methodology.

Hands on, Interactive, Penetration Testing & Ethical Hacking

What you'll learn

Explore related topics

Course content

Metasploit14 lectures • 2hr

Powershell Empire9 lectures • 1hr 6min

Requirements

Description

Who this course is for: