Description:
This is Part 4 of the Metasploit Megaprimer series.
Please begin this series by starting by watching Part 1 of the Metasploit Megaprimer series, if you have not already done so.In this video, we will complete our quest to learn about Stdapi commands and then look at the Priv extension. In order to understand how to use the enumdesktops, setdesktop, getdesktop and uictl commands, it is important to understand the concepts of windows stations and the desktops. We go through a basic primer on this first and they try out various commands. Among other things we learn how to monitor and capture keystrokes during the logon process. The we move on to the Priv extension where we look at the hashdump and timestomp commands in detail.
Would request you all to leave your feedback in the comments section below the video!
In the next video, we will learn about the basics of windows tokens and impersonation, and then look at the incognito extension, along with the sniffer and Espia extensions.Please watch this video in FULL SCREEN mode.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
terrific videos
Outstanding. No complaints at all!
Very in-depth knowledge, this is like one stop for everything. Havent checked the whole website as of now, but do you have videos for other tools like wireshark, nmap, traceroute?
The way you covered, i.e by practical examples is priceless. I might even suggest these videos to the Profs in University to show them to the students.
Great job!
VR: Thank you so much for this video. Despite you being sick you have taken the time to help us noobs. Much appreciated.
I am a very visual person and your coverage of the material is excellent. As Scada said the practical examples are just wonderful. Ty, ty, thank you!.
Great videos.Sir i need a bit of help.I successfully opened a meterpreter session.
But i get an error "operation timed out" each time i try to use enumdesktops.Also i cannot migrate to explorer.exe.What could be the possible reasons for these errors.And how do I rectify them.Thanks !!!!
I must say that the knowledge that you how is of Yoda!!!!!!
Excellent!
Thanks, loving these videos.
awesome.
Your Doing Great Sir
u always say awesome.. just like that we too say to u..
ur damn awesome...
My only complaint is the number of notes I am taking. :)
Another great megaprimer! Thanks for sharing all of this! o/
@Vivek : Thatz awesome set of videos you have. Kudos to your knowledge and ur at ur best in tutoring... one thing i noticed is that when you used timestomp command almost at the end of this video, from meterpreter, you set the date and time and the time you set is 12:12:34. But when you go back to victim and check the properties of the file, the time displayed over there is something like 11:42:?? PM.
Why is that difference in time.?? I couldnot figure it out..?
Any help would be highly appreciated.
@sriram.devang
I think I just figured it out. The time is set to UTC +6. What funnily enough is the middle of China (What the ...?). To calculate your time delay check out this pic from Wikipedia.
http://upload.wikimedia.org/wikipedia/commons/c/cd/Timezones2010.png
So if you want to change the timestamps you have to consider the time difference between your location and the UTC +6 location.
For example, to get the right time in Germany you have to set the time -6 hours. Now it is 22:37:00, minus 6 would be 16:37:00. If you put this into your timestomp command, you get the 22:37:00 timestamp in your properties again (what actually is the right time).
Hope i could help you out.
And to Vivek. Thank you, you are doing a really great job.
Best regards form Germany
Vivek i found a problem when i'm in meterpreter and want to change directory from place to another in windows, i cant because there are spaces
what can i do?
Thank you for another great video!
@Dayou use double quotes, for example c:\"documents and settings"... I think that should work!
you can also (this worked on ubuntu at least) use escape slashes to allow the space, so cd C:\Documents\ and\ Settings
ONE of those should work :)
Love the videos Vivek-- I hope to do a volatility one as soon as my lab comes out of storage!
Thanks again! Great video!
Hey Vivek....!
Your videos are awsome on security tube.I could get the chance to the see this site/video's at the right time.
Firstly,a one stop for the Biginers to start-up in the field of Infosec.I wish i could have seen this a year back.
Secondly, request you to please make many more video's and in perticular to Web-application Pentesting,Vulnerability-Exploit research,Current windows and Linux Securities in place.
Thirdly,request you to come-up with the concept of Real-Time challenge's, where in user's are given some challengs to explore their skill set's.
And also come up with some forem kind of stuff where some of the security tool development stuff can be discussed and the user's caan come up with their view's and contribution of code.
All this extension is what makes metepreter cool as compare to a normal command shell BUT that is if you can find an exploit successfully of course ...
thank you mate its good and awesome
Thanks for all the comments guys! We have launched a SecurityTube Metasploit Framework Expert Certification today:
http://www.securitytube.net/smfe
The first 25 signups will receive discounted seats! Please hurry :)
i understand now why you make matrix pic in your profile.... awesome well done !!!!
Great series of videos. Thank you!
very nice , Thanks for Sharing
Para conhecer o metasploit mais a fundo visite o fórum Amantes do Metasploit, lá você vai encontrar muito material em português
http://www.amantesdometasploit.com.br
I need someone who is capable of hacking* websites & accessing their email database
I don't need scraping,web crawling or extractors
I need this sites HACKED so I gain access to their email DB
I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$
per website and 10-20 websites monthly,which will increase upon delivery of faster & quality
service
Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY
LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE
PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com
Cheers
Vivek, You are a saint to the community. Great work! THANK YOU!
You are just great, thanks a lot!
i dont have the words to tell u how good a tutor u are ...... it just great.....
As always, great stuff.