How to Get a Shell on a Remote Machine by Exploiting a Vulnerability in Apache

Daniel demonstrates how to gain access to a Windows and Linux server using metasploit. This is one of his favourite tools. Big thanks to ITPro.TV for sponsoring this video. In future videos, he will show us additional tools. ====== Menu: ====== Menu: We like win: 0:00 I am administrator: 0:25 Linux access: 0:40 Password hashes: 1:20 Introduction: 1:35 Metasploit framework overview: 1:50 Why is this one of your favourite tools? 2:28 Windows and Linux: 4:05 This is a local lab: 4:43 Windows Metasploit demo: 5:40 Eternal Blue overview: 6:35 Start eternalblue: 7:24 Check attack viability: 8:35 Specify target (RHOSTS): 9:35 Exploit (check hosts): 10:32 Gain access: 10:50 Reverse shell :11:30 Set rhosts: 13:01 Set payload: 13:28 Set lhost: 14:08 Set lport: 14:30 Run exploit: 14:53 Win: 15:58 Shell access gained: 16:10 Full Admin access: 17:20 Summary of what was done: 18:14 This is much easier - use automation: 18:49 Why did this work? 20:35 What about Linux? 21:15 Linux demo example: 21:48 Linux shell bug: 22:29 Use option 5: 23:50 Set header: 24:39 Set rhosts: 25:06 Set targeturi: 25:35 Set lhost: 26:17 Exploit: 26:33 shell created: 26:55 Make pretty: 27:07 Use Linux commands: 28:01 Which user account is used: 28:27 Got a remote shell :28:51 Escalate priv: 29:00 Get admin and root accounts: 30:28 Summary of what we have done: 30:49 What other tools are you going to show us: 33:03 ======================== Download software and VMs: ======================== VM used: https://www.vulnhub.com/entry/bwapp-b... Kali Linux: https://www.kali.org/downloads/ ================ Links: ================ ITProTV Free Training: http://davidbombal.wiki/freeitprotv My ITProTV affiliate link: http://davidbombal.wiki/itprotv ==================== Connect with Daniel: ==================== LinkedIn: https://www.linkedin.com/in/daniellowrie Blog: https://blog.itpro.tv/author/daniello... ================ Connect with me: ================ Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal metasploit metasploit framewaork eternalblue eternal blue ethernal champion smb windows linux linux apache apache kali kali linux cybersecurity cybersecurity careers ceh oscp itprotv ejpt cissp ceh v10 elearn security oscp certification Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!