You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint.
NOP is an instruction in assembly that means no operation, as in "do nothing and go to the next instruction". Its quite useful for many things in the vulnerability/exploit world. They can be used to easily byte patch something, or create a nop sled to make sure the instruction pointer gets to your payload after you've jumped too far if you're still doing buffer overrun challenges from years ago
This video just popped up in my feed, and had a wee peek at your other videos!! Can’t wait to binge watch them all!! Just curious why I didn’t find your channel sooner..of course I subscribed right away!!
Awesome content 👏👏 your presentation is excellent. Im studying my CEH, when i run the labs im often lost on how they draw conclusions on the command sets they chose and its not explained due to the vast array of tools they cram in show casing. Your break downs represent proper "hacking" (problem solving on the fly). Well done!
I knew what metasploit was and what it was used for before today but honestly couldn’t do more than nmap scan, but with using this video, I was able to crack my first server, which was a completely different database and wasn’t able to use any of the methods used in this video which is saying because it didn’t just teach me how to complete a specific task it taught me how to use the tool independently, which is awesome. Really good job making this video.❤❤
I love your hacking Skills i learnt more information above msf thank you and one more i like that you don't cut out your errors, it's much more realistic than the clickbait "how to hack" videos i always see
hey nielsen, with this video I will finish your series on pentesting, thanks a lot. Though I would like to ask where you would recommend for us to test (legally ofc) these new acquired skills? or should we set up VMs and test it on them?
Thanks for the kind words, but you have one more to watch that I just released on Wireshark. :) As for practice, a virtual lab with a few VM's, or tryhackme or hackthebox are good.
Hi sir, thank you for sharing your experience with us, I appreciate it. But i have a troubleshooting with module postgres_readfile, it worked fine with file /etc/passwd, when i changed to /etc/shadow, it showed up File Insufficient Permissions even I run as sudo or root user. Do you have any measures for me, sir , thanks.
The -sS flag in nmap -sS -A specifically tells Nmap to use a SYN scan, also known as a half-open scan. This technique can be stealthier than a full connection because it doesn't complete the TCP handshake. It sends a SYN packet and waits for a response, helping to avoid detection.
Good question, and the third time it's been asked, so I am going to be lazy and cut and paste my reply from down below. "You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint."
wagwan bro i am loving the content,but i am having a slight issue i am running nh kex on my phone and i was following your video up until you used nmap to scan the ip address, it displays permission denied what might be the problem??
It's all done within a VirutalBox environment. I may provide a video on how to create your own lab in the future, if that is something people would have interest in seeing.
I was about to ask the same question as @messmess3438. would be nice to see how to set a lab like this or even if you could do a video in some already-build labs for pen-testing such as hackthebox or so.@@NNAdmin
Please Consider Subscribing by clicking here: studio.ruclips.net/channel/UC39GKRsNps38x7UzydcOZ9w
Follow me on Twitter: twitter.com/NielsenNTWKING
Chapters:
00:00 Introduction
01:42 Metasploit Modules
05:14 Kali Linux Metsaploit Module Location
07:37 Nmap Network Discovery
09:45 Nmap Targeted Scan and Services Review
11:58 Metasploit Login Module for Postgresql
16:52 Metasploit Database Query
19:39 Metasploit Data Exfiltration
23:28 Cracking Hashes with John The Ripper
27:18 Metasploit Meterpeter Shell for Postgresql
31:09 Metasploit VNC Brute Force
36:08 Metasploit NFS Permisson Module (Remotely mount target machine)
40:34 Closing Arguments :)
i like that you don’t cut out your errors, it’s much more realistic than the clickbait “how to hack” videos i always see
FYI there is no need to use the -sV flag when using the -A flag. The -A enables -sV, -O, -sC and -traceroute automatically (nmap)
You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint.
NOP is an instruction in assembly that means no operation, as in "do nothing and go to the next instruction". Its quite useful for many things in the vulnerability/exploit world. They can be used to easily byte patch something, or create a nop sled to make sure the instruction pointer gets to your payload after you've jumped too far if you're still doing buffer overrun challenges from years ago
This video just popped up in my feed, and had a wee peek at your other videos!! Can’t wait to binge watch them all!! Just curious why I didn’t find your channel sooner..of course I subscribed right away!!
Welcome!!
Just found your channel, and must say this video was nothing short of brilliant. You've got a new sub !
Thanks and welcome!
Awesome content 👏👏 your presentation is excellent. Im studying my CEH, when i run the labs im often lost on how they draw conclusions on the command sets they chose and its not explained due to the vast array of tools they cram in show casing. Your break downs represent proper "hacking" (problem solving on the fly). Well done!
Glad it was helpful!
I knew what metasploit was and what it was used for before today but honestly couldn’t do more than nmap scan, but with using this video, I was able to crack my first server, which was a completely different database and wasn’t able to use any of the methods used in this video which is saying because it didn’t just teach me how to complete a specific task it taught me how to use the tool independently, which is awesome. Really good job making this video.❤❤
Thank you, I am so happy to hear you enjoyed it. :) Take care!
honestly you are an amazing instructor/teacher....subscribed!
Thank you, and Welcome aboard!
Nicely done. Thank you for putting the time in on this. Learned a few nice little details.
Glad you enjoyed it!
your channel is so wholesome idk why, subbed and liked
Thank you!
Like before watching and now ready to watch!
The podcast from Jack Resyder with the creator of Metasploit,HD was awesome!!great vid as usual!
THANK You for giving out the whole bunch of brilliant knowledge!!!!!!!!!!!!!!!!!!!!!!!!👍👍👍👍👍👍
So nice of you
Great video. Content is very valuable randomly show ur video but its great explanation with simple easy to understand 🙌
Thanks a lot 😊
I love your hacking Skills i learnt more information above msf thank you and one more i like that you don't cut out your errors, it's much more realistic than the clickbait "how to hack" videos i always see
Glad you like them!
Thank you! I really enjoy your presentation style. 🙂 I didn’t mind your old keyboard ….!
Oh thank you!
Old keyboard best keyboard
Keep clickity clackyting 👍
hey nielsen, with this video I will finish your series on pentesting, thanks a lot. Though I would like to ask where you would recommend for us to test (legally ofc) these new acquired skills? or should we set up VMs and test it on them?
Thanks for the kind words, but you have one more to watch that I just released on Wireshark. :) As for practice, a virtual lab with a few VM's, or tryhackme or hackthebox are good.
@@NNAdmin good to hear, wireshark video is the next on list then! thank you for all the help 🙂
Hi sir, thank you for sharing your experience with us, I appreciate it. But i have a troubleshooting with module postgres_readfile, it worked fine with file /etc/passwd, when i changed to /etc/shadow, it showed up File Insufficient Permissions even I run as sudo or root user. Do you have any measures for me, sir , thanks.
You can try changing the permissions of the shadow file if you are trying to copy?
Like the content... but dang tab to autocomplete. Keyboard sound is okay, this is the first video of yours I've seen.
Thanks
Love these videos
Great video! Did you work a cyber security job ?
Among many other responsibilities.
great tutorial! thanks
Glad you enjoyed it!
Good In depth Tutorials, Can't believe i only found you know
Fantastic videos as always
P.S. your keyboard is still loud lol
Nice video bro! Btw where did you learn all that ?
School, but mostly self taught using available resources like the internet, forums, etc. Real life experience, practice, etc.
Excellent video.
Glad you liked it!
Great content! Why do you combine the -sV with -A doesn't do this version scan already? Just curious, probably I am missing something😅
The -sS flag in nmap -sS -A specifically tells Nmap to use a SYN scan, also known as a half-open scan. This technique can be stealthier than a full connection because it doesn't complete the TCP handshake. It sends a SYN packet and waits for a response, helping to avoid detection.
Why do a -sS (stealth) and a -A (aggressive) together? Doesn’t the -A defeat the purpose of the stealth can? Thanks for your response!
Good question, and the third time it's been asked, so I am going to be lazy and cut and paste my reply from down below.
"You're correct that when employing the -A flag in Nmap, it automatically includes version detection (-sV) along with other features like OS detection (-O), script scanning (-sC), and traceroute. However, we're aiming for a stealthier approach, and the -sS flag initiates a SYN scan, enhancing stealth by avoiding the completion of the TCP handshake. It's a strategic choice when balancing between reconnaissance depth and minimizing your footprint."
wagwan bro i am loving the content,but i am having a slight issue i am running nh kex on my phone and i was following your video up until you used nmap to scan the ip address, it displays permission denied
what might be the problem??
Are you root or using sudo, when you run the command?
Sir can you provide me names for the box. Because in my metasploitable I've only two ports open 1 ssh 2 FTP
Thanks bro
Any time
Love you bro 😊❤
i am now a script kittens. 😂 Thanks for the video.
Have fun!
thanks for sharing your knowledge ///!
My pleasure!
god level content. I wish i could become a hacker like Aiden Pearce.
so this is on local network but u could do this on public one?
Fun stuff!
what is the laboratory environment used? where do you take vulnerable client machines to test attacks on them?
It's all done within a VirutalBox environment. I may provide a video on how to create your own lab in the future, if that is something people would have interest in seeing.
yes! and above all how to obtain vulnerable Windows or Linux machines on which we can train to execute exploits, scans, attacks...@@NNAdmin
@@NNAdmin That would be great to see!
@@NNAdmin It would be awesome if you make a video on creating a lab!
I was about to ask the same question as @messmess3438. would be nice to see how to set a lab like this or even if you could do a video in some already-build labs for pen-testing such as hackthebox or so.@@NNAdmin
I need that old keyboard of yours please.. 😅
Haha, I'll bring it back from time to time :P
is this for begginers?
This is not really for beginners, but it still may be valuable for you to get a glimpse of one of the tools in the industry.
Nice pro it's so great 👍👍👍
I'm glad you like it
Please how can I test intrusion detection system for false positives
why cant i run search postgresql command, thanks before
can you show me to make postgresql or vsftpd vurnable..
So symbolic
💚💚💚
Please try zoom in more
danish?
Very well put together tutorial and very pleasant host
Thank you for your kind words!