Hey, everybody.

Welcome to the next video.

So we're going to be talking briefly about misconfiguration.

Now, what are misconfiguration?

It is a configuration of any kind that allows an attacker to gain a foothold into the machine or the network or on a service.

Now, this can vary from anything from a configuration file, holding some passwords or maybe configuring a service in a particular way that makes it vulnerable, such as having no authentication enabled.

Take it on experience and learn as you go, because you're going to find when you're looking up certain services, for example, that you'll see, oh, if it's in this configuration, it's honorable to this.

You can do this.

You can do that.

Sometimes looking at the config file, understanding what it does is a good rate is a good way to go about it, because you might see something pretty obvious.

So it's just getting more familiar with with the services and with red teams, a little about a lot when it comes to some of these services.

So knowing how to set up Apache, knowing what the basic config files look like is pretty important when you're trying to attack a machine that has Apache.

So knowing where the logs are by default.

Now, why is this important to us?

This can be the difference between gaining access or not at all or our ability to escalate privileges, or even you find passwords that are in clear text, such as in configuration files or just sitting on disk.

It's very easy to find the, for example, database passwords are tend to be stored in a config file in the webroot and for escalating privileges.

This can be something like I said, permission, sticky bits, etc..

So some examples.

So ETEK past a beauty that holds the hashes sometimes this is the shadow.

However, if you can add a user to password, then you can get access to the machine.

So this having global right access by by accident could allow anybody the ability to write to this file and create users and set the permissions in groups that they go into, which is just as dangerous because they can set it to the group.

So a configuration file that's viewable without authentication from outside the host of somebody dumped a config Ironi file in their webroot that their website uses.

There's a reason why Web applications, if they have a config file locally, they use a P or some other interpreted language.

That's not clear text.

And if they load the file, it doesn't just load the text right of the screen.

So simple stuff like just dumping it into the into a root of a directory can be a problem or enabling sticky bits on a binary that could be used to elevate privileges such as V.I. or man or anything else that might be of use and might be of interest.

So when we go through the rest of the course, just keep an eye out for configurations.

It's always good to look at what some of the defaults are because sometimes defaults, for example, usernames and passwords that are default that are left that way.

That is a misconfiguration.

And you'll find out a lot when you go out and start attacking machines, especially on an enterprise where you are looking at dev networks and Korp networks.

People bring up services that have default usernames and passwords all the time, and sometimes you can use certain tools in the Web app to start spawning a shell from that point forward.

So it's important.

Just keep this in the back of your mind.

We're going to run into configurations a little bit later.

Such when we get into the post exploitation side of the course, such as for like Windows services and stuff like that.

However, at least for now, just keep this in the back of your head.

That configuration is something you're going to have to learn over time as you get more familiar with some of the products that you're going to be working with.