Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,700 --> 00:00:10,560 In this lecture I'm going to start with the first step which is creating a malicious Android and convinces 2 00:00:10,560 --> 00:00:14,620 a victim to install it on his Android devices. 3 00:00:15,180 --> 00:00:20,670 And once he installs the app on the device we're going to have access on these devices. 4 00:00:20,710 --> 00:00:26,570 Now this will be done on phases so I'm going to show you how that can be done. 5 00:00:26,580 --> 00:00:30,370 How can you get full access on the device. 6 00:00:30,420 --> 00:00:35,980 We can shred the logs or contact the open can open so my full. 7 00:00:36,000 --> 00:00:39,940 Excellent advice then I'm going to show you how to tune that. 8 00:00:39,960 --> 00:00:49,160 How can you change Zeichen should become or change the app so it will be merged as a regular app. 9 00:00:49,470 --> 00:00:53,580 How to convince the victim easily to install that. 10 00:00:54,330 --> 00:00:58,100 So we're going to do that on faces now before we start. 11 00:00:58,110 --> 00:01:04,860 I just want to let you know that many people do not consider to install anti-virus on of MacGuire or 12 00:01:04,860 --> 00:01:06,010 on their tablet. 13 00:01:06,330 --> 00:01:11,860 They only install that on the computers which is completely wrong because as you can see during this 14 00:01:11,860 --> 00:01:20,860 section going to many attacks how easy it is compliance even if you have an antivirus installed on the 15 00:01:22,350 --> 00:01:23,750 victim machine. 16 00:01:23,860 --> 00:01:25,760 Still it can be bypassed. 17 00:01:26,100 --> 00:01:28,020 So let's see. 18 00:01:28,920 --> 00:01:32,980 So the first they were going to go to the next machine. 19 00:01:33,630 --> 00:01:40,950 And before you stop we need to make sure that clinics are all the same that this actually is a primary 20 00:01:40,950 --> 00:01:44,030 attack on the first I think I'm going to show you how to compromise. 21 00:01:44,390 --> 00:01:46,480 More buy ins is on the senator. 22 00:01:46,770 --> 00:01:49,700 Later on we're going to see how to compromise. 23 00:01:50,190 --> 00:01:55,790 So as I explained this would be Choom and nothing would be related to that. 24 00:01:55,830 --> 00:01:57,560 It's all network sitting. 25 00:01:58,050 --> 00:02:04,170 So first let's see how to do that in a simple way then we're going to need to make it very very realistic 26 00:02:05,550 --> 00:02:07,890 before starting that think I need to do the following. 27 00:02:07,890 --> 00:02:17,580 I need to go to the sitting manager and say of my virtual machine and I need to make sure that the network 28 00:02:17,580 --> 00:02:19,240 adapter it's on the senator. 29 00:02:19,370 --> 00:02:22,510 It's you have to select Bridgett by default. 30 00:02:22,510 --> 00:02:24,600 That virtual machine has in that setting. 31 00:02:24,600 --> 00:02:30,500 But in this case you can use Bridgett and to make sure that we are on the same network. 32 00:02:30,600 --> 00:02:42,180 We are going to open the terminal and check the IP of my Linux machine config which is 1 and 2 and 6 33 00:02:42,190 --> 00:02:47,240 is that one that one's will see and I can check my MacGuire this way. 34 00:02:47,790 --> 00:02:54,000 If you don't know how to to the setting up some wire and check IP you can install an app that is a nice 35 00:02:54,510 --> 00:02:57,320 school Id like this one it's a free app. 36 00:02:57,540 --> 00:02:58,090 Click on it. 37 00:02:58,100 --> 00:03:01,190 It will show you your public IP and your private bank. 38 00:03:01,500 --> 00:03:12,450 So in our case our private IPs 1 and 2 and 6 1 1 0 4 which is on the Senate or both of them are starting 39 00:03:12,450 --> 00:03:15,080 with one and two and six is that window. 40 00:03:15,080 --> 00:03:24,180 And then one those three and four that we need to create the figure and add to that think they know 41 00:03:24,660 --> 00:03:28,170 it's a malicious code that will be executed on the victims. 42 00:03:28,530 --> 00:03:30,880 I would also comment on that fine. 43 00:03:30,900 --> 00:03:35,110 I will attach this file to the lectures we don't have to worry about memorizing the company. 44 00:03:35,130 --> 00:03:36,930 We just go write it down together. 45 00:03:37,080 --> 00:03:41,460 You can copy and paste but let's write it down to explaining why we are writing them. 46 00:03:41,910 --> 00:03:50,880 So first comer is a massive venom and this is creating a B minus speed to create the payload and then 47 00:03:51,200 --> 00:03:58,130 we're going to type the name of the Android right. 48 00:03:59,070 --> 00:04:10,690 Slash metor writer slash read verse on those. 49 00:04:10,720 --> 00:04:22,500 Or GCP now saying I already explained that it's a split second verse GCP means that the victim will 50 00:04:22,500 --> 00:04:26,570 be connected to my machine and this will bypass your router firewall. 51 00:04:26,910 --> 00:04:30,910 Any security setting because the connection will be reversed. 52 00:04:30,920 --> 00:04:37,590 Well if you connect opposite which is binding connection most probably it's not very effective and the 53 00:04:37,590 --> 00:04:43,630 security will drop the connection so the reverse disappears is much more effective Zometa. 54 00:04:43,710 --> 00:04:51,060 It is a very very powerful payload that will give you full access on a mobile device that I need to 55 00:04:51,060 --> 00:04:52,720 put the payload setting. 56 00:04:52,920 --> 00:05:01,360 I mean I write down the speed at which machines are right here and host could be kept that it's Linux 57 00:05:01,540 --> 00:05:03,100 it's consensus. 58 00:05:03,490 --> 00:05:13,310 And then you can put the IP of your local machine can Linux machine which is 1 9 2 1 6 8 2 1 2 1 0 see. 59 00:05:13,830 --> 00:05:17,760 So so sorry no no please. 60 00:05:17,920 --> 00:05:24,150 So let me repeat it as if we know dumb. 61 00:05:24,210 --> 00:05:27,280 My NSP is an android 62 00:05:29,960 --> 00:05:30,790 maker 63 00:05:34,210 --> 00:05:48,690 and really is that is all GCP and the host and Ikorodu going to put their local IP which is 1 9 2 2 64 00:05:48,880 --> 00:05:55,520 1 6 the victim might be our idea because most probably would not be aware of spectrum might be but wonder 65 00:05:55,530 --> 00:05:56,980 of wonders. 66 00:05:57,580 --> 00:06:03,090 So no Calpol is any connection need to be done through a specific board. 67 00:06:04,360 --> 00:06:06,710 I can put any port. 68 00:06:06,940 --> 00:06:16,470 It's better to use any higher than 1024 but is a port 443 which is should be a spoof. 69 00:06:16,660 --> 00:06:23,710 And this is because if someone is scanning the system and finds that the victim is connected to a device 70 00:06:24,570 --> 00:06:31,600 put forth we suspect that this is a hack device or that his device has been hacked because this is a 71 00:06:31,600 --> 00:06:41,220 regular port that anyone can connect to is related to actually a service that are greater than 3000 72 00:06:41,320 --> 00:06:48,580 in Linux mean whatever output of that array directed to somewhere and I'm gonna lightening up the app. 73 00:06:48,850 --> 00:06:52,020 I'm going to name it. 74 00:06:52,500 --> 00:06:54,820 But you can name whatever you want. 75 00:06:54,880 --> 00:07:00,220 Game anything you want and click on it. 76 00:07:00,400 --> 00:07:04,980 Now this is a basic way it will be working in many most of the bars. 77 00:07:05,290 --> 00:07:12,840 But you can even make it more enhanced You can encoded or encrypted the anti-virus will not detected. 78 00:07:12,840 --> 00:07:16,460 The victim has an anti-virus from his wife. 79 00:07:16,600 --> 00:07:23,970 You can see that there is a lot of things that can be done to make this application very hard to detect. 80 00:07:24,520 --> 00:07:31,830 We can even begin to think later on in the section how to merge this application with one regular order. 81 00:07:32,290 --> 00:07:35,360 Normally zapping picture has been created. 82 00:07:35,620 --> 00:07:41,440 And he's saying that you know it can be encrypted it can be and this is the size and where it will be 83 00:07:41,440 --> 00:07:48,940 safe to be saved and hopefully if you go here to the file manager and go to your home you should find 84 00:07:50,950 --> 00:07:53,710 it took a picture. 85 00:07:54,760 --> 00:07:56,830 So this is the first phase. 86 00:07:57,220 --> 00:07:58,110 Second. 87 00:07:58,210 --> 00:08:00,470 Let's go to our mobile device. 8914