Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,820 --> 00:00:08,310
In the previous lecture we saw one of that work related to social engineer to get this lecture going
2
00:00:08,310 --> 00:00:15,820
to see a more advanced tech which will allow us to get full access to the Android device.
3
00:00:15,840 --> 00:00:17,330
So let's see how to do this.
4
00:00:17,400 --> 00:00:27,030
Let's go to the chairman and then launch the social engineering tool kit kit
5
00:00:31,020 --> 00:00:34,140
and choose number one.
6
00:00:34,180 --> 00:00:39,550
Then we're going to choose Web site attack vector which is number two like previous one.
7
00:00:39,690 --> 00:00:50,960
So the two but this time we can use meters play a browser exploit miswrote which is number two.
8
00:00:51,470 --> 00:00:55,520
And this will allow us to create a payload associated to the browser.
9
00:00:55,520 --> 00:01:02,330
So once the user click on the link We're going to get emitted retrocession on the victim machine.
10
00:01:02,360 --> 00:01:08,110
And I believe we explained Zometa operative session in a previous election in the section.
11
00:01:08,120 --> 00:01:17,190
So let's see how it will be done and we're going to type number two and here would you like this Web
12
00:01:17,190 --> 00:01:21,950
sites that will include the payload which includes this malicious code that will allow us to access
13
00:01:21,950 --> 00:01:25,770
Android to be from a web template or from a site cloner.
14
00:01:25,910 --> 00:01:32,400
So I'm going to choose a template for simplicity I I'm going to choose any website.
15
00:01:32,630 --> 00:01:34,960
Are you going to do that or port forwarding.
16
00:01:35,000 --> 00:01:42,560
This will be done on a different letterer and this will be needed in case you do that remotely.
17
00:01:42,560 --> 00:01:49,490
I mean you are compromising an Android device that are not on the same network you are doing that for
18
00:01:49,490 --> 00:01:52,490
someone somewhere else in this attack.
19
00:01:52,550 --> 00:01:57,950
This is a basic attack which we are doing this attack in someone on the same network.
20
00:01:58,040 --> 00:02:00,810
So here are going to choose no.
21
00:02:00,820 --> 00:02:08,870
But later on I'm going to create a remote attack and nothing will change only some network sitting need
22
00:02:08,870 --> 00:02:09,470
to be done.
23
00:02:09,470 --> 00:02:12,230
So we're going to do that in a separate lecture.
24
00:02:12,380 --> 00:02:17,290
What is the IP address that will be receives a connection because this is a reverse connection so as
25
00:02:17,300 --> 00:02:18,750
a victim would be connected to me.
26
00:02:18,770 --> 00:02:25,370
I would not be the who can act as a victim and this is I try to bypass any security.
27
00:02:25,430 --> 00:02:33,560
So in our case our IP of the Linux machine is 1 9 2 1 6 8 2 1 0 1 0 3
28
00:02:37,490 --> 00:02:41,980
which template would you like to have Google of required.
29
00:02:41,980 --> 00:02:44,430
Let me have Google one more time.
30
00:02:46,810 --> 00:02:58,780
And here will be is the payload that will be added to the fake website so we can use the number 8 or
31
00:02:58,780 --> 00:03:02,830
number 9 which is the java applet remote code execution.
32
00:03:02,860 --> 00:03:05,780
This would be a message that will give us a full.
33
00:03:05,970 --> 00:03:11,980
I'm going to use number 8 because it's more effective if not is that most of them are Microsoft and
34
00:03:11,980 --> 00:03:15,460
Adobe so only 8 and 9 Araba.
35
00:03:15,490 --> 00:03:17,070
And this just keep getting updated.
36
00:03:17,080 --> 00:03:21,430
I mean maybe it will have a different number of neurons these tools because they keep updating this
37
00:03:21,430 --> 00:03:23,250
list.
38
00:03:24,140 --> 00:03:28,450
Then what do you need to have once you get the payload will be running.
39
00:03:28,450 --> 00:03:34,690
I need to have emitter pressurisation which is number two reverse interpreter which means the clatters
40
00:03:34,710 --> 00:03:39,900
a victim will be connected to my machine because the opposite of reverse is the bind connection which
41
00:03:39,900 --> 00:03:47,880
is my computer connect to the victim and if the victim is behind the firewall or has any security software
42
00:03:47,880 --> 00:03:48,800
this would be dropped.
43
00:03:49,050 --> 00:03:51,740
But when the victim would be connected back to me.
44
00:03:51,900 --> 00:03:53,930
Most probably this will be successful.
45
00:03:54,130 --> 00:03:57,750
So I'm going to use an operator then which port you'll be using.
46
00:03:57,750 --> 00:04:03,600
I mean you receive a connection on your IP which I just wrote one man to and succeeded to under-23.
47
00:04:03,960 --> 00:04:09,600
But you should specify as reporters when and by default they are giving support for 4C which I suggest
48
00:04:09,600 --> 00:04:16,280
you keep the same because this is HTP support and most people are familiar with using such force.
49
00:04:16,290 --> 00:04:18,780
So it will not be suspicion anyway.
50
00:04:20,250 --> 00:04:27,870
And as you can see it's going to take a few seconds and it will be ready what I need to send to the
51
00:04:27,870 --> 00:04:33,770
victim will be the IP of my machine with the port.
52
00:04:34,270 --> 00:04:34,980
So
53
00:04:40,730 --> 00:04:41,780
with dequeue second
54
00:05:15,080 --> 00:05:19,850
minute to pause for a few seconds until they finish and it's done.
55
00:05:19,980 --> 00:05:28,870
Moser So yep this is the IP that you need to sends the victim 1 and 2 and 6 8 1 on screen which is your
56
00:05:28,870 --> 00:05:37,180
local IP with the port number which is full 4C if you are doing that to attack a remote Android device
57
00:05:37,180 --> 00:05:39,980
you need to change this private IP was a public IP.
58
00:05:39,980 --> 00:05:42,210
I just explained in the previous letter.
59
00:05:42,580 --> 00:05:47,740
But not to confuse you we're going to do that right now in a simple way.
60
00:05:48,010 --> 00:05:51,160
And then later on I'm going to have to do that remotely.
61
00:05:51,220 --> 00:06:00,140
So let's jump to our machine and I prepared in an e-mail that will be sent to the victim an email resumes
62
00:06:00,190 --> 00:06:05,230
we're going to see how to manipulate this immensely strong and we're going to type IP 1 and 2 and 6
63
00:06:05,290 --> 00:06:10,740
8 or 200 one seriously call on for four-CD
64
00:06:13,380 --> 00:06:16,380
for Ford City and
65
00:06:20,320 --> 00:06:27,280
I told you previously that we can change that we can choose any short website to change the link instead
66
00:06:27,280 --> 00:06:32,930
of having close bunch of numbers it could be like you are in.
67
00:06:33,170 --> 00:06:36,000
And now let's go to the device.
68
00:06:38,140 --> 00:06:40,210
And then let me open my email
69
00:06:43,370 --> 00:06:51,770
gay code to my email.
70
00:06:52,040 --> 00:07:01,470
See you fresh Here we go and let's see what would happen if we comes.
71
00:07:01,860 --> 00:07:02,380
You mean
72
00:07:07,940 --> 00:07:15,740
see you as you can see we are getting a metropolitan session on the
73
00:07:18,320 --> 00:07:23,510
victim mobile and we explain how to utilize this metal decision.
74
00:07:23,870 --> 00:07:29,150
And by the way you may notice that it will keep closing and opening and another admitted later this
75
00:07:29,150 --> 00:07:29,900
is normal.
76
00:07:30,230 --> 00:07:33,250
After a few times you know it will be stable.
77
00:07:33,560 --> 00:07:45,110
So it's quite easy to like keep trying that until you get a successful session but you're getting the
78
00:07:45,110 --> 00:07:52,010
idea and then you know how using an interpreter session you can get full access to the machine.
79
00:07:52,010 --> 00:07:55,340
This has been explained on a sort of forced transaction.
80
00:07:55,610 --> 00:08:00,700
So once you get the Metropolitan session you've got a full access on the device.
81
00:08:00,890 --> 00:08:08,900
So what we did we created a fake Web site and or web sites that include the payload the malicious payload
82
00:08:08,930 --> 00:08:12,500
and once the victim opens the website we get a full access on the machine.
83
00:08:12,530 --> 00:08:18,440
It's different than the previous lecture where we just capture the username and password.
8740
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.