Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,820 --> 00:00:08,310 In the previous lecture we saw one of that work related to social engineer to get this lecture going 2 00:00:08,310 --> 00:00:15,820 to see a more advanced tech which will allow us to get full access to the Android device. 3 00:00:15,840 --> 00:00:17,330 So let's see how to do this. 4 00:00:17,400 --> 00:00:27,030 Let's go to the chairman and then launch the social engineering tool kit kit 5 00:00:31,020 --> 00:00:34,140 and choose number one. 6 00:00:34,180 --> 00:00:39,550 Then we're going to choose Web site attack vector which is number two like previous one. 7 00:00:39,690 --> 00:00:50,960 So the two but this time we can use meters play a browser exploit miswrote which is number two. 8 00:00:51,470 --> 00:00:55,520 And this will allow us to create a payload associated to the browser. 9 00:00:55,520 --> 00:01:02,330 So once the user click on the link We're going to get emitted retrocession on the victim machine. 10 00:01:02,360 --> 00:01:08,110 And I believe we explained Zometa operative session in a previous election in the section. 11 00:01:08,120 --> 00:01:17,190 So let's see how it will be done and we're going to type number two and here would you like this Web 12 00:01:17,190 --> 00:01:21,950 sites that will include the payload which includes this malicious code that will allow us to access 13 00:01:21,950 --> 00:01:25,770 Android to be from a web template or from a site cloner. 14 00:01:25,910 --> 00:01:32,400 So I'm going to choose a template for simplicity I I'm going to choose any website. 15 00:01:32,630 --> 00:01:34,960 Are you going to do that or port forwarding. 16 00:01:35,000 --> 00:01:42,560 This will be done on a different letterer and this will be needed in case you do that remotely. 17 00:01:42,560 --> 00:01:49,490 I mean you are compromising an Android device that are not on the same network you are doing that for 18 00:01:49,490 --> 00:01:52,490 someone somewhere else in this attack. 19 00:01:52,550 --> 00:01:57,950 This is a basic attack which we are doing this attack in someone on the same network. 20 00:01:58,040 --> 00:02:00,810 So here are going to choose no. 21 00:02:00,820 --> 00:02:08,870 But later on I'm going to create a remote attack and nothing will change only some network sitting need 22 00:02:08,870 --> 00:02:09,470 to be done. 23 00:02:09,470 --> 00:02:12,230 So we're going to do that in a separate lecture. 24 00:02:12,380 --> 00:02:17,290 What is the IP address that will be receives a connection because this is a reverse connection so as 25 00:02:17,300 --> 00:02:18,750 a victim would be connected to me. 26 00:02:18,770 --> 00:02:25,370 I would not be the who can act as a victim and this is I try to bypass any security. 27 00:02:25,430 --> 00:02:33,560 So in our case our IP of the Linux machine is 1 9 2 1 6 8 2 1 0 1 0 3 28 00:02:37,490 --> 00:02:41,980 which template would you like to have Google of required. 29 00:02:41,980 --> 00:02:44,430 Let me have Google one more time. 30 00:02:46,810 --> 00:02:58,780 And here will be is the payload that will be added to the fake website so we can use the number 8 or 31 00:02:58,780 --> 00:03:02,830 number 9 which is the java applet remote code execution. 32 00:03:02,860 --> 00:03:05,780 This would be a message that will give us a full. 33 00:03:05,970 --> 00:03:11,980 I'm going to use number 8 because it's more effective if not is that most of them are Microsoft and 34 00:03:11,980 --> 00:03:15,460 Adobe so only 8 and 9 Araba. 35 00:03:15,490 --> 00:03:17,070 And this just keep getting updated. 36 00:03:17,080 --> 00:03:21,430 I mean maybe it will have a different number of neurons these tools because they keep updating this 37 00:03:21,430 --> 00:03:23,250 list. 38 00:03:24,140 --> 00:03:28,450 Then what do you need to have once you get the payload will be running. 39 00:03:28,450 --> 00:03:34,690 I need to have emitter pressurisation which is number two reverse interpreter which means the clatters 40 00:03:34,710 --> 00:03:39,900 a victim will be connected to my machine because the opposite of reverse is the bind connection which 41 00:03:39,900 --> 00:03:47,880 is my computer connect to the victim and if the victim is behind the firewall or has any security software 42 00:03:47,880 --> 00:03:48,800 this would be dropped. 43 00:03:49,050 --> 00:03:51,740 But when the victim would be connected back to me. 44 00:03:51,900 --> 00:03:53,930 Most probably this will be successful. 45 00:03:54,130 --> 00:03:57,750 So I'm going to use an operator then which port you'll be using. 46 00:03:57,750 --> 00:04:03,600 I mean you receive a connection on your IP which I just wrote one man to and succeeded to under-23. 47 00:04:03,960 --> 00:04:09,600 But you should specify as reporters when and by default they are giving support for 4C which I suggest 48 00:04:09,600 --> 00:04:16,280 you keep the same because this is HTP support and most people are familiar with using such force. 49 00:04:16,290 --> 00:04:18,780 So it will not be suspicion anyway. 50 00:04:20,250 --> 00:04:27,870 And as you can see it's going to take a few seconds and it will be ready what I need to send to the 51 00:04:27,870 --> 00:04:33,770 victim will be the IP of my machine with the port. 52 00:04:34,270 --> 00:04:34,980 So 53 00:04:40,730 --> 00:04:41,780 with dequeue second 54 00:05:15,080 --> 00:05:19,850 minute to pause for a few seconds until they finish and it's done. 55 00:05:19,980 --> 00:05:28,870 Moser So yep this is the IP that you need to sends the victim 1 and 2 and 6 8 1 on screen which is your 56 00:05:28,870 --> 00:05:37,180 local IP with the port number which is full 4C if you are doing that to attack a remote Android device 57 00:05:37,180 --> 00:05:39,980 you need to change this private IP was a public IP. 58 00:05:39,980 --> 00:05:42,210 I just explained in the previous letter. 59 00:05:42,580 --> 00:05:47,740 But not to confuse you we're going to do that right now in a simple way. 60 00:05:48,010 --> 00:05:51,160 And then later on I'm going to have to do that remotely. 61 00:05:51,220 --> 00:06:00,140 So let's jump to our machine and I prepared in an e-mail that will be sent to the victim an email resumes 62 00:06:00,190 --> 00:06:05,230 we're going to see how to manipulate this immensely strong and we're going to type IP 1 and 2 and 6 63 00:06:05,290 --> 00:06:10,740 8 or 200 one seriously call on for four-CD 64 00:06:13,380 --> 00:06:16,380 for Ford City and 65 00:06:20,320 --> 00:06:27,280 I told you previously that we can change that we can choose any short website to change the link instead 66 00:06:27,280 --> 00:06:32,930 of having close bunch of numbers it could be like you are in. 67 00:06:33,170 --> 00:06:36,000 And now let's go to the device. 68 00:06:38,140 --> 00:06:40,210 And then let me open my email 69 00:06:43,370 --> 00:06:51,770 gay code to my email. 70 00:06:52,040 --> 00:07:01,470 See you fresh Here we go and let's see what would happen if we comes. 71 00:07:01,860 --> 00:07:02,380 You mean 72 00:07:07,940 --> 00:07:15,740 see you as you can see we are getting a metropolitan session on the 73 00:07:18,320 --> 00:07:23,510 victim mobile and we explain how to utilize this metal decision. 74 00:07:23,870 --> 00:07:29,150 And by the way you may notice that it will keep closing and opening and another admitted later this 75 00:07:29,150 --> 00:07:29,900 is normal. 76 00:07:30,230 --> 00:07:33,250 After a few times you know it will be stable. 77 00:07:33,560 --> 00:07:45,110 So it's quite easy to like keep trying that until you get a successful session but you're getting the 78 00:07:45,110 --> 00:07:52,010 idea and then you know how using an interpreter session you can get full access to the machine. 79 00:07:52,010 --> 00:07:55,340 This has been explained on a sort of forced transaction. 80 00:07:55,610 --> 00:08:00,700 So once you get the Metropolitan session you've got a full access on the device. 81 00:08:00,890 --> 00:08:08,900 So what we did we created a fake Web site and or web sites that include the payload the malicious payload 82 00:08:08,930 --> 00:08:12,500 and once the victim opens the website we get a full access on the machine. 83 00:08:12,530 --> 00:08:18,440 It's different than the previous lecture where we just capture the username and password. 8740