subtitlecat.com

All language subtitles for [English (United States)] Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours _ Ethical Hacking Tutorial _ Edureka [DownSub.com]

Afrikaans

Akan

Albanian

Amharic

Arabic

Armenian

Azerbaijani

Basque

Belarusian

Bemba

Bengali

Bihari

Bosnian

Breton

Bulgarian

Cambodian

Catalan

Cebuano

Cherokee

Chichewa

Chinese (Simplified)

Chinese (Traditional)

Corsican

Croatian

Czech

Danish

Dutch

English

Esperanto

Estonian

Ewe

Faroese

Filipino

Finnish

French

Frisian

Galician

Georgian

German

Greek

Guarani

Gujarati

Haitian Creole

Hausa

Hawaiian

Hebrew

Hindi

Hmong

Hungarian

Icelandic

Igbo

Indonesian

Interlingua

Irish

Italian Download

Japanese

Javanese

Kannada

Kazakh

Kinyarwanda

Kirundi

Kongo

Korean

Krio (Sierra Leone)

Kurdish

Kurdish (Soranî)

Kyrgyz

Laothian

Latin

Latvian

Lingala

Lithuanian

Lozi

Luganda

Luo

Luxembourgish

Macedonian

Malagasy

Malay

Malayalam

Maltese

Maori

Marathi

Mauritian Creole

Moldavian

Mongolian

Myanmar (Burmese)

Montenegrin

Nepali

Nigerian Pidgin

Northern Sotho

Norwegian

Norwegian (Nynorsk)

Occitan

Oriya

Oromo

Pashto

Persian

Polish

Portuguese (Brazil)

Portuguese (Portugal)

Punjabi

Quechua

Romanian

Romansh

Runyakitara

Russian

Samoan

Scots Gaelic

Serbian

Serbo-Croatian

Sesotho

Setswana

Seychellois Creole

Shona

Sindhi

Sinhalese

Slovak

Slovenian

Somali

Spanish

Spanish (Latin American)

Sundanese

Swahili

Swedish

Tajik

Tamil

Tatar

Telugu

Thai

Tigrinya

Tonga

Tshiluba

Tumbuka

Turkish

Turkmen

Twi

Uighur

Ukrainian

Urdu

Uzbek

Vietnamese

Welsh

Wolof

Xhosa

Yiddish

Yoruba

Zulu

Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:06,800 --> 00:00:08,770 Hi guys, my name is Aarya and I'm going 2 00:00:08,770 --> 00:00:11,000 to be your instructor for this course today. 3 00:00:11,000 --> 00:00:13,327 So in this Ethical Hacking full course video, 4 00:00:13,327 --> 00:00:15,971 we'll be learning almost everything that is required 5 00:00:15,971 --> 00:00:18,200 for you to get started as an Ethical Hacker. 6 00:00:18,200 --> 00:00:20,156 So come let's quickly go over the topics 7 00:00:20,156 --> 00:00:22,399 that we are going to be covering today firstly. 8 00:00:22,399 --> 00:00:25,100 We're going to be going to the basics of cyber security 9 00:00:25,100 --> 00:00:25,972 and cryptography 10 00:00:25,972 --> 00:00:28,100 where we'll be learning the key concepts 11 00:00:28,100 --> 00:00:30,632 of confidentiality integrity and availability 12 00:00:30,632 --> 00:00:32,900 and how the cryptography Concepts also tie 13 00:00:32,900 --> 00:00:34,700 into the whole picture next. 14 00:00:34,700 --> 00:00:36,600 We'll be looking at some cyber threats. 15 00:00:36,600 --> 00:00:37,248 We be seeing 16 00:00:37,248 --> 00:00:39,847 how the Cyber threads actually affect our computer 17 00:00:39,847 --> 00:00:42,500 and then we will also see how we can mitigate them. 18 00:00:42,500 --> 00:00:44,097 After which we will be looking 19 00:00:44,097 --> 00:00:46,000 into the history of ethical hacking. 20 00:00:46,000 --> 00:00:47,497 We learn how this all began 21 00:00:47,497 --> 00:00:49,939 in the Massachusetts Institute of Technology. 22 00:00:49,939 --> 00:00:52,763 And then we will be looking into the fundamentals 23 00:00:52,763 --> 00:00:55,670 of networking and ethical hacking in this will be learning 24 00:00:55,670 --> 00:00:56,556 the various tools 25 00:00:56,556 --> 00:00:57,321 that are used 26 00:00:57,321 --> 00:01:00,100 in ethical hacking and also the network architectures. 27 00:01:00,100 --> 00:01:02,000 These tools are used in after this. 28 00:01:02,000 --> 00:01:03,300 We will be having a look 29 00:01:03,300 --> 00:01:05,625 into what the most famous operating systems 30 00:01:05,625 --> 00:01:06,400 that is there. 31 00:01:06,400 --> 00:01:07,519 That is Kali Linux. 32 00:01:07,519 --> 00:01:09,508 Kali Linux is used by ethical hackers 33 00:01:09,508 --> 00:01:11,000 and penetration testers all 34 00:01:11,000 --> 00:01:12,900 around the world will be learning 35 00:01:12,900 --> 00:01:13,763 how to install this 36 00:01:13,763 --> 00:01:16,150 on our local systems will be learning the tools 37 00:01:16,150 --> 00:01:17,300 that come along with it 38 00:01:17,300 --> 00:01:19,900 and Bash we should be using them after that. 39 00:01:19,900 --> 00:01:22,100 We'll be learning about penetration testing 40 00:01:22,100 --> 00:01:22,900 and penetration. 41 00:01:22,900 --> 00:01:24,800 Testing is a subset of ethical hacking. 42 00:01:25,100 --> 00:01:28,141 So in this we will be learning about a tool called Metasploit 43 00:01:28,141 --> 00:01:30,074 and using Metasploit will be learning. 44 00:01:30,074 --> 00:01:32,679 Learn more about vulnerability analysis and how we 45 00:01:32,679 --> 00:01:35,500 can install back doors in different computer systems 46 00:01:35,500 --> 00:01:36,600 and take advantages 47 00:01:36,600 --> 00:01:40,100 of these vulnerabilities now nmap is also another tool 48 00:01:40,100 --> 00:01:42,249 that we are going to be discussing in this course, 49 00:01:42,249 --> 00:01:43,200 we will be learning 50 00:01:43,200 --> 00:01:45,316 how we can use nmap to gather information 51 00:01:45,316 --> 00:01:46,551 from our networks and 52 00:01:46,551 --> 00:01:49,767 how we can use this information to our advantage after that. 53 00:01:49,767 --> 00:01:52,445 We'll be learning deeply about three cyber attacks 54 00:01:52,445 --> 00:01:54,563 that are there in this industry first 55 00:01:54,563 --> 00:01:58,100 is cross-site scripting secondly distributed denial of service 56 00:01:58,100 --> 00:02:00,100 and thirdly SQL injection attacks. 57 00:02:00,200 --> 00:02:03,000 Now we be doing these attacks ourselves on dummy targets 58 00:02:03,000 --> 00:02:04,800 and learning more about these attacks 59 00:02:04,800 --> 00:02:07,850 and how they are orchestrated and thus we will be learning 60 00:02:07,850 --> 00:02:09,400 more about how we can mitigate them. 61 00:02:09,400 --> 00:02:12,100 If we actually become ethical hackers now, 62 00:02:12,100 --> 00:02:13,400 we will also be discussing 63 00:02:13,400 --> 00:02:16,400 some very Advanced cryptography methods called steganography, 64 00:02:16,400 --> 00:02:19,000 which is basically used for hiding digital code 65 00:02:19,000 --> 00:02:22,535 inside images last but not the least we will be also discussing 66 00:02:22,535 --> 00:02:25,100 how you could become an ethical hacker yourself. 67 00:02:25,100 --> 00:02:27,300 So we'll be discussing a roadmap will also 68 00:02:27,300 --> 00:02:29,841 be discussing the job profiles that are there in the industry. 69 00:02:29,841 --> 00:02:31,842 Re and we will also be discussing the companies 70 00:02:31,842 --> 00:02:34,495 that are hiring for these job profiles along with the salaries 71 00:02:34,495 --> 00:02:35,800 that they are trying to offer. 72 00:02:36,100 --> 00:02:39,000 Also, we won't be leaving hanging right there will also 73 00:02:39,000 --> 00:02:41,620 be discussing the 50 most common interview questions 74 00:02:41,620 --> 00:02:43,675 that come along with these job profiles 75 00:02:43,675 --> 00:02:44,800 so that you can snag 76 00:02:44,800 --> 00:02:48,346 that job interview and if you do like our content in the end, 77 00:02:48,346 --> 00:02:49,700 please leave us a like, 78 00:02:49,700 --> 00:02:50,832 please leave a comment 79 00:02:50,832 --> 00:02:53,200 if you want to and do hit the Subscribe button 80 00:02:53,200 --> 00:02:55,200 so that you can join our ever-growing 81 00:02:55,200 --> 00:02:56,600 community of learners. 82 00:03:01,800 --> 00:03:03,179 It can be rightfully said 83 00:03:03,179 --> 00:03:05,533 that today's generation lives on the internet 84 00:03:05,533 --> 00:03:08,094 and we generally users are almost ignorant as to 85 00:03:08,094 --> 00:03:09,800 how those random bits of ones 86 00:03:09,800 --> 00:03:12,150 and zeros Rich securely to a computer. 87 00:03:12,150 --> 00:03:15,200 It's not magic its work and sweat that makes sure 88 00:03:15,200 --> 00:03:18,814 that your packets reach to you on sniffed today Ira ball 89 00:03:18,814 --> 00:03:19,800 from at Eureka. 90 00:03:19,800 --> 00:03:22,664 I'm here to tell you guys about how cybersecurity makes 91 00:03:22,664 --> 00:03:23,900 this all possible now 92 00:03:23,900 --> 00:03:26,190 before we begin let me brief you all about the topics 93 00:03:26,190 --> 00:03:27,600 that we're going to cover today. 94 00:03:27,600 --> 00:03:29,598 So basically we're going to ask three questions. 95 00:03:29,598 --> 00:03:30,898 Options that are important 96 00:03:30,898 --> 00:03:33,100 to cybersecurity firstly we're going to see why 97 00:03:33,100 --> 00:03:35,500 cyber security is needed next we're going to see 98 00:03:35,500 --> 00:03:37,128 what exactly is cyber security 99 00:03:37,128 --> 00:03:39,894 and in the end I'm going to show you also a scenario 100 00:03:39,894 --> 00:03:42,800 how cybersecurity can save a whole organization 101 00:03:42,800 --> 00:03:44,449 from organized cybercrime. 102 00:03:44,449 --> 00:03:44,767 Okay. 103 00:03:44,767 --> 00:03:46,100 So let's get started. 104 00:03:46,200 --> 00:03:49,500 Now as I just said we are living in a digital era 105 00:03:49,500 --> 00:03:52,415 whether it be booking a hotel room ordering some dinner 106 00:03:52,415 --> 00:03:53,717 or even booking a cab. 107 00:03:53,717 --> 00:03:56,600 We're constantly using the internet and inherently 108 00:03:56,600 --> 00:03:59,900 constantly generating data this data is generally He 109 00:03:59,900 --> 00:04:01,000 stored on the cloud 110 00:04:01,100 --> 00:04:04,100 which is basically a huge data server or data center 111 00:04:04,100 --> 00:04:05,918 that you can access online. 112 00:04:05,918 --> 00:04:07,395 Also, we use an array 113 00:04:07,395 --> 00:04:10,556 of devices to access this data now for a hacker. 114 00:04:10,556 --> 00:04:11,700 It's a golden age 115 00:04:11,700 --> 00:04:14,700 with so many access points public IP addresses 116 00:04:14,700 --> 00:04:15,700 and constant traffic 117 00:04:15,700 --> 00:04:18,944 and tons of data to exploit black hat hackers are having 118 00:04:18,944 --> 00:04:21,423 one hell of a time exploiting vulnerabilities 119 00:04:21,423 --> 00:04:23,100 and creating malicious software 120 00:04:23,100 --> 00:04:25,764 for the same above that cyber attacks are evolving 121 00:04:25,764 --> 00:04:28,000 by the day hackers are becoming smarter 122 00:04:28,000 --> 00:04:29,900 and more creative with their malware's. 123 00:04:29,900 --> 00:04:31,671 And how they bypass virus scans 124 00:04:31,671 --> 00:04:33,900 and firewalls still baffled many people. 125 00:04:33,900 --> 00:04:36,000 Let's go through some of the most common types 126 00:04:36,000 --> 00:04:37,000 of cyber attacks now, 127 00:04:37,500 --> 00:04:40,600 so as you guys can see I've listed out eight cyber attacks 128 00:04:40,600 --> 00:04:43,300 that have plagued us since the beginning of the internet. 129 00:04:43,300 --> 00:04:44,888 Let's go through them briefly. 130 00:04:44,888 --> 00:04:46,000 So first on the list, 131 00:04:46,000 --> 00:04:48,149 we have General malware's malware is 132 00:04:48,149 --> 00:04:51,500 an all-encompassing term for a variety of cyber threats 133 00:04:51,500 --> 00:04:53,141 including Trojans viruses 134 00:04:53,141 --> 00:04:55,938 and worms malware is simply defined as code 135 00:04:55,938 --> 00:04:57,263 with malicious intent 136 00:04:57,263 --> 00:04:59,600 that typically steals data or destroy. 137 00:04:59,600 --> 00:05:01,700 On the computer next on the list. 138 00:05:01,700 --> 00:05:04,400 We have fishing often posing as a request for data 139 00:05:04,400 --> 00:05:07,400 from a trusted third party phishing attacks are sent 140 00:05:07,400 --> 00:05:10,100 via email and ask users to click on a link 141 00:05:10,100 --> 00:05:13,281 and enter the personal data phishing emails have gotten 142 00:05:13,281 --> 00:05:16,693 much more sophisticated in recent years making it difficult 143 00:05:16,693 --> 00:05:19,500 for some people to discern a legitimate request 144 00:05:19,500 --> 00:05:23,100 for information from a false one phishing emails often fall 145 00:05:23,100 --> 00:05:25,908 into the same category as spam but are more harmful 146 00:05:25,908 --> 00:05:28,229 than just a simple ad next on the list. 147 00:05:28,229 --> 00:05:29,514 We have password attacks. 148 00:05:29,514 --> 00:05:32,226 It's a password attack is exactly what it sounds 149 00:05:32,226 --> 00:05:35,400 like a third party trying to gain access to your system. 150 00:05:35,400 --> 00:05:37,300 My tracking a user's password. 151 00:05:37,300 --> 00:05:38,600 Next up is DDOS 152 00:05:38,600 --> 00:05:41,200 which stands for distributed denial-of-service 153 00:05:41,200 --> 00:05:42,300 DDOS attack focuses 154 00:05:42,300 --> 00:05:45,023 on disrupting the service of a network a darker send 155 00:05:45,023 --> 00:05:46,200 High volumes of data 156 00:05:46,200 --> 00:05:47,800 or traffic through the network 157 00:05:47,800 --> 00:05:50,035 that is making a lot of connection requests 158 00:05:50,035 --> 00:05:52,190 until the network becomes overloaded 159 00:05:52,190 --> 00:05:54,300 and can no longer function next up. 160 00:05:54,300 --> 00:05:57,490 We have man-in-the-middle attacks by impersonating 161 00:05:57,490 --> 00:05:59,900 the endpoint in an online information. 162 00:05:59,900 --> 00:06:01,900 That is the connection from your smartphone 163 00:06:01,900 --> 00:06:03,260 to a website the MIT. 164 00:06:03,260 --> 00:06:07,300 Emma docs can obtain information from the end users and entity he 165 00:06:07,300 --> 00:06:09,800 or she is communicating with for example, 166 00:06:09,800 --> 00:06:12,263 if your Banking online the man in the middle 167 00:06:12,263 --> 00:06:15,004 would communicate with you by impersonating your bank 168 00:06:15,004 --> 00:06:17,900 and communicate with the bank by impersonating you the man 169 00:06:17,900 --> 00:06:20,600 in the middle would then receive all the information transferred 170 00:06:20,600 --> 00:06:21,600 between both parties 171 00:06:21,600 --> 00:06:24,011 which could include sensitive data such as 172 00:06:24,011 --> 00:06:26,562 bank accounts and personal information next up. 173 00:06:26,562 --> 00:06:29,800 We have drive-by downloads through malware on a Ledge. 174 00:06:29,800 --> 00:06:31,400 Emmett website a program 175 00:06:31,400 --> 00:06:34,570 is downloaded to a user system just by visiting the site. 176 00:06:34,570 --> 00:06:36,400 It doesn't require any type of action 177 00:06:36,400 --> 00:06:38,929 by the user to download it actually next up. 178 00:06:38,929 --> 00:06:40,302 We have mail advertising 179 00:06:40,302 --> 00:06:42,487 which is a way to compromise your computer 180 00:06:42,487 --> 00:06:43,517 with malicious code 181 00:06:43,517 --> 00:06:45,400 that is downloaded to your system 182 00:06:45,400 --> 00:06:47,700 when you click on an effective ad lastly, 183 00:06:47,700 --> 00:06:48,900 we have Rogue softwares, 184 00:06:48,900 --> 00:06:50,500 which are basically malware's 185 00:06:50,500 --> 00:06:51,900 that are masquerading as 186 00:06:51,900 --> 00:06:54,300 legitimate and necessary security software 187 00:06:54,300 --> 00:06:56,100 that will keep your system safe. 188 00:06:56,100 --> 00:06:57,345 So as you guys can see 189 00:06:57,345 --> 00:06:59,552 now the internet sure isn't the safe place. 190 00:06:59,552 --> 00:07:02,338 As you might think it is this not only applies 191 00:07:02,338 --> 00:07:03,700 for us as individuals. 192 00:07:03,700 --> 00:07:05,500 But also large organizations. 193 00:07:05,600 --> 00:07:08,200 They're having multiple cyber breaches in the past 194 00:07:08,200 --> 00:07:11,600 that has compromised the privacy and confidentiality of a data. 195 00:07:11,600 --> 00:07:14,900 If we head over to the site called information is beautiful. 196 00:07:14,900 --> 00:07:16,950 We can see all the major cyber breaches 197 00:07:16,950 --> 00:07:18,300 that have been committed. 198 00:07:18,800 --> 00:07:22,493 So as you guys can see even big companies like eBay, 199 00:07:22,493 --> 00:07:25,300 AOL Evernote Adobe have actually gone 200 00:07:25,300 --> 00:07:27,005 through major cyber breaches, 201 00:07:27,005 --> 00:07:29,979 even though they have a lot of security measures taken 202 00:07:29,979 --> 00:07:32,000 to protect the data that they contain 203 00:07:32,000 --> 00:07:33,163 so it's not only 204 00:07:33,163 --> 00:07:36,289 that small individuals are targeted by hackers 205 00:07:36,289 --> 00:07:37,400 and other people 206 00:07:37,400 --> 00:07:41,000 but even bigger organizations are constantly being targeted 207 00:07:41,000 --> 00:07:41,900 by these guys. 208 00:07:42,100 --> 00:07:43,805 So after looking at all sorts 209 00:07:43,805 --> 00:07:46,625 of cyberattacks possible the breaches of the past 210 00:07:46,625 --> 00:07:48,700 and the sheer amount of data available. 211 00:07:48,700 --> 00:07:49,676 We must be thinking 212 00:07:49,676 --> 00:07:52,400 that there must be some sort of mechanism and protocol 213 00:07:52,400 --> 00:07:55,600 to actually protect us from all these sorts of cyberattacks 214 00:07:55,600 --> 00:07:57,178 and indeed there is a way 215 00:07:57,178 --> 00:07:59,392 and this is called cyber security in 216 00:07:59,392 --> 00:08:02,666 a Computing context security comprises of cybersecurity 217 00:08:02,666 --> 00:08:04,000 and physical security. 218 00:08:04,000 --> 00:08:06,320 Both are used by Enterprises to protect 219 00:08:06,320 --> 00:08:08,885 against unauthorized access to data centers 220 00:08:08,885 --> 00:08:12,000 and other computerized systems information security, 221 00:08:12,000 --> 00:08:14,900 which is designed to maintain the confidentiality integrity 222 00:08:14,900 --> 00:08:16,400 and availability of data is 223 00:08:16,400 --> 00:08:18,700 a subset of cybersecurity the use of cyber. 224 00:08:18,700 --> 00:08:20,300 Cybersecurity can help prevent 225 00:08:20,300 --> 00:08:23,155 against cyberattacks data breaches identity theft 226 00:08:23,155 --> 00:08:25,069 and can Aid in Risk Management. 227 00:08:25,069 --> 00:08:27,600 So when an organization has a strong sense 228 00:08:27,600 --> 00:08:28,793 of network security 229 00:08:28,793 --> 00:08:31,300 and an effective incident response plan, 230 00:08:31,300 --> 00:08:33,109 it is better able to prevent 231 00:08:33,109 --> 00:08:35,500 and mitigate these attacks for example 232 00:08:35,500 --> 00:08:38,381 and user protection defense information and guards 233 00:08:38,381 --> 00:08:39,616 against loss of theft 234 00:08:39,616 --> 00:08:42,177 while also scanning computers for malicious code. 235 00:08:42,178 --> 00:08:44,100 Now when talking about cybersecurity, 236 00:08:44,100 --> 00:08:45,550 there are three main activities 237 00:08:45,550 --> 00:08:48,500 that we are trying to protect ourselves against and they 238 00:08:48,500 --> 00:08:52,100 are Unauthorized modification unauthorised deletion 239 00:08:52,100 --> 00:08:53,725 and unauthorized access. 240 00:08:53,725 --> 00:08:54,931 These freedoms are 241 00:08:54,931 --> 00:08:58,347 very synonymous to the very commonly known CIA Triad 242 00:08:58,347 --> 00:09:02,500 which stands for confidentiality integrity and availability. 243 00:09:03,000 --> 00:09:04,500 The CIA Triad is also 244 00:09:04,500 --> 00:09:07,500 commonly referred to as a three pillars of security 245 00:09:07,500 --> 00:09:10,500 and more security policies of bigger organizations. 246 00:09:10,500 --> 00:09:13,887 And even smaller companies are based on these three principles. 247 00:09:13,887 --> 00:09:15,800 So let's go through them one by one. 248 00:09:16,300 --> 00:09:18,135 So first on the list we have 249 00:09:18,135 --> 00:09:21,429 confidentiality confidentiality is roughly equivalent 250 00:09:21,429 --> 00:09:23,900 to privacy measures undertaken to ensure 251 00:09:23,900 --> 00:09:27,099 confidentiality are designed to prevent sensitive information 252 00:09:27,099 --> 00:09:28,700 from reaching the wrong people 253 00:09:28,700 --> 00:09:30,600 while making sure that the right people 254 00:09:30,600 --> 00:09:33,100 can in fact get it access must be restricted. 255 00:09:33,100 --> 00:09:36,000 To those authorized to view the data in question 256 00:09:36,200 --> 00:09:39,300 in as common as well for data to be categorized 257 00:09:39,300 --> 00:09:40,652 according to the amount 258 00:09:40,652 --> 00:09:41,746 and type of damage 259 00:09:41,746 --> 00:09:42,900 that could be done. 260 00:09:42,900 --> 00:09:45,451 Should it fall into unintended hands more 261 00:09:45,451 --> 00:09:49,024 or less stringent measures can then be implemented across 262 00:09:49,024 --> 00:09:50,300 to those categories? 263 00:09:50,400 --> 00:09:53,458 Sometimes safeguarding data confidentiality meanwhile 264 00:09:53,458 --> 00:09:55,300 special training for those privy 265 00:09:55,300 --> 00:09:56,400 to such documents 266 00:09:56,400 --> 00:09:59,100 such training would typically include security risks 267 00:09:59,100 --> 00:10:01,402 that could threaten this information training 268 00:10:01,402 --> 00:10:02,984 can help familiarize ourselves. 269 00:10:02,984 --> 00:10:04,600 Her eyes people with risk factors 270 00:10:04,600 --> 00:10:07,800 and how to guard against them further aspects of training 271 00:10:07,800 --> 00:10:09,400 can include strong password 272 00:10:09,400 --> 00:10:11,400 and password related best practices 273 00:10:11,400 --> 00:10:14,615 and information about social engineering methods to prevent 274 00:10:14,615 --> 00:10:16,733 them from bending data handling rules 275 00:10:16,733 --> 00:10:17,868 with good intention 276 00:10:17,868 --> 00:10:19,868 and potentially disastrous results. 277 00:10:19,868 --> 00:10:20,633 Next on list. 278 00:10:20,633 --> 00:10:23,400 We have integrity Integrity involves maintaining 279 00:10:23,400 --> 00:10:24,956 the consistency accuracy 280 00:10:24,956 --> 00:10:26,646 and trustworthiness of data 281 00:10:26,646 --> 00:10:30,400 over its entire lifecycle data must not be changed in transit 282 00:10:30,400 --> 00:10:33,093 and steps must be taken to ensure that data. 283 00:10:33,093 --> 00:10:34,300 Cannot be altered by 284 00:10:34,300 --> 00:10:38,200 unauthorized people for example in a breach of confidentiality. 285 00:10:38,200 --> 00:10:39,582 These measures include 286 00:10:39,582 --> 00:10:43,149 file permissions and user access controls Version Control 287 00:10:43,149 --> 00:10:45,700 may be used to prevent are honest changes 288 00:10:45,700 --> 00:10:47,129 or accidental deletion 289 00:10:47,129 --> 00:10:49,462 by authorized users becoming a problem. 290 00:10:49,462 --> 00:10:50,200 In addition. 291 00:10:50,200 --> 00:10:53,400 Some means must be in place to detect any changes in data 292 00:10:53,400 --> 00:10:54,800 that might occur as a result 293 00:10:54,800 --> 00:10:58,600 of non-human caused events such as electromagnetic pulses 294 00:10:58,600 --> 00:10:59,700 or server crash 295 00:10:59,700 --> 00:11:02,753 some data might include checksums even cryptography. 296 00:11:02,753 --> 00:11:05,920 Graphic checksums for verification of Integrity backup 297 00:11:05,920 --> 00:11:08,591 or redundancies must be available to restore 298 00:11:08,591 --> 00:11:11,200 the affected data to its correct State last 299 00:11:11,200 --> 00:11:14,800 but not least is availability availability is best ensured 300 00:11:14,800 --> 00:11:16,100 by rigorous maintaining 301 00:11:16,100 --> 00:11:18,800 of all Hardware performing Hardware repairs immediately 302 00:11:18,800 --> 00:11:20,400 when needed and maintaining 303 00:11:20,400 --> 00:11:22,800 a correctly functional operating system environment 304 00:11:22,800 --> 00:11:24,800 that is free of software conflicts. 305 00:11:24,800 --> 00:11:27,679 It's also important to keep current with all necessary 306 00:11:27,679 --> 00:11:31,165 system upgrades providing adequate communication bandwidth 307 00:11:31,165 --> 00:11:33,000 and preventing the occurrences 308 00:11:33,000 --> 00:11:36,400 of Bottlenecks are equally important redundancy failover 309 00:11:36,400 --> 00:11:39,282 and even higher availability clusters can mitigate 310 00:11:39,282 --> 00:11:40,564 serious consequences 311 00:11:40,564 --> 00:11:42,839 when hardware issues do occur fast in 312 00:11:42,839 --> 00:11:45,382 as adaptive Disaster Recovery is essential 313 00:11:45,382 --> 00:11:47,119 for the worst-case scenarios 314 00:11:47,119 --> 00:11:49,599 that capacity is reliant on the existence 315 00:11:49,599 --> 00:11:52,599 of a comprehensive Disaster Recovery plan safeguards 316 00:11:52,599 --> 00:11:53,613 against data loss 317 00:11:53,613 --> 00:11:55,400 or interruption in connection 318 00:11:55,400 --> 00:11:59,000 must include unpredictable events such as natural disasters 319 00:11:59,000 --> 00:12:00,800 and file to prevent data loss 320 00:12:00,800 --> 00:12:02,700 from such occurrences a backup copy. 321 00:12:02,700 --> 00:12:04,600 He must be stored in a geographically 322 00:12:04,600 --> 00:12:05,691 isolated location, 323 00:12:05,691 --> 00:12:08,300 perhaps even in a fireproof water safe place 324 00:12:08,400 --> 00:12:11,700 extra security equipments or software such as firewalls 325 00:12:11,700 --> 00:12:12,700 and proxy servers 326 00:12:12,800 --> 00:12:14,633 and goddess against down times 327 00:12:14,633 --> 00:12:16,100 and unreachable data you 328 00:12:16,100 --> 00:12:19,200 to malicious actions such as denial-of-service attacks 329 00:12:19,200 --> 00:12:20,700 and network intrusions. 330 00:12:20,800 --> 00:12:24,000 So now that we have seen what we are actually trying to implement 331 00:12:24,000 --> 00:12:26,400 when trying to protect ourselves on the internet. 332 00:12:26,400 --> 00:12:27,968 We should also know the ways 333 00:12:27,968 --> 00:12:29,870 that we actually protect ourselves 334 00:12:29,870 --> 00:12:32,400 when we are attacked by cyber organizations. 335 00:12:32,400 --> 00:12:35,579 So the Step to actually mitigate any type of Cyber attack is 336 00:12:35,579 --> 00:12:37,943 to identify the malware or the Cyber threat 337 00:12:37,943 --> 00:12:40,784 that is being currently going on in your organization. 338 00:12:40,784 --> 00:12:41,079 Next. 339 00:12:41,079 --> 00:12:42,674 We have to actually analyze 340 00:12:42,674 --> 00:12:44,800 and evaluate all the affected parties 341 00:12:44,800 --> 00:12:45,800 and the file systems 342 00:12:45,800 --> 00:12:47,317 that have been compromised 343 00:12:47,317 --> 00:12:50,200 and in the end we have to patch the hole treatment 344 00:12:50,200 --> 00:12:52,427 so that our organization can come back 345 00:12:52,427 --> 00:12:55,900 to its original running State without any cyber breaches. 346 00:12:55,900 --> 00:12:57,600 So how is it exactly done? 347 00:12:57,600 --> 00:13:01,100 This is mostly done by actually calculating three factors. 348 00:13:01,100 --> 00:13:02,923 The first factor is vulnerable. 349 00:13:02,923 --> 00:13:06,300 Leti the second factor is threat and the third is risk. 350 00:13:06,300 --> 00:13:09,100 So let me tell you about the three of them a little bit. 351 00:13:09,300 --> 00:13:10,421 So first on the list 352 00:13:10,421 --> 00:13:13,000 of actual calculation is we have vulnerability. 353 00:13:13,000 --> 00:13:16,781 So a vulnerability refers to a known weakness of an asset 354 00:13:16,781 --> 00:13:19,782 that can be exploited by one or more attackers. 355 00:13:19,782 --> 00:13:20,700 In other words. 356 00:13:20,700 --> 00:13:21,833 It is a known issue 357 00:13:21,833 --> 00:13:24,099 that allows an attack to be successful. 358 00:13:24,099 --> 00:13:24,728 For example, 359 00:13:24,728 --> 00:13:27,352 when a team member resigns and you forget to disable 360 00:13:27,352 --> 00:13:29,757 their access to external accounts change logins 361 00:13:29,757 --> 00:13:30,889 or remove their names 362 00:13:30,889 --> 00:13:33,100 from the company credit cards this leaves. 363 00:13:33,100 --> 00:13:34,242 Your business open 364 00:13:34,242 --> 00:13:37,300 to both unintentional and intentional threats. 365 00:13:37,300 --> 00:13:41,300 However, most vulnerabilities are exploited by automated tacos 366 00:13:41,300 --> 00:13:43,700 and not a human typing on the other side 367 00:13:43,700 --> 00:13:44,700 of the network. 368 00:13:45,200 --> 00:13:47,100 Next testing for vulnerabilities 369 00:13:47,100 --> 00:13:49,613 is critical to ensuring the continued security 370 00:13:49,613 --> 00:13:52,125 of your systems by identifying weak points 371 00:13:52,125 --> 00:13:54,647 and developing a strategy to respond quickly. 372 00:13:54,647 --> 00:13:56,000 Here are some questions 373 00:13:56,000 --> 00:13:59,700 that you ask when determining your security vulnerabilities. 374 00:13:59,700 --> 00:14:02,429 So you have questions like is your data backed up 375 00:14:02,429 --> 00:14:05,899 and stored in a secure off-site location is your data stored 376 00:14:05,899 --> 00:14:07,076 in the cloud if yes, 377 00:14:07,076 --> 00:14:08,958 how exactly is it being protected 378 00:14:08,958 --> 00:14:10,400 from cloud vulnerabilities? 379 00:14:10,400 --> 00:14:13,100 What kind of security do you have to determine 380 00:14:13,100 --> 00:14:14,372 who can access modify 381 00:14:14,372 --> 00:14:17,700 or delete information from within your organization next 382 00:14:17,700 --> 00:14:19,280 like you could ask questions 383 00:14:19,280 --> 00:14:22,121 like what kind of antivirus protection is in use? 384 00:14:22,121 --> 00:14:25,200 What is the license currents are the license current? 385 00:14:25,200 --> 00:14:27,468 And is it running as often as needed? 386 00:14:27,468 --> 00:14:29,800 Also, do you have a data recovery plan 387 00:14:29,800 --> 00:14:32,700 in the event of vulnerability being exploited? 388 00:14:32,700 --> 00:14:34,300 These are the normal questions 389 00:14:34,300 --> 00:14:37,600 that one asks when actually checking their vulnerability. 390 00:14:37,600 --> 00:14:40,900 Next up is thread a thread refers to a new or newly 391 00:14:40,900 --> 00:14:44,325 discovered incident with potential to do harm to a system 392 00:14:44,325 --> 00:14:46,100 or your overall organization. 393 00:14:46,100 --> 00:14:47,400 There are three main types 394 00:14:47,400 --> 00:14:49,723 of thread National threats like floods 395 00:14:49,723 --> 00:14:52,900 or tornadoes unintentional threats such as employee 396 00:14:52,900 --> 00:14:55,509 mistakingly accessing the wrong information 397 00:14:55,509 --> 00:14:57,000 and intentional threats. 398 00:14:57,000 --> 00:14:58,400 There are many examples 399 00:14:58,400 --> 00:15:02,492 of intentional threats including spyware malware advert companies 400 00:15:02,492 --> 00:15:05,938 or the Actions of disgruntled employees in addition worms 401 00:15:05,938 --> 00:15:07,600 and viruses are categorized 402 00:15:07,600 --> 00:15:10,382 as threats because they could potentially cause harm 403 00:15:10,382 --> 00:15:13,852 to your organization through exposure to an automated attack 404 00:15:13,852 --> 00:15:16,500 as opposed to one perpetrated by human beings. 405 00:15:16,600 --> 00:15:19,082 Although these threats are generally outside 406 00:15:19,082 --> 00:15:22,200 of one's control and difficult to identify in advance. 407 00:15:22,200 --> 00:15:25,100 It is essential to take appropriate measures to assess 408 00:15:25,100 --> 00:15:28,400 threats regularly here are some ways to do so and sure 409 00:15:28,400 --> 00:15:30,393 that your team members are staying informed 410 00:15:30,393 --> 00:15:31,200 of current trends 411 00:15:31,200 --> 00:15:34,486 in cyber security so they can The identify new threats, 412 00:15:34,486 --> 00:15:37,574 they should subscribe to blogs like wired and podcast 413 00:15:37,574 --> 00:15:39,457 like the Tech janek's Extreme it 414 00:15:39,457 --> 00:15:40,843 that covers these issues 415 00:15:40,843 --> 00:15:43,213 as well as join professional associations, 416 00:15:43,213 --> 00:15:44,317 so they can benefit 417 00:15:44,317 --> 00:15:47,300 from breaking news feeds conferences and webinars. 418 00:15:47,300 --> 00:15:49,716 You should also perform regular threat assessment 419 00:15:49,716 --> 00:15:52,426 to determine the best approaches to protecting a system 420 00:15:52,426 --> 00:15:54,749 against the specific threat along with assessing 421 00:15:54,749 --> 00:15:57,800 different types of thread in addition penetration, 422 00:15:57,800 --> 00:16:00,400 testing involves modeling real-world threats in order 423 00:16:00,400 --> 00:16:03,500 to discover vulnerabilities next on the List, 424 00:16:03,500 --> 00:16:04,318 we have risk. 425 00:16:04,318 --> 00:16:07,449 So risk refers to the potential for loss or damage 426 00:16:07,449 --> 00:16:10,378 when a threat exploits a vulnerability examples 427 00:16:10,378 --> 00:16:13,196 of risks include Financial losses as a result 428 00:16:13,196 --> 00:16:14,871 of business disruption loss 429 00:16:14,871 --> 00:16:17,800 of privacy reputational damage legal implications 430 00:16:17,800 --> 00:16:19,344 and can even include loss 431 00:16:19,344 --> 00:16:21,922 of life risk can also be defined as follows, 432 00:16:21,922 --> 00:16:24,800 which is basically threat X the vulnerability you 433 00:16:24,800 --> 00:16:27,305 can reduce the potential for Risk by creating 434 00:16:27,305 --> 00:16:29,600 and implementing a risk management plan. 435 00:16:29,600 --> 00:16:32,700 And here are the key aspects to consider When developing 436 00:16:32,700 --> 00:16:35,682 your Management strategy firstly we need to assess risk 437 00:16:35,682 --> 00:16:36,800 and determine needs 438 00:16:36,800 --> 00:16:38,065 when it comes to designing 439 00:16:38,065 --> 00:16:40,333 and implementing a risk assessment framework. 440 00:16:40,333 --> 00:16:43,260 It is critical to prioritize the most important breaches 441 00:16:43,260 --> 00:16:46,082 that need to be addressed all the frequency May differ 442 00:16:46,082 --> 00:16:47,200 in each organization. 443 00:16:47,200 --> 00:16:49,000 This level of assessment must be done 444 00:16:49,000 --> 00:16:50,700 on a regular recurring basis. 445 00:16:51,000 --> 00:16:51,500 Next. 446 00:16:51,500 --> 00:16:52,883 We also have to include 447 00:16:52,883 --> 00:16:55,927 a total stakeholder perspective stakeholders include 448 00:16:55,927 --> 00:16:58,809 the business owners as well as employees customers 449 00:16:58,809 --> 00:17:00,820 and even vendors all of these players 450 00:17:00,820 --> 00:17:02,924 have the potential to negatively impact. 451 00:17:02,924 --> 00:17:03,964 Actor organization, 452 00:17:03,964 --> 00:17:06,200 but at the same time they can be Assets 453 00:17:06,200 --> 00:17:08,066 in helping to mitigate risk. 454 00:17:08,066 --> 00:17:11,800 So as we see risk management is the key to cybersecurity. 455 00:17:11,800 --> 00:17:12,800 So now let's go 456 00:17:12,800 --> 00:17:14,800 through a scenario to actually understand 457 00:17:14,800 --> 00:17:16,390 how cybersecurity actually 458 00:17:16,390 --> 00:17:20,000 defend an organization against very manipulative cybercrime. 459 00:17:20,000 --> 00:17:21,000 So cyber crime 460 00:17:21,000 --> 00:17:22,800 as we all know is a global problem 461 00:17:22,800 --> 00:17:24,600 that's been dominating the new cycle. 462 00:17:24,800 --> 00:17:27,000 It poses a threat to individual security 463 00:17:27,000 --> 00:17:30,100 and an even bigger threat to large International companies 464 00:17:30,100 --> 00:17:33,000 Banks and government today's organized cybercrime. 465 00:17:33,000 --> 00:17:35,100 Part of Shadows loan hackers of Fast 466 00:17:35,100 --> 00:17:38,234 and Now large organized crime Rings function like startups 467 00:17:38,234 --> 00:17:40,500 and often employ highly trained developers 468 00:17:40,500 --> 00:17:42,703 were constantly innovating new online adapt 469 00:17:42,703 --> 00:17:43,706 most companies have 470 00:17:43,706 --> 00:17:46,926 preventative security software to stop these types of attacks, 471 00:17:46,926 --> 00:17:50,400 but no matter how secure we are cyber crime is going to happen. 472 00:17:50,500 --> 00:17:51,300 So meet Bob, 473 00:17:51,300 --> 00:17:53,842 he's a chief security officer for a company 474 00:17:53,842 --> 00:17:56,754 that makes a mobile app to help customers track 475 00:17:56,754 --> 00:17:58,374 and manage their finances. 476 00:17:58,374 --> 00:18:00,202 So security is a top priority. 477 00:18:00,202 --> 00:18:02,700 So Bob's company has an activity response. 478 00:18:02,700 --> 00:18:06,600 Platform in place that automates the entire cybersecurity process 479 00:18:06,600 --> 00:18:09,266 the ARP software integrates all the security 480 00:18:09,266 --> 00:18:12,161 and ID software needed to keep a large company 481 00:18:12,161 --> 00:18:14,680 like Bob's secured into a single dashboard 482 00:18:14,680 --> 00:18:15,783 and acts as a hub 483 00:18:15,783 --> 00:18:17,281 for the people processes 484 00:18:17,281 --> 00:18:20,900 and Technology needed to respond to and contain cyber doll. 485 00:18:20,900 --> 00:18:23,200 Let's see how this platform works in the case 486 00:18:23,200 --> 00:18:24,533 of a security breach 487 00:18:24,533 --> 00:18:25,600 while Bob is out 488 00:18:25,600 --> 00:18:28,179 on a business trip irregular activity occurs 489 00:18:28,179 --> 00:18:29,200 on his account as 490 00:18:29,200 --> 00:18:32,900 a user Behavior analytic engine that monitors account activity. 491 00:18:32,900 --> 00:18:36,468 Recognize a suspicious Behavior involving late-night logins 492 00:18:36,468 --> 00:18:39,100 and unusual amounts of data being downloaded. 493 00:18:39,100 --> 00:18:41,400 This piece of software is the first signal 494 00:18:41,400 --> 00:18:42,900 that something is wrong 495 00:18:42,900 --> 00:18:45,900 and alert is sent to the next piece of software in the chain, 496 00:18:45,900 --> 00:18:47,600 which is the security information 497 00:18:47,600 --> 00:18:49,300 and event management system. 498 00:18:49,300 --> 00:18:52,500 Now the ARP can orchestrate a chain of events 499 00:18:52,500 --> 00:18:55,617 that ultimately prevents the company from encountering 500 00:18:55,617 --> 00:18:58,632 a serious security disaster the ARP connects 501 00:18:58,632 --> 00:19:00,288 to a user directory software 502 00:19:00,288 --> 00:19:01,544 that Bob's company uses. 503 00:19:01,544 --> 00:19:04,217 Which immediately Cognizes the user accounts belong 504 00:19:04,217 --> 00:19:05,100 to an executive 505 00:19:05,100 --> 00:19:06,800 who is out on a business trip 506 00:19:06,800 --> 00:19:09,000 and then proceeds to lock his account. 507 00:19:09,200 --> 00:19:10,767 The ARP sends the incident 508 00:19:10,767 --> 00:19:13,179 IP address to threat intelligence software 509 00:19:13,179 --> 00:19:14,900 which identifies the dress 510 00:19:14,900 --> 00:19:17,800 as a suspected malware civil as each piece 511 00:19:17,800 --> 00:19:19,438 of security software runs. 512 00:19:19,438 --> 00:19:22,400 The findings are recorded in the ARP s incident, 513 00:19:22,400 --> 00:19:25,100 which is already busy creating a set of instructions 514 00:19:25,100 --> 00:19:26,100 called A playbook 515 00:19:26,100 --> 00:19:29,400 for a security analyst to follow The analyst 516 00:19:29,400 --> 00:19:33,300 and locks Bob's a bounce and changes his passwords this time. 517 00:19:33,300 --> 00:19:36,100 The software has determined the attempted attack came 518 00:19:36,100 --> 00:19:38,300 from a well-known cyber crime organization 519 00:19:38,300 --> 00:19:39,827 using stolen credentials. 520 00:19:39,827 --> 00:19:41,600 Bob's credentials were stolen 521 00:19:41,600 --> 00:19:44,717 when the hacker found a vulnerability in his company's 522 00:19:44,717 --> 00:19:48,200 firewall software and use it to upload a malware infected file. 523 00:19:48,200 --> 00:19:49,105 Now that we know 524 00:19:49,105 --> 00:19:51,600 how the attack happened the analyst uses 525 00:19:51,600 --> 00:19:53,009 the ARP and identifies 526 00:19:53,009 --> 00:19:56,300 and patches all the things the ARP uses information 527 00:19:56,300 --> 00:19:58,200 from endpoint tool to determine 528 00:19:58,200 --> 00:20:00,694 Which machines need to be patched recommends 529 00:20:00,694 --> 00:20:04,400 how to pass them and then allows the analyst to push the batches 530 00:20:04,400 --> 00:20:07,366 to all the computers and mobile devices instantly. 531 00:20:07,366 --> 00:20:10,227 Meanwhile Bob has to allow the legal Departments 532 00:20:10,227 --> 00:20:10,995 of the breach 533 00:20:10,995 --> 00:20:13,921 and the ARP instantly notifies the correct version 534 00:20:13,921 --> 00:20:16,668 of the situation and the status of the incident 535 00:20:16,668 --> 00:20:18,400 after the attack is contained 536 00:20:18,400 --> 00:20:20,800 and Bob's account is secured the analyst 537 00:20:20,800 --> 00:20:24,400 and communicates which data may have been stolen or compromised 538 00:20:24,400 --> 00:20:25,600 during the incident. 539 00:20:25,600 --> 00:20:28,321 He identifies which geography is jurisdiction. 540 00:20:28,321 --> 00:20:30,075 And Regulatory Agencies cover 541 00:20:30,075 --> 00:20:33,100 the users and informations affected by the adapter. 542 00:20:33,100 --> 00:20:35,700 Then the ARB creates a series of tasks. 543 00:20:35,700 --> 00:20:39,088 So the organization can notify the affected parties and follow 544 00:20:39,088 --> 00:20:40,500 all relevant compliances 545 00:20:40,500 --> 00:20:44,192 and liability procedures in the past a security breach. 546 00:20:44,192 --> 00:20:46,545 This large would have required Bob's company 547 00:20:46,545 --> 00:20:48,135 to involve several agencies 548 00:20:48,135 --> 00:20:50,900 and third parties to solve the problem a process 549 00:20:50,900 --> 00:20:52,800 that could have taken months or longer. 550 00:20:53,100 --> 00:20:56,376 But in a matter of hours the incident response platform 551 00:20:56,376 --> 00:20:58,500 organized all of the people processes. 552 00:20:58,500 --> 00:21:02,147 Has and Technology to identify and contain the problem find 553 00:21:02,147 --> 00:21:05,000 the source of the attack fix the vulnerability 554 00:21:05,000 --> 00:21:07,000 and notify all affected parties 555 00:21:07,000 --> 00:21:10,292 and in the future Bob and his team will be able to turn 556 00:21:10,292 --> 00:21:12,000 to cognitive security tools. 557 00:21:12,000 --> 00:21:15,121 These tools will read and learn from tens of thousands 558 00:21:15,121 --> 00:21:18,709 of trusted publication blogs and other sources of information. 559 00:21:18,709 --> 00:21:21,542 This knowledge will uncover new insights and patterns 560 00:21:21,542 --> 00:21:24,015 and dissipate an isolate and minimize attacks 561 00:21:24,015 --> 00:21:26,423 as they happen and immediately recommend actions 562 00:21:26,423 --> 00:21:29,423 for Security Professionals to take Keeping data safe 563 00:21:29,423 --> 00:21:31,900 and companies like pops out of the headlines. 564 00:21:36,500 --> 00:21:39,397 Cryptography is essentially important because it allows 565 00:21:39,397 --> 00:21:40,900 you to securely protect data 566 00:21:40,900 --> 00:21:43,905 that you don't want anyone else to have access to it is used 567 00:21:43,905 --> 00:21:47,000 to protect corporate Secrets secure classified information 568 00:21:47,000 --> 00:21:48,700 and to protect personal information 569 00:21:48,700 --> 00:21:51,100 to guard against things like identity theft 570 00:21:51,100 --> 00:21:53,249 and today's video is basically going to be 571 00:21:53,249 --> 00:21:54,366 about cryptography now 572 00:21:54,366 --> 00:21:56,300 before we actually jump into the session. 573 00:21:56,300 --> 00:21:58,153 Let me give you guys a brief on the topics 574 00:21:58,153 --> 00:21:59,588 that we're going to cover today. 575 00:21:59,588 --> 00:22:00,307 So first of all, 576 00:22:00,307 --> 00:22:01,900 we're going to cover what is cryptography 577 00:22:01,900 --> 00:22:04,200 through the help of a very simplistic scenario, 578 00:22:04,200 --> 00:22:07,300 then we are going to go through the classifications of Rafi and 579 00:22:07,300 --> 00:22:10,544 how the different classification algorithm works in the end. 580 00:22:10,544 --> 00:22:12,800 I'm going to show you guys a Nifty demo on 581 00:22:12,800 --> 00:22:16,000 how a popular algorithm called RSA actually works. 582 00:22:16,142 --> 00:22:17,757 So let's get started. 583 00:22:17,900 --> 00:22:18,200 Now. 584 00:22:18,200 --> 00:22:20,987 I'm going to take the help of an example or a scenario 585 00:22:20,987 --> 00:22:22,164 to actually explain. 586 00:22:22,164 --> 00:22:23,400 What is cryptography. 587 00:22:23,470 --> 00:22:24,300 All right. 588 00:22:24,300 --> 00:22:27,500 So let's say we have a person and let's call him Andy 589 00:22:27,500 --> 00:22:30,700 now suppose Andy sends a message to his friend Sam who's 590 00:22:30,700 --> 00:22:32,700 on the other side of the world now, 591 00:22:32,700 --> 00:22:35,200 obviously he wants this message to be private 592 00:22:35,200 --> 00:22:38,200 and nobody else should Have access to the message now. 593 00:22:38,200 --> 00:22:39,473 He uses a public forum. 594 00:22:39,473 --> 00:22:42,208 For example the internet for sending this message. 595 00:22:42,208 --> 00:22:44,937 The goal is to actually secure this communication. 596 00:22:44,937 --> 00:22:48,000 And of course we have to be secured against someone now, 597 00:22:48,000 --> 00:22:50,200 let's say there is a smart guy called Eve 598 00:22:50,200 --> 00:22:53,117 who is secretly got access to your Communication channel 599 00:22:53,117 --> 00:22:55,605 since this guy has access to your communication. 600 00:22:55,605 --> 00:22:57,900 He can do much more than just eavesdrop. 601 00:22:57,900 --> 00:23:01,100 For example, you can try to change the message in itself. 602 00:23:01,100 --> 00:23:03,100 Now this is just a small example. 603 00:23:03,123 --> 00:23:06,123 What if Eve actually gets access to your private information. 604 00:23:06,400 --> 00:23:09,500 Well that could actually result in a big catastrophe. 605 00:23:09,500 --> 00:23:11,100 So, how can an D be sure 606 00:23:11,100 --> 00:23:14,400 that nobody in the middle could access the message center sound. 607 00:23:14,500 --> 00:23:17,481 The goal here is to make communication secure and that's 608 00:23:17,481 --> 00:23:19,000 where cryptography comes in. 609 00:23:19,000 --> 00:23:21,200 So what exactly is cryptography? 610 00:23:21,200 --> 00:23:23,082 Well cryptography is the practice 611 00:23:23,082 --> 00:23:26,200 and the study of techniques for securing communication 612 00:23:26,200 --> 00:23:28,500 and data in the presence of adversaries. 613 00:23:28,600 --> 00:23:30,300 So, let me take a moment to explain 614 00:23:30,300 --> 00:23:31,600 how that actually happens. 615 00:23:31,900 --> 00:23:34,200 Well, first of all, we have a message. 616 00:23:34,200 --> 00:23:37,313 This message is firstly converted into a Eric form 617 00:23:37,313 --> 00:23:40,292 and then this numeric form is applied with a key 618 00:23:40,292 --> 00:23:41,800 called an encryption key 619 00:23:41,800 --> 00:23:45,100 and this encryption key is used in encryption algorithm. 620 00:23:45,100 --> 00:23:46,688 So once the numeric message 621 00:23:46,688 --> 00:23:48,958 and the encryption key has been applied 622 00:23:48,958 --> 00:23:50,500 in an encryption algorithm. 623 00:23:50,500 --> 00:23:52,600 What we get is called a cipher text. 624 00:23:52,600 --> 00:23:55,209 Now this Cipher text is sent over the network 625 00:23:55,209 --> 00:23:57,000 to the other side of the world 626 00:23:57,000 --> 00:23:59,900 where the other person whose message is intended 627 00:23:59,900 --> 00:24:02,870 for will actually use a decryption key and use 628 00:24:02,870 --> 00:24:06,384 the ciphertext as a parameter of a decryption algorithm. 629 00:24:06,384 --> 00:24:07,500 And then he'll get 630 00:24:07,500 --> 00:24:09,719 what we actually send as a message and 631 00:24:09,719 --> 00:24:12,900 if some error had actually occurred he'd get an arrow. 632 00:24:13,000 --> 00:24:13,659 So let's see 633 00:24:13,659 --> 00:24:16,900 how cryptography can help secure the connection between Andy 634 00:24:16,900 --> 00:24:19,100 and sound so the protect his message 635 00:24:19,100 --> 00:24:21,700 and the first converts his readable message 636 00:24:21,700 --> 00:24:23,431 to an unreadable form here. 637 00:24:23,431 --> 00:24:26,056 He converts a message to some random numbers 638 00:24:26,056 --> 00:24:27,400 and after that he uses 639 00:24:27,400 --> 00:24:30,630 a key to encrypt his message after applying this key 640 00:24:30,630 --> 00:24:32,700 to the numerical form of his message. 641 00:24:32,700 --> 00:24:35,000 He gets a new value in cryptography. 642 00:24:35,000 --> 00:24:36,600 We call this ciphertext. 643 00:24:36,700 --> 00:24:38,700 So now if Andy sends the ciphertext 644 00:24:38,700 --> 00:24:41,100 or encrypted message over Communication channel, 645 00:24:41,100 --> 00:24:42,212 he won't have to worry 646 00:24:42,212 --> 00:24:45,363 about somebody in the middle of discovering the private message. 647 00:24:45,363 --> 00:24:47,763 Even if somebody manages to discover the message, 648 00:24:47,763 --> 00:24:49,800 he won't be able to decrypt the message 649 00:24:49,800 --> 00:24:52,500 without having a proper key to unlock this message. 650 00:24:52,500 --> 00:24:54,800 So suppose Eve here discovers the message 651 00:24:54,800 --> 00:24:57,500 and he somehow manages to tamper with the message 652 00:24:57,500 --> 00:25:00,619 and message finally reaches some Sam would need a key 653 00:25:00,619 --> 00:25:03,931 to decrypt the message to recover the original plaintext. 654 00:25:03,931 --> 00:25:06,402 So using the key he would convert a cipher. 655 00:25:06,402 --> 00:25:08,284 X2 numerical value corresponding 656 00:25:08,284 --> 00:25:11,351 to the plain text now after using the key for decryption, 657 00:25:11,351 --> 00:25:14,200 what will come out is the original plain text message 658 00:25:14,200 --> 00:25:16,900 or an adult now this error is very important. 659 00:25:16,900 --> 00:25:18,252 It is the way Sam knows 660 00:25:18,252 --> 00:25:21,344 that message sent by Andy is not the same as a message 661 00:25:21,344 --> 00:25:22,258 that you receive. 662 00:25:22,258 --> 00:25:23,964 So the error in a sense tells us 663 00:25:23,964 --> 00:25:26,200 that Eve has tampered with the message. 664 00:25:26,200 --> 00:25:28,200 Now, the important thing to note here is 665 00:25:28,200 --> 00:25:30,257 that in modern cryptography the security 666 00:25:30,257 --> 00:25:33,000 of the system purely relies on keeping the encryption 667 00:25:33,000 --> 00:25:35,295 and decryption key secret based on the type 668 00:25:35,295 --> 00:25:36,497 of keys and encryption. 669 00:25:36,497 --> 00:25:37,711 Algorithms cryptography 670 00:25:37,711 --> 00:25:40,300 is classified under the following categories. 671 00:25:40,300 --> 00:25:42,635 Now cryptography is broadly classified 672 00:25:42,635 --> 00:25:44,300 under two categories namely 673 00:25:44,300 --> 00:25:47,900 symmetric key cryptography and a symmetric key cryptography 674 00:25:47,900 --> 00:25:50,700 popularly also known as public key cryptography. 675 00:25:50,700 --> 00:25:52,669 Now symmetric key cryptography 676 00:25:52,669 --> 00:25:55,789 is further classified as classical cryptography 677 00:25:55,789 --> 00:25:57,300 and modern cryptography 678 00:25:57,600 --> 00:26:01,400 further drilling down classical cryptography is divided into two 679 00:26:01,400 --> 00:26:03,107 which is transposition cipher 680 00:26:03,107 --> 00:26:06,700 and substitution Cipher on the other hand modern cryptography. 681 00:26:06,700 --> 00:26:08,620 He is divided into stream Cipher 682 00:26:08,620 --> 00:26:11,300 and block Cipher in the upcoming slides 683 00:26:11,300 --> 00:26:14,300 are broadly explain all these types of cryptography. 684 00:26:14,300 --> 00:26:17,200 So let's start with symmetric key cryptography first. 685 00:26:17,200 --> 00:26:20,800 So symmetric key algorithms are algorithms for cryptography 686 00:26:20,800 --> 00:26:24,240 that use the same cryptographic keys for broad encryption 687 00:26:24,240 --> 00:26:25,900 of plaintext and decryption 688 00:26:25,900 --> 00:26:28,600 of ciphertext the keys may be identical 689 00:26:28,600 --> 00:26:31,400 or there may be some simple transformation to go 690 00:26:31,400 --> 00:26:33,322 between the two keys the keys 691 00:26:33,322 --> 00:26:35,709 in practice represent a shared secret 692 00:26:35,709 --> 00:26:37,300 between two or more parties 693 00:26:37,300 --> 00:26:38,700 that can be used to maintain 694 00:26:38,700 --> 00:26:41,300 a private information link this requirement 695 00:26:41,300 --> 00:26:43,050 that both parties have access 696 00:26:43,050 --> 00:26:45,642 to the secret key is not the main drawbacks 697 00:26:45,642 --> 00:26:48,200 of symmetric key encryption in comparison 698 00:26:48,200 --> 00:26:50,039 to public key encryption also 699 00:26:50,039 --> 00:26:52,422 known as a symmetric key encryption now 700 00:26:52,422 --> 00:26:54,052 symmetric key cryptography 701 00:26:54,052 --> 00:26:57,000 is sometimes also called secret key cryptography 702 00:26:57,000 --> 00:26:59,356 and the most popular symmetric key system is 703 00:26:59,356 --> 00:27:01,000 the data encryption standards, 704 00:27:01,000 --> 00:27:03,900 which also stands for D EAS next up. 705 00:27:03,900 --> 00:27:06,400 We're going to discuss transposition Cipher. 706 00:27:06,400 --> 00:27:07,600 So in cryptography 707 00:27:07,600 --> 00:27:10,600 a transposition cipher is a method of encryption 708 00:27:10,600 --> 00:27:13,600 by which the positions held by units of plain text, 709 00:27:13,600 --> 00:27:15,710 which are commonly characters are groups 710 00:27:15,710 --> 00:27:18,655 of characters are shifted according to a regular system 711 00:27:18,655 --> 00:27:21,419 so that the ciphertext constitutes a permutation 712 00:27:21,419 --> 00:27:22,400 of the plain text. 713 00:27:22,400 --> 00:27:25,011 That is the order of units is changed. 714 00:27:25,011 --> 00:27:27,200 The plaintext is reordered now, 715 00:27:27,200 --> 00:27:30,100 mathematically speaking a bijective function is used 716 00:27:30,100 --> 00:27:31,500 on the characters position 717 00:27:31,500 --> 00:27:34,016 to encrypt and an inverse function to decrypt. 718 00:27:34,016 --> 00:27:34,988 So as you can see 719 00:27:34,988 --> 00:27:37,500 that there is an example All on the slide. 720 00:27:37,500 --> 00:27:40,088 So on the plain text side, we have a message, 721 00:27:40,088 --> 00:27:42,096 which says meet me after the party. 722 00:27:42,096 --> 00:27:42,339 Now. 723 00:27:42,339 --> 00:27:45,800 This has been carefully arranged in the encryption Matrix, 724 00:27:45,800 --> 00:27:49,500 which has been divided into six rows and the columns. 725 00:27:49,500 --> 00:27:51,200 So next we have a key 726 00:27:51,200 --> 00:27:54,100 which is basically for to 165 and then 727 00:27:54,100 --> 00:27:57,200 we rearranged by looking at the plain text Matrix 728 00:27:57,200 --> 00:27:59,023 and then we get the cipher text 729 00:27:59,023 --> 00:28:01,572 which basically is some unreadable gibberish 730 00:28:01,572 --> 00:28:02,454 at this moment. 731 00:28:02,454 --> 00:28:04,500 So that's how this whole algorithm works 732 00:28:04,500 --> 00:28:05,400 on the other hand 733 00:28:05,400 --> 00:28:08,100 when the ciphertext Being converted into the plain text 734 00:28:08,100 --> 00:28:10,500 The plaintext Matrix is going to be referred 735 00:28:10,500 --> 00:28:13,100 and it can be done very easily moving on. 736 00:28:13,100 --> 00:28:15,500 We are going to discuss substitution Cipher. 737 00:28:15,700 --> 00:28:19,182 So substitution of single letter separately simple substitution 738 00:28:19,182 --> 00:28:20,361 can be demonstrated 739 00:28:20,361 --> 00:28:22,100 by writing out the alphabets 740 00:28:22,100 --> 00:28:24,800 in some order to represent the substitution. 741 00:28:24,800 --> 00:28:27,800 This is termed a substitution alphabet the cipher 742 00:28:27,800 --> 00:28:29,568 the alphabet may be shifted 743 00:28:29,568 --> 00:28:31,600 or reversed creating the Caesar 744 00:28:31,600 --> 00:28:34,700 and upstage Cipher respectively or scrambled 745 00:28:34,700 --> 00:28:36,000 in a more complex fashion. 746 00:28:36,200 --> 00:28:38,657 In which case it is called a mixed Alpha bit 747 00:28:38,657 --> 00:28:39,800 or deranged alphabet 748 00:28:39,800 --> 00:28:43,030 traditionally mixed alphabets may be created by first writing 749 00:28:43,030 --> 00:28:45,435 out keyword removing repeated letters in it. 750 00:28:45,435 --> 00:28:48,400 Then writing all the remaining letters in the alphabet 751 00:28:48,400 --> 00:28:51,315 in the usual order now consider this example shown 752 00:28:51,315 --> 00:28:53,100 on the slide using the system. 753 00:28:53,100 --> 00:28:55,150 We just discussed the keyword zebras gives 754 00:28:55,150 --> 00:28:58,100 us the following alphabets from the plain text alphabet, 755 00:28:58,100 --> 00:28:59,100 which is a to z. 756 00:28:59,300 --> 00:29:00,600 So the ciphertext alphabet 757 00:29:00,600 --> 00:29:03,617 is basically zebras Then followed by all the alphabets. 758 00:29:03,617 --> 00:29:05,700 We have missed out in the zebra word. 759 00:29:05,700 --> 00:29:06,600 So as you guys, 760 00:29:06,600 --> 00:29:09,495 Can see it's zebras followed by s c d e f g h 761 00:29:09,495 --> 00:29:12,128 and so on now suppose we were to actually 762 00:29:12,128 --> 00:29:14,200 encrypt a message using this code. 763 00:29:14,200 --> 00:29:15,300 So as you guys can see 764 00:29:15,300 --> 00:29:17,200 on the screen, I've shown you an example, 765 00:29:17,200 --> 00:29:18,900 which is a message flee at once. 766 00:29:18,900 --> 00:29:20,600 We are discovered is being actually 767 00:29:20,600 --> 00:29:22,300 encrypted using this code. 768 00:29:22,301 --> 00:29:25,900 So if you guys can see out here the F letter 769 00:29:25,900 --> 00:29:27,900 actually corresponds to S. 770 00:29:28,246 --> 00:29:31,400 And then the L letter actually corresponds 771 00:29:31,400 --> 00:29:36,600 to I out here then we actually get the cipher text which is Si 772 00:29:36,600 --> 00:29:38,700 a a is that you using the code 773 00:29:38,700 --> 00:29:41,935 and the process that I just discussed now traditionally, 774 00:29:41,935 --> 00:29:44,100 the cipher text is written out in blocks 775 00:29:44,100 --> 00:29:46,900 of fixed length omitting punctuations and spaces. 776 00:29:46,900 --> 00:29:49,804 This is done to help avoid transmission errors to disguise 777 00:29:49,804 --> 00:29:52,098 the word boundaries from the plain text. 778 00:29:52,098 --> 00:29:53,800 Now these blocks are called groups 779 00:29:53,800 --> 00:29:55,217 and sometimes a group count. 780 00:29:55,217 --> 00:29:57,900 That is the number of groups is given as an additional 781 00:29:57,900 --> 00:30:00,400 check now five-letter groups are traditional 782 00:30:00,400 --> 00:30:01,400 as you guys can see 783 00:30:01,400 --> 00:30:04,400 that we have also divided our ciphertext into groups 784 00:30:04,400 --> 00:30:06,200 of five and this dates back. 785 00:30:06,200 --> 00:30:08,539 Back to when messages were actually used 786 00:30:08,539 --> 00:30:10,300 to be transmitted by Telegraph. 787 00:30:10,300 --> 00:30:11,300 Now if the length 788 00:30:11,300 --> 00:30:14,080 of the message happens not to be divisible by 5. 789 00:30:14,080 --> 00:30:16,300 It may be padded at the end with nulls 790 00:30:16,300 --> 00:30:18,237 and these can be any characters 791 00:30:18,237 --> 00:30:20,860 that can be decrypted to obvious nonsense. 792 00:30:20,860 --> 00:30:23,100 So the receiver can easily spot them 793 00:30:23,100 --> 00:30:26,700 and discard them next on our list is stream Cipher. 794 00:30:27,300 --> 00:30:29,300 So a stream Cipher is a method 795 00:30:29,300 --> 00:30:31,778 of encrypting text to produce Cipher text 796 00:30:31,778 --> 00:30:33,589 in which a cryptographic key 797 00:30:33,589 --> 00:30:36,500 and algorithm are applied to each binary digit 798 00:30:36,500 --> 00:30:38,660 in a data stream one bit at a time. 799 00:30:38,660 --> 00:30:41,900 This method is not much used in modern cryptography. 800 00:30:41,900 --> 00:30:44,944 The main alternative method is block Cipher in which a key 801 00:30:44,944 --> 00:30:46,405 and algorithm are applied 802 00:30:46,405 --> 00:30:49,521 to block of data rather than individual bits in a stream. 803 00:30:49,521 --> 00:30:49,800 Okay. 804 00:30:49,800 --> 00:30:52,249 So now that we've spoken about block Cipher let's go 805 00:30:52,249 --> 00:30:53,800 and actually explain what block 806 00:30:53,800 --> 00:30:57,111 Cipher does a block Cipher is an encryption method that 807 00:30:57,111 --> 00:30:58,582 A deterministic algorithm 808 00:30:58,582 --> 00:31:01,081 for the symmetric key to encrypt a block 809 00:31:01,081 --> 00:31:03,900 of text rather than encrypting one bit at a time as 810 00:31:03,900 --> 00:31:05,000 in stream ciphers. 811 00:31:05,000 --> 00:31:08,300 For example, a common block Cipher AES encryption 812 00:31:08,300 --> 00:31:11,500 128-bit blocks with a key of predetermined length. 813 00:31:11,500 --> 00:31:14,900 That is either 128 192 or 256 bits in length. 814 00:31:15,000 --> 00:31:16,100 Now block ciphers 815 00:31:16,100 --> 00:31:18,235 are pseudo-random permutation families 816 00:31:18,235 --> 00:31:21,000 that operate on the fixed size of block of bits. 817 00:31:21,000 --> 00:31:22,500 These prps our function 818 00:31:22,500 --> 00:31:25,000 that cannot be differentiated from completely 819 00:31:25,000 --> 00:31:26,158 random permutation 820 00:31:26,158 --> 00:31:29,800 and thus are A reliable and been proven to be unreliable 821 00:31:29,800 --> 00:31:30,686 by some Source. 822 00:31:30,686 --> 00:31:30,980 Okay. 823 00:31:30,980 --> 00:31:31,900 So now it's time 824 00:31:31,900 --> 00:31:34,200 that we discussed some asymmetric cryptography. 825 00:31:34,400 --> 00:31:36,500 So asymmetric cryptography also 826 00:31:36,500 --> 00:31:40,006 known as public key cryptography is any cryptography system 827 00:31:40,006 --> 00:31:41,400 that uses pair of keys, 828 00:31:41,400 --> 00:31:44,517 which is a public key which may be disseminated widely 829 00:31:44,517 --> 00:31:45,458 and private Keys 830 00:31:45,458 --> 00:31:47,300 which are known only to the owner. 831 00:31:47,300 --> 00:31:50,100 This accomplishes two functions authentication 832 00:31:50,100 --> 00:31:51,600 where the public key verify is 833 00:31:51,600 --> 00:31:54,350 that a holder of the paired private key send the message 834 00:31:54,350 --> 00:31:57,265 and encryption where only the paired private key holder. 835 00:31:57,265 --> 00:31:58,823 Decrypt the message encrypted 836 00:31:58,823 --> 00:32:02,000 with the public key and a public key encryption system. 837 00:32:02,000 --> 00:32:05,327 Any person can encrypt a message using the receivers public key 838 00:32:05,327 --> 00:32:07,636 that encrypted message can only be decrypted 839 00:32:07,636 --> 00:32:09,300 with the receivers private key. 840 00:32:09,300 --> 00:32:10,211 So to be practical 841 00:32:10,211 --> 00:32:12,800 the generation of public and private key pair 842 00:32:12,800 --> 00:32:15,276 must be computationally economical the strength 843 00:32:15,276 --> 00:32:17,451 of a public key cryptography system relies 844 00:32:17,451 --> 00:32:20,629 on computational efforts required to find the private key 845 00:32:20,629 --> 00:32:22,099 from its paid public key. 846 00:32:22,100 --> 00:32:23,307 So effective security 847 00:32:23,307 --> 00:32:25,896 only requires keeping the private key private 848 00:32:25,992 --> 00:32:28,300 and the public key can be a openly distributed 849 00:32:28,300 --> 00:32:29,800 without compromising security. 850 00:32:29,800 --> 00:32:30,100 Okay. 851 00:32:30,100 --> 00:32:31,800 So now that I've actually shown you guys 852 00:32:31,800 --> 00:32:33,700 how cryptography actually works and how 853 00:32:33,700 --> 00:32:36,423 the different classifications are actually applied. 854 00:32:36,423 --> 00:32:38,600 Let's go and do something interesting. 855 00:32:38,700 --> 00:32:41,800 So you guys are actually watching this video 856 00:32:41,800 --> 00:32:43,319 on YouTube right now. 857 00:32:43,319 --> 00:32:45,128 So if you guys actually go 858 00:32:45,128 --> 00:32:48,400 and click on the secure part besides the URL you 859 00:32:48,400 --> 00:32:50,920 can actually go and view the digital certificates 860 00:32:50,920 --> 00:32:52,600 that are actually used out here. 861 00:32:52,676 --> 00:32:54,523 So click on certificates 862 00:32:54,600 --> 00:32:57,400 and you'll see the details in the details. 863 00:32:57,400 --> 00:32:57,700 Up. 864 00:32:57,700 --> 00:33:00,905 Now as you guys can see the signature algorithm 865 00:33:00,905 --> 00:33:01,818 that is used 866 00:33:01,818 --> 00:33:06,000 for actually securing YouTube is being shot 256 with RSA 867 00:33:06,000 --> 00:33:09,100 and RC is a very very common encryption algorithm 868 00:33:09,100 --> 00:33:09,700 that is used 869 00:33:09,700 --> 00:33:12,600 throughout the internet then the signature hash algorithm 870 00:33:12,600 --> 00:33:15,000 that is being used is sha-256. 871 00:33:15,000 --> 00:33:18,100 And the issue is Googling internet Authority 872 00:33:18,100 --> 00:33:20,525 and you can get a lot of information 873 00:33:20,525 --> 00:33:23,894 about sites and all their Authority Key identifiers 874 00:33:23,894 --> 00:33:27,600 or certificate policies the key usage and a lot of thing 875 00:33:27,600 --> 00:33:31,218 about security just from this small little button audio. 876 00:33:31,218 --> 00:33:32,600 Also, let me show you 877 00:33:32,600 --> 00:33:35,800 a little how public key encryption actually works. 878 00:33:35,900 --> 00:33:37,053 So on the side, 879 00:33:37,053 --> 00:33:40,800 which is basically cobwebs dot CSV or UGA dot edu. 880 00:33:40,800 --> 00:33:44,105 You can actually demo out public key encryption. 881 00:33:44,105 --> 00:33:47,904 So suppose we had to send a message first we would need 882 00:33:47,904 --> 00:33:49,067 to generate keys. 883 00:33:49,067 --> 00:33:50,300 So as you can see, 884 00:33:50,300 --> 00:33:53,000 I just click generate keys and it got me two keys, 885 00:33:53,000 --> 00:33:54,696 which is one is the public key, 886 00:33:54,696 --> 00:33:57,164 which I will distribute for the network and one. 887 00:33:57,164 --> 00:34:00,400 Private key which I will actually keep secret to myself. 888 00:34:00,400 --> 00:34:01,200 Now. 889 00:34:01,200 --> 00:34:04,300 I want to send a message saying hi there. 890 00:34:04,500 --> 00:34:07,600 When is the exam tomorrow? 891 00:34:07,900 --> 00:34:11,800 So now we are going to encrypt it using the public key 892 00:34:11,800 --> 00:34:14,400 because that's exactly what's distributed. 893 00:34:14,400 --> 00:34:17,833 So now as you can see we have got our ciphertext saw 894 00:34:17,833 --> 00:34:20,643 this huge thing right out here is ciphertext 895 00:34:20,643 --> 00:34:24,500 and absolutely makes no sense whatsoever now suppose we were 896 00:34:24,500 --> 00:34:25,348 to actually then 897 00:34:25,348 --> 00:34:28,196 decrypt the message we would Would use the private key 898 00:34:28,196 --> 00:34:31,726 that goes along with our account and we would decode the message 899 00:34:31,726 --> 00:34:34,473 and as you guys can see voila we have hi there 900 00:34:34,474 --> 00:34:35,800 when the exam tomorrow. 901 00:34:35,899 --> 00:34:37,500 So we are actually sent a message 902 00:34:37,500 --> 00:34:40,500 on the internet in a very secure fashion above that. 903 00:34:40,500 --> 00:34:43,400 There's also our essay that needs some explaining 904 00:34:43,400 --> 00:34:46,164 because I had promised that to now RSA is a very 905 00:34:46,164 --> 00:34:47,800 very commonly used algorithm 906 00:34:47,800 --> 00:34:49,688 that is used throughout the internet 907 00:34:49,688 --> 00:34:51,900 and you just saw it being used by YouTube. 908 00:34:51,900 --> 00:34:53,400 So it has to be common. 909 00:34:53,400 --> 00:34:57,100 So RSA has a very unique way of applying this algorithm. 910 00:34:57,300 --> 00:34:58,900 There are many actual parameters 911 00:34:58,900 --> 00:35:00,600 that you actually need to study. 912 00:35:00,600 --> 00:35:00,900 Okay. 913 00:35:00,900 --> 00:35:03,500 So now we're actually going to discuss Odyssey, 914 00:35:03,500 --> 00:35:05,763 which is a very popular algorithm that is used 915 00:35:05,763 --> 00:35:06,752 for of the internet. 916 00:35:06,752 --> 00:35:07,523 And you also saw 917 00:35:07,523 --> 00:35:09,600 that it's being used by YouTube right now. 918 00:35:09,600 --> 00:35:12,300 So this cryptosystem is one of the initial system. 919 00:35:12,300 --> 00:35:15,007 It remains most employed cryptosystem even today 920 00:35:15,007 --> 00:35:17,600 and the system was invented by three Scholars, 921 00:35:17,600 --> 00:35:21,123 which is Ron rivest ADI Shamir and Len adleman 922 00:35:21,700 --> 00:35:25,500 hence the name RSA and we will see the two aspects 923 00:35:25,500 --> 00:35:27,000 of the RSA cryptosystem. 924 00:35:27,000 --> 00:35:28,860 Firstly generation of key pair 925 00:35:28,860 --> 00:35:31,520 and secondly encryption decryption algorithms. 926 00:35:31,520 --> 00:35:33,000 So each person or a party 927 00:35:33,000 --> 00:35:34,334 who desires to participate 928 00:35:34,334 --> 00:35:36,900 in communication using encryption needs to generate 929 00:35:36,900 --> 00:35:39,700 a pair of keys namely public key and private key. 930 00:35:39,700 --> 00:35:42,600 So the process followed in the generation of keys is 931 00:35:42,600 --> 00:35:43,634 as follows first, 932 00:35:43,634 --> 00:35:45,400 we have to actually calculate 933 00:35:45,400 --> 00:35:48,900 n now n is actually given by multiplying p and Q 934 00:35:48,900 --> 00:35:50,700 as you guys can see out here. 935 00:35:50,700 --> 00:35:54,792 So p and Q are supposed to be very large prime numbers so 936 00:35:54,792 --> 00:35:56,400 out here P will be 35, 937 00:35:56,400 --> 00:35:58,600 but Are some very strong encryption we 938 00:35:58,600 --> 00:36:01,000 are going to choose very large prime numbers. 939 00:36:01,000 --> 00:36:04,430 Then we actually have to calculate Phi L Phi is you 940 00:36:04,430 --> 00:36:06,900 can see the formula goes is p minus 1 941 00:36:06,900 --> 00:36:09,900 into Q minus 1 and this helps us determine 942 00:36:09,900 --> 00:36:11,734 for the encryption algorithm. 943 00:36:11,734 --> 00:36:13,577 Now, then we have to actually 944 00:36:13,577 --> 00:36:15,989 calculate e now he must be greater than 1 945 00:36:15,989 --> 00:36:17,063 and less than Phi 946 00:36:17,063 --> 00:36:18,248 which is p minus 1 947 00:36:18,248 --> 00:36:21,985 into Q minus 1 and there must be no common factors for e + 948 00:36:21,985 --> 00:36:23,100 5 except for one. 949 00:36:23,100 --> 00:36:24,118 So in other words, 950 00:36:24,118 --> 00:36:26,100 they must be co-prime to each other. 951 00:36:26,400 --> 00:36:29,500 Now to form the public key the pair of numbers 952 00:36:29,500 --> 00:36:32,423 n and E from the RSA public Key System. 953 00:36:32,600 --> 00:36:35,029 This is actually made public and is distributed 954 00:36:35,029 --> 00:36:37,800 throughout the network interestingly though, 955 00:36:37,800 --> 00:36:40,664 N is a part of the public key and the difficulty 956 00:36:40,664 --> 00:36:43,000 in factorizing a large prime number ensures 957 00:36:43,000 --> 00:36:45,200 that the attacker cannot find in finite time. 958 00:36:45,200 --> 00:36:47,109 The two primes that is p and Q 959 00:36:47,109 --> 00:36:50,800 that is used to obtain n this actually ensures the strength 960 00:36:50,800 --> 00:36:54,509 of RSA now in the generation of the private key. 961 00:36:54,700 --> 00:36:59,900 The private key D is It from p q and E for given n and E. 962 00:36:59,900 --> 00:37:02,200 There is a unique number D. Now. 963 00:37:02,200 --> 00:37:05,300 The number D is the inverse of B modulo 5. 964 00:37:05,300 --> 00:37:08,809 This means that D is a number less than five such that 965 00:37:08,809 --> 00:37:10,200 when multiplied by E. 966 00:37:10,200 --> 00:37:11,200 It gives one. 967 00:37:11,400 --> 00:37:14,500 So let's go and actually fill up these numbers. 968 00:37:14,500 --> 00:37:17,900 So n should be 35 out Hill 969 00:37:17,900 --> 00:37:21,100 and if we generate them we get the value of V, 970 00:37:21,100 --> 00:37:21,999 which is 24, 971 00:37:21,999 --> 00:37:24,100 which is basically 4 into 6, 972 00:37:24,100 --> 00:37:28,154 and then we should also get It's now he should be co-prime. 973 00:37:28,154 --> 00:37:32,400 So we are going to give it 11 as 11 is co-prime to both. 974 00:37:32,700 --> 00:37:36,779 So now for the actual encryption part we have to put in p 975 00:37:36,779 --> 00:37:37,800 and N out here 976 00:37:38,000 --> 00:37:40,600 so he out here for us is 11 977 00:37:40,600 --> 00:37:45,200 and N is 35 and then we are going to pick a letter 978 00:37:45,200 --> 00:37:46,584 to actually Cipher 979 00:37:46,584 --> 00:37:50,892 which is a and then we're going to encode it as a number. 980 00:37:50,900 --> 00:37:53,400 So as you guys can see we've encoded as 981 00:37:53,400 --> 00:37:56,200 one and out here now. 982 00:37:56,200 --> 00:37:59,000 After we've given the message it's numerical form. 983 00:37:59,000 --> 00:38:00,400 We click on encryption 984 00:38:00,400 --> 00:38:03,600 and we get it now to actually decrypt the message. 985 00:38:03,600 --> 00:38:07,300 We are going to need d and n now D for us was 5 986 00:38:07,900 --> 00:38:11,900 and N was 35 so 5 and 35 987 00:38:12,300 --> 00:38:15,000 and then we're going to take encrypted message 988 00:38:15,000 --> 00:38:18,100 from above and we're going to decrypt this message. 989 00:38:18,100 --> 00:38:20,200 So after you decrypt it, 990 00:38:20,200 --> 00:38:22,800 we have the numerical form of the plaintext 991 00:38:22,800 --> 00:38:26,118 and then decode the messages click here decode messages. 992 00:38:26,118 --> 00:38:29,800 And as you guys can see we have decoded the message using RSA. 993 00:38:29,980 --> 00:38:32,519 So guys that's how I receive Oaks. 994 00:38:32,700 --> 00:38:34,700 I explained all the factors 995 00:38:34,700 --> 00:38:38,814 that we actually use in our essay from n25 to e to D. 996 00:38:39,000 --> 00:38:41,500 And I hope you understood a part of it 997 00:38:41,700 --> 00:38:42,709 if y'all are still 998 00:38:42,709 --> 00:38:45,400 more interested y'all can actually research a lot 999 00:38:45,400 --> 00:38:48,900 on our say it's a very in-depth cryptography system p 1000 00:38:48,900 --> 00:38:56,200 and N now D for us was 5 and N was 35 so 5 and 35. 1001 00:38:56,700 --> 00:38:59,300 And then we're going to take encrypted message 1002 00:38:59,300 --> 00:39:02,400 from above and we're going to decrypt this message. 1003 00:39:02,400 --> 00:39:05,900 So after you decrypted we have the numerical form 1004 00:39:05,900 --> 00:39:07,000 of the plaintext 1005 00:39:07,000 --> 00:39:10,333 and then decode the messages click here decode message. 1006 00:39:10,333 --> 00:39:14,100 And as you guys can see we have decoded the message using RSA. 1007 00:39:14,200 --> 00:39:16,892 So guys, that's how I receive books. 1008 00:39:17,000 --> 00:39:19,000 I explained all the factors 1009 00:39:19,000 --> 00:39:23,114 that we actually use in our essay from n25 to e to D. 1010 00:39:23,200 --> 00:39:25,800 And I hope you understood a part of it. 1011 00:39:26,100 --> 00:39:27,158 If y'all are still 1012 00:39:27,158 --> 00:39:29,700 more interested y'all can actually research a lot 1013 00:39:29,700 --> 00:39:38,000 on our say it's a very in-depth cryptography system just 1014 00:39:38,000 --> 00:39:41,300 as pollution was a side effect of the Industrial Revolution. 1015 00:39:41,300 --> 00:39:43,451 So are the many security vulnerabilities 1016 00:39:43,451 --> 00:39:46,100 that come with the increase internet connectivity 1017 00:39:46,100 --> 00:39:47,900 cyber attacks are exploitations 1018 00:39:47,900 --> 00:39:51,254 of those vulnerabilities for the most part individuals 1019 00:39:51,254 --> 00:39:54,576 and businesses have found ways to counter cyber attacks using 1020 00:39:54,576 --> 00:39:56,400 a variety of security measures. 1021 00:39:56,400 --> 00:39:58,400 And just Good Old Common Sense. 1022 00:39:58,400 --> 00:39:59,700 We are going to examine eight 1023 00:39:59,700 --> 00:40:01,700 of the most common cyber security threats 1024 00:40:01,700 --> 00:40:04,800 that your business could face and the ways to avoid them. 1025 00:40:04,800 --> 00:40:07,065 So before we actually jump into the session, 1026 00:40:07,065 --> 00:40:09,641 let me give you how the session will actually work. 1027 00:40:09,641 --> 00:40:12,521 We are going to discuss the most 8 common cyber threats. 1028 00:40:12,521 --> 00:40:15,085 We're going to discuss in particular what they are 1029 00:40:15,085 --> 00:40:17,700 how the threat works and how to protect yourself. 1030 00:40:17,700 --> 00:40:18,026 Okay. 1031 00:40:18,026 --> 00:40:19,108 So now let's jump 1032 00:40:19,108 --> 00:40:22,293 in now cyber attacks are taking place all the time. 1033 00:40:22,293 --> 00:40:26,266 Even as we speak the security of some organization big or small. 1034 00:40:26,266 --> 00:40:27,843 All is being compromised. 1035 00:40:27,843 --> 00:40:28,600 For example, 1036 00:40:28,600 --> 00:40:31,200 if you visit this site out here that is threat Cloud. 1037 00:40:31,300 --> 00:40:34,000 You can actually view all the cyber attacks 1038 00:40:34,000 --> 00:40:35,896 that are actually happening right now. 1039 00:40:35,896 --> 00:40:38,200 Let me just give you a quick demonstration of 1040 00:40:38,200 --> 00:40:39,200 how that looks like. 1041 00:40:39,400 --> 00:40:41,600 Okay, so as you guys can see out here, 1042 00:40:41,600 --> 00:40:44,800 these are all the places that are being compromised right now. 1043 00:40:44,800 --> 00:40:47,369 The red Parts actually show us the part 1044 00:40:47,369 --> 00:40:50,116 that is being compromised and the yellow places 1045 00:40:50,116 --> 00:40:53,400 actually show us from where it's being compromised from. 1046 00:40:53,500 --> 00:40:55,200 Okay, as you guys can see now 1047 00:40:55,200 --> 00:40:58,729 that someone from Madeline's is actually attacking this place 1048 00:40:58,729 --> 00:41:01,100 and someone from USA was attacking Mexico. 1049 00:41:01,100 --> 00:41:02,431 It's a pretty interesting site 1050 00:41:02,431 --> 00:41:05,191 and actually gives you a scale of how many cyber attacks 1051 00:41:05,191 --> 00:41:07,600 are actually happening all the time in the world. 1052 00:41:07,600 --> 00:41:10,731 Okay now getting back I think looking at all these types 1053 00:41:10,731 --> 00:41:11,700 of cyber attacks. 1054 00:41:11,700 --> 00:41:12,600 It's only necessary 1055 00:41:12,600 --> 00:41:14,800 that we educate ourselves about all the types 1056 00:41:14,800 --> 00:41:16,500 of cyber threats that we have. 1057 00:41:16,500 --> 00:41:18,500 So these are the eight cyber threats 1058 00:41:18,500 --> 00:41:20,750 that we're going to be discussing today firstly. 1059 00:41:20,750 --> 00:41:22,600 We're going to start off with malware. 1060 00:41:22,900 --> 00:41:26,000 So malware is an all-encompassing term. 1061 00:41:26,100 --> 00:41:29,792 Or a variety of cyber attacks including Trojans viruses 1062 00:41:29,792 --> 00:41:32,533 and worms malware is simply defined as code 1063 00:41:32,533 --> 00:41:33,900 with malicious intent 1064 00:41:33,900 --> 00:41:35,577 that typically steals data 1065 00:41:35,577 --> 00:41:37,900 or destroy something on the computer. 1066 00:41:38,300 --> 00:41:41,276 The way malware goes about doing its damage can be helpful 1067 00:41:41,276 --> 00:41:44,200 in categorizing what kind of malware you're dealing with. 1068 00:41:44,200 --> 00:41:45,700 So let's discuss it. 1069 00:41:45,700 --> 00:41:49,400 So first of all viruses like the biological namesakes viruses 1070 00:41:49,400 --> 00:41:51,000 attach themselves to clean files 1071 00:41:51,000 --> 00:41:53,500 and infect other clean files and they can spread 1072 00:41:53,500 --> 00:41:56,400 uncontrollably damaging a systems core functionality. 1073 00:41:56,400 --> 00:41:58,100 I'm deleting or corrupting files. 1074 00:41:58,100 --> 00:42:00,100 They usually appear as executable files 1075 00:42:00,100 --> 00:42:02,400 that you might have downloaded from the internet. 1076 00:42:02,400 --> 00:42:03,835 Then there are also Trojans. 1077 00:42:03,835 --> 00:42:04,600 Now this kind 1078 00:42:04,600 --> 00:42:07,400 of malware disguises itself as legitimate software 1079 00:42:07,400 --> 00:42:10,400 or is included in legitimate software that can be tampered 1080 00:42:10,400 --> 00:42:13,800 with it tends to act discreetly and creates back doors 1081 00:42:13,800 --> 00:42:16,300 in your security to let other malware sin. 1082 00:42:16,300 --> 00:42:17,815 Then we have worms worms. 1083 00:42:17,815 --> 00:42:20,604 In fact entire networks of devices either local 1084 00:42:20,604 --> 00:42:23,898 or across the Internet by using the Network's interfaces. 1085 00:42:23,898 --> 00:42:26,310 It uses each consecutive infected machine. 1086 00:42:26,310 --> 00:42:28,900 To infect more and then we have botnets and such 1087 00:42:28,900 --> 00:42:31,600 where botnets are networks of infected computers 1088 00:42:31,600 --> 00:42:33,100 that are made to work together 1089 00:42:33,200 --> 00:42:35,319 under the controller of an attacker. 1090 00:42:35,319 --> 00:42:37,497 So basically you can encounter malware 1091 00:42:37,497 --> 00:42:39,674 if you have some OS vulnerabilities or 1092 00:42:39,674 --> 00:42:42,640 if you download some legitimate software from somewhere 1093 00:42:42,640 --> 00:42:44,725 or you have some other email attachment 1094 00:42:44,725 --> 00:42:46,100 that was compromised with 1095 00:42:46,600 --> 00:42:46,949 Okay. 1096 00:42:46,949 --> 00:42:49,400 So how exactly do you remove malware 1097 00:42:49,400 --> 00:42:51,800 or how exactly do you fight against it? 1098 00:42:51,800 --> 00:42:54,996 Well, each form of malware has its own way of infecting 1099 00:42:54,996 --> 00:42:56,290 and damaging computers 1100 00:42:56,290 --> 00:42:57,600 and data and so each one 1101 00:42:57,600 --> 00:42:59,807 requires a different malware removal method. 1102 00:42:59,807 --> 00:43:02,826 The best way to prevent malware is to avoid clicking on links 1103 00:43:02,826 --> 00:43:05,248 or downloading attachments from unknown senders. 1104 00:43:05,248 --> 00:43:06,594 And this is sometimes done 1105 00:43:06,594 --> 00:43:08,766 by deploying a robust and updated firewall 1106 00:43:08,766 --> 00:43:11,271 which prevents the transfer of large data files 1107 00:43:11,271 --> 00:43:13,806 over the network in a hope to be doubt attachments 1108 00:43:13,806 --> 00:43:15,100 that may contain malware. 1109 00:43:15,100 --> 00:43:17,000 It's also important oughtn't to make sure 1110 00:43:17,000 --> 00:43:18,600 your computer's operating system 1111 00:43:18,600 --> 00:43:21,518 whether it be Windows Mac OS Linux uses the most 1112 00:43:21,518 --> 00:43:23,177 up-to-date security updates 1113 00:43:23,177 --> 00:43:26,131 and software programmers update programs frequently 1114 00:43:26,131 --> 00:43:28,200 to address any holes or weak points, 1115 00:43:28,200 --> 00:43:30,882 and it's important to install all these updates as 1116 00:43:30,882 --> 00:43:33,400 well as to decrease your own system weaknesses. 1117 00:43:33,400 --> 00:43:36,900 So next up on our list of cyber threats we have fishing. 1118 00:43:36,900 --> 00:43:38,900 So what exactly is fishing 1119 00:43:38,900 --> 00:43:41,500 well often posing as a request for data 1120 00:43:41,500 --> 00:43:44,284 from a trusted third party phishing attacks 1121 00:43:44,284 --> 00:43:45,406 are sent via email 1122 00:43:45,406 --> 00:43:47,403 and ask Those to click on a link 1123 00:43:47,403 --> 00:43:50,797 and enter their personal data phishing emails have gotten 1124 00:43:50,797 --> 00:43:53,100 much more sophisticated in recent years 1125 00:43:53,100 --> 00:43:54,400 and making it difficult 1126 00:43:54,400 --> 00:43:56,900 for some people to discern a legitimate request 1127 00:43:56,900 --> 00:43:58,100 for an information 1128 00:43:58,100 --> 00:44:00,906 from a false one now phishing emails often fall 1129 00:44:00,906 --> 00:44:04,200 into the same category as spam but are way more harmful 1130 00:44:04,200 --> 00:44:05,600 than just a simple ad 1131 00:44:05,600 --> 00:44:08,200 so how exactly does fishing work. 1132 00:44:08,600 --> 00:44:12,200 Well most people associate fishing with email message 1133 00:44:12,200 --> 00:44:15,369 that spoof or mimic Bank credit card companies 1134 00:44:15,369 --> 00:44:17,500 or other Genesis like Amazon eBay 1135 00:44:17,500 --> 00:44:20,900 and Facebook these messages look at entik and attempt 1136 00:44:20,900 --> 00:44:23,800 to get victims to reveal their personal information. 1137 00:44:23,800 --> 00:44:25,300 But email messages are 1138 00:44:25,300 --> 00:44:27,200 only one small piece of a phishing scam 1139 00:44:27,400 --> 00:44:30,500 from beginning to end the process involves five steps. 1140 00:44:30,500 --> 00:44:32,600 The first step is planning the Fisher 1141 00:44:32,600 --> 00:44:35,400 must decide which business to Target and determine 1142 00:44:35,400 --> 00:44:36,913 how to get email addresses 1143 00:44:36,913 --> 00:44:38,888 for the customers of that business. 1144 00:44:38,888 --> 00:44:41,300 Then they must go through the setup phase. 1145 00:44:41,300 --> 00:44:44,500 Once they know which business to spoof and who their victims 1146 00:44:44,500 --> 00:44:47,441 are fissures create methods for Living the messages 1147 00:44:47,441 --> 00:44:50,515 and collecting the data then they have to execute the attack. 1148 00:44:50,515 --> 00:44:51,620 And this is the step. 1149 00:44:51,620 --> 00:44:54,198 Most people are familiar with that is the fishes 1150 00:44:54,198 --> 00:44:55,350 and the phony message 1151 00:44:55,350 --> 00:44:57,600 that appears to be from a reputable Source 1152 00:44:57,600 --> 00:44:59,200 after that the Fisher records 1153 00:44:59,200 --> 00:45:01,700 the information the victims enter into the web page 1154 00:45:01,700 --> 00:45:04,135 or pop-up windows and in the last step, 1155 00:45:04,135 --> 00:45:07,200 which is basically identity theft and fraud the Fisher's use 1156 00:45:07,200 --> 00:45:10,300 the information they've gathered to make illegal purchases 1157 00:45:10,300 --> 00:45:11,721 or otherwise commit fraud 1158 00:45:11,721 --> 00:45:14,839 and as many as 1/4 of the victims never fully recover. 1159 00:45:14,839 --> 00:45:18,322 So how exactly can Can you be actually preventing yourself 1160 00:45:18,322 --> 00:45:19,563 from getting fished? 1161 00:45:19,563 --> 00:45:22,607 Well, the only thing that you can do is being aware 1162 00:45:22,607 --> 00:45:24,887 of how phishing emails actually work. 1163 00:45:24,887 --> 00:45:25,900 So first of all, 1164 00:45:25,900 --> 00:45:29,100 a phishing email has some very specific properties. 1165 00:45:29,100 --> 00:45:31,041 So firstly you will have something 1166 00:45:31,041 --> 00:45:32,800 like a very generalized way 1167 00:45:32,800 --> 00:45:36,700 of addressing someone liked your client then your message 1168 00:45:36,700 --> 00:45:40,354 will not be actually from a very reputable source so out here 1169 00:45:40,354 --> 00:45:43,400 as you can see it's written as Amazon on the label, 1170 00:45:43,400 --> 00:45:46,500 but if you actually inspect the email address that Came 1171 00:45:46,500 --> 00:45:49,276 from its from management at Maison Canada dot C A 1172 00:45:49,276 --> 00:45:52,100 which is not exactly a legitimate Amazon address. 1173 00:45:52,100 --> 00:45:52,500 Third. 1174 00:45:52,500 --> 00:45:55,900 You can actually hover over the redirect links and see 1175 00:45:55,900 --> 00:45:59,500 where they actually redirect you to now this redirects me 1176 00:45:59,500 --> 00:46:01,880 to www.facebook.com zone.com 1177 00:46:01,900 --> 00:46:03,100 as you can see out here. 1178 00:46:03,200 --> 00:46:04,599 So basically, you know, 1179 00:46:04,599 --> 00:46:07,605 this is actually a phishing email and you should actually 1180 00:46:07,605 --> 00:46:09,734 report this email to your administrators 1181 00:46:09,734 --> 00:46:10,616 or anybody else 1182 00:46:10,616 --> 00:46:13,886 that you think is supposed to be concerned with this also. 1183 00:46:13,886 --> 00:46:16,300 Let me give you guys a quick demonstration. 1184 00:46:16,300 --> 00:46:19,600 Chinon how fishing actually works from the perspective 1185 00:46:19,600 --> 00:46:20,904 of an attacker. 1186 00:46:21,100 --> 00:46:22,500 So first of all, 1187 00:46:22,700 --> 00:46:26,600 I have actually created a phishing website for 1188 00:46:26,600 --> 00:46:28,900 harvesting Facebook credentials. 1189 00:46:29,000 --> 00:46:31,600 I simply just took the source code 1190 00:46:31,600 --> 00:46:33,600 of the Facebook login page 1191 00:46:33,600 --> 00:46:37,400 and paste it and then made a back-end code in PHP 1192 00:46:37,400 --> 00:46:40,812 which makes a log file of all the Facebook passwords 1193 00:46:40,812 --> 00:46:44,225 that get actually entered onto the fishing page now. 1194 00:46:44,225 --> 00:46:46,300 I've also sent myself an email. 1195 00:46:46,300 --> 00:46:48,606 As to make sure this looks legitimate, 1196 00:46:48,606 --> 00:46:51,100 but this is only for spreading awareness. 1197 00:46:51,100 --> 00:46:53,600 So please don't use this method for actually 1198 00:46:53,600 --> 00:46:55,007 harvesting credentials. 1199 00:46:55,007 --> 00:46:57,500 That's actually a very legal thing to do. 1200 00:46:57,500 --> 00:46:58,945 So, let's get started. 1201 00:46:58,945 --> 00:46:59,600 First of all, 1202 00:46:59,600 --> 00:47:01,200 you will go to your email and see 1203 00:47:01,200 --> 00:47:04,900 that you'll get some emails saying your Facebook credentials 1204 00:47:04,900 --> 00:47:06,274 have been compromised. 1205 00:47:06,274 --> 00:47:09,000 So when you open it, it looks pretty legit. 1206 00:47:09,000 --> 00:47:11,410 Well, I haven't made it look all that legit. 1207 00:47:11,410 --> 00:47:12,515 It should look legit. 1208 00:47:12,515 --> 00:47:15,165 But the point out here is to actually make you aware 1209 00:47:15,165 --> 00:47:16,100 of how this works. 1210 00:47:16,100 --> 00:47:18,550 So as you guys can see it says Dear client we have 1211 00:47:18,550 --> 00:47:19,800 strong reasons to believe 1212 00:47:19,800 --> 00:47:21,900 that your credentials may have been compromised 1213 00:47:21,900 --> 00:47:23,900 and might have been used by someone else. 1214 00:47:23,900 --> 00:47:25,900 We have locked your Facebook account. 1215 00:47:25,900 --> 00:47:28,419 Please click here to unlock sincerely 1216 00:47:28,419 --> 00:47:30,100 Facebook associate Dean. 1217 00:47:30,283 --> 00:47:32,600 So if we actually click here, 1218 00:47:32,600 --> 00:47:36,518 we are actually redirected to a nice-looking Facebook page, 1219 00:47:36,518 --> 00:47:37,600 which is exactly 1220 00:47:37,600 --> 00:47:41,079 how Facebook looks like when you're logging in now suppose. 1221 00:47:41,079 --> 00:47:43,900 I were to actually log into my Facebook account, 1222 00:47:43,900 --> 00:47:46,300 which I won't I'll just use some brand my 1223 00:47:46,300 --> 00:47:52,000 Like this is an email addres gmail.com and let's put 1224 00:47:52,000 --> 00:47:54,600 password as admin 1 2 3 1225 00:47:54,900 --> 00:47:56,800 and we click login now 1226 00:47:56,800 --> 00:48:00,373 since my Facebook is actually already logged in it will just 1227 00:48:00,373 --> 00:48:01,855 redirect to facebook.com 1228 00:48:01,855 --> 00:48:05,500 and you might just see me logged in but on a normal computer 1229 00:48:05,500 --> 00:48:08,115 is just redirect you to www.facebook.com, 1230 00:48:08,115 --> 00:48:10,600 which should just show this site again. 1231 00:48:10,715 --> 00:48:11,100 Okay. 1232 00:48:11,100 --> 00:48:13,300 So once I click login out here all 1233 00:48:13,300 --> 00:48:16,300 that the backend code that I've written in PHP. 1234 00:48:16,300 --> 00:48:18,000 PHP out here will do is 1235 00:48:18,000 --> 00:48:20,800 that it's going to take all the parameters 1236 00:48:20,800 --> 00:48:22,876 that have entered into this website. 1237 00:48:22,876 --> 00:48:24,300 That is my email address 1238 00:48:24,300 --> 00:48:27,000 and the password and just generate a log file about it. 1239 00:48:27,100 --> 00:48:29,854 So let's just hit login and see what happens. 1240 00:48:29,854 --> 00:48:32,600 So as you guys can see I've been redirected 1241 00:48:32,600 --> 00:48:34,500 to the original Facebook page 1242 00:48:34,500 --> 00:48:38,700 that is not meant for fishing and on my system audio. 1243 00:48:39,100 --> 00:48:41,100 I have a log file 1244 00:48:41,100 --> 00:48:43,400 and this log file will show exactly 1245 00:48:43,400 --> 00:48:46,197 as you can see are fished out the email address. 1246 00:48:46,197 --> 00:48:47,500 This is an email addres 1247 00:48:47,500 --> 00:48:50,043 gmail.com and it's also showed the password. 1248 00:48:50,043 --> 00:48:51,700 That is admin one two three. 1249 00:48:51,700 --> 00:48:56,000 So this is how exactly fishing works you enter an email address 1250 00:48:56,000 --> 00:48:58,125 and you're entering the email address 1251 00:48:58,125 --> 00:48:59,300 on a phishing website. 1252 00:48:59,300 --> 00:49:02,010 And then it just redirects you to the original site. 1253 00:49:02,010 --> 00:49:05,200 But by this time you've already compromised your credentials. 1254 00:49:05,200 --> 00:49:08,100 So always be careful when dealing with such emails. 1255 00:49:08,400 --> 00:49:09,403 So now jumping back 1256 00:49:09,403 --> 00:49:11,781 to our session the next type of cyber attacks. 1257 00:49:11,781 --> 00:49:14,100 We're going to discuss is password adducts. 1258 00:49:14,300 --> 00:49:15,900 So an attempt to obtain 1259 00:49:15,900 --> 00:49:17,773 or decrypt a user's password 1260 00:49:17,773 --> 00:49:21,086 for illegal use is exactly what a password attack is 1261 00:49:21,086 --> 00:49:24,400 Hackers can use cracking programs dictionary attacks 1262 00:49:24,400 --> 00:49:25,511 and passwords Nippers 1263 00:49:25,511 --> 00:49:28,100 and password attacks password cracking refers 1264 00:49:28,100 --> 00:49:31,082 to various measures used to discover computer passwords. 1265 00:49:31,082 --> 00:49:34,000 This is usually accomplished by recovering passwords 1266 00:49:34,000 --> 00:49:35,942 from data stored in or transported 1267 00:49:35,942 --> 00:49:38,700 from a computer system password cracking is done by 1268 00:49:38,700 --> 00:49:41,200 either repeatedly guessing the password usually 1269 00:49:41,200 --> 00:49:43,399 through a computer algorithm in which the computer 1270 00:49:43,399 --> 00:49:44,800 tries numerous combinations. 1271 00:49:44,800 --> 00:49:47,700 Nations under the password is successfully discovered now 1272 00:49:47,700 --> 00:49:50,100 password attacks can be done for several reasons, 1273 00:49:50,100 --> 00:49:51,700 but the most malicious reason is 1274 00:49:51,700 --> 00:49:53,600 in order to gain unauthorized access 1275 00:49:53,600 --> 00:49:54,414 to a computer 1276 00:49:54,414 --> 00:49:57,700 with the computers owners awareness not being in place. 1277 00:49:57,700 --> 00:49:58,620 Now this results 1278 00:49:58,620 --> 00:50:01,835 in cyber crime such as stealing passwords for the purpose 1279 00:50:01,835 --> 00:50:03,600 of accessing Bank information. 1280 00:50:03,600 --> 00:50:05,600 Now today, there are three common methods 1281 00:50:05,600 --> 00:50:08,000 used to break into a password-protected system. 1282 00:50:08,000 --> 00:50:10,498 The first is a Brute Force attack a hacker 1283 00:50:10,498 --> 00:50:11,900 uses a computer program 1284 00:50:11,900 --> 00:50:14,300 or script to try to login with possible. 1285 00:50:14,300 --> 00:50:16,900 Odd combinations usually starting with the easiest 1286 00:50:16,900 --> 00:50:17,900 to guess password. 1287 00:50:17,900 --> 00:50:20,881 So just think if a hacker has a company list he or she 1288 00:50:20,881 --> 00:50:22,200 can easily guess usernames. 1289 00:50:22,200 --> 00:50:24,600 If even one of the users has a password one, two, 1290 00:50:24,600 --> 00:50:25,946 three, he will quickly 1291 00:50:25,946 --> 00:50:28,904 be able to get in the next our dictionary attacks. 1292 00:50:28,904 --> 00:50:30,534 Now a hacker uses a program 1293 00:50:30,534 --> 00:50:31,500 or script to try 1294 00:50:31,500 --> 00:50:33,600 to login bicycling through the combinations 1295 00:50:33,600 --> 00:50:36,570 of common words in contrast with Brute Force attacks 1296 00:50:36,570 --> 00:50:40,099 where a large proportion key space is searched systematically 1297 00:50:40,100 --> 00:50:42,900 a dictionary attack tries only those possibilities 1298 00:50:42,900 --> 00:50:44,700 which are most likely to succeed. 1299 00:50:44,900 --> 00:50:46,842 Typically derived from a list of words, 1300 00:50:46,842 --> 00:50:50,000 for example a dictionary generally dictionary attacks 1301 00:50:50,000 --> 00:50:53,703 succeed because most people have a tendency to choose passwords 1302 00:50:53,703 --> 00:50:54,400 which are short 1303 00:50:54,400 --> 00:50:56,800 or such as single words found in the dictionaries 1304 00:50:56,800 --> 00:50:59,200 or simple easy predicted variations on words 1305 00:50:59,200 --> 00:51:01,200 such as a pending a digit or so. 1306 00:51:01,200 --> 00:51:02,300 Now the last kind 1307 00:51:02,300 --> 00:51:05,923 of password attacks are used by keylogger tax hacker uses 1308 00:51:05,923 --> 00:51:08,900 a program to track all of the users keystrokes. 1309 00:51:08,900 --> 00:51:11,550 So at the end of the day everything the user has typed 1310 00:51:11,550 --> 00:51:14,350 including the login IDs and passwords have been recorded. 1311 00:51:14,350 --> 00:51:17,100 Added a keylogger attack is different than a brute force 1312 00:51:17,100 --> 00:51:19,800 or dictionary attack in many ways not the least 1313 00:51:19,800 --> 00:51:22,682 of which the key logging program used as a malware 1314 00:51:22,682 --> 00:51:25,329 that must first make it onto the user's device 1315 00:51:25,329 --> 00:51:27,700 and the keylogger attacks are also different 1316 00:51:27,700 --> 00:51:28,999 because stronger passwords 1317 00:51:28,999 --> 00:51:31,100 don't provide much protection against them, 1318 00:51:31,100 --> 00:51:32,100 which is one reason 1319 00:51:32,100 --> 00:51:35,200 that multi-factor authentication is becoming a must-have 1320 00:51:35,200 --> 00:51:37,500 for all businesses and organizations. 1321 00:51:37,500 --> 00:51:40,500 Now, the only way to stop yourself from getting killed 1322 00:51:40,500 --> 00:51:42,700 in the whole password attack conundrum is 1323 00:51:42,700 --> 00:51:45,100 by actually practicing the Best practices 1324 00:51:45,100 --> 00:51:48,600 that are being discussed in the whole industry about passwords. 1325 00:51:48,600 --> 00:51:50,800 So basically you should update your password. 1326 00:51:50,800 --> 00:51:51,400 Regularly. 1327 00:51:51,800 --> 00:51:53,200 You should use alphanumerics 1328 00:51:53,200 --> 00:51:55,414 in your password and you should never use words 1329 00:51:55,414 --> 00:51:57,100 that are actually in the dictionary. 1330 00:51:57,100 --> 00:51:59,511 It's always advisable to use garbage words 1331 00:51:59,511 --> 00:52:00,600 that makes no sense 1332 00:52:00,600 --> 00:52:03,400 for passwords as a just increase your security. 1333 00:52:03,900 --> 00:52:07,500 So moving on we're going to discuss DDOS attacks. 1334 00:52:08,000 --> 00:52:12,000 So what exactly is a DDOS or a Dos attack? 1335 00:52:12,200 --> 00:52:13,300 Well, first of all, 1336 00:52:13,300 --> 00:52:16,770 it stands for distributed denial of service and a Dos attack 1337 00:52:16,770 --> 00:52:19,400 focuses on disrupting the service to a network 1338 00:52:19,400 --> 00:52:21,164 as the name suggests attackers 1339 00:52:21,164 --> 00:52:24,038 and high volume of data of traffic through the network 1340 00:52:24,038 --> 00:52:25,879 until the network becomes overloaded 1341 00:52:25,879 --> 00:52:27,300 and can no longer function. 1342 00:52:27,300 --> 00:52:29,450 So there are a few different ways attackers 1343 00:52:29,450 --> 00:52:30,681 can achieve dos attack, 1344 00:52:30,681 --> 00:52:31,651 but the most common 1345 00:52:31,651 --> 00:52:33,851 is the distributed denial-of-service attack. 1346 00:52:33,851 --> 00:52:36,411 This involves the attacker using multiple computers 1347 00:52:36,411 --> 00:52:38,023 to send the traffic or data 1348 00:52:38,023 --> 00:52:41,588 that will overload the system in many instances a person 1349 00:52:41,588 --> 00:52:42,691 may not even realize 1350 00:52:42,691 --> 00:52:44,949 that his or her computer has been hijacked 1351 00:52:44,949 --> 00:52:45,943 and is contributing 1352 00:52:45,943 --> 00:52:48,426 to the Dos attack now disrupting Services 1353 00:52:48,426 --> 00:52:51,100 can have serious consequences relating to security 1354 00:52:51,100 --> 00:52:53,100 and online access many instances 1355 00:52:53,100 --> 00:52:56,041 of large-scale Dos attacks have been implemented as 1356 00:52:56,041 --> 00:52:58,263 a single sign of protest towards governments 1357 00:52:58,263 --> 00:52:59,794 or individuals and have led 1358 00:52:59,794 --> 00:53:02,500 to severe punishment including major jail time. 1359 00:53:02,500 --> 00:53:05,800 So, how can you Prevent dos attacks against yourself. 1360 00:53:05,800 --> 00:53:08,100 Well, firstly unless your company is huge. 1361 00:53:08,100 --> 00:53:11,380 It's rare that you would be even targeted by an outside group 1362 00:53:11,380 --> 00:53:13,473 or attackers for a Dos attack your site 1363 00:53:13,473 --> 00:53:15,739 or network could still fall victim to one. 1364 00:53:15,739 --> 00:53:19,242 However, if another organization on your network is targeted now 1365 00:53:19,242 --> 00:53:21,871 the best way to prevent an additional breach 1366 00:53:21,871 --> 00:53:24,600 is to keep your system as secure as possible with 1367 00:53:24,600 --> 00:53:27,653 regular software updates online security monitoring 1368 00:53:27,653 --> 00:53:30,900 and monitoring of your data flow to identify any unusual 1369 00:53:30,900 --> 00:53:32,500 or threatening spikes in traffic 1370 00:53:32,500 --> 00:53:34,000 before they become a problem. 1371 00:53:34,100 --> 00:53:36,400 Dos attacks can also be perpetrated by 1372 00:53:36,400 --> 00:53:38,700 simply cutting a table or dislodging a plug 1373 00:53:38,700 --> 00:53:41,523 that connects your website server to the Internet 1374 00:53:41,523 --> 00:53:43,663 so due diligence in physically monitoring. 1375 00:53:43,663 --> 00:53:45,700 Your connections is recommended as well. 1376 00:53:46,100 --> 00:53:46,500 Okay. 1377 00:53:46,500 --> 00:53:50,200 So next up on our list is man-in-the-middle attacks. 1378 00:53:50,600 --> 00:53:52,400 So by impersonating 1379 00:53:52,400 --> 00:53:56,700 the endpoints in an online information exchange the man 1380 00:53:56,700 --> 00:53:59,700 in the middle attack can obtain information from the end user 1381 00:53:59,700 --> 00:54:00,900 and the entity he 1382 00:54:00,900 --> 00:54:03,700 or she is communicating with for example So 1383 00:54:03,700 --> 00:54:05,300 if you are Banking online 1384 00:54:05,300 --> 00:54:07,866 the man in the middle would communicate with you 1385 00:54:07,866 --> 00:54:09,224 by impersonating your bank 1386 00:54:09,224 --> 00:54:12,200 and communicate with the bank by impersonating you the man 1387 00:54:12,200 --> 00:54:14,900 in the middle would then receive all of the information 1388 00:54:14,900 --> 00:54:16,518 transferred between both parties 1389 00:54:16,518 --> 00:54:19,300 which could include sensitive data such as bank accounts 1390 00:54:19,300 --> 00:54:20,700 and personal information. 1391 00:54:20,800 --> 00:54:24,003 So how does it exactly work normally an MI t-- 1392 00:54:24,003 --> 00:54:25,000 M gains access 1393 00:54:25,000 --> 00:54:27,945 through an unencrypted wireless access point 1394 00:54:27,945 --> 00:54:29,400 which is basically one 1395 00:54:29,400 --> 00:54:33,500 that doesn't use WEP WPA or any of the other security measures. 1396 00:54:33,500 --> 00:54:36,300 Then they would have to access all the information 1397 00:54:36,300 --> 00:54:37,300 being transferred 1398 00:54:37,300 --> 00:54:39,500 between both parties by actually 1399 00:54:39,500 --> 00:54:42,300 spoofing something called address resolution protocol. 1400 00:54:42,300 --> 00:54:43,340 That is the protocol 1401 00:54:43,340 --> 00:54:45,743 that is used when you are actually connecting 1402 00:54:45,743 --> 00:54:47,600 to your gateway from your computer. 1403 00:54:47,600 --> 00:54:51,300 So how can you exactly prevent MIT am attacks from happening 1404 00:54:51,300 --> 00:54:55,000 against you firstly you have to use an encrypted W AP 1405 00:54:55,000 --> 00:54:58,400 that is an encrypted wireless access point next. 1406 00:54:58,400 --> 00:55:00,300 You should always check the security 1407 00:55:00,300 --> 00:55:01,800 of your connection because 1408 00:55:01,800 --> 00:55:05,200 when somebody is actually trying to To compromise your security. 1409 00:55:05,200 --> 00:55:09,000 He will try to actually strip down the HTTP or hsts 1410 00:55:09,000 --> 00:55:10,988 that is being injected in the website, 1411 00:55:10,988 --> 00:55:13,399 which is basically the security protocols. 1412 00:55:13,400 --> 00:55:14,275 So if something 1413 00:55:14,275 --> 00:55:16,964 like this HTTP is not appearing in your website, 1414 00:55:16,964 --> 00:55:19,964 you're on an insecure website where your credentials 1415 00:55:19,964 --> 00:55:22,000 or your information can be compromised 1416 00:55:22,000 --> 00:55:23,800 and the last and final measure 1417 00:55:23,800 --> 00:55:26,211 that you can actually use is by investing 1418 00:55:26,211 --> 00:55:27,900 in a virtual private Network 1419 00:55:27,900 --> 00:55:29,641 which spoofs your entire IP 1420 00:55:29,641 --> 00:55:31,900 and you can just browse the internet 1421 00:55:31,900 --> 00:55:33,400 with perfect comfort. 1422 00:55:33,700 --> 00:55:36,800 Next up on our list is drive-by downloads. 1423 00:55:36,800 --> 00:55:37,800 So Gone are the days 1424 00:55:37,800 --> 00:55:39,900 where you had to click to accept a download 1425 00:55:39,900 --> 00:55:41,400 or install the software update 1426 00:55:41,400 --> 00:55:43,231 in order to become infected 1427 00:55:43,231 --> 00:55:45,673 now just opening a compromise webpage 1428 00:55:45,673 --> 00:55:49,300 could allow dangerous code to install on your device. 1429 00:55:49,300 --> 00:55:53,410 You just need to visit or drive by a web page without stopping 1430 00:55:53,410 --> 00:55:55,500 or to click accept any software 1431 00:55:55,500 --> 00:55:57,241 at the malicious code can download 1432 00:55:57,241 --> 00:56:00,592 in the background to your device a drive-by download refers 1433 00:56:00,592 --> 00:56:03,407 to the unintentional download of a virus or malicious. 1434 00:56:03,407 --> 00:56:04,995 Software onto your computer 1435 00:56:04,995 --> 00:56:07,200 or mobile device a drive-by download 1436 00:56:07,200 --> 00:56:08,800 will usually take advantage 1437 00:56:08,800 --> 00:56:11,623 or exploit a browser or app or operating system 1438 00:56:11,623 --> 00:56:14,200 that is out of date and has security flaws. 1439 00:56:14,200 --> 00:56:15,200 This initial code 1440 00:56:15,200 --> 00:56:17,900 that is downloaded is often very small and 1441 00:56:17,900 --> 00:56:21,000 since its job is often simply to contact another computer 1442 00:56:21,000 --> 00:56:23,100 where it can pull down the rest of the code 1443 00:56:23,100 --> 00:56:24,500 onto your smartphone tablet 1444 00:56:24,500 --> 00:56:27,100 or other computers often a web page will contain 1445 00:56:27,100 --> 00:56:29,600 several different types of malicious code in hopes 1446 00:56:29,600 --> 00:56:32,400 that one of them will match a weakness on your computer. 1447 00:56:32,800 --> 00:56:36,900 So What is this exactly what But first you visit the site 1448 00:56:36,900 --> 00:56:39,741 and during the three-way handshake connection 1449 00:56:39,741 --> 00:56:43,100 of the TCP IP protocol a back in script is triggered. 1450 00:56:43,100 --> 00:56:46,537 As soon as a connection is made by Al the last ack packet 1451 00:56:46,537 --> 00:56:48,607 is sent a download is also triggered 1452 00:56:48,607 --> 00:56:51,800 and the malware is basically injected into your system. 1453 00:56:51,800 --> 00:56:54,309 Now the best advice I can share about overriding 1454 00:56:54,309 --> 00:56:56,954 drive-by downloads is to avoid visiting websites 1455 00:56:56,954 --> 00:56:59,600 that could be considered dangerous or malicious. 1456 00:56:59,600 --> 00:57:02,870 This includes adult content file sharing websites, 1457 00:57:02,870 --> 00:57:06,204 or Anything that offers you a free trip to the Bahamas 1458 00:57:06,204 --> 00:57:07,400 Now some other tips 1459 00:57:07,400 --> 00:57:09,968 to stay protected include keep your internet browser 1460 00:57:09,968 --> 00:57:13,220 and operating system up-to-date use a saved search protocol 1461 00:57:13,220 --> 00:57:14,800 that once you went to navigate 1462 00:57:14,800 --> 00:57:18,300 to a malicious site and use comprehensive security software 1463 00:57:18,300 --> 00:57:20,800 on all your devices like McAfee all access 1464 00:57:20,800 --> 00:57:22,100 and keeping it up to date. 1465 00:57:22,700 --> 00:57:25,700 Okay, so that was it about drive-by downloads. 1466 00:57:25,700 --> 00:57:28,900 Next up is Mal advertising or malvert izing. 1467 00:57:28,900 --> 00:57:32,200 So malvit sizing is the name we in the security industry 1468 00:57:32,200 --> 00:57:34,700 give to criminally Android advertisements 1469 00:57:34,700 --> 00:57:35,899 which intentionally, 1470 00:57:35,899 --> 00:57:37,700 in fact people and businesses. 1471 00:57:37,700 --> 00:57:39,035 These can be any ad 1472 00:57:39,035 --> 00:57:42,200 on any site often ones which you use as a part 1473 00:57:42,200 --> 00:57:46,000 of your everyday internet usage and it is a growing problem 1474 00:57:46,000 --> 00:57:48,668 as is evident by a recent US Senate report 1475 00:57:48,668 --> 00:57:50,612 and the establishment of bodies 1476 00:57:50,612 --> 00:57:54,085 like trust and ads now whilst the technology being used 1477 00:57:54,085 --> 00:57:57,296 in the background is very Advanced the way presents 1478 00:57:57,296 --> 00:58:00,700 to the person beings infected is simple to all intents 1479 00:58:00,700 --> 00:58:03,361 and purposes the advertisement looks the same. 1480 00:58:03,361 --> 00:58:06,300 Same as any other but has been placed by criminal 1481 00:58:06,300 --> 00:58:08,395 like you can see the mint at out here. 1482 00:58:08,395 --> 00:58:09,865 It's really out of place. 1483 00:58:09,865 --> 00:58:12,436 So you could say it's been made by a criminal now 1484 00:58:12,436 --> 00:58:15,913 without your knowledge a tiny piece of code hidden deep 1485 00:58:15,913 --> 00:58:18,618 in the advertisement is making your computer go 1486 00:58:18,618 --> 00:58:21,500 to the criminal servers these and catalog details 1487 00:58:21,500 --> 00:58:22,472 about your computer 1488 00:58:22,472 --> 00:58:23,291 and its location 1489 00:58:23,291 --> 00:58:25,800 before choosing which piece of malware to send you 1490 00:58:25,800 --> 00:58:27,998 and this doesn't need a new browser window 1491 00:58:27,998 --> 00:58:29,500 and you won't know about it. 1492 00:58:29,500 --> 00:58:33,200 So basically you're redirected to some criminal server. 1493 00:58:33,200 --> 00:58:36,914 Neither injections takes place and voila you're infected. 1494 00:58:36,914 --> 00:58:39,300 It's a pretty dangerous thing to be in. 1495 00:58:39,300 --> 00:58:41,900 So how exactly can you stop ma advertising. 1496 00:58:41,900 --> 00:58:43,127 Well, first of all, 1497 00:58:43,127 --> 00:58:45,000 you need to use an ad blocker, 1498 00:58:45,000 --> 00:58:48,600 which is a very must in this day and age you 1499 00:58:48,600 --> 00:58:51,411 can have ad blocker extensions installed on your browser 1500 00:58:51,411 --> 00:58:53,051 whether it be Chrome Safari 1501 00:58:53,051 --> 00:58:56,400 or Mozilla also regular software updates of your browser 1502 00:58:56,400 --> 00:58:57,556 and other softwares 1503 00:58:57,556 --> 00:59:00,600 that work very fertile to your browser always helps 1504 00:59:00,600 --> 00:59:02,800 and next is some common sense. 1505 00:59:02,800 --> 00:59:05,121 And yeah, Advertisement that is about a lottery 1506 00:59:05,121 --> 00:59:08,200 that's offering you free money is probably going to scam you 1507 00:59:08,200 --> 00:59:09,600 and inject malware to 1508 00:59:09,600 --> 00:59:11,400 so now we click on those ads. 1509 00:59:11,800 --> 00:59:14,100 So the last kind of cyber attacks. 1510 00:59:14,100 --> 00:59:16,500 We are going to discover today and discuss 1511 00:59:16,500 --> 00:59:18,100 about is Rogue software. 1512 00:59:18,100 --> 00:59:21,600 So Rogue security software is a form of malicious software 1513 00:59:21,600 --> 00:59:24,719 and internet fraud that misleads users into believing 1514 00:59:24,719 --> 00:59:27,056 that there is a virus on their computer 1515 00:59:27,056 --> 00:59:29,332 and manipulates them into paying money 1516 00:59:29,332 --> 00:59:31,300 for a fake malware removal tool. 1517 00:59:31,400 --> 00:59:33,500 It is a form of scare where that money. 1518 00:59:33,500 --> 00:59:34,915 Lets users through fear 1519 00:59:34,915 --> 00:59:38,300 and a form of ransomware rock security software has been 1520 00:59:38,300 --> 00:59:41,800 a serious security thread in desktop Computing since 2008. 1521 00:59:41,800 --> 00:59:44,536 So now how does a rogue security software work 1522 00:59:44,536 --> 00:59:46,300 these cams manipulating users 1523 00:59:46,300 --> 00:59:49,200 in to download the program through a variety of techniques. 1524 00:59:49,200 --> 00:59:51,543 Some of these methods include ads offering 1525 00:59:51,543 --> 00:59:52,887 free or trial versions 1526 00:59:52,887 --> 00:59:55,391 of Security Programs often pricey upgrades 1527 00:59:55,391 --> 00:59:58,200 or encouraging the purchase of deluxe versions, 1528 00:59:58,207 --> 00:59:59,900 then also pops warning 1529 00:59:59,900 --> 01:00:01,999 that your computer is infected with the virus 1530 01:00:01,999 --> 01:00:03,500 which encourages you to clean. 1531 01:00:03,500 --> 01:00:05,100 It by clicking on the program 1532 01:00:05,100 --> 01:00:07,700 and then manipulated SEO rankings that put 1533 01:00:07,700 --> 01:00:09,500 infected website as the top hits 1534 01:00:09,500 --> 01:00:12,858 when you search these links then redirect you to a landing page 1535 01:00:12,858 --> 01:00:14,700 that seems your machine is infected 1536 01:00:14,700 --> 01:00:18,300 and encourages you a free trial of the Rogue security program. 1537 01:00:18,300 --> 01:00:19,700 Now once the scareware 1538 01:00:19,700 --> 01:00:22,776 is installed it can steal all your information slow 1539 01:00:22,776 --> 01:00:25,661 your computer corrupt your files disable updates 1540 01:00:25,661 --> 01:00:27,532 for Less timet antivirus softwares 1541 01:00:27,532 --> 01:00:28,564 or even prevent you 1542 01:00:28,564 --> 01:00:31,800 from visiting legitimate security software vendor sites. 1543 01:00:32,000 --> 01:00:33,764 Well talking about prevention. 1544 01:00:33,764 --> 01:00:35,764 The best defense is a good offense. 1545 01:00:35,764 --> 01:00:38,531 And in this case and updated firewall makes sure 1546 01:00:38,531 --> 01:00:40,708 that you have a working one in your office 1547 01:00:40,708 --> 01:00:41,611 that protects you 1548 01:00:41,611 --> 01:00:44,000 and your employees from these type of attacks. 1549 01:00:44,000 --> 01:00:47,200 It is also a good idea to install a trusted antivirus 1550 01:00:47,200 --> 01:00:49,169 or anti-spyware software program 1551 01:00:49,169 --> 01:00:51,100 that can detect threats like these 1552 01:00:51,100 --> 01:00:54,100 and also a general level of distrust on the internet 1553 01:00:54,100 --> 01:00:56,600 and not actually believing anything right off. 1554 01:00:56,600 --> 01:00:58,882 The bat is the way to go teen is infected 1555 01:00:58,882 --> 01:01:02,000 and encourages you a free trial of the Rogue security. 1556 01:01:02,000 --> 01:01:05,658 Program now once the scareware is installed it can steal all 1557 01:01:05,658 --> 01:01:08,143 your information slow your computer corrupt 1558 01:01:08,143 --> 01:01:09,800 your files to siebel updates 1559 01:01:09,800 --> 01:01:12,864 for Less timet antivirus softwares or even prevent you 1560 01:01:12,864 --> 01:01:16,100 from visiting legitimate security software vendor sites. 1561 01:01:16,400 --> 01:01:17,900 Well talking about prevention. 1562 01:01:17,900 --> 01:01:19,788 The best defense is a good offense. 1563 01:01:19,788 --> 01:01:22,600 And in this case and updated firewall makes sure 1564 01:01:22,600 --> 01:01:25,920 that you have a working one in your office that protects you 1565 01:01:25,920 --> 01:01:28,300 and your employees from these type of attacks. 1566 01:01:28,300 --> 01:01:31,527 It is also a good idea to install a trusted antivirus 1567 01:01:31,527 --> 01:01:33,403 or These fiber software program 1568 01:01:33,403 --> 01:01:35,400 that can detect threats like these 1569 01:01:35,400 --> 01:01:38,252 and also a general level of distrust on the internet 1570 01:01:38,252 --> 01:01:40,900 and not actually believing anything right off. 1571 01:01:40,900 --> 01:01:48,000 The bat is the way to go the key word 1572 01:01:48,000 --> 01:01:51,300 of this video is ethical hacking course, 1573 01:01:51,500 --> 01:01:52,800 but in reality, 1574 01:01:52,800 --> 01:01:56,233 it's just an expansive video on the fundamentals 1575 01:01:56,233 --> 01:01:57,500 of ethical hacking. 1576 01:01:57,500 --> 01:01:59,100 There is no such thing 1577 01:01:59,100 --> 01:02:01,356 as an ethical hacking course to be honest 1578 01:02:01,356 --> 01:02:02,429 because snow course 1579 01:02:02,429 --> 01:02:05,974 can teach you a discipline like ethical hacking all the best 1580 01:02:05,974 --> 01:02:06,868 that you can do 1581 01:02:06,868 --> 01:02:09,370 and creating content for ethical hacking is 1582 01:02:09,370 --> 01:02:10,800 that you can tell people 1583 01:02:10,800 --> 01:02:13,500 about the fundamentals are followed in this discipline. 1584 01:02:13,615 --> 01:02:14,000 Okay. 1585 01:02:14,000 --> 01:02:16,600 Now before we start let me just give you 1586 01:02:16,600 --> 01:02:18,661 a general idea of the topics 1587 01:02:18,661 --> 01:02:21,820 that I intend to cover throughout this video. 1588 01:02:21,820 --> 01:02:23,400 Okay now to be honest, 1589 01:02:23,400 --> 01:02:26,100 we're going to cover a pretty broad range of material. 1590 01:02:26,100 --> 01:02:28,100 We are first we're going to be going over 1591 01:02:28,100 --> 01:02:31,600 footprinting and recognitions where you get an idea. 1592 01:02:31,700 --> 01:02:34,500 What's involved in the ethical hacking engagement 1593 01:02:34,500 --> 01:02:35,600 that you're working 1594 01:02:35,600 --> 01:02:37,000 on and information 1595 01:02:37,000 --> 01:02:39,382 about the Target that you're engaged with? 1596 01:02:39,382 --> 01:02:42,500 Then we're going to talk about networking fundamentals 1597 01:02:42,500 --> 01:02:45,600 and here we're going to get our hands dirty with buckets 1598 01:02:45,600 --> 01:02:46,900 and the understanding 1599 01:02:46,900 --> 01:02:50,000 of dcpip at a deeper level and also understanding 1600 01:02:50,000 --> 01:02:53,600 how the different protocols work and why they work that way now. 1601 01:02:53,600 --> 01:02:56,000 We are also going to be talking about cryptography 1602 01:02:56,000 --> 01:02:58,700 where we talk about different cryptography key ciphers. 1603 01:02:58,700 --> 01:03:01,580 We're going to deal with web encryption to SSL 1604 01:03:01,580 --> 01:03:05,100 and And TLS we are also going to talk about certificates 1605 01:03:05,100 --> 01:03:06,982 and the creation of certificates 1606 01:03:06,982 --> 01:03:08,191 and how they actually 1607 01:03:08,191 --> 01:03:11,300 operate we will also talk about public key cryptography 1608 01:03:11,300 --> 01:03:14,700 and we are also scanning an enumeration so nmap 1609 01:03:14,700 --> 01:03:16,846 and dealing with Windows servers 1610 01:03:16,846 --> 01:03:20,200 and using SNMP and ldap and all that sort of stuff. 1611 01:03:20,200 --> 01:03:22,500 Then we're going to be talking about penetration 1612 01:03:22,500 --> 01:03:24,277 where we deal with different ways 1613 01:03:24,277 --> 01:03:27,600 of getting into systems and also go over using Metasploit, 1614 01:03:27,600 --> 01:03:29,500 which is an exploit framework, 1615 01:03:29,500 --> 01:03:33,000 and we're going to talk about how to Use Metasploit 1616 01:03:33,000 --> 01:03:34,700 and you actually get in the systems 1617 01:03:34,700 --> 01:03:36,300 and make use of the exploits 1618 01:03:36,300 --> 01:03:39,947 that they have then we're going to talk about malware's viruses 1619 01:03:39,947 --> 01:03:43,000 and worms and rootkits and all of that sort of stuff. 1620 01:03:43,000 --> 01:03:45,300 We're going to take a look at the different pieces 1621 01:03:45,300 --> 01:03:47,900 of malware and how you would pull that apart 1622 01:03:47,900 --> 01:03:49,218 in order to understand 1623 01:03:49,218 --> 01:03:50,811 what is doing and potentially 1624 01:03:50,811 --> 01:03:54,400 make use of that malware during an ethical hacking engagement. 1625 01:03:54,400 --> 01:03:56,800 Then we're going to talk about different types of denial 1626 01:03:56,800 --> 01:03:58,800 of service attacks or dos attacks 1627 01:03:58,800 --> 01:04:01,100 and the difference between a denial-of-service 1628 01:04:01,100 --> 01:04:03,617 attack and Distributed denial-of-service attack, 1629 01:04:03,617 --> 01:04:05,500 and there is a difference there. 1630 01:04:05,500 --> 01:04:08,000 So we're going to go over this docks now. 1631 01:04:08,000 --> 01:04:10,600 We're also going to go over web application hacking 1632 01:04:10,600 --> 01:04:11,700 and the types of tools 1633 01:04:11,700 --> 01:04:12,996 that you would use during 1634 01:04:12,996 --> 01:04:15,900 web application hacking and the different vulnerabilities 1635 01:04:15,900 --> 01:04:17,500 that web applications have 1636 01:04:17,500 --> 01:04:19,300 and how to make use of these exploits 1637 01:04:19,300 --> 01:04:20,600 and those vulnerabilities. 1638 01:04:20,600 --> 01:04:22,800 We're going to talk about Wireless networking 1639 01:04:23,000 --> 01:04:24,800 how to probe wireless networks 1640 01:04:25,000 --> 01:04:26,600 what wireless networks are doing 1641 01:04:26,600 --> 01:04:28,600 and how to secure wireless networks. 1642 01:04:28,600 --> 01:04:29,855 We're also going to talk 1643 01:04:29,855 --> 01:04:31,963 about a little bit about detection vation. 1644 01:04:31,963 --> 01:04:33,303 And to be honest with you, 1645 01:04:33,303 --> 01:04:35,716 the direction of Asian kind of comes up in a lot 1646 01:04:35,716 --> 01:04:38,329 of different areas through the many of the topics 1647 01:04:38,329 --> 01:04:39,100 that were also 1648 01:04:39,100 --> 01:04:41,860 going to talk about programming programming tax 1649 01:04:41,860 --> 01:04:45,100 and how to protect oneself against programming attacks. 1650 01:04:45,200 --> 01:04:45,800 Okay. 1651 01:04:45,800 --> 01:04:48,100 So that was the number of topics 1652 01:04:48,100 --> 01:04:51,000 that we are actually going to cover through this video. 1653 01:04:51,000 --> 01:04:51,900 Now the approach 1654 01:04:51,900 --> 01:04:54,700 that I'm going to be taking in the series of videos 1655 01:04:54,700 --> 01:04:55,971 is whenever possible. 1656 01:04:55,971 --> 01:04:59,000 We're going to be going to use a Hands-On approach. 1657 01:04:59,000 --> 01:05:02,500 So we're going to show you the actual All tools I'm going 1658 01:05:02,500 --> 01:05:06,293 to make use of and the tools to do some sort of demonstration 1659 01:05:06,293 --> 01:05:08,000 and how they actually work. 1660 01:05:08,000 --> 01:05:09,353 I am a big believer 1661 01:05:09,353 --> 01:05:13,700 in getting your hands dirty as the best way to learn anything. 1662 01:05:13,800 --> 01:05:16,400 So as we go through the series of videos, 1663 01:05:16,400 --> 01:05:19,063 I strongly encourage you to get access to the tools 1664 01:05:19,063 --> 01:05:21,300 that I'm going to be demonstrating wherever 1665 01:05:21,300 --> 01:05:24,334 possible and dig in and get your hands dirty along with me 1666 01:05:24,334 --> 01:05:25,414 and there are places 1667 01:05:25,414 --> 01:05:28,600 where we're going to be going over some theoretical material 1668 01:05:28,600 --> 01:05:30,900 and I'm not a big fan of PowerPoint slides, 1669 01:05:30,900 --> 01:05:33,000 but That are necessary evil 1670 01:05:33,000 --> 01:05:35,640 and order to convey certain types of information. 1671 01:05:35,640 --> 01:05:38,500 So wherever possible I'm going to minimize their use, 1672 01:05:38,500 --> 01:05:40,129 but you will run across places 1673 01:05:40,129 --> 01:05:43,938 where they're just a necessity and we're going to have to go 1674 01:05:43,938 --> 01:05:45,100 through some slides 1675 01:05:45,100 --> 01:05:47,500 where in order to get some particular points 1676 01:05:47,500 --> 01:05:50,300 across they are primarily of a theoretical nature. 1677 01:05:50,300 --> 01:05:52,300 So that's the process that we will be taking 1678 01:05:52,300 --> 01:05:54,911 through this video and I hope you have fun 1679 01:05:54,911 --> 01:05:56,200 as you go along the way. 1680 01:05:56,300 --> 01:05:57,100 Okay. 1681 01:05:57,100 --> 01:05:59,525 So let's begin now the first topic 1682 01:05:59,525 --> 01:06:03,300 that we're going to tackle is what What is hacking? 1683 01:06:03,300 --> 01:06:06,800 Okay, so let us take a trip 1684 01:06:06,800 --> 01:06:09,200 to the early days of hacking the start 1685 01:06:09,200 --> 01:06:12,100 with now the internet engineering task force 1686 01:06:12,100 --> 01:06:15,943 is responsible for maintaining documentation about protocols 1687 01:06:15,943 --> 01:06:19,300 and very specification and processes and procedures 1688 01:06:19,300 --> 01:06:21,000 regarding anything on the internet. 1689 01:06:21,000 --> 01:06:24,800 They have a series of documents called the request for comments 1690 01:06:24,800 --> 01:06:28,164 or the rfc's and according to RFC one three eight nine. 1691 01:06:28,164 --> 01:06:29,983 It says a hacker is a person 1692 01:06:29,983 --> 01:06:33,100 who Delights in having and Intimate understanding 1693 01:06:33,100 --> 01:06:36,400 of the internal workings of a system computers 1694 01:06:36,400 --> 01:06:37,758 and computer networks 1695 01:06:37,758 --> 01:06:40,411 in particular while the expression hackers 1696 01:06:40,411 --> 01:06:41,900 may go back a long time 1697 01:06:41,900 --> 01:06:45,400 and have many different connotations are definitions. 1698 01:06:45,400 --> 01:06:46,400 As far as computers. 1699 01:06:46,400 --> 01:06:46,700 Go. 1700 01:06:46,700 --> 01:06:48,900 Some of the earliest hackers were members 1701 01:06:48,900 --> 01:06:50,743 of the tech Model Railroad Club 1702 01:06:50,743 --> 01:06:53,300 at the Massachusetts Institute of Technology 1703 01:06:53,300 --> 01:06:56,145 and what those people did and the various things 1704 01:06:56,145 --> 01:06:59,900 that they did and were involved in a detailed and Steven Levy's 1705 01:06:59,900 --> 01:07:02,800 book called hackers for Our purposes now 1706 01:07:02,800 --> 01:07:04,500 for our purposes would be talking 1707 01:07:04,500 --> 01:07:06,284 about other types of hackers. 1708 01:07:06,284 --> 01:07:08,848 Although the spirit of what we do goes back 1709 01:07:08,848 --> 01:07:10,148 to those early days. 1710 01:07:10,148 --> 01:07:12,100 Now, the definition of hacking 1711 01:07:12,100 --> 01:07:15,457 or hackers has changed particularly in the 1980s 1712 01:07:15,457 --> 01:07:18,600 and in part as a result of a couple of people 1713 01:07:18,600 --> 01:07:21,600 namely Robert T Morris who was a Cornell graduate 1714 01:07:21,600 --> 01:07:23,200 who Unleashed a piece of software 1715 01:07:23,200 --> 01:07:26,418 that was called a worm on what was an early version 1716 01:07:26,418 --> 01:07:29,800 of the internet Forum went on to cause a lot of damage 1717 01:07:29,800 --> 01:07:33,300 and create a lot of downtime on Systems across the country 1718 01:07:33,300 --> 01:07:34,602 and across the world. 1719 01:07:34,602 --> 01:07:38,200 Now the Morris worm did end up resulting in something good. 1720 01:07:38,200 --> 01:07:41,300 However, that is computer Emergency Response Team 1721 01:07:41,300 --> 01:07:43,900 at Carnegie Mellon was created primarily 1722 01:07:43,900 --> 01:07:45,400 in response to the mall swarm. 1723 01:07:45,700 --> 01:07:48,700 Now, there's also Kevin mitnick was another well-known hacker 1724 01:07:48,700 --> 01:07:50,881 who was responsible for various acts 1725 01:07:50,881 --> 01:07:53,500 of computer crime over a couple of decades. 1726 01:07:53,500 --> 01:07:56,100 He was the first convicted in 1988. 1727 01:07:56,100 --> 01:07:59,400 So the definition of hacker or hacking move from something 1728 01:07:59,400 --> 01:08:01,900 benign to something far more sinister. 1729 01:08:01,900 --> 01:08:03,567 In popular culture now, 1730 01:08:03,567 --> 01:08:07,700 we see hacking or hackers in all sorts of popular culture. 1731 01:08:07,700 --> 01:08:10,533 We've seen them in hacker movies 1732 01:08:10,533 --> 01:08:13,533 called War Games also the movie hackers. 1733 01:08:13,533 --> 01:08:14,180 Of course. 1734 01:08:14,180 --> 01:08:17,301 You also see in The Matrix movies where you can see 1735 01:08:17,301 --> 01:08:19,007 if you look really closely 1736 01:08:19,008 --> 01:08:21,500 that they are using a tool called nmap, 1737 01:08:21,500 --> 01:08:25,600 which we will get into the use of in great detail later on 1738 01:08:25,600 --> 01:08:26,800 as we go on now. 1739 01:08:26,800 --> 01:08:29,866 It's the movie sneakers and the movie SWAT fish 1740 01:08:29,866 --> 01:08:31,051 and on television 1741 01:08:31,051 --> 01:08:34,294 in other Into other places you can see the agents 1742 01:08:34,295 --> 01:08:37,200 at NCIS regularly doing things like cracking 1743 01:08:37,200 --> 01:08:41,100 complex cryptography in just a matter of seconds or minutes. 1744 01:08:41,100 --> 01:08:43,000 So what is hacking really 1745 01:08:43,000 --> 01:08:45,667 well hacking is about a deep understanding 1746 01:08:45,667 --> 01:08:47,226 of something particularly 1747 01:08:47,227 --> 01:08:49,700 with relation to computers and Computing. 1748 01:08:49,700 --> 01:08:53,200 It's also about exploring and the joy of learning new things 1749 01:08:53,200 --> 01:08:55,200 and understanding them very clearly 1750 01:08:55,200 --> 01:08:57,718 and being able to manipulate those things in ways 1751 01:08:57,718 --> 01:09:00,252 that maybe other people haven't before it's all 1752 01:09:00,252 --> 01:09:01,899 about digging into problems. 1753 01:09:01,899 --> 01:09:05,016 To find out Solutions in creative and interesting ways 1754 01:09:05,017 --> 01:09:06,817 and sometimes finding problems 1755 01:09:06,817 --> 01:09:09,098 where there weren't problems previously 1756 01:09:09,098 --> 01:09:11,800 and that's a little bit about what is hacking. 1757 01:09:11,814 --> 01:09:12,199 Okay. 1758 01:09:12,200 --> 01:09:15,716 So now that we have talked about what exactly is hacking 1759 01:09:15,716 --> 01:09:16,928 and how the meaning 1760 01:09:16,928 --> 01:09:20,091 and conditions of that word has changed over time 1761 01:09:20,091 --> 01:09:22,899 how it came into existence how it was coined. 1762 01:09:22,899 --> 01:09:26,699 Let's go over the reasons that people normally hack. 1763 01:09:26,700 --> 01:09:28,859 Now you may want to hack just for fun 1764 01:09:28,859 --> 01:09:31,762 as discussed previously hacking is a tradition. 1765 01:09:31,763 --> 01:09:33,538 It goes back several decades 1766 01:09:33,538 --> 01:09:36,899 at MIT even preceding the computer too late definition 1767 01:09:36,899 --> 01:09:41,599 of hacking now MIT has a long and storied history of hacking 1768 01:09:41,600 --> 01:09:43,955 and sometimes have a computer to lated nature 1769 01:09:43,955 --> 01:09:46,073 which in this case happens to be true 1770 01:09:46,073 --> 01:09:47,100 and sometimes a fan 1771 01:09:47,100 --> 01:09:49,198 on computer-related nature instance. 1772 01:09:49,198 --> 01:09:50,399 Now here you can see 1773 01:09:50,399 --> 01:09:53,185 that MIT is home page has been hacked 1774 01:09:53,185 --> 01:09:56,124 or you might even say the faced indicate 1775 01:09:56,124 --> 01:09:58,376 that Disney is buying a mighty. 1776 01:09:58,376 --> 01:10:01,500 This was an April Fool's Day prank and 1998. 1777 01:10:01,500 --> 01:10:01,900 Eight. 1778 01:10:01,900 --> 01:10:04,370 And again, this is just the kind of hacking 1779 01:10:04,370 --> 01:10:05,800 that it would do for fun. 1780 01:10:05,800 --> 01:10:06,300 Rather. 1781 01:10:06,300 --> 01:10:06,500 Now. 1782 01:10:06,500 --> 01:10:09,743 Sometimes you might want to hack just to prove 1783 01:10:09,743 --> 01:10:13,996 a political point or any point for that matter in this case. 1784 01:10:13,996 --> 01:10:17,600 Again, Bill Gates had donated some money to the MIT 1785 01:10:17,600 --> 01:10:19,600 which allowed them to have a new building 1786 01:10:19,700 --> 01:10:22,118 and he was coming to MIT to visit 1787 01:10:22,118 --> 01:10:24,920 and give a talk about Microsoft Windows 1788 01:10:24,920 --> 01:10:26,100 and its systems. 1789 01:10:26,100 --> 01:10:30,100 And as you can see the the Windows systems are installed 1790 01:10:30,100 --> 01:10:31,800 in the entryway at the 1791 01:10:31,900 --> 01:10:35,800 Or hacked to be running Linux instead and you can see here. 1792 01:10:35,800 --> 01:10:36,507 That ducks. 1793 01:10:36,507 --> 01:10:38,339 The penguin is saying welcome 1794 01:10:38,339 --> 01:10:41,000 to the William Edge Gates Building again that 1795 01:10:41,000 --> 01:10:42,500 some students who decided 1796 01:10:42,500 --> 01:10:45,612 that they wanted to make a point about Linux and Microsoft 1797 01:10:45,612 --> 01:10:47,121 and windows to Bill Gates 1798 01:10:47,121 --> 01:10:50,500 and they thought hacking was the best way to go about it. 1799 01:10:50,500 --> 01:10:53,500 Sometimes you have just for the challenge. 1800 01:10:53,500 --> 01:10:55,600 Here's an example again at MIT 1801 01:10:55,600 --> 01:10:58,700 where some students turned the facade of a building 1802 01:10:58,700 --> 01:11:00,400 into a Tetris game board. 1803 01:11:00,400 --> 01:11:03,300 Now, this was a reasonably difficult hack 1804 01:11:03,300 --> 01:11:04,700 and the students went 1805 01:11:04,700 --> 01:11:08,259 after it just for the challenge of completing it and it just 1806 01:11:08,259 --> 01:11:10,700 so they could have some pride of ownership 1807 01:11:10,700 --> 01:11:11,879 and to be able to say 1808 01:11:11,879 --> 01:11:13,899 that they were able to pull this off, 1809 01:11:13,899 --> 01:11:16,782 you know, the things that teenagers do to show off 1810 01:11:16,782 --> 01:11:17,900 to other teenagers. 1811 01:11:17,900 --> 01:11:19,664 It just increases with increase 1812 01:11:19,664 --> 01:11:22,027 in scale now in spite of its difficulties 1813 01:11:22,027 --> 01:11:25,086 and its challenges and all the obstacles and planning 1814 01:11:25,086 --> 01:11:26,526 that have to go into it. 1815 01:11:26,526 --> 01:11:28,263 They were able to pull it off 1816 01:11:28,263 --> 01:11:30,600 and now they have those bragging rights. 1817 01:11:30,600 --> 01:11:33,481 So that was one Them and one of the instances 1818 01:11:33,481 --> 01:11:35,446 where somebody would hack just 1819 01:11:35,446 --> 01:11:38,000 for the challenge and for the fun of it. 1820 01:11:38,000 --> 01:11:41,400 Now, sometimes you want to hack to prevent theft 1821 01:11:41,400 --> 01:11:42,924 and this is where we get 1822 01:11:42,924 --> 01:11:46,100 more specifically in the computer-related hackings. 1823 01:11:46,100 --> 01:11:49,134 You see a lot of Articles and stories in the news 1824 01:11:49,134 --> 01:11:51,600 over the last few years about cybercrime 1825 01:11:51,600 --> 01:11:54,600 and here is an example of data theft compromised 1826 01:11:54,800 --> 01:11:57,086 and a few than one-and-a-half million cards 1827 01:11:57,086 --> 01:11:58,311 for Global claimants. 1828 01:11:58,311 --> 01:11:59,899 So there are some attackers 1829 01:11:59,899 --> 01:12:02,000 who got into this company global payment 1830 01:12:02,000 --> 01:12:04,800 and they were able to pull out about a million and a half 1831 01:12:04,800 --> 01:12:07,339 credit card numbers during the intrusion there. 1832 01:12:07,339 --> 01:12:10,100 So what you may want to do is you may want to learn 1833 01:12:10,100 --> 01:12:13,000 how to hack in order to find these holes 1834 01:12:13,000 --> 01:12:16,900 in your systems or applications or employer systems 1835 01:12:16,900 --> 01:12:19,900 so that you can fix these holes and prevent these compromises 1836 01:12:19,900 --> 01:12:22,332 from happening because of the reputation of hit 1837 01:12:22,332 --> 01:12:23,588 that your company takes 1838 01:12:23,588 --> 01:12:25,500 where were things like these happen. 1839 01:12:25,500 --> 01:12:28,800 You have the risk of completely running out of business. 1840 01:12:28,800 --> 01:12:32,139 So just to protect our job to protect Company 1841 01:12:32,139 --> 01:12:35,100 and protect your own desire of business. 1842 01:12:35,100 --> 01:12:36,835 You may just want to learn to hack 1843 01:12:36,835 --> 01:12:38,600 and that's a very good reason. 1844 01:12:38,600 --> 01:12:41,305 Now, you may also want to find all the problems 1845 01:12:41,305 --> 01:12:42,664 that exist in your system 1846 01:12:42,664 --> 01:12:44,728 for putting them out and deploying them 1847 01:12:44,728 --> 01:12:47,500 so that you can keep these attackers from getting in 1848 01:12:47,500 --> 01:12:50,297 and stealing critical or sensitive information. 1849 01:12:50,297 --> 01:12:53,979 Sometimes you may want to hack to get there before the bad guys 1850 01:12:53,979 --> 01:12:56,429 and the same sort of idea is the last one 1851 01:12:56,429 --> 01:12:59,576 where we're just going to talk about and it exactly is 1852 01:12:59,576 --> 01:13:00,700 ethical hacking now. 1853 01:13:00,700 --> 01:13:03,225 We were just talking Talking about how sometimes 1854 01:13:03,225 --> 01:13:04,300 you may want to hack 1855 01:13:04,300 --> 01:13:05,300 into your own system 1856 01:13:05,300 --> 01:13:07,200 before publishing it out to the public. 1857 01:13:07,200 --> 01:13:09,000 Let's take Internet Explorer. 1858 01:13:09,000 --> 01:13:09,818 For example. 1859 01:13:09,818 --> 01:13:13,515 Now Internet Explorer was actually published the public 1860 01:13:13,515 --> 01:13:15,966 with some critical error in the code. 1861 01:13:15,966 --> 01:13:19,099 And these flaws were heavily exploited by people 1862 01:13:19,099 --> 01:13:20,700 who actually found them. 1863 01:13:20,700 --> 01:13:23,300 Now a number of people in the world go out looking 1864 01:13:23,300 --> 01:13:24,215 for these flaws 1865 01:13:24,215 --> 01:13:26,900 and they call themselves security researchers 1866 01:13:26,900 --> 01:13:28,900 and they get in touch with the vendors 1867 01:13:28,900 --> 01:13:31,572 after they found a flaw or a bug and work. 1868 01:13:31,572 --> 01:13:33,300 The vendors to get it fixed 1869 01:13:33,300 --> 01:13:36,000 what they end up with is a bit of reputation. 1870 01:13:36,000 --> 01:13:37,623 They get a name for themselves 1871 01:13:37,623 --> 01:13:41,000 and that name recognition may end up getting them a job 1872 01:13:41,000 --> 01:13:43,800 or some speaking engagements or book deal 1873 01:13:43,800 --> 01:13:46,400 or any number of ways that you could cash in 1874 01:13:46,400 --> 01:13:50,096 on some name recognition from finding the sort of bugs 1875 01:13:50,096 --> 01:13:51,700 and getting them fixed. 1876 01:13:51,700 --> 01:13:54,288 If you want to get there before the bad guys. 1877 01:13:54,288 --> 01:13:56,652 You may think you're helping out a vendor. 1878 01:13:56,652 --> 01:13:59,300 You may want to just make a name for yourself. 1879 01:13:59,300 --> 01:14:01,100 If you want to find these sort of bugs 1880 01:14:01,100 --> 01:14:02,200 before the bad guys do 1881 01:14:02,200 --> 01:14:04,092 because think about the bad guys 1882 01:14:04,092 --> 01:14:06,506 finding then is they don't announce them 1883 01:14:06,506 --> 01:14:08,300 and they don't get them fixed 1884 01:14:08,300 --> 01:14:11,100 and that makes everybody a little less secure. 1885 01:14:11,100 --> 01:14:13,369 Finally may want to protect yourself 1886 01:14:13,369 --> 01:14:17,000 from hacked computer companies and fight cyber criminals, 1887 01:14:17,000 --> 01:14:19,800 and this is new headline from June 18 2012, 1888 01:14:19,800 --> 01:14:21,686 and we're starting to see these sort 1889 01:14:21,686 --> 01:14:22,992 of news headlines show up 1890 01:14:22,992 --> 01:14:25,980 as companies are starting to retaliate against attackers 1891 01:14:25,980 --> 01:14:28,100 in order to retaliate against attackers. 1892 01:14:28,100 --> 01:14:30,465 Now in order to retaliate against Dockers, 1893 01:14:30,465 --> 01:14:32,441 you need to be able to The same sort 1894 01:14:32,441 --> 01:14:35,900 of skills and techniques and knowledge and experience 1895 01:14:35,900 --> 01:14:37,478 that those attackers have 1896 01:14:37,478 --> 01:14:40,700 and where your company may want you to learn to hack 1897 01:14:40,700 --> 01:14:43,169 or the company may want to bring in people 1898 01:14:43,169 --> 01:14:45,700 who are skilled at these sort of activities 1899 01:14:45,700 --> 01:14:47,871 so that they can attack the Dockers 1900 01:14:47,871 --> 01:14:51,000 and hopefully you end up with more Steely exterior 1901 01:14:51,000 --> 01:14:53,600 and you get a reputation for not being a company 1902 01:14:53,600 --> 01:14:57,071 that people wanted to go after those are several reasons. 1903 01:14:57,071 --> 01:14:58,071 And there you go. 1904 01:14:58,071 --> 01:14:59,542 I gave you around a bunch 1905 01:14:59,542 --> 01:15:01,800 of reasons as to why you may want to hack. 1906 01:15:01,800 --> 01:15:06,239 Back for fun prove a point take yourself to protect the company 1907 01:15:06,239 --> 01:15:08,100 to not run out of business 1908 01:15:08,100 --> 01:15:10,900 and along with another bunch of reasons. 1909 01:15:10,900 --> 01:15:11,243 Okay. 1910 01:15:11,243 --> 01:15:15,300 So now that we have talked about why you would want to hack. 1911 01:15:15,300 --> 01:15:18,100 Let's move on to the types of hackers that exist. 1912 01:15:18,100 --> 01:15:20,544 Now we're going to be talking about the different types 1913 01:15:20,544 --> 01:15:22,494 of hacking and the first step of Hawking 1914 01:15:22,494 --> 01:15:24,562 that I want to discuss is ethical hacking 1915 01:15:24,562 --> 01:15:25,562 and ethical hackers, 1916 01:15:25,562 --> 01:15:26,300 which is really 1917 01:15:26,300 --> 01:15:28,500 what we're going to be talking about for the rest 1918 01:15:28,500 --> 01:15:31,800 of these lessons now an ethical hacker is Buddy 1919 01:15:31,800 --> 01:15:34,000 who thinks like a black hat hacker 1920 01:15:34,000 --> 01:15:35,474 or things like somebody 1921 01:15:35,474 --> 01:15:38,100 who is intent on breaking into your systems 1922 01:15:38,100 --> 01:15:39,780 but follows a moral compass 1923 01:15:39,780 --> 01:15:42,580 that's more in line with probably the majority 1924 01:15:42,580 --> 01:15:43,700 of the population. 1925 01:15:43,700 --> 01:15:47,200 So their intent isn't to do bad things their intent 1926 01:15:47,200 --> 01:15:49,700 is look for bad things and get them fixed. 1927 01:15:49,700 --> 01:15:53,352 So that bad things don't happen ethical hackers aren't out 1928 01:15:53,352 --> 01:15:55,588 to destroy anything and they're not out 1929 01:15:55,588 --> 01:15:56,600 the break anything 1930 01:15:56,600 --> 01:15:59,240 unless it's deemed to be acceptable as a part 1931 01:15:59,240 --> 01:16:01,400 of the engagement and also necessary. 1932 01:16:01,400 --> 01:16:04,400 And in order to demonstrate a particular vulnerability 1933 01:16:04,400 --> 01:16:07,300 to the organization that they're working with so 1934 01:16:07,300 --> 01:16:08,500 that's an ethical hacker 1935 01:16:08,500 --> 01:16:10,128 and there's a certification 1936 01:16:10,128 --> 01:16:12,300 that's available from the ec-council. 1937 01:16:12,300 --> 01:16:14,800 It's a certified ethical hacker and you know, 1938 01:16:14,800 --> 01:16:16,800 if you find certifications valuable 1939 01:16:16,900 --> 01:16:19,300 and this sort of thing is what do you want to do? 1940 01:16:19,300 --> 01:16:21,700 We're seeing a set of certified ethical hacker 1941 01:16:21,700 --> 01:16:24,603 may be something you might want to look into now. 1942 01:16:24,603 --> 01:16:26,588 Let's talk about black hat hacker. 1943 01:16:26,588 --> 01:16:29,315 There's a plenty of cases of black hat hackers 1944 01:16:29,315 --> 01:16:31,739 through yours and let's talk about a guy. 1945 01:16:31,739 --> 01:16:33,800 In particular called Kevin mitnick. 1946 01:16:33,800 --> 01:16:36,114 This guy right here is a particularly 1947 01:16:36,114 --> 01:16:37,492 good example probably 1948 01:16:37,492 --> 01:16:40,985 because he was a black hat hacker for a lot of us years. 1949 01:16:40,985 --> 01:16:43,400 His goal was to cause mischief to steal 1950 01:16:43,400 --> 01:16:46,400 where necessary and just to be engaged in the lifestyle 1951 01:16:46,400 --> 01:16:47,400 of being a hacker 1952 01:16:47,400 --> 01:16:49,000 and doing whatever was necessary 1953 01:16:49,000 --> 01:16:51,515 to continue doing whatever it craw doing 1954 01:16:51,515 --> 01:16:54,346 whatever he was doing it cross moral boundaries 1955 01:16:54,346 --> 01:16:55,700 or ethical boundaries. 1956 01:16:55,700 --> 01:16:59,363 And so Kevin mitnick here was involved for well over a decade 1957 01:16:59,363 --> 01:17:00,462 and computer crime 1958 01:17:00,462 --> 01:17:02,600 and was finally picked up by the FBI 1959 01:17:02,600 --> 01:17:03,500 and he was charged 1960 01:17:03,500 --> 01:17:06,123 and prosecuted and he was eventually convicted 1961 01:17:06,123 --> 01:17:09,300 of some of the activities that he was involved with now 1962 01:17:09,300 --> 01:17:12,900 you may be able to argue that Kevin is a gray hat hacker 1963 01:17:12,900 --> 01:17:16,100 and as well and a gray hat hacker is somebody 1964 01:17:16,100 --> 01:17:17,140 who kind of skirts 1965 01:17:17,140 --> 01:17:19,700 the line between black and white hat Hawking 1966 01:17:19,700 --> 01:17:21,673 and white had Hawking is really what 1967 01:17:21,673 --> 01:17:25,154 an ethical hacker is so instead of saying ethical hacker. 1968 01:17:25,154 --> 01:17:26,990 You could say white hat hacker. 1969 01:17:26,990 --> 01:17:28,111 It's the same idea 1970 01:17:28,111 --> 01:17:31,100 of white hat hacker is somebody who acts for good 1971 01:17:31,100 --> 01:17:33,200 if you Think of it like that 1972 01:17:33,200 --> 01:17:36,000 if you want to think of it as a good versus evil 1973 01:17:36,000 --> 01:17:38,500 and what they're really doing is they're in it 1974 01:17:38,500 --> 01:17:39,900 for the technical challenge. 1975 01:17:39,900 --> 01:17:42,600 They're looking to make things better make things 1976 01:17:42,600 --> 01:17:45,900 more efficient improve them in some way on the other hand. 1977 01:17:45,900 --> 01:17:49,500 The black hat hacker is out for the money for the thrill. 1978 01:17:49,500 --> 01:17:51,205 It's really criminal activity 1979 01:17:51,205 --> 01:17:53,935 and a gray hat hacker is somebody who may employ 1980 01:17:53,935 --> 01:17:56,700 the tactics and technique of a black hat hacker, 1981 01:17:56,700 --> 01:17:58,700 but have sort of a white hat 1982 01:17:58,700 --> 01:18:01,900 focus in other words they're going to do Do things 1983 01:18:01,900 --> 01:18:04,600 that may be malicious and destructive in nature, 1984 01:18:04,600 --> 01:18:06,800 but the reason they're doing it is to improve 1985 01:18:06,800 --> 01:18:08,831 the security posture of an organization 1986 01:18:08,831 --> 01:18:09,900 that they're working 1987 01:18:09,900 --> 01:18:11,200 with so you can see 1988 01:18:11,200 --> 01:18:14,083 there's actually a book called gray hat hacking. 1989 01:18:14,083 --> 01:18:16,840 It's a pretty good book and it details a lot 1990 01:18:16,840 --> 01:18:18,700 of the tactics and strategies 1991 01:18:18,700 --> 01:18:22,352 and techniques will be going over in subsequent lessons 1992 01:18:22,352 --> 01:18:23,300 in this video. 1993 01:18:23,300 --> 01:18:25,095 Now one other type of hacking 1994 01:18:25,095 --> 01:18:28,400 that I want to talk about is a thing called hacktivism 1995 01:18:28,400 --> 01:18:31,200 and you'll find hacktivism all over the place 1996 01:18:31,200 --> 01:18:33,151 and Example in the last year 1997 01:18:33,151 --> 01:18:37,400 or so and certainly in recent memory is called loves security. 1998 01:18:37,400 --> 01:18:38,795 Yeah, you heard that right? 1999 01:18:38,795 --> 01:18:41,342 It's called loves security and you can argue 2000 01:18:41,342 --> 01:18:43,911 that lulls is actually a response to another type 2001 01:18:43,911 --> 01:18:46,500 of activism and organization called Anonymous 2002 01:18:46,500 --> 01:18:48,000 started hacking companies 2003 01:18:48,000 --> 01:18:51,000 like Sony to protest their involvement in a lawsuit 2004 01:18:51,000 --> 01:18:54,112 regarding a PlayStation 3 hacker now allow security 2005 01:18:54,112 --> 01:18:57,092 was supposedly testing the treatment of anonymous 2006 01:18:57,092 --> 01:19:00,000 or was hacking in support of this group Anonymous, 2007 01:19:00,000 --> 01:19:01,300 so they hacked number. 2008 01:19:01,300 --> 01:19:04,600 Of companies and the things like pulled information usernames 2009 01:19:04,600 --> 01:19:08,000 and passwords from the databases at these companies and they said 2010 01:19:08,000 --> 01:19:10,500 that the reason was to shine a light on the security 2011 01:19:10,500 --> 01:19:11,400 of these companies 2012 01:19:11,400 --> 01:19:14,311 and also theoretically embarrassed the companies 2013 01:19:14,311 --> 01:19:16,700 with their weak or poor security postures 2014 01:19:16,700 --> 01:19:18,147 and the problem with that 2015 01:19:18,147 --> 01:19:21,500 that they were doing this through were posting information 2016 01:19:21,500 --> 01:19:22,899 that they had found online 2017 01:19:22,900 --> 01:19:25,156 and that information often included details 2018 01:19:25,156 --> 01:19:27,704 about customers for these particular corporations. 2019 01:19:27,704 --> 01:19:30,040 And for an ethical hacker a white hat hacker 2020 01:19:30,040 --> 01:19:31,600 that would cross the boundary. 2021 01:19:31,600 --> 01:19:32,400 Of causing harm. 2022 01:19:32,500 --> 01:19:33,701 So there's no reason 2023 01:19:33,701 --> 01:19:36,407 for me as an ethical hacker to post information 2024 01:19:36,407 --> 01:19:38,325 in a public forum about somebody 2025 01:19:38,325 --> 01:19:40,619 because I could be doing damage to them. 2026 01:19:40,619 --> 01:19:44,000 But in this case law security and Anonymous specifically lot 2027 01:19:44,000 --> 01:19:46,500 of security were engaged in the form of hacktivism 2028 01:19:46,500 --> 01:19:48,870 and what they were doing was not only damaging 2029 01:19:48,870 --> 01:19:49,823 to the corporation 2030 01:19:49,823 --> 01:19:51,588 that certainly was detrimental 2031 01:19:51,588 --> 01:19:54,176 to those people so different types of hackers 2032 01:19:54,176 --> 01:19:56,400 and different types of hacking we've got 2033 01:19:56,400 --> 01:19:58,100 ethical or white hat hacking. 2034 01:19:58,100 --> 01:20:01,800 You've got black hat gray hat and then we finally got Mmm, 2035 01:20:01,800 --> 01:20:02,800 it's really the goal 2036 01:20:02,800 --> 01:20:05,500 and the means that vary from one to the other. 2037 01:20:05,500 --> 01:20:05,802 Okay. 2038 01:20:05,802 --> 01:20:08,700 So now that we've discussed the types of hackers. 2039 01:20:08,700 --> 01:20:11,508 Let's also discuss the skills necessary to become one. 2040 01:20:11,508 --> 01:20:13,023 So what we're going to discuss 2041 01:20:13,023 --> 01:20:14,833 in this part are the different skills 2042 01:20:14,833 --> 01:20:15,688 that are required 2043 01:20:15,688 --> 01:20:17,862 or will be learned as a part of this video. 2044 01:20:17,862 --> 01:20:18,862 So initially just 2045 01:20:18,862 --> 01:20:21,496 for basic Computing you need a basic understanding 2046 01:20:21,496 --> 01:20:23,700 of operating systems and how to work them. 2047 01:20:23,700 --> 01:20:26,300 There are going to be several fundamental types of tasks 2048 01:20:26,300 --> 01:20:28,829 that I won't be going into any detail at all 2049 01:20:28,829 --> 01:20:31,329 or and you need to know how to run programs. 2050 01:20:31,329 --> 01:20:33,800 And do things like open up a command prompt 2051 01:20:33,800 --> 01:20:36,557 without me walking you through and how to do that. 2052 01:20:36,557 --> 01:20:37,600 So I am going to assume 2053 01:20:37,600 --> 01:20:40,100 that you have some basic understanding of how to do 2054 01:20:40,100 --> 01:20:41,202 these sorts of tasks. 2055 01:20:41,202 --> 01:20:44,340 Also, you need an understanding of the basic system software 2056 01:20:44,340 --> 01:20:47,000 and you'll need a basic understanding of how to use 2057 01:20:47,000 --> 01:20:48,300 command line utilities. 2058 01:20:48,300 --> 01:20:50,200 There are a number of tools and programs 2059 01:20:50,200 --> 01:20:52,500 that we're going to be going through this video 2060 01:20:52,500 --> 01:20:54,637 and many of them use the command line now 2061 01:20:54,637 --> 01:20:55,990 whether it's on Windows 2062 01:20:55,990 --> 01:20:58,380 or Linux still need to be familiar with typing 2063 01:20:58,380 --> 01:21:01,093 and being able to run programs from the command line 2064 01:21:01,093 --> 01:21:03,894 and the various command line switches and parameters 2065 01:21:03,894 --> 01:21:05,604 that those programs are types 2066 01:21:05,604 --> 01:21:09,251 of programs are going to use now from a networking perspective. 2067 01:21:09,251 --> 01:21:11,000 You need a basic understanding 2068 01:21:11,000 --> 01:21:13,000 of some simple networking Concepts. 2069 01:21:13,000 --> 01:21:15,400 You need to know what cables are and switches 2070 01:21:15,400 --> 01:21:17,900 and hubs and how systems are networked together. 2071 01:21:17,900 --> 01:21:20,450 You don't really need a deep level of understanding. 2072 01:21:20,450 --> 01:21:22,100 I'll be going through some protocols 2073 01:21:22,100 --> 01:21:23,368 as reasonably deep level 2074 01:21:23,368 --> 01:21:25,090 because I think it's important as 2075 01:21:25,090 --> 01:21:26,900 an ethical hacker to understand 2076 01:21:26,900 --> 01:21:29,000 what's going on at the protocol level 2077 01:21:29,000 --> 01:21:31,600 so that you can know better what you are. 2078 01:21:31,600 --> 01:21:34,225 Going and how to achieve the goals and tasks 2079 01:21:34,225 --> 01:21:37,272 that you have before you so we're going to be going 2080 01:21:37,272 --> 01:21:38,305 over some protocols. 2081 01:21:38,305 --> 01:21:40,600 So just understanding what protocols are 2082 01:21:40,600 --> 01:21:42,000 and how they go together. 2083 01:21:42,000 --> 01:21:43,900 They all sort of things are necessary 2084 01:21:43,900 --> 01:21:45,481 from a networking perspective. 2085 01:21:45,481 --> 01:21:48,668 Now, we're going to also be learning a bunch of life skills. 2086 01:21:48,668 --> 01:21:51,800 Yes, there are some life skills that it's important to have. 2087 01:21:51,800 --> 01:21:54,970 I think the most important one is the ability to accept failure 2088 01:21:54,970 --> 01:21:56,300 and persevere and by that. 2089 01:21:56,300 --> 01:21:59,250 I mean you're going to be just running across several things 2090 01:21:59,250 --> 01:22:01,349 that just don't work the first time around 2091 01:22:01,349 --> 01:22:03,500 and it's going to take a little bit of time 2092 01:22:03,500 --> 01:22:06,645 and stick-to-itiveness to plug away and keep going 2093 01:22:06,645 --> 01:22:08,700 until you get something to work. 2094 01:22:08,700 --> 01:22:11,500 And the way that you get things to work is having 2095 01:22:11,500 --> 01:22:13,300 an ability to problem solve 2096 01:22:13,300 --> 01:22:15,926 and sometimes solving problems requires being 2097 01:22:15,926 --> 01:22:17,000 a little creative. 2098 01:22:17,000 --> 01:22:18,982 Sometimes you need thing out of the box 2099 01:22:18,982 --> 01:22:20,090 and come out a problem 2100 01:22:20,090 --> 01:22:23,040 from a different perspective in order to find a solution 2101 01:22:23,040 --> 01:22:24,700 throughout the course of this video. 2102 01:22:24,700 --> 01:22:27,200 You're going to run across a lot of sticky problems 2103 01:22:27,200 --> 01:22:30,300 through the course of learning about being an ethical hacker 2104 01:22:30,300 --> 01:22:31,600 and just doing the work. 2105 01:22:31,600 --> 01:22:33,228 Because it's not a simple. 2106 01:22:33,228 --> 01:22:37,000 So here's a little recipe for how to do this now go follow 2107 01:22:37,000 --> 01:22:39,976 this recipe every time and you're going to be successful. 2108 01:22:39,976 --> 01:22:41,459 Every situation is different. 2109 01:22:41,459 --> 01:22:42,789 Every system is different. 2110 01:22:42,789 --> 01:22:45,500 You're going to run across some pretty sticky problems 2111 01:22:45,500 --> 01:22:49,000 and you're going to have to just wait and get your hands dirty 2112 01:22:49,000 --> 01:22:51,826 and keep failing and failing and failing and failing 2113 01:22:51,826 --> 01:22:53,533 until you find a way to succeed. 2114 01:22:53,533 --> 01:22:56,200 So I think those skills are very necessary to learn 2115 01:22:56,200 --> 01:22:58,900 how to be an ethical hacker digging through some 2116 01:22:58,900 --> 01:23:01,325 of the material that will be going over in this. 2117 01:23:01,325 --> 01:23:03,700 Yo, as far as what you are going to be learning 2118 01:23:03,700 --> 01:23:06,650 you're going to be learning about how to use a lot of tools. 2119 01:23:06,650 --> 01:23:08,632 You're going to learn networking and by that. 2120 01:23:08,632 --> 01:23:11,200 I mean we're going to be talking about different Protocols 2121 01:23:11,200 --> 01:23:14,100 are evolved involved in networking systems together, 2122 01:23:14,100 --> 01:23:16,641 you're going to learn about security and security 2123 01:23:16,641 --> 01:23:19,729 postures security is the heart and soul of ethical hacking. 2124 01:23:19,729 --> 01:23:21,493 It's why we do ethical hacking 2125 01:23:21,493 --> 01:23:24,100 in order to make systems and networks more secure 2126 01:23:24,100 --> 01:23:25,400 than they were previously. 2127 01:23:25,400 --> 01:23:27,746 That's the goal from a networking perspective. 2128 01:23:27,746 --> 01:23:30,400 We're going to be talking about how to read packets 2129 01:23:30,400 --> 01:23:31,600 from Network captures. 2130 01:23:31,600 --> 01:23:34,800 You're going to be going into TCP IP related protocols 2131 01:23:34,800 --> 01:23:36,330 and fairly significant amount 2132 01:23:36,330 --> 01:23:38,481 of detail and they're going to understand 2133 01:23:38,481 --> 01:23:40,588 how protocols interact with one another. 2134 01:23:40,588 --> 01:23:41,800 So we're going to do all 2135 01:23:41,800 --> 01:23:45,400 that and the reading packets is going to be really important 2136 01:23:45,400 --> 01:23:47,500 and we're going to do a fair amount of that 2137 01:23:47,500 --> 01:23:50,500 in addition to just fundamental approach to learning 2138 01:23:50,500 --> 01:23:52,700 how to read packets in several lessons. 2139 01:23:52,700 --> 01:23:55,300 We're going to read packets as a way of understanding 2140 01:23:55,300 --> 01:23:56,200 the different tools 2141 01:23:56,200 --> 01:23:57,121 that were using 2142 01:23:57,121 --> 01:24:00,560 and how they're going to learn tactics and methodologies 2143 01:24:00,560 --> 01:24:03,100 and you get to learn Learn to use the information 2144 01:24:03,100 --> 01:24:06,000 you've gathered in order to get more information 2145 01:24:06,000 --> 01:24:09,244 and information is really what is this all about? 2146 01:24:09,244 --> 01:24:12,378 You can't do much anything without information 2147 01:24:12,378 --> 01:24:15,923 and sometimes it takes a fair bit of digging in order 2148 01:24:15,923 --> 01:24:17,500 to find that information 2149 01:24:17,500 --> 01:24:20,700 and what you're going to learn is the entry points 2150 01:24:20,700 --> 01:24:23,347 and the Stepping Stones to get the information 2151 01:24:23,347 --> 01:24:24,206 that you need. 2152 01:24:24,206 --> 01:24:26,600 And then once you have that information, 2153 01:24:26,600 --> 01:24:29,472 you're going to be learning about ways to exploit it 2154 01:24:29,472 --> 01:24:31,500 in order to get deeper into the dark. 2155 01:24:31,900 --> 01:24:34,360 You're going to learn security awareness. 2156 01:24:34,360 --> 01:24:37,500 We're going to talk about risk and understanding risks 2157 01:24:37,500 --> 01:24:40,800 and vulnerabilities primarily recognize the difference 2158 01:24:40,800 --> 01:24:42,100 between a vulnerability 2159 01:24:42,100 --> 01:24:44,988 and an exploit and there's a significant difference. 2160 01:24:44,988 --> 01:24:48,525 There is so security awareness and understanding what a risk is 2161 01:24:48,525 --> 01:24:50,300 and how that impacts your Target 2162 01:24:50,300 --> 01:24:51,449 and it's going to be key 2163 01:24:51,449 --> 01:24:53,400 to a lot of things that we talked about. 2164 01:24:53,400 --> 01:24:56,000 So it sounds like a lot we're going to cover a fair bit 2165 01:24:56,000 --> 01:24:58,311 of ground not all of it at a deep level. 2166 01:24:58,311 --> 01:25:00,723 Sometimes we are going to skim the surface 2167 01:25:00,723 --> 01:25:03,400 but there's an an awful lot of material to be cover. 2168 01:25:03,400 --> 01:25:04,400 So let's get started 2169 01:25:04,400 --> 01:25:07,400 into talking about the different skills are required 2170 01:25:07,400 --> 01:25:10,307 or will be learned as a part of the series of video. 2171 01:25:10,307 --> 01:25:12,660 So initially just for basic Computing you 2172 01:25:12,660 --> 01:25:15,400 need a basic understanding of operating systems. 2173 01:25:15,400 --> 01:25:17,200 So it sounds like a lot weird 2174 01:25:17,200 --> 01:25:20,506 that we're going to cover and fair bit of a is going to be 2175 01:25:20,506 --> 01:25:21,682 at a very deep level 2176 01:25:21,682 --> 01:25:24,300 and sometimes we're just going to skip the surface 2177 01:25:24,300 --> 01:25:26,742 but there's an awful lot of material to cover 2178 01:25:26,742 --> 01:25:27,831 so let's get started. 2179 01:25:27,831 --> 01:25:30,008 Okay, so that was all about the skills 2180 01:25:30,008 --> 01:25:31,600 that we are going to develop. 2181 01:25:31,600 --> 01:25:34,644 Throughout this video and that might be necessary 2182 01:25:34,644 --> 01:25:36,800 for you to become an ethical hackl. 2183 01:25:37,000 --> 01:25:37,200 Now. 2184 01:25:37,200 --> 01:25:39,100 Let's talk about the types of attacks 2185 01:25:39,100 --> 01:25:42,600 that you might be dealing with ethical hacker yourself. 2186 01:25:42,600 --> 01:25:46,072 So now we're going to be talking about the types of attacks. 2187 01:25:46,072 --> 01:25:47,366 Now one type of attack 2188 01:25:47,366 --> 01:25:49,742 that you'll find common particularly in cases 2189 01:25:49,742 --> 01:25:51,330 of hacktivism, for example, 2190 01:25:51,330 --> 01:25:54,400 or cases where people are trying to make a particular point 2191 01:25:54,400 --> 01:25:56,200 or just be a general pain is 2192 01:25:56,200 --> 01:26:00,350 this idea of defacing defacing goes back for quite a while. 2193 01:26:00,350 --> 01:26:01,289 It's the idea. 2194 01:26:01,289 --> 01:26:03,300 In of sort of digital graffiti 2195 01:26:03,300 --> 01:26:06,100 where you've left your mark or your imprint behind 2196 01:26:06,100 --> 01:26:09,600 so that everybody knows you were there primarily a website thing 2197 01:26:09,600 --> 01:26:12,500 and it's really just making alterations to something 2198 01:26:12,500 --> 01:26:15,100 that used to be pretty common a long time ago. 2199 01:26:15,100 --> 01:26:18,300 Now it's very particular for businesses or people 2200 01:26:18,300 --> 01:26:20,594 or just organizations in general to have 2201 01:26:20,594 --> 01:26:23,561 their homepage has been replaced by this other thing 2202 01:26:23,561 --> 01:26:26,035 that was along the lines of hey, I was here 2203 01:26:26,035 --> 01:26:27,800 and I took over your web page. 2204 01:26:27,800 --> 01:26:29,400 We also have a pretty common one 2205 01:26:29,400 --> 01:26:31,500 for certainly has been common over the years. 2206 01:26:31,500 --> 01:26:34,100 And it's a pretty good part towards quality exploits 2207 01:26:34,100 --> 01:26:35,800 in high-profile vulnerabilities. 2208 01:26:35,800 --> 01:26:37,790 And that's buffer overflow. 2209 01:26:37,790 --> 01:26:41,500 Now a buffer overflow is a result of the way programs 2210 01:26:41,500 --> 01:26:42,900 are stored in memory 2211 01:26:42,900 --> 01:26:45,700 when programs are running they make use of a chunk 2212 01:26:45,700 --> 01:26:47,100 of memory called a star 2213 01:26:47,100 --> 01:26:49,123 and it's just like a stack of plates 2214 01:26:49,123 --> 01:26:50,300 when you put a bunch 2215 01:26:50,300 --> 01:26:52,900 of plates down when you pull a plate off you're going 2216 01:26:52,900 --> 01:26:55,335 to pull the top plate you're going to pull the old 2217 01:26:55,335 --> 01:26:57,800 displayed you're going to pull the one that was on top. 2218 01:26:57,800 --> 01:26:59,781 So the same thing with the stack here, 2219 01:26:59,781 --> 01:27:00,911 we're accessing memory 2220 01:27:00,911 --> 01:27:04,700 and This has to do with the way functions are called in memory 2221 01:27:04,700 --> 01:27:07,973 when you call the function a chunk of memory gets thrown 2222 01:27:07,973 --> 01:27:10,800 on top of the stack and that's the chunk of memory 2223 01:27:10,800 --> 01:27:12,000 that gets accessed 2224 01:27:12,000 --> 01:27:14,602 and you've got a piece of data in memory, 2225 01:27:14,602 --> 01:27:17,400 but in that stack and that's called a buffer 2226 01:27:17,400 --> 01:27:20,700 and when too much data is sent and try to put 2227 01:27:20,700 --> 01:27:23,600 into the buffer it can overflow now the bounds 2228 01:27:23,600 --> 01:27:26,089 of the configured area for that particular buffer. 2229 01:27:26,089 --> 01:27:27,479 It can overflow the bounds 2230 01:27:27,479 --> 01:27:30,200 of the configured area for that particular buffer. 2231 01:27:30,200 --> 01:27:32,900 Now the way stack Are put together we end up 2232 01:27:32,900 --> 01:27:34,433 with the part of the stock 2233 01:27:34,433 --> 01:27:37,500 where the return address from the function is stored. 2234 01:27:37,500 --> 01:27:39,500 So when you overflow the buffer you have 2235 01:27:39,500 --> 01:27:42,100 the ability to potentially override that return 2236 01:27:42,100 --> 01:27:44,000 at which point you can control the flow 2237 01:27:44,000 --> 01:27:45,339 of execution of programs. 2238 01:27:45,339 --> 01:27:48,556 And if you can control the flow of execution of the program, 2239 01:27:48,556 --> 01:27:49,617 you can insert code 2240 01:27:49,617 --> 01:27:52,500 into that memory that could be executed and that's 2241 01:27:52,500 --> 01:27:55,606 where we get buffer overflow that turns into exploits 2242 01:27:55,606 --> 01:27:58,430 that creates the ability to get like a command shell 2243 01:27:58,430 --> 01:28:00,800 or some other useful thing from the system 2244 01:28:00,800 --> 01:28:02,900 where the The buffer overflow is running. 2245 01:28:02,900 --> 01:28:04,811 So that's a buffer overflow in short. 2246 01:28:04,811 --> 01:28:05,400 Sometimes. 2247 01:28:05,400 --> 01:28:07,382 We also have format string attacks. 2248 01:28:07,382 --> 01:28:09,500 And sometimes these can be precursors 2249 01:28:09,500 --> 01:28:11,100 to buffer overflow formats. 2250 01:28:11,100 --> 01:28:12,872 Now format strings come about 2251 01:28:12,872 --> 01:28:15,500 because the C programming language makes use 2252 01:28:15,500 --> 01:28:16,764 of these format strings 2253 01:28:16,764 --> 01:28:20,000 that determines how data is going to be input or output. 2254 01:28:20,000 --> 01:28:22,100 So you have a string of characters that define 2255 01:28:22,100 --> 01:28:23,500 whether the subsequent input 2256 01:28:23,500 --> 01:28:26,000 or output is going to be an integer or 2257 01:28:26,000 --> 01:28:27,800 whether it's going to be a character 2258 01:28:27,800 --> 01:28:29,478 or whether it's going to be a string 2259 01:28:29,478 --> 01:28:31,400 or a floating-point that sort of thing. 2260 01:28:31,400 --> 01:28:33,090 So you have a format string 2261 01:28:33,090 --> 01:28:35,505 that defines the input or the output now 2262 01:28:35,505 --> 01:28:37,917 for programmer leaves of the format string 2263 01:28:37,917 --> 01:28:40,600 and just gets lazy and provides only the variable 2264 01:28:40,600 --> 01:28:41,900 that's going to be output. 2265 01:28:41,900 --> 01:28:44,382 For example, you have the ability to provide 2266 01:28:44,382 --> 01:28:45,500 that format string. 2267 01:28:45,500 --> 01:28:47,200 If you provide that format string 2268 01:28:47,300 --> 01:28:49,600 what then happens is the program starts picking 2269 01:28:49,600 --> 01:28:50,700 the next piece of data 2270 01:28:50,700 --> 01:28:52,300 of the stack displays them 2271 01:28:52,300 --> 01:28:54,791 because that way we can start looking at data 2272 01:28:54,791 --> 01:28:55,909 that's on the stack 2273 01:28:55,909 --> 01:28:58,900 of the running program just by providing a format string 2274 01:28:58,900 --> 01:29:02,438 if I can look at the data I may be able to Find information 2275 01:29:02,438 --> 01:29:03,598 like return address 2276 01:29:03,598 --> 01:29:06,100 or some other use of piece of information. 2277 01:29:06,300 --> 01:29:08,500 There is also a possibility 2278 01:29:08,500 --> 01:29:11,139 of being able to inject data into the stock. 2279 01:29:11,139 --> 01:29:13,316 I may be able to find some information 2280 01:29:13,316 --> 01:29:14,500 like a return address 2281 01:29:14,500 --> 01:29:16,763 or some other useful piece of information. 2282 01:29:16,763 --> 01:29:19,800 There is also a possibility of being able to inject data 2283 01:29:19,800 --> 01:29:20,682 into the stack. 2284 01:29:20,682 --> 01:29:22,632 I may be able to find some information 2285 01:29:22,632 --> 01:29:23,739 like a return address 2286 01:29:23,739 --> 01:29:25,900 or some other useful piece of information. 2287 01:29:25,900 --> 01:29:29,135 There is also a possibility of being able to inject data 2288 01:29:29,135 --> 01:29:31,500 into the stock using this particular type. 2289 01:29:31,700 --> 01:29:34,871 Now moving on to our next type of attack is a denial 2290 01:29:34,871 --> 01:29:36,800 of service a denial of service. 2291 01:29:36,800 --> 01:29:38,388 This is a pretty common one 2292 01:29:38,388 --> 01:29:40,100 and you'll hear about this a lot. 2293 01:29:40,100 --> 01:29:43,100 This is not to be confused with the one that I'll be talking 2294 01:29:43,100 --> 01:29:46,411 about after this and that is a distributed denial of service. 2295 01:29:46,411 --> 01:29:48,000 So this one that you see is 2296 01:29:48,000 --> 01:29:49,900 that this is a denial of service attack 2297 01:29:50,100 --> 01:29:52,805 and a denial of service is any attack or action 2298 01:29:52,805 --> 01:29:55,300 that prevents a service from being available 2299 01:29:55,300 --> 01:29:57,900 to its legitimate or authorized users. 2300 01:29:57,900 --> 01:30:01,100 So you hear about a ping flood or a syn flood? 2301 01:30:01,100 --> 01:30:02,957 That is basically a syn packet 2302 01:30:02,957 --> 01:30:06,300 being sent to your machine constantly or a Smurf attack 2303 01:30:06,300 --> 01:30:08,200 and Smurf attack has to do something 2304 01:30:08,200 --> 01:30:09,720 with icmp Echo requests 2305 01:30:09,720 --> 01:30:12,300 and responses using broadcast addresses. 2306 01:30:12,300 --> 01:30:14,100 That one's been pretty well shot down 2307 01:30:14,100 --> 01:30:15,600 over the last several years. 2308 01:30:15,600 --> 01:30:17,900 You can also get a denial of service simply 2309 01:30:17,900 --> 01:30:19,958 from a malformed packet or piece of data 2310 01:30:19,958 --> 01:30:21,900 where a piece of data is malformed 2311 01:30:21,900 --> 01:30:23,300 and sent into a program. 2312 01:30:23,300 --> 01:30:25,811 Now if the program doesn't handle it correctly 2313 01:30:25,811 --> 01:30:28,401 if it crashes suddenly you're not able to use 2314 01:30:28,401 --> 01:30:29,637 that program anymore. 2315 01:30:29,637 --> 01:30:31,147 So therefore you are denied. 2316 01:30:31,147 --> 01:30:34,500 The service of the program and thus the denial of service. 2317 01:30:34,500 --> 01:30:37,945 Now, as I said a denial of service is not to be confused 2318 01:30:37,945 --> 01:30:40,200 with a distributed denial of service. 2319 01:30:40,200 --> 01:30:43,000 And I know it's pretty trendy particularly 2320 01:30:43,000 --> 01:30:46,500 in the media to call it any denial-of-service DDOS 2321 01:30:46,500 --> 01:30:49,100 or any denial-of-service DDOS. 2322 01:30:49,100 --> 01:30:51,600 Now it's important to note 2323 01:30:51,600 --> 01:30:55,600 that any denial of service is not a DDOS a DDOS or 2324 01:30:55,600 --> 01:30:57,835 as you might know a distributed denial 2325 01:30:57,835 --> 01:31:01,130 of service is a very specific thing distributed denial 2326 01:31:01,130 --> 01:31:04,799 of the service is a coordinated denial-of-service making use 2327 01:31:04,799 --> 01:31:07,100 of several hosts in several locations. 2328 01:31:07,100 --> 01:31:10,900 So if you think about a botnet as an example a botnet 2329 01:31:10,900 --> 01:31:14,300 could be used to trigger a distributed denial of service, 2330 01:31:14,300 --> 01:31:15,752 but I've got a lot of bots 2331 01:31:15,752 --> 01:31:18,100 that I'm controlling from a remote location 2332 01:31:18,100 --> 01:31:20,388 and I'm using all these boards to do something 2333 01:31:20,388 --> 01:31:22,764 like sending a lot of data to particular server 2334 01:31:22,764 --> 01:31:26,000 when I've got a lot of system sending even small amounts 2335 01:31:26,000 --> 01:31:28,800 of data all of that data can overwhelm the server 2336 01:31:28,800 --> 01:31:29,900 that I'm sending it to 2337 01:31:30,000 --> 01:31:33,759 so the Behind a distributed denial-of-service attack is 2338 01:31:33,759 --> 01:31:35,500 too overwhelmed resources 2339 01:31:35,500 --> 01:31:36,930 on a particular server 2340 01:31:36,930 --> 01:31:40,667 in order to cause that server not to be able to respond. 2341 01:31:40,667 --> 01:31:43,546 Now the first known DDOS attack use the tool 2342 01:31:43,546 --> 01:31:44,985 called stock Old Rod, 2343 01:31:44,985 --> 01:31:48,970 which is German for barbed wire the stock Old Rod came 2344 01:31:48,970 --> 01:31:52,100 out of some work that a guy by the name of mr. 2345 01:31:52,100 --> 01:31:53,500 Was doing in 1999. 2346 01:31:53,600 --> 01:31:55,500 He wrote a proof of concept piece 2347 01:31:55,500 --> 01:31:56,900 of code called tfn, 2348 01:31:56,900 --> 01:31:58,733 which was the tribe flood Network. 2349 01:31:58,733 --> 01:32:00,400 Let me just show that for you. 2350 01:32:01,700 --> 01:32:02,711 So you can see 2351 01:32:02,711 --> 01:32:05,795 on the Wikipedia page the try flat Network 2352 01:32:05,795 --> 01:32:08,200 or tfn is a set of computer programs 2353 01:32:08,200 --> 01:32:12,000 that is used to conduct various DDOS attacks such as icmp 2354 01:32:12,000 --> 01:32:15,100 flood syn floods UDP flowers and small for tax. 2355 01:32:15,100 --> 01:32:15,600 Now. 2356 01:32:15,600 --> 01:32:18,100 I know many people don't really consider 2357 01:32:18,100 --> 01:32:22,000 Wikipedia really good source of any sort of knowledge, 2358 01:32:22,000 --> 01:32:23,802 but it's a good place to start off. 2359 01:32:23,802 --> 01:32:26,011 So if you want to read about all these types 2360 01:32:26,011 --> 01:32:27,576 of attacks like icmp floods 2361 01:32:27,576 --> 01:32:30,400 and what exactly is a syn flood you can always do 2362 01:32:30,400 --> 01:32:33,200 that from It's not that bad place. 2363 01:32:33,400 --> 01:32:36,600 Of course, you should use Wikipedia as your final 2364 01:32:36,600 --> 01:32:38,200 Rosetta Stone moving on. 2365 01:32:38,200 --> 01:32:40,335 So this program called Old Rod, 2366 01:32:40,335 --> 01:32:44,400 which was it was used to attack servers like eBay and Yahoo! 2367 01:32:44,400 --> 01:32:46,072 Back in February of 2000 2368 01:32:46,072 --> 01:32:49,000 so that tack in February of 2000 was really 2369 01:32:49,000 --> 01:32:51,666 the first known distributed denial-of-service attack, 2370 01:32:51,666 --> 01:32:52,783 which is not to say 2371 01:32:52,783 --> 01:32:55,970 that there weren't denial of service attacks previously So 2372 01:32:55,970 --> 01:32:58,500 to that there were certainly plenty of them, 2373 01:32:58,500 --> 01:33:00,419 but they were not distributed now 2374 01:33:00,419 --> 01:33:02,949 this means If there weren't a lot of systems 2375 01:33:02,949 --> 01:33:03,983 used to coordinate 2376 01:33:03,983 --> 01:33:07,101 and create a denial-of-service condition and therefore 2377 01:33:07,101 --> 01:33:09,600 we get distributed denial-of-service attack. 2378 01:33:09,600 --> 01:33:11,600 So that's a handful of type of tax 2379 01:33:11,600 --> 01:33:13,100 and some pretty common attacks 2380 01:33:13,100 --> 01:33:15,500 that you're going to see as an ethical hacker 2381 01:33:15,500 --> 01:33:16,905 when you become an ethical hacker 2382 01:33:16,905 --> 01:33:19,050 or if you're trying to become an ethical hacker, 2383 01:33:19,050 --> 01:33:21,600 you should always know about these types of attacks. 2384 01:33:21,800 --> 01:33:22,300 Okay. 2385 01:33:22,300 --> 01:33:23,099 So in this lesson, 2386 01:33:23,099 --> 01:33:25,600 we're going to be talking about penetration testing 2387 01:33:25,600 --> 01:33:28,000 and some of the details around how it works 2388 01:33:28,000 --> 01:33:31,731 and Logistics and specifically things like scope so, 2389 01:33:31,731 --> 01:33:33,944 Exactly is penetration testing. 2390 01:33:33,944 --> 01:33:35,800 So well, not surprisingly. 2391 01:33:35,800 --> 01:33:38,700 It's testing to see if you can penetrate something 2392 01:33:38,700 --> 01:33:40,789 which means you're going to check to see 2393 01:33:40,789 --> 01:33:43,200 whether you can break into a particular thing. 2394 01:33:43,200 --> 01:33:46,400 Whether it's a server or in applications depending 2395 01:33:46,400 --> 01:33:47,929 on the type of Engagement. 2396 01:33:47,929 --> 01:33:50,600 You've got you may have the ability to try to break 2397 01:33:50,600 --> 01:33:52,038 in physically to a location 2398 01:33:52,038 --> 01:33:54,200 but primarily but you're going to be doing 2399 01:33:54,200 --> 01:33:55,300 with penetration testing 2400 01:33:55,300 --> 01:33:57,500 is you're going to be trying to break into systems 2401 01:33:57,500 --> 01:33:59,528 and networks and applications. 2402 01:33:59,528 --> 01:34:02,300 And that's the kind of what It's all about 2403 01:34:02,300 --> 01:34:05,800 and this may actually involve social engineering attacks. 2404 01:34:05,800 --> 01:34:08,700 So it may require you to make a phone call 2405 01:34:08,700 --> 01:34:12,200 to somebody and get them to give you their username 2406 01:34:12,200 --> 01:34:16,300 and password or some other type of social engineering attack 2407 01:34:16,300 --> 01:34:20,300 where maybe you send a URL via a crafted email. 2408 01:34:20,300 --> 01:34:23,800 Sometimes it's just strictly a technical approach. 2409 01:34:23,800 --> 01:34:25,100 We're running scans 2410 01:34:25,100 --> 01:34:28,185 and you're running Metasploit and you're gaining 2411 01:34:28,185 --> 01:34:31,500 access that way or maybe some other type of Technology. 2412 01:34:31,500 --> 01:34:33,323 Application sort of connection, 2413 01:34:33,323 --> 01:34:36,051 sometimes it's physical access that you need. 2414 01:34:36,051 --> 01:34:38,916 So in order to get access to a particular system, 2415 01:34:38,916 --> 01:34:42,200 if you can get physical access then maybe you can get in 2416 01:34:42,200 --> 01:34:43,500 so that was all about 2417 01:34:43,500 --> 01:34:45,970 that's what exactly penetration testing is. 2418 01:34:45,970 --> 01:34:48,600 It's checking whether you can get into a system 2419 01:34:48,600 --> 01:34:50,999 whether it be physically or on a network. 2420 01:34:50,999 --> 01:34:52,300 So what are the goals 2421 01:34:52,300 --> 01:34:55,840 of penetration testing the goals would be to assess weakness 2422 01:34:55,840 --> 01:34:58,000 in an organization security postures. 2423 01:34:58,000 --> 01:34:59,900 We want to figure out what they're vulnerable 2424 01:34:59,900 --> 01:35:03,235 so that they can go and fix It's these problems you want 2425 01:35:03,235 --> 01:35:05,900 to help them understand their risk positions better 2426 01:35:05,900 --> 01:35:06,972 and what they can 2427 01:35:06,972 --> 01:35:09,592 or may be able to do to mitigate those risks 2428 01:35:09,592 --> 01:35:12,700 and ultimately you want to be able to access systems 2429 01:35:12,700 --> 01:35:15,000 in a particular way to find weaknesses. 2430 01:35:15,000 --> 01:35:17,256 So those are really sort of the goals 2431 01:35:17,256 --> 01:35:20,341 of penetration testing now from a result standpoint 2432 01:35:20,341 --> 01:35:23,700 when you're done you're testing what you are going to do. 2433 01:35:23,700 --> 01:35:27,300 Well, you're probably going to generate a report and by that, 2434 01:35:27,300 --> 01:35:29,878 I don't mean you're going to run some automated tool 2435 01:35:29,878 --> 01:35:31,778 and you're going to get it to generate. 2436 01:35:31,778 --> 01:35:32,600 The report for you, 2437 01:35:32,600 --> 01:35:34,500 you're actually going to give that to the client. 2438 01:35:34,500 --> 01:35:36,630 You're actually going to give you a report to the client 2439 01:35:36,630 --> 01:35:38,800 and then they're going to write you a really large check. 2440 01:35:38,800 --> 01:35:40,508 So that's not really how it works. 2441 01:35:40,508 --> 01:35:43,200 You're going to write a report detailing the findings 2442 01:35:43,200 --> 01:35:44,400 in a detailed way 2443 01:35:44,400 --> 01:35:47,700 so that it includes what did you do to find out 2444 01:35:47,700 --> 01:35:49,300 what you actually found out 2445 01:35:49,300 --> 01:35:52,200 and how you can actually mitigate that particular risk. 2446 01:35:52,200 --> 01:35:55,359 So you should really include remediation activities in order 2447 01:35:55,359 --> 01:35:56,812 to fix this vulnerabilities 2448 01:35:56,812 --> 01:35:58,958 that you find and it's pretty easy to walk 2449 01:35:58,958 --> 01:35:59,900 around saying hey, 2450 01:35:59,900 --> 01:36:01,589 that's a problem and that's problematic. 2451 01:36:01,589 --> 01:36:02,600 And that's a problem. 2452 01:36:02,600 --> 01:36:04,300 That's really not a lot of value 2453 01:36:04,300 --> 01:36:06,915 in that where there's a value is that hey, 2454 01:36:06,915 --> 01:36:08,000 that's a problem. 2455 01:36:08,000 --> 01:36:10,232 And here's how you can go about fixing it. 2456 01:36:10,232 --> 01:36:13,200 So let's talk about the scope of penetration testing. 2457 01:36:13,200 --> 01:36:15,500 So firstly you want to actually realize 2458 01:36:15,500 --> 01:36:18,900 how big is the breadbox and how specifically what is it 2459 01:36:18,900 --> 01:36:21,600 that the you two of the two of you have agreed 2460 01:36:21,600 --> 01:36:23,200 that being you the ethical hacker 2461 01:36:23,200 --> 01:36:25,900 and the other guy being the authorized person to give 2462 01:36:25,900 --> 01:36:29,300 you permission to ethically hack specifically agree 2463 01:36:29,300 --> 01:36:31,700 that you can do penetration testing. 2464 01:36:31,800 --> 01:36:35,177 And you can Target them as an organization or decline 2465 01:36:35,177 --> 01:36:38,100 and what you have agreed to our any exclusions 2466 01:36:38,100 --> 01:36:39,238 or any sort of areas 2467 01:36:39,238 --> 01:36:42,474 that they say you're not allowed to touch so anything so 2468 01:36:42,474 --> 01:36:44,600 like if they've got a database server, 2469 01:36:44,600 --> 01:36:47,678 maybe there's a lot of really sensitive data on it 2470 01:36:47,678 --> 01:36:49,500 and there's a little hesitant 2471 01:36:49,500 --> 01:36:53,500 and they may put don't touch this thing clause in the school. 2472 01:36:53,500 --> 01:36:55,300 So there are a lot of different reasons 2473 01:36:55,300 --> 01:36:57,411 why they may exclude areas from the scope 2474 01:36:57,411 --> 01:37:00,141 and if they exclude them then trust their reason 2475 01:37:00,141 --> 01:37:01,199 and listen to them 2476 01:37:01,200 --> 01:37:03,438 what They have to say in terms of this is 2477 01:37:03,438 --> 01:37:05,103 what we want you to accomplish. 2478 01:37:05,103 --> 01:37:07,786 So along those lines you really need to get sign off 2479 01:37:07,786 --> 01:37:09,312 from the target organization. 2480 01:37:09,312 --> 01:37:11,182 Now, we've talked about this before 2481 01:37:11,182 --> 01:37:14,241 and this is certainly all about the ethics then trust 2482 01:37:14,300 --> 01:37:15,700 and it's also about legality 2483 01:37:15,700 --> 01:37:17,200 because if you do something 2484 01:37:17,200 --> 01:37:19,200 that you don't have permissions to do you 2485 01:37:19,200 --> 01:37:20,900 could be prosecuted for that. 2486 01:37:20,900 --> 01:37:23,541 So definitely get the scope very clear in writing 2487 01:37:23,541 --> 01:37:26,600 and with signatures attached to it as to what you can 2488 01:37:26,600 --> 01:37:27,775 and what you can't do 2489 01:37:27,775 --> 01:37:30,207 and always get approval from the right people 2490 01:37:30,207 --> 01:37:31,711 and make sure you get Buddy 2491 01:37:31,711 --> 01:37:33,064 who has the right level 2492 01:37:33,064 --> 01:37:35,900 of permissions and is the right level of management 2493 01:37:35,900 --> 01:37:38,659 so that they can sign off on its understanding 2494 01:37:38,659 --> 01:37:39,778 and accept the risk 2495 01:37:39,778 --> 01:37:42,263 that is associated with a penetration test. 2496 01:37:42,263 --> 01:37:45,200 So let me talk a little bit about security assessments 2497 01:37:45,200 --> 01:37:47,300 and how they differ from penetration tests. 2498 01:37:47,300 --> 01:37:49,300 The security assessment is a hand 2499 01:37:49,300 --> 01:37:51,092 in hand approach with clients. 2500 01:37:51,092 --> 01:37:53,900 So you would walk in doing a collaborative thing 2501 01:37:53,900 --> 01:37:57,417 where you're a trusted partner and you are live with them 2502 01:37:57,417 --> 01:37:59,612 and your goal isn't to penetrate them 2503 01:37:59,612 --> 01:38:01,372 and point out all the things. 2504 01:38:01,372 --> 01:38:02,548 That are really bad, 2505 01:38:02,548 --> 01:38:04,891 but it's to get a full assessment of the risk 2506 01:38:04,891 --> 01:38:06,547 that the organization is exposed 2507 01:38:06,547 --> 01:38:09,949 to and you would probably provide more details about fixes 2508 01:38:09,949 --> 01:38:12,426 that maybe you would in a penetration test. 2509 01:38:12,426 --> 01:38:15,434 Now what we're going to do is we're going to walk in 2510 01:38:15,434 --> 01:38:16,229 and make sure 2511 01:38:16,229 --> 01:38:17,269 that the policies 2512 01:38:17,269 --> 01:38:20,000 and procedures they have in place are really 2513 01:38:20,000 --> 01:38:21,700 what they need for the organization 2514 01:38:21,900 --> 01:38:23,025 and the risk appetite 2515 01:38:23,025 --> 01:38:25,417 that they've got and we're going to make sure 2516 01:38:25,417 --> 01:38:28,015 that the policies and procedures have controlled 2517 01:38:28,015 --> 01:38:28,898 that can tell us 2518 01:38:28,898 --> 01:38:31,542 whether they are being actually adhere to or not. 2519 01:38:31,542 --> 01:38:33,801 Procedures and policies are being followed 2520 01:38:33,801 --> 01:38:36,141 a security assessment is probably a little bit 2521 01:38:36,141 --> 01:38:37,132 more comprehensive 2522 01:38:37,132 --> 01:38:38,400 than a penetration test 2523 01:38:38,400 --> 01:38:40,600 and you would look at more factors to assess 2524 01:38:40,600 --> 01:38:42,600 the security postures of the organization 2525 01:38:42,600 --> 01:38:44,100 in their overall risk 2526 01:38:44,100 --> 01:38:47,600 and you would tailor the output based on the risk appetite 2527 01:38:47,600 --> 01:38:50,769 and what they're most interested in and that's not to say 2528 01:38:50,769 --> 01:38:53,600 that I'm going to tell them what they want to hear. 2529 01:38:53,600 --> 01:38:56,600 But if there's something that they know and I know 2530 01:38:56,600 --> 01:38:58,200 that they're just not going to do 2531 01:38:58,200 --> 01:39:00,400 I'm not going to be making a big deal out of it 2532 01:39:00,400 --> 01:39:02,499 because they're already Eddie aware of it 2533 01:39:02,499 --> 01:39:04,400 and I'll make a note of it in the report just 2534 01:39:04,400 --> 01:39:05,600 for a complete the sick, 2535 01:39:05,600 --> 01:39:07,700 but I'm not going to go out in a lot of details. 2536 01:39:07,700 --> 01:39:08,800 So it's really kind of 2537 01:39:08,800 --> 01:39:11,200 a hand hand collaborative approach where again, 2538 01:39:11,200 --> 01:39:12,178 you're not just saying 2539 01:39:12,178 --> 01:39:15,078 that they want us to say we're providing some real security 2540 01:39:15,078 --> 01:39:17,200 and risk guidance towards her activities 2541 01:39:17,200 --> 01:39:18,141 and other things 2542 01:39:18,141 --> 01:39:20,093 so it may provide an unrealistic view. 2543 01:39:20,093 --> 01:39:21,213 So you've got a week. 2544 01:39:21,213 --> 01:39:23,114 Let's say to do this penetration test 2545 01:39:23,114 --> 01:39:24,192 against your target. 2546 01:39:24,192 --> 01:39:26,600 Now, you're going to have to go in you're going 2547 01:39:26,600 --> 01:39:27,700 to have to get setup. 2548 01:39:27,700 --> 01:39:30,000 You're also going to have to start doing a bunch 2549 01:39:30,000 --> 01:39:31,170 of scans and make sure 2550 01:39:31,170 --> 01:39:32,700 that Gathering information 2551 01:39:32,700 --> 01:39:35,000 and screenshots and data for your reports 2552 01:39:35,000 --> 01:39:37,500 you're going to have to do all sorts of activities. 2553 01:39:37,500 --> 01:39:39,100 Also during the course of that week. 2554 01:39:39,100 --> 01:39:41,100 You're going to be engaged in probably beginning 2555 01:39:41,100 --> 01:39:42,200 to write your report 2556 01:39:42,200 --> 01:39:44,802 and getting a sense of what is going to say 2557 01:39:44,802 --> 01:39:46,600 and what's going to be in it. 2558 01:39:46,600 --> 01:39:48,900 If you don't actually get any major penetration 2559 01:39:48,900 --> 01:39:51,700 during the course of that week the organization may feel 2560 01:39:51,700 --> 01:39:53,500 like their code and code secure. 2561 01:39:53,500 --> 01:39:55,900 That's one of the reasons why penetration testing 2562 01:39:55,900 --> 01:39:59,200 while really sexy and show is nice and all 2563 01:39:59,200 --> 01:40:02,199 but if an organization walks out of it it believing 2564 01:40:02,199 --> 01:40:03,095 that in a week, 2565 01:40:03,095 --> 01:40:06,330 you didn't manage to get no get the Keys of the Kingdom. 2566 01:40:06,330 --> 01:40:09,066 They might must be secure that's really misguided view 2567 01:40:09,066 --> 01:40:11,700 because I'm dedicated skilled and motivated attacker 2568 01:40:11,700 --> 01:40:14,500 isn't going to just take a week or some portion of that fee. 2569 01:40:14,500 --> 01:40:16,700 They're after something they're going to dedicate 2570 01:40:16,700 --> 01:40:19,200 themselves to do it and really go after it. 2571 01:40:19,200 --> 01:40:22,784 So just because you didn't find a penetration in some subset 2572 01:40:22,784 --> 01:40:24,000 of week doesn't mean 2573 01:40:24,000 --> 01:40:28,500 that they're secure and Illman and in vulnerable to attacks. 2574 01:40:28,500 --> 01:40:30,400 It just means that during the course 2575 01:40:30,400 --> 01:40:33,000 of that particular week and The circumstances 2576 01:40:33,000 --> 01:40:35,562 that were in place you can get a penetration 2577 01:40:35,562 --> 01:40:37,699 that was really significant or major. 2578 01:40:37,699 --> 01:40:38,877 That's all it means. 2579 01:40:38,877 --> 01:40:41,000 It doesn't mean anything beyond that and 2580 01:40:41,000 --> 01:40:42,800 if an organization walks away feeling 2581 01:40:42,800 --> 01:40:44,269 like the secure they're going 2582 01:40:44,269 --> 01:40:46,500 to end up not fixing the real vulnerabilities 2583 01:40:46,500 --> 01:40:47,547 that may be in place 2584 01:40:47,547 --> 01:40:49,800 that could expose them to significant risks. 2585 01:40:49,800 --> 01:40:53,100 So that's penetration testing its corpse its goals 2586 01:40:53,100 --> 01:40:55,880 and how it differs to security assessments now, 2587 01:40:55,880 --> 01:40:57,909 it's time to go over foot reading. 2588 01:40:57,909 --> 01:41:01,600 So what is footprinting well for printing is getting an idea. 2589 01:41:01,600 --> 01:41:04,074 Via of the entire scope of your target. 2590 01:41:04,074 --> 01:41:05,939 That means not just the scope 2591 01:41:05,939 --> 01:41:07,177 that you were given 2592 01:41:07,177 --> 01:41:10,701 which may be an address block or it may be a domain name 2593 01:41:10,701 --> 01:41:13,200 that even maybe a set of a truss blocks. 2594 01:41:13,200 --> 01:41:15,913 Now, what you want to do is you want to figure 2595 01:41:15,913 --> 01:41:17,300 out all the information 2596 01:41:17,300 --> 01:41:20,500 that's associated with that in great detail 2597 01:41:20,500 --> 01:41:24,700 as you can possibly get so you want the list of domain names 2598 01:41:24,700 --> 01:41:26,641 as you're going to go through this 2599 01:41:26,641 --> 01:41:28,100 you probably want some sort 2600 01:41:28,100 --> 01:41:31,500 of database or Excel spreadsheet or something. 2601 01:41:31,500 --> 01:41:32,900 Track of all the information 2602 01:41:32,900 --> 01:41:35,300 because you're going to have a lot of it at the end. 2603 01:41:35,300 --> 01:41:37,800 You want to be able to find information quickly. 2604 01:41:37,800 --> 01:41:40,500 So having some sort of in a notepad going 2605 01:41:40,500 --> 01:41:41,692 with your notes or 2606 01:41:41,692 --> 01:41:43,898 as I said spreadsheet or a database. 2607 01:41:43,898 --> 01:41:45,600 So if you can get organized 2608 01:41:45,600 --> 01:41:49,000 in that way you want to keep all those sorts of things down. 2609 01:41:49,000 --> 01:41:50,000 So in this case, 2610 01:41:50,000 --> 01:41:52,300 I want to do some search on suppose. 2611 01:41:52,300 --> 01:41:54,064 Let's say Eddie record dot go now. 2612 01:41:54,064 --> 01:41:55,300 I need Network block. 2613 01:41:55,300 --> 01:41:58,300 So so far we found out that just made up IP addresses 2614 01:41:58,300 --> 01:42:00,400 because I'm just putting information down, 2615 01:42:00,400 --> 01:42:01,700 but I need never be Block, 2616 01:42:01,700 --> 01:42:05,200 so you may have one IP address that you can find externally 2617 01:42:05,200 --> 01:42:06,900 or you're going to want to hold 2618 01:42:06,900 --> 01:42:10,336 range of internal clocks and you can do a little bit of digging. 2619 01:42:10,336 --> 01:42:13,500 If you aren't provided those you want specific IP addresses 2620 01:42:13,500 --> 01:42:16,900 for critical systems web servers email servers databases. 2621 01:42:16,900 --> 01:42:18,900 If you can find any of these things 2622 01:42:18,900 --> 01:42:21,800 of those sorts and you want system architectures 2623 01:42:21,800 --> 01:42:24,650 and what kind of stuff are they running are they running Intel 2624 01:42:24,650 --> 01:42:25,900 are they running windows? 2625 01:42:25,900 --> 01:42:27,600 Are they running some Unix systems? 2626 01:42:27,600 --> 01:42:28,618 What are they running? 2627 01:42:28,618 --> 01:42:30,768 What kind of Access Control lists they have. 2628 01:42:30,768 --> 01:42:33,400 These are going to be To get but you may be able to guess 2629 01:42:33,400 --> 01:42:35,932 them and you can guess these by doing Port 2630 01:42:35,932 --> 01:42:39,700 can so what sort of responses you get back from the port scans 2631 01:42:39,700 --> 01:42:42,806 with the filters and are what you don't get back. 2632 01:42:42,806 --> 01:42:45,190 We'll tell you about if there's an IDs 2633 01:42:45,190 --> 01:42:48,300 around or some you want to do a system numeration, 2634 01:42:48,300 --> 01:42:49,619 or you can get access 2635 01:42:49,619 --> 01:42:53,200 to a system somehow you want to know usernames group name. 2636 01:42:53,200 --> 01:42:55,400 So on so the basic idea 2637 01:42:55,400 --> 01:42:58,600 of footprinting is gathering information now 2638 01:42:58,600 --> 01:43:01,600 if you can get access to system somehow you want to no use 2639 01:43:01,600 --> 01:43:05,186 Names group names so you want system banners routing tables 2640 01:43:05,186 --> 01:43:08,022 SNMP information if you can get it DNS host names 2641 01:43:08,022 --> 01:43:09,500 if you can get those now, 2642 01:43:09,500 --> 01:43:12,200 this is for both internal and external on the side. 2643 01:43:12,200 --> 01:43:14,379 If you're doing an internal penetration test 2644 01:43:14,379 --> 01:43:15,900 or ethical hacking engagement. 2645 01:43:15,900 --> 01:43:18,500 You want to know the networking protocols that are out there. 2646 01:43:18,500 --> 01:43:19,900 Are they using TCP IP, 2647 01:43:19,900 --> 01:43:21,700 or are they using some UDP 2648 01:43:21,700 --> 01:43:25,600 or are they on ipx or SPX the using decnet 2649 01:43:25,600 --> 01:43:28,982 or appletalk or are they using some sort of split DNS? 2650 01:43:28,982 --> 01:43:29,940 In other words? 2651 01:43:29,940 --> 01:43:31,600 Do they have internal DNS? 2652 01:43:31,800 --> 01:43:33,700 So was that give different foam 2653 01:43:33,700 --> 01:43:36,501 for the external and will it give different information? 2654 01:43:36,501 --> 01:43:39,552 If you want to check for remote access possibilities now 2655 01:43:39,552 --> 01:43:41,300 in the foot printing process 2656 01:43:41,300 --> 01:43:44,600 you want to be very exhaustive you might want to try 2657 01:43:44,600 --> 01:43:48,857 and take out email addresses server domain name Services. 2658 01:43:48,857 --> 01:43:51,900 I mean IP addresses or even contact numbers 2659 01:43:51,900 --> 01:43:54,500 and you want to be very exhausted with your approach. 2660 01:43:54,500 --> 01:43:56,686 You don't want to miss anything out because 2661 01:43:56,686 --> 01:43:57,480 if you do that, 2662 01:43:57,480 --> 01:43:58,309 you can continue 2663 01:43:58,309 --> 01:44:01,222 and also provide some some launching points for additional. 2664 01:44:01,222 --> 01:44:03,529 Tax or test that you may be able to do but this 2665 01:44:03,529 --> 01:44:06,461 is definitely a starting point of the types of information 2666 01:44:06,461 --> 01:44:07,576 that you need to have 2667 01:44:07,576 --> 01:44:09,700 as you go about footprinting your target. 2668 01:44:09,700 --> 01:44:10,700 Now next thing 2669 01:44:10,700 --> 01:44:13,301 that we are going to see is very interesting. 2670 01:44:13,301 --> 01:44:15,323 This is one of the many common tools 2671 01:44:15,323 --> 01:44:17,500 that are out there on the internet and 2672 01:44:17,500 --> 01:44:21,700 that is the Wayback machine or also known as archive.org now 2673 01:44:21,700 --> 01:44:24,477 while it might not give you all the information that you need 2674 01:44:24,477 --> 01:44:26,700 but it gives certainly gives you a starting point 2675 01:44:26,700 --> 01:44:29,400 and what we're talking about here is the Wayback machine 2676 01:44:29,400 --> 01:44:32,600 or archive.org so Just give you a quick look 2677 01:44:32,600 --> 01:44:34,600 at what archive.org looks like. 2678 01:44:34,600 --> 01:44:34,900 Okay. 2679 01:44:34,900 --> 01:44:36,700 I already have it open out here. 2680 01:44:36,700 --> 01:44:39,100 So audio what you can see is 2681 01:44:39,100 --> 01:44:42,249 how a website look like around some time ago. 2682 01:44:42,249 --> 01:44:43,322 So for example, 2683 01:44:43,322 --> 01:44:46,600 if you want to look at with Google look like 2684 01:44:46,600 --> 01:44:50,600 so you just have to search for Google out here and wait 2685 01:44:50,600 --> 01:44:52,100 for results to come back. 2686 01:44:52,515 --> 01:44:52,900 Okay. 2687 01:44:52,900 --> 01:44:56,100 So we see that Google goes way back to 1998. 2688 01:44:56,100 --> 01:44:59,535 So that was the last capture or the first capture other. 2689 01:44:59,535 --> 01:45:02,000 It was the first capture by the Way back machine 2690 01:45:02,000 --> 01:45:02,700 and we can see 2691 01:45:02,700 --> 01:45:05,500 that it has a screenshot of November 11th 2692 01:45:05,500 --> 01:45:07,382 and how Google looked so, 2693 01:45:07,382 --> 01:45:11,600 let's see what Google look like in November 11th of 1988. 2694 01:45:11,600 --> 01:45:13,052 So this is what Google look 2695 01:45:13,052 --> 01:45:15,418 like it was there was actually nothing to it. 2696 01:45:15,418 --> 01:45:18,700 It just said welcome to Google Google search engine prototypes 2697 01:45:19,100 --> 01:45:21,200 and it hasn't link. 2698 01:45:21,200 --> 01:45:24,288 So yeah, this is what the Google search engine look like. 2699 01:45:24,288 --> 01:45:25,700 It had a Stanford surge. 2700 01:45:25,700 --> 01:45:26,930 It had a Linux urge 2701 01:45:26,930 --> 01:45:29,149 and you could do all sorts of stuff. 2702 01:45:29,149 --> 01:45:31,369 You could just put the results now. 2703 01:45:31,369 --> 01:45:34,865 I'm trying to tell y'all is you can see the evolution 2704 01:45:34,865 --> 01:45:38,000 of the website should time to the Wayback machine 2705 01:45:38,000 --> 01:45:41,378 and this gives you rather in informated look 2706 01:45:41,378 --> 01:45:44,200 into how website has actually evolved. 2707 01:45:44,400 --> 01:45:44,800 Okay. 2708 01:45:44,800 --> 01:45:46,659 Now that we know what for printing is 2709 01:45:46,659 --> 01:45:49,600 and how it falls into the hole recognition process. 2710 01:45:49,600 --> 01:45:52,505 So let's go over a couple of websites to do a little bit 2711 01:45:52,505 --> 01:45:55,200 of historical thinking about companies and the types 2712 01:45:55,200 --> 01:45:56,137 of infrastructure 2713 01:45:56,137 --> 01:45:57,330 that they may be using 2714 01:45:57,330 --> 01:45:59,342 and this information of course is useful 2715 01:45:59,342 --> 01:46:01,200 so that we can narrow down our Focus. 2716 01:46:01,200 --> 01:46:03,650 Us in terms of what we want to Target against them 2717 01:46:03,650 --> 01:46:06,300 for attacks now over time we've improved our awareness 2718 01:46:06,300 --> 01:46:07,200 about what sorts 2719 01:46:07,200 --> 01:46:10,500 of information we may want to divulge so several years ago 2720 01:46:10,500 --> 01:46:13,100 you may have gone to a company's website and discover 2721 01:46:13,100 --> 01:46:15,200 that you could get email addresses and names 2722 01:46:15,200 --> 01:46:16,345 of people in positions 2723 01:46:16,345 --> 01:46:17,701 that you may find relevant 2724 01:46:17,701 --> 01:46:20,100 and there were all sorts of bits of information 2725 01:46:20,100 --> 01:46:22,073 that could be used against the company 2726 01:46:22,073 --> 01:46:23,700 and over time we have discovered 2727 01:46:23,700 --> 01:46:24,788 that those are pieces 2728 01:46:24,788 --> 01:46:27,359 of information probably don't belong in a website 2729 01:46:27,359 --> 01:46:29,464 where they can be used against the company 2730 01:46:29,464 --> 01:46:32,288 and so they've been pulled off now The used to be also 2731 01:46:32,288 --> 01:46:34,900 that Google had the ability to pull up information 2732 01:46:34,900 --> 01:46:36,746 that it had cash so far. 2733 01:46:36,746 --> 01:46:37,469 For example, 2734 01:46:37,469 --> 01:46:39,700 if a website is no longer available or 2735 01:46:39,700 --> 01:46:41,900 if it was temporarily down and offline. 2736 01:46:41,900 --> 01:46:44,300 There was a little cash button that you can click 2737 01:46:44,300 --> 01:46:46,400 when you did and the Google search 2738 01:46:46,400 --> 01:46:48,571 and you could pull up that cast information. 2739 01:46:48,571 --> 01:46:51,400 So even though the website wasn't available you can still 2740 01:46:51,400 --> 01:46:54,716 get information from Google's servers now Google's remove 2741 01:46:54,716 --> 01:46:57,400 that so we don't have that ability any longer. 2742 01:46:57,400 --> 01:46:59,700 However, there is an internet archive 2743 01:46:59,700 --> 01:47:03,700 that we can Use so this thing is called the Wayback machine 2744 01:47:03,700 --> 01:47:05,600 and I have it open out here. 2745 01:47:05,600 --> 01:47:07,500 So it's archive.org / web. 2746 01:47:07,500 --> 01:47:09,400 So archive.org is a website 2747 01:47:09,400 --> 01:47:11,900 that gives us information about other websites 2748 01:47:11,900 --> 01:47:13,900 and how they look like in years ago 2749 01:47:13,900 --> 01:47:16,600 and by so I'm going to go to the Wayback machine 2750 01:47:16,600 --> 01:47:19,032 which you can see is at the archive.org 2751 01:47:19,032 --> 01:47:23,000 and I'm going to go and try and search for Eddie record dot go. 2752 01:47:23,000 --> 01:47:25,293 So now we're going to take a historical look 2753 01:47:25,293 --> 01:47:27,004 at Eddie record dot goes website 2754 01:47:27,004 --> 01:47:29,800 and you can see we've got some years and they've got 2755 01:47:29,800 --> 01:47:31,300 information going back up 2756 01:47:31,300 --> 01:47:32,600 to Thousand thirteen, 2757 01:47:32,600 --> 01:47:35,405 so let's look at what this website looked 2758 01:47:35,405 --> 01:47:37,300 like when it was just 2013. 2759 01:47:37,300 --> 01:47:40,833 Okay, there doesn't seem to be any snapshots out here. 2760 01:47:40,833 --> 01:47:42,500 I wonder what's going on. 2761 01:47:42,500 --> 01:47:42,900 Okay. 2762 01:47:42,900 --> 01:47:47,600 So let's go 2014 and the first snapshot seems to be 2763 01:47:47,700 --> 01:47:50,300 on the September 12th of 2014. 2764 01:47:50,300 --> 01:47:50,990 Actually. 2765 01:47:50,990 --> 01:47:53,600 It's on May 17 to so let's see what 2766 01:47:53,600 --> 01:47:54,830 that looks like. 2767 01:47:55,600 --> 01:47:55,957 Okay. 2768 01:47:55,957 --> 01:47:59,600 So this is what Eddie regular look like back in 2013 2769 01:47:59,600 --> 01:48:03,360 or other 2014 September 12 2014 to be actually exact 2770 01:48:03,360 --> 01:48:04,408 now you can see 2771 01:48:04,408 --> 01:48:06,700 that the we have some live classes 2772 01:48:06,700 --> 01:48:08,400 and all this pictures there 2773 01:48:08,400 --> 01:48:11,033 and they've got this weird picture of the sky 2774 01:48:11,033 --> 01:48:14,322 and here I don't know why that was a thing back in 2014. 2775 01:48:14,322 --> 01:48:16,851 Now we can browse more advanced screen shots 2776 01:48:16,851 --> 01:48:19,988 or rather the screen shots that were taken later on and see 2777 01:48:19,988 --> 01:48:22,800 how this company has evolved with this infrastructure 2778 01:48:22,800 --> 01:48:25,388 and the way it actually lays out its content. 2779 01:48:25,388 --> 01:48:27,300 Okay, so it still hasn't evolved 2780 01:48:27,300 --> 01:48:30,100 but I can go a couple of years ahead and see 2781 01:48:30,100 --> 01:48:32,602 what this has actually evolved into so 2782 01:48:32,602 --> 01:48:34,700 if I would go to December 2016, 2783 01:48:36,400 --> 01:48:39,963 so this is what it looked like in 2016 and we can see 2784 01:48:39,963 --> 01:48:42,683 that they've added this weird box out here 2785 01:48:42,683 --> 01:48:46,000 about brides and courses they have other search bar 2786 01:48:46,000 --> 01:48:47,298 that kind of looks weird, 2787 01:48:47,298 --> 01:48:49,478 but it's mostly because my Internet is slow 2788 01:48:49,478 --> 01:48:51,328 and it's not loading all the elements. 2789 01:48:51,328 --> 01:48:52,444 They've also changed 2790 01:48:52,444 --> 01:48:55,400 how they've actually laid out the courses we can also. 2791 01:48:55,400 --> 01:48:57,800 Oh see a change in the prices, I guess. 2792 01:48:57,800 --> 01:48:59,300 So, yeah, this tells us 2793 01:48:59,300 --> 01:49:02,800 about how it evolves as complete website. 2794 01:49:02,900 --> 01:49:06,282 Now this other website I want to talk about is called net crap. 2795 01:49:06,282 --> 01:49:07,400 Now next craft does 2796 01:49:07,400 --> 01:49:10,201 internet research including the types of web servers 2797 01:49:10,201 --> 01:49:13,018 that companies run and they have a web server service. 2798 01:49:13,018 --> 01:49:16,100 You can see here as we scroll the Apache server service has 2799 01:49:16,100 --> 01:49:18,800 sixty four point three percent of the internet Market, 2800 01:49:18,800 --> 01:49:19,300 of course, 2801 01:49:19,300 --> 01:49:20,700 and that's followed by Microsoft 2802 01:49:20,700 --> 01:49:23,453 with 13% interesting information may be useful information, 2803 01:49:23,453 --> 01:49:25,400 but even more useful than that is looking. 2804 01:49:25,400 --> 01:49:27,887 But different companies Run for the websites 2805 01:49:27,887 --> 01:49:29,005 and you can see here. 2806 01:49:29,005 --> 01:49:29,300 Okay. 2807 01:49:29,300 --> 01:49:32,300 So let's try and search for Eddie Rekha dot code here. 2808 01:49:32,300 --> 01:49:34,900 So let's just put in the website URL 2809 01:49:34,900 --> 01:49:37,984 and that net craft generate the site report. 2810 01:49:37,984 --> 01:49:39,141 So as you can see 2811 01:49:39,141 --> 01:49:41,340 that some stuff is not available. 2812 01:49:41,340 --> 01:49:43,782 You know that the net block owner is 2813 01:49:43,782 --> 01:49:47,900 by Amazon Technologies name server is this thing right here? 2814 01:49:47,900 --> 01:49:51,300 DNS admin is AWS DNS host Master. 2815 01:49:51,300 --> 01:49:55,033 We also have the IP address we can go for a wire look up. 2816 01:49:55,033 --> 01:49:57,611 Up the IP on virustotal you can do that. 2817 01:49:57,611 --> 01:49:59,272 There is no IPv6 present. 2818 01:49:59,272 --> 01:50:01,000 So that's some information 2819 01:50:01,000 --> 01:50:04,600 that we can see so we can obviously opt-out not 2820 01:50:04,600 --> 01:50:06,400 Target IPv6 ranges. 2821 01:50:06,469 --> 01:50:08,700 Then there's also reverse DNS 2822 01:50:08,700 --> 01:50:11,400 then we also have a bunch of Hosting history. 2823 01:50:11,400 --> 01:50:14,059 So this is a history of it and we know 2824 01:50:14,059 --> 01:50:18,300 that it's hosted on a Linux system with an Apache web server 2825 01:50:18,300 --> 01:50:19,500 and it was last seen 2826 01:50:19,500 --> 01:50:21,552 and this was when it was last updated. 2827 01:50:21,552 --> 01:50:23,835 So this is some very useful information. 2828 01:50:23,835 --> 01:50:26,600 You can also get information on If like Netflix, 2829 01:50:26,600 --> 01:50:28,600 so if you just type, okay 2830 01:50:28,600 --> 01:50:30,500 I said I just spelled that wrong. 2831 01:50:30,500 --> 01:50:33,200 So let me just change from the URL out here. 2832 01:50:33,200 --> 01:50:36,700 So if you go and die for netflix.com and you'll see 2833 01:50:36,700 --> 01:50:39,100 that it will show you all sorts of information. 2834 01:50:39,100 --> 01:50:42,500 So as you see that it's on an e WS server. 2835 01:50:42,500 --> 01:50:44,223 It's Amazon data services, 2836 01:50:44,223 --> 01:50:47,000 Ireland and this is all the hosting history 2837 01:50:47,000 --> 01:50:48,099 that it goes along 2838 01:50:48,099 --> 01:50:51,556 with it has some send the policy Frameworks domain-based 2839 01:50:51,556 --> 01:50:52,939 message authentication 2840 01:50:52,939 --> 01:50:54,700 and Reporting confirmations. 2841 01:50:55,100 --> 01:50:56,049 And there's all sorts 2842 01:50:56,049 --> 01:50:58,300 of information that you can get about websites 2843 01:50:58,300 --> 01:51:00,054 and web servers from net craft. 2844 01:51:00,054 --> 01:51:01,300 So the Wayback machine 2845 01:51:01,300 --> 01:51:04,020 long with net craft make up for some interesting tools 2846 01:51:04,020 --> 01:51:06,279 that are available on the internet from which 2847 01:51:06,279 --> 01:51:09,000 you can do a little bit of your reconnaissance recess. 2848 01:51:09,000 --> 01:51:09,301 Okay. 2849 01:51:09,301 --> 01:51:11,425 Now that we have gone over net craft 2850 01:51:11,425 --> 01:51:13,078 and the Wayback machine now, 2851 01:51:13,078 --> 01:51:14,313 it's time to actually 2852 01:51:14,313 --> 01:51:16,800 get to know how to use the little information 2853 01:51:16,800 --> 01:51:18,682 that the side actually provides. 2854 01:51:18,682 --> 01:51:20,027 So what the next topic 2855 01:51:20,027 --> 01:51:22,900 that we are going to go over is using DNS to get 2856 01:51:22,900 --> 01:51:27,100 more information now we're going to be Going over to land. 2857 01:51:27,100 --> 01:51:29,500 This is called who is and the utility 2858 01:51:29,500 --> 01:51:31,900 that is used to query the various Regional internet 2859 01:51:31,900 --> 01:51:34,669 registries the store information about domain names 2860 01:51:34,669 --> 01:51:37,270 and IP addresses and let me just show it to you 2861 01:51:37,270 --> 01:51:39,800 about all the internet registries are there. 2862 01:51:39,800 --> 01:51:41,500 So I have Aaron dotnet open 2863 01:51:41,500 --> 01:51:43,795 out here and these are the internet registries 2864 01:51:43,795 --> 01:51:44,900 that provides the isps 2865 01:51:44,900 --> 01:51:47,200 and looks over the Internet control as a whole. 2866 01:51:47,200 --> 01:51:51,600 So here we have afrinic we have up next we have Aaron 2867 01:51:51,600 --> 01:51:54,100 we have lacnic and we have ripe NCC 2868 01:51:54,100 --> 01:51:57,732 so These are all the regions and all the different types 2869 01:51:57,732 --> 01:52:01,300 of stuff that they support all the different countries. 2870 01:52:01,300 --> 01:52:03,400 You can look at the map 2871 01:52:03,400 --> 01:52:06,550 that it is pouring out here by just hovering 2872 01:52:06,550 --> 01:52:07,912 over the providers. 2873 01:52:07,912 --> 01:52:10,638 So as you can see all these Brown region 2874 01:52:10,638 --> 01:52:11,941 out here is Africa 2875 01:52:11,941 --> 01:52:16,500 after Nick then we have up next which is black or grayish thing, 2876 01:52:16,500 --> 01:52:18,600 which is India and Australia 2877 01:52:18,600 --> 01:52:21,676 and quite a lot of issue then we have iron 2878 01:52:21,676 --> 01:52:25,400 which is a lot of North America in the United States me. 2879 01:52:25,500 --> 01:52:27,943 Then this lacnic which is mostly the Latino side, 2880 01:52:27,943 --> 01:52:29,550 which is a South American part. 2881 01:52:29,550 --> 01:52:31,300 Then we have the rest of Europe 2882 01:52:31,300 --> 01:52:33,600 which is ripe NCC and this is the part 2883 01:52:33,600 --> 01:52:36,300 that ripe NCC is providing internet to okay. 2884 01:52:36,300 --> 01:52:38,400 So that was all about the internet registries. 2885 01:52:38,400 --> 01:52:40,000 Now, let's get back to the topic 2886 01:52:40,000 --> 01:52:42,723 and that is using DNS to get more information. 2887 01:52:42,723 --> 01:52:46,342 Now for this we are going to be using a Linux based system. 2888 01:52:46,342 --> 01:52:49,400 So I have a bunch of running on my virtual machine 2889 01:52:49,400 --> 01:52:51,700 out here and let me just log into it. 2890 01:52:51,700 --> 01:52:54,900 So firstly we are going to be using this Square. 2891 01:52:54,900 --> 01:52:56,500 I recalled who is that looks up 2892 01:52:56,500 --> 01:52:58,900 these internet registries that I just showed you. 2893 01:52:58,900 --> 01:53:00,500 Let me just quickly remove this. 2894 01:53:00,799 --> 01:53:01,300 Okay. 2895 01:53:01,800 --> 01:53:03,500 So for acquiring information 2896 01:53:03,500 --> 01:53:06,099 from the regional internet registries that I just talked 2897 01:53:06,099 --> 01:53:06,992 about you can use 2898 01:53:06,992 --> 01:53:08,308 who is to get information 2899 01:53:08,308 --> 01:53:10,500 about who owns a particular IP address. 2900 01:53:10,500 --> 01:53:11,400 So for example, 2901 01:53:11,400 --> 01:53:14,900 I could do who is and let's see I could do 2902 01:53:14,900 --> 01:53:20,676 who is Google or rather netflix.com and we can get 2903 01:53:20,676 --> 01:53:24,599 all sorts of information about Netflix so we can see 2904 01:53:24,599 --> 01:53:28,200 that we Of the visit markmonitor then let's see. 2905 01:53:28,200 --> 01:53:31,400 Let's go up and look for all sorts of information 2906 01:53:31,400 --> 01:53:34,300 that has been given to us by this who is query. 2907 01:53:34,300 --> 01:53:37,594 So as you guys can see I just went a little bit too much. 2908 01:53:37,594 --> 01:53:37,871 Okay. 2909 01:53:37,871 --> 01:53:39,200 So registry domain ID, 2910 01:53:39,200 --> 01:53:42,000 we have the domain ID where it is registered as 2911 01:53:42,000 --> 01:53:44,100 a registered URL is markmonitor. 2912 01:53:44,100 --> 01:53:44,434 Okay. 2913 01:53:44,434 --> 01:53:48,720 So this is for marking actually now the creation date is 1997. 2914 01:53:48,720 --> 01:53:52,700 So you haven't realized Netflix been around for a long time 2915 01:53:52,700 --> 01:53:54,900 and it's been updated on 2015. 2916 01:53:54,900 --> 01:53:56,432 And registry expiry date 2917 01:53:56,432 --> 01:54:00,200 as we see is 2019 that's going to actually go off this here. 2918 01:54:00,200 --> 01:54:02,700 Then this is all useful information 2919 01:54:02,700 --> 01:54:05,400 so we can see all sorts of domain status 2920 01:54:05,400 --> 01:54:09,800 the name server URL the DNS SEC that it says unsigned. 2921 01:54:09,800 --> 01:54:11,800 This is very useful information 2922 01:54:11,800 --> 01:54:14,423 that is being provided by very simple query. 2923 01:54:14,423 --> 01:54:17,900 Now, if you want to know who owns a particular IP address, 2924 01:54:17,900 --> 01:54:21,600 so let's see if we get back the IP address out there. 2925 01:54:21,600 --> 01:54:23,557 We should have got back the IP address, 2926 01:54:23,557 --> 01:54:25,000 but it's kind of lost on me. 2927 01:54:25,000 --> 01:54:28,335 So To get back the IP address also for a domain name service. 2928 01:54:28,335 --> 01:54:29,100 So, you know, 2929 01:54:29,100 --> 01:54:31,100 so you could use this command called dick. 2930 01:54:31,100 --> 01:54:33,023 So your dick netflix.com. 2931 01:54:34,100 --> 01:54:36,000 Now as you guys can see 2932 01:54:36,100 --> 01:54:40,800 that it has returned a bunch of multiple IP addresses 2933 01:54:40,800 --> 01:54:42,400 at these are all the IP addresses 2934 01:54:42,400 --> 01:54:45,500 that Netflix's so I could do something like 2935 01:54:45,500 --> 01:54:47,147 if I was trying to check out 2936 01:54:47,147 --> 01:54:49,852 who all the certain IP address and for example, 2937 01:54:49,852 --> 01:54:51,709 I have got one of these IP addresses, 2938 01:54:51,709 --> 01:54:53,800 but let's just assume I don't know 2939 01:54:53,800 --> 01:54:55,400 that actually belongs to Netflix 2940 01:54:55,400 --> 01:55:01,200 so I can go who is 50 4.77 dot hundred and eight to 2941 01:55:01,400 --> 01:55:03,500 and it'll give me some information 2942 01:55:03,500 --> 01:55:07,200 so As you guys can see it is giving us a bunch 2943 01:55:07,200 --> 01:55:12,800 of information as to who this is and how it is happening. 2944 01:55:12,906 --> 01:55:14,500 So we see that it is 2945 01:55:14,500 --> 01:55:18,550 from Aaron dotnet and so we can very smartly assume 2946 01:55:18,550 --> 01:55:21,700 that it's from the North American part know 2947 01:55:21,700 --> 01:55:24,465 we can also see that it's in Seattle. 2948 01:55:24,465 --> 01:55:27,000 So our guess was completely right. 2949 01:55:27,100 --> 01:55:29,200 So it also gives us a range. 2950 01:55:29,200 --> 01:55:31,489 So this is something very useful. 2951 01:55:31,489 --> 01:55:34,981 So if you see we now have the rain age of the IPS 2952 01:55:34,981 --> 01:55:37,600 that might be being used by this guy. 2953 01:55:37,600 --> 01:55:42,500 So we indeed have 54 and it says it goes up to the 54. 2954 01:55:42,500 --> 01:55:43,958 There's also 34 lat now. 2955 01:55:43,958 --> 01:55:47,300 Let's check that out and see what information we get set 2956 01:55:47,300 --> 01:55:49,607 who is and let's check it out. 2957 01:55:49,607 --> 01:55:50,761 What was the IP 2958 01:55:50,761 --> 01:55:56,600 that we were just seeing is 34.2 49.1 25.1 67. 2959 01:55:57,000 --> 01:56:04,900 So 34.2 49.1 65 I don't know. 2960 01:56:05,000 --> 01:56:06,000 Let's see. 2961 01:56:06,000 --> 01:56:07,950 You can also put in a random IP address. 2962 01:56:07,950 --> 01:56:08,955 It don't really matter 2963 01:56:08,955 --> 01:56:10,600 and they'll give you the information. 2964 01:56:10,600 --> 01:56:12,104 So let's see is this 2965 01:56:12,104 --> 01:56:15,737 and some IP address even this seems to be an error 2966 01:56:15,737 --> 01:56:19,000 and IP address and it's also based in Seattle 2967 01:56:19,000 --> 01:56:20,703 and we got a bunch of information. 2968 01:56:20,703 --> 01:56:22,200 So that's how you can use the 2969 01:56:22,200 --> 01:56:22,957 who is query 2970 01:56:22,957 --> 01:56:26,300 and the query do actually get all sorts of information 2971 01:56:26,300 --> 01:56:29,769 about the domain name service and get information 2972 01:56:29,769 --> 01:56:31,200 from a DNS basically. 2973 01:56:31,200 --> 01:56:33,500 So now let's go over some theoretical part 2974 01:56:33,500 --> 01:56:34,700 that Is for DNS. 2975 01:56:34,700 --> 01:56:37,700 So using DNS to get information so firstly 2976 01:56:37,700 --> 01:56:39,900 what is the domain name service? 2977 01:56:39,900 --> 01:56:41,040 And why do we need? 2978 01:56:41,040 --> 01:56:44,400 So a domain name service is a name given to an IP address 2979 01:56:44,400 --> 01:56:46,352 so that it's easy to remember. 2980 01:56:46,352 --> 01:56:48,955 Of course you it's easy to remember names 2981 01:56:48,955 --> 01:56:52,593 and demonics rather than a bunch of random weird numbers. 2982 01:56:52,593 --> 01:56:53,838 Now, this was mainly 2983 01:56:53,838 --> 01:56:57,200 so that we can map names to IP addresses and we can get 2984 01:56:57,200 --> 01:57:00,600 the a bunch of information from the host name resolution. 2985 01:57:00,600 --> 01:57:03,266 So that's the purpose of IP addresses now 2986 01:57:03,266 --> 01:57:06,300 we Also be looking at how to find network ranges. 2987 01:57:06,300 --> 01:57:06,600 Okay. 2988 01:57:06,600 --> 01:57:08,952 Now before we get onto actually moving on 2989 01:57:08,952 --> 01:57:10,897 to how to find out the network ranges, 2990 01:57:10,897 --> 01:57:13,000 let me just show you how you can also use 2991 01:57:13,000 --> 01:57:15,628 who is so who is suppose you want to know the domains 2992 01:57:15,628 --> 01:57:16,900 with the word feu in it. 2993 01:57:16,900 --> 01:57:17,800 So you could go 2994 01:57:17,800 --> 01:57:21,600 who is fool and this will give you a whole bunch 2995 01:57:21,600 --> 01:57:25,500 of things but hafu exist and all the sorts of foods 2996 01:57:25,500 --> 01:57:27,677 that there is on the internet. 2997 01:57:27,677 --> 01:57:30,017 So that was one interesting flag, 2998 01:57:30,017 --> 01:57:31,700 and if you want to know 2999 01:57:31,700 --> 01:57:36,400 how to use more about Who is you could just go - - hell? 3000 01:57:36,400 --> 01:57:37,300 Yes. 3001 01:57:37,300 --> 01:57:37,610 Yeah. 3002 01:57:37,610 --> 01:57:39,600 So this is all the types of stuff 3003 01:57:39,600 --> 01:57:41,000 that we can do with who is 3004 01:57:41,000 --> 01:57:43,555 so you can set the host we can set the board 3005 01:57:43,555 --> 01:57:47,300 that we want to search for then we can set with the elf laughing 3006 01:57:47,300 --> 01:57:49,800 and find one level less specific match 3007 01:57:49,800 --> 01:57:52,664 and we can do an exact match to an inverse 3008 01:57:52,664 --> 01:57:54,900 look up for specified attributes. 3009 01:57:54,900 --> 01:57:59,700 Then we can also set the source we can set verbose type 3010 01:57:59,843 --> 01:58:01,200 and we can choose 3011 01:58:01,200 --> 01:58:03,915 for request template with this bunch of stuff. 3012 01:58:03,915 --> 01:58:06,300 Can do so you could suppose say 3013 01:58:06,300 --> 01:58:10,193 who is verbose and suppose any record dot coal 3014 01:58:10,200 --> 01:58:12,234 and I'll give you a verbose version 3015 01:58:12,234 --> 01:58:14,727 of the right database query service objects 3016 01:58:14,727 --> 01:58:17,727 aren't RPS out format the right database objectives. 3017 01:58:17,727 --> 01:58:18,527 So, okay. 3018 01:58:18,527 --> 01:58:21,900 Let's try something else like who is netflix.com? 3019 01:58:23,300 --> 01:58:24,600 Okay, I'm sorry. 3020 01:58:24,600 --> 01:58:28,400 I was supposed to be were both and I kept doing Edge silly me. 3021 01:58:28,400 --> 01:58:30,400 So you do V and that will give 3022 01:58:30,400 --> 01:58:33,600 you a much more like this is the right database again. 3023 01:58:33,600 --> 01:58:35,400 And I think I'm doing something wrong. 3024 01:58:35,400 --> 01:58:36,900 Okay, just for that thing. 3025 01:58:36,900 --> 01:58:38,600 OK V and tight okay, 3026 01:58:38,700 --> 01:58:40,593 or let's just see that's let me just show you 3027 01:58:40,593 --> 01:58:42,600 how to use video primary keys are returned. 3028 01:58:42,600 --> 01:58:43,500 Only primary Keys. 3029 01:58:43,500 --> 01:58:43,700 Okay. 3030 01:58:43,700 --> 01:58:44,200 Let's see. 3031 01:58:44,219 --> 01:58:45,680 Let's try that out. 3032 01:58:45,700 --> 01:58:47,400 Okay, so it seems to be 3033 01:58:47,400 --> 01:58:50,003 that this is a ripe database query service 3034 01:58:50,003 --> 01:58:52,100 and objects are in our PSL format. 3035 01:58:52,100 --> 01:58:54,100 So it won't really work for that thing. 3036 01:58:54,100 --> 01:58:55,001 And it also says 3037 01:58:55,001 --> 01:58:57,200 that no entries found because this error 3038 01:58:57,200 --> 01:58:59,450 so this is for some layer lessons. 3039 01:58:59,450 --> 01:59:00,200 So for now, 3040 01:59:00,200 --> 01:59:03,200 I hope I gave you a good idea of how to use Hue is 3041 01:59:03,200 --> 01:59:05,353 like you could Just go ho is 3042 01:59:05,353 --> 01:59:11,700 then some IP address 192.168.1.1 or some Gabriel just like that 3043 01:59:11,700 --> 01:59:14,300 or you could just go for a domain name service 3044 01:59:14,300 --> 01:59:18,700 like Facebook and get all sorts of information about Facebook 3045 01:59:18,700 --> 01:59:21,600 when the query actually returns you something. 3046 01:59:21,600 --> 01:59:21,894 Okay. 3047 01:59:21,894 --> 01:59:22,804 So let's move on 3048 01:59:22,804 --> 01:59:25,921 to network range is now now in this part of the video. 3049 01:59:25,921 --> 01:59:29,098 We are going to be going over the utility called who is 3050 01:59:29,098 --> 01:59:31,800 which is used for getting information from the DNS. 3051 01:59:31,800 --> 01:59:33,646 Now, let me just show you a website. 3052 01:59:33,646 --> 01:59:34,299 Get out here. 3053 01:59:34,299 --> 01:59:36,449 So this is the regional internet registries. 3054 01:59:36,449 --> 01:59:39,100 So the internet registries are used to store information 3055 01:59:39,100 --> 01:59:40,000 about domain names 3056 01:59:40,000 --> 01:59:41,200 and IP addresses and there are 3057 01:59:41,200 --> 01:59:44,100 five Regional internet registries first is iron, 3058 01:59:44,100 --> 01:59:46,000 which is responsible for North America. 3059 01:59:46,000 --> 01:59:49,390 So that would be the US and Canada then we have laugh make 3060 01:59:49,390 --> 01:59:51,294 which is responsible for Latin America 3061 01:59:51,294 --> 01:59:53,000 and portions of the Caribbean 3062 01:59:53,000 --> 01:59:54,000 then there's ripe 3063 01:59:54,000 --> 01:59:56,322 that's responsible for Europe and Middle East 3064 01:59:56,322 --> 01:59:57,211 and Central Asia. 3065 01:59:57,211 --> 01:59:59,561 There's afrinic which is responsible for Africa. 3066 01:59:59,561 --> 02:00:01,007 And finally we have up next 3067 02:00:01,007 --> 02:00:03,201 which is responsible for Asia Pacific Rim. 3068 02:00:03,201 --> 02:00:06,098 So, that's the Regional internet registries and as I said 3069 02:00:06,098 --> 02:00:08,378 who is responsible for acquiring information 3070 02:00:08,378 --> 02:00:10,723 from the various Regional internet registries 3071 02:00:10,723 --> 02:00:13,961 as you can use who is to get information about who owns 3072 02:00:13,961 --> 02:00:15,372 a particular IP address, 3073 02:00:15,372 --> 02:00:18,255 for example, let me just open up my Ubuntu system. 3074 02:00:18,255 --> 02:00:19,900 Let me clear this out first. 3075 02:00:19,900 --> 02:00:21,400 So as I was just saying, 3076 02:00:21,400 --> 02:00:24,861 for example, you could go who is facebook.com. 3077 02:00:26,900 --> 02:00:27,200 Okay. 3078 02:00:27,200 --> 02:00:29,000 So as you guys can see we could find out 3079 02:00:29,000 --> 02:00:31,572 pretty quickly about who owns a particular IP address. 3080 02:00:31,572 --> 02:00:32,300 So for example, 3081 02:00:32,300 --> 02:00:34,691 I could do who is in just go facebook.com 3082 02:00:34,691 --> 02:00:37,800 and tells me about who it belongs to a also gives you 3083 02:00:37,800 --> 02:00:39,682 who owns a particular IP address 3084 02:00:39,682 --> 02:00:42,400 and who's responsible for them from the information. 3085 02:00:42,400 --> 02:00:43,847 You can get email addresses. 3086 02:00:43,847 --> 02:00:45,605 I belong to a particular company. 3087 02:00:45,605 --> 02:00:47,200 This one has an email address 3088 02:00:47,200 --> 02:00:49,969 for Tech contact of Ip reg address it 3089 02:00:49,969 --> 02:00:53,200 so you can get all sorts of email addresses 3090 02:00:53,200 --> 02:00:56,278 attack contacts and all sorts of stuff out there 3091 02:00:56,278 --> 02:00:58,900 the Database contains only.com and dotnet 3092 02:00:58,900 --> 02:01:00,605 and all sorts of information. 3093 02:01:00,605 --> 02:01:01,400 Now. 3094 02:01:01,400 --> 02:01:03,100 I want to query a different IP address 3095 02:01:03,100 --> 02:01:04,122 and different information 3096 02:01:04,122 --> 02:01:06,300 belongs in the different Regional internet registries, 3097 02:01:06,300 --> 02:01:06,750 of course, 3098 02:01:06,750 --> 02:01:08,900 so if I want to go to a particular database, 3099 02:01:08,900 --> 02:01:10,647 I will have to use the minus H flag 3100 02:01:10,647 --> 02:01:14,000 so I could do who is Aaron net and remember the IP address 3101 02:01:14,000 --> 02:01:15,650 and I'm going to query that again. 3102 02:01:15,650 --> 02:01:17,953 And of course I get the same information back 3103 02:01:17,953 --> 02:01:19,000 because I went there 3104 02:01:19,000 --> 02:01:20,600 so you could just go 3105 02:01:20,600 --> 02:01:24,200 who is Edge and then follow it with an IP address. 3106 02:01:24,200 --> 02:01:26,490 So something like 30 4.25 3107 02:01:26,490 --> 02:01:30,600 the 176 the 98 so that's just some random IP address. 3108 02:01:30,600 --> 02:01:34,100 I just made up and it says that who is option? 3109 02:01:34,100 --> 02:01:34,800 Okay. 3110 02:01:34,800 --> 02:01:37,000 So it's a it's a capital H. 3111 02:01:37,200 --> 02:01:37,700 Okay. 3112 02:01:37,700 --> 02:01:38,491 So let's see 3113 02:01:38,491 --> 02:01:42,000 that and we get all sorts of information back from that. 3114 02:01:42,000 --> 02:01:43,900 So area a Darren and all sorts 3115 02:01:43,900 --> 02:01:45,880 of stuff now I can get information 3116 02:01:45,880 --> 02:01:47,190 about domains as well. 3117 02:01:47,190 --> 02:01:49,840 So if I can query something like netflix.com 3118 02:01:49,840 --> 02:01:51,500 and I can find out that this is 3119 02:01:51,500 --> 02:01:52,600 that actually Netflix 3120 02:01:52,600 --> 02:01:54,300 and there's an administrative contact 3121 02:01:54,300 --> 02:01:56,900 and the technical content that I need to see the difference. 3122 02:01:56,900 --> 02:01:58,000 Main server so service 3123 02:01:58,000 --> 02:01:59,716 that foot have authority of information 3124 02:01:59,716 --> 02:02:01,899 about the DNS entries for that particular domain. 3125 02:02:01,899 --> 02:02:03,800 You can also see other information like 3126 02:02:03,800 --> 02:02:05,700 when the record was created 3127 02:02:05,800 --> 02:02:08,700 and whole bunch of different phone numbers 3128 02:02:08,700 --> 02:02:11,500 that you contact an additional storing information 3129 02:02:11,500 --> 02:02:13,200 about IP addresses and domain name. 3130 02:02:13,200 --> 02:02:14,745 Sometimes it will store information 3131 02:02:14,745 --> 02:02:15,963 about particular host names 3132 02:02:15,963 --> 02:02:18,690 and there may be other reasons why you would store a hostname 3133 02:02:18,690 --> 02:02:20,000 or particular information 3134 02:02:20,000 --> 02:02:22,100 about hosting on the system where the one 3135 02:02:22,100 --> 02:02:23,400 of the rare rirs now 3136 02:02:23,400 --> 02:02:26,761 if I want to wanted to look up something specifically So 3137 02:02:26,761 --> 02:02:27,800 once I have found 3138 02:02:27,800 --> 02:02:29,900 that I could know do a look up 3139 02:02:29,900 --> 02:02:34,000 on who is supposed say something like who is full. 3140 02:02:34,000 --> 02:02:36,100 So let's say who is fool. 3141 02:02:36,100 --> 02:02:37,923 Now if you already don't have 3142 02:02:37,923 --> 02:02:40,500 who is installed you can easily install it 3143 02:02:40,500 --> 02:02:42,576 by just going up to install 3144 02:02:42,600 --> 02:02:46,700 who is on your Unix system and that should do the trick 3145 02:02:46,700 --> 02:02:49,900 and then you can start use this really Nifty tool. 3146 02:02:49,900 --> 02:02:51,515 Okay, so that was all 3147 02:02:51,515 --> 02:02:56,100 about using who is now let's get on to actually using 3148 02:02:56,300 --> 02:02:59,000 how to Network ranges for a domain. 3149 02:02:59,100 --> 02:02:59,419 Okay. 3150 02:02:59,419 --> 02:03:03,000 So now let's talk about how we are going to be going over 3151 02:03:03,000 --> 02:03:04,800 and fighting next ranges. 3152 02:03:04,800 --> 02:03:07,058 So suppose you bought it at engagement and you only 3153 02:03:07,058 --> 02:03:07,941 know the domain name 3154 02:03:07,941 --> 02:03:08,945 and you don't know much 3155 02:03:08,945 --> 02:03:10,937 beyond that and you're expected to figure out 3156 02:03:10,937 --> 02:03:12,850 where everything is and what everything is. 3157 02:03:12,850 --> 02:03:14,500 So how do you go about doing that? 3158 02:03:14,500 --> 02:03:17,000 Well use some of the tools that we either have been talking 3159 02:03:17,000 --> 02:03:19,500 about or will soon be talking about in more detail. 3160 02:03:19,500 --> 02:03:21,600 And the first thing I'm going to do is I'm going 3161 02:03:21,600 --> 02:03:23,600 to use a domain name that you record.com 3162 02:03:23,600 --> 02:03:26,400 and I'm going to look up at you like a DOT go and see 3163 02:03:26,400 --> 02:03:28,500 if I get get an IP address back. 3164 02:03:28,500 --> 02:03:33,122 So let's just head over there and go poo is Eddie record 3165 02:03:33,122 --> 02:03:34,043 or not cool, 3166 02:03:34,043 --> 02:03:36,500 or we could use the host keyword. 3167 02:03:37,100 --> 02:03:39,633 So as you see we get an IP address back 3168 02:03:39,633 --> 02:03:41,500 and that is 34 the to dander 3169 02:03:41,500 --> 02:03:45,800 to 30 the 35 and that is the IP address and you see 3170 02:03:45,800 --> 02:03:47,400 that I've got back an IP address. 3171 02:03:47,400 --> 02:03:49,000 So here's just an IP address 3172 02:03:49,000 --> 02:03:51,300 and I don't know what that IP address belongs to 3173 02:03:51,300 --> 02:03:53,600 and I also don't know how big the network range 3174 02:03:53,600 --> 02:03:54,800 or network block is 3175 02:03:54,800 --> 02:03:56,862 that's associated with so what I'm 3176 02:03:56,862 --> 02:04:00,063 Do is a who is and I'm going to look up with Aaron 3177 02:04:00,063 --> 02:04:01,500 who owns it IP address 3178 02:04:01,500 --> 02:04:08,200 so you can basically go who is 34.2 10.2 3935. 3179 02:04:10,200 --> 02:04:11,588 So as you guys can see 3180 02:04:11,588 --> 02:04:13,972 that gives us a bunch of information and 3181 02:04:13,972 --> 02:04:17,754 who is now this doesn't seem to have a very big Network range, 3182 02:04:17,754 --> 02:04:19,800 but unlike something like Netflix. 3183 02:04:19,800 --> 02:04:21,200 So suppose we were 3184 02:04:21,200 --> 02:04:27,238 to do something like host netflix.com and see See now. 3185 02:04:27,238 --> 02:04:29,700 We have a bunch of IP addresses. 3186 02:04:29,700 --> 02:04:33,300 So suppose we will do who is let's see 3187 02:04:33,700 --> 02:04:40,900 who is 52.99 the $40 147 3188 02:04:40,900 --> 02:04:44,900 now I'm expecting Netflix to be a much larger company 3189 02:04:44,900 --> 02:04:46,800 and have a better. 3190 02:04:46,800 --> 02:04:48,600 Yeah now see we get net range. 3191 02:04:48,600 --> 02:04:51,100 So this is the network range that we're talking about. 3192 02:04:51,100 --> 02:04:53,014 So we had a random IP address 3193 02:04:53,014 --> 02:04:55,608 and now we have found the network range. 3194 02:04:55,608 --> 02:04:57,937 So that's how Find network ranges 3195 02:04:57,937 --> 02:04:59,800 and this can be very useful. 3196 02:04:59,800 --> 02:05:01,330 So this gives me evidence 3197 02:05:01,330 --> 02:05:04,600 that netflix.com has a presence on different addresses. 3198 02:05:04,600 --> 02:05:05,620 The one I have also 3199 02:05:05,620 --> 02:05:08,160 located by looking up that particular host name. 3200 02:05:08,160 --> 02:05:10,700 So I've got one address here that I can look at. 3201 02:05:10,700 --> 02:05:12,300 Let's take a look at the website 3202 02:05:12,300 --> 02:05:14,100 because let me different address. 3203 02:05:14,100 --> 02:05:16,500 Now if I didn't have that I could also go 3204 02:05:16,500 --> 02:05:19,000 and do something like an MX flag. 3205 02:05:19,100 --> 02:05:22,200 So let's see I could go dig 3206 02:05:22,500 --> 02:05:26,600 and this will give us all the male's so dig MX. 3207 02:05:27,500 --> 02:05:28,800 And let's see. 3208 02:05:28,800 --> 02:05:32,600 Let's see what MX does actually you go help 3209 02:05:32,600 --> 02:05:36,200 so we could do dig - Edge for a list of options. 3210 02:05:36,200 --> 02:05:42,200 So these are all the options that we have and the one 3211 02:05:42,200 --> 02:05:44,800 that we're going to use is something like this. 3212 02:05:44,800 --> 02:05:49,600 Do you think MX and we say something like netflix.com. 3213 02:05:51,200 --> 02:05:55,000 So these are all mailings and mx's 3214 02:05:55,000 --> 02:06:00,500 that we have gotten from Netflix and this is information 3215 02:06:00,500 --> 02:06:03,172 regarding it's still producing information. 3216 02:06:03,172 --> 02:06:04,905 That's a big thing to produce. 3217 02:06:04,905 --> 02:06:05,200 Okay. 3218 02:06:05,200 --> 02:06:07,200 So as I was just saying you can use 3219 02:06:07,200 --> 02:06:10,900 the MX flag I could get back all the mail handlers in this case 3220 02:06:10,900 --> 02:06:14,600 and their mail is being handled by Google and let's see wait, 3221 02:06:14,600 --> 02:06:17,400 let's go until then it's going to tell me 3222 02:06:17,400 --> 02:06:20,300 that Google is not particularly surprising and other things 3223 02:06:20,300 --> 02:06:22,600 that you can do is check for different host names 3224 02:06:22,600 --> 02:06:25,000 since I'm assuming DNS probably doesn't allow 3225 02:06:25,000 --> 02:06:26,607 Zone transfers since most DNA. 3226 02:06:26,607 --> 02:06:28,001 Has servers don't anymore, 3227 02:06:28,001 --> 02:06:30,736 although they used to you may have to start guessing 3228 02:06:30,736 --> 02:06:33,900 so I could do something like Web Mail said we find out here. 3229 02:06:34,500 --> 02:06:38,000 So it's showed us a dump of all the ascending memory stuff. 3230 02:06:38,000 --> 02:06:39,211 Okay, so that was all 3231 02:06:39,211 --> 02:06:41,639 about finding Network ranges now moving on 3232 02:06:41,639 --> 02:06:44,600 to our next topic is using Google for recognizance. 3233 02:06:44,600 --> 02:06:48,200 Now some people also call this Google hacking now, 3234 02:06:48,200 --> 02:06:50,031 if you know how to use Google 3235 02:06:50,031 --> 02:06:53,301 to exactly Target and find what you are looking for. 3236 02:06:53,301 --> 02:06:56,500 Google is an excellent tool for recognitions purposes. 3237 02:06:56,500 --> 02:06:57,300 And today. 3238 02:06:57,300 --> 02:07:00,700 I'm going to show you how you could use Google exactly 3239 02:07:00,700 --> 02:07:02,100 for your searches. 3240 02:07:02,100 --> 02:07:03,300 So first of all, 3241 02:07:03,300 --> 02:07:06,800 let's go Open a tab of Google so open up here. 3242 02:07:06,900 --> 02:07:08,900 So let's go to google.com. 3243 02:07:09,200 --> 02:07:09,600 Ok. 3244 02:07:09,600 --> 02:07:11,200 So now we're going to be talking 3245 02:07:11,200 --> 02:07:14,961 about how we can use Google to actually gain some information 3246 02:07:14,961 --> 02:07:16,700 or some targeted information. 3247 02:07:16,700 --> 02:07:19,400 So this is in general called Google hacked now 3248 02:07:19,400 --> 02:07:21,300 when I say Google hacking I'm not meaning 3249 02:07:21,300 --> 02:07:23,500 by breaking into Google to steal information. 3250 02:07:23,500 --> 02:07:25,800 I'm talking about making use of specific keywords 3251 02:07:25,800 --> 02:07:28,199 that Google uses to get the most out of the queries 3252 02:07:28,199 --> 02:07:29,077 that you submit. 3253 02:07:29,077 --> 02:07:29,900 So for example, 3254 02:07:29,900 --> 02:07:33,134 a pretty basic one is the use of quotations you go things 3255 02:07:33,134 --> 02:07:34,717 in order to use Civic phrases. 3256 02:07:34,717 --> 02:07:36,600 Otherwise Google will find pages 3257 02:07:36,600 --> 02:07:37,800 that have instances 3258 02:07:37,900 --> 02:07:40,800 of all those words rather than the word specifically together 3259 02:07:40,800 --> 02:07:41,800 in particular order. 3260 02:07:41,800 --> 02:07:45,300 So I'm going to pull this query up and this shows a list 3261 02:07:45,300 --> 02:07:47,100 of let me just show it to you. 3262 02:07:47,100 --> 02:07:50,800 So you go index off now. 3263 02:07:50,800 --> 02:07:54,500 This is showing us an index of all the films now. 3264 02:07:54,500 --> 02:07:57,200 This is basically all those index of size 3265 02:07:57,200 --> 02:07:58,411 that you want. 3266 02:07:58,500 --> 02:08:02,000 So as you guys can see the show this index of all sorts of films 3267 02:08:02,000 --> 02:08:05,800 that are there now you can Use index of and you see 3268 02:08:05,800 --> 02:08:07,000 that we have also 3269 02:08:07,000 --> 02:08:09,200 an index of downloads or something like that. 3270 02:08:09,200 --> 02:08:11,500 -.com such download 3271 02:08:11,600 --> 02:08:14,199 and it is an index of all sorts of stuff. 3272 02:08:14,199 --> 02:08:17,824 Now you can go into some folder and check them out G Jones. 3273 02:08:17,824 --> 02:08:19,200 You weren't EG Perico. 3274 02:08:19,200 --> 02:08:21,396 I don't know what these are but some sort of self. 3275 02:08:21,396 --> 02:08:23,100 And this is how you can use Google Now. 3276 02:08:23,100 --> 02:08:24,700 Let me just show you some more tricks. 3277 02:08:24,700 --> 02:08:28,500 So you can use this suppose you're using Google 3278 02:08:28,500 --> 02:08:31,700 to find for something like a presentation 3279 02:08:31,700 --> 02:08:34,100 so you could use something like file type. 3280 02:08:34,100 --> 02:08:38,500 DP DX and it'll search for every type of file there. 3281 02:08:38,500 --> 02:08:39,800 That is Peabody. 3282 02:08:40,000 --> 02:08:40,500 Okay. 3283 02:08:41,000 --> 02:08:44,900 Let's try some other side PVD so config. 3284 02:08:45,215 --> 02:08:45,600 Okay. 3285 02:08:45,600 --> 02:08:48,400 So this brings up all the types of files 3286 02:08:48,400 --> 02:08:50,500 that have some configs in them. 3287 02:08:50,500 --> 02:08:52,499 So some gaming configuration 3288 02:08:52,499 --> 02:08:56,000 as we see this initial configuration of Liverpool. 3289 02:08:56,000 --> 02:09:00,838 Now, you could also use something like the sing and URL 3290 02:09:00,838 --> 02:09:03,300 and you can use some other route. 3291 02:09:03,700 --> 02:09:06,039 And this will give you all the things 3292 02:09:06,039 --> 02:09:07,600 that route in their URL. 3293 02:09:07,600 --> 02:09:10,700 So King rude and Digital Trends 3294 02:09:10,700 --> 02:09:14,100 and how to root Android so fasten the root 3295 02:09:14,100 --> 02:09:18,000 and suppose you want to say something like all 3296 02:09:18,000 --> 02:09:20,300 in file type or suppose. 3297 02:09:20,300 --> 02:09:25,400 You want some extension so so dot P BTW the pptx. 3298 02:09:25,400 --> 02:09:26,600 Does that work? 3299 02:09:26,600 --> 02:09:28,800 Let's search for JavaScript files. 3300 02:09:28,900 --> 02:09:29,400 Okay. 3301 02:09:29,500 --> 02:09:31,500 I think it's JS. 3302 02:09:31,800 --> 02:09:34,100 Okay, that doesn't seem to work either. 3303 02:09:34,700 --> 02:09:38,214 This shows us all the things that she estimate. 3304 02:09:38,214 --> 02:09:40,198 No, it's just external JS. 3305 02:09:40,198 --> 02:09:41,800 I'm doing this wrong. 3306 02:09:44,600 --> 02:09:46,200 So you could use file type. 3307 02:09:46,200 --> 02:09:50,000 So let's see file type and we go see doc. 3308 02:09:50,800 --> 02:09:52,175 So these are all the documents 3309 02:09:52,175 --> 02:09:54,100 that you could find at the file type thing. 3310 02:09:54,100 --> 02:09:57,300 And you could also do GS, I guess. 3311 02:09:57,500 --> 02:09:58,000 Yeah. 3312 02:09:58,000 --> 02:10:00,700 This is give you all the JavaScript files are there. 3313 02:10:00,700 --> 02:10:03,800 So this is how you can use Google to actually narrow 3314 02:10:03,800 --> 02:10:04,900 down your searches 3315 02:10:04,900 --> 02:10:07,000 to suppose you want a particular set of keywords, 3316 02:10:07,000 --> 02:10:09,800 and we want to make sure we get the password file from Google. 3317 02:10:09,800 --> 02:10:10,049 Okay. 3318 02:10:10,049 --> 02:10:10,800 So now let's go 3319 02:10:10,800 --> 02:10:12,900 into more details about the various things. 3320 02:10:12,900 --> 02:10:14,800 You can find using Google hacking. 3321 02:10:14,900 --> 02:10:17,900 Now while Google hacking techniques are really useful 3322 02:10:17,900 --> 02:10:19,700 for just general searching in Google. 3323 02:10:19,700 --> 02:10:21,982 They're also useful for penetration testers 3324 02:10:21,982 --> 02:10:23,100 or ethical hackers. 3325 02:10:23,100 --> 02:10:24,806 You can narrow down information 3326 02:10:24,806 --> 02:10:28,000 that you get from Google you get a specific list of systems 3327 02:10:28,000 --> 02:10:29,294 that may be vulnerable 3328 02:10:29,294 --> 02:10:31,610 so we can do things like look for are pages 3329 02:10:31,610 --> 02:10:33,118 that do in the title error. 3330 02:10:33,118 --> 02:10:35,800 So I'm going to get a whole bunch of information. 3331 02:10:35,800 --> 02:10:42,200 So suppose like we go in title and we say error So 3332 02:10:42,200 --> 02:10:44,300 as that we get all sorts of stuff 3333 02:10:44,300 --> 02:10:46,479 and we can do the mines Google part. 3334 02:10:46,479 --> 02:10:49,717 So if you don't mind is Google not show you the stuff 3335 02:10:49,717 --> 02:10:50,900 that's from Google. 3336 02:10:51,200 --> 02:10:52,901 So we get a variance documentation pages 3337 02:10:52,901 --> 02:10:54,649 about different vendors and the errors 3338 02:10:54,649 --> 02:10:55,500 that they support. 3339 02:10:55,500 --> 02:10:58,200 So here's one doc about Oracle about Java error, 3340 02:10:58,200 --> 02:11:01,100 but you know something more specific we may be able to get 3341 02:11:01,100 --> 02:11:03,100 errors about all sorts of other stuff. 3342 02:11:03,100 --> 02:11:06,200 So this is how you could use the Google hacking technique 3343 02:11:06,200 --> 02:11:09,200 to your own advantage of your penetration tester. 3344 02:11:09,200 --> 02:11:11,900 Now, let's also show You something called 3345 02:11:11,900 --> 02:11:14,179 the Google hacking database now. 3346 02:11:14,179 --> 02:11:17,100 This is very useful for an ethical hacker. 3347 02:11:17,100 --> 02:11:19,678 Now on the Google hacking database was created 3348 02:11:19,678 --> 02:11:22,200 several years ago by a guy called Johnny Long 3349 02:11:22,200 --> 02:11:24,524 who put this Google hacking database together to begin 3350 02:11:24,524 --> 02:11:25,950 to compile a list of searches 3351 02:11:25,950 --> 02:11:27,999 that would bring up interesting information. 3352 02:11:27,999 --> 02:11:30,900 Now Johnny has written a couple of books on Google hacking. 3353 02:11:30,900 --> 02:11:33,600 So we're at the Google hacking database website here 3354 02:11:33,600 --> 02:11:34,600 and you can see them talk 3355 02:11:34,600 --> 02:11:36,600 about Google Docs and all sorts of stuff. 3356 02:11:36,600 --> 02:11:37,608 Now you can see 3357 02:11:37,608 --> 02:11:40,700 that we can do all sorts of search like and you 3358 02:11:40,700 --> 02:11:45,800 are Elsa BC B SP this brings up some portal Pages now out here. 3359 02:11:45,800 --> 02:11:49,600 You can bring up some password APS password and URL. 3360 02:11:49,600 --> 02:11:52,200 Now this will give you all sorts of stuff 3361 02:11:52,200 --> 02:11:59,200 on Google suppose you go and URL like a PS password. 3362 02:11:59,500 --> 02:12:01,186 Now, you can get all sorts 3363 02:12:01,186 --> 02:12:04,200 of stuff like which have passwords in their URL. 3364 02:12:04,200 --> 02:12:07,600 So maybe you can just guess a password from there to now 3365 02:12:07,600 --> 02:12:08,900 that was Google hacking 3366 02:12:08,900 --> 02:12:10,900 so Google hacking entries and they also, 3367 02:12:10,900 --> 02:12:11,900 Number of categories 3368 02:12:11,900 --> 02:12:14,600 and that you can look through to find some specific things. 3369 02:12:14,600 --> 02:12:16,400 So you may be interested in of course 3370 02:12:16,400 --> 02:12:18,824 and you will search specific information that you 3371 02:12:18,824 --> 02:12:21,400 may be looking for with regards to specific product. 3372 02:12:21,400 --> 02:12:24,900 For example, let me just show you XY database. 3373 02:12:24,900 --> 02:12:26,800 These are all the certain types of stuff. 3374 02:12:26,800 --> 02:12:28,200 You can go through out here. 3375 02:12:28,300 --> 02:12:30,688 And as you see we have all sorts 3376 02:12:30,688 --> 02:12:33,600 of sound like is an SQL injection thing. 3377 02:12:33,761 --> 02:12:37,300 This is something regarding Pier archived ours. 3378 02:12:37,300 --> 02:12:40,600 So these let you get a foothold in the some password cracking. 3379 02:12:40,600 --> 02:12:42,800 Alms and you can do some Brute Force checking 3380 02:12:42,800 --> 02:12:43,825 and you can see here 3381 02:12:43,825 --> 02:12:46,800 if it talks about the type of searches and what it reveals. 3382 02:12:46,800 --> 02:12:48,912 You can just click here on Google search engine 3383 02:12:48,912 --> 02:12:51,300 will actually bring up Google fit a list of responses 3384 02:12:51,300 --> 02:12:52,400 that Google generates. 3385 02:12:52,400 --> 02:12:54,500 So let's look at this one here. 3386 02:12:54,500 --> 02:12:56,600 This type is a log. 3387 02:12:56,600 --> 02:12:59,400 So this is something about cross-site scripting logs 3388 02:12:59,400 --> 02:13:02,800 and we can also see some party logs 3389 02:13:02,800 --> 02:13:04,600 if I was not wrong 3390 02:13:04,600 --> 02:13:09,000 so some denial-of-service POC and we can see a bunch of stuff 3391 02:13:09,000 --> 02:13:11,000 and if you continue to scroll down there, 3392 02:13:11,000 --> 02:13:12,300 Our interesting information 3393 02:13:12,300 --> 02:13:14,800 in here so somehow somebody's got a party log 3394 02:13:14,800 --> 02:13:16,690 that has a lot of information. 3395 02:13:16,690 --> 02:13:19,400 They've got it up on a website and basically 3396 02:13:19,400 --> 02:13:20,663 bunch of information 3397 02:13:20,663 --> 02:13:24,200 that you can see you can also get some surveillance video 3398 02:13:24,200 --> 02:13:28,200 sometimes and you can look into them and this basically 3399 02:13:28,200 --> 02:13:29,900 how you could use Google. 3400 02:13:29,900 --> 02:13:32,935 So it's basically a list of queries that you can go through 3401 02:13:32,935 --> 02:13:34,700 and this is a very useful site 3402 02:13:34,700 --> 02:13:37,678 if you are a penetration tester and looking for some help 3403 02:13:37,678 --> 02:13:39,700 with your Google hacking terminologies, 3404 02:13:39,700 --> 02:13:40,600 so that's it for 3405 02:13:40,600 --> 02:13:41,800 Or Google hacking now. 3406 02:13:41,800 --> 02:13:42,625 Let's move on. 3407 02:13:42,625 --> 02:13:42,915 Okay. 3408 02:13:42,915 --> 02:13:45,700 So now it's time for some networking fundamentals 3409 02:13:45,700 --> 02:13:48,500 and what better place to begin with dcpip. 3410 02:13:48,500 --> 02:13:51,200 Now we're going to be talking about the history of dcpip 3411 02:13:51,200 --> 02:13:51,863 and the network 3412 02:13:51,863 --> 02:13:53,500 that eventually morphed into the thing 3413 02:13:53,500 --> 02:13:55,000 that we now call the internet. 3414 02:13:55,000 --> 02:13:57,291 So this thing began in 1969 and it spun 3415 02:13:57,291 --> 02:14:00,100 out of this government organization called arpa 3416 02:14:00,100 --> 02:14:02,897 which Advanced research projects agency and they 3417 02:14:02,897 --> 02:14:05,246 had an idea to create a computer network 3418 02:14:05,246 --> 02:14:07,484 that was resilient to a certain type 3419 02:14:07,484 --> 02:14:08,700 of military attacks 3420 02:14:08,700 --> 02:14:11,400 and the idea was to have This network 3421 02:14:11,400 --> 02:14:15,300 that could survive certain types of war and warlike conditions. 3422 02:14:15,300 --> 02:14:18,900 So our percent out this request for proposals to BBN, 3423 02:14:18,900 --> 02:14:22,021 which is Bolt beranek and Newman and they were previously 3424 02:14:22,021 --> 02:14:24,668 and acoustical consulting company and they won 3425 02:14:24,668 --> 02:14:25,900 the contract to build 3426 02:14:25,900 --> 02:14:27,700 what was called the arpanet. 3427 02:14:27,700 --> 02:14:30,200 The first connection was in 1969. 3428 02:14:30,200 --> 02:14:32,170 So that's where we get the idea 3429 02:14:32,170 --> 02:14:35,300 that the internet began in 1969 and the internet 3430 02:14:35,300 --> 02:14:38,534 as we call it now Then Shall We Begin but arpanet it 3431 02:14:38,534 --> 02:14:40,500 and often it has a long history 3432 02:14:40,500 --> 02:14:42,731 that goes goes through NSF net 3433 02:14:42,731 --> 02:14:46,600 in 1980s and after arpanet was sort of decommissioned 3434 02:14:46,600 --> 02:14:49,423 and a lot of other networks were folded into this 3435 02:14:49,423 --> 02:14:50,800 this thing called nsfnet 3436 02:14:50,800 --> 02:14:53,400 that then turned into what we now call the internet 3437 02:14:53,400 --> 02:14:55,700 and once a lot of other networks were connected 3438 02:14:55,700 --> 02:14:57,800 into its first protocol on the arpanet 3439 02:14:57,800 --> 02:15:00,122 initially there were 18 to 22 protocols, 3440 02:15:00,122 --> 02:15:03,100 which is very first protocol defining communication 3441 02:15:03,100 --> 02:15:05,905 on arpanet and it was called 1822 protocol 3442 02:15:05,905 --> 02:15:08,401 because BBN report 1822 which describes 3443 02:15:08,401 --> 02:15:10,800 how it works shortly and after that. 3444 02:15:10,800 --> 02:15:13,800 It was just think all the network control program 3445 02:15:13,800 --> 02:15:16,400 and the network control program consisted 3446 02:15:16,400 --> 02:15:20,500 of arpanet host-to-host protocol and an initial control protocol. 3447 02:15:20,500 --> 02:15:23,330 Now, they're certainly not a direct correlation 3448 02:15:23,330 --> 02:15:24,500 or an analogy here. 3449 02:15:24,500 --> 02:15:25,804 But if you want to think 3450 02:15:25,804 --> 02:15:28,098 about it in particular where you can say 3451 02:15:28,098 --> 02:15:31,400 that the arpanet host-to-host protocol is kind of like UDP 3452 02:15:31,400 --> 02:15:34,100 and initial connection protocol or ICP. 3453 02:15:34,100 --> 02:15:35,200 It's kind of like TCP. 3454 02:15:35,200 --> 02:15:37,200 So the host-to-host protocol provided 3455 02:15:37,200 --> 02:15:40,600 a unidirectional flow control steam stream between hosts. 3456 02:15:40,600 --> 02:15:42,900 Which sounded a little bit like UDP and ICP 3457 02:15:42,900 --> 02:15:46,100 provided a bi-directional pair of streams between Two Hosts. 3458 02:15:46,100 --> 02:15:48,300 And again, these aren't perfect knowledge. 3459 02:15:48,300 --> 02:15:51,500 He's but the host-to-host protocol is a little I bit 3460 02:15:51,500 --> 02:15:53,633 like UDP and ICP is a little bit 3461 02:15:53,633 --> 02:15:56,500 like TCP now now the first router was called 3462 02:15:56,500 --> 02:15:59,869 an interface message processor and that was developed by BBN. 3463 02:15:59,869 --> 02:16:02,500 It was actually a ruggedized Honeywell computer 3464 02:16:02,500 --> 02:16:04,800 that had special interfaces and software. 3465 02:16:04,800 --> 02:16:08,500 So the first router wasn't Roundup built piece of Hardware, 3466 02:16:08,500 --> 02:16:10,900 but it was actually an existing piece of hardware. 3467 02:16:10,900 --> 02:16:13,800 Especially published for this particular application. 3468 02:16:13,800 --> 02:16:17,700 So Honeywell had this computer that they made out and BBN took 3469 02:16:17,700 --> 02:16:20,186 that and made some specific hardware and faces 3470 02:16:20,186 --> 02:16:21,900 and build some special software 3471 02:16:21,900 --> 02:16:23,252 that allowed it to turn 3472 02:16:23,252 --> 02:16:25,300 into this interface message processor, 3473 02:16:25,300 --> 02:16:28,600 which passed messages over arpanet from one location 3474 02:16:28,600 --> 02:16:29,800 to another so 3475 02:16:29,900 --> 02:16:33,000 where did I become hint here in 1973? 3476 02:16:33,000 --> 02:16:35,600 So I became in here as well in 1973 3477 02:16:35,600 --> 02:16:38,299 as I just said and a guy but name of Vint Cerf 3478 02:16:38,299 --> 02:16:40,899 and another guy by the name of Robert Kahn took. 3479 02:16:40,900 --> 02:16:44,100 The ideas of NCP and what the arpanet was doing 3480 02:16:44,100 --> 02:16:46,049 and they tried to come up with some Concepts 3481 02:16:46,049 --> 02:16:47,499 that would work for the needs 3482 02:16:47,500 --> 02:16:49,600 that the arpanet had and so by 1974. 3483 02:16:49,600 --> 02:16:52,799 They had published a paper that was published by the IEEE 3484 02:16:52,799 --> 02:16:54,899 and they propose some new protocols. 3485 02:16:54,900 --> 02:16:58,200 They originally proposed the central protocol called TCP 3486 02:16:58,200 --> 02:17:00,400 later on TCP was broken into TCP 3487 02:17:00,400 --> 02:17:03,183 and IP to get away from the monolithic concept 3488 02:17:03,183 --> 02:17:05,713 that TCP was originally so they broke it 3489 02:17:05,714 --> 02:17:09,000 into more modular protocols and thus you get TCP and IP. 3490 02:17:09,000 --> 02:17:10,900 So how do we get to our version? 3491 02:17:10,900 --> 02:17:12,100 Or which is ipv4 3492 02:17:12,100 --> 02:17:13,245 since that's the kind 3493 02:17:13,245 --> 02:17:16,308 of Internet that we're using right now version 6 is coming 3494 02:17:16,308 --> 02:17:18,641 and has been coming for many many years now, 3495 02:17:18,641 --> 02:17:20,700 but you're still kind of version for 3496 02:17:20,700 --> 02:17:24,300 so how did we get here between 1977 and 79 3497 02:17:24,400 --> 02:17:28,500 and we went through version 0 to 3 By 1979 and 1980. 3498 02:17:28,500 --> 02:17:30,499 We started using version 4 and 3499 02:17:30,499 --> 02:17:33,477 that's eventually became the de facto protocol 3500 02:17:33,477 --> 02:17:35,000 on the internet in 1983 3501 02:17:35,000 --> 02:17:38,376 when NCP was finally shut down because of all the hosts 3502 02:17:38,376 --> 02:17:39,367 on the arpanet, 3503 02:17:39,367 --> 02:17:40,885 but we're using TCP IP. 3504 02:17:40,885 --> 02:17:42,912 By that point in 1992 work began 3505 02:17:42,912 --> 02:17:45,700 on an IP Next Generation and for a long time, 3506 02:17:45,700 --> 02:17:47,400 although the specifications 3507 02:17:47,400 --> 02:17:50,400 in the rfc's talked about P&G eventually 3508 02:17:50,400 --> 02:17:53,700 and I PNG became known as IPv6. 3509 02:17:53,700 --> 02:17:56,200 You may be wondering where ipv5 went. 3510 02:17:56,200 --> 02:17:58,282 Well, it was especially purpose protocol 3511 02:17:58,282 --> 02:17:59,693 that had to do something 3512 02:17:59,693 --> 02:18:02,499 with streaming and certainly not a widespread thing. 3513 02:18:02,500 --> 02:18:04,600 One of the differences between ipv4. 3514 02:18:04,600 --> 02:18:05,424 And IPv6 is 3515 02:18:05,424 --> 02:18:09,799 that IPv6 has a 128-bit address which gives us the ability 3516 02:18:09,799 --> 02:18:13,199 to have some Recklessly large numbers of devices 3517 02:18:13,200 --> 02:18:17,228 that have their own unique IP address IP V4 by comparison 3518 02:18:17,228 --> 02:18:19,099 has only 32-bit addresses. 3519 02:18:19,100 --> 02:18:20,951 And as you probably heard we're well 3520 02:18:20,951 --> 02:18:23,551 on our way to exhausting the number of IP addresses 3521 02:18:23,552 --> 02:18:25,468 that are available and we've done a lot 3522 02:18:25,468 --> 02:18:27,940 of things over the years to conserve address space 3523 02:18:27,940 --> 02:18:29,100 and reuse address space 3524 02:18:29,100 --> 02:18:31,500 so we can continue to extending to the point till 3525 02:18:31,500 --> 02:18:33,700 where we completely run a 5p V4 addresses. 3526 02:18:33,700 --> 02:18:36,151 Another thing about IPv6 is it attempts to fix 3527 02:18:36,151 --> 02:18:37,732 on the inherent issues and IP 3528 02:18:37,732 --> 02:18:40,258 and some of those has to do with security concerns 3529 02:18:40,258 --> 02:18:43,200 and there are certainly a number of flaws and ipv4. 3530 02:18:43,200 --> 02:18:46,299 I'm going to start working on IP Next Generation or IPv6. 3531 02:18:46,299 --> 02:18:48,999 They try to address some of those concerns in some 3532 02:18:49,000 --> 02:18:51,700 of those issues and they may not have done it perfectly 3533 02:18:51,700 --> 02:18:53,609 but it was certainly an attempt 3534 02:18:53,609 --> 02:18:56,200 and IPv6 attempt to fix some of the issues 3535 02:18:56,200 --> 02:18:58,000 that were inherently in IP. 3536 02:18:58,000 --> 02:19:02,900 And so that's the history of TCP IP still very reach today. 3537 02:19:03,500 --> 02:19:04,000 Okay. 3538 02:19:04,000 --> 02:19:07,419 So now that we've discussed a brief history on TCP IP 3539 02:19:07,419 --> 02:19:10,100 and how it came about to the TCP IP version 3540 02:19:10,100 --> 02:19:12,300 4 Cisco's the model itself. 3541 02:19:12,400 --> 02:19:14,700 Now we're going to be discussing two models. 3542 02:19:14,700 --> 02:19:17,700 And those are the OSI model and the TCP IP model. 3543 02:19:17,700 --> 02:19:21,307 Now as I said will be talking about the OSI and TCP models 3544 02:19:21,307 --> 02:19:24,209 for Network protocols and the network Stacks OSI. 3545 02:19:24,209 --> 02:19:25,600 First of all is the one 3546 02:19:25,600 --> 02:19:28,799 that you see out here is the one on the left hand side 3547 02:19:28,799 --> 02:19:32,699 of the screen and OSI stands for open systems interconnection. 3548 02:19:32,700 --> 02:19:34,100 And in the late 1970s, 3549 02:19:34,100 --> 02:19:37,258 they start working on a model for how a network stack 3550 02:19:37,258 --> 02:19:40,302 and network protocols would look originally the intent was 3551 02:19:40,302 --> 02:19:42,941 to develop the model and then developed protocols 3552 02:19:42,941 --> 02:19:44,030 that went with it. 3553 02:19:44,030 --> 02:19:45,906 But what ended up happening was 3554 02:19:45,906 --> 02:19:49,600 after they develop the models TCP IP started really taking off 3555 02:19:49,600 --> 02:19:51,303 and the TCP IP model was 3556 02:19:51,303 --> 02:19:54,000 what went along with it and much better 3557 02:19:54,000 --> 02:19:56,300 what was going on with TCP IP, 3558 02:19:56,300 --> 02:19:59,766 which became the predominant protocol and as a result 3559 02:19:59,766 --> 02:20:02,796 The OSI protocols never actually got developed. 3560 02:20:02,796 --> 02:20:04,950 However, we still use the OSI model 3561 02:20:04,950 --> 02:20:07,800 for teaching tool as well as way of describing 3562 02:20:07,800 --> 02:20:10,071 what's going on with the network stack 3563 02:20:10,071 --> 02:20:11,300 and the Applications 3564 02:20:11,300 --> 02:20:14,200 you'll often hear people talking about different layers. 3565 02:20:14,200 --> 02:20:16,100 Like that's a little too problem 3566 02:20:16,100 --> 02:20:18,545 or render layer 3 space now continuing 3567 02:20:18,545 --> 02:20:20,000 through these lessons. 3568 02:20:20,000 --> 02:20:22,447 I'll refer occasionally to the different layers. 3569 02:20:22,447 --> 02:20:25,052 And when I do that, I'm referring to the OSI model. 3570 02:20:25,052 --> 02:20:27,658 So let's take a look at the OSI model starting 3571 02:20:27,658 --> 02:20:28,641 from the bottom. 3572 02:20:28,641 --> 02:20:30,249 We have the physical layer, 3573 02:20:30,249 --> 02:20:34,033 which is where all the physical stuff lives the wires and cables 3574 02:20:34,033 --> 02:20:35,355 and network interfaces 3575 02:20:35,355 --> 02:20:38,400 and hubs repeaters switches and all that sort of stuff. 3576 02:20:38,400 --> 02:20:40,900 So all that's all physical stuff is sitting Sitting 3577 02:20:40,900 --> 02:20:42,186 in the physical layer now 3578 02:20:42,186 --> 02:20:44,401 sitting Above This is the data link layer. 3579 02:20:44,401 --> 02:20:46,400 And that's where the ethernet protocol 3580 02:20:46,400 --> 02:20:48,200 ATM protocol frame relay. 3581 02:20:48,200 --> 02:20:49,636 Those are things live. 3582 02:20:49,636 --> 02:20:49,872 Now. 3583 02:20:49,872 --> 02:20:51,059 I mentioned the switch 3584 02:20:51,059 --> 02:20:53,599 below the physical the switch lives at layer 1, 3585 02:20:53,599 --> 02:20:55,187 but it operates at layer 2. 3586 02:20:55,187 --> 02:20:57,267 And the reason it operates at layer 2 is 3587 02:20:57,267 --> 02:20:59,400 because it looks at the data link address 3588 02:20:59,400 --> 02:21:01,239 and the layer to our physical address 3589 02:21:01,239 --> 02:21:04,100 and that's not to be confused with in the physical layer. 3590 02:21:04,100 --> 02:21:06,176 It does get a little mixed up sometimes 3591 02:21:06,176 --> 02:21:08,000 and we refer to the MAC address 3592 02:21:08,000 --> 02:21:10,800 now the MAC address is not the physical address. 3593 02:21:10,900 --> 02:21:11,900 I'm talking about it 3594 02:21:11,900 --> 02:21:14,400 is the message authentication code dress 3595 02:21:14,400 --> 02:21:17,100 on the system as so the MAC address 3596 02:21:17,100 --> 02:21:18,779 on system as a physical address 3597 02:21:18,779 --> 02:21:21,000 because it lives on the physical interface 3598 02:21:21,000 --> 02:21:22,400 and bound physically. 3599 02:21:22,400 --> 02:21:24,000 However that Mac address 3600 02:21:24,000 --> 02:21:26,800 or media Access Control address lives at layer 3601 02:21:26,800 --> 02:21:29,700 2 at the data link layer the network layer, 3602 02:21:29,700 --> 02:21:31,700 which is right above at layer 3. 3603 02:21:31,700 --> 02:21:35,500 That's why the IP lives as well as icmp ipx 3604 02:21:35,500 --> 02:21:36,800 and from ipx SPX 3605 02:21:36,800 --> 02:21:40,400 to the protocols from novel routers operate at layer 3. 3606 02:21:40,400 --> 02:21:44,000 Three and at layer 4 above that is the transport layer. 3607 02:21:44,000 --> 02:21:48,000 That's the TCP UDP and SPX again from the ipx SPX suit 3608 02:21:48,000 --> 02:21:50,900 of protocols number of that is the session layer 3609 02:21:50,900 --> 02:21:52,328 and that's layer 5 and 3610 02:21:52,328 --> 02:21:55,900 that's a plot of SSH as well as several other protocols. 3611 02:21:55,900 --> 02:21:57,326 Then there's a presentation layer 3612 02:21:57,326 --> 02:21:59,600 which is a layer 6 and you'll often see people refer 3613 02:21:59,600 --> 02:22:02,788 to something like jpeg or MPEG as examples of protocols 3614 02:22:02,788 --> 02:22:06,141 that live on that layer then there's a presentation layer, 3615 02:22:06,141 --> 02:22:07,500 which is the final layer 3616 02:22:07,500 --> 02:22:09,950 which is layer 6 and you'll often see people refer 3617 02:22:09,950 --> 02:22:11,300 to something like Jpeg, 3618 02:22:11,300 --> 02:22:14,496 or MPEG as example the protocol that live at that layer 3619 02:22:14,496 --> 02:22:18,202 and then the live at that layer which is the presentation layer. 3620 02:22:18,202 --> 02:22:18,900 Finally. 3621 02:22:18,900 --> 02:22:19,851 We have Leo 7, 3622 02:22:19,851 --> 02:22:24,300 which is the application layer and that's actually TP FTP SMTP 3623 02:22:24,300 --> 02:22:27,529 and similar application protocols whose responsibility 3624 02:22:27,529 --> 02:22:29,982 is to deliver and use the functionality. 3625 02:22:29,982 --> 02:22:32,199 So that's basically the OSI model and 3626 02:22:32,199 --> 02:22:34,600 that's the seven layers of the OSI model 3627 02:22:34,600 --> 02:22:36,700 and there's some important thing to note here. 3628 02:22:36,700 --> 02:22:38,400 That is when we are putting packets 3629 02:22:38,400 --> 02:22:40,618 onto the wire the packets get built from Top. 3630 02:22:40,618 --> 02:22:41,716 Top of the Stack Down 3631 02:22:41,716 --> 02:22:44,544 by from the top of the stack to the bottom of the stack 3632 02:22:44,544 --> 02:22:46,894 which is why it's called a stack each layer sits 3633 02:22:46,894 --> 02:22:47,872 on top of the other 3634 02:22:47,872 --> 02:22:50,557 and the application layer is responsible for beginning 3635 02:22:50,557 --> 02:22:51,566 the process and then 3636 02:22:51,566 --> 02:22:53,749 that follows through the presentation session 3637 02:22:53,749 --> 02:22:56,600 and transport layer and down through the network data link 3638 02:22:56,600 --> 02:22:59,637 until we finally drop it on the wire at the physical layer 3639 02:22:59,637 --> 02:23:01,504 when it's received from the network. 3640 02:23:01,504 --> 02:23:02,900 It goes from the bottom up 3641 02:23:02,900 --> 02:23:04,500 and we receive it on the physical 3642 02:23:04,500 --> 02:23:06,186 and gets handled by the data link 3643 02:23:06,186 --> 02:23:08,951 and then the network and till the application layer. 3644 02:23:08,951 --> 02:23:11,700 So basically when a packet Coming in it comes in 3645 02:23:11,700 --> 02:23:14,035 from the application goes out from the physical 3646 02:23:14,035 --> 02:23:15,800 and then we're going out also, 3647 02:23:15,800 --> 02:23:18,400 it goes from the physical through the data link, 3648 02:23:18,500 --> 02:23:20,800 then the network transport session presentation 3649 02:23:20,800 --> 02:23:23,400 and application and finally to the Target system. 3650 02:23:23,400 --> 02:23:26,150 Now what we're dealing with is an encapsulation process. 3651 02:23:26,150 --> 02:23:29,200 So at every layer on the way down the different layers 3652 02:23:29,200 --> 02:23:32,181 add bits of information to the datagram all the packet. 3653 02:23:32,181 --> 02:23:33,500 So that's when it gets 3654 02:23:33,500 --> 02:23:35,500 to the other side each layer knows 3655 02:23:35,500 --> 02:23:37,400 where it's demarcation pointers. 3656 02:23:37,400 --> 02:23:39,300 Well, it may seem obvious each layer. 3657 02:23:39,300 --> 02:23:40,500 Talk to the same layer. 3658 02:23:40,600 --> 02:23:41,500 On the other side. 3659 02:23:41,500 --> 02:23:43,300 So when we drop a packet out 3660 02:23:43,300 --> 02:23:46,311 onto the wire the physical layer talks to the physical layer 3661 02:23:46,311 --> 02:23:48,200 and in other words the electrical bits 3662 02:23:48,200 --> 02:23:50,400 that get transmitted by the network interface 3663 02:23:50,400 --> 02:23:51,919 on the first system are received 3664 02:23:51,919 --> 02:23:54,269 on the second system on the second system. 3665 02:23:54,269 --> 02:23:55,400 The layer two headers 3666 02:23:55,400 --> 02:23:57,700 have report by the first system get removed 3667 02:23:57,700 --> 02:23:59,300 and handled as necessary. 3668 02:23:59,300 --> 02:24:00,900 Same thing at the network layer. 3669 02:24:00,900 --> 02:24:03,000 It's a network layer the puts the IP header 3670 02:24:03,000 --> 02:24:04,020 and the network layer 3671 02:24:04,020 --> 02:24:06,800 that removes the IP header and determines what to do 3672 02:24:06,800 --> 02:24:08,900 from there and so on and so on again 3673 02:24:08,900 --> 02:24:10,400 while it may seem obvious 3674 02:24:10,400 --> 02:24:12,511 It's an important distinction to recognize 3675 02:24:12,511 --> 02:24:14,294 that each layer talk to each layer 3676 02:24:14,294 --> 02:24:15,693 while it may seem obvious. 3677 02:24:15,693 --> 02:24:17,900 It's an important distinction to recognize 3678 02:24:17,900 --> 02:24:19,653 that each layer talk to each layer. 3679 02:24:19,653 --> 02:24:21,800 And when you're building a packet you go down 3680 02:24:21,800 --> 02:24:22,600 through the stack 3681 02:24:22,600 --> 02:24:25,100 and when you're receiving you come up to the stack. 3682 02:24:25,100 --> 02:24:26,600 And again, it's called a stack 3683 02:24:26,600 --> 02:24:29,264 because you keep pushing things on top of the packet 3684 02:24:29,264 --> 02:24:31,500 and they get popped off the other side. 3685 02:24:31,500 --> 02:24:33,184 So that was detailed 3686 02:24:33,184 --> 02:24:36,799 and brief working on how the OSI model is set up 3687 02:24:36,799 --> 02:24:39,200 and how the OSI model works now, 3688 02:24:39,200 --> 02:24:41,100 let's move on to the VIP model, 3689 02:24:41,100 --> 02:24:43,350 which is on the right hand side and you'll notice 3690 02:24:43,350 --> 02:24:45,900 that there's a really big difference here that being 3691 02:24:45,900 --> 02:24:48,604 that there are only four layers in the TCP IP model 3692 02:24:48,604 --> 02:24:51,153 as compared to the seven layers of the OSI model. 3693 02:24:51,153 --> 02:24:53,061 Now, we have the network access layer 3694 02:24:53,061 --> 02:24:56,400 the internet layer the transport layer and the application layer 3695 02:24:56,400 --> 02:24:57,510 in the functionality. 3696 02:24:57,510 --> 02:24:59,038 Now, we have the access layer 3697 02:24:59,038 --> 02:25:00,877 the internet layer the transport layer 3698 02:25:00,877 --> 02:25:03,100 and the application layer the functionality 3699 02:25:03,100 --> 02:25:05,800 that the stack provides is the same and in other words, 3700 02:25:05,800 --> 02:25:07,800 you're not going to get less functionality 3701 02:25:07,800 --> 02:25:09,100 out of the TCP IP model. 3702 02:25:09,100 --> 02:25:12,149 It's just that they've changed where And functionality decides 3703 02:25:12,149 --> 02:25:15,300 and where the demarcation point between the different layers are 3704 02:25:15,300 --> 02:25:18,182 so there are only four layers in the TCP IP model, 3705 02:25:18,182 --> 02:25:20,869 which means that a couple of layers that have taken 3706 02:25:20,869 --> 02:25:22,931 in functions from some of the OSI models 3707 02:25:22,931 --> 02:25:25,625 and we can get into that right here the difference 3708 02:25:25,625 --> 02:25:28,100 between the models at the network access layer 3709 02:25:28,100 --> 02:25:29,300 in the TCP IP model 3710 02:25:29,300 --> 02:25:30,750 that consists of the physical 3711 02:25:30,750 --> 02:25:32,916 and the data link layer from The OSI model. 3712 02:25:32,916 --> 02:25:34,000 So on the right here, 3713 02:25:34,000 --> 02:25:35,761 you see the network access layer 3714 02:25:35,761 --> 02:25:38,900 that takes into the account the physical and the data link 3715 02:25:38,900 --> 02:25:40,100 layers from The OSI model 3716 02:25:40,100 --> 02:25:41,700 and the Left hand side similarly 3717 02:25:41,700 --> 02:25:44,170 the application layer from the TCP IP model 3718 02:25:44,170 --> 02:25:46,588 and compresses all the session presentation 3719 02:25:46,588 --> 02:25:48,999 and the application layer of the OSI model 3720 02:25:48,999 --> 02:25:51,500 on the right the very top box the application layer 3721 02:25:51,500 --> 02:25:53,600 and Compass has the session presentation 3722 02:25:53,600 --> 02:25:56,000 and application layer and on the left hand side 3723 02:25:56,100 --> 02:25:58,400 that of course leaves the transport layer to be 3724 02:25:58,400 --> 02:26:00,000 the same and the OSI model. 3725 02:26:00,000 --> 02:26:02,900 They call it the network layer and then dcpip model. 3726 02:26:02,900 --> 02:26:05,318 It's called the internet layer same sort of thing. 3727 02:26:05,318 --> 02:26:07,549 That's where the IP lives and even though it's called 3728 02:26:07,549 --> 02:26:10,200 the internet layer as compared to the network layer. 3729 02:26:10,200 --> 02:26:11,956 It's Same sort of functionality. 3730 02:26:11,956 --> 02:26:14,700 So those are the really big differences between OSI 3731 02:26:14,700 --> 02:26:16,500 and dcpip model anytime. 3732 02:26:16,500 --> 02:26:20,200 I refer to layers through the course of this video 3733 02:26:20,200 --> 02:26:23,100 that I'm going to be referring to the OSI model and in part 3734 02:26:23,100 --> 02:26:25,299 because it makes it easier to differentiate 3735 02:26:25,299 --> 02:26:26,700 the different functionality. 3736 02:26:26,700 --> 02:26:29,670 If I were to say live on function in the TCP IP model, 3737 02:26:29,670 --> 02:26:31,200 you would necessarily know 3738 02:26:31,200 --> 02:26:33,100 if I was talking about a physical thing 3739 02:26:33,100 --> 02:26:34,500 or a data link thing 3740 02:26:34,500 --> 02:26:38,000 since there's more granularity in the OSI model. 3741 02:26:38,000 --> 02:26:40,639 It's better to talk about the functionality in terms. 3742 02:26:40,639 --> 02:26:42,425 Terms of the layers in the OSI model 3743 02:26:42,425 --> 02:26:44,723 and that's the predominant model The OSI model 3744 02:26:44,723 --> 02:26:45,900 and the TCP IP model 3745 02:26:45,900 --> 02:26:49,200 for Network Stacks Network protocols and applications. 3746 02:26:49,300 --> 02:26:50,100 Okay. 3747 02:26:50,100 --> 02:26:52,688 So now that we've discussed the TCP IP model. 3748 02:26:52,688 --> 02:26:55,029 Let's go over some another important protocol 3749 02:26:55,029 --> 02:26:55,970 and that is UDP. 3750 02:26:55,970 --> 02:26:57,441 So what do you see out here 3751 02:26:57,441 --> 02:26:59,452 on your screen right now is Wireshark 3752 02:26:59,452 --> 02:27:02,100 and we'll be going over the users of our shark 3753 02:27:02,100 --> 02:27:06,008 and what it's useful for in the sock upcoming lessons. 3754 02:27:06,008 --> 02:27:09,200 But for now, let me just show you a UDP packet. 3755 02:27:09,200 --> 02:27:10,049 Okay. 3756 02:27:10,049 --> 02:27:11,300 So before we get 3757 02:27:11,300 --> 02:27:15,300 into the analysis of the packet while it's still filtering, 3758 02:27:15,300 --> 02:27:17,200 let me just tell you a little bit about you to be 3759 02:27:17,200 --> 02:27:21,100 so UDP is a protocol and the TCP IP suit of protocols. 3760 02:27:21,100 --> 02:27:22,558 It's in the network layer. 3761 02:27:22,558 --> 02:27:24,395 That's a network layer in the OSI. 3762 02:27:24,395 --> 02:27:27,192 So similar reference model the IP network layer carries 3763 02:27:27,192 --> 02:27:28,000 the IP address 3764 02:27:28,000 --> 02:27:30,699 and that has information about how to get back is 3765 02:27:30,699 --> 02:27:31,600 to his destination 3766 02:27:31,600 --> 02:27:33,794 the transport layer sits on top of the network layer 3767 02:27:33,794 --> 02:27:35,000 and that carries information 3768 02:27:35,000 --> 02:27:37,964 about how to differentiate Network layer applications 3769 02:27:37,964 --> 02:27:41,199 and that information about how those Network application 3770 02:27:41,200 --> 02:27:44,000 gets differentiated is in the form of ports. 3771 02:27:44,000 --> 02:27:46,095 So the transport layer has ports 3772 02:27:46,095 --> 02:27:49,500 and the network layer has in this case an IP address. 3773 02:27:49,500 --> 02:27:53,142 And UDP is a transport layer protocol and UDP stands 3774 02:27:53,142 --> 02:27:55,000 for user datagram protocol 3775 02:27:55,000 --> 02:27:58,685 and often call connectionless or sometimes unreliable. 3776 02:27:58,685 --> 02:28:00,498 Now unreliable doesn't mean 3777 02:28:00,498 --> 02:28:03,700 that you can't really rely on it unreliable means 3778 02:28:03,700 --> 02:28:04,887 that you can't just 3779 02:28:04,887 --> 02:28:07,700 that what you sent is reaching the other side. 3780 02:28:07,700 --> 02:28:09,800 So 1 means actually that there's nothing 3781 02:28:09,800 --> 02:28:12,100 in the protocol that says it's going to guarantee 3782 02:28:12,100 --> 02:28:14,600 that the data Will Graham that you send or the fact 3783 02:28:14,600 --> 02:28:17,900 that you send is going to get where you wanted send it. 3784 02:28:17,900 --> 02:28:21,700 So the Tikal has no sort of safety feature like that. 3785 02:28:21,700 --> 02:28:24,049 So you shouldn't use this protocol that is used to be 3786 02:28:24,049 --> 02:28:25,800 if you want some sort of safety net. 3787 02:28:25,800 --> 02:28:27,900 And if you needed that type of safety net you 3788 02:28:27,900 --> 02:28:30,200 would have to write it into your own application. 3789 02:28:30,200 --> 02:28:33,100 So basically UDP is a fast protocol and that's one 3790 02:28:33,100 --> 02:28:34,500 of the reason why it's good. 3791 02:28:34,700 --> 02:28:36,800 It's also on the reason why it's unreliable 3792 02:28:36,800 --> 02:28:39,200 because in order to get that speed you don't have 3793 02:28:39,200 --> 02:28:41,177 all of the error checking and validation 3794 02:28:41,177 --> 02:28:42,800 that messages are getting there. 3795 02:28:42,800 --> 02:28:44,411 So because it's fast it's good 3796 02:28:44,411 --> 02:28:46,970 for things like games and for real-time voice 3797 02:28:46,970 --> 02:28:49,500 and video anything where speed is important. 3798 02:28:49,500 --> 02:28:50,794 And you would use UDP. 3799 02:28:50,794 --> 02:28:51,643 So right here. 3800 02:28:51,643 --> 02:28:53,100 I have a packet capture. 3801 02:28:53,100 --> 02:28:57,547 So I'm using Wireshark capture some buckets and let's check out 3802 02:28:57,547 --> 02:28:59,747 UDP packet so out here you see 3803 02:28:59,747 --> 02:29:01,779 that there are some freedoms 3804 02:29:01,779 --> 02:29:05,700 that says 167 bites on bio 167 bites have been captured 3805 02:29:05,700 --> 02:29:07,894 but we're not really interested in the frame part. 3806 02:29:07,894 --> 02:29:10,000 You're interested in the user datagram protocol. 3807 02:29:10,000 --> 02:29:11,100 But so here you can see 3808 02:29:11,100 --> 02:29:13,300 that the source board is one eight five three 3809 02:29:13,300 --> 02:29:16,000 and the destination Port is Phi 2 0 8 1 3810 02:29:16,000 --> 02:29:19,400 now it has a length and it has a checksum and Tough. 3811 02:29:19,400 --> 02:29:21,600 So as you guys see out here, well, 3812 02:29:21,600 --> 02:29:23,600 we don't really see a bunch of information 3813 02:29:23,600 --> 02:29:25,700 what you only see is a source port 3814 02:29:25,700 --> 02:29:28,800 and the destination port land and there is also a checksum 3815 02:29:28,800 --> 02:29:31,400 so you to be doesn't come with an awful lot of headers 3816 02:29:31,400 --> 02:29:33,233 because it doesn't need any 3817 02:29:33,233 --> 02:29:36,900 of the things that you see in the other packet headers. 3818 02:29:36,900 --> 02:29:38,900 The only thing it needs is to tell you 3819 02:29:38,900 --> 02:29:41,200 how to get the application on the receiving host. 3820 02:29:41,200 --> 02:29:43,300 And that's where the destination Port comes in 3821 02:29:43,300 --> 02:29:45,000 and wants the message gets to the destination. 3822 02:29:45,000 --> 02:29:46,299 The destination needs to know 3823 02:29:46,299 --> 02:29:48,300 how to communicate back to the originator 3824 02:29:48,300 --> 02:29:50,400 and that would be Through the source port 3825 02:29:50,400 --> 02:29:51,400 or a return message. 3826 02:29:51,400 --> 02:29:53,800 So a return message would convert The Source port 3827 02:29:53,800 --> 02:29:54,787 to a destination port 3828 02:29:54,787 --> 02:29:56,050 and send back to that board 3829 02:29:56,050 --> 02:29:58,200 in order to communicate with the originator. 3830 02:29:58,200 --> 02:30:00,240 So we have a source port and destination port 3831 02:30:00,240 --> 02:30:01,090 and the length is 3832 02:30:01,090 --> 02:30:03,383 a minimal amount of checking and to make sure that 3833 02:30:03,383 --> 02:30:06,169 if the packet that you received as a different from the length 3834 02:30:06,169 --> 02:30:07,650 that specify in the UDP header, 3835 02:30:07,650 --> 02:30:09,600 then there may have been something wrong 3836 02:30:09,600 --> 02:30:11,800 so you won't may want to discard the message to check 3837 02:30:11,800 --> 02:30:12,700 for more messages. 3838 02:30:12,800 --> 02:30:14,300 So the checksum also make sure 3839 02:30:14,300 --> 02:30:17,700 that nothing in the middle was tampered with although it's 3840 02:30:17,700 --> 02:30:19,414 if there's some sort of man in the middle. 3841 02:30:19,414 --> 02:30:20,499 Attack or something like 3842 02:30:20,499 --> 02:30:22,700 that a checksum is pretty easy to manufacture 3843 02:30:22,700 --> 02:30:24,153 after you've altered the packet 3844 02:30:24,153 --> 02:30:25,700 so you can see here in the message 3845 02:30:25,700 --> 02:30:28,300 that there's a number of UDP packets some of them 3846 02:30:28,300 --> 02:30:29,707 just UDP the one look 3847 02:30:29,707 --> 02:30:32,608 and happens to be from some Skype application, 3848 02:30:32,608 --> 02:30:34,800 I guess so talking to Skype servers 3849 02:30:34,800 --> 02:30:37,211 and we've already got the DNS now DNS also 3850 02:30:37,211 --> 02:30:38,800 needs some Fast Response times 3851 02:30:38,800 --> 02:30:41,350 because you don't want to send a lot of time looking 3852 02:30:41,350 --> 02:30:44,100 up information about service that you're going to before 3853 02:30:44,100 --> 02:30:45,900 because just to go to them. 3854 02:30:45,900 --> 02:30:49,062 So DNS server through all throughout their queries 3855 02:30:49,062 --> 02:30:52,000 on to the Using UDP hoping to get fast sponsors. 3856 02:30:52,000 --> 02:30:55,000 They don't want to spend a lot of time setting up connections 3857 02:30:55,000 --> 02:30:56,631 and during all the negotiating 3858 02:30:56,631 --> 02:30:58,700 that comes at the protocol like TCP. 3859 02:30:58,700 --> 02:30:59,500 For example. 3860 02:30:59,500 --> 02:31:02,737 So here you see that the DNS is using UDP and 3861 02:31:02,737 --> 02:31:06,594 what we've got here is another UDP packet for Destination 3862 02:31:06,594 --> 02:31:08,100 and all sorts of stuff 3863 02:31:08,100 --> 02:31:09,700 so you can see it out here 3864 02:31:09,700 --> 02:31:11,400 so you can see the checksum. 3865 02:31:11,400 --> 02:31:13,500 It's unverified checksum status 3866 02:31:13,500 --> 02:31:17,400 so you can check out all sorts of stuff using Wireshark. 3867 02:31:17,400 --> 02:31:21,100 So that was about UDP or The user datagram protocol. 3868 02:31:21,300 --> 02:31:21,600 Okay. 3869 02:31:21,600 --> 02:31:24,551 So now that we're done with the user datagram protocol. 3870 02:31:24,551 --> 02:31:26,300 Let's talk about addressing mode. 3871 02:31:26,300 --> 02:31:27,631 So addressing modes is 3872 02:31:27,631 --> 02:31:30,900 how you address a packet to your different destination. 3873 02:31:30,900 --> 02:31:33,200 So there are three kinds of addressing mode. 3874 02:31:33,200 --> 02:31:35,400 The first kind of addressing mode is unicast. 3875 02:31:35,400 --> 02:31:37,300 This is pretty simple one to understand. 3876 02:31:37,300 --> 02:31:39,700 So there is one destination and one source 3877 02:31:39,700 --> 02:31:42,400 and the source sends the packet to the destination 3878 02:31:42,400 --> 02:31:44,455 and it's it depends on the protocol 3879 02:31:44,455 --> 02:31:46,700 that you're using to actually address. 3880 02:31:46,700 --> 02:31:47,912 So if it's something 3881 02:31:47,912 --> 02:31:50,700 like TCP IP your Using a bi-directional stream. 3882 02:31:50,700 --> 02:31:53,030 So the blue computer can talk to the red computer 3883 02:31:53,030 --> 02:31:55,700 and the red computer can talk back to the blue computer, 3884 02:31:55,700 --> 02:31:58,270 but you can also use a UDP stream which is 3885 02:31:58,270 --> 02:31:59,900 like One Direction stream. 3886 02:31:59,900 --> 02:32:02,802 So it's not sure if I'm using the correct word. 3887 02:32:02,802 --> 02:32:05,219 So it's a stream that in One Direction. 3888 02:32:05,219 --> 02:32:07,700 I guess I'm driving home the point here. 3889 02:32:07,700 --> 02:32:10,037 So if it's UDP only blue is talking 3890 02:32:10,037 --> 02:32:13,200 and when blue stops talking then read can talk, 3891 02:32:13,200 --> 02:32:16,661 but if it's dcpip blue and red him talk simultaneously 3892 02:32:16,661 --> 02:32:19,600 at the same time now moving on there's also so 3893 02:32:19,600 --> 02:32:21,863 broadcast now broadcast means 3894 02:32:21,863 --> 02:32:25,400 that you are sending your bracket to everybody 3895 02:32:25,400 --> 02:32:26,517 on the network. 3896 02:32:26,517 --> 02:32:29,200 So broadcast messages are very common 3897 02:32:29,200 --> 02:32:31,221 from mobile network providers 3898 02:32:31,221 --> 02:32:34,448 so many get those advertisements saying something 3899 02:32:34,448 --> 02:32:36,600 like you have a new postpaid plan 3900 02:32:36,600 --> 02:32:39,300 from Vodafone or as hell or something like that. 3901 02:32:39,300 --> 02:32:40,900 Those are broadcast messages. 3902 02:32:40,900 --> 02:32:43,687 So it's one server that is sending out 3903 02:32:43,687 --> 02:32:47,100 one single message to all the other systems now, 3904 02:32:47,100 --> 02:32:49,196 there's also multicast now. 3905 02:32:49,300 --> 02:32:51,700 The cast is like broadcast 3906 02:32:51,700 --> 02:32:55,000 but selective now multicast is used 3907 02:32:55,000 --> 02:32:58,669 for actually casting yours your screen to multiple people. 3908 02:32:58,669 --> 02:33:00,600 So something like screen share 3909 02:33:00,600 --> 02:33:03,700 and you're doing it with multiple people is multicast 3910 02:33:03,700 --> 02:33:07,169 because you have the option to not show particular computer 3911 02:33:07,169 --> 02:33:09,000 what you are actually sharing. 3912 02:33:09,000 --> 02:33:10,470 So those are three modes 3913 02:33:10,470 --> 02:33:13,303 of addressing unicast broadcast and multicast. 3914 02:33:13,303 --> 02:33:15,948 Okay now moving on let's look into the tool 3915 02:33:15,948 --> 02:33:17,900 that we just used once and UDP. 3916 02:33:17,900 --> 02:33:18,900 That is why sure. 3917 02:33:19,123 --> 02:33:21,276 So what exactly is wash off? 3918 02:33:21,400 --> 02:33:24,548 So this utility called Wireshark is a packet capture. 3919 02:33:24,548 --> 02:33:26,607 Usually meaning that it grabs data. 3920 02:33:26,607 --> 02:33:27,856 That's either going out 3921 02:33:27,856 --> 02:33:30,912 or coming in of a specific Network and there are a number 3922 02:33:30,912 --> 02:33:32,795 of reasons why this may be useful 3923 02:33:32,795 --> 02:33:35,543 or important on the reason why it's really important is 3924 02:33:35,543 --> 02:33:38,124 what's going on in the network is always accurate. 3925 02:33:38,124 --> 02:33:38,914 In other words. 3926 02:33:38,914 --> 02:33:40,597 You can't mess around with things 3927 02:33:40,597 --> 02:33:43,700 once they're on the network or you can't lie about something 3928 02:33:43,700 --> 02:33:46,650 that's actually on the network as compared with applications 3929 02:33:46,650 --> 02:33:47,473 in their logs, 3930 02:33:47,473 --> 02:33:49,357 which can be misleading or inaccurate. 3931 02:33:49,357 --> 02:33:51,700 Or if an attacker gets into an application they 3932 02:33:51,700 --> 02:33:54,769 may be able to alter the logging now several other behaviors 3933 02:33:54,769 --> 02:33:57,361 that make it difficult to see what's really going on 3934 02:33:57,361 --> 02:33:59,058 and the network you can really see 3935 02:33:59,058 --> 02:34:00,000 what's going on. 3936 02:34:00,000 --> 02:34:01,400 Once it hits the wire. 3937 02:34:01,400 --> 02:34:04,498 It's on the wire and you can't change that fact now 3938 02:34:04,498 --> 02:34:05,800 once it hits the wire 3939 02:34:05,800 --> 02:34:08,800 so we're going to do here is a quick packet capture. 3940 02:34:08,800 --> 02:34:11,300 So let me just open up our shop for you guys. 3941 02:34:11,300 --> 02:34:12,634 So as you guys can see 3942 02:34:12,634 --> 02:34:15,000 I have already washed Shock open for us. 3943 02:34:15,000 --> 02:34:17,700 Let me just remove the CDP filter that was there. 3944 02:34:17,700 --> 02:34:19,500 So why shock is Cheering. 3945 02:34:19,500 --> 02:34:22,200 So let's go over the stuff that you can see 3946 02:34:22,200 --> 02:34:25,148 on the screen some important features of our sharks 3947 02:34:25,148 --> 02:34:26,700 so that we can use it later. 3948 02:34:26,700 --> 02:34:27,900 So what I'm doing here 3949 02:34:27,900 --> 02:34:30,349 is a quick packet capture and I'm going to show some 3950 02:34:30,349 --> 02:34:32,200 of the important features of Wireshark 3951 02:34:32,200 --> 02:34:33,850 so that we can use it later on now 3952 02:34:33,850 --> 02:34:36,150 when we're starting to do some more significant work. 3953 02:34:36,150 --> 02:34:38,500 I select the interface that I'm using primarily, 3954 02:34:38,500 --> 02:34:39,600 which is my Wi-Fi, 3955 02:34:39,600 --> 02:34:42,900 and I'm going to be go over here and we'll bring up a Google page 3956 02:34:42,900 --> 02:34:45,300 so that we can see what's happening on the network. 3957 02:34:45,300 --> 02:34:47,600 So let me just quickly open up a Google page 3958 02:34:48,100 --> 02:34:51,200 as you guys can see It's capturing a bunch of data 3959 02:34:51,200 --> 02:34:52,500 that's going on here. 3960 02:34:52,800 --> 02:34:54,700 Let me just open up a Google base 3961 02:34:54,700 --> 02:34:56,900 and that's going to send up some data. 3962 02:34:57,000 --> 02:34:58,100 Let's go back. 3963 02:34:58,100 --> 02:35:00,600 So it's dropping a whole bunch of stuff of the network. 3964 02:35:00,600 --> 02:35:02,902 I'm just going to stop that going to go back 3965 02:35:02,902 --> 02:35:05,900 and go back and take a look at some of the messages here. 3966 02:35:05,900 --> 02:35:07,921 So some of the features of a shock as you can see 3967 02:35:07,921 --> 02:35:09,311 on the top part of the screen. 3968 02:35:09,311 --> 02:35:10,100 It doesn't window 3969 02:35:10,100 --> 02:35:13,147 that says number time Source destination protocol length 3970 02:35:13,147 --> 02:35:15,300 and info and those are all of the packets 3971 02:35:15,300 --> 02:35:18,221 that have been captured in the numbering starting from 1 3972 02:35:18,221 --> 02:35:21,121 and the time I'm has to do with being relative to the point 3973 02:35:21,121 --> 02:35:23,700 that we've started capturing and you'll see the source 3974 02:35:23,700 --> 02:35:25,100 and destination addresses 3975 02:35:25,100 --> 02:35:26,927 and the protocol the length of the packet 3976 02:35:26,927 --> 02:35:28,427 and bytes and some information 3977 02:35:28,427 --> 02:35:30,426 about the packet the bottom of the screen. 3978 02:35:30,426 --> 02:35:32,549 You'll see detailed information about the packet 3979 02:35:32,549 --> 02:35:33,700 that has been selected. 3980 02:35:33,700 --> 02:35:35,500 So suppose I'm sales selecting 3981 02:35:35,500 --> 02:35:38,000 this TCP packet out here so we can go 3982 02:35:38,000 --> 02:35:40,100 through the frames frame also 3983 02:35:40,100 --> 02:35:43,000 has an interface ID is encapsulation type 3984 02:35:43,000 --> 02:35:44,200 and all sorts of information. 3985 02:35:44,200 --> 02:35:46,200 Is there about the frame then we can look 3986 02:35:46,200 --> 02:35:50,000 at the source Port destination Port see Stumble 3987 02:35:50,369 --> 02:35:52,600 the flag said the check sums, 3988 02:35:52,600 --> 02:35:54,948 you can basically check everything about a packet 3989 02:35:54,948 --> 02:35:56,548 because this is a packet analyzer 3990 02:35:56,548 --> 02:35:57,453 and a packet sniffer. 3991 02:35:57,453 --> 02:35:58,100 Now, you'll see 3992 02:35:58,100 --> 02:36:00,144 some detail information about the back of that. 3993 02:36:00,144 --> 02:36:00,900 I'll be selected. 3994 02:36:00,900 --> 02:36:04,300 So I'm going to select so the selected this TCP IP packet. 3995 02:36:04,300 --> 02:36:07,468 We see that in the middle frame and says frame 290. 3996 02:36:07,468 --> 02:36:10,700 It means that it has a 298 lat packet and the packet 3997 02:36:10,700 --> 02:36:15,600 that was capture 66 bites and we grabbed 66 Bisons 528 bit later. 3998 02:36:15,600 --> 02:36:18,200 So you what do you see out here was source 3999 02:36:18,200 --> 02:36:20,500 and the destination In Mac address of the layer 4000 02:36:20,500 --> 02:36:21,200 to layer address 4001 02:36:21,200 --> 02:36:22,900 and then you can see the IP address 4002 02:36:22,900 --> 02:36:24,821 of both source and destination 4003 02:36:24,821 --> 02:36:27,000 and says it's a TCP packet gives us 4004 02:36:27,000 --> 02:36:28,700 a source Port destination port 4005 02:36:28,700 --> 02:36:30,923 and we can start drilling down into different bits 4006 02:36:30,923 --> 02:36:32,373 of the packet and you can see 4007 02:36:32,373 --> 02:36:34,649 when I select a particular section of the packet down 4008 02:36:34,649 --> 02:36:35,999 at the very bottom you can see 4009 02:36:35,999 --> 02:36:37,300 what's actually a hex dump 4010 02:36:37,300 --> 02:36:40,239 of the packet and on the right hand side is the a sky. 4011 02:36:40,239 --> 02:36:41,705 So this is the hex hex dump 4012 02:36:41,705 --> 02:36:43,800 and is the a sky that you're looking at. 4013 02:36:43,800 --> 02:36:45,800 What's really cool about varsha gate is 4014 02:36:45,800 --> 02:36:48,400 it really pulls the packet into it's different layers 4015 02:36:48,400 --> 02:36:49,181 that we have. 4016 02:36:49,181 --> 02:36:51,800 Spoken about the different layers of the OSI 4017 02:36:51,800 --> 02:36:53,338 and the TCP IP model 4018 02:36:53,500 --> 02:36:55,700 and the packets are put into different layers 4019 02:36:55,700 --> 02:36:57,355 and there's a couple of different models 4020 02:36:57,355 --> 02:36:58,720 that we can talk about with that 4021 02:36:58,720 --> 02:37:00,400 but were shocked does really nicely. 4022 02:37:00,400 --> 02:37:02,300 Is it demonstrate those layers for us 4023 02:37:02,300 --> 02:37:03,500 as we can see here. 4024 02:37:03,500 --> 02:37:05,100 It is actually four layers 4025 02:37:05,100 --> 02:37:08,536 and in this particular packet here we can also do something. 4026 02:37:08,536 --> 02:37:10,400 So I've got a Google web request. 4027 02:37:10,400 --> 02:37:14,181 So what I want to do here is I want to filter based on HTTP, 4028 02:37:14,181 --> 02:37:15,400 so I find a filter. 4029 02:37:15,400 --> 02:37:18,300 So let's see if we can do an http. 4030 02:37:19,200 --> 02:37:22,100 And what I see here is says text input 4031 02:37:22,100 --> 02:37:24,022 and it's going to get an image. 4032 02:37:24,022 --> 02:37:25,200 That's a PNG image. 4033 02:37:25,200 --> 02:37:27,335 And this is a request to get the icon 4034 02:37:27,335 --> 02:37:29,835 that's going to be displayed in the address bar. 4035 02:37:29,835 --> 02:37:32,683 So you also see something called our pouch here, 4036 02:37:32,683 --> 02:37:35,007 which I'll be talking about very soon. 4037 02:37:35,007 --> 02:37:38,400 So let's just filtering be done now in the web browser. 4038 02:37:38,400 --> 02:37:41,200 It's a favicon dot Ico that can do here. 4039 02:37:41,200 --> 02:37:43,900 I can select analyze and follow TCP streams. 4040 02:37:43,900 --> 02:37:45,793 You can see all the requests related 4041 02:37:45,793 --> 02:37:47,200 to this particular request 4042 02:37:47,200 --> 02:37:49,100 and it breaks them down very nicely. 4043 02:37:49,100 --> 02:37:51,600 You can see we've sent some requests to Spotify 4044 02:37:51,600 --> 02:37:54,000 because I've been using spotify you actually listen 4045 02:37:54,000 --> 02:37:57,368 to some music then you can see all sorts of stuff. 4046 02:37:57,368 --> 02:38:00,600 Like this was something to some not found place. 4047 02:38:00,700 --> 02:38:03,313 So let's just take the Spotify one and you can see 4048 02:38:03,313 --> 02:38:04,430 that we get a bunch 4049 02:38:04,430 --> 02:38:06,500 of information from the Spotify thing. 4050 02:38:06,500 --> 02:38:09,500 At least you can see the destination The Source, 4051 02:38:09,500 --> 02:38:11,354 it's an Intel core machine. 4052 02:38:11,354 --> 02:38:12,569 So the first part 4053 02:38:12,569 --> 02:38:16,600 of the MAC address the first few digits is lets you tell 4054 02:38:16,600 --> 02:38:21,800 if it's what what is vendor ID so Intel has its own member ID. 4055 02:38:21,800 --> 02:38:26,600 So F 496 probably tells us that it's that's an Intel Core. 4056 02:38:26,600 --> 02:38:29,380 So why shock does this really neat little thing 4057 02:38:29,380 --> 02:38:32,506 that it also tells us from the MAC address what type 4058 02:38:32,506 --> 02:38:34,808 of machine you're sending your packets 4059 02:38:34,808 --> 02:38:36,800 to from the back address itself. 4060 02:38:36,800 --> 02:38:39,080 So it's coming from Sophos foresee 4061 02:38:39,080 --> 02:38:42,600 and going to an Intel Core in the type is ipv4. 4062 02:38:42,600 --> 02:38:44,733 So that was all about Bioshock. 4063 02:38:44,733 --> 02:38:47,900 You can use it extraneously for packet sniffing 4064 02:38:47,900 --> 02:38:49,222 and pack analysis. 4065 02:38:49,222 --> 02:38:51,500 Packet analysis come very handy 4066 02:38:51,500 --> 02:38:54,000 when you're trying to actually figure out 4067 02:38:54,000 --> 02:38:56,100 how to do some stuff like IDs evasion 4068 02:38:56,100 --> 02:38:58,200 where you want to craft your own packets 4069 02:38:58,200 --> 02:39:00,023 and you want to analyze packets 4070 02:39:00,023 --> 02:39:03,200 that are going into the IDS system to see which packets 4071 02:39:03,200 --> 02:39:05,917 are actually getting detected its as some intrusion 4072 02:39:05,917 --> 02:39:08,900 so you can craft your bucket and a relative manner 4073 02:39:08,900 --> 02:39:12,700 so that it doesn't get actually detected by the idea system. 4074 02:39:12,700 --> 02:39:15,500 So this is a very Nifty little tool will be talking about 4075 02:39:15,500 --> 02:39:18,700 how you can craft your own packets just a little while, 4076 02:39:18,700 --> 02:39:21,000 but for now, Now, let's move ahead. 4077 02:39:21,200 --> 02:39:21,900 Okay. 4078 02:39:21,900 --> 02:39:25,294 So now that we're done with our small little introduction 4079 02:39:25,294 --> 02:39:27,696 and a brief views on history of our shop. 4080 02:39:27,696 --> 02:39:30,700 Now, let's move on to our next topic for the video. 4081 02:39:30,700 --> 02:39:31,800 That is DHCP. 4082 02:39:32,000 --> 02:39:32,700 Okay. 4083 02:39:32,700 --> 02:39:35,400 So DHCP is a protocol 4084 02:39:35,400 --> 02:39:38,700 and it stands for dynamic host configuration protocol. 4085 02:39:38,700 --> 02:39:41,301 So DHCP is a network management protocol used 4086 02:39:41,301 --> 02:39:44,183 to dynamically assign an Internet Protocol address 4087 02:39:44,183 --> 02:39:46,000 to any device on the network 4088 02:39:46,000 --> 02:39:49,000 so they can communicate using IP now DHCP. 4089 02:39:49,000 --> 02:39:50,047 Means and centrally 4090 02:39:50,047 --> 02:39:52,927 manages these configurations rather than requiring 4091 02:39:52,927 --> 02:39:56,111 some network administrator to manually assigned IP addresses 4092 02:39:56,111 --> 02:39:57,700 to all the network devices. 4093 02:39:57,700 --> 02:39:59,642 So DHCP can be implemented 4094 02:39:59,642 --> 02:40:04,168 on small or small local networks as well as large Enterprises. 4095 02:40:04,168 --> 02:40:08,100 Now DHCP will assign new IP addresses in each location 4096 02:40:08,100 --> 02:40:10,700 when devices are moved from place to place 4097 02:40:10,700 --> 02:40:13,195 which means Network administrators do not have 4098 02:40:13,195 --> 02:40:15,680 to manually initially configure each device 4099 02:40:15,680 --> 02:40:17,100 with a valid IP address. 4100 02:40:17,200 --> 02:40:21,000 So if device This is a new IP address is moved 4101 02:40:21,000 --> 02:40:23,005 to a new location of the network. 4102 02:40:23,005 --> 02:40:25,696 It doesn't need any sort of reconfiguration. 4103 02:40:25,696 --> 02:40:28,200 So versions of DHCP are available for use 4104 02:40:28,200 --> 02:40:31,200 in Internet Protocol version 4 and Internet Protocol 4105 02:40:31,200 --> 02:40:32,175 version 6 now 4106 02:40:32,175 --> 02:40:36,200 as you see on your screen is a very simplistic diagram 4107 02:40:36,200 --> 02:40:37,500 on how DHCP works. 4108 02:40:37,500 --> 02:40:39,700 So let me just run you down DHCP runs 4109 02:40:39,700 --> 02:40:40,900 at the application layer 4110 02:40:40,900 --> 02:40:42,328 of the TCP IP protocol 4111 02:40:42,328 --> 02:40:45,906 stack to dynamically assign IP addresses to DHCP clients 4112 02:40:45,906 --> 02:40:49,000 and to allocate TCP IP configuration information 4113 02:40:49,000 --> 02:40:50,288 to It's TB clients. 4114 02:40:50,288 --> 02:40:53,774 This includes subnet mask information default gateways 4115 02:40:53,774 --> 02:40:56,800 IP addresses domain name systems and addresses. 4116 02:40:56,800 --> 02:40:59,329 So DHCP is a client-server protocol in which 4117 02:40:59,329 --> 02:41:00,454 servers managed full 4118 02:41:00,454 --> 02:41:01,748 of unique IP addresses 4119 02:41:01,748 --> 02:41:05,000 as well as information about line configuration parameters 4120 02:41:05,000 --> 02:41:08,000 and assign addresses out of those address pools now 4121 02:41:08,000 --> 02:41:11,100 DHCP enabled clients send a request the DHCP server, 4122 02:41:11,100 --> 02:41:13,800 whenever they connect to a network the clients 4123 02:41:13,800 --> 02:41:17,350 configure with DHCP broadcasts a request the DHCP server 4124 02:41:17,350 --> 02:41:18,900 and the request Network. 4125 02:41:18,900 --> 02:41:21,985 In information for local network to which they are attached 4126 02:41:21,985 --> 02:41:23,916 a client typically broadcasts a query 4127 02:41:23,916 --> 02:41:25,800 for this information immediately 4128 02:41:25,800 --> 02:41:28,152 after booting up the DHCP server response 4129 02:41:28,152 --> 02:41:29,460 to the client requests 4130 02:41:29,460 --> 02:41:33,048 by providing IP configuration information previously specified 4131 02:41:33,048 --> 02:41:34,637 by a network administrator. 4132 02:41:34,637 --> 02:41:37,362 Now this includes a specific IP address as well as 4133 02:41:37,362 --> 02:41:38,752 for the time period also 4134 02:41:38,752 --> 02:41:41,400 called Lee's for which the allocation is valid 4135 02:41:41,400 --> 02:41:43,165 when refreshing an assignment 4136 02:41:43,165 --> 02:41:45,600 a DHCP client request the same parameters 4137 02:41:45,600 --> 02:41:48,689 the DHCP server May assign the new IP address based 4138 02:41:48,689 --> 02:41:51,100 on the You said by the administrator now 4139 02:41:51,100 --> 02:41:53,195 a DHCP server manages a record 4140 02:41:53,195 --> 02:41:56,987 of all the IP addresses it allocates to networks nodes. 4141 02:41:56,987 --> 02:42:00,541 If a node is we are located in the network the server 4142 02:42:00,541 --> 02:42:04,300 identifies it using its media Access Control address now 4143 02:42:04,300 --> 02:42:07,676 which prevents accidental configuring multiple devices 4144 02:42:07,676 --> 02:42:11,500 with the same IP address now the sap is not routable protocol 4145 02:42:11,500 --> 02:42:14,300 nor is it a secure one DHCP 4146 02:42:14,300 --> 02:42:16,938 is limited to a specific local area network, 4147 02:42:16,938 --> 02:42:18,830 which means a single DHCP server. 4148 02:42:18,830 --> 02:42:22,200 A pearl an is adequate now larger networks may have a wide 4149 02:42:22,200 --> 02:42:25,559 area network containing multiple individual locations depending 4150 02:42:25,559 --> 02:42:27,726 on the connections between these points 4151 02:42:27,726 --> 02:42:30,057 and the number of clients in each location. 4152 02:42:30,057 --> 02:42:30,557 Multiple. 4153 02:42:30,557 --> 02:42:32,500 DHCP servers can be set up to handle 4154 02:42:32,500 --> 02:42:34,000 the distribution of addresses. 4155 02:42:34,200 --> 02:42:37,100 Now if Network administrators want a DHCP server to provide 4156 02:42:37,100 --> 02:42:40,300 addressing to multiple subnets on and given Network. 4157 02:42:40,300 --> 02:42:43,302 They must configure DHCP relay Services located 4158 02:42:43,302 --> 02:42:45,000 on interconnecting routers 4159 02:42:45,000 --> 02:42:47,200 that DHCP request to have to cross 4160 02:42:47,200 --> 02:42:49,166 these agents relay messages. 4161 02:42:49,166 --> 02:42:50,500 Between DHCP client 4162 02:42:50,500 --> 02:42:55,400 and servers dscp also lacks any built-in mechanism 4163 02:42:55,400 --> 02:42:57,800 that would allow clients and servers to authenticate 4164 02:42:57,800 --> 02:43:01,100 each other both are vulnerable to deception and to attack 4165 02:43:01,100 --> 02:43:04,100 where row clients can exhaust a DHCP servers pool. 4166 02:43:04,100 --> 02:43:04,457 Okay. 4167 02:43:04,457 --> 02:43:06,700 So let's move on to our next topic 4168 02:43:06,700 --> 02:43:08,400 and that is why use DHCP. 4169 02:43:08,400 --> 02:43:09,600 So I just told you 4170 02:43:09,600 --> 02:43:13,174 that DHCP don't really have any sort of authentication 4171 02:43:13,174 --> 02:43:15,344 so it can be folded really easily. 4172 02:43:15,344 --> 02:43:18,200 So what are the advantages of using DHCP 4173 02:43:18,200 --> 02:43:20,900 so The sap offers quite a lot of advantages 4174 02:43:20,900 --> 02:43:23,900 firstly is IP address management a primary advantage 4175 02:43:23,900 --> 02:43:27,633 of dscp is easier management of IP addresses in a network 4176 02:43:27,633 --> 02:43:28,509 with the DHCP. 4177 02:43:28,509 --> 02:43:30,700 You must manually assign IP address, 4178 02:43:30,700 --> 02:43:33,368 you must be careful to assign unique IP addresses 4179 02:43:33,368 --> 02:43:34,089 to each client 4180 02:43:34,089 --> 02:43:36,247 and the configure each client individually 4181 02:43:36,247 --> 02:43:38,300 the client moves to a different network. 4182 02:43:38,300 --> 02:43:41,200 You must make model modifications for that client. 4183 02:43:41,200 --> 02:43:42,684 Now when DHCP is enabled 4184 02:43:42,684 --> 02:43:45,900 the DHCP server manages the assigning of IP addresses 4185 02:43:45,900 --> 02:43:49,057 without the administrators intervention clients. 4186 02:43:49,057 --> 02:43:50,200 And move to other 4187 02:43:50,200 --> 02:43:52,670 subnets without panel country configuration 4188 02:43:52,670 --> 02:43:53,900 because they obtained 4189 02:43:53,900 --> 02:43:56,600 from a DHCP server new client information 4190 02:43:56,600 --> 02:44:00,730 appropriate for the new network now apart from that you can say 4191 02:44:00,730 --> 02:44:01,773 that the hcp also 4192 02:44:01,773 --> 02:44:04,900 provides a centralized Network client configuration. 4193 02:44:04,900 --> 02:44:07,700 It has support for boot TP clients. 4194 02:44:07,700 --> 02:44:10,600 It supports of local clients and remote clients. 4195 02:44:10,600 --> 02:44:12,387 It supports Network booting 4196 02:44:12,387 --> 02:44:15,300 and also it has a support for a large Network 4197 02:44:15,300 --> 02:44:18,200 and not only for sure like small-scale networks, 4198 02:44:18,200 --> 02:44:20,000 but for larger Works as well. 4199 02:44:20,000 --> 02:44:24,100 So that way you see DHCP has a wide array of advantages even 4200 02:44:24,100 --> 02:44:27,000 though it doesn't really have some authentication. 4201 02:44:27,000 --> 02:44:30,300 So because of these advantages DHCP finds widespread use 4202 02:44:30,300 --> 02:44:32,100 in a lot of organizations. 4203 02:44:32,200 --> 02:44:34,700 Okay, so that winds up DHCP for us. 4204 02:44:34,700 --> 02:44:38,100 So let us go into the history of cryptography now. 4205 02:44:38,200 --> 02:44:39,905 So let me give you a brief history 4206 02:44:39,905 --> 02:44:41,631 of cryptography now cryptography 4207 02:44:41,631 --> 02:44:44,600 actually goes back several thousand years before shortly 4208 02:44:44,600 --> 02:44:48,300 after people began to find ways to communicate there are some 4209 02:44:48,300 --> 02:44:51,182 of Who were finding ways to make the understanding 4210 02:44:51,182 --> 02:44:52,800 of that communication difficult 4211 02:44:52,800 --> 02:44:55,100 so that other people couldn't understand 4212 02:44:55,100 --> 02:44:56,000 what was going on. 4213 02:44:56,100 --> 02:44:59,300 And this led to the development of Caesar Cipher 4214 02:44:59,300 --> 02:45:01,238 that was developed by Julius Caesar 4215 02:45:01,238 --> 02:45:03,886 and it's a simple rotation Cipher and by that, 4216 02:45:03,886 --> 02:45:05,700 I mean that you rotate a portion 4217 02:45:05,700 --> 02:45:08,600 of the key in order to generate the algorithm. 4218 02:45:08,600 --> 02:45:10,066 So here's an example. 4219 02:45:10,066 --> 02:45:12,300 We've got two rows of letters and 4220 02:45:12,300 --> 02:45:13,800 that are alphabetical in order 4221 02:45:13,800 --> 02:45:16,785 and means we basically wrecking the alphabets down 4222 02:45:16,785 --> 02:45:19,100 and the second row is shifted by three. 4223 02:45:19,100 --> 02:45:21,400 Letters so Abby is a z actually 4224 02:45:21,400 --> 02:45:24,635 because if you move that way B is a z from the first row 4225 02:45:24,635 --> 02:45:26,700 gets shifted back the second row 4226 02:45:26,700 --> 02:45:29,400 and then the letter D becomes letter C 4227 02:45:29,400 --> 02:45:32,600 the there's that's an example of how encryption works. 4228 02:45:32,600 --> 02:45:35,500 So if you try to encrypt a word like hello, 4229 02:45:35,500 --> 02:45:38,541 it would look completely gibberish after it came 4230 02:45:38,541 --> 02:45:39,900 out of the algorithm. 4231 02:45:39,900 --> 02:45:43,951 So if you count the Letters Out you can see that letter H 4232 02:45:43,951 --> 02:45:46,700 can be translated to little a letter L. 4233 02:45:46,700 --> 02:45:48,000 So that's a Caesar Cipher. 4234 02:45:48,200 --> 02:45:51,229 Now you must Little things like rot13 which means 4235 02:45:51,229 --> 02:45:54,887 that you rotate the 13 letters instead of three letters. 4236 02:45:54,887 --> 02:45:56,900 That's what we can do here again, 4237 02:45:56,900 --> 02:45:59,200 and this is just a simple rotation Cipher 4238 02:45:59,200 --> 02:46:00,824 ourseives the cipher that's 4239 02:46:00,824 --> 02:46:04,190 what of course the rod stands for its rotate or rotation. 4240 02:46:04,190 --> 02:46:06,543 Now coming forward couple thousand years. 4241 02:46:06,543 --> 02:46:08,200 We have the Enigma Cipher now, 4242 02:46:08,200 --> 02:46:11,000 it's important to note that the Enigma is not the word 4243 02:46:11,000 --> 02:46:13,950 given to this particular Cipher by the people who developed it. 4244 02:46:13,950 --> 02:46:16,300 It's actually the word given to it by the people 4245 02:46:16,300 --> 02:46:18,634 who were trying to crack it the Enigma Cipher 4246 02:46:18,634 --> 02:46:19,642 is a German Cipher, 4247 02:46:19,642 --> 02:46:21,300 they develop this Cipher and machine 4248 02:46:21,300 --> 02:46:24,000 that was capable of encrypting and decrypting messages. 4249 02:46:24,000 --> 02:46:25,100 So they could messages 4250 02:46:25,100 --> 02:46:28,000 to and from different battlefields and waterfronts, 4251 02:46:28,000 --> 02:46:29,800 which is similar to the Caesar Cipher 4252 02:46:29,800 --> 02:46:32,678 sees a use it to communicate with his Butterfield generals 4253 02:46:32,678 --> 02:46:33,633 and the same thing. 4254 02:46:33,633 --> 02:46:34,607 We're with the Germans. 4255 02:46:34,607 --> 02:46:36,600 You've got to get messages from headquarter down 4256 02:46:36,600 --> 02:46:38,600 to where the people are actually fighting 4257 02:46:38,600 --> 02:46:40,500 and you don't want it to get intercepted 4258 02:46:40,500 --> 02:46:41,800 in between by the enemy. 4259 02:46:41,800 --> 02:46:43,443 So therefore you use encryption 4260 02:46:43,443 --> 02:46:45,618 and lots of energy was spent by the allies 4261 02:46:45,618 --> 02:46:49,000 and in particular the British trying to decrypt the messages. 4262 02:46:49,000 --> 02:46:50,582 One of the first instances 4263 02:46:50,582 --> 02:46:51,800 that we are aware of 4264 02:46:51,800 --> 02:46:54,732 where machine was used to do the actual encryption 4265 02:46:54,732 --> 02:46:58,320 and we're going to come ahead a few decades now into the 1970s 4266 02:46:58,320 --> 02:46:59,320 where it was felt 4267 02:46:59,320 --> 02:47:02,200 that there was a need for a digital encryption standard. 4268 02:47:02,200 --> 02:47:04,300 Now the National Institute of Standards 4269 02:47:04,300 --> 02:47:07,300 and technology is responsible for that sort of thing. 4270 02:47:07,300 --> 02:47:11,000 So they put out a proposal for this digital encryption standard 4271 02:47:11,000 --> 02:47:12,564 and an encryption algorithm. 4272 02:47:12,564 --> 02:47:14,800 What ended up happening was IBM came up 4273 02:47:14,800 --> 02:47:16,415 with this encryption algorithm 4274 02:47:16,415 --> 02:47:18,358 that was based on the Lucifer Cipher 4275 02:47:18,358 --> 02:47:21,800 that it was one of their people had been working on on a couple 4276 02:47:21,800 --> 02:47:24,500 of years previously in 1974 4277 02:47:24,800 --> 02:47:26,500 and they put this proposal together 4278 02:47:26,500 --> 02:47:28,100 based on the Lucifer Cipher 4279 02:47:28,100 --> 02:47:29,700 and in 1977 that proposal 4280 02:47:29,700 --> 02:47:31,935 for an encryption algorithm was the one 4281 02:47:31,935 --> 02:47:34,866 that was chosen to be the digital encryption standard. 4282 02:47:34,866 --> 02:47:37,300 And so that came to be known as Des over time 4283 02:47:37,300 --> 02:47:38,588 and it became apparent 4284 02:47:38,588 --> 02:47:40,000 that there was a problem 4285 02:47:40,000 --> 02:47:43,563 with this and that was it only had a 56 bit key size 4286 02:47:43,563 --> 02:47:45,100 and while in the 1970s 4287 02:47:45,100 --> 02:47:46,800 that was considered adequate to defend 4288 02:47:46,800 --> 02:47:49,100 against brute forcing and breaking of course. 4289 02:47:49,100 --> 02:47:49,900 By 1990s. 4290 02:47:49,900 --> 02:47:52,700 It was no longer considered adequate and there was a need 4291 02:47:52,700 --> 02:47:55,600 for something more and it took time to develop something 4292 02:47:55,600 --> 02:47:58,423 that would last long for some long period of time 4293 02:47:58,423 --> 02:48:00,900 and so in the meantime a stopgap has developed 4294 02:48:00,900 --> 02:48:02,000 and this stopgap is 4295 02:48:02,000 --> 02:48:03,400 what we call the triple Des. 4296 02:48:03,400 --> 02:48:05,554 The reason it's called triple Des is 4297 02:48:05,554 --> 02:48:09,051 you apply the Des algorithm three times in different ways 4298 02:48:09,051 --> 02:48:12,300 and you use three different keys in order to do that. 4299 02:48:12,300 --> 02:48:16,411 So here's how triple Des Works your first 56 bit key is used 4300 02:48:16,411 --> 02:48:18,200 to encrypt the plain text just 4301 02:48:18,200 --> 02:48:19,200 like you would do 4302 02:48:19,200 --> 02:48:21,458 with the standard digital encryption standard 4303 02:48:21,458 --> 02:48:24,700 algorithm but changes and you take that Cipher text 4304 02:48:24,700 --> 02:48:27,185 that's returned from the first round of encryption 4305 02:48:27,185 --> 02:48:30,078 and you apply the decryption algorithm to the cipher text. 4306 02:48:30,078 --> 02:48:31,723 However, the key thing to note is 4307 02:48:31,723 --> 02:48:34,900 that you don't use the key that you use to encrypt you. 4308 02:48:34,900 --> 02:48:36,700 Don't use the first key to decrypt 4309 02:48:36,700 --> 02:48:39,100 because otherwise you'll get the plain text back. 4310 02:48:39,100 --> 02:48:40,950 So what you do is you use a second key 4311 02:48:40,950 --> 02:48:42,249 with the decryption algorithm 4312 02:48:42,249 --> 02:48:44,249 against the cipher text from the first round. 4313 02:48:44,249 --> 02:48:45,900 So now you've got some Cipher text 4314 02:48:45,900 --> 02:48:48,582 that has been encrypted with one key and decrypt it 4315 02:48:48,582 --> 02:48:51,396 with Second key and we take the cipher text from that 4316 02:48:51,396 --> 02:48:54,001 and we apply a turkey using the encryption portion 4317 02:48:54,001 --> 02:48:56,578 of the algorithm to that Cipher encryption portion 4318 02:48:56,578 --> 02:48:58,962 of the algorithm to that ciphertext to receive 4319 02:48:58,962 --> 02:49:02,223 a whole new set of ciphertext obviously to do the decryption. 4320 02:49:02,223 --> 02:49:03,400 You do the third key 4321 02:49:03,400 --> 02:49:06,400 and decrypt it with the second key you encrypt it. 4322 02:49:06,400 --> 02:49:08,687 And then with the first key you decrypt it. 4323 02:49:08,687 --> 02:49:10,275 And so you do reverse order 4324 02:49:10,275 --> 02:49:13,600 and the reverse algorithm at each step to apply triple Des. 4325 02:49:13,600 --> 02:49:17,400 So we get an effective key size of about one sixty eight bits, 4326 02:49:17,400 --> 02:49:20,300 but it's still only X bits at a time. 4327 02:49:20,300 --> 02:49:22,300 Now I said triple Des was only a stopgap. 4328 02:49:22,300 --> 02:49:23,700 What we were really looking 4329 02:49:23,700 --> 02:49:26,600 for was Advanced encryption standard once again 4330 02:49:26,800 --> 02:49:29,100 and niste requested proposals 4331 02:49:29,100 --> 02:49:32,100 so that they could replace the digital encryption standard 4332 02:49:32,100 --> 02:49:35,650 in 2001 after several thousands of looking for algorithms 4333 02:49:35,650 --> 02:49:38,287 and looking them over getting them evaluated 4334 02:49:38,287 --> 02:49:41,600 and getting them looked into this selected an algorithm 4335 02:49:41,600 --> 02:49:44,358 and it was put together by a couple of mathematicians. 4336 02:49:44,358 --> 02:49:45,770 The algorithm was called 4337 02:49:45,770 --> 02:49:49,100 rijndael and that became the advanced encryption standard. 4338 02:49:49,100 --> 02:49:51,618 Or AES, it's one of the most advantages 4339 02:49:51,618 --> 02:49:54,855 of AES is it supports multiple key lens currently 4340 02:49:54,855 --> 02:49:56,793 what you'll typically see is 4341 02:49:56,793 --> 02:49:58,825 as we are using 128-bit keys. 4342 02:49:58,825 --> 02:50:01,430 However, AES supports up to 256 bit key. 4343 02:50:01,430 --> 02:50:02,908 So if we get the point 4344 02:50:02,908 --> 02:50:06,486 where 128-bit isn't enough we can move all the way up 4345 02:50:06,486 --> 02:50:08,500 to 256 bits of keying material. 4346 02:50:08,500 --> 02:50:10,800 So cryptography has a really long history. 4347 02:50:10,800 --> 02:50:11,370 Currently. 4348 02:50:11,370 --> 02:50:12,900 We are in a state where we 4349 02:50:12,900 --> 02:50:16,058 have a reasonably stable encryption standard and AES, 4350 02:50:16,058 --> 02:50:18,176 but the history of cryptography shows 4351 02:50:18,176 --> 02:50:19,308 that with Every set 4352 02:50:19,308 --> 02:50:22,500 of encryption eventually people find a way to crack it. 4353 02:50:22,500 --> 02:50:22,874 Okay. 4354 02:50:22,874 --> 02:50:26,100 So that was a brief history of cryptography. 4355 02:50:26,100 --> 02:50:26,600 Now. 4356 02:50:26,600 --> 02:50:29,300 What I want to do is let's go over 4357 02:50:29,300 --> 02:50:33,000 and talk about a yes triple des and Des in themselves 4358 02:50:33,000 --> 02:50:36,000 because they are some really key cryptography 4359 02:50:36,000 --> 02:50:37,500 key moments in history 4360 02:50:37,500 --> 02:50:40,030 because there's some really key historic moments 4361 02:50:40,030 --> 02:50:41,700 in the history of cryptography. 4362 02:50:41,700 --> 02:50:42,678 Now, we're going to talk 4363 02:50:42,678 --> 02:50:44,921 about the different types of cryptography key ciphers 4364 02:50:44,921 --> 02:50:46,000 and primarily we're going 4365 02:50:46,000 --> 02:50:48,700 to be talking about this triple des and AES now. 4366 02:50:48,700 --> 02:50:50,900 This is the digital encryption standard. 4367 02:50:50,900 --> 02:50:53,200 It was developed by IBM in the 1970s. 4368 02:50:53,200 --> 02:50:55,700 And originally it was cryptography Cipher 4369 02:50:55,700 --> 02:50:56,700 named Lucifer 4370 02:50:56,700 --> 02:50:59,500 and after some modifications IBM proposed it as 4371 02:50:59,500 --> 02:51:01,124 digital encryption standard 4372 02:51:01,124 --> 02:51:04,241 and it was selected by the digital encryption standard 4373 02:51:04,241 --> 02:51:06,423 ever since then it's been known as dis. 4374 02:51:06,423 --> 02:51:07,187 Now one thing 4375 02:51:07,187 --> 02:51:09,335 that cost a little bit of controversy was 4376 02:51:09,335 --> 02:51:11,061 during the process of selection 4377 02:51:11,061 --> 02:51:13,900 and it's a requested some changes and it hasn't been 4378 02:51:13,900 --> 02:51:17,100 particularly clear but changes were requested by the NSA. 4379 02:51:17,100 --> 02:51:19,300 There has been some speculation that wondered 4380 02:51:19,300 --> 02:51:20,800 if the NSA was requesting 4381 02:51:20,800 --> 02:51:23,600 a back door into this digital encryption standard 4382 02:51:23,600 --> 02:51:25,100 which would allow them to look 4383 02:51:25,100 --> 02:51:26,800 at encrypted messages in the clear. 4384 02:51:26,800 --> 02:51:29,200 So basically it would always give the NSA 4385 02:51:29,200 --> 02:51:31,900 the ability to decrypt DS encrypted messages. 4386 02:51:31,900 --> 02:51:34,600 It remained the encryption standard for the next couple 4387 02:51:34,600 --> 02:51:35,847 of decades or so. 4388 02:51:35,847 --> 02:51:38,493 So what is this and how does it work? 4389 02:51:38,500 --> 02:51:39,000 Basically? 4390 02:51:39,000 --> 02:51:42,200 It uses 56-bit Keys rather than the stream Cipher. 4391 02:51:42,200 --> 02:51:46,700 It's a block Cipher and it uses a 64-bit blocks and a 1998 - 4392 02:51:46,700 --> 02:51:48,727 was effectively broken when a desk 4393 02:51:48,727 --> 02:51:50,182 If the message was cracked 4394 02:51:50,182 --> 02:51:52,145 and three days a year later a network 4395 02:51:52,145 --> 02:51:53,400 of ten thousand systems 4396 02:51:53,400 --> 02:51:55,700 around the world crack the best encrypted message 4397 02:51:55,700 --> 02:51:56,600 in less than a day 4398 02:51:56,600 --> 02:51:57,900 and it's just gotten worse 4399 02:51:57,900 --> 02:52:01,300 since then with modern computing power being what it is 4400 02:52:01,300 --> 02:52:03,300 since this was actually created 4401 02:52:03,300 --> 02:52:05,535 we already have come to the realization 4402 02:52:05,535 --> 02:52:07,500 that we needed something else. 4403 02:52:07,500 --> 02:52:10,000 So Along Came triple Des 4404 02:52:10,000 --> 02:52:13,050 now triple DES isn't three times the strength 4405 02:52:13,050 --> 02:52:15,172 of desk necessarily it applies. 4406 02:52:15,172 --> 02:52:18,800 There's just three times and what I mean by that is is 4407 02:52:18,800 --> 02:52:21,952 what we do is we take a plain text message then let's call 4408 02:52:21,952 --> 02:52:25,600 that P and we are going to use a key called K 1 and we're going 4409 02:52:25,600 --> 02:52:28,350 to use that key to encrypt a message and use a key 4410 02:52:28,350 --> 02:52:29,800 that will be will call K1 4411 02:52:29,800 --> 02:52:32,446 and we're going to use that to encrypt the message 4412 02:52:32,446 --> 02:52:34,745 and that's going to result in the ciphertext 4413 02:52:34,745 --> 02:52:36,400 and we will call the c 1 so c 1 4414 02:52:36,400 --> 02:52:38,500 the output of the first round of encryption. 4415 02:52:38,500 --> 02:52:40,700 We're going to apply a second key and we'll call 4416 02:52:40,700 --> 02:52:42,300 that K2 with that second key 4417 02:52:42,300 --> 02:52:44,900 and we're going to go through a decryption process 4418 02:52:44,900 --> 02:52:45,600 on see one 4419 02:52:45,600 --> 02:52:46,850 since it's the wrong key. 4420 02:52:46,850 --> 02:52:48,850 We're not going to get plain text out on the 4421 02:52:48,850 --> 02:52:51,700 And what we're going to get is another round of ciphertext 4422 02:52:51,700 --> 02:52:54,533 and we will call this c 2 what we do with c 2. 4423 02:52:54,533 --> 02:52:57,800 We are going to apply a third key and we will call this K 3 4424 02:52:57,800 --> 02:53:00,100 and we're going to encrypt ciphertext c 2 4425 02:53:00,100 --> 02:53:03,000 and that's going to result in another round the ciphertext 4426 02:53:03,000 --> 02:53:04,409 and we will call that c 3. 4427 02:53:04,409 --> 02:53:07,500 So we have 3 different Keys applied in two different ways. 4428 02:53:07,500 --> 02:53:10,900 So with Chi 1 and Chi 3 we do a round of encryption 4429 02:53:10,900 --> 02:53:13,450 and with key to we do a round of decryption. 4430 02:53:13,450 --> 02:53:15,800 So it's an encrypted Crypt and crypt process 4431 02:53:15,800 --> 02:53:18,800 with separate keys while that doesn't really healed. 4432 02:53:18,800 --> 02:53:21,917 A full 168 bit key size the three rounds of encryption 4433 02:53:21,917 --> 02:53:25,400 yields an effective key size of a hundred and sixty eight bits 4434 02:53:25,400 --> 02:53:28,300 because you have to find 356 bit keys. 4435 02:53:28,300 --> 02:53:31,541 So speaking of that technical detail for triple Des. 4436 02:53:31,541 --> 02:53:35,100 We're still using the test block Cipher with 56-bit keys. 4437 02:53:35,100 --> 02:53:37,300 But since we've got three different Keys, 4438 02:53:37,300 --> 02:53:39,800 we get an effective length of around 160 8. 4439 02:53:39,800 --> 02:53:42,900 Bits triple Des was really just a stopgap measure. 4440 02:53:42,900 --> 02:53:45,886 We knew that if test could be broken triple desk 4441 02:53:45,886 --> 02:53:49,000 surely we broke in with just some more time again. 4442 02:53:49,000 --> 02:53:52,451 And so the nest was trying to request a standard 4443 02:53:52,451 --> 02:53:53,759 that was in 1999. 4444 02:53:53,759 --> 02:53:56,900 And in 2001 this published an algorithm 4445 02:53:56,900 --> 02:53:59,256 that was called a s so this algorithm 4446 02:53:59,256 --> 02:54:00,482 that was originally 4447 02:54:00,482 --> 02:54:03,000 called rijndael was published by nist as 4448 02:54:03,000 --> 02:54:06,300 advanced encryption standard some technical specifications 4449 02:54:06,300 --> 02:54:07,600 about a s is 4450 02:54:07,600 --> 02:54:09,800 that the original drained all album specified 4451 02:54:09,800 --> 02:54:11,700 variable block sizes and key lengths 4452 02:54:11,700 --> 02:54:13,723 and as long as those lock sizes 4453 02:54:13,723 --> 02:54:16,400 and key lengths were multiples of 32 bits. 4454 02:54:16,400 --> 02:54:18,100 So 32 64 96, 4455 02:54:18,100 --> 02:54:21,915 and so On you could use those block sizes and key lens 4456 02:54:21,915 --> 02:54:23,500 when a s was published 4457 02:54:23,500 --> 02:54:26,200 a specified a fixed 128-bit block size 4458 02:54:26,200 --> 02:54:26,900 and key length 4459 02:54:26,900 --> 02:54:31,000 of 128 192 and 256 a yes with three different key lengths 4460 02:54:31,000 --> 02:54:32,328 but one block size and 4461 02:54:32,328 --> 02:54:36,000 that's a little bit of detail about desk triple des and AES. 4462 02:54:36,000 --> 02:54:37,600 So when a s was published 4463 02:54:37,600 --> 02:54:40,300 a specified fixed 128-bit block size 4464 02:54:40,400 --> 02:54:44,300 and a key length of 128 192 and 256 bits. 4465 02:54:44,400 --> 02:54:47,338 So we've got with a S3 different key lens, 4466 02:54:47,338 --> 02:54:48,700 but one block size. 4467 02:54:48,700 --> 02:54:50,200 And that was a little bit 4468 02:54:50,200 --> 02:54:54,363 of detail about this triple des and AES will use some of these 4469 02:54:54,363 --> 02:54:57,842 and doing some Hands-On work and the subsequent part 4470 02:54:57,842 --> 02:54:58,700 of this video. 4471 02:54:58,700 --> 02:54:59,000 Okay. 4472 02:54:59,000 --> 02:55:01,232 So now that I've given you a brief history 4473 02:55:01,232 --> 02:55:03,900 of how we have reached to the encryption standards 4474 02:55:03,900 --> 02:55:05,350 that we're following today. 4475 02:55:05,350 --> 02:55:07,500 That is the advanced encryption standard. 4476 02:55:07,500 --> 02:55:08,441 Let's go ahead 4477 02:55:08,441 --> 02:55:12,397 and talk a little bit more about this triple des and AES. 4478 02:55:12,397 --> 02:55:15,065 So this is a digital encryption standard. 4479 02:55:15,065 --> 02:55:18,600 It was developed by IBM in the 1970s and originally it 4480 02:55:18,600 --> 02:55:21,000 it was a cryptographer xi4 named Lucifer 4481 02:55:21,000 --> 02:55:23,771 and after some modifications IBM proposed it as 4482 02:55:23,771 --> 02:55:25,500 the digital encryption standard. 4483 02:55:25,500 --> 02:55:28,100 It was selected to be the digital encryption standard 4484 02:55:28,100 --> 02:55:31,106 and ever since then it's been known as Tes 4485 02:55:31,106 --> 02:55:32,500 or deaths one thing 4486 02:55:32,500 --> 02:55:34,763 that caused a little bit of controversy was 4487 02:55:34,763 --> 02:55:38,182 during the process of selection the NSA requested some changes 4488 02:55:38,182 --> 02:55:40,206 and it hasn't been particularly clear 4489 02:55:40,206 --> 02:55:42,441 what changes were requested by the NSA. 4490 02:55:42,441 --> 02:55:45,500 There has been some sort of speculation that wondered 4491 02:55:45,500 --> 02:55:48,600 if the NSA was requesting a back door into this. 4492 02:55:48,600 --> 02:55:49,900 It'll encryption standard 4493 02:55:49,900 --> 02:55:52,597 which would allow them to look at encrypted messages 4494 02:55:52,597 --> 02:55:53,361 in the clear. 4495 02:55:53,361 --> 02:55:55,600 So basically it would always give the NSA 4496 02:55:55,600 --> 02:55:58,200 the ability to decrypt this encrypted messages. 4497 02:55:58,200 --> 02:56:00,900 It Remains the encryption standard for the next couple 4498 02:56:00,900 --> 02:56:02,300 of decades or so. 4499 02:56:02,400 --> 02:56:05,204 And what is this and how does it work now 4500 02:56:05,204 --> 02:56:08,500 tests Remain the digital standard for encryption 4501 02:56:08,500 --> 02:56:10,448 for the next couple of decades. 4502 02:56:10,448 --> 02:56:12,900 So what does it do and how does it work? 4503 02:56:12,900 --> 02:56:14,366 So basically it uses 4504 02:56:14,366 --> 02:56:17,225 a 56 bit key rather than a stream Cipher. 4505 02:56:17,225 --> 02:56:21,300 It's a block Cipher and it uses 64-bit blocks and in 1998, 4506 02:56:21,300 --> 02:56:23,465 if you know there's was effectively broken 4507 02:56:23,465 --> 02:56:26,159 when a des encrypted message was cracked in three days 4508 02:56:26,159 --> 02:56:28,605 and then a year later a network of 10,000 systems 4509 02:56:28,605 --> 02:56:31,000 around the world crack the Des encrypted message 4510 02:56:31,000 --> 02:56:32,000 unless and a day 4511 02:56:32,000 --> 02:56:33,464 and it's just gotten worse 4512 02:56:33,464 --> 02:56:36,700 since then with modern Computing being what it is today. 4513 02:56:36,700 --> 02:56:39,117 Now since this was created 4514 02:56:39,117 --> 02:56:41,964 and broken we knew we needed something 4515 02:56:42,000 --> 02:56:45,778 and what came in between Advanced encryption standards 4516 02:56:45,778 --> 02:56:48,000 and this is triple Des now triple 4517 02:56:48,000 --> 02:56:51,647 Des is Three times the strength of this necessarily it's really 4518 02:56:51,647 --> 02:56:53,263 there's applied three times 4519 02:56:53,263 --> 02:56:56,600 and what I mean by that is we take a plain text message, 4520 02:56:56,600 --> 02:56:57,376 then let's call 4521 02:56:57,376 --> 02:56:59,688 that P and we are going to use a key called K 4522 02:56:59,688 --> 02:57:02,613 1 and we're going to use that key to encrypt the message 4523 02:57:02,613 --> 02:57:05,059 and that's going to result in the ciphertext one. 4524 02:57:05,059 --> 02:57:07,400 So we'll call that C1 now c 1 is the output 4525 02:57:07,400 --> 02:57:08,858 of the first round of encryption 4526 02:57:08,858 --> 02:57:11,000 and we're going to apply a second key called key 4527 02:57:11,000 --> 02:57:13,093 to and with that second piggy. 4528 02:57:13,093 --> 02:57:17,000 We are going to go through a decryption process on C1 now 4529 02:57:17,000 --> 02:57:18,600 since it's the wrong key we are. 4530 02:57:18,600 --> 02:57:21,332 Not going to get the plain text out of the decryption process 4531 02:57:21,332 --> 02:57:22,240 on the other end. 4532 02:57:22,240 --> 02:57:24,595 We are going to get another round of ciphertext 4533 02:57:24,595 --> 02:57:26,900 and we're going to call that c 2 now with c 2. 4534 02:57:26,900 --> 02:57:29,100 We are going to apply a third key and we are going 4535 02:57:29,100 --> 02:57:32,177 to call that K 3 and we're going to encrypt ciphertext c 2 4536 02:57:32,177 --> 02:57:34,509 and that's going to result in ciphertext C 3 4537 02:57:34,509 --> 02:57:37,600 so we have 3 different Keys applied in two different ways. 4538 02:57:37,600 --> 02:57:41,926 So what Chi 1 Chi 3 we do around of encryption with key to we do 4539 02:57:41,926 --> 02:57:43,300 around a decryption. 4540 02:57:43,300 --> 02:57:46,845 So it's basically an unencrypted decrypt encrypted process 4541 02:57:46,845 --> 02:57:48,400 with three separate keys, 4542 02:57:48,400 --> 02:57:51,861 but It does really is it doesn't really healed 4543 02:57:51,861 --> 02:57:53,353 a 168 bit key size 4544 02:57:53,353 --> 02:57:57,200 because ineffectiveness it's basically 256-bit keys 4545 02:57:57,200 --> 02:57:59,200 that are being used to race it 4546 02:57:59,200 --> 02:58:01,300 whether it be three different keys. 4547 02:58:01,300 --> 02:58:02,600 So ineffectiveness, 4548 02:58:02,600 --> 02:58:05,270 you could say that it's the 168 bit key, 4549 02:58:05,270 --> 02:58:09,000 but it is not the same strength because people realize 4550 02:58:09,000 --> 02:58:11,058 that triple Des can be easily broken 4551 02:58:11,058 --> 02:58:12,475 because if this is broken, 4552 02:58:12,475 --> 02:58:15,200 you can do the same thing with three different ways 4553 02:58:15,200 --> 02:58:17,084 whether whatever key that you use 4554 02:58:17,084 --> 02:58:18,790 so it just takes longer time. 4555 02:58:18,790 --> 02:58:20,600 To decrypt if you don't know the tree 4556 02:58:20,600 --> 02:58:22,900 and if you are just using a Brute Force attack, 4557 02:58:22,900 --> 02:58:25,000 you know that triple Des can be broken 4558 02:58:25,000 --> 02:58:26,500 if this can be broken. 4559 02:58:26,500 --> 02:58:30,800 So triple Des was literally a stop gap between Des and AES 4560 02:58:30,800 --> 02:58:32,000 because people knew 4561 02:58:32,000 --> 02:58:35,200 that we needed something more than triple des and for 4562 02:58:35,200 --> 02:58:36,100 this the NISD 4563 02:58:36,100 --> 02:58:38,100 or the National Institute of Standards 4564 02:58:38,100 --> 02:58:40,100 and technology in 2001. 4565 02:58:40,100 --> 02:58:43,100 They chose a s as the algorithm 4566 02:58:43,100 --> 02:58:46,100 that is now called Advanced encryption algorithm. 4567 02:58:46,100 --> 02:58:48,600 So it was originally called the rijndael algorithm. 4568 02:58:49,100 --> 02:58:52,200 And the main thing about the rijndael algorithm 4569 02:58:52,200 --> 02:58:54,500 and advanced encryption standard algorithm. 4570 02:58:54,500 --> 02:58:55,712 Is that the rijndael 4571 02:58:55,712 --> 02:58:58,300 algorithm specifically States in its papers 4572 02:58:58,300 --> 02:59:00,317 that it has available block size 4573 02:59:00,317 --> 02:59:03,070 and available key size as long as they are 4574 02:59:03,070 --> 02:59:04,300 in multiples of 32. 4575 02:59:04,300 --> 02:59:07,200 So 32 6496 like that. 4576 02:59:07,200 --> 02:59:09,500 But what AES does differently is 4577 02:59:09,500 --> 02:59:11,100 that it gives you one block size 4578 02:59:11,100 --> 02:59:14,900 that is 128 bits and gives you three different key sizes 4579 02:59:14,900 --> 02:59:17,900 that is 128 192 and 256. 4580 02:59:17,900 --> 02:59:20,321 So with AES three different key lens, 4581 02:59:20,321 --> 02:59:21,600 but one block size. 4582 02:59:21,600 --> 02:59:26,441 Okay, so that was a little bit more information on a yes this 4583 02:59:26,441 --> 02:59:27,517 and triple des 4584 02:59:27,600 --> 02:59:29,900 and we are going to be using this information 4585 02:59:29,900 --> 02:59:32,800 in some subsequent lessons Okay now moving on. 4586 02:59:32,800 --> 02:59:33,137 Okay. 4587 02:59:33,137 --> 02:59:36,487 So now that we've discussed the different history of 4588 02:59:36,487 --> 02:59:40,100 cryptography and more important cryptography algorithms. 4589 02:59:40,100 --> 02:59:42,400 Let's discuss the different types of cryptography. 4590 02:59:42,400 --> 02:59:44,500 Now, the first type of cryptography I'm going to talk 4591 02:59:44,500 --> 02:59:48,000 about is symmetric cryptography and by symmetric cryptography, 4592 02:59:48,000 --> 02:59:51,000 I mean Key is the same for encrypting or decrypting. 4593 02:59:51,000 --> 02:59:52,400 So I use the same key 4594 02:59:52,400 --> 02:59:55,800 whether I am encrypting the data or decrypting data. 4595 02:59:55,800 --> 02:59:58,508 Well things about symmetric key cryptography is 4596 02:59:58,508 --> 03:00:00,500 that the use a shorter key length then 4597 03:00:00,500 --> 03:00:02,004 for asymmetric cryptography, 4598 03:00:02,004 --> 03:00:04,100 which I'll get into a couple of minutes. 4599 03:00:04,100 --> 03:00:06,276 It's also faster than a symmetric 4600 03:00:06,276 --> 03:00:09,200 and you can use algorithms like d EAS or a s 4601 03:00:09,200 --> 03:00:12,500 as those are both symmetric key cryptography algorithms 4602 03:00:12,500 --> 03:00:15,100 and you can use a utility like a a script. 4603 03:00:15,100 --> 03:00:16,344 Let me just demonstrate 4604 03:00:16,344 --> 03:00:18,400 how a symmetric key cryptography works. 4605 03:00:18,400 --> 03:00:21,600 So for this we can use a tool called a a script. 4606 03:00:21,600 --> 03:00:24,992 So in a a script is actually available for Linux 4607 03:00:24,992 --> 03:00:27,400 and Windows and Mac all the systems. 4608 03:00:27,400 --> 03:00:28,400 So I'm using it 4609 03:00:28,400 --> 03:00:31,100 on the Windows one and I'm using the console version. 4610 03:00:31,100 --> 03:00:32,700 So first of all, 4611 03:00:32,700 --> 03:00:35,600 I have a text file called text or txt. 4612 03:00:35,600 --> 03:00:37,200 So let me just show that to you. 4613 03:00:37,200 --> 03:00:38,700 So we as you guys can see 4614 03:00:38,700 --> 03:00:42,600 I have this thing called text up txt now to do text or txt. 4615 03:00:42,600 --> 03:00:45,900 All I let me just show what x dot txt contains. 4616 03:00:45,900 --> 03:00:48,600 So as you guys can see it has a sentence. 4617 03:00:48,600 --> 03:00:50,562 The quick brown fox jumped over the lazy dog. 4618 03:00:50,562 --> 03:00:51,450 So that's the sentence 4619 03:00:51,450 --> 03:00:54,300 that has all the alphabets in the English language rather. 4620 03:00:54,300 --> 03:00:56,810 So now we are going to try and encrypt it 4621 03:00:56,810 --> 03:00:58,982 so we can use something like a SIDS 4622 03:00:58,982 --> 03:01:00,259 because both of them 4623 03:01:00,259 --> 03:01:03,900 are symmetric key ciphers symmetric key algorithms rather. 4624 03:01:03,900 --> 03:01:06,561 So we are using AES in this case. 4625 03:01:06,561 --> 03:01:09,638 So what we're going to do is say s script 4626 03:01:09,700 --> 03:01:10,887 I'm going to encrypt it 4627 03:01:10,887 --> 03:01:12,900 and we're going to give you the password 4628 03:01:12,900 --> 03:01:15,400 of let's say Pokemon. 4629 03:01:15,400 --> 03:01:18,000 We're going to call it Pokémon and regarding 4630 03:01:18,300 --> 03:01:20,500 do Do text Dot txt. 4631 03:01:20,500 --> 03:01:22,281 We're gonna encrypt that file. 4632 03:01:22,281 --> 03:01:24,300 So now we have encrypted that file. 4633 03:01:24,300 --> 03:01:26,982 Let's go see we must be having a new file. 4634 03:01:26,982 --> 03:01:29,600 So this is called text or txt that a yes. 4635 03:01:29,600 --> 03:01:31,100 So that is our encrypted file. 4636 03:01:31,100 --> 03:01:34,405 And this is what we would generally send over the network 4637 03:01:34,405 --> 03:01:36,300 if we are sending it to anybody. 4638 03:01:36,300 --> 03:01:38,739 So let's assume the person who's received. 4639 03:01:38,739 --> 03:01:41,300 It also knows our encryption algorithm. 4640 03:01:41,300 --> 03:01:43,535 I mean encryption algorithm and the key 4641 03:01:43,535 --> 03:01:44,803 that goes along with it. 4642 03:01:44,803 --> 03:01:47,563 So let's try to decrypt it now now before I decrypted, 4643 03:01:47,563 --> 03:01:50,373 let me just show you What an encrypted message looks 4644 03:01:50,373 --> 03:01:51,200 like so this is 4645 03:01:51,200 --> 03:01:56,600 what the ciphertext look like a snow text Dot txt. 4646 03:01:56,600 --> 03:01:57,900 The AES. 4647 03:01:57,900 --> 03:01:58,700 So yeah, 4648 03:01:58,700 --> 03:02:01,299 as you guys can see the windows control control 4649 03:02:01,299 --> 03:02:02,300 you she'd everything 4650 03:02:02,300 --> 03:02:06,400 but if I were to go here I will just go into the file 4651 03:02:06,500 --> 03:02:11,600 and just ever notepad plus plus you'll see 4652 03:02:11,600 --> 03:02:13,900 that it's a bunch of crap. 4653 03:02:13,900 --> 03:02:17,616 You really can't make out anything what is being made? 4654 03:02:17,616 --> 03:02:18,557 Here we come. 4655 03:02:18,557 --> 03:02:20,007 Really decipher much. 4656 03:02:20,007 --> 03:02:22,800 So that's the point of using encryption. 4657 03:02:22,800 --> 03:02:24,600 Now if you were to decrypted, 4658 03:02:24,600 --> 03:02:27,800 all you have to do is a script we turned the crib. 4659 03:02:27,800 --> 03:02:30,723 We're trying to give the password is going to be 4660 03:02:30,723 --> 03:02:32,900 what was the password Pokémon I'll K 4661 03:02:32,900 --> 03:02:37,700 so and we're going to try and create text txt. 4662 03:02:37,700 --> 03:02:39,100 The AES. 4663 03:02:39,500 --> 03:02:41,300 Let's dir that again. 4664 03:02:41,800 --> 03:02:44,705 Okay, so that just the crypts are message for us. 4665 03:02:44,705 --> 03:02:45,310 So this is 4666 03:02:45,310 --> 03:02:48,700 how you would use a script for encryption and decryption. 4667 03:02:48,700 --> 03:02:50,400 So that just description and that's 4668 03:02:50,400 --> 03:02:53,000 how you would use symmetric key encryption to encrypt a file 4669 03:02:53,000 --> 03:02:54,653 for this example symmetric key 4670 03:02:54,653 --> 03:02:57,300 uses the either a stream Cipher or a block Cipher 4671 03:02:57,300 --> 03:02:59,957 and the differences between stream or block ciphers. 4672 03:02:59,957 --> 03:03:02,288 Is that block takes a block of bits at a time 4673 03:03:02,288 --> 03:03:03,700 and it's a fixed length. 4674 03:03:03,700 --> 03:03:04,879 For example 64 bits 4675 03:03:04,879 --> 03:03:07,527 if I were to use a block Cipher with 64 bits, 4676 03:03:07,527 --> 03:03:09,440 I would need to take him 64 bits 4677 03:03:09,440 --> 03:03:11,300 before I could start encrypting now 4678 03:03:11,300 --> 03:03:12,637 if I didn't have 64 bits 4679 03:03:12,637 --> 03:03:15,200 to encrypt I would have to fill it with padding 4680 03:03:15,200 --> 03:03:18,013 in order to get up to 64 bits a stream Cipher 4681 03:03:18,013 --> 03:03:19,100 on the Other hand 4682 03:03:19,100 --> 03:03:20,800 it will encrypt a bit at a time. 4683 03:03:20,800 --> 03:03:22,886 So it doesn't matter how many bits you've got. 4684 03:03:22,886 --> 03:03:24,680 You don't need to have some multiple 4685 03:03:24,680 --> 03:03:27,500 of the block length in order to encrypt without padding. 4686 03:03:27,500 --> 03:03:30,667 And another type of cryptography is a symmetric now asymmetric 4687 03:03:30,667 --> 03:03:32,900 as you would expect users to different keys. 4688 03:03:32,900 --> 03:03:35,400 And that's where we have public key and private key 4689 03:03:35,500 --> 03:03:38,500 a symmetric key cryptography uses a longer Keelan 4690 03:03:38,500 --> 03:03:40,208 and also has more computation 4691 03:03:40,208 --> 03:03:42,267 and the encryption process is slower 4692 03:03:42,267 --> 03:03:43,970 with a symmetric key encryption 4693 03:03:43,970 --> 03:03:45,400 and the encryption process 4694 03:03:45,400 --> 03:03:48,047 is slower than with a symmetric key encryption 4695 03:03:48,047 --> 03:03:50,855 while the For symmetric key is for signing documents 4696 03:03:50,855 --> 03:03:52,066 or emails for example, 4697 03:03:52,066 --> 03:03:54,600 but I would have the private key sign something 4698 03:03:54,600 --> 03:03:57,800 and the public key would be used to verify a signature 4699 03:03:57,800 --> 03:03:58,784 and another reason 4700 03:03:58,784 --> 03:04:01,317 for using a symmetric key encryption is to ensure 4701 03:04:01,317 --> 03:04:03,400 that you got it from who actually sent it 4702 03:04:03,400 --> 03:04:04,771 since you've got two keys. 4703 03:04:04,771 --> 03:04:07,511 You always knew who the other end of the equation is 4704 03:04:07,511 --> 03:04:10,100 where it's symmetric key senses just one key. 4705 03:04:10,100 --> 03:04:12,343 If you can intercept the key you can decrypt 4706 03:04:12,343 --> 03:04:13,700 and also encrypt messages. 4707 03:04:13,700 --> 03:04:16,477 And so if somebody can figure out the key you can break 4708 03:04:16,477 --> 03:04:18,689 into a communication stream using symmetric. 4709 03:04:18,689 --> 03:04:20,929 Turkey and scription so asymmetric gives you 4710 03:04:20,929 --> 03:04:22,434 the advantage of ensuring 4711 03:04:22,434 --> 03:04:25,788 that the other end is who the other end says and they are 4712 03:04:25,788 --> 03:04:29,199 since they're the only ones who should have the private key 4713 03:04:29,199 --> 03:04:31,900 and in this particular instance in practice. 4714 03:04:31,900 --> 03:04:34,900 However, however hybrid encryption models tend 4715 03:04:34,900 --> 03:04:36,300 to be used and that's 4716 03:04:36,300 --> 03:04:37,400 where you would use 4717 03:04:37,400 --> 03:04:40,700 a symmetric encryption to encrypt asymmetric session keys. 4718 03:04:40,700 --> 03:04:43,297 So basically you encrypt the message 4719 03:04:43,297 --> 03:04:47,113 that you are sending using symmetric key encryption 4720 03:04:47,113 --> 03:04:47,908 and then you 4721 03:04:47,908 --> 03:04:49,300 when Changing the key 4722 03:04:49,300 --> 03:04:52,700 with somebody else you use a symmetric key encryption. 4723 03:04:52,700 --> 03:04:54,599 So this is going to be a slower process. 4724 03:04:54,599 --> 03:04:57,220 You probably won't want to use it for a smaller files 4725 03:04:57,220 --> 03:04:58,227 in order to do that. 4726 03:04:58,227 --> 03:05:01,100 Fortunately the file example that I have is a smaller one. 4727 03:05:01,100 --> 03:05:04,236 So I'm going to try and generate a key right now. 4728 03:05:04,236 --> 03:05:07,700 So for this we have to head over to our Ubuntu system. 4729 03:05:07,900 --> 03:05:09,100 So let's see. 4730 03:05:09,200 --> 03:05:12,500 Let me show you how public key encryption actually works 4731 03:05:12,600 --> 03:05:15,184 and we are going to first create a key. 4732 03:05:15,184 --> 03:05:17,700 So let me just clear this out for you. 4733 03:05:17,700 --> 03:05:18,680 First of all. 4734 03:05:18,680 --> 03:05:22,600 Let's create a file and let's call that text Dot txt. 4735 03:05:22,821 --> 03:05:23,621 Now. 4736 03:05:23,621 --> 03:05:28,382 If you see we are going to edit text or txt to have some file. 4737 03:05:28,382 --> 03:05:30,215 So have some text in it. 4738 03:05:30,215 --> 03:05:33,500 So there seems to be a warning with the GDK. 4739 03:05:33,600 --> 03:05:36,100 I'll just use Echo instead. 4740 03:05:38,200 --> 03:05:41,400 So now let's see if that is in our file. 4741 03:05:42,100 --> 03:05:42,400 Okay. 4742 03:05:42,400 --> 03:05:45,392 So let me just show you how a symmetric key encryption 4743 03:05:45,392 --> 03:05:47,200 or public key cryptography works. 4744 03:05:47,200 --> 03:05:49,200 So first of all, we need a text file. 4745 03:05:49,200 --> 03:05:51,600 So let me see do we have a text file? 4746 03:05:51,600 --> 03:05:54,059 So there seems to be a text Dot txt. 4747 03:05:54,059 --> 03:05:56,800 So let's see what this text Dot txt says 4748 03:05:56,800 --> 03:05:59,641 so it says that this is a random text file. 4749 03:05:59,641 --> 03:06:01,356 Now, what we want to do is 4750 03:06:01,356 --> 03:06:03,822 we want to create a public key first, 4751 03:06:03,822 --> 03:06:06,700 so I'm going to use openssl for doing this. 4752 03:06:06,700 --> 03:06:08,200 This so we go openssl 4753 03:06:08,200 --> 03:06:09,861 and we are going to use it 4754 03:06:09,861 --> 03:06:12,800 with our say so we're trying to generate a key. 4755 03:06:12,800 --> 03:06:16,800 So generous e and we're going to use this tree to use this 4756 03:06:16,800 --> 03:06:20,720 and we're going to Output it into file called private key. 4757 03:06:20,720 --> 03:06:23,869 So we are also going to be using a 4 0 9 6 bit. 4758 03:06:23,869 --> 03:06:26,513 So this is going to be our private key. 4759 03:06:26,513 --> 03:06:30,200 So this will create a private key using RSA algorithm. 4760 03:06:30,200 --> 03:06:32,200 So let it work its way out. 4761 03:06:32,200 --> 03:06:33,400 So first of all, 4762 03:06:33,400 --> 03:06:35,674 it's asking me for the past three days now, 4763 03:06:35,674 --> 03:06:38,517 so since You can protect your keys with the passphrase. 4764 03:06:38,517 --> 03:06:40,400 So I'm just going to use my name. 4765 03:06:40,400 --> 03:06:41,000 Okay. 4766 03:06:41,000 --> 03:06:42,300 So now we see 4767 03:06:42,300 --> 03:06:46,100 if we LS and we have a private key, I guess. 4768 03:06:46,100 --> 03:06:46,876 Yep. 4769 03:06:46,876 --> 03:06:48,300 So we have this private key. 4770 03:06:48,300 --> 03:06:48,800 Now. 4771 03:06:48,800 --> 03:06:50,500 We're using this private key. 4772 03:06:50,500 --> 03:06:53,010 We are going to generate a public key. 4773 03:06:53,010 --> 03:06:56,200 So for this I'm again going to be using open SSL 4774 03:06:56,300 --> 03:06:58,400 and open SSL is unix-based. 4775 03:06:58,400 --> 03:07:00,600 So you will need a Unix system. 4776 03:07:00,600 --> 03:07:02,300 So you go are say utl. 4777 03:07:02,300 --> 03:07:03,632 That's RC utility. 4778 03:07:03,632 --> 03:07:06,000 And what we want to do is encrypt 4779 03:07:06,500 --> 03:07:08,500 and we want the public key 4780 03:07:08,500 --> 03:07:12,230 in and key and we want to use the public key 4781 03:07:12,230 --> 03:07:14,000 that we just generated. 4782 03:07:14,000 --> 03:07:14,900 I'm sorry guys. 4783 03:07:14,900 --> 03:07:17,500 So we are going to be using Odyssey. 4784 03:07:17,500 --> 03:07:18,592 So first of all, 4785 03:07:18,592 --> 03:07:20,800 we need to generate a public key. 4786 03:07:20,800 --> 03:07:23,300 So for that we use the private key. 4787 03:07:23,300 --> 03:07:26,700 So we will give the private key as an argument 4788 03:07:26,700 --> 03:07:27,870 after the in flag. 4789 03:07:27,870 --> 03:07:31,566 So private key and we are trying to get out a public key. 4790 03:07:31,566 --> 03:07:34,800 So pop out and we're going to call public dot key. 4791 03:07:34,800 --> 03:07:39,500 Okay, so there seems to be Okay. 4792 03:07:39,900 --> 03:07:43,700 I messed it up a little I forgot to give the output 4793 03:07:43,873 --> 03:07:47,026 so you go out and then you use public key. 4794 03:07:47,580 --> 03:07:50,119 So it's asking me for a passphrase 4795 03:07:50,600 --> 03:07:52,800 and now it's writing the are sticky and 4796 03:07:52,800 --> 03:07:54,434 since the password was correct. 4797 03:07:54,434 --> 03:07:55,963 We have a public key to so 4798 03:07:55,963 --> 03:07:58,800 if you see now we have a public key and a private key. 4799 03:07:58,800 --> 03:08:03,285 So we are going to encrypt our file using the public key. 4800 03:08:03,400 --> 03:08:08,300 So we go openssl and we go RS a utl. 4801 03:08:08,700 --> 03:08:13,800 And we go and crypt and we can do pump in. 4802 03:08:14,600 --> 03:08:17,300 So we are going to use the public key 4803 03:08:18,000 --> 03:08:20,946 and we want to put the text at the XT 4804 03:08:20,946 --> 03:08:23,100 as the file to be encrypted. 4805 03:08:23,100 --> 03:08:24,500 So text Dot txt. 4806 03:08:24,600 --> 03:08:28,100 And what we want to Output is an encrypted file. 4807 03:08:28,100 --> 03:08:29,900 So encrypted Dot txt. 4808 03:08:33,100 --> 03:08:38,000 Okay, I call it open SL L need to go and edit that out. 4809 03:08:38,600 --> 03:08:41,300 Yeah, so that makes it a correct command 4810 03:08:41,300 --> 03:08:43,900 and now we have an encrypted file. 4811 03:08:43,900 --> 03:08:47,646 So let's see Alice and yep encrypted dot txt. 4812 03:08:47,646 --> 03:08:49,800 So if you just cut that out, 4813 03:08:50,000 --> 03:08:51,600 so we see it's a bunch of garbage 4814 03:08:51,600 --> 03:08:53,400 and we really can't read it 4815 03:08:53,400 --> 03:08:57,076 unless we decrypt it so or decrypting the key. 4816 03:08:57,076 --> 03:09:00,000 All we have to do is again use openssl. 4817 03:09:00,000 --> 03:09:02,846 Let's clear this out first so openssl. 4818 03:09:03,200 --> 03:09:06,700 And we are going to be using the RC utility again. 4819 03:09:06,700 --> 03:09:07,700 So RSA utl. 4820 03:09:07,700 --> 03:09:09,200 We're going to decrypt this time. 4821 03:09:09,200 --> 03:09:11,200 So we go with the decrypt flag 4822 03:09:11,200 --> 03:09:14,200 and then we are going to be giving the inky 4823 03:09:14,200 --> 03:09:16,100 and that is going to be the private key 4824 03:09:16,600 --> 03:09:22,200 and what we want to decrypt is encrypted the txt. 4825 03:09:22,900 --> 03:09:29,700 And what we want output it is as let's say plain text txt. 4826 03:09:30,200 --> 03:09:32,200 So it's going to ask me for my past rays, 4827 03:09:32,200 --> 03:09:32,961 which is mine. 4828 03:09:32,961 --> 03:09:35,300 Name and I've entered the passphrase and now 4829 03:09:35,300 --> 03:09:37,000 we have a plain text Dot txt. 4830 03:09:37,100 --> 03:09:37,600 Now. 4831 03:09:37,800 --> 03:09:40,500 If we are to go and LS we see 4832 03:09:40,500 --> 03:09:43,100 that we have a plain text txt out here just 4833 03:09:43,100 --> 03:09:44,765 with light info dot txt. 4834 03:09:44,765 --> 03:09:46,500 Let me just cut that out. 4835 03:09:46,500 --> 03:09:49,600 So plain text D XD. 4836 03:09:50,000 --> 03:09:51,500 So this is a random text file. 4837 03:09:51,500 --> 03:09:53,100 And if you go up we see 4838 03:09:53,100 --> 03:09:55,900 that it was a bunch of garbage and before that. 4839 03:09:55,900 --> 03:09:57,672 It was a random text file. 4840 03:09:57,672 --> 03:10:00,400 Now, you can also run this command called 4841 03:10:00,400 --> 03:10:05,600 if plain text Dot Txt text txt. 4842 03:10:05,600 --> 03:10:08,100 So this give you a difference in the text rings. 4843 03:10:08,100 --> 03:10:10,600 So it's zero so it gives you that's the difference. 4844 03:10:10,900 --> 03:10:12,500 So both files are the same 4845 03:10:12,500 --> 03:10:15,100 and that's how public key cryptography works 4846 03:10:15,100 --> 03:10:17,900 and how symmetric key cryptography works. 4847 03:10:18,000 --> 03:10:18,328 Okay. 4848 03:10:18,328 --> 03:10:20,368 Now moving ahead of cryptography. 4849 03:10:20,368 --> 03:10:22,200 Let's talk about certificates. 4850 03:10:22,200 --> 03:10:22,400 Okay. 4851 03:10:22,400 --> 03:10:24,400 So now that we're done with cryptography. 4852 03:10:24,400 --> 03:10:26,400 Let's talk about digital certificates. 4853 03:10:26,400 --> 03:10:28,400 So what is a digital certificate? 4854 03:10:28,400 --> 03:10:31,300 Well, a digital certificate is an electronic password 4855 03:10:31,300 --> 03:10:33,974 that allows a person or can ization to exchange 4856 03:10:33,974 --> 03:10:37,500 data securely over the internet using public key infrastructure. 4857 03:10:37,500 --> 03:10:38,794 So digital certificate 4858 03:10:38,794 --> 03:10:41,149 is also known as a public key certificate 4859 03:10:41,149 --> 03:10:44,796 or an identity certificate now digital certificates are a means 4860 03:10:44,796 --> 03:10:45,800 by which consumers 4861 03:10:45,800 --> 03:10:48,700 and businesses can utilize the Security application 4862 03:10:48,700 --> 03:10:50,400 of public key infrastructure public 4863 03:10:50,400 --> 03:10:53,500 key infrastructure comprises of the technology to enable 4864 03:10:53,500 --> 03:10:56,880 and secure e-commerce and internet based communication. 4865 03:10:56,880 --> 03:11:00,700 So what kind of security does a certificate provide so firstly 4866 03:11:00,700 --> 03:11:02,100 it provides identification 4867 03:11:02,100 --> 03:11:04,400 and Authentication Asian the person or entities 4868 03:11:04,400 --> 03:11:07,562 with whom we are communicating I really who they say they are 4869 03:11:07,562 --> 03:11:09,400 so that is proved by certificates. 4870 03:11:09,400 --> 03:11:13,047 So then we have confidentiality of information within a message 4871 03:11:13,047 --> 03:11:15,000 or transaction is kept confidential. 4872 03:11:15,000 --> 03:11:16,034 It may only be read 4873 03:11:16,034 --> 03:11:17,959 and understood by the intended sender. 4874 03:11:17,959 --> 03:11:20,300 Then there's Integrity there's non-repudiation 4875 03:11:20,300 --> 03:11:22,400 the center cannot deny sending the message 4876 03:11:22,400 --> 03:11:25,769 or transaction the receiver really get to non-repudiation 4877 03:11:25,769 --> 03:11:26,727 and I'll explain 4878 03:11:26,727 --> 03:11:29,800 how non-repudiation comes into digital certificates. 4879 03:11:29,800 --> 03:11:32,319 So digital certificates are actually issued 4880 03:11:32,319 --> 03:11:34,300 by By authorities who are business 4881 03:11:34,300 --> 03:11:37,476 who make it their business to actually certify certify people 4882 03:11:37,476 --> 03:11:40,300 and their organization with digital certificates. 4883 03:11:40,300 --> 03:11:43,000 Now, you can see these on Google Chrome now, 4884 03:11:43,000 --> 03:11:44,900 let me just open Chrome for you guys 4885 03:11:44,900 --> 03:11:46,300 and you can see it out here. 4886 03:11:46,300 --> 03:11:47,800 You can see certificates 4887 03:11:47,800 --> 03:11:50,848 and you can go into the issue of statements and you can go 4888 03:11:50,848 --> 03:11:52,142 and all sorts of stuff 4889 03:11:52,142 --> 03:11:54,836 so you can see it's issued by encrypt Authority X3. 4890 03:11:54,836 --> 03:11:57,800 So that's an issuing authority for digital certificates. 4891 03:11:57,800 --> 03:12:00,400 Now that was all about the theory of certificates. 4892 03:12:00,400 --> 03:12:02,800 Let's go and see how you can create one. 4893 03:12:02,800 --> 03:12:05,100 Go to create a digital certificate. 4894 03:12:05,100 --> 03:12:08,715 We are going to be using the openssl tool again. 4895 03:12:09,800 --> 03:12:10,785 So first of all, 4896 03:12:10,785 --> 03:12:13,434 let me show you how to create a certificate. 4897 03:12:13,434 --> 03:12:16,700 So we are going to be using the openssl tool for that. 4898 03:12:16,700 --> 03:12:19,000 So first of all, let me clear the screen out. 4899 03:12:19,000 --> 03:12:21,200 So in this case, I'm going to generate a certificate 4900 03:12:21,200 --> 03:12:22,300 Authority certificate. 4901 03:12:22,300 --> 03:12:24,400 So I'm doing an artistic key here to use 4902 03:12:24,400 --> 03:12:25,700 inside the certificate. 4903 03:12:25,700 --> 03:12:26,659 So first of all, 4904 03:12:26,659 --> 03:12:28,688 I need to generate a private key. 4905 03:12:28,688 --> 03:12:30,400 So to do that as I had just 4906 03:12:30,400 --> 03:12:34,500 showed you guys we can use the openssl tool ego openssl 4907 03:12:34,600 --> 03:12:37,400 and Jen are say and we're going 4908 03:12:37,400 --> 03:12:42,600 to use test three then Ouches and let's call it c 4909 03:12:42,600 --> 03:12:45,292 a DOT key and we're going to use 4 0 4910 03:12:45,292 --> 03:12:48,600 9 6 this so I'm doing an RSA key here to use 4911 03:12:48,600 --> 03:12:51,050 inside the certificate some generating private key and 4912 03:12:51,050 --> 03:12:53,600 the private key is used as a part of the certificate 4913 03:12:53,600 --> 03:12:56,200 and there's a public key associated with the certificate. 4914 03:12:56,200 --> 03:12:57,600 So you've got public and private 4915 03:12:57,600 --> 03:12:59,900 key and data gets encrypted with the public key 4916 03:12:59,900 --> 03:13:02,343 and then gets decrypted with the private key. 4917 03:13:02,343 --> 03:13:04,948 So they are mathematically linked that the public 4918 03:13:04,948 --> 03:13:05,719 and private key 4919 03:13:05,719 --> 03:13:08,600 because you need one for the end of the communication the 4920 03:13:08,600 --> 03:13:11,400 and the other for the the other end of the communication 4921 03:13:11,400 --> 03:13:13,663 and they have to be linked so that the data 4922 03:13:13,663 --> 03:13:14,781 that gets encrypted 4923 03:13:14,781 --> 03:13:17,700 with one key catch to be decrypted with other key. 4924 03:13:17,700 --> 03:13:19,700 So this is asking for a passphrase 4925 03:13:19,700 --> 03:13:22,000 and so I'm going to be giving 4926 03:13:22,000 --> 03:13:26,599 my name as a passphrase so that has generated the key for us. 4927 03:13:26,600 --> 03:13:29,600 So now I'm going to generate the certificate itself. 4928 03:13:29,600 --> 03:13:32,600 So I'm going to be using the openssl utility. 4929 03:13:32,600 --> 03:13:37,100 So first of all, you say openssl nice a request, 4930 03:13:37,100 --> 03:13:38,900 so it will be a new request 4931 03:13:38,900 --> 03:13:42,500 and it's going to be An x.509 request it's going 4932 03:13:42,500 --> 03:13:44,700 to be valid for 365 days. 4933 03:13:45,500 --> 03:13:49,500 And let's see the key is going to be see a DOT key 4934 03:13:49,907 --> 03:13:52,600 and we're going to Output it into CA 4935 03:13:52,600 --> 03:13:55,300 or let's call it at Eureka dot 4936 03:13:55,300 --> 03:13:59,600 c r t so this is certificate that I'm producing in the name 4937 03:13:59,600 --> 03:14:01,475 of the company that I'm working for. 4938 03:14:01,475 --> 03:14:02,600 So that is at Eureka. 4939 03:14:02,600 --> 03:14:05,494 So it says it's unable to load the private key. 4940 03:14:05,494 --> 03:14:08,400 Let me just see as the private key existing. 4941 03:14:08,600 --> 03:14:09,500 I had a previous. 4942 03:14:09,500 --> 03:14:10,154 Private key. 4943 03:14:10,154 --> 03:14:11,300 So let me just remove 4944 03:14:11,300 --> 03:14:14,014 that doesn't have a see a DOT key seems 4945 03:14:14,014 --> 03:14:16,300 like I put the name differently. 4946 03:14:16,600 --> 03:14:19,900 So let me just try that again openssl 4947 03:14:20,600 --> 03:14:23,287 and we do request 4948 03:14:23,287 --> 03:14:24,825 so we are requesting 4949 03:14:25,200 --> 03:14:29,000 new certificate and it's going to be x509 4950 03:14:30,700 --> 03:14:41,200 and it's going to be there for 365 days and key is He 4951 03:14:41,200 --> 03:14:43,300 apparently that's where it's cold out here. 4952 03:14:43,300 --> 03:14:48,600 So and it's going to be out into Eddie record CRT. 4953 03:14:48,700 --> 03:14:51,700 That's another so let's enter the past three. 4954 03:14:51,700 --> 03:14:53,107 So it's my name. 4955 03:14:53,200 --> 03:14:55,500 So now it's going to ask me a bunch of information 4956 03:14:55,500 --> 03:14:57,400 that's going to be inside the certificate. 4957 03:14:57,400 --> 03:14:59,766 So let's say it's asking the country name 4958 03:14:59,766 --> 03:15:01,600 against let's put in the state. 4959 03:15:02,200 --> 03:15:02,700 Okay. 4960 03:15:02,700 --> 03:15:05,700 So iin State Province named some states. 4961 03:15:05,700 --> 03:15:08,500 So Bangalore look ality. 4962 03:15:08,500 --> 03:15:12,400 Let's say white Field organization name is Eddie. 4963 03:15:12,400 --> 03:15:16,400 Rekha unit name brain Force common name. 4964 03:15:16,400 --> 03:15:18,560 Let's leave that out email address. 4965 03:15:18,560 --> 03:15:22,200 Let's leave that out too, and we have a certificate. 4966 03:15:22,200 --> 03:15:24,824 So if you go and list all your files, 4967 03:15:24,824 --> 03:15:28,915 you'll see that there is a certificate called any record 4968 03:15:28,915 --> 03:15:30,052 or CRT out here, 4969 03:15:30,052 --> 03:15:31,400 which is highlighted. 4970 03:15:31,400 --> 03:15:32,100 Okay. 4971 03:15:32,100 --> 03:15:34,800 So now if you want to view this file, 4972 03:15:34,800 --> 03:15:39,700 you could always use the openssl you can always use the openssl. 4973 03:15:39,700 --> 03:15:43,800 Utility, so you say you want to read an extra five nine request 4974 03:15:43,800 --> 03:15:45,300 and you wanted to text 4975 03:15:45,400 --> 03:15:49,600 and what you want to see is at Eureka CRT. 4976 03:15:50,300 --> 03:15:52,761 Okay, so that is the certificate. 4977 03:15:52,761 --> 03:15:53,800 So you see 4978 03:15:53,800 --> 03:15:57,279 that it has all the signature it has signature algorithm. 4979 03:15:57,279 --> 03:16:00,200 It has all the information about the certificate 4980 03:16:00,300 --> 03:16:04,500 and it says signature issuer is cin and state Bangalore 4981 03:16:04,500 --> 03:16:06,227 and location right field. 4982 03:16:06,227 --> 03:16:08,300 I wreck up reinforce velocity. 4983 03:16:08,300 --> 03:16:09,900 It has all sorts of information. 4984 03:16:09,900 --> 03:16:11,000 Nation so that was all 4985 03:16:11,000 --> 03:16:14,600 about digital certificates how who issues digital certificates? 4986 03:16:14,600 --> 03:16:15,906 Where are they useful? 4987 03:16:15,906 --> 03:16:18,100 So this is basically non-repudiation. 4988 03:16:18,100 --> 03:16:20,900 So nobody can say with this certificate that 4989 03:16:20,900 --> 03:16:24,881 if this certificate is included in some sort of website 4990 03:16:24,881 --> 03:16:28,300 and that website tends to be samples malicious 4991 03:16:28,300 --> 03:16:30,600 and there's a complaint now the website can go 4992 03:16:30,600 --> 03:16:33,200 to a court of law and say they didn't know about this 4993 03:16:33,200 --> 03:16:34,369 because the certificate 4994 03:16:34,369 --> 03:16:36,523 that was included had their private key and 4995 03:16:36,523 --> 03:16:39,378 private key was only supposed to be known to the company 4996 03:16:39,378 --> 03:16:41,605 so that Non-repudiation you just don't deny 4997 03:16:41,605 --> 03:16:42,900 that you didn't do it. 4998 03:16:42,900 --> 03:16:46,200 Okay, so that was all about certificate not moving on. 4999 03:16:46,200 --> 03:16:46,500 Okay. 5000 03:16:46,500 --> 03:16:48,465 So moving on we're going to be talking 5001 03:16:48,465 --> 03:16:49,900 about cryptography caching. 5002 03:16:50,000 --> 03:16:52,269 And while the word cryptography is in 5003 03:16:52,269 --> 03:16:55,800 the term cryptography caching and it does lead to believe 5004 03:16:55,800 --> 03:16:57,250 that there is encryption Vault. 5005 03:16:57,250 --> 03:17:00,000 There is no encryption involved in a cryptographic hash. 5006 03:17:00,000 --> 03:17:02,200 There is a significant difference between hashing 5007 03:17:02,200 --> 03:17:04,500 and any sort of encryption and that is primarily 5008 03:17:04,500 --> 03:17:06,558 that encryption is a two-way process 5009 03:17:06,558 --> 03:17:09,591 when I encrypt a piece of data or a file or anything else. 5010 03:17:09,591 --> 03:17:11,885 So what I'm doing is putting it into a state 5011 03:17:11,885 --> 03:17:14,776 where I expect it to be able to get it back out again, 5012 03:17:14,776 --> 03:17:15,600 in other words 5013 03:17:15,600 --> 03:17:18,057 when I interrupt a file expect it to be able 5014 03:17:18,057 --> 03:17:19,524 to decrypt the file and get 5015 03:17:19,524 --> 03:17:21,100 the original contents hashing 5016 03:17:21,100 --> 03:17:23,100 is a one-way function on the other hand. 5017 03:17:23,100 --> 03:17:26,382 Once I've hashed piece of data or file there is no expectation 5018 03:17:26,382 --> 03:17:28,500 and ability to get the original piece 5019 03:17:28,500 --> 03:17:31,700 of data back hashing generates a fixed length value 5020 03:17:31,700 --> 03:17:32,600 and different types 5021 03:17:32,600 --> 03:17:35,000 of hashing will generate different length values. 5022 03:17:35,000 --> 03:17:38,294 For example, md5 will generate a different length value 5023 03:17:38,294 --> 03:17:41,100 than sha-1 And they're both hashing algorithms, 5024 03:17:41,100 --> 03:17:43,256 but they generate different length values 5025 03:17:43,256 --> 03:17:45,573 and the resulting value from a hash function 5026 03:17:45,573 --> 03:17:48,700 should be no relation at all to the original piece of data. 5027 03:17:48,700 --> 03:17:49,700 As a matter of fact, 5028 03:17:49,900 --> 03:17:51,800 if two inputs generate the same hash value 5029 03:17:51,800 --> 03:17:54,300 it's called the collision and if you can generate collisions, 5030 03:17:54,300 --> 03:17:55,800 you may be able to get a point 5031 03:17:55,800 --> 03:17:57,650 where you can generate a piece of data 5032 03:17:57,650 --> 03:17:59,700 that are going to generate the same hash values 5033 03:17:59,700 --> 03:18:02,250 and that leads you to the potential ability to break 5034 03:18:02,250 --> 03:18:03,700 the particular hashing algorithm 5035 03:18:03,700 --> 03:18:04,800 that you're using. 5036 03:18:04,800 --> 03:18:06,391 So what we can use hash is 5037 03:18:06,391 --> 03:18:09,553 for well one thing we can use hashes for file in text. 5038 03:18:09,553 --> 03:18:10,647 T we can run a hash 5039 03:18:10,647 --> 03:18:13,000 on a file and get a value back and later. 5040 03:18:13,000 --> 03:18:13,600 We can check 5041 03:18:13,600 --> 03:18:15,657 that the value make sure if it's the same 5042 03:18:15,657 --> 03:18:17,200 if it's the same I can be sure 5043 03:18:17,200 --> 03:18:19,815 that the same file was hashed in both instances. 5044 03:18:19,815 --> 03:18:22,932 So let me just show you an example of what I just said 5045 03:18:22,932 --> 03:18:24,800 that if we Hash a file we will get 5046 03:18:24,800 --> 03:18:27,862 the same hash every time so remember the certificate 5047 03:18:27,862 --> 03:18:29,112 that we just created. 5048 03:18:29,112 --> 03:18:30,600 Let me just log in again. 5049 03:18:30,600 --> 03:18:31,700 So we are going 5050 03:18:31,700 --> 03:18:35,735 to Hash this certificate and it will create a certain hash 5051 03:18:35,735 --> 03:18:37,281 and we are going to see 5052 03:18:37,281 --> 03:18:39,514 that every time we hash it we are. 5053 03:18:39,514 --> 03:18:40,800 Being the same hash 5054 03:18:40,800 --> 03:18:44,793 so we can use this command called md5sum and we can do 5055 03:18:44,793 --> 03:18:46,300 Eddie record or CRT. 5056 03:18:46,300 --> 03:18:48,200 So this is the harsh produced 5057 03:18:48,200 --> 03:18:51,100 after you've hatched at your record or CRT. 5058 03:18:51,100 --> 03:18:53,800 So if I do an md5 again, 5059 03:18:53,900 --> 03:18:55,886 so md5 is a hashing algorithm 5060 03:18:55,886 --> 03:18:58,900 that you should move so at your record or CRT 5061 03:18:58,900 --> 03:19:00,111 and it will produce 5062 03:19:00,111 --> 03:19:03,300 very similar has let's see a sha-1 works like this. 5063 03:19:03,300 --> 03:19:05,700 So sha-1 and you record or CRT? 5064 03:19:05,800 --> 03:19:06,765 Okay, Xiao Chuan 5065 03:19:06,765 --> 03:19:09,600 is sha the shuffle in the shower you tools back? 5066 03:19:09,600 --> 03:19:10,000 Courage. 5067 03:19:10,000 --> 03:19:12,600 Okay, so I proved my point that but md5 5068 03:19:12,600 --> 03:19:14,900 if it is cryptography hashing algorithm. 5069 03:19:14,900 --> 03:19:16,668 We are getting the same hash back. 5070 03:19:16,668 --> 03:19:19,058 So if you are able to produce the same hash 5071 03:19:19,058 --> 03:19:22,000 that means you have broken the algorithm in itself. 5072 03:19:22,000 --> 03:19:23,900 So if you run md5 on the knocks, 5073 03:19:23,900 --> 03:19:27,000 you can get a version of md5 and md5 summation program 5074 03:19:27,000 --> 03:19:28,300 on Windows and Mac OS 5075 03:19:28,300 --> 03:19:31,300 where with the utility md5 is does the same thing. 5076 03:19:31,300 --> 03:19:34,300 So I just showed you the file and I hashed it 5077 03:19:34,300 --> 03:19:37,980 and another reason we use hashing is we are storing 5078 03:19:37,980 --> 03:19:39,600 passwords so password. 5079 03:19:39,600 --> 03:19:41,923 Stored after hashing, we hashed passwords. 5080 03:19:41,923 --> 03:19:44,100 And the reason for hashing password is 5081 03:19:44,100 --> 03:19:46,700 so you're not storing the password in clear text 5082 03:19:46,700 --> 03:19:48,220 which would be easily seen in 5083 03:19:48,220 --> 03:19:50,285 if you got it protected with low emissions 5084 03:19:50,285 --> 03:19:52,900 if I hashed password every time I hash the password, 5085 03:19:52,900 --> 03:19:55,900 I'm going to get the same value back from the same algorithm. 5086 03:19:55,900 --> 03:19:57,813 So what I do is store the hash and some sort 5087 03:19:57,813 --> 03:20:00,413 of password database since it's a one-way function. 5088 03:20:00,413 --> 03:20:02,957 You can't get the password back directly from the hash. 5089 03:20:02,957 --> 03:20:04,700 Now what you can do with most password 5090 03:20:04,700 --> 03:20:06,958 cracking programs do some variation of this 5091 03:20:06,958 --> 03:20:09,672 and you just generate hashes against list of words. 5092 03:20:09,672 --> 03:20:11,260 If you look at a hash value 5093 03:20:11,260 --> 03:20:13,035 that matches the one in the password 5094 03:20:13,035 --> 03:20:14,100 once you get the hash 5095 03:20:14,100 --> 03:20:16,400 that matches the one in the password, you know, 5096 03:20:16,400 --> 03:20:17,500 what password is there 5097 03:20:17,500 --> 03:20:20,000 and here and we come back to the idea of collisions 5098 03:20:20,000 --> 03:20:21,700 if I can take two different strings 5099 03:20:21,700 --> 03:20:23,615 of characters and get the same values back 5100 03:20:23,615 --> 03:20:25,258 and it's easier to crack the password 5101 03:20:25,258 --> 03:20:27,987 because I mean not necessarily get the password with the hash 5102 03:20:27,987 --> 03:20:30,588 that I get back from particular string of data is the same 5103 03:20:30,588 --> 03:20:32,588 as that I get from the original password, 5104 03:20:32,588 --> 03:20:34,721 then it doesn't matter whether I know the password 5105 03:20:34,721 --> 03:20:35,750 because the string of data 5106 03:20:35,750 --> 03:20:38,400 that I put in is going to generate the same hash value 5107 03:20:38,400 --> 03:20:41,300 that you're going to compare when Login and this hash value 5108 03:20:41,300 --> 03:20:42,374 will just give you 5109 03:20:42,374 --> 03:20:44,968 that as valid and you will be able to login. 5110 03:20:44,968 --> 03:20:47,200 So suppose the password that you chose 5111 03:20:47,200 --> 03:20:49,200 while making your account is dog 5112 03:20:49,200 --> 03:20:52,300 and the dog word produces this hash value 5113 03:20:52,400 --> 03:20:56,100 and if I were to like hash cat 5114 03:20:56,100 --> 03:20:58,308 with the same algorithm and if the other 5115 03:20:58,308 --> 03:20:59,900 than was prone to collisions, 5116 03:20:59,900 --> 03:21:02,278 it might produce the same hash value as dog. 5117 03:21:02,278 --> 03:21:05,319 So with the password cat I could open up your password. 5118 03:21:05,319 --> 03:21:07,300 I mean I could open up your account. 5119 03:21:07,300 --> 03:21:09,798 So that was all about hashing and hashing. 5120 03:21:09,798 --> 03:21:11,200 Rhythms, let's move on. 5121 03:21:11,200 --> 03:21:11,500 Okay. 5122 03:21:11,500 --> 03:21:12,900 So in this part of the video, 5123 03:21:12,900 --> 03:21:15,700 we are going to go over SSL and TLS 5124 03:21:16,000 --> 03:21:18,400 or SSL and TLS are ways of doing encryption 5125 03:21:18,400 --> 03:21:21,100 and they were developed in order to do encryption 5126 03:21:21,100 --> 03:21:24,400 between websites web servers and clients or browsers. 5127 03:21:24,400 --> 03:21:27,600 SSL was originally developed by a company called Netscape and 5128 03:21:27,600 --> 03:21:29,850 if you don't remember Netscape eventually spun 5129 03:21:29,850 --> 03:21:32,200 off their source code and became Mozilla project 5130 03:21:32,200 --> 03:21:33,560 where we get Firefox 5131 03:21:33,560 --> 03:21:37,300 from so back in 1995 Netscape released version 2 of SSL, 5132 03:21:37,300 --> 03:21:40,396 and there was a version one, but nothing was Done with it. 5133 03:21:40,396 --> 03:21:43,729 So we got the version 2 of SSL and that was used for encryption 5134 03:21:43,729 --> 03:21:45,724 of web transmission between the server 5135 03:21:45,724 --> 03:21:47,883 and the browser to do a whole number 5136 03:21:47,883 --> 03:21:49,585 of flaws between the server 5137 03:21:49,585 --> 03:21:52,774 and the browser now SSL version 2 had a whole number 5138 03:21:52,774 --> 03:21:55,400 of flaws and SSL to has the type of flowers 5139 03:21:55,400 --> 03:21:58,000 that can lead to decryption of messages without actually 5140 03:21:58,000 --> 03:21:59,300 having the correct keys 5141 03:21:59,300 --> 03:22:01,500 and not being the right endpoints 5142 03:22:01,500 --> 03:22:05,100 and so Netscape released SSL version 3 in 1996. 5143 03:22:05,100 --> 03:22:07,700 And so we get SSL 3.0 which is better 5144 03:22:07,700 --> 03:22:09,681 than 2.0 but it still hurts. 5145 03:22:09,681 --> 03:22:12,300 Some issues and so in 1999 we ended up 5146 03:22:12,300 --> 03:22:14,200 with TLS now SSL is secure 5147 03:22:14,200 --> 03:22:17,300 socket layer and TLS is transport layer security. 5148 03:22:17,300 --> 03:22:19,200 They both accomplished the same sort of thing 5149 03:22:19,200 --> 03:22:21,300 and they're designed for primarily doing encryption 5150 03:22:21,300 --> 03:22:23,018 between web server and web browsers 5151 03:22:23,018 --> 03:22:25,707 because we want to be able to encrypt the type of traffic. 5152 03:22:25,707 --> 03:22:28,207 So let me show you what kind of traffic looks like. 5153 03:22:28,207 --> 03:22:29,100 So first of all, 5154 03:22:29,100 --> 03:22:31,300 let me open bar shop and out here. 5155 03:22:31,300 --> 03:22:34,082 I already have a TLS scan ready for you guys 5156 03:22:34,082 --> 03:22:36,991 that you can see we have all sorts of TLS data 5157 03:22:36,991 --> 03:22:37,941 so you can see 5158 03:22:37,941 --> 03:22:41,200 that here's my source and it's 32 and destination 5159 03:22:41,200 --> 03:22:42,700 is sound 6 1 2. 5160 03:22:42,700 --> 03:22:45,500 4050 9.46 doing a client key exchange 5161 03:22:45,500 --> 03:22:48,600 and the chain Cipher suspect and Krypton handshake message 5162 03:22:48,600 --> 03:22:50,700 and then we start getting application data. 5163 03:22:50,700 --> 03:22:52,800 So there are some other steps involved here 5164 03:22:52,800 --> 03:22:54,100 and you're not seeing all of it 5165 03:22:54,100 --> 03:22:55,900 with this particular Wireshark capture 5166 03:22:55,900 --> 03:22:57,229 because again, you know, 5167 03:22:57,229 --> 03:22:58,700 we get fragmented packets 5168 03:22:58,700 --> 03:23:00,900 and at some point it starts getting encrypted 5169 03:23:00,900 --> 03:23:02,344 and you can see it anyways 5170 03:23:02,344 --> 03:23:03,200 because wash out 5171 03:23:03,200 --> 03:23:05,808 without having the key can decrypt those messages 5172 03:23:05,808 --> 03:23:07,150 but one ends up happening 5173 03:23:07,150 --> 03:23:08,600 is the client sends a hello 5174 03:23:08,600 --> 03:23:10,350 and the silver is Ponce with a Hello 5175 03:23:10,350 --> 03:23:12,800 and they end up exchanging information as part 5176 03:23:12,800 --> 03:23:15,300 of that now including version numbers supported 5177 03:23:15,300 --> 03:23:16,771 and you get random number 5178 03:23:16,771 --> 03:23:19,851 and the clients going to send out a number of surface suits 5179 03:23:19,851 --> 03:23:23,300 that may want support and order and it can support the server 5180 03:23:23,300 --> 03:23:25,800 and it's going to pick from those sweet of ciphers. 5181 03:23:25,800 --> 03:23:28,880 Now, then we start doing the key exchange and then 5182 03:23:28,880 --> 03:23:32,400 do the change Cipher spect and from the client and server 5183 03:23:32,400 --> 03:23:35,123 and eventually the server just sends a finished message 5184 03:23:35,123 --> 03:23:35,923 and at the point 5185 03:23:35,923 --> 03:23:38,108 we've got this encrypted communication going on, 5186 03:23:38,108 --> 03:23:39,249 but there's this handshake 5187 03:23:39,249 --> 03:23:41,900 that Zone between the two systems and there's a number 5188 03:23:41,900 --> 03:23:43,577 of different types of handshakes depending 5189 03:23:43,577 --> 03:23:44,600 on the type of end points 5190 03:23:44,600 --> 03:23:45,300 that you've got. 5191 03:23:45,300 --> 03:23:47,774 But that's the type of communication that goes on 5192 03:23:47,774 --> 03:23:50,300 between servers and the client one important thing 5193 03:23:50,300 --> 03:23:51,800 about using SSL and TLS is 5194 03:23:51,800 --> 03:23:54,300 as I mentioned some of the earlier versions had 5195 03:23:54,300 --> 03:23:56,272 vulnerabilities in them and you want to make sure 5196 03:23:56,272 --> 03:23:58,299 that the server's aren't actually running those. 5197 03:23:58,299 --> 03:24:00,500 So you want to run some scans to figure out the type 5198 03:24:00,500 --> 03:24:03,000 of calls and ciphers that different systems you 5199 03:24:03,000 --> 03:24:05,800 so for this we can use something called SSL scan. 5200 03:24:05,800 --> 03:24:08,100 So this is available for Unix. 5201 03:24:08,100 --> 03:24:09,330 Not really sure. 5202 03:24:09,600 --> 03:24:11,300 If there is something 5203 03:24:11,300 --> 03:24:13,849 that is similar for Windows or Mac, 5204 03:24:13,849 --> 03:24:18,200 but on Unix based system that is Linux we can use SSL scan. 5205 03:24:18,200 --> 03:24:19,900 So let me just show you how to use 5206 03:24:19,900 --> 03:24:21,900 that clear as far out. 5207 03:24:22,300 --> 03:24:25,838 So what we can do is run SSL scan again suppose 5208 03:24:25,838 --> 03:24:28,600 www dot Ed u-- record dotco. 5209 03:24:30,600 --> 03:24:31,900 So we're doing Isis can hear 5210 03:24:31,900 --> 03:24:34,037 against the website and you can see it's going out 5211 03:24:34,037 --> 03:24:36,000 and probing all the different types of ciphers 5212 03:24:36,000 --> 03:24:39,100 after you know on this system start with SSL V3 5213 03:24:39,100 --> 03:24:40,409 and are going to TLS 5214 03:24:40,409 --> 03:24:43,500 version 1 and we could force as a substantive try 5215 03:24:43,500 --> 03:24:44,585 to do an SSL V2. 5216 03:24:44,585 --> 03:24:47,500 If I scroll back up here I get the surface I 5217 03:24:47,500 --> 03:24:51,200 Firs which is SSL version 3 it's using RSA 5218 03:24:51,300 --> 03:24:53,400 and it's using RSA for the asymmetric. 5219 03:24:53,400 --> 03:24:55,300 Now in order to do the key exchange and 5220 03:24:55,300 --> 03:24:57,800 once we get the session key up we're going to do use AES 5221 03:24:57,800 --> 03:24:59,200 256 and then we're going 5222 03:24:59,200 --> 03:25:02,400 to use the secure hash algorithm to do the message authentication 5223 03:25:02,400 --> 03:25:03,200 or the Mac. 5224 03:25:03,200 --> 03:25:04,905 It's something calls the hmac 5225 03:25:04,905 --> 03:25:07,380 for the hashed message authentication code and 5226 03:25:07,380 --> 03:25:09,800 what it does is simply hashes the MAC address 5227 03:25:09,800 --> 03:25:12,527 that you would check one side against the other to make sure 5228 03:25:12,527 --> 03:25:14,100 that the message hasn't been fitted 5229 03:25:14,100 --> 03:25:15,200 with in transmission. 5230 03:25:15,200 --> 03:25:16,900 You can see here all the different types 5231 03:25:16,900 --> 03:25:19,864 of Cipher suits that are available peers TLS running rc4 5232 03:25:19,864 --> 03:25:21,100 at 40 bits using md5. 5233 03:25:21,100 --> 03:25:22,700 So that would be a pretty vulnerable type 5234 03:25:22,700 --> 03:25:24,900 of communication to use and between the server 5235 03:25:24,900 --> 03:25:27,000 and the client 40-bit Cipher using rc4 is 5236 03:25:27,000 --> 03:25:29,750 a low strength Cipher and we would definitely Recommend 5237 03:25:29,750 --> 03:25:32,400 that clients remove those from the support of ciphers 5238 03:25:32,400 --> 03:25:33,850 that they have on their server. 5239 03:25:33,850 --> 03:25:35,600 All that configuration would be done 5240 03:25:35,600 --> 03:25:37,247 at the web server as well as 5241 03:25:37,247 --> 03:25:40,500 when you generated your key and your certificates normally 5242 03:25:40,500 --> 03:25:43,300 certificates would be handled by a certificate Authority. 5243 03:25:43,400 --> 03:25:45,450 Now, you can also self-signed certificates 5244 03:25:45,450 --> 03:25:47,550 and have those installed in your web server 5245 03:25:47,550 --> 03:25:49,600 in order to Communications with your clients 5246 03:25:49,600 --> 03:25:53,100 that the challenge with that is browsers today warned when they 5247 03:25:53,100 --> 03:25:55,776 see a certificate against the certificate Authority 5248 03:25:55,776 --> 03:25:58,805 that is entrusted of it and it doesn't have any certificate. 5249 03:25:58,805 --> 03:26:00,500 Aditi tall so you'll get a warning 5250 03:26:00,500 --> 03:26:01,580 in your browser indicating. 5251 03:26:01,580 --> 03:26:03,349 There may be a problem with your certificate 5252 03:26:03,349 --> 03:26:04,878 if your clients are Savvy enough and 5253 03:26:04,878 --> 03:26:06,800 if the users are Savvy enough you may be able 5254 03:26:06,800 --> 03:26:09,658 to make use of these self fine self-signed certificates 5255 03:26:09,658 --> 03:26:11,108 and save yourself some money, 5256 03:26:11,108 --> 03:26:12,960 but generally it's not recommended simply 5257 03:26:12,960 --> 03:26:15,600 because clients are starting to get these bad certificates 5258 03:26:15,600 --> 03:26:16,900 and when they run across one 5259 03:26:16,900 --> 03:26:19,146 that's really a problem a real Rogue certificate. 5260 03:26:19,146 --> 03:26:21,300 They're going to ignore the certificate message 5261 03:26:21,300 --> 03:26:23,321 in the browser and just go to the sites 5262 03:26:23,321 --> 03:26:26,300 that could have malicious purposes in mind and may end up 5263 03:26:26,300 --> 03:26:29,174 compromising the clients or customers or users. 5264 03:26:29,174 --> 03:26:30,300 That's SSL and TLS 5265 03:26:30,300 --> 03:26:33,900 and how they work and negotiate between servers and end points. 5266 03:26:34,300 --> 03:26:34,700 Okay. 5267 03:26:34,700 --> 03:26:37,500 So now that we've talked about TLS and SSL. 5268 03:26:37,500 --> 03:26:39,300 Let's talk about disk encryption. 5269 03:26:39,300 --> 03:26:41,365 Now this encryption is actually something 5270 03:26:41,365 --> 03:26:44,618 that was not really difficult to do but sort of out of the reach 5271 03:26:44,618 --> 03:26:47,200 of normal desktop computers for a really long time. 5272 03:26:47,200 --> 03:26:50,116 Although there have long been ways to encryption of files 5273 03:26:50,116 --> 03:26:52,200 and to a lesser degree maybe entire disks 5274 03:26:52,200 --> 03:26:54,579 as we get faster processor certainly encrypting 5275 03:26:54,579 --> 03:26:55,416 the entire disks 5276 03:26:55,416 --> 03:26:56,887 and being able to encrypt 5277 03:26:56,887 --> 03:26:59,030 and decrypt on the fly without affecting. 5278 03:26:59,030 --> 03:27:00,358 Performance is something 5279 03:27:00,358 --> 03:27:02,465 that certainly comes with Within Reach 5280 03:27:02,465 --> 03:27:03,562 and it's a feature 5281 03:27:03,562 --> 03:27:07,124 that shows up in most modern operating systems to one degree 5282 03:27:07,124 --> 03:27:09,816 or another now these days we are going to look 5283 03:27:09,816 --> 03:27:12,740 at a couple of ways here of doing disk encryption. 5284 03:27:12,740 --> 03:27:15,152 I want to tell you about one of them first 5285 03:27:15,152 --> 03:27:16,300 and it's not the one I 5286 03:27:16,300 --> 03:27:18,750 can show I can't really show the other one either. 5287 03:27:18,750 --> 03:27:19,533 So with Microsoft 5288 03:27:19,533 --> 03:27:22,300 their Windows system have this program called BitLocker 5289 03:27:22,300 --> 03:27:24,609 and BitLocker requires either Windows Ultimate 5290 03:27:24,609 --> 03:27:25,600 or Windows and price. 5291 03:27:25,600 --> 03:27:26,700 I don't happen to have 5292 03:27:26,700 --> 03:27:28,905 either version so I can't really show it. 5293 03:27:28,905 --> 03:27:30,200 You but I can tell you 5294 03:27:30,200 --> 03:27:33,200 that BitLocker has ability to entire disk encryption 5295 03:27:33,200 --> 03:27:34,000 and they use a s 5296 03:27:34,000 --> 03:27:36,950 for the encryption Cipher and the thing about BitLocker is 5297 03:27:36,950 --> 03:27:38,100 that they use a feature 5298 03:27:38,100 --> 03:27:41,200 that comes with most modern systems particularly laptops. 5299 03:27:41,200 --> 03:27:42,360 Lll strip in them 5300 03:27:42,360 --> 03:27:45,658 that's called The Trusted platform module or TPM. 5301 03:27:45,658 --> 03:27:46,957 The TPM chip is part 5302 03:27:46,957 --> 03:27:49,100 what it does is it stores the keys 5303 03:27:49,100 --> 03:27:50,509 that allows operating system 5304 03:27:50,509 --> 03:27:53,228 to be able to access the disk through this encryption 5305 03:27:53,228 --> 03:27:56,294 and decryption process and they use a pretty strong encryption 5306 03:27:56,294 --> 03:27:57,400 Cipher which is a yes, 5307 03:27:57,400 --> 03:27:59,226 but you have to have one of the cup Well 5308 03:27:59,226 --> 03:28:01,063 of different versions of Windows in order 5309 03:28:01,063 --> 03:28:02,302 to be able to use BitLocker 5310 03:28:02,302 --> 03:28:04,799 and it's one of those things you would normally run 5311 03:28:04,799 --> 03:28:05,799 in an Enterprise. 5312 03:28:05,799 --> 03:28:09,189 And so that's why they included in on its Enterprise version. 5313 03:28:09,189 --> 03:28:10,432 Now on the Mac OS side 5314 03:28:10,432 --> 03:28:13,282 they have this thing called file Vault and you see 5315 03:28:13,282 --> 03:28:16,500 in the system preferences on the security and privacy. 5316 03:28:16,500 --> 03:28:20,000 If you go to filevault you can turn on filevault now I 5317 03:28:20,000 --> 03:28:21,200 if you have the little button 5318 03:28:21,200 --> 03:28:23,000 that they're says Stone on file wall, 5319 03:28:23,000 --> 03:28:24,917 then you can turn on the file wall 5320 03:28:24,917 --> 03:28:27,300 and it would ask you about setting up keys 5321 03:28:27,300 --> 03:28:30,300 and it works similar to Those BitLocker now 5322 03:28:30,300 --> 03:28:33,659 pgp happens to have the ability to do disk encryption 5323 03:28:33,659 --> 03:28:34,620 and you can see 5324 03:28:34,620 --> 03:28:37,504 that in the case of this you burned the system. 5325 03:28:37,504 --> 03:28:40,700 They've got a package called gde Crypt which is a GUI 5326 03:28:40,700 --> 03:28:44,200 that allows you to map and mount a created encrypted volume 5327 03:28:44,200 --> 03:28:47,600 so I could run G decrypt and put help me set up the process 5328 03:28:47,600 --> 03:28:50,500 of encrypting the volumes have got on my system. 5329 03:28:50,500 --> 03:28:53,100 Now this conscription is a really good idea 5330 03:28:53,100 --> 03:28:54,831 because when you are working 5331 03:28:54,831 --> 03:28:57,799 with clients the data is normally very sensitive. 5332 03:28:57,799 --> 03:28:58,804 So as I mentioned 5333 03:28:58,804 --> 03:29:02,294 And you can always use things like BitLocker and windows fault 5334 03:29:02,294 --> 03:29:04,830 or other search software's for disk encryption. 5335 03:29:04,830 --> 03:29:07,830 So what I mentioned before is now not only possible. 5336 03:29:07,830 --> 03:29:11,100 It's very much a reality with current operating systems. 5337 03:29:11,100 --> 03:29:12,061 Now, let's talk 5338 03:29:12,061 --> 03:29:15,169 about scanning now scanning is refers to the use 5339 03:29:15,169 --> 03:29:17,880 of computer networks to gather information 5340 03:29:17,880 --> 03:29:19,600 regarding computer systems 5341 03:29:19,600 --> 03:29:20,600 and networks canning 5342 03:29:20,600 --> 03:29:23,400 is mainly used to security assessment system maintenance 5343 03:29:23,400 --> 03:29:25,700 and also for performing attacks by hackers. 5344 03:29:25,700 --> 03:29:28,200 The purpose of network scanning is as follows, 5345 03:29:28,200 --> 03:29:30,280 it allows you to Nice available UDP 5346 03:29:30,280 --> 03:29:33,400 and TCP Network Services running on a targeted host. 5347 03:29:33,400 --> 03:29:35,654 It allows you to recognize filtering systems 5348 03:29:35,654 --> 03:29:37,716 between the users and the targeted host. 5349 03:29:37,716 --> 03:29:40,200 It allows you to determine the operating systems 5350 03:29:40,200 --> 03:29:42,700 and used by assessing the IP responses. 5351 03:29:42,700 --> 03:29:44,100 Then it also allows you 5352 03:29:44,100 --> 03:29:46,800 to evaluate the target host TCP sequence numbers 5353 03:29:46,800 --> 03:29:49,900 and predictability to determine the sequence prediction attacks 5354 03:29:49,900 --> 03:29:52,350 and the TCP spoofing now Network scanning consists 5355 03:29:52,350 --> 03:29:53,700 of Network Port scanning as 5356 03:29:53,700 --> 03:29:56,569 well as vulnerability scanning Network Port scanning refers 5357 03:29:56,569 --> 03:29:59,100 to the method of sending data packets via the network. 5358 03:29:59,100 --> 03:30:01,350 Through computer system specified Service Port 5359 03:30:01,350 --> 03:30:03,800 this is to identify the available Network Services 5360 03:30:03,800 --> 03:30:05,117 on that particular system. 5361 03:30:05,117 --> 03:30:08,215 This procedure is effective for troubleshooting systems issues 5362 03:30:08,215 --> 03:30:11,320 or for tightening the system security vulnerability scanning 5363 03:30:11,320 --> 03:30:13,900 is a method used to discover known vulnerabilities 5364 03:30:13,900 --> 03:30:16,131 of computing systems available on network. 5365 03:30:16,131 --> 03:30:18,200 It helps to detect a specific weak spot 5366 03:30:18,200 --> 03:30:20,913 in an application software or the operating system, 5367 03:30:20,913 --> 03:30:22,880 which could be used to crash the system 5368 03:30:22,880 --> 03:30:24,900 or compromise it for undesired purposes. 5369 03:30:24,900 --> 03:30:27,800 Now Network Port scanning as well as vulnerability scanning 5370 03:30:27,800 --> 03:30:29,000 is an information. 5371 03:30:29,000 --> 03:30:29,800 Rings technique, 5372 03:30:29,800 --> 03:30:32,149 but when carried out by Anonymous individuals 5373 03:30:32,149 --> 03:30:35,290 are viewed as a pollutant attack Network scanning process 5374 03:30:35,290 --> 03:30:36,300 is like Port scans 5375 03:30:36,300 --> 03:30:37,332 and pink stripes 5376 03:30:37,332 --> 03:30:38,437 and return details 5377 03:30:38,437 --> 03:30:41,200 about which IP address map to active life hose 5378 03:30:41,200 --> 03:30:43,034 and the type of service they provide 5379 03:30:43,034 --> 03:30:46,370 another Network scanning method known as inverse mapping gathers 5380 03:30:46,370 --> 03:30:47,900 details about IP addresses 5381 03:30:47,900 --> 03:30:49,500 that do not map to Live host 5382 03:30:49,500 --> 03:30:50,856 which helps an attacker to focus 5383 03:30:50,856 --> 03:30:53,017 on feasible addresses Network scanning is one 5384 03:30:53,017 --> 03:30:55,200 of the three important methods used by an attacker 5385 03:30:55,200 --> 03:30:57,712 to gather information during the footprint stage 5386 03:30:57,712 --> 03:30:59,211 and the attacker makes a File 5387 03:30:59,211 --> 03:31:01,949 of the target organization this includes data 5388 03:31:01,949 --> 03:31:04,500 such as organization's domain name systems 5389 03:31:04,500 --> 03:31:07,900 and email servers in additions to its IP address range 5390 03:31:07,900 --> 03:31:10,950 and during the scanning stays the attacker discovers details 5391 03:31:10,950 --> 03:31:12,450 about the specified IP addresses 5392 03:31:12,450 --> 03:31:15,250 that could be accessed online their system architecture 5393 03:31:15,250 --> 03:31:16,437 their operating systems 5394 03:31:16,437 --> 03:31:18,673 and services running on every computer now 5395 03:31:18,673 --> 03:31:20,200 during the enumeration stays 5396 03:31:20,200 --> 03:31:23,782 at a collects data including routing tables Network user 5397 03:31:23,782 --> 03:31:27,299 and group names simple Network management protocol data 5398 03:31:27,299 --> 03:31:27,876 and so on. 5399 03:31:27,876 --> 03:31:30,876 So now let's talk About intrusion detection evasion. 5400 03:31:30,876 --> 03:31:32,830 So before we get into IDs Salvation, 5401 03:31:32,830 --> 03:31:35,180 let's talk about what exactly is an IDs now 5402 03:31:35,180 --> 03:31:37,623 an intrusion detection system or IDs is a system 5403 03:31:37,623 --> 03:31:40,800 that honor does Network traffic for suspicious activity 5404 03:31:40,800 --> 03:31:43,700 and issues alerts when such activities discovered 5405 03:31:43,700 --> 03:31:46,900 while anomaly detection and Reporting is primary function 5406 03:31:46,900 --> 03:31:50,055 some intrusion detection systems are capable of taking actions 5407 03:31:50,055 --> 03:31:52,900 when malicious activity or anomalous traffic is detected 5408 03:31:52,900 --> 03:31:55,900 including blocking traffic sent from suspicious IP addresses, 5409 03:31:56,000 --> 03:31:58,600 although intrusion detection systems monitor Network 5410 03:31:58,600 --> 03:32:01,867 for Ali malicious activity they are also prone to false alarms 5411 03:32:01,867 --> 03:32:02,815 or false positives 5412 03:32:02,815 --> 03:32:05,900 consequently organizations need to fine-tune their IDs product 5413 03:32:05,900 --> 03:32:07,300 when they first install them 5414 03:32:07,300 --> 03:32:09,900 that means properly configuring their intrusion detection 5415 03:32:09,900 --> 03:32:11,900 system to recognize what normal traffic 5416 03:32:11,900 --> 03:32:12,900 on the network looks 5417 03:32:12,900 --> 03:32:15,300 like compared to potentially malicious activity 5418 03:32:15,300 --> 03:32:17,700 and intrusion prevention system also monitors 5419 03:32:17,700 --> 03:32:20,500 Network packets for potentially damaging Network traffic, 5420 03:32:20,500 --> 03:32:22,621 but we're an intrusion detection system responds 5421 03:32:22,621 --> 03:32:25,049 to potentially malicious traffic by logging the traffic 5422 03:32:25,049 --> 03:32:25,950 and issuing warning 5423 03:32:25,950 --> 03:32:28,400 notification intrusion prevention systems response 5424 03:32:28,400 --> 03:32:31,678 to such By rejecting the potentially malicious packets. 5425 03:32:31,678 --> 03:32:35,200 So there are different types of intrusion detection system. 5426 03:32:35,200 --> 03:32:38,000 So intrusion detection system come in different flavors 5427 03:32:38,000 --> 03:32:40,921 and detect suspicious activities using different methods. 5428 03:32:40,921 --> 03:32:42,434 So kind of intrusion detection 5429 03:32:42,434 --> 03:32:44,400 is a network intrusion detection systems 5430 03:32:44,400 --> 03:32:46,845 that is nids is it deployed at a strategic point 5431 03:32:46,845 --> 03:32:48,305 or points within the network 5432 03:32:48,305 --> 03:32:50,882 where it can monitor inbound and outbound traffic 5433 03:32:50,882 --> 03:32:53,200 to and from all the devices on the network. 5434 03:32:53,200 --> 03:32:55,700 Then there is host intrusion detection system 5435 03:32:55,700 --> 03:32:56,500 that is at IDs 5436 03:32:56,500 --> 03:32:58,863 which runs on all computers or devices in the network. 5437 03:32:58,863 --> 03:33:00,600 With direct access to both the internet 5438 03:33:00,600 --> 03:33:03,300 and the Enterprise internal Network SIDS have an advantage 5439 03:33:03,300 --> 03:33:04,212 over any ideas in 5440 03:33:04,212 --> 03:33:07,498 that they have may be able to detect anomalous Network packets 5441 03:33:07,498 --> 03:33:09,926 that originated from inside the organization's 5442 03:33:09,926 --> 03:33:11,106 or malicious traffic 5443 03:33:11,106 --> 03:33:12,282 that nids has failed 5444 03:33:12,282 --> 03:33:15,700 to detect hid s may also be able to identify malicious traffic 5445 03:33:15,700 --> 03:33:17,800 that originates from the host itself as 5446 03:33:17,800 --> 03:33:19,950 when the host has been infected with malware 5447 03:33:19,950 --> 03:33:21,073 and is attempting spread 5448 03:33:21,073 --> 03:33:23,787 to other systems signature based intrusion detection system 5449 03:33:23,787 --> 03:33:25,600 monitors all packaged traversing the network 5450 03:33:25,600 --> 03:33:26,400 and compare them 5451 03:33:26,400 --> 03:33:28,800 against database of signatures or attributes. 5452 03:33:29,000 --> 03:33:32,000 I've known malicious threats much like antivirus softwares. 5453 03:33:32,300 --> 03:33:35,700 So now let's talk about into IDs evasion. 5454 03:33:35,900 --> 03:33:36,203 Okay. 5455 03:33:36,203 --> 03:33:38,300 So now let's talk about IDs evasion. 5456 03:33:38,300 --> 03:33:40,500 Now IDs is an intrusion detection system 5457 03:33:40,500 --> 03:33:43,098 as we just spoke about and instead it detect exactly 5458 03:33:43,098 --> 03:33:45,900 the types of activities that we are engaged in sometimes 5459 03:33:45,900 --> 03:33:49,500 and sometimes you may be in called in to work on a Target 5460 03:33:49,500 --> 03:33:51,100 where activities are known 5461 03:33:51,100 --> 03:33:53,200 and should be known by The Operators 5462 03:33:53,200 --> 03:33:55,618 or the operations people involved in monitoring 5463 03:33:55,618 --> 03:33:58,300 and managing the network and the idea being not only 5464 03:33:58,300 --> 03:34:00,360 do they want to assess the technical controls 5465 03:34:00,360 --> 03:34:01,137 that are in place, 5466 03:34:01,137 --> 03:34:03,025 but they also want to assess the operational 5467 03:34:03,025 --> 03:34:03,932 procedures and ensure 5468 03:34:03,932 --> 03:34:06,034 that the systems and processes are working the way 5469 03:34:06,034 --> 03:34:07,506 that they are supposed to be working. 5470 03:34:07,506 --> 03:34:09,100 Now when you are engaged with the Target 5471 03:34:09,100 --> 03:34:10,700 that you are in full cooperation 5472 03:34:10,700 --> 03:34:13,562 with you don't need to do these types of vision tactics. 5473 03:34:13,562 --> 03:34:15,745 All these techniques may be actually avoided 5474 03:34:15,745 --> 03:34:17,945 but if you are asked to perform an assessment 5475 03:34:17,945 --> 03:34:19,345 or a penetration on a Target 5476 03:34:19,345 --> 03:34:21,700 where they are not supposed to see your activities, 5477 03:34:21,700 --> 03:34:22,935 then you need to know 5478 03:34:22,935 --> 03:34:25,981 some different techniques to evade detection from an IDs. 5479 03:34:25,981 --> 03:34:29,000 So we're going to talk about a couple of different things. 5480 03:34:29,200 --> 03:34:30,000 That you can do. 5481 03:34:30,000 --> 03:34:33,299 So one thing that you can do is manipulate packaged to look 5482 03:34:33,299 --> 03:34:34,300 a particular way. 5483 03:34:34,300 --> 03:34:37,400 Now for this there is a tool called packets. 5484 03:34:37,400 --> 03:34:41,300 So packet is a really good way to actually manipulate traffic 5485 03:34:41,300 --> 03:34:44,358 and by actually manipulating the contents of a packet 5486 03:34:44,358 --> 03:34:47,000 like you can specify the destination and source. 5487 03:34:47,000 --> 03:34:48,647 So it's a really useful tool 5488 03:34:48,647 --> 03:34:50,753 to set up a package look a particular way. 5489 03:34:50,753 --> 03:34:53,599 One thing it can do is allow you to spoof IP addresses 5490 03:34:53,599 --> 03:34:55,848 so I could set the source IP address here. 5491 03:34:55,848 --> 03:34:58,699 That was something completely different from mine now 5492 03:34:58,699 --> 03:34:59,813 from Using TCP or UDP? 5493 03:34:59,813 --> 03:35:01,713 I'm not going to see the response back. 5494 03:35:01,713 --> 03:35:02,632 And in this case TCP. 5495 03:35:02,632 --> 03:35:05,000 I'm not even going to get the three weeks connection me 5496 03:35:05,000 --> 03:35:07,458 because responses are going to go back to the source IP. 5497 03:35:07,458 --> 03:35:08,349 But what you can do 5498 03:35:08,349 --> 03:35:11,021 is an additional two spoofing you can set a particular ways 5499 03:35:11,021 --> 03:35:12,049 that a packet may look 5500 03:35:12,049 --> 03:35:14,400 like changing the type of service or by changing 5501 03:35:14,400 --> 03:35:17,326 the fragmentation of set or by different flags settings 5502 03:35:17,326 --> 03:35:20,566 at me allow you through an IDs without maybe getting flagged 5503 03:35:20,566 --> 03:35:22,864 and it may also allow you to a firewall now 5504 03:35:22,864 --> 03:35:25,381 it's a slim possibility but it's a possibility. 5505 03:35:25,381 --> 03:35:25,600 Now. 5506 03:35:25,600 --> 03:35:27,500 Another thing you can do is use packets 5507 03:35:27,500 --> 03:35:29,879 to generate a A lot of really bogus data 5508 03:35:29,879 --> 03:35:33,600 and what you might do is hide in the noise generated by packet 5509 03:35:33,600 --> 03:35:36,000 so you can could create some really bogus packets 5510 03:35:36,000 --> 03:35:37,510 that are sure to set of ideas alarms 5511 03:35:37,510 --> 03:35:39,855 and then you can run some legitimate scans underneath 5512 03:35:39,855 --> 03:35:42,200 and hopefully be able to get some responses different 5513 03:35:42,200 --> 03:35:43,799 from mine now from using TCP or UDP. 5514 03:35:43,799 --> 03:35:45,700 I'm not going to see the response back. 5515 03:35:45,700 --> 03:35:46,800 And in this case DCP, 5516 03:35:46,800 --> 03:35:49,162 I'm not even going to get the three weeks connection me 5517 03:35:49,162 --> 03:35:51,600 because responses are going to go back to the source IP. 5518 03:35:51,600 --> 03:35:52,550 But what you can do 5519 03:35:52,550 --> 03:35:55,295 is an additional two spoofing you can set up a particular ways 5520 03:35:55,295 --> 03:35:56,395 that a packet may look 5521 03:35:56,395 --> 03:35:58,600 like changing the type of service or by changing 5522 03:35:58,600 --> 03:36:01,512 the augmentation offset or by different flag settings 5523 03:36:01,512 --> 03:36:04,983 at me allow you through an IDs without maybe getting flagged 5524 03:36:04,983 --> 03:36:07,186 and it may also allow you to a firewall now 5525 03:36:07,186 --> 03:36:09,774 it's a slim possibility but it's a possibility. 5526 03:36:09,774 --> 03:36:10,000 Now. 5527 03:36:10,000 --> 03:36:13,356 Another thing you can do is use packet to generate a lot 5528 03:36:13,356 --> 03:36:14,511 of really bogus data 5529 03:36:14,511 --> 03:36:18,100 and what you might do is hide in the noise generated by packet 5530 03:36:18,100 --> 03:36:20,200 so you can could create some really bogus packets 5531 03:36:20,200 --> 03:36:21,817 that are sure to set of ideas alarms 5532 03:36:21,817 --> 03:36:24,150 and then you can run some legitimate scans underneath 5533 03:36:24,150 --> 03:36:26,300 and hopefully be able to get some responses. 5534 03:36:30,900 --> 03:36:34,483 Kali Linux is the industry's leading Linux distribution 5535 03:36:34,483 --> 03:36:35,972 and penetration testing 5536 03:36:35,972 --> 03:36:38,328 and ethical hacking it offers tons 5537 03:36:38,328 --> 03:36:40,800 and tons of hacking and penetration tools 5538 03:36:40,800 --> 03:36:43,346 and different kind of software's by default. 5539 03:36:43,346 --> 03:36:46,488 It is widely recognized in all parts of the world even 5540 03:36:46,488 --> 03:36:48,900 among window users who may not even know 5541 03:36:48,900 --> 03:36:52,000 what Linux has well to be precise Kali Linux 5542 03:36:52,000 --> 03:36:55,225 was developed by offensive security as the rewrite 5543 03:36:55,225 --> 03:36:58,693 of backtrack backtrack just like Kali Linux was a lie. 5544 03:36:58,693 --> 03:36:59,871 Linux distribution 5545 03:36:59,871 --> 03:37:03,540 that focused on security it was used for digital forensics 5546 03:37:03,540 --> 03:37:05,600 and penetration testing purpose. 5547 03:37:05,600 --> 03:37:08,894 But the question here is why should you choose Kali Linux 5548 03:37:08,894 --> 03:37:12,500 when you have other choices like parrot security operating system 5549 03:37:12,500 --> 03:37:15,500 back box black art and many more out there. 5550 03:37:15,500 --> 03:37:17,545 Let me list are few reasons as 5551 03:37:17,545 --> 03:37:20,300 to why Kali Linux is the best choice first 5552 03:37:20,300 --> 03:37:24,300 and foremost it offers more than 600 penetration testing tools 5553 03:37:24,300 --> 03:37:26,700 from different kind of security fields 5554 03:37:26,700 --> 03:37:28,700 and four and six secondly. 5555 03:37:29,123 --> 03:37:31,200 Kali Linux is customizable. 5556 03:37:31,200 --> 03:37:34,311 So if you're not comfortable with current Kali Linux tools 5557 03:37:34,311 --> 03:37:36,813 or features or graphical user interface, 5558 03:37:36,813 --> 03:37:39,700 you can customize Kali Linux the way you want. 5559 03:37:39,700 --> 03:37:42,100 It is built on a secure platform. 5560 03:37:42,100 --> 03:37:44,366 The Kali Linux team is actually made up 5561 03:37:44,366 --> 03:37:46,144 of small group of individuals. 5562 03:37:46,144 --> 03:37:48,780 Those are the only ones who can commit packages 5563 03:37:48,780 --> 03:37:50,617 and interact with repositories. 5564 03:37:50,617 --> 03:37:53,700 All of which is done using multiple secure protocols. 5565 03:37:53,700 --> 03:37:57,000 So color Linux is definitely a secure platform, 5566 03:37:57,100 --> 03:37:58,900 although penetration tools tend to be 5567 03:37:58,900 --> 03:38:03,200 In an English colony includes multilingual support this way 5568 03:38:03,200 --> 03:38:05,623 more users can operate in the native language 5569 03:38:05,623 --> 03:38:06,800 and locate the tools 5570 03:38:06,800 --> 03:38:08,279 that they need for the job 5571 03:38:08,279 --> 03:38:10,100 that they are doing on Kali Linux 5572 03:38:10,100 --> 03:38:11,914 and lastly Kali Linux just 5573 03:38:11,914 --> 03:38:15,308 like back truck is completely free of charge on top 5574 03:38:15,308 --> 03:38:16,640 of all this benefits 5575 03:38:16,640 --> 03:38:20,436 Kali Linux offers different installation options one way 5576 03:38:20,436 --> 03:38:22,277 of installing Kali Linux is 5577 03:38:22,277 --> 03:38:24,800 by making a collie bootable USB drive. 5578 03:38:24,800 --> 03:38:26,164 This is the fastest way 5579 03:38:26,164 --> 03:38:29,599 of installing Kali Linux and the most favorable as Well, 5580 03:38:29,600 --> 03:38:31,400 we will discuss why in a while. 5581 03:38:31,400 --> 03:38:33,742 You can also install Kali Linux using 5582 03:38:33,742 --> 03:38:35,726 hard-disk installing Kali Linux 5583 03:38:35,726 --> 03:38:39,500 on your computer using the hard disk is a very easy process, 5584 03:38:39,500 --> 03:38:40,700 but you should make sure 5585 03:38:40,700 --> 03:38:43,200 that your computer has compatible Hardware. 5586 03:38:43,200 --> 03:38:47,100 You can also install Kali Linux alongside your operating system. 5587 03:38:47,100 --> 03:38:48,800 It could be Windows or Mac, 5588 03:38:48,800 --> 03:38:51,800 but you should exercise caution during setup process 5589 03:38:51,800 --> 03:38:53,464 because it might mess up 5590 03:38:53,464 --> 03:38:56,100 with your default bios settings lastly. 5591 03:38:56,100 --> 03:38:59,200 You can use different kind of virtualization software. 5592 03:38:59,200 --> 03:39:00,415 Just VMware or watch 5593 03:39:00,415 --> 03:39:04,200 a box to install Kali Linux on your preferred operating system. 5594 03:39:04,200 --> 03:39:07,600 Well apart from all this you can also set up Cal Linux 5595 03:39:07,600 --> 03:39:09,300 on Advanced risc machines 5596 03:39:09,300 --> 03:39:13,100 or a RM like Raspberry Pi trim slice cube truck 5597 03:39:13,100 --> 03:39:13,800 and many more. 5598 03:39:13,900 --> 03:39:15,400 So there you go guys. 5599 03:39:15,400 --> 03:39:18,148 Now if you know what color Linux is and why it 5600 03:39:18,148 --> 03:39:20,886 is a leading Linux distro for ethical hacking 5601 03:39:20,886 --> 03:39:23,800 and penetration testing in today's session. 5602 03:39:23,800 --> 03:39:27,200 We will explore different ways to install Kali Linux. 5603 03:39:27,200 --> 03:39:29,697 Let's get started then all Your I said 5604 03:39:29,697 --> 03:39:31,250 that the fastest method 5605 03:39:31,250 --> 03:39:35,300 for setting up Kali Linux is to run it live from a USB drive. 5606 03:39:35,300 --> 03:39:38,400 But why first of all, it's non-destructive, 5607 03:39:38,400 --> 03:39:41,411 it makes no changes to the host systems hard drive 5608 03:39:41,411 --> 03:39:44,325 or the operating system that it is installed on. 5609 03:39:44,325 --> 03:39:47,664 So once you remove USB your operating system will return 5610 03:39:47,664 --> 03:39:49,100 to its original state. 5611 03:39:49,100 --> 03:39:49,765 Secondly. 5612 03:39:49,765 --> 03:39:50,800 It's portable. 5613 03:39:50,800 --> 03:39:53,157 You can carry color index in your pocket 5614 03:39:53,157 --> 03:39:56,300 and can run it whenever you want just in few minutes. 5615 03:39:56,307 --> 03:39:57,692 It's customizable. 5616 03:39:57,700 --> 03:39:58,900 You can create your own. 5617 03:39:58,900 --> 03:40:01,146 Kali Linux ISO image and put it 5618 03:40:01,146 --> 03:40:03,900 into USB drive using a simple procedure 5619 03:40:03,900 --> 03:40:06,433 which we will discuss later and lastly. 5620 03:40:06,433 --> 03:40:08,309 It's potentially persistent. 5621 03:40:08,309 --> 03:40:09,406 You can configure 5622 03:40:09,406 --> 03:40:13,000 your Kali Linux live USB drive to have persistent storage 5623 03:40:13,000 --> 03:40:15,554 so that the data you can collect is saved 5624 03:40:15,554 --> 03:40:18,300 and you can use it across different reboots. 5625 03:40:18,300 --> 03:40:18,597 Now. 5626 03:40:18,597 --> 03:40:21,800 Let's see how to create a bootable USB drive 5627 03:40:21,800 --> 03:40:23,200 on Windows guys. 5628 03:40:23,200 --> 03:40:25,321 Actually the process is very simple. 5629 03:40:25,321 --> 03:40:27,200 It's just a three step process. 5630 03:40:27,200 --> 03:40:29,200 First of all, you need to plug your USB. 5631 03:40:29,200 --> 03:40:32,700 USB drive into an available USB port on your Windows PC 5632 03:40:32,700 --> 03:40:35,600 next you need to note down the destination drive. 5633 03:40:35,600 --> 03:40:37,133 It uses one set mounts. 5634 03:40:37,133 --> 03:40:40,000 For example, it could be F drive after that. 5635 03:40:40,000 --> 03:40:42,727 You will have to download and launch a software 5636 03:40:42,727 --> 03:40:45,600 called win32 disk imager on the software. 5637 03:40:45,600 --> 03:40:47,899 You'll have to choose color Linux ISO file 5638 03:40:47,899 --> 03:40:49,900 that needs to be matched and verify 5639 03:40:49,900 --> 03:40:51,039 that the USB drive 5640 03:40:51,039 --> 03:40:53,643 to be overwritten is the correct one lastly. 5641 03:40:53,643 --> 03:40:55,462 Once the Imaging is complete. 5642 03:40:55,462 --> 03:40:57,783 You need to safely eject the USB drive 5643 03:40:57,783 --> 03:40:59,100 from Windows machine. 5644 03:40:59,100 --> 03:41:01,700 So, like I said, it's very simple, right? 5645 03:41:01,700 --> 03:41:04,200 Well, I'm not going to show you a demo on this one 5646 03:41:04,200 --> 03:41:05,220 because like I said, 5647 03:41:05,220 --> 03:41:07,900 it's very easy, and I'm sure you guys can pull it off. 5648 03:41:07,900 --> 03:41:08,955 If you have any doubts. 5649 03:41:08,955 --> 03:41:10,790 You can post them in the comment session. 5650 03:41:10,790 --> 03:41:11,800 We'll get back to you. 5651 03:41:11,800 --> 03:41:15,097 And as for the demo part will be doing for installations here. 5652 03:41:15,097 --> 03:41:15,800 First of all, 5653 03:41:15,800 --> 03:41:18,682 we'll see how to install Kali Linux using VMware 5654 03:41:18,682 --> 03:41:20,300 on Windows operating system. 5655 03:41:20,300 --> 03:41:21,000 Then we'll see 5656 03:41:21,000 --> 03:41:24,500 how to install Kali Linux on Mac using virtualbox moving on. 5657 03:41:24,500 --> 03:41:25,815 We'll see how to install 5658 03:41:25,815 --> 03:41:28,499 Kali Linux tools on different Linux distributions. 5659 03:41:28,499 --> 03:41:30,800 I'll A showing how to install it on Ubuntu. 5660 03:41:30,800 --> 03:41:33,928 Well, the procedure is same for every other Linux distribution. 5661 03:41:33,928 --> 03:41:36,200 So you can go ahead and use the same procedure 5662 03:41:36,200 --> 03:41:37,450 for the Linux distribution 5663 03:41:37,450 --> 03:41:39,900 that you're using and lastly we will see 5664 03:41:39,900 --> 03:41:41,400 how to install Kali Linux 5665 03:41:41,400 --> 03:41:44,300 on Windows 10 using Windows subsystem for Linux. 5666 03:41:44,700 --> 03:41:45,900 So, I hope it's clear 5667 03:41:45,900 --> 03:41:48,100 that what we'll be learning in the session. 5668 03:41:48,300 --> 03:41:51,800 Let's get started with the first demo in this demo. 5669 03:41:51,800 --> 03:41:55,400 We'll see how to launch Kali Linux using VMware. 5670 03:41:55,900 --> 03:41:58,194 So guys you can install Kali Linux using 5671 03:41:58,194 --> 03:41:59,894 any virtualization software. 5672 03:41:59,894 --> 03:42:02,700 It could be VMware or virtualbox in this demo. 5673 03:42:02,700 --> 03:42:05,200 I'll show you how to install it using VMware. 5674 03:42:05,200 --> 03:42:06,100 So first of all, 5675 03:42:06,100 --> 03:42:08,451 obviously we'll have to install VMware light. 5676 03:42:08,451 --> 03:42:11,859 So just type of VMware and it's the first link 5677 03:42:11,859 --> 03:42:14,200 that you find you can go ahead and download 5678 03:42:14,200 --> 03:42:16,051 VMware Workstation Pro 5679 03:42:16,200 --> 03:42:18,100 you have it in the downloads. 5680 03:42:18,600 --> 03:42:21,300 Here you can download workstation player as well 5681 03:42:21,300 --> 03:42:24,430 or you can download VMware Workstation Pro now. 5682 03:42:24,430 --> 03:42:25,835 Once that is downloaded. 5683 03:42:25,835 --> 03:42:28,600 You will have to download a curl Linux ISO image 5684 03:42:28,600 --> 03:42:32,000 so that you will have to go for official Kali Linux website 5685 03:42:32,000 --> 03:42:33,567 just type for Kali Linux 5686 03:42:33,567 --> 03:42:36,900 and it's the first link you can see downloads option 5687 03:42:36,900 --> 03:42:38,500 here click on download 5688 03:42:38,600 --> 03:42:39,094 and yeah, 5689 03:42:39,094 --> 03:42:41,800 you can see different download options here you 5690 03:42:41,800 --> 03:42:44,987 have color Linux light for 64-bit as well as 32 bit. 5691 03:42:44,987 --> 03:42:47,800 And then there is Kali Linux 64-bit and 32-bit 5692 03:42:47,800 --> 03:42:50,800 and you have Great images for VMware and Wachtel boxes. 5693 03:42:50,800 --> 03:42:53,900 Well suppose you want to skip the entire lengthy procedure 5694 03:42:53,900 --> 03:42:56,450 of installing it and you want to just use the image, 5695 03:42:56,450 --> 03:42:58,700 then you can go ahead and use this color Linux 5696 03:42:58,700 --> 03:42:59,783 64-bit for VMware 5697 03:42:59,783 --> 03:43:02,692 or virtual box same goes for the 32-bit as well. 5698 03:43:02,692 --> 03:43:05,700 But since we are focusing on installing right now, 5699 03:43:05,700 --> 03:43:08,017 let's just go ahead and download ISO file 5700 03:43:08,017 --> 03:43:10,900 and install it from the beginning until last step. 5701 03:43:10,900 --> 03:43:12,464 I have already downloaded it. 5702 03:43:12,464 --> 03:43:15,000 So I have an ISO file downloaded on my computer. 5703 03:43:15,000 --> 03:43:17,500 So all you have to do is just click on the torrent link. 5704 03:43:17,500 --> 03:43:18,600 It will be downloaded. 5705 03:43:18,600 --> 03:43:21,700 Let's open VMware then so as you can see, 5706 03:43:21,700 --> 03:43:24,300 I have the embed workstation Pro installed here. 5707 03:43:24,300 --> 03:43:27,806 So I already have two about to Virtual Machine installed 5708 03:43:27,806 --> 03:43:29,400 on my VMware Workstation. 5709 03:43:29,400 --> 03:43:31,900 As you can see on the home page three different options. 5710 03:43:31,900 --> 03:43:33,650 It says create a new virtual machine 5711 03:43:33,650 --> 03:43:36,350 or open a virtual machine and connect to remote server. 5712 03:43:36,350 --> 03:43:37,818 So if you want to create a color index 5713 03:43:37,818 --> 03:43:39,800 or any other washing machine from step one, 5714 03:43:39,800 --> 03:43:42,434 you can use this create a new virtual machine option. 5715 03:43:42,434 --> 03:43:45,489 Well, if you have an image of and watch the machine already, 5716 03:43:45,489 --> 03:43:47,439 and if you want to just use it and avoid 5717 03:43:47,439 --> 03:43:48,500 installation procedure. 5718 03:43:48,500 --> 03:43:50,400 Then you can go ahead and use this open 5719 03:43:50,400 --> 03:43:51,600 a virtual machine option 5720 03:43:51,600 --> 03:43:54,400 while just click on this create a new virtual machine 5721 03:43:54,400 --> 03:43:57,100 and click on next as you can see here. 5722 03:43:57,100 --> 03:44:00,000 You have an option which says installer disc image file. 5723 03:44:00,000 --> 03:44:01,100 ISO file. 5724 03:44:01,100 --> 03:44:03,400 You'll have to attach your so click on browse. 5725 03:44:03,400 --> 03:44:05,897 Let's see where I've stored my color Linux as you can see. 5726 03:44:05,897 --> 03:44:08,500 I already have it here and there's one file here. 5727 03:44:08,500 --> 03:44:10,900 Let me click on that and open 5728 03:44:11,500 --> 03:44:13,333 so I don't bother about this at all. 5729 03:44:13,333 --> 03:44:15,900 It usually shows that and then click on next year. 5730 03:44:16,000 --> 03:44:17,000 So it's asking 5731 03:44:17,000 --> 03:44:18,950 which operating system will Be installed 5732 03:44:18,950 --> 03:44:20,176 on this virtual machine. 5733 03:44:20,176 --> 03:44:21,300 I wanted to be Line-X. 5734 03:44:21,300 --> 03:44:26,100 So make sure you select Linux 64-bit and click 5735 03:44:26,100 --> 03:44:29,500 on next you have an option to name your virtual machine. 5736 03:44:29,500 --> 03:44:31,700 Let's say Kali Linux. 5737 03:44:32,500 --> 03:44:34,400 And where do I want to store it 5738 03:44:34,400 --> 03:44:37,600 in my documents under watching machines color next sure 5739 03:44:37,600 --> 03:44:38,800 and click on next. 5740 03:44:39,000 --> 03:44:41,000 It says it already exists. 5741 03:44:41,000 --> 03:44:43,200 Let me try this one. 5742 03:44:43,200 --> 03:44:47,600 Then let's take our Linux one and next Yeah, 5743 03:44:47,800 --> 03:44:51,100 so basically Your Kali Linux will need about a 20 GB. 5744 03:44:51,100 --> 03:44:55,200 Let's assign some 40 GB are that's the maximum this size 5745 03:44:55,200 --> 03:44:56,040 that you can a lot 5746 03:44:56,040 --> 03:44:58,000 while you can a lot more than that as well. 5747 03:44:58,000 --> 03:45:01,215 But minimum it needs about 20 GB and you have an option 5748 03:45:01,215 --> 03:45:04,500 with Stay Store virtual disk as a single file or multiple files. 5749 03:45:04,500 --> 03:45:07,565 Let's just select store virtual disk as a single file 5750 03:45:07,565 --> 03:45:10,100 toward complications and click on next here. 5751 03:45:10,200 --> 03:45:10,950 So as you can see, 5752 03:45:10,950 --> 03:45:13,499 you can review your virtual machine settings here. 5753 03:45:13,499 --> 03:45:16,000 You have an option to make changes to the settings. 5754 03:45:16,000 --> 03:45:18,554 You can make changes right now, or you can do it later. 5755 03:45:18,554 --> 03:45:19,099 It as well. 5756 03:45:19,099 --> 03:45:21,100 Let's just go ahead and make changes now. 5757 03:45:21,100 --> 03:45:23,500 Click on the customize Hardware option here. 5758 03:45:23,600 --> 03:45:26,300 Well as for the memory for this virtual machine, 5759 03:45:26,300 --> 03:45:27,300 it totally depends 5760 03:45:27,300 --> 03:45:29,400 on what you're using virtual machine for 5761 03:45:29,400 --> 03:45:31,300 if you're not using it for heavy works. 5762 03:45:31,300 --> 03:45:33,300 Then you can assign least amount of memory. 5763 03:45:33,365 --> 03:45:36,134 Let's say I want to assign about 2GB. 5764 03:45:36,400 --> 03:45:37,200 There we go. 5765 03:45:37,200 --> 03:45:39,214 And as for the processors number 5766 03:45:39,214 --> 03:45:42,300 of processors 1 and the number of core processors, 5767 03:45:42,300 --> 03:45:43,900 you can choose as many as you want. 5768 03:45:43,900 --> 03:45:46,342 Let's say to this will increase the performance 5769 03:45:46,342 --> 03:45:47,754 of your virtual machine, 5770 03:45:47,754 --> 03:45:48,600 so and again, 5771 03:45:48,600 --> 03:45:52,368 Totally depends on whatever you want to choose and yeah, 5772 03:45:52,368 --> 03:45:55,900 we have already attached the image network adapter you 5773 03:45:55,900 --> 03:45:58,900 can set for not USB controller and sound card. 5774 03:45:58,900 --> 03:46:01,100 You can retain the default settings. 5775 03:46:01,100 --> 03:46:04,783 And as for the display click on accelerated 3D Graphics sense 5776 03:46:04,783 --> 03:46:07,600 what color Linux has a graphical user interface 5777 03:46:07,600 --> 03:46:10,658 and it says 768mb is the recommended amount of memory 5778 03:46:10,658 --> 03:46:12,320 that you can use for graphics. 5779 03:46:12,320 --> 03:46:15,200 So let's go ahead and select that and click on close. 5780 03:46:15,200 --> 03:46:17,230 Well, you can actually make all the settings 5781 03:46:17,230 --> 03:46:18,600 after installing color index. 5782 03:46:18,600 --> 03:46:19,800 As well no problem there. 5783 03:46:19,800 --> 03:46:21,900 Once you've done that click on finish here, 5784 03:46:22,300 --> 03:46:24,550 as you can see, my color Linux image is ready. 5785 03:46:24,550 --> 03:46:25,400 For installation. 5786 03:46:25,400 --> 03:46:26,733 You have two options to power up 5787 03:46:26,733 --> 03:46:28,400 as you can see you have this option here. 5788 03:46:28,400 --> 03:46:30,500 You can click on that to power on this virtual machine, 5789 03:46:30,500 --> 03:46:32,000 or you can go ahead and click on this. 5790 03:46:32,000 --> 03:46:33,500 Let me click on this. 5791 03:46:35,700 --> 03:46:37,000 So once you click on that, 5792 03:46:37,000 --> 03:46:39,399 you should be greeted with this Kali boot screen 5793 03:46:39,399 --> 03:46:41,800 as you can see, there are a lot of options here. 5794 03:46:41,800 --> 03:46:44,221 We did discuss live option earlier, right? 5795 03:46:44,221 --> 03:46:45,336 So if you don't want 5796 03:46:45,336 --> 03:46:48,001 any trace of Kali Linux on your operating system, 5797 03:46:48,001 --> 03:46:50,316 you can go ahead and use live option here. 5798 03:46:50,316 --> 03:46:51,082 You have live 5799 03:46:51,082 --> 03:46:54,258 USB persistence mode and live USB encrypted persistence 5800 03:46:54,258 --> 03:46:55,093 as well suppose. 5801 03:46:55,093 --> 03:46:57,549 You want to store some data and save it for later 5802 03:46:57,549 --> 03:47:00,004 the boots you can use live persistent option here 5803 03:47:00,004 --> 03:47:02,000 and most of the time people get confused 5804 03:47:02,000 --> 03:47:03,900 with this installing graphical install. 5805 03:47:04,000 --> 03:47:05,700 Just don't go ahead and click on it. 5806 03:47:05,700 --> 03:47:06,900 Style option do it only 5807 03:47:06,900 --> 03:47:09,500 if you are well versed with command line interface. 5808 03:47:09,500 --> 03:47:12,600 So basically that install option is for command line interface. 5809 03:47:12,600 --> 03:47:15,500 So you will be greeted with Kali Linux command line interface 5810 03:47:15,500 --> 03:47:17,100 since if you're doing it 5811 03:47:17,100 --> 03:47:19,600 if you're using Kali Linux for the first time go ahead 5812 03:47:19,600 --> 03:47:22,342 with graphical installed select the graphical install 5813 03:47:22,342 --> 03:47:23,200 and click enter. 5814 03:47:26,000 --> 03:47:26,900 So as you can see, 5815 03:47:26,900 --> 03:47:29,542 it will start mounting storage devices 5816 03:47:29,542 --> 03:47:33,400 whole installation process might take about 10 minutes. 5817 03:47:33,500 --> 03:47:34,730 So it's prompting you 5818 03:47:34,730 --> 03:47:37,906 to select a language so select your preferred language, 5819 03:47:37,906 --> 03:47:39,301 then you control location. 5820 03:47:39,301 --> 03:47:40,301 Let's say English 5821 03:47:40,301 --> 03:47:42,983 and click on enter and it's asking you 5822 03:47:42,983 --> 03:47:45,500 for the country location just give United States 5823 03:47:45,500 --> 03:47:48,881 and enter and I want the keyboard to be configured 5824 03:47:48,881 --> 03:47:50,300 with American English. 5825 03:47:50,300 --> 03:47:52,000 You can choose any native language. 5826 03:47:52,000 --> 03:47:53,958 Like I said earlier it supports 5827 03:47:53,958 --> 03:47:56,800 multilingual or it supports Get the languages. 5828 03:47:56,800 --> 03:47:58,200 So go ahead and choose it, 5829 03:47:58,200 --> 03:48:01,200 but it might complicate the way you use Khalil mix later. 5830 03:48:01,200 --> 03:48:04,300 So you can always go ahead and stick out with English only. 5831 03:48:04,400 --> 03:48:05,800 Well, it doesn't matter. 5832 03:48:06,200 --> 03:48:08,900 So as you can see it's configuring the network. 5833 03:48:09,200 --> 03:48:12,800 So it will detect the ISO file and load installation component 5834 03:48:12,800 --> 03:48:15,800 and then prompt you to enter the hostname for your system 5835 03:48:15,800 --> 03:48:17,446 while in this installation. 5836 03:48:17,446 --> 03:48:20,007 Let's just enter Kali and click on and off. 5837 03:48:20,007 --> 03:48:23,200 You can give the name you want and next it's asking you 5838 03:48:23,200 --> 03:48:24,600 for the domain name suppose. 5839 03:48:24,600 --> 03:48:25,985 You have set up virtual machines. 5840 03:48:25,985 --> 03:48:28,200 Jeans, and if you want to give all of them a domain name, 5841 03:48:28,200 --> 03:48:30,000 you can assign a domain name as well, 5842 03:48:30,000 --> 03:48:31,000 but it's optional. 5843 03:48:31,000 --> 03:48:33,700 Let's not give any domain name here and click on enter. 5844 03:48:33,700 --> 03:48:36,600 The next thing it does is it will prompt you for the password 5845 03:48:36,600 --> 03:48:39,600 that you'll have to enter every time you launch your Kali Linux. 5846 03:48:39,600 --> 03:48:42,100 So just give some password of your choice. 5847 03:48:43,103 --> 03:48:44,796 And click on continue. 5848 03:48:46,000 --> 03:48:48,800 The best thing about callanetics is you can set up date 5849 03:48:48,800 --> 03:48:49,700 and time as well. 5850 03:48:49,700 --> 03:48:51,150 You can make it later as well, 5851 03:48:51,150 --> 03:48:52,568 but you can choose it here. 5852 03:48:52,568 --> 03:48:55,300 So just click on Eastern of whichever choice you like 5853 03:48:55,300 --> 03:48:56,300 and click on enter. 5854 03:48:59,000 --> 03:49:00,618 So the installer will now prob 5855 03:49:00,618 --> 03:49:03,127 your disk and offer you four different choices, 5856 03:49:03,127 --> 03:49:04,039 as you can see, 5857 03:49:04,039 --> 03:49:07,200 it says guided use entire disk guided use entire disk 5858 03:49:07,200 --> 03:49:08,095 and setup lvm, 5859 03:49:08,095 --> 03:49:10,722 which is logical volume manager same thing, 5860 03:49:10,722 --> 03:49:12,500 which is encrypted and manual. 5861 03:49:12,500 --> 03:49:13,900 So if you are an expert, 5862 03:49:13,900 --> 03:49:15,600 if you already use this color index 5863 03:49:15,600 --> 03:49:16,795 before you can go ahead 5864 03:49:16,795 --> 03:49:19,500 and select any of this three options from the bottom. 5865 03:49:19,500 --> 03:49:21,900 That's he'll be a more manual or encrypted lvm. 5866 03:49:21,900 --> 03:49:23,187 Otherwise, you can always 5867 03:49:23,187 --> 03:49:25,918 go ahead and choose guided use entire disk option here 5868 03:49:25,918 --> 03:49:27,000 if you are a beginner 5869 03:49:27,000 --> 03:49:30,017 and click on enter so This is the disk partition. 5870 03:49:30,017 --> 03:49:33,500 Where'd all the data will be stored and click on continue. 5871 03:49:33,500 --> 03:49:35,600 It's asking if you want to stores all files 5872 03:49:35,600 --> 03:49:36,449 in one partition, 5873 03:49:36,449 --> 03:49:38,100 or if you want to make partitions. 5874 03:49:38,100 --> 03:49:39,168 So depending on your needs, 5875 03:49:39,168 --> 03:49:41,200 you can go ahead and choose to keep all your files 5876 03:49:41,200 --> 03:49:42,100 in single partition, 5877 03:49:42,100 --> 03:49:44,600 which is default or you have separate partition 5878 03:49:44,600 --> 03:49:47,110 for one or more of the top-level directories. 5879 03:49:47,110 --> 03:49:48,944 Let's just choose the first option 5880 03:49:48,944 --> 03:49:50,000 and click on enter. 5881 03:49:50,100 --> 03:49:51,800 So once you've done that you'll have 5882 03:49:51,800 --> 03:49:54,200 one last chance to review our disk configuration. 5883 03:49:54,200 --> 03:49:55,000 Once you're sure 5884 03:49:55,000 --> 03:49:57,500 that you've given correct details click on enter here. 5885 03:49:57,600 --> 03:50:00,582 It's asking if the changes that you make to Kali Linux 5886 03:50:00,582 --> 03:50:02,700 should be written to the disk or not. 5887 03:50:02,700 --> 03:50:03,600 So say yes. 5888 03:50:04,700 --> 03:50:08,100 So we did start partition and install the washing machine. 5889 03:50:09,400 --> 03:50:10,552 It took a while but 5890 03:50:10,552 --> 03:50:13,100 as you can see installation is almost done. 5891 03:50:13,100 --> 03:50:16,100 It's asking me to configure the package manager. 5892 03:50:16,100 --> 03:50:17,950 Well, if you select no in the session, 5893 03:50:17,950 --> 03:50:19,700 you will not be able to install packages 5894 03:50:19,700 --> 03:50:23,000 from Cali repositories later and click on continue. 5895 03:50:23,400 --> 03:50:26,300 So suppose if you want to install other repositories 5896 03:50:26,300 --> 03:50:28,900 or updates later on you can always go and click on yes. 5897 03:50:28,900 --> 03:50:31,900 Otherwise, it's always otherwise you can go for know as well. 5898 03:50:32,000 --> 03:50:34,100 Now it's going to configure the package manager 5899 03:50:34,400 --> 03:50:35,700 will install package manager 5900 03:50:35,700 --> 03:50:38,400 and configure it then it will install GRUB boot loader. 5901 03:50:39,900 --> 03:50:40,692 And it's asking 5902 03:50:40,692 --> 03:50:43,966 if you want to install GRUB boot loader to master boot record. 5903 03:50:43,966 --> 03:50:44,576 Definitely. 5904 03:50:44,576 --> 03:50:45,459 Yes so select. 5905 03:50:45,459 --> 03:50:47,100 Yes and click on continue. 5906 03:50:47,100 --> 03:50:50,000 So it's asking to select the device manually. 5907 03:50:50,000 --> 03:50:52,600 You can click the select the device. 5908 03:50:53,200 --> 03:50:55,000 So yeah, guys we're done here. 5909 03:50:55,000 --> 03:50:56,000 So you can finally click 5910 03:50:56,000 --> 03:50:58,900 on continue option to reboot your new color installation. 5911 03:50:58,900 --> 03:50:59,900 So as you can see 5912 03:50:59,900 --> 03:51:02,600 the entire process took about 10 to 11 minutes. 5913 03:51:02,900 --> 03:51:05,500 So yeah, let's go ahead and click on continue here. 5914 03:51:05,500 --> 03:51:07,400 It's gonna finish the installation. 5915 03:51:08,200 --> 03:51:10,685 So guys as you can see the installation process 5916 03:51:10,685 --> 03:51:12,900 from the step where we select the language 5917 03:51:12,900 --> 03:51:14,300 till the last step is same. 5918 03:51:14,300 --> 03:51:17,300 It's just the medium on which you are installing is different 5919 03:51:17,300 --> 03:51:18,500 for example, right now. 5920 03:51:18,500 --> 03:51:20,006 We use VMware later on. 5921 03:51:20,006 --> 03:51:22,259 I'll show you how to use virtualbox. 5922 03:51:22,259 --> 03:51:25,800 But once you color Linux image is ready to boot the rest 5923 03:51:25,800 --> 03:51:28,400 of the installation process is similar to this. 5924 03:51:29,300 --> 03:51:31,300 So it's finished installing. 5925 03:51:31,700 --> 03:51:33,600 It's loading the image. 5926 03:51:36,000 --> 03:51:36,796 So if you have done 5927 03:51:36,796 --> 03:51:38,875 everything right during the installation process 5928 03:51:38,875 --> 03:51:40,600 and according to your needs your land up 5929 03:51:40,600 --> 03:51:42,300 in this page use a name. 5930 03:51:42,338 --> 03:51:45,261 So we've given at this Scully right kli 5931 03:51:45,584 --> 03:51:49,200 and password as you can see it showing an error. 5932 03:51:49,200 --> 03:51:50,400 It says the didn't work. 5933 03:51:50,400 --> 03:51:51,500 Please try again. 5934 03:51:51,500 --> 03:51:53,703 This is mostly because if first time 5935 03:51:53,703 --> 03:51:54,877 when you log in you 5936 03:51:54,877 --> 03:51:57,600 should use word root as your default username. 5937 03:51:57,600 --> 03:51:58,200 But later on 5938 03:51:58,200 --> 03:52:00,700 once you have already logged in you can change the username 5939 03:52:00,700 --> 03:52:02,500 according to your need so root 5940 03:52:02,500 --> 03:52:04,600 and password you can use the same password 5941 03:52:04,600 --> 03:52:06,100 which you set during installation. 5942 03:52:06,100 --> 03:52:09,800 In process so as you can see login is successful 5943 03:52:10,300 --> 03:52:13,200 and here I go my Kali Linux is up and running 5944 03:52:13,200 --> 03:52:16,144 so I can start using cullinan X according to my needs. 5945 03:52:16,144 --> 03:52:17,165 So once you've done 5946 03:52:17,165 --> 03:52:19,539 that you can go ahead and install VMware tools 5947 03:52:19,539 --> 03:52:22,600 so that you can maximize it full screen and all that stuff. 5948 03:52:22,600 --> 03:52:24,300 You can also go ahead and change the date 5949 03:52:24,300 --> 03:52:25,200 and time settings. 5950 03:52:25,200 --> 03:52:27,900 As you can see here can go for the settings option here 5951 03:52:27,900 --> 03:52:28,908 and do the settings 5952 03:52:28,908 --> 03:52:30,157 and you can start using 5953 03:52:30,157 --> 03:52:33,200 Color Linux for hacking and penetration testing purposes. 5954 03:52:33,200 --> 03:52:35,000 So it's as easy as that guys. 5955 03:52:35,100 --> 03:52:37,400 So please Please go ahead and try installing it. 5956 03:52:37,400 --> 03:52:40,200 Well, if you find any errors during installation process, 5957 03:52:40,200 --> 03:52:41,696 let us know in the comment session. 5958 03:52:41,696 --> 03:52:43,500 We'll get back to you as soon as possible. 5959 03:52:43,500 --> 03:52:43,732 Now. 5960 03:52:43,732 --> 03:52:45,500 Let's move on to our second demo. 5961 03:52:45,700 --> 03:52:45,935 Now. 5962 03:52:45,935 --> 03:52:47,817 We'll see how to launch Cullen X 5963 03:52:47,817 --> 03:52:51,200 on Mac operating system using virtualbox in the previous demo. 5964 03:52:51,200 --> 03:52:53,815 We use VMware and now we'll be using virtualbox. 5965 03:52:53,815 --> 03:52:56,200 But actually I'm not using any Mac system here 5966 03:52:56,200 --> 03:52:57,200 operating system, 5967 03:52:57,200 --> 03:53:00,082 but I'll show you how to install using virtualbox. 5968 03:53:00,082 --> 03:53:01,800 The procedure is very similar. 5969 03:53:01,800 --> 03:53:04,600 So all you have to do is on your Mac operating system. 5970 03:53:04,600 --> 03:53:08,100 Go ahead and click a for Should box download. 5971 03:53:08,700 --> 03:53:10,700 So this is the virtualbox official page. 5972 03:53:10,700 --> 03:53:12,900 You can go ahead and click on downloads here. 5973 03:53:12,900 --> 03:53:15,300 As you can see you have different options here. 5974 03:53:15,300 --> 03:53:16,272 It says windows 5975 03:53:16,272 --> 03:53:20,100 for Windows operating system OS X host line X and solar host 5976 03:53:20,100 --> 03:53:22,020 since if you're using Windows then go ahead 5977 03:53:22,020 --> 03:53:23,049 and select Windows host. 5978 03:53:23,049 --> 03:53:25,200 But as for Mark, you'll have to select this. 5979 03:53:25,200 --> 03:53:26,600 It's mostly a DOT exe file. 5980 03:53:26,600 --> 03:53:29,000 Once you've done that you can install virtualbox. 5981 03:53:29,000 --> 03:53:30,600 It's just click on next next next 5982 03:53:30,600 --> 03:53:31,679 and it will walk out 5983 03:53:31,679 --> 03:53:33,965 and provide settings according to your need. 5984 03:53:33,965 --> 03:53:35,812 I already have installed virtualbox. 5985 03:53:35,812 --> 03:53:37,869 It's the next thing you do is similar as 5986 03:53:37,869 --> 03:53:39,400 what you've done with VMware. 5987 03:53:39,400 --> 03:53:42,100 Go ahead and download official Kali Linux image. 5988 03:53:42,100 --> 03:53:44,600 Make sure you don't download any duplicate versions 5989 03:53:44,600 --> 03:53:46,422 of ISO file from other websites. 5990 03:53:46,422 --> 03:53:49,100 Make sure you download it from original website. 5991 03:53:49,100 --> 03:53:51,092 If you want to do it from the beginning 5992 03:53:51,092 --> 03:53:53,288 go ahead and install ISO file your torrent 5993 03:53:53,288 --> 03:53:54,700 or you can just go ahead 5994 03:53:54,700 --> 03:53:58,100 and download just the image for Wii virtual box here 5995 03:53:58,100 --> 03:54:00,982 for 64 bit and you have option for 32-bit as well. 5996 03:54:00,982 --> 03:54:02,400 I've already done that. 5997 03:54:02,400 --> 03:54:04,500 So let me open my Virtual box. 5998 03:54:05,000 --> 03:54:08,400 Yeah artists the procedure for VMware and watch 5999 03:54:08,400 --> 03:54:11,000 the box is almost seen just slight difference. 6000 03:54:11,000 --> 03:54:13,000 Let me maximize the screen for you guys 6001 03:54:13,000 --> 03:54:14,480 as you can see I already have 6002 03:54:14,480 --> 03:54:16,530 and watching machine launched up here. 6003 03:54:16,530 --> 03:54:17,817 I haven't powered it up yet. 6004 03:54:17,817 --> 03:54:19,950 Anyway, I'll show you how to install new one. 6005 03:54:19,950 --> 03:54:21,500 Just click on new' option here. 6006 03:54:21,600 --> 03:54:24,600 This is your virtualbox homepage guys. 6007 03:54:24,700 --> 03:54:27,100 So click on New Year and just give a name. 6008 03:54:27,100 --> 03:54:28,100 We've already given 6009 03:54:28,100 --> 03:54:30,349 color Linux all you're right for the virtual machine. 6010 03:54:30,349 --> 03:54:32,000 So let's give it some of the name. 6011 03:54:32,000 --> 03:54:34,492 Let's say capital K L line. 6012 03:54:34,492 --> 03:54:37,800 Unix and choose the type of operating system 6013 03:54:37,800 --> 03:54:40,300 that's line X and here 64-bit - 6014 03:54:40,300 --> 03:54:42,800 64-bit according to your operating system needs you 6015 03:54:42,800 --> 03:54:44,300 can go ahead and choose it 32 6016 03:54:44,300 --> 03:54:46,900 but as well click on next and again, 6017 03:54:46,900 --> 03:54:47,900 like I said earlier 6018 03:54:47,900 --> 03:54:50,700 depending on what you're doing on color Linux operating system 6019 03:54:50,700 --> 03:54:53,300 or virtual machine you go ahead and design the memory 6020 03:54:53,400 --> 03:54:54,617 since I'm just showing you 6021 03:54:54,617 --> 03:54:57,100 how to install I'm not assigning much memory you have. 6022 03:54:57,100 --> 03:55:00,000 So let's just retain the default ones it to 4mb. 6023 03:55:00,000 --> 03:55:02,100 That's 1 GB and click on next 6024 03:55:02,100 --> 03:55:04,700 and it's asking you have a three options here. 6025 03:55:04,700 --> 03:55:07,900 Of not to add virtual artists create virtual orders now 6026 03:55:07,900 --> 03:55:10,400 and you can go ahead and add a virtual hard disk, 6027 03:55:10,400 --> 03:55:12,200 you use an external virtual hard disk. 6028 03:55:12,200 --> 03:55:14,300 Go ahead and select the second option click 6029 03:55:14,300 --> 03:55:16,900 on create and use virtualbox image. 6030 03:55:16,900 --> 03:55:19,400 Like I said earlier we downloaded ISO image, 6031 03:55:19,400 --> 03:55:22,700 right and it's an ISO file with extension dot 6032 03:55:22,700 --> 03:55:26,800 is oh, so basically it's nothing but image so click on next 6033 03:55:26,800 --> 03:55:28,900 and I want to the storage 6034 03:55:28,900 --> 03:55:31,792 on physical hard disk to be assigned dynamically 6035 03:55:31,792 --> 03:55:32,900 and click on next. 6036 03:55:32,900 --> 03:55:35,000 So this is the name of the virtual machine 6037 03:55:35,000 --> 03:55:37,800 which we just gave all your it's asking you to choose 6038 03:55:37,800 --> 03:55:40,300 the path wherever you want to store your virtual machine. 6039 03:55:40,300 --> 03:55:42,500 Let's say documents 6040 03:55:43,046 --> 03:55:46,353 and watching machines click on open and save 6041 03:55:46,900 --> 03:55:48,300 so that's the part of setup. 6042 03:55:48,600 --> 03:55:50,100 And as for the memory call 6043 03:55:50,100 --> 03:55:52,900 you always needs you to assign at least 20 GB. 6044 03:55:53,000 --> 03:55:54,000 So let's go ahead 6045 03:55:54,000 --> 03:55:56,600 and give 20 GB you can always assign more than that 6046 03:55:57,002 --> 03:55:58,540 and click on create. 6047 03:55:59,900 --> 03:56:02,000 So this is the one we just created right? 6048 03:56:02,000 --> 03:56:02,860 It's ready. 6049 03:56:02,900 --> 03:56:05,000 Just click on settings before you power up. 6050 03:56:05,000 --> 03:56:06,600 You'll have to make certain settings. 6051 03:56:06,800 --> 03:56:08,311 So if you want to change name 6052 03:56:08,311 --> 03:56:10,500 or type and version you can always go ahead 6053 03:56:10,500 --> 03:56:11,400 and do that here. 6054 03:56:11,400 --> 03:56:14,164 We don't have anything in advance is just the folder 6055 03:56:14,164 --> 03:56:17,203 where your virtual machine with this Toad go for systems. 6056 03:56:17,203 --> 03:56:19,700 We won't be using any floppy disk are so right. 6057 03:56:19,700 --> 03:56:22,500 So on ticket or uncheck it and 6058 03:56:22,500 --> 03:56:23,500 yeah, this is memory 6059 03:56:23,500 --> 03:56:25,758 if you want to go ahead and change or assign more memory 6060 03:56:25,758 --> 03:56:26,908 because the performance 6061 03:56:26,908 --> 03:56:28,600 of your virtual machine is not that great. 6062 03:56:28,600 --> 03:56:31,100 It you can go ahead and do that for the process 6063 03:56:31,100 --> 03:56:33,400 of make sure you enable this extended features. 6064 03:56:33,400 --> 03:56:35,400 So basically if you want to increase the performance 6065 03:56:35,400 --> 03:56:37,000 of your virtual machine the number 6066 03:56:37,000 --> 03:56:39,800 of processors you assign should increase Well for now 6067 03:56:39,800 --> 03:56:40,850 since I'm to show you 6068 03:56:40,850 --> 03:56:43,400 how to install and just going to assign one you have option 6069 03:56:43,400 --> 03:56:45,400 to increase to say to like that. 6070 03:56:45,400 --> 03:56:47,000 And as for the display, 6071 03:56:47,000 --> 03:56:50,700 you can enable 3D acceleration display storage settings. 6072 03:56:50,700 --> 03:56:52,800 This is the most important one right now. 6073 03:56:52,800 --> 03:56:55,900 We don't have any image attached to your so click on this empty 6074 03:56:55,900 --> 03:56:57,171 and click on the CD image 6075 03:56:57,171 --> 03:56:58,900 that you see here and choose watch. 6076 03:56:59,500 --> 03:57:01,600 And attach the image or die. 6077 03:57:01,600 --> 03:57:03,130 So Fire torrent file, 6078 03:57:03,130 --> 03:57:06,718 which you just downloaded click on open and audio 6079 03:57:06,718 --> 03:57:09,500 no settings default Network by default. 6080 03:57:09,500 --> 03:57:11,200 You can always set it for Nat 6081 03:57:11,200 --> 03:57:13,800 since we're using only one watching machine ha but 6082 03:57:13,800 --> 03:57:16,900 if you want to use a cuddle in X with any other motion machine 6083 03:57:16,900 --> 03:57:20,800 like Metasploit able to you can go ahead and use this host-only 6084 03:57:20,800 --> 03:57:23,422 adapter option here because when you use Nat 6085 03:57:23,422 --> 03:57:25,200 and when you have two virtual machines, 6086 03:57:25,200 --> 03:57:27,395 both of them will be assigned with same IP address, 6087 03:57:27,395 --> 03:57:28,896 which will definitely a problem. 6088 03:57:28,896 --> 03:57:29,696 L'm because both 6089 03:57:29,696 --> 03:57:31,973 of these virtual machines need to interact right? 6090 03:57:31,973 --> 03:57:32,400 So, yeah. 6091 03:57:32,400 --> 03:57:34,400 Well, I'm just saying all this video information 6092 03:57:34,400 --> 03:57:36,482 so you can go ahead and click on host-only adapter 6093 03:57:36,482 --> 03:57:37,887 if you using 2 virtual machines 6094 03:57:37,887 --> 03:57:39,700 and you want them to interact as for now, 6095 03:57:39,700 --> 03:57:41,753 I'm just retaining it Nat and rest 6096 03:57:41,753 --> 03:57:45,300 you can you don't have to make any changes and click on OK 6097 03:57:45,400 --> 03:57:47,300 once you've made all the settings click 6098 03:57:47,300 --> 03:57:50,100 on this or you can go ahead and click on start option. 6099 03:57:50,100 --> 03:57:55,700 Are you can light click on it and start Again, 6100 03:57:55,700 --> 03:57:56,300 like I said, 6101 03:57:56,300 --> 03:57:59,900 the installation process from Step One is very similar to that 6102 03:57:59,900 --> 03:58:01,000 whether using VMware. 6103 03:58:01,000 --> 03:58:03,800 So again, you'll be greeted with Kali boot screen and you 6104 03:58:03,800 --> 03:58:05,300 have multiple options again. 6105 03:58:05,300 --> 03:58:07,100 I'm not repeating the entire thing here. 6106 03:58:07,100 --> 03:58:09,000 So go ahead and click on graphical install. 6107 03:58:09,000 --> 03:58:10,889 And if you're a pro and using command line, 6108 03:58:10,889 --> 03:58:12,437 you can always go for install option. 6109 03:58:12,437 --> 03:58:15,000 And if you want to just use it for one time purpose, 6110 03:58:15,000 --> 03:58:16,900 you can always go for live option here. 6111 03:58:17,000 --> 03:58:17,800 That's all guys. 6112 03:58:17,800 --> 03:58:19,700 I'm sure you can catch it from here, right? 6113 03:58:19,700 --> 03:58:22,964 Because it's almost similar to the ones we did using VMware 6114 03:58:22,964 --> 03:58:26,200 if you have Here are just go back and take a look at it. 6115 03:58:26,200 --> 03:58:27,751 Yeah, well, like I said, 6116 03:58:27,751 --> 03:58:31,600 I showed you on how to use virtualbox to install Kali Linux 6117 03:58:31,600 --> 03:58:33,000 on Windows operating system. 6118 03:58:33,000 --> 03:58:34,800 Well, let's aim for the Mac as well. 6119 03:58:34,800 --> 03:58:38,000 You just have to download your stuff there instead of Windows. 6120 03:58:38,000 --> 03:58:40,400 You have another option with this operating system. 6121 03:58:40,400 --> 03:58:42,200 You can dual boot your color Linux 6122 03:58:42,200 --> 03:58:43,800 with Windows or Mac. 6123 03:58:43,800 --> 03:58:46,583 It's not as easy as these installation process 6124 03:58:46,583 --> 03:58:49,907 because it will involve you setting the BIOS to changes 6125 03:58:49,907 --> 03:58:51,076 that you get to see 6126 03:58:51,076 --> 03:58:53,600 when you power up your computer initially. 6127 03:58:53,700 --> 03:58:56,800 Make sure you refer to color Linux official documentation 6128 03:58:56,800 --> 03:58:59,300 and make sure you've done the installation properly 6129 03:58:59,300 --> 03:59:01,600 so that you won't mess up your default settings. 6130 03:59:02,200 --> 03:59:04,000 So guys we are done with two ways 6131 03:59:04,000 --> 03:59:07,201 of installing Kali Linux one on Windows and one on Mac. 6132 03:59:07,201 --> 03:59:10,700 We saw how to install it using VMware as well as virtual box 6133 03:59:11,100 --> 03:59:13,000 in the third part will see 6134 03:59:13,000 --> 03:59:16,000 how to install Kali tools on any Linux distribution. 6135 03:59:16,000 --> 03:59:19,109 It could be Ubuntu Fedora peppermint operating system 6136 03:59:19,109 --> 03:59:21,800 or any other version or distribution of Linux. 6137 03:59:21,800 --> 03:59:22,813 The procedure is 6138 03:59:22,813 --> 03:59:25,600 actually similar in every Linux distribution. 6139 03:59:25,600 --> 03:59:27,876 So if you follow up on one Linux distribution, 6140 03:59:27,876 --> 03:59:29,176 you can go ahead and do it 6141 03:59:29,176 --> 03:59:31,700 on the Linux distribution of your choice or the one 6142 03:59:31,700 --> 03:59:34,000 that you use One thing you should remember is 6143 03:59:34,000 --> 03:59:37,400 that Kali Linux is not for the Dai Li line X purposes. 6144 03:59:37,500 --> 03:59:39,500 Well, it's only for ethical hacking 6145 03:59:39,500 --> 03:59:43,100 or web application penetration testing for these purposes. 6146 03:59:43,196 --> 03:59:46,503 So guys will be using a tool called Catalan. 6147 03:59:46,900 --> 03:59:48,500 Let me spell it for you guys. 6148 03:59:48,500 --> 03:59:50,600 It's Ka T WL iron. 6149 03:59:51,196 --> 03:59:53,503 So let's just search for that. 6150 03:59:54,500 --> 03:59:55,500 There we go. 6151 03:59:55,500 --> 03:59:58,500 It's a script that helps you to install Kali Linux tools 6152 03:59:58,500 --> 04:00:00,700 on your Linux distribution of your choice. 6153 04:00:00,700 --> 04:00:02,417 So it's usually the GitHub script. 6154 04:00:02,417 --> 04:00:04,500 So click on the first link that you find. 6155 04:00:04,500 --> 04:00:05,617 So for those of you 6156 04:00:05,617 --> 04:00:08,400 who like to use penetration testing tools provided by 6157 04:00:08,400 --> 04:00:09,932 Kali Linux development team. 6158 04:00:09,932 --> 04:00:11,226 You can effectively do 6159 04:00:11,226 --> 04:00:14,400 that on your preferred Linux distribution using this tool 6160 04:00:14,400 --> 04:00:17,300 which is Catalan or Ka t oo a lion. 6161 04:00:17,500 --> 04:00:20,290 So as you can see once you've installed Catalan properly 6162 04:00:20,290 --> 04:00:21,400 on your operating system, 6163 04:00:21,400 --> 04:00:23,200 you should be greeted with this page. 6164 04:00:23,200 --> 04:00:24,700 I'll show you how to do that. 6165 04:00:24,700 --> 04:00:25,500 What about it? 6166 04:00:25,500 --> 04:00:27,500 So the purpose of asking you 6167 04:00:27,500 --> 04:00:31,100 to see this page is to take a look at prerequisite hours. 6168 04:00:31,100 --> 04:00:34,381 So first thing you need to have a python of version 6169 04:00:34,381 --> 04:00:37,400 2.7 or above installed in your operating system 6170 04:00:37,400 --> 04:00:39,610 and you need a line exists efficient system. 6171 04:00:39,610 --> 04:00:41,811 It could be Ubuntu or it could be Fedora 6172 04:00:41,811 --> 04:00:44,500 or peppermint any other planets distribution. 6173 04:00:44,500 --> 04:00:45,785 I have a bun to here. 6174 04:00:45,785 --> 04:00:47,925 I'll be using VMware Workstation Pro. 6175 04:00:47,925 --> 04:00:50,362 It's already open but let me just go back. 6176 04:00:50,362 --> 04:00:52,800 All you have to do is search for one, too. 6177 04:00:53,073 --> 04:00:55,226 And click on the first link. 6178 04:00:55,900 --> 04:00:58,500 So as you can see there are a lot of options yet 6179 04:00:58,500 --> 04:01:01,202 for to install a bin to just click on this 6180 04:01:01,202 --> 04:01:04,300 and you'll be able to download a file ISO image. 6181 04:01:04,300 --> 04:01:05,400 I've already done that. 6182 04:01:05,400 --> 04:01:06,400 I'm not doing it again. 6183 04:01:06,400 --> 04:01:08,134 Let's go back to VMware Workstation 6184 04:01:08,134 --> 04:01:08,900 as you can see. 6185 04:01:08,900 --> 04:01:11,700 I already have my Ubuntu operating system installed 6186 04:01:11,700 --> 04:01:14,400 installing a window is it's very straightforward. 6187 04:01:14,400 --> 04:01:16,400 So just take a look at the instructions 6188 04:01:16,400 --> 04:01:19,150 that you need to know when you're installing Ubuntu once 6189 04:01:19,150 --> 04:01:20,463 you've done the installation, 6190 04:01:20,463 --> 04:01:22,205 which should look something like this. 6191 04:01:22,205 --> 04:01:23,100 So let me power up. 6192 04:01:23,100 --> 04:01:24,600 I've been to operating system. 6193 04:01:29,700 --> 04:01:30,600 So as you can see, 6194 04:01:30,600 --> 04:01:33,799 once you install your land up on this page and it's asking 6195 04:01:33,799 --> 04:01:35,800 for the password you set up this username 6196 04:01:35,800 --> 04:01:37,870 and password during the installation process. 6197 04:01:37,870 --> 04:01:39,000 So don't worry about it. 6198 04:01:39,000 --> 04:01:40,200 Click on enter. 6199 04:01:40,400 --> 04:01:43,300 So let's say you are a Unix lover you 6200 04:01:43,300 --> 04:01:45,500 like using your next platform. 6201 04:01:45,600 --> 04:01:46,930 But right now you want to use 6202 04:01:46,930 --> 04:01:49,000 certain tools for performing application penetration, 6203 04:01:49,000 --> 04:01:50,400 testing and ethical hacking. 6204 04:01:50,400 --> 04:01:51,900 You just don't need all the tools. 6205 04:01:51,900 --> 04:01:52,832 You need few Tools 6206 04:01:52,832 --> 04:01:55,224 in that case instead of installing color index 6207 04:01:55,224 --> 04:01:57,814 on your operating system installing only certain 6208 04:01:57,814 --> 04:02:00,929 color Linux tools will be The best option right for that. 6209 04:02:00,929 --> 04:02:03,400 Like I said earlier will be using cut Olin. 6210 04:02:03,400 --> 04:02:05,900 I have a set of four five commands 6211 04:02:05,900 --> 04:02:08,300 that you need to use to install Catalan Festival. 6212 04:02:08,300 --> 04:02:11,100 You need to have get on your operating system. 6213 04:02:11,100 --> 04:02:13,100 Let me check if I have it or not. 6214 04:02:13,100 --> 04:02:15,700 Anyway, I have these five or four set of commands 6215 04:02:15,700 --> 04:02:17,867 which will be using I'm going to attach them 6216 04:02:17,867 --> 04:02:19,050 in the description below. 6217 04:02:19,050 --> 04:02:20,600 So if you want you can use them 6218 04:02:20,600 --> 04:02:23,500 as you can see install get First Command. 6219 04:02:24,500 --> 04:02:26,510 It says unable to use it 6220 04:02:26,510 --> 04:02:29,279 because have to login as a root user. 6221 04:02:29,296 --> 04:02:32,603 So let me just it's asking for the password. 6222 04:02:33,400 --> 04:02:35,400 Yeah now I'm a root user. 6223 04:02:35,400 --> 04:02:37,300 So let me try the command again. 6224 04:02:37,500 --> 04:02:41,600 That's apt-get install Kit. 6225 04:02:42,400 --> 04:02:46,700 Yeah installing get it's just going to take few minutes. 6226 04:02:46,900 --> 04:02:48,684 But while this is happening, 6227 04:02:48,684 --> 04:02:50,892 let's go ahead and explore cartoon 6228 04:02:50,892 --> 04:02:52,900 to let me go for Firefox here. 6229 04:02:52,900 --> 04:02:54,913 Let's search for Carter: 6230 04:02:55,000 --> 04:02:58,100 so it's the first link guys like I said earlier, 6231 04:02:58,100 --> 04:02:59,600 so let me scroll down 6232 04:02:59,600 --> 04:03:02,100 as we saw the should be the home page 6233 04:03:02,100 --> 04:03:04,700 and we did take a look at the requirements. 6234 04:03:05,900 --> 04:03:08,000 So let's just go back and see if it's done. 6235 04:03:08,000 --> 04:03:09,400 It's still happening. 6236 04:03:09,700 --> 04:03:12,564 So one thing is make sure you have a python 6237 04:03:12,564 --> 04:03:14,200 or version 2.7 or above. 6238 04:03:14,200 --> 04:03:17,200 Otherwise the entire thing won't work at all. 6239 04:03:17,900 --> 04:03:18,900 Yeah guys it's done. 6240 04:03:19,200 --> 04:03:19,999 Now. 6241 04:03:20,000 --> 04:03:21,549 We are done with the first step. 6242 04:03:21,549 --> 04:03:24,400 We need to install a we need to clone the cartel in right? 6243 04:03:24,400 --> 04:03:25,400 So what you do? 6244 04:03:25,400 --> 04:03:26,293 Like I said, 6245 04:03:26,293 --> 04:03:29,233 I have a command right here just copy this 6246 04:03:29,233 --> 04:03:31,600 and place it over there control C. 6247 04:03:31,600 --> 04:03:34,900 Let's go back to terminal and it makes your skin for you guys. 6248 04:03:34,900 --> 04:03:35,300 Yeah. 6249 04:03:35,800 --> 04:03:39,200 And based so basically I'm cloning it here 6250 04:03:39,300 --> 04:03:42,650 and the next command is I'm copying the python file 6251 04:03:42,650 --> 04:03:44,600 to this directory and click on 6252 04:03:44,600 --> 04:03:45,700 until it's done. 6253 04:03:45,700 --> 04:03:49,500 It's just quick process now, we'll have to change permissions 6254 04:03:49,500 --> 04:03:52,500 so that we have access to use Catalan for that. 6255 04:03:52,500 --> 04:03:53,000 Basically. 6256 04:03:53,000 --> 04:03:54,900 We are giving execute permission. 6257 04:03:54,900 --> 04:03:59,100 So chmod plus X. Make sure you take a look at that + 6258 04:03:59,100 --> 04:04:02,584 x + enter we are audio is now our cut line 6259 04:04:02,584 --> 04:04:04,430 is installed say a lion, 6260 04:04:04,600 --> 04:04:05,800 so as you can see It's 6261 04:04:05,800 --> 04:04:08,100 already the first thing that you should do is 6262 04:04:08,100 --> 04:04:09,950 before you upgrade your system essays. 6263 04:04:09,950 --> 04:04:12,400 Please remove all the color like repositories to avoid 6264 04:04:12,400 --> 04:04:13,591 any kind of problems. 6265 04:04:13,591 --> 04:04:16,600 So as you can see it shows you like five options here. 6266 04:04:16,600 --> 04:04:18,866 First one is Azad Kali repositories 6267 04:04:18,866 --> 04:04:21,000 and update next view categories. 6268 04:04:21,000 --> 04:04:21,748 Like I said, 6269 04:04:21,748 --> 04:04:23,838 Kali Linux is 600 plus tools, right? 6270 04:04:23,838 --> 04:04:26,107 So you have different tools categorized 6271 04:04:26,107 --> 04:04:27,415 under different headings. 6272 04:04:27,415 --> 04:04:29,313 Then you have classic menu indicator. 6273 04:04:29,313 --> 04:04:31,000 It's nothing here as you can see. 6274 04:04:31,000 --> 04:04:32,500 I have a small icon here. 6275 04:04:32,500 --> 04:04:33,662 If you click on that, 6276 04:04:33,662 --> 04:04:35,600 it'll just show you different menus. 6277 04:04:35,600 --> 04:04:38,004 That's all and if you want to install color menu 6278 04:04:38,004 --> 04:04:40,000 for easy access you can do that as well. 6279 04:04:40,000 --> 04:04:43,500 So let me just click one under one that says add 6280 04:04:43,500 --> 04:04:47,293 color Linux repositories update remove and view all kundan's. 6281 04:04:47,293 --> 04:04:49,000 So let's try removing them. 6282 04:04:49,000 --> 04:04:51,400 Let's drive with adding repositories. 6283 04:04:52,000 --> 04:04:55,026 It is there are certain duplicate signatures removed 6284 04:04:55,026 --> 04:04:55,800 and all that. 6285 04:04:55,800 --> 04:04:57,588 So let's just try to remove 6286 04:04:57,588 --> 04:05:01,800 like they suggested earlier have been deleted now one. 6287 04:05:03,900 --> 04:05:05,256 So if you guys want to go ahead 6288 04:05:05,256 --> 04:05:07,578 and update the repositories already existing ones, 6289 04:05:07,578 --> 04:05:08,883 you can go ahead and do that. 6290 04:05:08,883 --> 04:05:09,600 I'm not doing it now 6291 04:05:09,600 --> 04:05:11,300 because it's going to take a while. 6292 04:05:11,300 --> 04:05:14,100 So if you want to go back just click back. 6293 04:05:14,100 --> 04:05:15,400 It's as easy as that. 6294 04:05:15,400 --> 04:05:17,217 Now, let's say I want to view categories 6295 04:05:17,217 --> 04:05:19,467 and install one to love it as you can see. 6296 04:05:19,467 --> 04:05:21,300 There are like number of fusion number 6297 04:05:21,300 --> 04:05:22,400 of categories here. 6298 04:05:22,400 --> 04:05:25,200 So I have web application penetration tools your 6299 04:05:25,200 --> 04:05:26,800 have password attacks. 6300 04:05:26,800 --> 04:05:28,500 I have exploitation tools. 6301 04:05:28,500 --> 04:05:29,900 Well, if you are interested, 6302 04:05:29,900 --> 04:05:32,633 there's an introduction video of what is Kali Linux 6303 04:05:32,633 --> 04:05:33,999 by director in the south. 6304 04:05:33,999 --> 04:05:34,900 Security playlist. 6305 04:05:34,900 --> 04:05:36,600 So go ahead and take a look at that. 6306 04:05:36,600 --> 04:05:37,600 We have explained 6307 04:05:37,600 --> 04:05:40,100 like about five to six popular tools in Kali Linux. 6308 04:05:40,200 --> 04:05:42,300 Anyway getting back to today's session. 6309 04:05:42,300 --> 04:05:44,300 Let me just say for 6310 04:05:44,300 --> 04:05:47,900 as you can see it lists all the web application tools. 6311 04:05:47,900 --> 04:05:50,961 So if I want to install all those there's an option 6312 04:05:50,961 --> 04:05:53,900 that's zero, but let's just say I want an install 6313 04:05:53,900 --> 04:05:55,300 a tool called SQL map. 6314 04:05:55,300 --> 04:05:57,600 I'm sure you might have heard SQL map. 6315 04:05:57,600 --> 04:05:58,500 If not, it's okay. 6316 04:05:58,500 --> 04:06:00,754 It's a tool which you use for checking out 6317 04:06:00,754 --> 04:06:03,927 vulnerabilities at a present an application database system. 6318 04:06:03,927 --> 04:06:06,555 So anyway, it asks inside the number of the tool 6319 04:06:06,555 --> 04:06:07,900 that you want to install. 6320 04:06:07,900 --> 04:06:08,900 Let's say 27. 6321 04:06:09,200 --> 04:06:11,200 So as you can see it's installing. 6322 04:06:14,600 --> 04:06:18,155 So it's as if you said guys so once you just done installing, 6323 04:06:18,155 --> 04:06:19,400 I'll get back to you. 6324 04:06:20,600 --> 04:06:22,834 Any tool I just showed you how to use 6325 04:06:22,834 --> 04:06:24,200 how to install SQL map 6326 04:06:24,200 --> 04:06:26,275 which is there in web application tools. 6327 04:06:26,275 --> 04:06:27,500 You can go ahead and do 6328 04:06:27,500 --> 04:06:30,100 that for other different types of tools as well suppose. 6329 04:06:30,100 --> 04:06:31,800 You want to install all the tools. 6330 04:06:31,800 --> 04:06:34,600 You can go forward 0 as in click on zero option. 6331 04:06:36,000 --> 04:06:37,000 So there you go guys. 6332 04:06:37,000 --> 04:06:38,869 I just showed you how to install one tool 6333 04:06:38,869 --> 04:06:41,300 so you can go ahead and do that for any kind of stool 6334 04:06:41,300 --> 04:06:42,427 under any category. 6335 04:06:42,427 --> 04:06:44,800 So if you just want to go back click pack 6336 04:06:44,800 --> 04:06:46,523 and go for other types of tools, 6337 04:06:46,523 --> 04:06:49,700 let's say eight there you can see so whatever different time 6338 04:06:49,700 --> 04:06:51,900 of exploration tools you want you can go ahead 6339 04:06:51,900 --> 04:06:53,033 and install them. 6340 04:06:53,033 --> 04:06:54,500 Let me just click back 6341 04:06:54,500 --> 04:06:58,800 and the back sometimes when you try to install all the tools, 6342 04:06:58,800 --> 04:07:00,400 you might get an error saying 6343 04:07:00,400 --> 04:07:03,200 that's the file doesn't exist or depository doesn't exist. 6344 04:07:03,200 --> 04:07:05,700 All you have to do is go for one First Option here. 6345 04:07:05,800 --> 04:07:07,746 As you can see here you have option two 6346 04:07:07,746 --> 04:07:08,568 which is update. 6347 04:07:08,568 --> 04:07:10,101 So update your repositories. 6348 04:07:10,101 --> 04:07:11,656 Make sure the Kali Linux mirror 6349 04:07:11,656 --> 04:07:14,100 which is present for the updation as the right one. 6350 04:07:14,100 --> 04:07:16,100 Once I've done that you won't get any errors. 6351 04:07:16,100 --> 04:07:18,100 All the tools will be installed properly. 6352 04:07:18,200 --> 04:07:20,600 So suppose you want to get back from these cattle 6353 04:07:20,600 --> 04:07:22,800 and easy just press control C. 6354 04:07:22,800 --> 04:07:24,900 And yeah as you can see it says goodbye. 6355 04:07:24,900 --> 04:07:28,500 So that's as easy as it is to use colonics tools on any kind 6356 04:07:28,500 --> 04:07:29,700 of Linux distribution 6357 04:07:29,700 --> 04:07:32,580 while I've showed you on a bun to the procedure is same 6358 04:07:32,580 --> 04:07:34,500 on any other Linux distribution guys. 6359 04:07:34,800 --> 04:07:35,800 So there we go guys. 6360 04:07:35,800 --> 04:07:37,832 I've done with three things first. 6361 04:07:37,832 --> 04:07:39,927 We did on Windows using VMware then 6362 04:07:39,927 --> 04:07:42,900 on Mac using virtualbox and third I showed you 6363 04:07:42,900 --> 04:07:45,000 how to install Kali Linux tools on any kind 6364 04:07:45,000 --> 04:07:46,334 of Linux distribution. 6365 04:07:46,334 --> 04:07:48,700 And finally, there's one last demo here. 6366 04:07:48,700 --> 04:07:50,800 We'll see how to install Kali Linux 6367 04:07:50,800 --> 04:07:53,900 or Windows operating system using Windows subsystem 6368 04:07:53,900 --> 04:07:55,040 for Linux feature. 6369 04:07:55,040 --> 04:07:57,700 So, let me get back to my operating system. 6370 04:07:57,700 --> 04:08:00,500 We won't be needing VMware Workstation anymore. 6371 04:08:00,900 --> 04:08:03,500 So guys will be using a feature called 6372 04:08:03,500 --> 04:08:05,207 windows subsystem for Linux, 6373 04:08:05,207 --> 04:08:08,500 which is By default present in all the current versions 6374 04:08:08,500 --> 04:08:09,500 of Windows 10. 6375 04:08:09,500 --> 04:08:10,800 This is actually for those 6376 04:08:10,800 --> 04:08:13,700 who prefer using Color Linux command line interface. 6377 04:08:13,700 --> 04:08:16,000 So make sure to listen to me properly. 6378 04:08:16,000 --> 04:08:17,200 Oh use this option only 6379 04:08:17,200 --> 04:08:19,438 if you are a pro in using command line interface 6380 04:08:19,438 --> 04:08:22,200 or if you have any experience using command line interface. 6381 04:08:22,200 --> 04:08:24,968 Otherwise just go ahead and use VMware watch the box 6382 04:08:24,968 --> 04:08:27,900 and install Kali Linux graphical user interface option. 6383 04:08:27,900 --> 04:08:29,852 So yeah, this windows subsystem 6384 04:08:29,852 --> 04:08:33,649 for line X allows you to run Linux distributions as subsystem 6385 04:08:33,649 --> 04:08:35,927 on your Windows operating system this 6386 04:08:35,927 --> 04:08:37,700 Her is really a new feature. 6387 04:08:37,700 --> 04:08:39,800 It exists only in Windows 10. 6388 04:08:39,800 --> 04:08:42,400 So you need to use latest version of Windows 6389 04:08:42,400 --> 04:08:45,000 10 to perform this demo or use this option. 6390 04:08:45,000 --> 04:08:46,285 And in addition to that. 6391 04:08:46,285 --> 04:08:48,000 We also have other prerequisites, 6392 04:08:48,000 --> 04:08:50,100 especially we need to have git installed 6393 04:08:50,100 --> 04:08:52,222 or you can go ahead and zip the file 6394 04:08:52,222 --> 04:08:55,164 which is Windows subsystem for Linux files normally 6395 04:08:55,164 --> 04:08:56,925 but having it is also a nice day. 6396 04:08:56,925 --> 04:08:58,687 Secondly, you need to have python 6397 04:08:58,687 --> 04:09:02,100 of version 3 or above make sure you've installed Python and set 6398 04:09:02,100 --> 04:09:03,100 up the path to check 6399 04:09:03,100 --> 04:09:05,700 if your python is installed properly or not just sake. 6400 04:09:06,000 --> 04:09:09,700 Go via command prompt and just type a python version. 6401 04:09:10,500 --> 04:09:11,300 It should show 6402 04:09:11,300 --> 04:09:13,446 you wasn't properly only then you can be sure 6403 04:09:13,446 --> 04:09:15,149 that your python is properly installed. 6404 04:09:15,149 --> 04:09:17,900 As you can see for made showing three point six point seven, 6405 04:09:17,900 --> 04:09:19,800 which is definitely above three, 6406 04:09:19,800 --> 04:09:22,100 and it's properly installed in the path is set. 6407 04:09:22,100 --> 04:09:24,900 The first thing you need to do is enable WSL 6408 04:09:24,900 --> 04:09:26,895 or Windows subsystem for Linux. 6409 04:09:26,895 --> 04:09:30,888 Just go for the control panel and there click on programs 6410 04:09:30,888 --> 04:09:32,471 and turn Windows features 6411 04:09:32,471 --> 04:09:35,700 on or off make sure not to touch any other features. 6412 04:09:35,700 --> 04:09:37,824 It might mess up your operating system. 6413 04:09:37,824 --> 04:09:38,706 So scroll down. 6414 04:09:38,706 --> 04:09:40,200 It's usually at the bottom. 6415 04:09:40,200 --> 04:09:40,400 Bye. 6416 04:09:40,400 --> 04:09:41,900 For let's never nibbled a few 6417 04:09:41,900 --> 04:09:44,300 using it for the first time you need to enable it. 6418 04:09:44,300 --> 04:09:45,799 So first thing you do is enable it 6419 04:09:45,799 --> 04:09:46,800 as you can see here. 6420 04:09:46,800 --> 04:09:48,908 It says windows subsystem for Linux. 6421 04:09:48,908 --> 04:09:52,100 Make sure you enable it check mark it and click on OK. 6422 04:09:52,100 --> 04:09:55,284 Once you have done that run your command prompt 6423 04:09:55,284 --> 04:09:57,500 or terminal as an administrator. 6424 04:09:57,500 --> 04:09:59,700 All you have to do is right-click on it and click 6425 04:09:59,700 --> 04:10:00,900 on run as administrator. 6426 04:10:01,100 --> 04:10:04,200 And yes now will be enabling based distribution. 6427 04:10:04,200 --> 04:10:07,607 That is like I said windows subsystem for Linux allows 6428 04:10:07,607 --> 04:10:10,300 you to run a line X distribution as subsystem. 6429 04:10:10,300 --> 04:10:12,100 Right, but for that we need to enable 6430 04:10:12,100 --> 04:10:13,800 this base distribution for that. 6431 04:10:13,800 --> 04:10:15,749 You need to install the base distribution 6432 04:10:15,749 --> 04:10:18,100 or any kind of Linux distribution that you need. 6433 04:10:18,300 --> 04:10:22,200 So just use LX run and install. 6434 04:10:22,900 --> 04:10:24,100 So once you type 6435 04:10:24,100 --> 04:10:26,400 that this is the output which you get it says, 6436 04:10:26,400 --> 04:10:29,500 it's the Legacy Windows system for Linux distribution. 6437 04:10:29,500 --> 04:10:32,456 So you can go ahead and install other Linux distribution 6438 04:10:32,456 --> 04:10:34,500 which are available in Microsoft store. 6439 04:10:34,500 --> 04:10:37,000 But unfortunately Kali Linux is not available, 6440 04:10:37,000 --> 04:10:38,400 but it doesn't matter right. 6441 04:10:38,400 --> 04:10:40,600 We're anyway installing it using the procedure. 6442 04:10:41,030 --> 04:10:43,569 Just click on why here saying yes, 6443 04:10:43,800 --> 04:10:44,984 I've already installed. 6444 04:10:44,984 --> 04:10:46,959 So it's showing Legacy Windows system 6445 04:10:46,959 --> 04:10:49,138 for Linux distribution is already installed 6446 04:10:49,138 --> 04:10:50,202 on my system for you. 6447 04:10:50,202 --> 04:10:52,157 It might take a while after installing. 6448 04:10:52,157 --> 04:10:54,070 The most important thing is it lasts 6449 04:10:54,070 --> 04:10:55,600 for you to set up a password 6450 04:10:55,600 --> 04:10:58,100 and username don't skip that step wait for a while 6451 04:10:58,100 --> 04:11:00,300 and make sure you set up the password and use 6452 04:11:00,300 --> 04:11:03,300 an improperly only then entire thing will work out 6453 04:11:03,300 --> 04:11:05,688 once you've done that we are done here. 6454 04:11:05,688 --> 04:11:07,700 You can close the command prompt. 6455 04:11:07,700 --> 04:11:10,200 The next thing you need to do is install git 6456 04:11:10,200 --> 04:11:11,600 I already have it installed. 6457 04:11:11,600 --> 04:11:14,058 It's very easy install dot exe file and click 6458 04:11:14,058 --> 04:11:15,400 on installation process. 6459 04:11:15,400 --> 04:11:18,364 It's very straightforward and open git bash. 6460 04:11:18,364 --> 04:11:19,457 Yeah before that. 6461 04:11:19,457 --> 04:11:22,800 Let me go ahead and create a folder called text here. 6462 04:11:23,000 --> 04:11:26,300 And as you can see it stored on my desktop right now, 6463 04:11:26,300 --> 04:11:27,100 it's empty. 6464 04:11:27,185 --> 04:11:33,300 Anyway, let me go back to get here and CD desktop 6465 04:11:33,800 --> 04:11:38,000 TST all your Venable windows subsystem for Linux. 6466 04:11:38,000 --> 04:11:40,600 But now we have to download the script right for that. 6467 04:11:41,080 --> 04:11:44,619 Search for Windows subsystem for Linux Witcher. 6468 04:11:45,000 --> 04:11:48,700 And the first link is the GitHub link click on that. 6469 04:11:49,200 --> 04:11:50,400 There you go guys. 6470 04:11:50,400 --> 04:11:53,573 It says windows subsystem for Linux distributions, 6471 04:11:53,573 --> 04:11:57,200 which are it is the purpose is to let you easily download 6472 04:11:57,200 --> 04:11:59,080 and install Linux distribution 6473 04:11:59,080 --> 04:12:01,900 as subsystem on your Windows operating system. 6474 04:12:01,900 --> 04:12:04,500 So as you can see you have different options here 6475 04:12:04,500 --> 04:12:06,400 for the base operating systems. 6476 04:12:06,700 --> 04:12:10,700 So yeah copy this link here control see see 6477 04:12:11,000 --> 04:12:14,600 and go back to git git clone 6478 04:12:15,200 --> 04:12:18,700 and paste the link which you just download it paste it. 6479 04:12:18,900 --> 04:12:20,600 It shouldn't take very long. 6480 04:12:21,323 --> 04:12:22,476 It's done guys. 6481 04:12:22,715 --> 04:12:25,584 So now if your check your test folder 6482 04:12:25,600 --> 04:12:28,600 Windows subsystem for Linux will be downloaded properly. 6483 04:12:28,600 --> 04:12:32,500 Let's just go back and check that here is our test folder 6484 04:12:32,500 --> 04:12:35,700 as you can see windows subsystem for Linux is already there 6485 04:12:35,700 --> 04:12:37,700 now open your command prompt. 6486 04:12:38,496 --> 04:12:40,803 CD let's go for the text file. 6487 04:12:41,500 --> 04:12:42,549 And if you search 6488 04:12:42,549 --> 04:12:45,700 for the directories under that you can see WSL here. 6489 04:12:45,700 --> 04:12:47,600 Now, let's go for that as well. 6490 04:12:47,700 --> 04:12:50,700 You can just press stop directories under that 6491 04:12:50,900 --> 04:12:54,400 so as you can see the two things the most important things is 6492 04:12:54,400 --> 04:12:56,500 this get pre-built dot p y 6493 04:12:56,500 --> 04:12:57,900 and install py 6494 04:12:58,400 --> 04:13:02,900 this KET pre-build py will fetch Kali Linux Docker files 6495 04:13:03,000 --> 04:13:06,300 and installed our py will install Kali Linux for you. 6496 04:13:06,300 --> 04:13:07,855 I already have it installed. 6497 04:13:07,855 --> 04:13:09,800 But I'll just show you how to do it. 6498 04:13:09,900 --> 04:13:13,900 So go back to the browser and type talk a file. 6499 04:13:14,200 --> 04:13:15,807 Click on the second link. 6500 04:13:15,807 --> 04:13:16,900 I just wanted few 6501 04:13:16,900 --> 04:13:20,336 to copy the command easily so that you won't make mistakes. 6502 04:13:20,336 --> 04:13:21,200 This is the one 6503 04:13:21,200 --> 04:13:23,700 which you'll have to copy to fetch 6504 04:13:23,700 --> 04:13:25,600 the color index dog of files. 6505 04:13:25,600 --> 04:13:29,300 So you can just copy this part and go for command prompt. 6506 04:13:29,300 --> 04:13:32,400 Let me maximize this for you here you can say so 6507 04:13:32,400 --> 04:13:34,700 if you remember I said python is masked. 6508 04:13:34,700 --> 04:13:36,000 So make sure you install 6509 04:13:36,000 --> 04:13:37,900 it properly and set up the path White. 6510 04:13:37,900 --> 04:13:39,700 And get pre-built. 6511 04:13:39,776 --> 04:13:42,623 Let me just people dot pi and copy it. 6512 04:13:43,700 --> 04:13:45,400 As you can see it's installing. 6513 04:13:45,400 --> 04:13:48,000 It's going to take probably like 2 minutes. 6514 04:13:57,800 --> 04:13:59,500 So it says it's done 6515 04:13:59,500 --> 04:14:03,000 at says it's safe to this file in the text folder. 6516 04:14:03,000 --> 04:14:05,700 Let's go back and check if that's happened. 6517 04:14:06,000 --> 04:14:09,684 Here's a test folder under WSL you have python 6518 04:14:09,684 --> 04:14:12,530 as you can see you have python folder. 6519 04:14:12,700 --> 04:14:15,200 Is it folder of Kali Linux installed 6520 04:14:15,200 --> 04:14:17,500 or fetched you'll have to install it now, 6521 04:14:17,500 --> 04:14:18,000 right? 6522 04:14:18,400 --> 04:14:21,100 So let me now just type python. 6523 04:14:22,500 --> 04:14:24,200 This is the command that you want to use 6524 04:14:24,200 --> 04:14:27,300 that's installed on pie and stalled out pie 6525 04:14:27,800 --> 04:14:32,700 and copy this or just type and enter tab lutefisk stabbed 6526 04:14:32,934 --> 04:14:34,165 and click enter. 6527 04:14:42,100 --> 04:14:44,145 So as you can see it took a while 6528 04:14:44,145 --> 04:14:46,046 but it did install right now. 6529 04:14:46,046 --> 04:14:48,900 All you have to do is it's installed so you 6530 04:14:48,900 --> 04:14:53,500 can close the CMD and open your command prompt and run it 6531 04:14:53,500 --> 04:14:55,612 as an administrator click. 6532 04:14:55,612 --> 04:14:56,600 Yes. 6533 04:14:56,600 --> 04:14:59,600 Let me maximize the screen you'll have to set 6534 04:14:59,600 --> 04:15:02,800 the root password are the default user as brute so 6535 04:15:02,800 --> 04:15:05,500 set default the command 6536 04:15:05,500 --> 04:15:09,400 that you need to use hit default user as root. 6537 04:15:10,226 --> 04:15:14,073 As you can see it's now set to root and click Bash. 6538 04:15:15,300 --> 04:15:17,000 Done guys, right now. 6539 04:15:17,000 --> 04:15:17,800 We are running 6540 04:15:17,800 --> 04:15:20,700 on Callie operating system on command line interface 6541 04:15:20,800 --> 04:15:21,800 if want to make sure 6542 04:15:21,800 --> 04:15:24,200 if you're actually running on Curry just type 6543 04:15:24,200 --> 04:15:26,100 Cat ATC and issue. 6544 04:15:26,600 --> 04:15:29,300 It shows that Kali Linux rolling. 6545 04:15:29,500 --> 04:15:30,600 So as you can see we 6546 04:15:30,600 --> 04:15:33,600 have successfully installed Kali Linux command line interface 6547 04:15:33,600 --> 04:15:36,388 or how to use command line interface on Windows using 6548 04:15:36,388 --> 04:15:40,299 Windows subsystem for Linux and I'm telling it to you again 6549 04:15:40,299 --> 04:15:41,635 just use it if you know 6550 04:15:41,635 --> 04:15:44,400 how to use command line interface very properly. 6551 04:15:44,400 --> 04:15:45,700 Otherwise Might be 6552 04:15:45,700 --> 04:15:49,044 a little overwhelming subpoenas the fault. 6553 04:15:49,100 --> 04:15:53,300 It's the command that you need to use hit default user as 6554 04:15:53,300 --> 04:15:55,069 root as you can see. 6555 04:15:55,069 --> 04:15:58,261 It's now set to root and click Bash. 6556 04:15:59,600 --> 04:16:01,300 Done guys, right now. 6557 04:16:01,300 --> 04:16:02,100 We are running 6558 04:16:02,100 --> 04:16:05,000 on Callie operating system on command line interface 6559 04:16:05,200 --> 04:16:06,200 if want to make sure 6560 04:16:06,200 --> 04:16:09,700 if you're actually running on Curry just type Cat ATC 6561 04:16:09,700 --> 04:16:13,600 and issue its shows that Kali Linux rolling. 6562 04:16:13,800 --> 04:16:14,900 So as you can see we 6563 04:16:14,900 --> 04:16:17,900 have successfully installed Kali Linux command line interface 6564 04:16:17,900 --> 04:16:20,588 or how to use command line interface on Windows using 6565 04:16:20,588 --> 04:16:24,599 Windows subsystem for Linux and I'm telling it to you again 6566 04:16:24,599 --> 04:16:26,030 just use it if you know 6567 04:16:26,030 --> 04:16:28,547 how to use command line interface very properly. 6568 04:16:28,547 --> 04:16:32,000 Otherwise It might be a little overwhelming for beginners. 6569 04:16:36,800 --> 04:16:37,688 So now it's time 6570 04:16:37,688 --> 04:16:40,100 that we go through the command line basics 6571 04:16:40,100 --> 04:16:41,471 of any Linux terminal. 6572 04:16:41,471 --> 04:16:44,400 Now, the Linux terminal is a very powerful tool. 6573 04:16:44,400 --> 04:16:47,600 It allows you to move around the whole operating system 6574 04:16:47,600 --> 04:16:49,100 through the files and folders. 6575 04:16:49,100 --> 04:16:50,949 It allows you to create files. 6576 04:16:50,949 --> 04:16:52,800 She's their permissions change 6577 04:16:52,800 --> 04:16:53,840 how they behave 6578 04:16:53,840 --> 04:16:58,000 and a bunch of other things you can do filtering you can grab 6579 04:16:58,000 --> 04:17:00,700 stuff the specific stuff from a specific file 6580 04:17:00,700 --> 04:17:02,794 and there's a bunch of interesting thing 6581 04:17:02,794 --> 04:17:03,600 that you can do 6582 04:17:03,600 --> 04:17:06,200 and as an ethical hacker you will be working 6583 04:17:06,200 --> 04:17:08,541 with Knox distribution most of the time 6584 04:17:08,541 --> 04:17:10,220 whether it may be Kali Linux 6585 04:17:10,220 --> 04:17:12,200 or some other thing like Peridot s 6586 04:17:12,200 --> 04:17:14,796 but you will be working on enough most of the time 6587 04:17:14,796 --> 04:17:17,498 because it's a powerful tool for networking analysis 6588 04:17:17,498 --> 04:17:19,337 and scanning and all sorts of stuff 6589 04:17:19,337 --> 04:17:21,500 that you want to do as an ethical hacker. 6590 04:17:21,500 --> 04:17:24,205 So the First Essential step is to actually know 6591 04:17:24,205 --> 04:17:25,336 how to use the tool 6592 04:17:25,336 --> 04:17:28,212 that is available to you and that is out here, 6593 04:17:28,212 --> 04:17:29,700 which is the terminal now 6594 04:17:29,700 --> 04:17:31,700 as I'm running this on a virtual machine, 6595 04:17:31,700 --> 04:17:32,700 you might find it 6596 04:17:32,700 --> 04:17:35,733 that my execution times a much slower and that is 6597 04:17:35,733 --> 04:17:38,200 because I I have a very very slow laptop 6598 04:17:38,200 --> 04:17:41,200 because my virtual machine is actually eating up a lot 6599 04:17:41,200 --> 04:17:43,800 of my Ram and I have a bunch of other processes 6600 04:17:43,800 --> 04:17:45,100 that are also rendering 6601 04:17:45,100 --> 04:17:46,400 I do this on my free time. 6602 04:17:46,400 --> 04:17:49,784 So let's go ahead and go through the commands 6603 04:17:49,784 --> 04:17:53,589 that we are going to actually go through now. 6604 04:17:53,600 --> 04:17:56,000 Let me actually make a list of commands 6605 04:17:56,000 --> 04:17:57,800 that I want to teach you guys. 6606 04:17:57,800 --> 04:17:58,845 So let me see 6607 04:17:58,845 --> 04:18:01,900 if leafpad is available firstly leafpad is 6608 04:18:01,900 --> 04:18:03,300 basically a text editor. 6609 04:18:03,300 --> 04:18:04,300 So the first come on 6610 04:18:04,300 --> 04:18:06,600 that we're going to start off with is CD. 6611 04:18:06,900 --> 04:18:10,100 CD stands for change directory now at this moment. 6612 04:18:10,100 --> 04:18:11,500 We are in the root directory 6613 04:18:11,500 --> 04:18:15,192 as you guys can see we can print the current working directory 6614 04:18:15,192 --> 04:18:18,664 with the single PWD and that is a current working directory 6615 04:18:18,664 --> 04:18:20,311 as you see it's called route 6616 04:18:20,311 --> 04:18:23,600 and suppose we want to change directory to the home directory. 6617 04:18:23,600 --> 04:18:25,600 So all you have to do is CD which stands 6618 04:18:25,600 --> 04:18:26,600 for change directory 6619 04:18:26,600 --> 04:18:29,300 as I just said and specify the part. 6620 04:18:29,300 --> 04:18:30,500 No CD / home. 6621 04:18:30,500 --> 04:18:31,105 Okay. 6622 04:18:31,105 --> 04:18:32,400 So once we're in home, 6623 04:18:32,400 --> 04:18:34,000 I want to make a list of commands 6624 04:18:34,000 --> 04:18:36,900 that are used on the CLI that I want to teach you guys. 6625 04:18:36,900 --> 04:18:39,832 Guys, so what would I do I would firstly see 6626 04:18:39,832 --> 04:18:42,600 if any files are available that I can edit. 6627 04:18:42,600 --> 04:18:43,600 Okay, so these files 6628 04:18:43,600 --> 04:18:46,700 are available, but let's create a new file for ourselves. 6629 04:18:46,700 --> 04:18:51,000 So firstly let's do Nano list dot txt. 6630 04:18:51,200 --> 04:18:51,900 Now. 6631 04:18:51,900 --> 04:18:54,600 What Nano does is now we'll open up 6632 04:18:54,600 --> 04:18:56,482 a small command line text editor 6633 04:18:56,482 --> 04:18:58,100 now come online text editors 6634 04:18:58,100 --> 04:18:59,900 are very much used by ethical hackers 6635 04:18:59,900 --> 04:19:01,500 because they save a bunch of time 6636 04:19:01,500 --> 04:19:03,828 if there's always switching between GUI and command-line 6637 04:19:03,828 --> 04:19:06,400 because you'll be doing a bunch of stuff on the command line 6638 04:19:06,400 --> 04:19:08,600 and Will you want to write something you're always 6639 04:19:08,600 --> 04:19:09,600 switching to gooey? 6640 04:19:09,600 --> 04:19:12,000 It's a waste of time and you want to see 6641 04:19:12,000 --> 04:19:13,400 if I'm as an ethical hacker. 6642 04:19:13,400 --> 04:19:16,187 So you can use this thing called a command line editor 6643 04:19:16,187 --> 04:19:19,500 and it can basically do most of the stuff a GUI editor would do. 6644 04:19:19,700 --> 04:19:21,800 Now you say Nano and the name of this file. 6645 04:19:21,900 --> 04:19:24,500 So now basically has created this file now 6646 04:19:24,700 --> 04:19:27,535 and it has opened up this new fresh window, 6647 04:19:27,535 --> 04:19:29,611 which overrides the command line 6648 04:19:29,611 --> 04:19:32,700 that we were in The Bash and this is a place 6649 04:19:32,700 --> 04:19:34,288 where you can actually edit 6650 04:19:34,288 --> 04:19:36,500 what goes in the file now, let's see. 6651 04:19:36,500 --> 04:19:38,700 See the list of commands that I'm going to teach you. 6652 04:19:38,700 --> 04:19:42,600 I'm going to teach you LS LS will be the list of files. 6653 04:19:42,600 --> 04:19:43,400 We did CD. 6654 04:19:43,800 --> 04:19:45,100 We saw a PWD. 6655 04:19:45,100 --> 04:19:48,342 So that was a print working directory will be looking at 6656 04:19:48,342 --> 04:19:50,700 how you can copy stuff at the CP command. 6657 04:19:50,700 --> 04:19:52,656 Then we will be looking at MV 6658 04:19:52,656 --> 04:19:56,300 which is basically move then we will be looking at cap. 6659 04:19:56,300 --> 04:19:58,093 And that's an interesting one 6660 04:19:58,093 --> 04:20:01,000 and also less which is another interesting thing 6661 04:20:01,000 --> 04:20:02,400 and we'll be looking at grep 6662 04:20:02,400 --> 04:20:04,563 which is actually used for graphing 6663 04:20:04,563 --> 04:20:06,319 or grabbing things from files 6664 04:20:06,319 --> 04:20:08,500 that You might want to see you'll see 6665 04:20:08,500 --> 04:20:09,900 what I mean and a short 6666 04:20:09,900 --> 04:20:13,389 while we will see echo which probably does what you think. 6667 04:20:13,389 --> 04:20:15,900 If you have any experience with the Linux, 6668 04:20:15,900 --> 04:20:17,685 then we'll be doing touch 6669 04:20:17,685 --> 04:20:21,400 and we'll be doing make their which is make directory 6670 04:20:21,400 --> 04:20:25,100 and then we'll do in ch own chmod 6671 04:20:25,100 --> 04:20:28,330 then all the most dangerous commands has RM 6672 04:20:28,330 --> 04:20:30,400 and then you can do man. 6673 04:20:30,600 --> 04:20:31,500 Let's help. 6674 04:20:31,700 --> 04:20:32,200 Okay. 6675 04:20:32,542 --> 04:20:34,442 So these are the list of commands 6676 04:20:34,442 --> 04:20:36,052 that we are going to go through 6677 04:20:36,052 --> 04:20:39,811 in this As part of the video so suppose I was making this video 6678 04:20:39,811 --> 04:20:41,700 and I want to save the somewhere. 6679 04:20:41,700 --> 04:20:43,000 So you see down here. 6680 04:20:43,000 --> 04:20:45,500 There are a bunch of options that are sure to you. 6681 04:20:45,500 --> 04:20:49,016 Now this cat it sign might be not really thinking 6682 04:20:49,016 --> 04:20:51,800 that the shift 6 1 it's not shift 6:00. 6683 04:20:51,800 --> 04:20:54,941 It's actually a controlled so cat it is controlled 6684 04:20:54,941 --> 04:20:56,800 and then G of course means G. 6685 04:20:56,800 --> 04:20:59,900 So if you go Control G, it will actually get help. 6686 04:20:59,900 --> 04:21:00,148 Now. 6687 04:21:00,148 --> 04:21:02,384 What we want to do is save the file 6688 04:21:02,384 --> 04:21:03,700 and that is control. 6689 04:21:03,700 --> 04:21:05,800 Oh and that is right out. 6690 04:21:05,800 --> 04:21:08,600 So what we want to Who is a control? 6691 04:21:08,600 --> 04:21:10,700 Oh, and now it's going to say 6692 04:21:10,700 --> 04:21:13,600 if we want to name the file list at the XD 6693 04:21:13,600 --> 04:21:16,057 and we want to name the file and it says 6694 04:21:16,057 --> 04:21:18,200 that we have written down 15 lines. 6695 04:21:18,200 --> 04:21:19,974 So that's how you save a file. 6696 04:21:19,974 --> 04:21:20,211 Now. 6697 04:21:20,211 --> 04:21:22,400 All you want to do is exit out of you. 6698 04:21:22,400 --> 04:21:22,900 Okay. 6699 04:21:23,200 --> 04:21:27,800 So first let's go LS and let's go through whatever there is. 6700 04:21:27,800 --> 04:21:31,198 So LS showed us the list of files that are there 6701 04:21:31,198 --> 04:21:32,484 in that directory. 6702 04:21:32,484 --> 04:21:34,985 Now Alice can also show you the list 6703 04:21:34,985 --> 04:21:36,700 of files in a directory. 6704 04:21:36,700 --> 04:21:37,700 Curry with the paths 6705 04:21:37,700 --> 04:21:40,300 that you specify likewise ALS VAR. 6706 04:21:40,300 --> 04:21:42,800 It'll show me everything that is involved. 6707 04:21:42,800 --> 04:21:45,300 Okay, there are a lot of interesting things like bar. 6708 04:21:45,300 --> 04:21:49,300 So let's head over twice CD / bar and you hit enter 6709 04:21:49,400 --> 04:21:51,700 and now we are in the folder bar. 6710 04:21:51,700 --> 04:21:54,100 So now to actually demonstrate 6711 04:21:54,100 --> 04:21:57,900 how powerful analysis we have a few Flags now to see the flags 6712 04:21:57,900 --> 04:22:00,207 of any command you can just do - - 6713 04:22:00,207 --> 04:22:04,100 help universally throughout the Unix one line so out here 6714 04:22:04,100 --> 04:22:05,681 you see some information 6715 04:22:05,681 --> 04:22:08,449 that is Stuff to read but if you go on top 6716 04:22:08,449 --> 04:22:09,800 and scroll out here, 6717 04:22:09,800 --> 04:22:11,800 you'll see all the flags 6718 04:22:11,800 --> 04:22:14,116 that you can use with the command. 6719 04:22:14,116 --> 04:22:16,300 That is LS and how you can use them 6720 04:22:16,300 --> 04:22:17,200 so you can see 6721 04:22:17,200 --> 04:22:19,800 what you use and you can read a little bit about it. 6722 04:22:19,800 --> 04:22:24,200 So if you use all it ignores entries starting with DOT, 6723 04:22:24,600 --> 04:22:26,800 so suppose we were to do LS 6724 04:22:26,800 --> 04:22:30,500 in why let's see so it shows us like this now 6725 04:22:31,000 --> 04:22:32,200 if you do LSL, 6726 04:22:32,800 --> 04:22:35,500 it'll show a long list with more information. 6727 04:22:35,500 --> 04:22:38,200 So these are the permissions Options that you see out here 6728 04:22:38,200 --> 04:22:39,200 we will be seeing 6729 04:22:39,200 --> 04:22:40,200 how we can change 6730 04:22:40,200 --> 04:22:43,313 the permissions of a file soon enough and this is 6731 04:22:43,313 --> 04:22:45,029 who owns the file the user 6732 04:22:45,029 --> 04:22:47,407 and the user group is the file number. 6733 04:22:47,407 --> 04:22:47,901 I guess. 6734 04:22:47,901 --> 04:22:49,149 I'm not sure which is 6735 04:22:49,149 --> 04:22:52,000 when the created the name of the file is the time 6736 04:22:52,000 --> 04:22:54,000 when the file was created, I guess. 6737 04:22:54,000 --> 04:22:54,343 Okay. 6738 04:22:54,343 --> 04:22:57,403 So that's how you get very detailed information 6739 04:22:57,403 --> 04:22:59,000 about all the files now. 6740 04:22:59,000 --> 04:23:01,500 That's another thing you might want to use with ALS 6741 04:23:01,500 --> 04:23:04,200 and that is the 8X so you can go LS 6742 04:23:04,200 --> 04:23:06,500 a and it will show you all. 6743 04:23:06,500 --> 04:23:08,066 Of the hidden files also. 6744 04:23:08,066 --> 04:23:11,700 So now you see some two files that were not shown out here. 6745 04:23:11,700 --> 04:23:13,700 Our file is begins from backup. 6746 04:23:13,700 --> 04:23:16,400 But when we do LS, / I mean - 6747 04:23:16,400 --> 04:23:20,370 La we see two more files at this Dot and Dot so let's see 6748 04:23:20,370 --> 04:23:25,465 if we can move into that CD dot so we can't even move into that. 6749 04:23:25,465 --> 04:23:27,000 So that's interesting. 6750 04:23:27,000 --> 04:23:28,800 So these are hidden files. 6751 04:23:28,800 --> 04:23:31,612 So these are not seen two random users 6752 04:23:31,612 --> 04:23:34,700 and we can actually do stuff with them. 6753 04:23:34,700 --> 04:23:36,417 We will see how we can use hidden. 6754 04:23:36,417 --> 04:23:37,300 Hours later on. 6755 04:23:37,300 --> 04:23:39,800 So if you want to show hidden files through LSU, 6756 04:23:39,800 --> 04:23:43,666 all you have to do is LS and - La so that was all about LS. 6757 04:23:43,666 --> 04:23:47,400 So let's move back to /home where our list of commands 6758 04:23:47,400 --> 04:23:50,115 that I want to show you always so silly home. 6759 04:23:50,115 --> 04:23:52,400 Let's Alas and see what was it called, 6760 04:23:52,400 --> 04:23:54,500 its called list and suppose. 6761 04:23:54,500 --> 04:23:57,800 I want to see the condensed of list or txt. 6762 04:23:57,800 --> 04:24:01,600 All I have to do is say list dot txt. 6763 04:24:01,600 --> 04:24:01,858 Now. 6764 04:24:01,858 --> 04:24:04,700 It shows us whatever this file is containing. 6765 04:24:04,700 --> 04:24:06,500 It will read it out for you. 6766 04:24:06,700 --> 04:24:08,400 Done CD we've done LS 6767 04:24:08,400 --> 04:24:09,800 and its various forms 6768 04:24:09,800 --> 04:24:13,600 we've done PWD now it's time to do CP CP is basically used 6769 04:24:13,600 --> 04:24:16,926 for copying files from one place to another so suppose. 6770 04:24:16,926 --> 04:24:18,705 I want to copy this address file 6771 04:24:18,705 --> 04:24:21,200 that is there into some other directory. 6772 04:24:21,200 --> 04:24:25,600 Let's save our so all I would have to do is CP name Dot txt. 6773 04:24:25,600 --> 04:24:28,300 And then you specify which location you want 6774 04:24:28,300 --> 04:24:31,700 to actually copy it to so CD / VAR. 6775 04:24:31,800 --> 04:24:35,805 So this is where I want to copy my file to and you hit enter 6776 04:24:35,805 --> 04:24:39,200 and it's Copied but that was a very small file now. 6777 04:24:39,200 --> 04:24:41,395 We can actually check if it was copied 6778 04:24:41,395 --> 04:24:44,600 before I move on and pour some more knowledge into you. 6779 04:24:44,700 --> 04:24:46,400 So let's go into VAR. 6780 04:24:46,400 --> 04:24:50,869 So CD / VAR hit enter and you're involved again 6781 04:24:50,869 --> 04:24:54,100 and you CLS and now you see a name dot txt. 6782 04:24:54,100 --> 04:24:56,800 So let's remove name dot exe from here 6783 04:24:56,800 --> 04:24:59,700 because I want to copy it again and show y'all 6784 04:24:59,700 --> 04:25:03,400 a difference between a flag that I'm going to use right now. 6785 04:25:03,400 --> 04:25:04,200 So the - 6786 04:25:04,200 --> 04:25:06,726 and letters that you use are called flag. 6787 04:25:06,726 --> 04:25:09,000 Technically in the Linux terminal RG. 6788 04:25:09,000 --> 04:25:12,550 So let's go back to home now instead of the name of the file 6789 04:25:12,550 --> 04:25:13,786 and moving back home. 6790 04:25:13,786 --> 04:25:15,300 Just like I did you can type 6791 04:25:15,300 --> 04:25:17,500 out the complete name of the file out here. 6792 04:25:17,500 --> 04:25:20,465 So you could have gone CD slash home slash name 6793 04:25:20,465 --> 04:25:22,400 Dot txt and copy to slash bar. 6794 04:25:22,400 --> 04:25:23,202 But this time 6795 04:25:23,202 --> 04:25:26,600 what we're going to do is we're going to use a hyphen V, 6796 04:25:26,600 --> 04:25:28,116 which is basically used 6797 04:25:28,116 --> 04:25:31,081 for a verbose output of whatever you're doing. 6798 04:25:31,081 --> 04:25:32,671 So most of the commands 6799 04:25:32,671 --> 04:25:35,300 that we're going to using will have a - 6800 04:25:35,300 --> 04:25:36,400 V with them. 6801 04:25:36,500 --> 04:25:39,800 So, let's see how this actually affects the output. 6802 04:25:39,800 --> 04:25:43,400 So what we're going to do is we want to copy so sleepy 6803 04:25:43,400 --> 04:25:47,461 and verbose and we want to copy the file name Dot txt. 6804 04:25:47,461 --> 04:25:51,600 And we want to copy it to the folder called VAR, right? 6805 04:25:51,600 --> 04:25:52,819 So now you'll see 6806 04:25:52,819 --> 04:25:56,302 that it will give us what is being moved rather 6807 04:25:56,302 --> 04:25:57,817 that is named Dot txt. 6808 04:25:57,817 --> 04:26:01,559 And where it is being moved to so this is a very good way 6809 04:26:01,559 --> 04:26:04,500 of knowing what is actually happening because 6810 04:26:04,500 --> 04:26:08,422 if you do it without the verbose And suppose name not the XD was 6811 04:26:08,422 --> 04:26:10,857 just 20 GB file and you just don't know 6812 04:26:10,857 --> 04:26:12,386 if it has finished or not. 6813 04:26:12,386 --> 04:26:13,711 So if it's a 20 GB file 6814 04:26:13,711 --> 04:26:17,300 that is continuously update you on where what is being copied. 6815 04:26:17,300 --> 04:26:20,000 So basically all you have to do is type - 6816 04:26:20,000 --> 04:26:21,307 V if you want to know 6817 04:26:21,307 --> 04:26:24,259 where your files being copied and the exact part. 6818 04:26:24,259 --> 04:26:27,006 Okay, so that was about how you can copy files 6819 04:26:27,006 --> 04:26:28,400 from here and there now, 6820 04:26:28,400 --> 04:26:31,300 what was the next command that we want to see so cat. 6821 04:26:31,300 --> 04:26:33,900 So, let me just go and see the next command 6822 04:26:33,900 --> 04:26:36,100 that is there so list at the XT 6823 04:26:36,100 --> 04:26:38,700 so after God I want to show less Okay. 6824 04:26:38,700 --> 04:26:41,300 So we've done CP we also have to do MV. 6825 04:26:41,300 --> 04:26:42,700 Now as you guys can see 6826 04:26:42,700 --> 04:26:45,100 that CP is basically a copy copy is 6827 04:26:45,100 --> 04:26:48,002 as you would expect it leaves a copy of the file that 6828 04:26:48,002 --> 04:26:49,249 in the original directory 6829 04:26:49,249 --> 04:26:51,542 while also maintaining a copy in the directory 6830 04:26:51,542 --> 04:26:52,659 that you specified. 6831 04:26:52,659 --> 04:26:54,900 But if you want to move the file completely, 6832 04:26:54,900 --> 04:26:57,614 all you would have to do is use the command MV. 6833 04:26:57,614 --> 04:26:59,500 So MV is for moving the file now, 6834 04:26:59,500 --> 04:27:01,400 let's see what all goes with MV 6835 04:27:01,400 --> 04:27:03,000 so you can type help 6836 04:27:03,000 --> 04:27:06,400 and as I said you get the verbose option 6837 04:27:06,700 --> 04:27:09,800 And you get suffixes you can force things 6838 04:27:09,800 --> 04:27:11,300 to happen to suppose. 6839 04:27:11,300 --> 04:27:14,400 You don't have the permission do not problem before overwriting. 6840 04:27:14,400 --> 04:27:16,805 So it'll give you a prompt and you can completely 6841 04:27:16,805 --> 04:27:19,100 overlooked the problem with the F thing. 6842 04:27:19,100 --> 04:27:21,100 Let me just show you how that looks like. 6843 04:27:21,100 --> 04:27:22,300 We'll be doing a verbose 6844 04:27:22,300 --> 04:27:27,400 and we will be coughing the address dot txt file and okay. 6845 04:27:27,400 --> 04:27:29,918 So every time I've been actually typing 6846 04:27:29,918 --> 04:27:33,100 so you can do address or txt by just pressing Tab 6847 04:27:33,100 --> 04:27:36,922 and it will auto complete so address or txt to / - 6848 04:27:36,922 --> 04:27:38,900 bar now, it will show you 6849 04:27:38,900 --> 04:27:42,438 that it is actually renamed addressed at the XD 6850 04:27:42,438 --> 04:27:44,800 to VAR dress dot txt. 6851 04:27:45,600 --> 04:27:45,800 Now. 6852 04:27:45,800 --> 04:27:48,700 If you go and do LS out here you will see 6853 04:27:48,700 --> 04:27:52,100 that address dot txt is not actually he go 6854 04:27:52,100 --> 04:27:54,300 but if we were to move to VAR, 6855 04:27:54,300 --> 04:27:55,800 so CD / far, okay. 6856 04:27:55,800 --> 04:27:57,454 I've also been typing out commands 6857 04:27:57,454 --> 04:27:58,950 that have been previously using 6858 04:27:58,950 --> 04:28:01,600 and you can simply toggle through all the commands 6859 04:28:01,600 --> 04:28:04,100 that you've used by the up and down keys. 6860 04:28:04,100 --> 04:28:08,500 So LS MV MV V help I did CD home 6861 04:28:08,500 --> 04:28:11,333 and I have to go through all this just to prove a point. 6862 04:28:11,333 --> 04:28:12,187 It's a seedy bar. 6863 04:28:12,187 --> 04:28:13,591 We want to change that now. 6864 04:28:13,591 --> 04:28:15,100 We're in the variable folder. 6865 04:28:15,100 --> 04:28:18,400 And we also want to see what we have out here. 6866 04:28:18,400 --> 04:28:21,100 So address should be out here and Alas and 6867 04:28:21,100 --> 04:28:23,700 as you guys can see addressed at the XT is the first file 6868 04:28:23,700 --> 04:28:26,319 that has come up and it is basically the same file 6869 04:28:26,319 --> 04:28:29,100 and it can prove that to you by just getting the file 6870 04:28:29,100 --> 04:28:31,200 and as address txt. 6871 04:28:31,600 --> 04:28:32,258 And you see 6872 04:28:32,258 --> 04:28:35,200 that is some random address for some random person. 6873 04:28:35,200 --> 04:28:39,000 Okay now, Let's quickly clear out a file or window. 6874 04:28:39,000 --> 04:28:41,147 You can do that with the control l 6875 04:28:41,147 --> 04:28:43,000 or you can just type or clear. 6876 04:28:43,000 --> 04:28:43,705 Now. 6877 04:28:43,705 --> 04:28:46,000 What we want to do is move back to home. 6878 04:28:46,000 --> 04:28:46,999 So yeah 6879 04:28:46,999 --> 04:28:47,800 City home. 6880 04:28:48,100 --> 04:28:48,400 Okay. 6881 04:28:48,400 --> 04:28:50,400 So now that we're back at home again. 6882 04:28:50,400 --> 04:28:52,584 Let's get out our next file. 6883 04:28:52,584 --> 04:28:54,200 So let's start the XT 6884 04:28:54,200 --> 04:28:57,500 and after move I wanted to go through cap now cat 6885 04:28:57,500 --> 04:29:01,100 as you guys can see is printing out the contents of a file 6886 04:29:01,100 --> 04:29:02,388 and there's also less 6887 04:29:02,388 --> 04:29:04,843 which does something very similar to cat. 6888 04:29:04,843 --> 04:29:06,500 So, let's see what it does. 6889 04:29:06,500 --> 04:29:07,807 So if you go less 6890 04:29:07,807 --> 04:29:13,500 and you list.txt you actually see the contents of the file 6891 04:29:13,600 --> 04:29:15,500 in a completely new window, 6892 04:29:15,500 --> 04:29:18,300 which overlays on the previous window 6893 04:29:18,300 --> 04:29:21,050 and this is a very neat way to actually see the contents 6894 04:29:21,050 --> 04:29:22,500 of a file which is true less. 6895 04:29:22,500 --> 04:29:25,500 If you want to keep your main command line interface 6896 04:29:25,500 --> 04:29:28,700 not so cluttered which cat clatters it completely. 6897 04:29:28,800 --> 04:29:33,000 So if you want to get out of this place this less place 6898 04:29:33,000 --> 04:29:35,385 and all you have to do is press q 6899 04:29:35,385 --> 04:29:37,100 and Q gets you back and 6900 04:29:37,100 --> 04:29:39,900 as you see nothing was printed out on our main interface. 6901 04:29:39,900 --> 04:29:42,039 So this is a very cool way to actually keep 6902 04:29:42,039 --> 04:29:45,300 your command line interface neat and tidy when you're doing work. 6903 04:29:45,400 --> 04:29:46,938 Okay, so crap, 6904 04:29:46,938 --> 04:29:51,500 so grab is used for actually filtering out stuff from file. 6905 04:29:51,500 --> 04:29:53,600 So suppose we want to see 6906 04:29:53,700 --> 04:29:57,066 whether a command has some verbose option 6907 04:29:57,066 --> 04:29:58,066 to it or not. 6908 04:29:58,100 --> 04:29:59,200 So now I know 6909 04:29:59,200 --> 04:30:01,900 that MV has a purpose command but suppose I didn't know 6910 04:30:01,900 --> 04:30:05,400 that so MV - - helped then you use the pipe sign. 6911 04:30:05,400 --> 04:30:06,805 So what the pipes Means 6912 04:30:06,805 --> 04:30:09,800 is you have to take this command the First Command 6913 04:30:09,800 --> 04:30:12,400 and then you five nine and two the second come on 6914 04:30:12,400 --> 04:30:14,476 and you want to see graph - 6915 04:30:14,476 --> 04:30:16,100 V if that exists. 6916 04:30:16,569 --> 04:30:19,030 Okay, so let's see grab for both. 6917 04:30:19,600 --> 04:30:19,800 Yep. 6918 04:30:19,800 --> 04:30:21,955 So a verbose exists and that is - 6919 04:30:21,955 --> 04:30:23,100 be and that's - - 6920 04:30:23,100 --> 04:30:25,663 verbose so explaining what is being done. 6921 04:30:25,663 --> 04:30:28,100 So what happened out here is basically 6922 04:30:28,100 --> 04:30:29,900 we took this first command 6923 04:30:29,900 --> 04:30:31,400 and then we filter it 6924 04:30:31,400 --> 04:30:33,857 and filtering is done through the piping. 6925 04:30:33,857 --> 04:30:36,500 So basically think about you taking some Ian 6926 04:30:36,500 --> 04:30:38,920 and pipelining it through something else 6927 04:30:38,920 --> 04:30:41,093 which funnels it out of this command 6928 04:30:41,093 --> 04:30:41,900 which is grip 6929 04:30:41,900 --> 04:30:43,600 so you can use MV / 6930 04:30:43,600 --> 04:30:47,400 help in conjunction with a bunch of other commands just 6931 04:30:47,400 --> 04:30:50,100 on correct and I'll leave the creativity up to you. 6932 04:30:50,100 --> 04:30:52,400 So grab is basically used for getting 6933 04:30:52,400 --> 04:30:54,002 what you want from a file 6934 04:30:54,002 --> 04:30:57,400 and graph is used very very much throughout the source 6935 04:30:57,400 --> 04:30:59,400 of this video through this Kali Linux tutorial 6936 04:30:59,400 --> 04:31:01,000 that you're going to be watching. 6937 04:31:01,000 --> 04:31:03,387 So that is a very easy way to see 6938 04:31:03,387 --> 04:31:05,700 if you have a particular option 6939 04:31:05,700 --> 04:31:09,000 or let me do Against also so CD / VAR now, 6940 04:31:09,000 --> 04:31:10,800 we're in the bar folder. 6941 04:31:10,800 --> 04:31:11,798 And let's LS. 6942 04:31:11,798 --> 04:31:14,100 We actually have name dot txt. 6943 04:31:14,200 --> 04:31:14,800 Now. 6944 04:31:14,800 --> 04:31:19,000 Let's also go into backups OCD be and tapped and 6945 04:31:19,000 --> 04:31:20,730 that brings us back up folder 6946 04:31:20,730 --> 04:31:23,664 and we're now in the backup folder Let's do an LS out here. 6947 04:31:23,664 --> 04:31:25,690 Okay, so we have a bunch of files. 6948 04:31:25,690 --> 04:31:25,997 Okay. 6949 04:31:25,997 --> 04:31:27,900 We have some password dot back. 6950 04:31:27,900 --> 04:31:33,300 No see if you have cat and you go password got back. 6951 04:31:33,300 --> 04:31:35,500 You can see the entire thing. 6952 04:31:35,500 --> 04:31:36,300 Now what? 6953 04:31:36,300 --> 04:31:39,139 What if you didn't want this entirety of it or 6954 04:31:39,139 --> 04:31:40,483 if you want something 6955 04:31:40,483 --> 04:31:42,844 in particular you want to be very neat 6956 04:31:42,844 --> 04:31:44,876 so you can do that same command. 6957 04:31:44,876 --> 04:31:46,082 You can pipeline it 6958 04:31:46,082 --> 04:31:49,600 and you can see grab and you want everything with no login 6959 04:31:49,600 --> 04:31:50,400 so we can see 6960 04:31:50,400 --> 04:31:51,900 that there's a bunch of things 6961 04:31:51,900 --> 04:31:52,800 that say no login 6962 04:31:52,800 --> 04:31:56,100 and we only want those and these are all the things 6963 04:31:56,100 --> 04:31:58,337 that say no login in them and 6964 04:31:58,337 --> 04:32:02,100 it's a much less a list and it gives us a very 6965 04:32:02,100 --> 04:32:03,900 particular list that you are looking for. 6966 04:32:03,900 --> 04:32:05,300 So that is how you use crap. 6967 04:32:05,300 --> 04:32:06,652 So now let's head back. 6968 04:32:06,652 --> 04:32:07,300 To home. 6969 04:32:07,400 --> 04:32:09,092 Okay, I've done wrong. 6970 04:32:09,300 --> 04:32:11,500 And again, let's see 6971 04:32:11,500 --> 04:32:15,100 what the next Monday's so now let's start the XD. 6972 04:32:15,100 --> 04:32:16,561 So we've done crap. 6973 04:32:16,561 --> 04:32:18,600 We now have to do Echo Echo 6974 04:32:18,600 --> 04:32:21,900 and then touch OK let's go back a few we press q 6975 04:32:21,900 --> 04:32:23,400 and we get out of there. 6976 04:32:23,400 --> 04:32:25,700 So what did I have to teach again? 6977 04:32:25,700 --> 04:32:27,300 I'm such a dummy we have do Echo. 6978 04:32:27,300 --> 04:32:27,600 Okay. 6979 04:32:27,600 --> 04:32:31,000 So what does it Echo used for so suppose you will say Echo 6980 04:32:31,000 --> 04:32:32,959 and open code hello world. 6981 04:32:32,959 --> 04:32:36,300 It would basically do what the man says that is. 6982 04:32:36,300 --> 04:32:37,929 Echo whatever you say now, 6983 04:32:37,929 --> 04:32:41,000 it'll say Echo hello world and that will basically 6984 04:32:41,000 --> 04:32:43,732 Echo whatever you typed out in the conditions. 6985 04:32:43,732 --> 04:32:46,119 That is Hello World spelled very wrong. 6986 04:32:46,119 --> 04:32:49,700 Okay now suppose you want to actually put this into a file 6987 04:32:49,700 --> 04:32:52,100 so you could do Echo hello world. 6988 04:32:52,100 --> 04:32:54,700 Let's spell it properly this time and you want 6989 04:32:54,700 --> 04:32:56,000 to answer in the file. 6990 04:32:56,000 --> 04:32:59,100 We had a phone number I guess for number dot exe. 6991 04:32:59,100 --> 04:33:01,700 Yep, and we can Echo it at that thing. 6992 04:33:01,700 --> 04:33:03,300 Now that was done now. 6993 04:33:03,300 --> 04:33:03,800 Let's see. 6994 04:33:03,800 --> 04:33:06,646 What is it phone number DOT txt phone. 6995 04:33:06,646 --> 04:33:09,599 Dot txt and it says hello world 6996 04:33:09,599 --> 04:33:13,499 so you can basically input text it to a certain file 6997 04:33:13,500 --> 04:33:16,800 with the echo command and that's how you do it. 6998 04:33:16,800 --> 04:33:17,184 Okay. 6999 04:33:17,200 --> 04:33:18,700 Now let's also see 7000 04:33:18,700 --> 04:33:22,200 how you can make directories and that is with the make directory. 7001 04:33:22,200 --> 04:33:23,000 Come on. 7002 04:33:23,099 --> 04:33:23,899 So, okay. 7003 04:33:23,900 --> 04:33:26,017 We also have to do touch before that. 7004 04:33:26,017 --> 04:33:29,605 I forgot now Dodge is used for quickly creating files so touch 7005 04:33:29,605 --> 04:33:32,000 for you could save touch and then the file name 7006 04:33:32,000 --> 04:33:34,700 so we can create a name file again 7007 04:33:34,700 --> 04:33:38,599 name dot exe or or that will create a name dot txt. 7008 04:33:38,599 --> 04:33:40,899 Let me just show it to you and I sell 7009 04:33:40,900 --> 04:33:42,900 and we have a name dot txt. 7010 04:33:42,900 --> 04:33:46,099 We can also create multiple files with touch 7011 04:33:46,099 --> 04:33:48,699 and you could say file1 file2 7012 04:33:48,900 --> 04:33:51,700 and file 3 so like this 7013 04:33:51,700 --> 04:33:54,541 you can create multiple files and let me just LS 7014 04:33:54,541 --> 04:33:56,900 that out and show it to you and let cell 7015 04:33:57,000 --> 04:33:59,900 and we have five on file to open files three now. 7016 04:33:59,900 --> 04:34:01,880 We can also create a directory. 7017 04:34:01,880 --> 04:34:04,500 So make dir and the name of the directory. 7018 04:34:04,500 --> 04:34:08,300 So suppose you wanted to say All your movies in One Directory, 7019 04:34:08,300 --> 04:34:09,900 they make directory movie 7020 04:34:09,900 --> 04:34:12,000 and now you have directory called movies 7021 04:34:12,000 --> 04:34:13,700 and you can also move into movies. 7022 04:34:13,700 --> 04:34:14,700 So CD movie. 7023 04:34:14,700 --> 04:34:17,599 Okay, so that's how you create directories 7024 04:34:17,599 --> 04:34:21,099 and you can move into them with the change directory folder. 7025 04:34:21,099 --> 04:34:23,699 Now, let's see what the next command was. 7026 04:34:23,700 --> 04:34:27,099 So CD and dot dot so fit CD dot dot you can move back 7027 04:34:27,099 --> 04:34:29,299 to the previous folder if I'm already know told you 7028 04:34:29,300 --> 04:34:32,700 that and since we're in movies we can just go back to home 7029 04:34:32,700 --> 04:34:34,599 with CD dot dot after now. 7030 04:34:34,599 --> 04:34:38,599 Let's see what else is there, so Cat list Dot txt. 7031 04:34:39,099 --> 04:34:41,199 And okay now CH own 7032 04:34:41,200 --> 04:34:45,000 chmod now CH own will be a little tough to show 7033 04:34:45,000 --> 04:34:49,099 because we don't have any sort of a user or here. 7034 04:34:49,099 --> 04:34:50,993 The root user is the only user 7035 04:34:50,993 --> 04:34:53,899 that we have on this virtual box and set up but 7036 04:34:53,900 --> 04:34:56,200 if you want to change the ownership of a file, 7037 04:34:56,200 --> 04:34:56,800 so let's see 7038 04:34:56,900 --> 04:35:01,008 so you can see the ownership of a file through the LSL. 7039 04:35:01,008 --> 04:35:03,900 Come on and you see that root and root. 7040 04:35:03,900 --> 04:35:06,300 So this is owner name. 7041 04:35:06,300 --> 04:35:09,500 And this is the owner group and they're mostly the same thing. 7042 04:35:09,599 --> 04:35:11,199 So our next command app 7043 04:35:11,200 --> 04:35:13,631 you're going to actually see is called CH own. 7044 04:35:13,631 --> 04:35:16,311 So let's see how CH own is actually used CSU own 7045 04:35:16,311 --> 04:35:18,894 is used for changing the ownership of a file. 7046 04:35:18,894 --> 04:35:21,599 So a actually don't remember how to use CH own. 7047 04:35:21,599 --> 04:35:24,399 So if you actually don't remember or you're getting stuck 7048 04:35:24,400 --> 04:35:26,099 somewhere just use the help function. 7049 04:35:26,099 --> 04:35:28,199 So if a command line argument symbolic, 7050 04:35:28,200 --> 04:35:29,900 so let me just go through this one. 7051 04:35:29,900 --> 04:35:32,966 So this is how you use it owner and then call them group. 7052 04:35:32,966 --> 04:35:34,500 Okay, and then the file name 7053 04:35:34,500 --> 04:35:35,700 so you go CH own 7054 04:35:35,700 --> 04:35:38,116 and then you want to say the name of the owner 7055 04:35:38,116 --> 04:35:40,999 and the group you wanted to belong to that is root 7056 04:35:41,000 --> 04:35:43,500 and rude and then you specify the name of the file. 7057 04:35:43,500 --> 04:35:45,200 So suppose I won't change file one 7058 04:35:45,200 --> 04:35:46,749 that already belongs to root and root 7059 04:35:46,749 --> 04:35:48,099 so it doesn't really matter 7060 04:35:48,099 --> 04:35:49,299 because I don't have 7061 04:35:49,300 --> 04:35:53,599 any other username to actually change the ownership to 7062 04:35:53,599 --> 04:35:56,341 so this is how you would normally change ownership. 7063 04:35:56,342 --> 04:35:57,700 So let me just show you 7064 04:35:57,700 --> 04:36:00,599 where you can see the ownership and that is LS - 7065 04:36:00,599 --> 04:36:04,199 L and I'll share the root and root you see on file 7066 04:36:04,200 --> 04:36:06,300 one is basically this is the owner. 7067 04:36:06,300 --> 04:36:07,500 This is the owner group. 7068 04:36:07,500 --> 04:36:09,900 They're normally the same thing and the same name, 7069 04:36:09,900 --> 04:36:11,599 but if you had some different owner 7070 04:36:11,599 --> 04:36:14,599 like a guest you could change it 7071 04:36:14,599 --> 04:36:16,499 by actually using the CH 7072 04:36:16,500 --> 04:36:19,900 own method the command methods are different things. 7073 04:36:19,900 --> 04:36:22,500 I always get confused because of the programming. 7074 04:36:22,500 --> 04:36:22,839 Okay. 7075 04:36:22,839 --> 04:36:24,200 Now the next command 7076 04:36:24,200 --> 04:36:27,800 that is left is called chmod to actually show you 7077 04:36:27,800 --> 04:36:29,000 how chmod works. 7078 04:36:29,000 --> 04:36:31,099 Let me show you an interesting file. 7079 04:36:31,099 --> 04:36:32,099 So suppose. 7080 04:36:32,099 --> 04:36:34,225 Let me just do this once okay 7081 04:36:34,225 --> 04:36:36,499 now Echo what you want to Echo? 7082 04:36:36,500 --> 04:36:38,200 Oh is let's Echo. 7083 04:36:38,200 --> 04:36:42,599 Hello world and let's put that in quotation. 7084 04:36:42,599 --> 04:36:45,599 And we want to put this in test now 7085 04:36:45,599 --> 04:36:46,899 once we've done that lets 7086 04:36:46,900 --> 04:36:47,889 Alas and we see 7087 04:36:47,889 --> 04:36:50,000 that we have a test file out here 7088 04:36:50,000 --> 04:36:52,599 and we want to move test to test 7089 04:36:52,599 --> 04:36:56,137 our sh so tested sh is the executable file 7090 04:36:56,137 --> 04:36:58,522 that is used in bash scripting. 7091 04:36:58,599 --> 04:37:02,337 So we move test to test out sh the way you 7092 04:37:02,338 --> 04:37:06,800 actually execute batch files on your command line is with . 7093 04:37:06,800 --> 04:37:10,400 + / she say dot slash and if I press T, 7094 04:37:10,400 --> 04:37:11,383 and I press tab. 7095 04:37:11,383 --> 04:37:14,399 You see that there is no options that's coming up. 7096 04:37:14,400 --> 04:37:18,500 That is because they're start sh is not an executable file 7097 04:37:18,500 --> 04:37:21,800 to test out sh is don't have the executable permission. 7098 04:37:21,800 --> 04:37:25,000 So let me just show that to you LS and you see test 7099 04:37:25,000 --> 04:37:27,313 or sh it doesn't have the executable. 7100 04:37:27,313 --> 04:37:29,599 Now you see movie it is executable. 7101 04:37:29,599 --> 04:37:31,497 I don't know why it is a directory. 7102 04:37:31,498 --> 04:37:33,900 So it is an executable you can move into it. 7103 04:37:33,900 --> 04:37:35,145 So it's blue and color. 7104 04:37:35,145 --> 04:37:36,500 So the way you I actually 7105 04:37:36,500 --> 04:37:39,700 can make this an executable is by changing his permission. 7106 04:37:39,700 --> 04:37:40,700 So the way you do 7107 04:37:40,700 --> 04:37:45,400 that is chmod and basically you change it to an executable. 7108 04:37:45,400 --> 04:37:48,500 So plus X that is making an executable. 7109 04:37:48,500 --> 04:37:50,346 If you do plus RL make it readable. 7110 04:37:50,346 --> 04:37:52,900 And if you do plus W will make it writable also, 7111 04:37:52,900 --> 04:37:55,823 so if you do plus X and do tests or SSH 7112 04:37:56,000 --> 04:37:58,300 and now you go and do LSL, 7113 04:37:58,500 --> 04:38:00,499 you'll see that SSH has become green 7114 04:38:00,499 --> 04:38:04,099 because it is an executable file now and now if you do dot slash 7115 04:38:04,099 --> 04:38:05,599 and you press T, 7116 04:38:05,599 --> 04:38:06,786 you get that Sh, 7117 04:38:06,787 --> 04:38:07,900 if I press tab, 7118 04:38:07,900 --> 04:38:10,026 so now it is an executable file. 7119 04:38:10,026 --> 04:38:11,399 And if I executed it 7120 04:38:11,400 --> 04:38:14,000 presses out hello world under the my screen. 7121 04:38:14,000 --> 04:38:16,700 So that's how you can use the chmod 7122 04:38:16,700 --> 04:38:20,000 or which is basically the change of emissions of files 7123 04:38:20,000 --> 04:38:22,500 and we'll be changing permissions of files 7124 04:38:22,500 --> 04:38:25,099 throughout the course of this video will be very useful 7125 04:38:25,099 --> 04:38:26,229 for us and you'll see 7126 04:38:26,230 --> 04:38:27,849 as we go along with this video. 7127 04:38:27,849 --> 04:38:28,086 Okay. 7128 04:38:28,087 --> 04:38:28,961 So the next thing 7129 04:38:28,961 --> 04:38:30,988 that I want to show you only to our left 7130 04:38:30,988 --> 04:38:32,400 and I remember those now 7131 04:38:32,400 --> 04:38:36,176 and it is RM + RM is used for actually removing. 7132 04:38:36,176 --> 04:38:38,919 A files so you should be very careful 7133 04:38:38,919 --> 04:38:40,900 while using RM or any sort 7134 04:38:40,900 --> 04:38:43,400 of removing command on a Linux system 7135 04:38:43,400 --> 04:38:45,300 because once you remove something it is 7136 04:38:45,300 --> 04:38:47,900 very difficult to get it back in as almost The Impossible. 7137 04:38:47,900 --> 04:38:49,674 It's not like Windows where it's basically 7138 04:38:49,674 --> 04:38:51,350 just disappeared in front of your eyes, 7139 04:38:51,350 --> 04:38:53,776 but it's still there in the memory cluttering it all up. 7140 04:38:53,776 --> 04:38:55,535 That's why Linux always Trump's Windows. 7141 04:38:55,536 --> 04:38:56,800 That's one of the reasons 7142 04:38:56,800 --> 04:38:58,500 and make a video on that later on. 7143 04:38:58,500 --> 04:39:00,285 But for now, let's focus on our M. 7144 04:39:00,285 --> 04:39:01,000 Now. 7145 04:39:01,000 --> 04:39:02,807 We can remove file one. 7146 04:39:02,807 --> 04:39:06,500 So, let's see so file one is going to be removed. 7147 04:39:06,700 --> 04:39:08,500 So if he LS no, 7148 04:39:09,000 --> 04:39:12,700 you see 506 this but let me show you our M. 7149 04:39:12,996 --> 04:39:14,303 And if I do movie 7150 04:39:14,400 --> 04:39:17,710 it'll say cannot remove movie is a directory. 7151 04:39:17,710 --> 04:39:22,500 But if you go into the help menu I bet there will be an option 7152 04:39:22,500 --> 04:39:25,500 that you can just forcefully should move it. 7153 04:39:25,500 --> 04:39:30,000 So our M force will just remove so our n /r 7154 04:39:30,430 --> 04:39:31,969 and you can do movie 7155 04:39:32,099 --> 04:39:35,891 and it will recursively remove everything and if you go Hill 7156 04:39:35,892 --> 04:39:37,500 and do The LSL you'll see 7157 04:39:37,500 --> 04:39:38,777 that there is no movie. 7158 04:39:38,777 --> 04:39:39,872 He directory anymore. 7159 04:39:39,872 --> 04:39:41,800 And that is how you can remove movies. 7160 04:39:41,800 --> 04:39:42,503 Now that problem 7161 04:39:42,503 --> 04:39:44,700 that you see out there is actually a safety measure 7162 04:39:44,700 --> 04:39:46,400 because once you remove a directory 7163 04:39:46,400 --> 04:39:47,800 and it's not retrievable, 7164 04:39:47,800 --> 04:39:49,000 that's a very sad scenario 7165 04:39:49,000 --> 04:39:51,600 and you don't want to get yourself in such a scenario 7166 04:39:51,600 --> 04:39:53,200 in whatsoever possibility. 7167 04:39:53,200 --> 04:39:55,430 Okay moving on so on so forth 7168 04:39:55,430 --> 04:39:59,200 that was all about the RM folder now you can do RM 7169 04:39:59,200 --> 04:40:01,200 and address of anything. 7170 04:40:01,200 --> 04:40:05,000 So RM, I know we moved in address that the x 7171 04:40:05,000 --> 04:40:09,200 t so in The VAR folder we can go our M VAR 7172 04:40:09,200 --> 04:40:11,600 and dress Dot txt. 7173 04:40:12,000 --> 04:40:15,800 And that will remove address out the XD from the folder 7174 04:40:15,800 --> 04:40:18,700 of our let me just show you that work. 7175 04:40:19,000 --> 04:40:21,600 So CD bar and LS and you see 7176 04:40:21,600 --> 04:40:24,277 that there is no address or txt out here. 7177 04:40:24,277 --> 04:40:27,263 Okay, another way to get help for any command 7178 04:40:27,263 --> 04:40:30,264 that you want is man and suppose you want 7179 04:40:30,264 --> 04:40:33,257 to see what RM will show everything about our M 7180 04:40:33,257 --> 04:40:35,600 that is there to show to you show you 7181 04:40:35,600 --> 04:40:39,300 how to use use it'll give you a description schnapps has named 7182 04:40:39,300 --> 04:40:41,100 remove files and directories. 7183 04:40:41,100 --> 04:40:45,115 It's a very useful way so out here you see is the manual page. 7184 04:40:45,115 --> 04:40:46,739 So that is where means man 7185 04:40:46,739 --> 04:40:48,800 and you can press line one nature. 7186 04:40:48,800 --> 04:40:50,300 You can press Q to quit. 7187 04:40:50,300 --> 04:40:51,929 So that's very much helpful. 7188 04:40:51,929 --> 04:40:52,400 OK guys. 7189 04:40:52,400 --> 04:40:55,000 So that was all about the command line interface 7190 04:40:55,000 --> 04:40:58,305 and how we can use it to go about the operating system 7191 04:40:58,305 --> 04:41:01,300 and change file permissions copy fires move files 7192 04:41:01,300 --> 04:41:04,400 and a bunch of other stuff now it's time to get on 7193 04:41:04,400 --> 04:41:05,700 with the interesting stuff 7194 04:41:05,700 --> 04:41:08,600 and that Is firstly we're going to be learning how you 7195 04:41:08,600 --> 04:41:12,400 can actually see Anonymous with proxy James OK guys. 7196 04:41:12,400 --> 04:41:15,000 So now that we are done with the command line Basics. 7197 04:41:15,000 --> 04:41:17,378 It's time that we move forward with proxy James. 7198 04:41:17,378 --> 04:41:19,845 So before we move forward with proxy chains, 7199 04:41:19,845 --> 04:41:23,000 let us head back to PowerPoint presentation and see what 7200 04:41:23,000 --> 04:41:24,700 exactly proxy chains are. 7201 04:41:24,800 --> 04:41:25,200 Okay. 7202 04:41:25,700 --> 04:41:27,800 So proxy chains now 7203 04:41:27,800 --> 04:41:30,966 as the name suggests proxy chains are basically 7204 04:41:30,966 --> 04:41:32,500 a chain of proxies now, 7205 04:41:32,500 --> 04:41:33,800 where is the proxy used 7206 04:41:33,800 --> 04:41:36,397 a proxy is used whenever you want to anonymize? 7207 04:41:36,397 --> 04:41:38,600 Has yourself on the wire or the network? 7208 04:41:38,600 --> 04:41:42,100 You do not want to know or you do not want to others know 7209 04:41:42,100 --> 04:41:46,400 what the source IP address was for your client system 7210 04:41:46,400 --> 04:41:47,400 and to do this. 7211 04:41:47,400 --> 04:41:50,800 All you have to do is send your package through a bunch 7212 04:41:50,800 --> 04:41:52,300 of intermediaries systems 7213 04:41:52,300 --> 04:41:54,900 and these intermediaries systems carry the bucket out 7214 04:41:54,900 --> 04:41:57,300 and they transmit it to the Target system. 7215 04:41:57,300 --> 04:41:59,858 And this is much slower and let's see 7216 04:41:59,858 --> 04:42:02,526 how we can use this in Kali Linux. 7217 04:42:02,526 --> 04:42:06,100 No in combination with tour to in order to anonymize. 7218 04:42:06,100 --> 04:42:08,552 Pick not only on web browsing traffic, 7219 04:42:08,552 --> 04:42:11,720 but rather instead on all networks related traffic 7220 04:42:11,720 --> 04:42:14,500 generated by pretty much older applications, 7221 04:42:14,500 --> 04:42:17,100 but you can also change this in the settings. 7222 04:42:17,100 --> 04:42:19,318 Now, what we're going to do is we're going 7223 04:42:19,318 --> 04:42:21,700 to open up the proxy chain configuration file 7224 04:42:21,700 --> 04:42:23,900 and we're going to understand all its options 7225 04:42:23,900 --> 04:42:25,000 that are available. 7226 04:42:25,000 --> 04:42:25,967 So to do that. 7227 04:42:25,967 --> 04:42:30,000 All you have to do is say no you go into the ETC folder 7228 04:42:30,000 --> 04:42:33,100 and then you go for the proxy chain 7229 04:42:33,176 --> 04:42:36,099 that conf and what do you see out here? 7230 04:42:36,100 --> 04:42:37,500 Is in a new editor 7231 04:42:37,500 --> 04:42:39,900 and we had spoken about Nano editor 7232 04:42:39,900 --> 04:42:42,017 when we were discussing the CLI part. 7233 04:42:42,017 --> 04:42:43,900 I hope you haven't skip that now 7234 04:42:43,900 --> 04:42:45,900 what do you see out here is a bunch 7235 04:42:45,900 --> 04:42:47,700 of instructions and options. 7236 04:42:47,700 --> 04:42:51,110 So let me just zoom in into the Squall line interface 7237 04:42:51,110 --> 04:42:53,800 and now you can read everything much well, 7238 04:42:53,800 --> 04:42:55,900 so what proxy jeans is well, 7239 04:42:55,900 --> 04:42:58,600 it gives you the ability rather to draw out your traffic 7240 04:42:58,600 --> 04:43:00,482 through a series of proxy servers 7241 04:43:00,482 --> 04:43:03,000 and stay Anonymous in such a fashion by hiding 7242 04:43:03,000 --> 04:43:05,500 behind them or by having them forward your request. 7243 04:43:05,500 --> 04:43:07,249 So it looks like On the other side 7244 04:43:07,249 --> 04:43:09,700 that your requests are coming from them as opposed 7245 04:43:09,700 --> 04:43:11,400 to you now surprisingly enough. 7246 04:43:11,400 --> 04:43:14,100 There are large amount of these proxy servers out there 7247 04:43:14,100 --> 04:43:16,800 that you can use but they're not very stable, you know, 7248 04:43:16,800 --> 04:43:17,889 they go up and down 7249 04:43:17,889 --> 04:43:20,700 and they're not very fast so far specific targets, 7250 04:43:20,700 --> 04:43:23,700 they can be useful but not for brute forcing 7251 04:43:23,700 --> 04:43:26,500 and not for any sort of computing attack. 7252 04:43:26,500 --> 04:43:28,787 So suppose you're doing something to certain Target 7253 04:43:28,787 --> 04:43:30,987 for trying to log in or you're already logged 7254 04:43:30,987 --> 04:43:33,100 in you can definitely do it through proxy chains, 7255 04:43:33,100 --> 04:43:36,158 and it will be reasonably fast and reasonably stable. 7256 04:43:36,158 --> 04:43:36,800 As well, but 7257 04:43:36,800 --> 04:43:38,877 if you're doing some sort of mass scanning 7258 04:43:38,877 --> 04:43:40,500 or your brute forcing a password 7259 04:43:40,500 --> 04:43:43,000 or something of a kind of a proxy chain with a list 7260 04:43:43,000 --> 04:43:44,976 of proxies selected from the internet, 7261 04:43:44,976 --> 04:43:46,407 especially the free proxies. 7262 04:43:46,407 --> 04:43:47,584 It's not going to work. 7263 04:43:47,584 --> 04:43:50,900 I mean it's going to work out eventually in a technical sense, 7264 04:43:50,900 --> 04:43:54,429 but it will consume more time than you can spare and by that. 7265 04:43:54,429 --> 04:43:56,400 I mean it can be very very long time. 7266 04:43:56,400 --> 04:43:59,100 It can take about months or two to do a simple scan. 7267 04:43:59,100 --> 04:44:01,900 So that's not an option and there are other ways of doing 7268 04:44:01,900 --> 04:44:04,300 that but for the time being I just want you to know 7269 04:44:04,300 --> 04:44:05,952 how you can use proxy jeans 7270 04:44:05,952 --> 04:44:08,400 and How you can configure it and actually 7271 04:44:08,400 --> 04:44:09,700 because it's really useful 7272 04:44:09,700 --> 04:44:12,100 and I use it fairly often a lot of people do 7273 04:44:12,100 --> 04:44:14,100 and it's a fantastic piece of software. 7274 04:44:14,100 --> 04:44:16,400 So first off we have the types of proxies. 7275 04:44:16,400 --> 04:44:20,000 So you see yes EDP socks for and socks5 now, 7276 04:44:20,000 --> 04:44:23,050 they are fundamental differences between these protocols 7277 04:44:23,050 --> 04:44:25,776 and you always want to find yourself a socks5 proxy 7278 04:44:25,776 --> 04:44:27,594 as that's the best possible one 7279 04:44:27,594 --> 04:44:30,300 and that has the ability to anonymize all sorts 7280 04:44:30,300 --> 04:44:31,600 of traffic scdp. 7281 04:44:31,600 --> 04:44:35,400 Well as a name it says it's for HTTP traffic 7282 04:44:35,500 --> 04:44:37,100 and socks for Or is very similar 7283 04:44:37,100 --> 04:44:40,242 to Socks by but it does not support IPv6 protocol 7284 04:44:40,242 --> 04:44:42,556 and it does not support UDP protocol. 7285 04:44:42,556 --> 04:44:44,100 So this can be sucks for 7286 04:44:44,100 --> 04:44:47,200 and can be rather problematic and you always want to make sure 7287 04:44:47,200 --> 04:44:50,571 that you're using socks5 wherever and however any way 7288 04:44:50,571 --> 04:44:53,100 down below you have these other options, 7289 04:44:53,100 --> 04:44:54,394 which we will go over. 7290 04:44:54,394 --> 04:44:56,800 So basically how you enable these options is 7291 04:44:56,800 --> 04:44:59,487 that you don't need to type some complex lines of code 7292 04:44:59,487 --> 04:45:00,680 or anything of any kind 7293 04:45:00,680 --> 04:45:04,000 basically you all you have to do is just leave the hash out here. 7294 04:45:04,000 --> 04:45:06,104 I'll show you so suppose we want 7295 04:45:06,104 --> 04:45:08,800 Do actually activate Dynamic jeans option. 7296 04:45:08,800 --> 04:45:11,100 So all we have to do is delete the hash. 7297 04:45:11,100 --> 04:45:13,100 But let's put in the harsh right now. 7298 04:45:13,100 --> 04:45:14,550 So after you delete the harsh, 7299 04:45:14,550 --> 04:45:17,000 all you have to do is save the file and the option 7300 04:45:17,000 --> 04:45:20,859 is enabled this hash presents a commented out line meaning 7301 04:45:20,859 --> 04:45:23,500 that the system reading this will ignore 7302 04:45:23,500 --> 04:45:24,748 if there is Harsh and 7303 04:45:24,748 --> 04:45:27,866 if there isn't hash it will take it into consideration 7304 04:45:27,866 --> 04:45:29,633 and interpret it according you. 7305 04:45:29,633 --> 04:45:31,800 Anyway what we have here are statements 7306 04:45:31,800 --> 04:45:33,431 which allow us to specify 7307 04:45:33,431 --> 04:45:36,416 how we want our traffic to be routed the First 7308 04:45:36,416 --> 04:45:39,600 off we have Dynamic chain Dynamic chain is a some 7309 04:45:39,600 --> 04:45:40,700 and is an option 7310 04:45:40,700 --> 04:45:43,425 which you will find people using the most it 7311 04:45:43,425 --> 04:45:45,200 is most commonly used option 7312 04:45:45,200 --> 04:45:47,400 and a preferable want to at that and honestly, 7313 04:45:47,400 --> 04:45:49,600 I think it's the best one out there primarily 7314 04:45:49,600 --> 04:45:51,200 because it's the most stable one 7315 04:45:51,200 --> 04:45:54,600 and here's why now suppose you have a b c d proxies. 7316 04:45:54,600 --> 04:45:57,206 So those are some servers with IP addresses 7317 04:45:57,206 --> 04:45:58,200 with open ports. 7318 04:45:58,200 --> 04:45:59,884 And if you have a strict chain policy, 7319 04:45:59,884 --> 04:46:01,800 which is enabled on this computer right now 7320 04:46:01,800 --> 04:46:04,000 as you see if you have a strict chain policy, 7321 04:46:04,000 --> 04:46:06,100 we can only be able to access any site 7322 04:46:06,100 --> 04:46:08,700 on Internet in general by going through ABCD. 7323 04:46:08,700 --> 04:46:10,500 So you have to go through all of them 7324 04:46:10,500 --> 04:46:13,300 and you have to go through them in that specific order. 7325 04:46:13,300 --> 04:46:16,209 That is ABCD and that's not always a good thing. 7326 04:46:16,209 --> 04:46:18,300 I mean if you're paying for 5 proxies, 7327 04:46:18,300 --> 04:46:19,300 that's not a problem 7328 04:46:19,300 --> 04:46:21,675 because they will always be operational 7329 04:46:21,675 --> 04:46:23,300 and they will always be up 7330 04:46:23,300 --> 04:46:26,074 and why not that's not a bad idea or an option 7331 04:46:26,074 --> 04:46:27,800 but there are however people 7332 04:46:27,800 --> 04:46:31,000 who use proxies for free and they don't tend to pay for them. 7333 04:46:31,000 --> 04:46:33,700 Why would you pay for like five proxies for simple scan 7334 04:46:33,700 --> 04:46:35,200 or something of that kind? 7335 04:46:35,300 --> 04:46:38,100 They're not free and the a cost money and they're 7336 04:46:38,200 --> 04:46:39,300 rather expensive also, 7337 04:46:39,300 --> 04:46:42,400 but still, I mean the act of paying itself identifies you 7338 04:46:42,400 --> 04:46:45,000 and kind of diminishes the amount of anonymity you have 7339 04:46:45,000 --> 04:46:45,800 on the internet. 7340 04:46:45,800 --> 04:46:47,600 So some complex payment methods 7341 04:46:47,600 --> 04:46:50,300 can still be used to actually anonymize yourself, 7342 04:46:50,300 --> 04:46:53,241 but it's fairly simple to just use a dynamic chain. 7343 04:46:53,241 --> 04:46:56,192 So firstly we're going to go ahead and uncomment 7344 04:46:56,192 --> 04:46:57,700 the dynamic chain option 7345 04:46:57,700 --> 04:47:00,400 and we're going to comment out the strict chain option. 7346 04:47:00,400 --> 04:47:02,490 So strict chain will no longer be used and I 7347 04:47:02,490 --> 04:47:03,900 will be using Dynamic chains. 7348 04:47:03,900 --> 04:47:05,271 And one more thing to note here. 7349 04:47:05,271 --> 04:47:06,900 Is that if you want to use Rocky chains 7350 04:47:06,900 --> 04:47:08,100 in combination with door 7351 04:47:08,300 --> 04:47:09,900 if you want to Route all your traffic 7352 04:47:09,900 --> 04:47:12,100 through the Tor Network not just web traffic. 7353 04:47:12,100 --> 04:47:14,500 You must be enabling Dynamic chains. 7354 04:47:14,500 --> 04:47:15,720 I mean, there's a chance 7355 04:47:15,720 --> 04:47:17,500 that it will work with strict genes. 7356 04:47:17,500 --> 04:47:19,825 But give the instant instability of door nodes. 7357 04:47:19,825 --> 04:47:20,900 It is highly unlikely. 7358 04:47:20,900 --> 04:47:23,800 You will need Dynamic jeans and that is why I'm using them. 7359 04:47:23,800 --> 04:47:26,329 Anyway, if you're using Dynamic changes just 7360 04:47:26,329 --> 04:47:27,873 give you the ability to go 7361 04:47:27,873 --> 04:47:30,973 from ABCD to your desired destination by not having 7362 04:47:30,973 --> 04:47:32,400 to adhere to any order. 7363 04:47:32,400 --> 04:47:35,518 So let's say C is down and you would go a b d 7364 04:47:35,518 --> 04:47:38,000 and it Woodworking with no problems, 7365 04:47:38,000 --> 04:47:40,300 even if P was down you would go to a d 7366 04:47:40,300 --> 04:47:42,900 and you would go and still reach the destination. 7367 04:47:42,900 --> 04:47:46,144 So as long as one single proxy is functional it's going to work 7368 04:47:46,144 --> 04:47:48,500 and you don't require any specific order to do 7369 04:47:48,500 --> 04:47:49,842 it down below now down 7370 04:47:49,842 --> 04:47:52,606 below you have some other options to so first is 7371 04:47:52,606 --> 04:47:54,400 random chains now random chains 7372 04:47:54,400 --> 04:47:55,607 in effect are basically 7373 04:47:55,607 --> 04:47:57,781 the same thing as resetting your service. 7374 04:47:57,781 --> 04:47:59,767 I mean if you're resetting your door, 7375 04:47:59,767 --> 04:48:02,428 you will be now assigned new IP address in Taurus 7376 04:48:02,428 --> 04:48:04,814 is your new IP address every 10 minutes or so. 7377 04:48:04,814 --> 04:48:06,052 Anyway with the random. 7378 04:48:06,052 --> 04:48:07,347 You can specify a list 7379 04:48:07,347 --> 04:48:09,578 of ips and then you can tell your computer. 7380 04:48:09,578 --> 04:48:10,800 Okay, I want you to try 7381 04:48:10,800 --> 04:48:12,709 and I want you to connect to this point and 7382 04:48:12,709 --> 04:48:15,300 every time you connect every time you transmit the packet, 7383 04:48:15,300 --> 04:48:17,000 I want you to use a different proxy 7384 04:48:17,000 --> 04:48:18,588 and we can do that as well. 7385 04:48:18,588 --> 04:48:21,700 And that's one of the options definitely and you can see okay. 7386 04:48:21,700 --> 04:48:23,400 Use this is phone five times 7387 04:48:23,400 --> 04:48:26,300 and then change to another one or some kind of like that. 7388 04:48:26,300 --> 04:48:28,575 There are a lot of options to specify their family 7389 04:48:28,575 --> 04:48:30,300 the chain length any way down below. 7390 04:48:30,300 --> 04:48:31,500 There's quite mode. 7391 04:48:31,500 --> 04:48:33,700 You don't really need that then that's proxy. 7392 04:48:33,700 --> 04:48:34,900 DNS requests. 7393 04:48:34,900 --> 04:48:36,000 No leak from DNA. 7394 04:48:36,100 --> 04:48:37,600 Stata, this is very important. 7395 04:48:37,600 --> 04:48:40,800 You cannot have any DNA sleek and let me explain to you what 7396 04:48:40,800 --> 04:48:42,100 DNS leaks are and even 7397 04:48:42,100 --> 04:48:44,994 though somebody cannot get your particular IP address. 7398 04:48:44,994 --> 04:48:47,398 They can get the IP address of the DNS server 7399 04:48:47,398 --> 04:48:48,670 that you are using and 7400 04:48:48,670 --> 04:48:52,200 that DNS servers do is resolved main domain to the IP address 7401 04:48:52,200 --> 04:48:53,200 and vice versa. 7402 04:48:53,200 --> 04:48:54,082 So for example, 7403 04:48:54,082 --> 04:48:55,674 if you type in youtube.com, 7404 04:48:55,674 --> 04:48:58,792 the DNS server of your local ISP provider will resolve 7405 04:48:58,792 --> 04:49:01,694 that into some sort of IP address that YouTube has 7406 04:49:01,694 --> 04:49:03,293 and it will make a request. 7407 04:49:03,293 --> 04:49:05,900 No problem and you do not want that happening 7408 04:49:05,900 --> 04:49:08,934 because Is your local DNS server will be discovered 7409 04:49:08,934 --> 04:49:10,395 and that is information 7410 04:49:10,395 --> 04:49:11,407 that can be used 7411 04:49:11,407 --> 04:49:14,377 in order to figure out your personal IP address. 7412 04:49:14,377 --> 04:49:17,094 And when that is done your physical location 7413 04:49:17,094 --> 04:49:18,800 is pretty much compromised. 7414 04:49:18,800 --> 04:49:20,100 And that's an oval 7415 04:49:20,100 --> 04:49:22,300 and you definitely need proxy DNS here. 7416 04:49:22,300 --> 04:49:23,700 It might slow you down a bit, 7417 04:49:23,700 --> 04:49:26,100 but without that you're practically not Anonymous 7418 04:49:26,100 --> 04:49:29,800 and it's just a matter of time before somebody finds you now, 7419 04:49:29,800 --> 04:49:32,600 if you go down below we have some other options here, 7420 04:49:32,600 --> 04:49:35,000 but we're not really interested in them at the moment. 7421 04:49:35,000 --> 04:49:36,600 What we here are for the formats 7422 04:49:36,600 --> 04:49:39,600 for entering proxies and I'm going to leave it at that. 7423 04:49:39,600 --> 04:49:42,908 So what do you see out here is first the type of the proxy 7424 04:49:42,908 --> 04:49:46,100 that is sucks 5 then the IP address then the port number 7425 04:49:46,200 --> 04:49:47,500 and then two words 7426 04:49:47,500 --> 04:49:50,700 that Islam has secret and then juice to Hidden. 7427 04:49:50,700 --> 04:49:51,000 Okay. 7428 04:49:51,000 --> 04:49:53,900 So now what you see out here as I just said is 7429 04:49:53,900 --> 04:49:56,700 how you would actually write down your proxy chains. 7430 04:49:56,700 --> 04:49:59,246 And now as I had already also said you always want 7431 04:49:59,246 --> 04:50:02,033 to be using socks5 and you don't want to be using HTTP 7432 04:50:02,033 --> 04:50:03,400 because they're not really 7433 04:50:03,400 --> 04:50:06,800 that safe and socks5 doesn't support a lot of Anyway, 7434 04:50:06,800 --> 04:50:09,200 and this is the IP address of the proxy server 7435 04:50:09,200 --> 04:50:12,300 that we will enter a few of them manually later on 7436 04:50:12,300 --> 04:50:14,383 and this here is the port number 7437 04:50:14,383 --> 04:50:17,682 that you see on which the proxy server is listening 7438 04:50:17,682 --> 04:50:20,784 and that port is open over here these two words. 7439 04:50:20,784 --> 04:50:22,300 Now what some proxy server 7440 04:50:22,300 --> 04:50:25,300 especially paid ones will always have a username and password 7441 04:50:25,300 --> 04:50:27,716 so you can just type them here in plain text 7442 04:50:27,716 --> 04:50:29,422 and fortunately it is assumed 7443 04:50:29,422 --> 04:50:32,600 that only you and you alone have access to this computer 7444 04:50:32,600 --> 04:50:35,035 besides this file and besides this file 7445 04:50:35,035 --> 04:50:35,900 is you not know. 7446 04:50:35,900 --> 04:50:37,504 Everybody can read this file anyway, 7447 04:50:37,504 --> 04:50:39,654 so if you can just type in the username here 7448 04:50:39,654 --> 04:50:40,500 and password here, 7449 04:50:40,500 --> 04:50:42,479 you will gain access to a certain proxy 7450 04:50:42,479 --> 04:50:44,797 that you have chosen or that you have paid for. 7451 04:50:44,797 --> 04:50:46,593 Anyway, these are just some examples 7452 04:50:46,593 --> 04:50:48,800 and we won't actually be using these proxies 7453 04:50:48,800 --> 04:50:50,391 or anything of the kind. 7454 04:50:50,391 --> 04:50:53,100 We need to go down below here here you see 7455 04:50:53,100 --> 04:50:54,700 and at the end of the file. 7456 04:50:54,700 --> 04:50:56,500 So if I just press enter a couple of times, 7457 04:50:56,500 --> 04:50:57,100 there we go. 7458 04:50:57,100 --> 04:51:01,510 So here is only one proxy active at the moment and says socks 7459 04:51:01,510 --> 04:51:05,700 for and all traffic is routed here through Tor by default. 7460 04:51:05,700 --> 04:51:10,000 So That to tour now and tardy for listens on the sport. 7461 04:51:10,000 --> 04:51:14,600 So this 9:05 is report is white or listens on now, 7462 04:51:14,600 --> 04:51:18,800 what we want to do is we want to add socks5 proxy address. 7463 04:51:18,800 --> 04:51:21,700 So what you want to do is just type in socks5 7464 04:51:21,946 --> 04:51:24,253 and the same IP address socks5 7465 04:51:24,800 --> 04:51:28,500 and you want to be keeping the spacing correct just use tab. 7466 04:51:28,500 --> 04:51:34,300 So 127 dot 0 dot 0 dot one and then you want to specify 7467 04:51:34,300 --> 04:51:37,800 the port number the also so now 0 5 0 so 7468 04:51:37,800 --> 04:51:41,000 what you see out here the 127. 0.021. 7469 04:51:41,000 --> 04:51:43,100 This is the loopback address of your computer. 7470 04:51:43,100 --> 04:51:45,100 So this is for any device communication and 7471 04:51:45,100 --> 04:51:46,700 if you're paying this address and 7472 04:51:46,700 --> 04:51:48,800 if you're paying yourself basically and usually 7473 04:51:48,800 --> 04:51:51,000 people think this address in order to make sure 7474 04:51:51,000 --> 04:51:53,600 that the IP protocol is set up correctly, 7475 04:51:53,600 --> 04:51:56,086 even though they don't have internet connectivity. 7476 04:51:56,086 --> 04:51:57,000 So let's just type 7477 04:51:57,000 --> 04:52:02,600 in 1.27 dot 0 dot 0 dot one and the same port number and 9:05. 7478 04:52:02,800 --> 04:52:07,100 So now we have to press Ctrl o to save our You can save 7479 04:52:07,100 --> 04:52:08,097 on the same name 7480 04:52:08,097 --> 04:52:11,400 and we're o 65 lines of course down and that's written 7481 04:52:11,400 --> 04:52:14,700 and now you have to press Ctrl X and you exit out. 7482 04:52:14,700 --> 04:52:18,400 So let's press Ctrl L and clear our screen now, 7483 04:52:18,400 --> 04:52:21,300 we just edited our proxy change configuration 7484 04:52:21,300 --> 04:52:23,088 in a very neat environment. 7485 04:52:23,088 --> 04:52:26,400 So to go ahead and type in our service door status. 7486 04:52:26,400 --> 04:52:29,700 So we want to check status of our daughter. 7487 04:52:29,700 --> 04:52:35,900 So service tour still this so torturous could not be found. 7488 04:52:35,996 --> 04:52:39,303 Sound so do we have the torturers installed? 7489 04:52:39,600 --> 04:52:40,247 Okay sewed. 7490 04:52:40,247 --> 04:52:41,831 Our service is not installed. 7491 04:52:41,831 --> 04:52:44,700 Just give me a little moment quickly install it. 7492 04:52:45,115 --> 04:52:45,500 Okay. 7493 04:52:45,500 --> 04:52:47,000 So now that we have set 7494 04:52:47,000 --> 04:52:49,559 up our broccoli jeans configuration file 7495 04:52:49,559 --> 04:52:51,200 and we have put in a sock 7496 04:52:51,200 --> 04:52:54,100 5 proxy chain giving it the torch service. 7497 04:52:54,100 --> 04:52:57,534 Now, what we need to do first is start up our tour service 7498 04:52:57,534 --> 04:52:58,800 now to actually check 7499 04:52:58,800 --> 04:53:00,431 if the car is running or not or 7500 04:53:00,431 --> 04:53:02,411 if the door service is running or not. 7501 04:53:02,411 --> 04:53:04,000 Let me just clear that out. 7502 04:53:04,000 --> 04:53:06,200 We need to go service to our star. 7503 04:53:06,800 --> 04:53:09,000 And you see it says it's inactive. 7504 04:53:09,000 --> 04:53:12,900 So what do you have to do is say service to our star 7505 04:53:12,900 --> 04:53:15,400 and that will start the tour service. 7506 04:53:15,400 --> 04:53:17,764 It might take some time depending on the system 7507 04:53:17,764 --> 04:53:20,900 that you're using and what are their it has started it for me. 7508 04:53:20,900 --> 04:53:24,400 Now what you have to do to actually use proxy chains 7509 04:53:24,400 --> 04:53:26,766 before you go to any website. 7510 04:53:26,766 --> 04:53:29,766 So all I have to do is say proxy chains, 7511 04:53:29,800 --> 04:53:32,303 then you specify the browser that you're using. 7512 04:53:32,303 --> 04:53:34,100 So we're going to be using Firefox 7513 04:53:34,100 --> 04:53:38,200 and you could say something like www dot Duck duck duck 7514 04:53:38,200 --> 04:53:41,000 on so now here you will see 7515 04:53:41,200 --> 04:53:44,346 how your ping is being transmitted to. 7516 04:53:44,346 --> 04:53:46,500 Dr. Go.com when I say thing, 7517 04:53:46,500 --> 04:53:48,600 I mean your packets and your requests, 7518 04:53:48,600 --> 04:53:50,200 I'm sorry for my vocabulary. 7519 04:53:50,200 --> 04:53:52,894 So now your packets are going to be directed 7520 04:53:52,894 --> 04:53:54,900 through a bunch of IP addresses, 7521 04:53:54,900 --> 04:53:57,200 but we haven't actually put a bunch of you just 7522 04:53:57,200 --> 04:53:59,600 have put the loop back for the Tor Network. 7523 04:53:59,600 --> 04:54:02,800 So we will let our do the rest of the things for us. 7524 04:54:02,800 --> 04:54:04,100 Okay, so depending 7525 04:54:04,100 --> 04:54:06,702 on your system this might take a little bit. 7526 04:54:06,702 --> 04:54:08,487 Of time to actually open up. 7527 04:54:08,487 --> 04:54:08,802 Okay. 7528 04:54:08,802 --> 04:54:10,416 So let's go ahead and see 7529 04:54:10,416 --> 04:54:12,998 what's actually happening on the terminal 7530 04:54:12,998 --> 04:54:15,000 while this thing is loading up. 7531 04:54:15,100 --> 04:54:17,500 Okay, as you can see it's going through a bunch 7532 04:54:17,500 --> 04:54:18,613 of proxies out of here 7533 04:54:18,613 --> 04:54:21,263 and some are denying it and some are saying it's okay. 7534 04:54:21,263 --> 04:54:24,329 So as you guys can see most of the time you might give tonight 7535 04:54:24,329 --> 04:54:26,388 and it will be a less number of occasions 7536 04:54:26,388 --> 04:54:28,500 and that is exactly what we're looking for 7537 04:54:28,500 --> 04:54:32,236 because primarily we have gone a great extent for the anonymity 7538 04:54:32,236 --> 04:54:34,986 and what do you want to do is stay like that. 7539 04:54:34,986 --> 04:54:37,800 So this is basically how you Use proxy chains. 7540 04:54:37,800 --> 04:54:40,700 Now if this computer just decides to open 7541 04:54:40,700 --> 04:54:43,100 up talk go.com on Mozilla. 7542 04:54:43,100 --> 04:54:45,800 I could actually show you some interesting stuff 7543 04:54:45,800 --> 04:54:48,500 but it seems my computer has kind of given up 7544 04:54:48,500 --> 04:54:52,000 on actually opening duck Taco it still waiting for dr. 7545 04:54:52,000 --> 04:54:55,200 Goes actually confirmation, but that's about it. 7546 04:54:55,200 --> 04:54:58,900 So this is how you can actually configure proxy chains. 7547 04:54:58,900 --> 04:54:59,700 I'm really sorry 7548 04:54:59,700 --> 04:55:01,758 that my computer isn't working right now, 7549 04:55:01,758 --> 04:55:04,747 so well and nothing is actually opening on Mozilla. 7550 04:55:04,747 --> 04:55:06,608 It's mostly because my Ram is over. 7551 04:55:06,608 --> 04:55:07,000 Loaded. 7552 04:55:07,000 --> 04:55:09,400 I think I should go ahead and get myself a new Ram. 7553 04:55:09,400 --> 04:55:11,200 But for now, let me just also say 7554 04:55:11,200 --> 04:55:13,593 that we can put some custom proxy lists 7555 04:55:13,593 --> 04:55:16,307 and instead of just saying let me just go ahead 7556 04:55:16,307 --> 04:55:17,900 and open up that file again 7557 04:55:17,900 --> 04:55:19,398 as you guys and see out here. 7558 04:55:19,398 --> 04:55:21,000 I'm going to end this right now 7559 04:55:21,000 --> 04:55:24,800 because my computer can't really take all this pressure. 7560 04:55:24,953 --> 04:55:26,646 See it's like so hard. 7561 04:55:26,646 --> 04:55:26,940 Okay. 7562 04:55:26,940 --> 04:55:30,100 Let me just quit out of that and let me just open up a new one. 7563 04:55:30,100 --> 04:55:31,318 Now as I had said 7564 04:55:31,318 --> 04:55:34,400 that you can put up some custom proxy lists, 7565 04:55:34,400 --> 04:55:35,530 not really gonna do that. 7566 04:55:35,530 --> 04:55:36,780 But let me just show you. 7567 04:55:36,780 --> 04:55:37,900 You can do that you go. 7568 04:55:37,900 --> 04:55:41,400 No and you go cetera and proxy 7569 04:55:41,800 --> 04:55:45,100 so you basically have to go into the proxy chain. 7570 04:55:45,400 --> 04:55:48,900 Okay, so I think I should put this can yeah 7571 04:55:48,900 --> 04:55:51,500 now if you just go in and edit out here, 7572 04:55:51,500 --> 04:55:53,900 all you have to do is setup Dynamic jeans 7573 04:55:53,900 --> 04:55:55,900 and you can go online and search 7574 04:55:55,900 --> 04:55:59,000 for free proxy list and that will give you everything 7575 04:55:59,000 --> 04:56:02,100 that the port number to the IP address. 7576 04:56:02,200 --> 04:56:06,400 Let me just show it to you free proxy server. 7577 04:56:06,400 --> 04:56:07,200 Our list. 7578 04:56:07,200 --> 04:56:10,700 So all you have to do is search for free proxy server list 7579 04:56:10,700 --> 04:56:13,910 and you can see out here the proxy Davis scbs 7580 04:56:13,910 --> 04:56:16,100 and you basically want to find 7581 04:56:16,100 --> 04:56:19,200 a soft fire proxy to find self a proxy just add 7582 04:56:19,200 --> 04:56:20,435 that into your keyword. 7583 04:56:20,435 --> 04:56:22,621 And once you find those proxy addresses, 7584 04:56:22,621 --> 04:56:25,200 all you have to do is take down this IP address 7585 04:56:25,200 --> 04:56:27,200 and followed by the port number 7586 04:56:27,200 --> 04:56:28,412 and you go ahead 7587 04:56:28,412 --> 04:56:31,900 and just put it down in this configuration file 7588 04:56:31,900 --> 04:56:33,700 and then you hit control. 7589 04:56:33,700 --> 04:56:37,700 Oh and you just save it and And you just go back. 7590 04:56:37,700 --> 04:56:39,876 So that was all about proxy chains and 7591 04:56:39,876 --> 04:56:42,600 how you can set up Roxy change to set make yourself. 7592 04:56:42,600 --> 04:56:43,370 Very Anonymous. 7593 04:56:43,370 --> 04:56:44,899 I'm sorry hold muscle, uh, 7594 04:56:44,899 --> 04:56:47,800 pardon work that's still sad state of my computer 7595 04:56:47,800 --> 04:56:51,300 but moving on let's go ahead and study about Max changes. 7596 04:56:51,300 --> 04:56:51,800 OK guys. 7597 04:56:51,800 --> 04:56:53,800 So that was all about proxy chains. 7598 04:56:53,800 --> 04:56:55,500 Let's move ahead to match changer. 7599 04:56:55,500 --> 04:56:55,900 Okay. 7600 04:56:55,900 --> 04:56:58,300 Now before we go into the tool called Mac changer, 7601 04:56:58,300 --> 04:56:58,974 let's just see 7602 04:56:58,974 --> 04:57:01,603 what a Mac addresses now Mac address actually stands 7603 04:57:01,603 --> 04:57:03,700 for media Access Control address of the device 7604 04:57:03,700 --> 04:57:06,600 and is a unique identifier assigned to a network interface. 7605 04:57:06,600 --> 04:57:09,300 Stroller for communication purposes now a Mac addresses 7606 04:57:09,300 --> 04:57:10,700 are used as a network address 7607 04:57:10,700 --> 04:57:12,900 for most IEEE a certain ethnic Technologies, 7608 04:57:12,900 --> 04:57:14,872 including ethernet Wi-Fi and Bluetooth. 7609 04:57:14,872 --> 04:57:17,000 Now in this context Mac addresses are used 7610 04:57:17,000 --> 04:57:19,300 in the medium Access Control protocol sub layer 7611 04:57:19,300 --> 04:57:20,900 and as typically represented 7612 04:57:20,900 --> 04:57:23,677 as Mac addresses are not recognizable as six groups 7613 04:57:23,677 --> 04:57:25,501 of two hexadecimal digits each. 7614 04:57:25,501 --> 04:57:26,900 Now, these are separated 7615 04:57:26,900 --> 04:57:29,766 by a colon and the first three hexadecimals are 7616 04:57:29,766 --> 04:57:32,750 actually the organizationally unique identifier. 7617 04:57:32,750 --> 04:57:35,041 So they actually represent your vendor 7618 04:57:35,041 --> 04:57:36,924 and the next three Hexadecimal 7619 04:57:36,924 --> 04:57:39,712 is actually represent your network card unique. 7620 04:57:39,712 --> 04:57:42,518 Okay, so when you are actually on a network you 7621 04:57:42,518 --> 04:57:45,283 are recognized on something called an ARP table. 7622 04:57:45,283 --> 04:57:47,324 Let me just show you the ARP table 7623 04:57:47,324 --> 04:57:48,483 how you can see it. 7624 04:57:48,483 --> 04:57:49,203 Let's go in. 7625 04:57:49,203 --> 04:57:51,893 So the password is root still an ARP table is 7626 04:57:51,893 --> 04:57:54,599 basically an address resolution protocol table. 7627 04:57:54,599 --> 04:57:56,480 And well, this is a virtual machine 7628 04:57:56,480 --> 04:57:58,774 and it doesn't really know many machines 7629 04:57:58,774 --> 04:58:00,000 on the local network. 7630 04:58:00,000 --> 04:58:01,200 But if I were to go 7631 04:58:01,200 --> 04:58:04,800 on my Windows system and show you my ARP table, let's see. 7632 04:58:05,100 --> 04:58:07,000 Okay, so if I show you the ARP table 7633 04:58:07,000 --> 04:58:09,013 of my Windows machine and on any machine 7634 04:58:09,013 --> 04:58:11,271 that has a TCP IP protocol suit installed you 7635 04:58:11,271 --> 04:58:12,400 will have this command 7636 04:58:12,400 --> 04:58:14,967 as working called are and you gave the - 7637 04:58:14,967 --> 04:58:16,000 A and now you see 7638 04:58:16,000 --> 04:58:18,600 that your IP address or somebody else's 7639 04:58:18,600 --> 04:58:21,400 IP address is actually map to physical address. 7640 04:58:21,400 --> 04:58:21,600 Now. 7641 04:58:21,600 --> 04:58:23,300 The MAC address is very commonly used 7642 04:58:23,300 --> 04:58:24,912 in the our protocol and this is 7643 04:58:24,912 --> 04:58:27,206 how you are actually identified on a network. 7644 04:58:27,206 --> 04:58:28,597 Now sometimes what you want 7645 04:58:28,597 --> 04:58:30,400 to do is be unknown on this network. 7646 04:58:30,400 --> 04:58:32,702 There are various reasons why you want to do that. 7647 04:58:32,702 --> 04:58:35,281 Let me just give you an example of a very malicious. 7648 04:58:35,281 --> 04:58:37,000 Reason that was done in my college. 7649 04:58:37,000 --> 04:58:40,300 So we asked students would actually change the MAC address 7650 04:58:40,300 --> 04:58:42,744 of our own computer to the professor's computer. 7651 04:58:42,744 --> 04:58:45,500 So we would somehow look up the professor's IP address 7652 04:58:45,500 --> 04:58:47,600 and then come to know about his Mac address 7653 04:58:47,600 --> 04:58:50,409 and then we would spoof our Mac to be his Mac address 7654 04:58:50,409 --> 04:58:52,300 and then we would do some tripe sort 7655 04:58:52,300 --> 04:58:54,900 of malicious activity on the college internet 7656 04:58:54,900 --> 04:58:56,600 and then internet administrators 7657 04:58:56,600 --> 04:58:58,050 of our college would come to know 7658 04:58:58,050 --> 04:59:00,000 that that Mac address is doing some sort 7659 04:59:00,000 --> 04:59:01,275 of malicious activity and 7660 04:59:01,275 --> 04:59:03,576 that Mac address would get permanently banned 7661 04:59:03,576 --> 04:59:05,035 for that session on the call. 7662 04:59:05,035 --> 04:59:06,304 Dish Network so basically 7663 04:59:06,304 --> 04:59:09,300 our professor would not be able to use a wireless projectors 7664 04:59:09,300 --> 04:59:12,200 that he would use to actually show us as presentations 7665 04:59:12,200 --> 04:59:14,257 and we end up getting a free class. 7666 04:59:14,257 --> 04:59:14,500 Now. 7667 04:59:14,500 --> 04:59:16,437 I am not actually promoting any sort 7668 04:59:16,437 --> 04:59:17,830 of bad activity like this. 7669 04:59:17,830 --> 04:59:20,930 I have just experienced this in my own college life. 7670 04:59:20,930 --> 04:59:23,700 So that was something but there are many other reasons 7671 04:59:23,700 --> 04:59:26,600 that you might want to spoof your Mac now Mac changer 7672 04:59:26,600 --> 04:59:29,403 is an amazing tool for actually spoofing your back. 7673 04:59:29,403 --> 04:59:30,300 So first of all, 7674 04:59:30,300 --> 04:59:32,200 how do you come to know your Mac address? 7675 04:59:32,200 --> 04:59:34,700 So let's see you go ifconfig. 7676 04:59:35,100 --> 04:59:37,557 This will give us our Mac address. 7677 04:59:37,557 --> 04:59:38,600 Now this dress 7678 04:59:38,600 --> 04:59:42,586 that you see out here is the MAC address of this machine. 7679 04:59:42,586 --> 04:59:45,304 So you can also check out the MAC address 7680 04:59:45,304 --> 04:59:46,800 by going Mark changer, 7681 04:59:46,800 --> 04:59:48,858 then let's type in the help options. 7682 04:59:48,858 --> 04:59:51,800 And this will show us how to get the MAC address. 7683 04:59:51,800 --> 04:59:54,300 So if you see there's a show flag 7684 04:59:54,600 --> 04:59:56,700 so we can go Mac changer 7685 04:59:56,800 --> 05:00:00,600 and you can put the S and then you put the interface now 7686 05:00:00,600 --> 05:00:02,900 the interface is where it's working. 7687 05:00:02,900 --> 05:00:04,800 So at 0 is where we are. 7688 05:00:04,800 --> 05:00:07,400 Actually getting we don't want the loopback one. 7689 05:00:07,400 --> 05:00:10,700 So at 0 and this will give us the MAC address. 7690 05:00:10,700 --> 05:00:14,500 So I can't Mac address is zero eight zero zero two seven. 7691 05:00:14,500 --> 05:00:16,584 Let's see if that was the same one shown. 7692 05:00:16,584 --> 05:00:17,819 Where is that matter? 7693 05:00:17,819 --> 05:00:18,400 It's okay. 7694 05:00:18,400 --> 05:00:20,600 So if a 0 a 0 0 to 7, so, I'm sorry. 7695 05:00:20,600 --> 05:00:21,850 This was the MAC address. 7696 05:00:21,850 --> 05:00:23,400 I selected the wrong thing. 7697 05:00:23,400 --> 05:00:26,863 What I was showing you is the IPv6 address and you can see 7698 05:00:26,863 --> 05:00:28,199 that's very very long. 7699 05:00:28,199 --> 05:00:29,900 So, this is our Mac address. 7700 05:00:29,900 --> 05:00:33,372 Now what you might want to do to change your Mac address. 7701 05:00:33,372 --> 05:00:36,100 Well, let's see with V we can get the version 7702 05:00:36,100 --> 05:00:38,600 with s you can show we can do the E. 7703 05:00:38,600 --> 05:00:39,900 And as I said, 7704 05:00:39,900 --> 05:00:44,000 if you remember that the first three bits is about the vendors 7705 05:00:44,000 --> 05:00:47,700 so you can also get the vendor list by going - L. 7706 05:00:47,700 --> 05:00:48,800 So you go - 7707 05:00:48,800 --> 05:00:52,500 L and this will give you a list of Mac addresses 7708 05:00:52,500 --> 05:00:55,500 and which rendered the belong to so sometimes 7709 05:00:55,500 --> 05:00:57,300 if you don't know the vendors 7710 05:00:57,300 --> 05:00:59,694 that are actually being used on the network 7711 05:00:59,694 --> 05:01:01,400 of your college, for example, 7712 05:01:01,400 --> 05:01:03,502 and you want to just stay Anonymous 7713 05:01:03,502 --> 05:01:04,986 and not raise any Flags. 7714 05:01:04,986 --> 05:01:06,100 Lakhs of Suspicion 7715 05:01:06,100 --> 05:01:08,900 so you could hide yourself as a Cisco router. 7716 05:01:08,900 --> 05:01:11,100 So suppose your college was using all sorts 7717 05:01:11,100 --> 05:01:14,200 of Cisco routers and you decided that today. 7718 05:01:14,200 --> 05:01:15,900 I'm going to put myself as a Cisco router 7719 05:01:15,900 --> 05:01:18,200 and I'm going to screw around with the network. 7720 05:01:18,200 --> 05:01:19,964 So it would not raise any Flags 7721 05:01:19,964 --> 05:01:23,200 before you actually decide to do some malicious activity 7722 05:01:23,200 --> 05:01:24,500 in some deeper inspection 7723 05:01:24,500 --> 05:01:26,900 of your Mac address people would actually realize 7724 05:01:26,900 --> 05:01:28,959 that you are actually spoofing the dress 7725 05:01:28,959 --> 05:01:31,971 and after some investigation they put Andy take some time 7726 05:01:31,971 --> 05:01:34,500 to actually reach to you and how you spoofed it, 7727 05:01:34,500 --> 05:01:37,731 but the And of Ginger Mac is not raising any flags 7728 05:01:37,731 --> 05:01:40,700 and that is exactly what you should try to do. 7729 05:01:40,800 --> 05:01:45,500 So Mac changer is also very useful for getting the list 7730 05:01:45,500 --> 05:01:49,000 of all the Mac addresses and the vendor IDs. 7731 05:01:49,000 --> 05:01:51,700 Now, let me just clear the screen out quickly. 7732 05:01:51,700 --> 05:01:55,100 So we go clear and let's bring back the help. 7733 05:01:56,100 --> 05:01:58,900 So we go matching injure and - help. 7734 05:01:58,900 --> 05:02:02,600 Now, what we want to do is give ourself a random Mac address 7735 05:02:02,600 --> 05:02:04,200 now Mac changer, 7736 05:02:04,400 --> 05:02:06,000 so that is Done with the our flag 7737 05:02:06,000 --> 05:02:07,758 and we want to do it on F 0. 7738 05:02:07,758 --> 05:02:08,751 So once you run 7739 05:02:08,751 --> 05:02:11,400 that you will be given a new Mac address. 7740 05:02:11,400 --> 05:02:14,200 So our new Mac address is f6c 649 7741 05:02:14,300 --> 05:02:17,500 now you can verify that by running ifconfig. 7742 05:02:17,500 --> 05:02:19,901 Now we could just do ifconfig 7743 05:02:20,100 --> 05:02:23,844 and you see our new maxi dress is an ether 7744 05:02:23,844 --> 05:02:27,460 so we could also do something like this ifconfig 7745 05:02:27,680 --> 05:02:30,000 and you could grab eater. 7746 05:02:30,200 --> 05:02:32,800 So that's just telling you the MAC address 7747 05:02:32,800 --> 05:02:35,200 and this is completely new also. 7748 05:02:35,200 --> 05:02:38,900 You can show it to the Mac changer tool itself. 7749 05:02:39,000 --> 05:02:41,615 Okay, so we need to give it the e0. 7750 05:02:41,615 --> 05:02:43,000 I've got that now. 7751 05:02:43,000 --> 05:02:45,300 You see that this is our current MAC address 7752 05:02:45,300 --> 05:02:47,930 and this is a permanent Mac address and their two 7753 05:02:47,930 --> 05:02:49,300 are completely different. 7754 05:02:49,300 --> 05:02:52,673 Sometimes you also might want to actually change your Mac 7755 05:02:52,673 --> 05:02:55,500 when your laptop is or your system is booting up 7756 05:02:55,500 --> 05:02:58,617 because you might want to stay Anonymous all the time. 7757 05:02:58,617 --> 05:03:00,715 Who knows and sometimes you might think 7758 05:03:00,715 --> 05:03:03,200 I'll actually change it when I want change it, 7759 05:03:03,200 --> 05:03:04,800 but let's face it we 7760 05:03:04,800 --> 05:03:08,329 We are forgetful as human beings and we tend to forget things 7761 05:03:08,329 --> 05:03:09,900 that we are supposed to do. 7762 05:03:09,900 --> 05:03:11,500 So what else is better 7763 05:03:11,500 --> 05:03:13,699 than to actually automate the whole process yourself 7764 05:03:13,699 --> 05:03:16,900 and forget about remembering all these stupid nitty-gritty stuff. 7765 05:03:16,900 --> 05:03:18,800 So you can tell Linux 7766 05:03:18,800 --> 05:03:21,000 or cardigan enough to actually change. 7767 05:03:21,000 --> 05:03:24,500 Your Mac address on boot-up is use this tool called crontab 7768 05:03:24,500 --> 05:03:28,300 now crontab is actually used for scheduling tasks on Linux. 7769 05:03:28,300 --> 05:03:30,700 So let me show you how to do that firstly. 7770 05:03:30,700 --> 05:03:33,200 Let's clear our screen and go crontab 7771 05:03:33,200 --> 05:03:34,800 and go Health now. 7772 05:03:34,800 --> 05:03:36,790 You see it's a pretty small and menu. 7773 05:03:36,790 --> 05:03:39,320 So first we start with it you flag that user 7774 05:03:39,320 --> 05:03:42,190 this file is going to work for then we got the E flag, 7775 05:03:42,190 --> 05:03:45,484 which is for editing crontab users the users crontab list 7776 05:03:45,484 --> 05:03:48,400 and you can see the list of users crontab and let's see. 7777 05:03:48,400 --> 05:03:50,200 So do we have any crunch all this? 7778 05:03:50,200 --> 05:03:53,141 So there is no crontab at this moment so we can set 7779 05:03:53,141 --> 05:03:55,316 up one for ourselves by going to the E. 7780 05:03:55,316 --> 05:03:56,300 Then there's the r 7781 05:03:56,300 --> 05:03:59,338 which is delete users crontab and I want to tell you all be 7782 05:03:59,338 --> 05:04:01,800 very careful when treating anything of that sort 7783 05:04:01,800 --> 05:04:03,788 because once you delete something from The Knocks 7784 05:04:03,788 --> 05:04:04,700 that I've already said 7785 05:04:04,700 --> 05:04:05,590 that it It is very 7786 05:04:05,590 --> 05:04:07,808 very difficult to actually retrieve it back. 7787 05:04:07,808 --> 05:04:11,100 You might get fragmented pieces of what you had actually deleted 7788 05:04:11,100 --> 05:04:14,100 and that will only leave you with sadness and Devastation. 7789 05:04:14,100 --> 05:04:18,000 Now, what you want to do is go through crontab and press e 7790 05:04:18,000 --> 05:04:21,700 and this will bring us to select an Editor to change later 7791 05:04:21,700 --> 05:04:22,700 on select editor. 7792 05:04:22,760 --> 05:04:24,298 So we'll do it Nano. 7793 05:04:24,300 --> 05:04:26,599 So what do you have out here is the readme file 7794 05:04:26,599 --> 05:04:29,400 of crontab and if you read this entire thing you will get 7795 05:04:29,400 --> 05:04:31,066 how to use crontab completely. 7796 05:04:31,066 --> 05:04:32,400 But if you have any sort 7797 05:04:32,400 --> 05:04:35,150 of doubts even after reading it you can leave them down. 7798 05:04:35,150 --> 05:04:36,600 The comment section below now. 7799 05:04:36,600 --> 05:04:39,655 What do you want to do is actually set up a crontab 7800 05:04:39,655 --> 05:04:41,000 so that you can change 7801 05:04:41,000 --> 05:04:44,089 your Mac address whenever you reboot your computer. 7802 05:04:44,089 --> 05:04:46,375 So all you have to do is say at reboot 7803 05:04:46,375 --> 05:04:48,600 what you want to done is Mac changer, 7804 05:04:48,600 --> 05:04:51,200 and if you remember we want to run the MAC address 7805 05:04:51,200 --> 05:04:53,019 and we want it on eat zero. 7806 05:04:53,019 --> 05:04:53,900 So that's done. 7807 05:04:53,900 --> 05:04:54,103 Now. 7808 05:04:54,103 --> 05:04:56,041 All you have to do is save this thing. 7809 05:04:56,041 --> 05:04:57,100 So you go control. 7810 05:04:57,100 --> 05:04:59,725 Oh and that will write it out you crontab 7811 05:04:59,725 --> 05:05:00,817 and you press enter 7812 05:05:00,817 --> 05:05:02,796 and you have ridden on one line. 7813 05:05:02,796 --> 05:05:05,800 Now you go control X you have X is it out? 7814 05:05:05,800 --> 05:05:08,900 So now let us clear the screen by pressing Ctrl L 7815 05:05:08,900 --> 05:05:12,900 and enter and let's go ahead and get our Mac address. 7816 05:05:13,000 --> 05:05:14,900 So if we go ahead and run 7817 05:05:14,900 --> 05:05:18,100 that are Mac address is set to f6c 649. 7818 05:05:18,200 --> 05:05:22,600 So just remember the first few letters have 66 and 49 now. 7819 05:05:22,600 --> 05:05:25,700 Let me just reboot my computer and you will see 7820 05:05:25,700 --> 05:05:29,415 after I reboot and run ifconfig again with gravity table. 7821 05:05:29,415 --> 05:05:32,600 We will see a different Mac address now rebooting 7822 05:05:32,600 --> 05:05:33,472 my take some time 7823 05:05:33,472 --> 05:05:35,732 because I'm actually using Of washing machine 7824 05:05:35,732 --> 05:05:38,300 but still now it's given problems with the Firefox. 7825 05:05:38,300 --> 05:05:40,300 But let's hope this won't take much time. 7826 05:05:40,700 --> 05:05:41,000 Okay. 7827 05:05:41,000 --> 05:05:43,200 So now that our computer has booted up 7828 05:05:43,200 --> 05:05:46,200 and we have actually opened up a terminal let's go 7829 05:05:46,200 --> 05:05:49,700 in and type ifconfig and let's get in our ether 7830 05:05:49,700 --> 05:05:51,200 that is the MAC address. 7831 05:05:51,200 --> 05:05:52,924 So if you remember the MAC address now, 7832 05:05:52,924 --> 05:05:55,150 you see that it has completely changed and that's 7833 05:05:55,150 --> 05:05:56,800 how you can spoof your Mac address 7834 05:05:56,800 --> 05:05:58,100 on our local network. 7835 05:05:58,100 --> 05:06:00,273 And this will basically help you 7836 05:06:00,273 --> 05:06:03,600 in staying Anonymous on our protocols and anything 7837 05:06:03,600 --> 05:06:06,705 that actually laughs your IP address to the MAC address. 7838 05:06:06,705 --> 05:06:07,000 Okay. 7839 05:06:07,000 --> 05:06:09,388 So that was all about math Changers meet you 7840 05:06:09,388 --> 05:06:10,500 in the next section. 7841 05:06:10,700 --> 05:06:12,600 So in this section, we will be talking 7842 05:06:12,600 --> 05:06:15,700 about wireless encryption protocol cracking. 7843 05:06:15,700 --> 05:06:19,200 So that is basically Wi-Fi cracking now Wi-Fi 7844 05:06:19,200 --> 05:06:22,184 in today's day and age uses pins 7845 05:06:22,184 --> 05:06:25,800 or passwords to normally encrypt the data usage. 7846 05:06:25,800 --> 05:06:29,900 Basically, if you want to access the wireless access point, 7847 05:06:29,900 --> 05:06:31,187 you need a password 7848 05:06:31,187 --> 05:06:34,077 or a PIN to actually gain authorization now 7849 05:06:34,077 --> 05:06:38,100 this authorization Chicken is done using a for a handshake 7850 05:06:38,100 --> 05:06:42,300 which we will try to capture using a tool called aircrack-ng 7851 05:06:42,400 --> 05:06:45,000 and then we will try to crack into the password 7852 05:06:45,000 --> 05:06:47,500 using a wordless generator called crunch. 7853 05:06:47,500 --> 05:06:51,700 Now, you can use aircrack-ng to crack WPA and WPA2. 7854 05:06:51,700 --> 05:06:54,800 There's also another protocol called WEP or WEP 7855 05:06:54,800 --> 05:06:57,400 and that is not normally used these days. 7856 05:06:57,400 --> 05:06:58,958 If you find anybody using 7857 05:06:58,958 --> 05:07:02,700 that you should always advise them to actually upgrade to WPA 7858 05:07:02,700 --> 05:07:04,700 or WPA2 because Wei. 7859 05:07:04,700 --> 05:07:07,846 EP is actually very easily cracking these days 7860 05:07:07,846 --> 05:07:11,062 and people are generally punished for using WEP 7861 05:07:11,062 --> 05:07:13,300 by hackers all around the world. 7862 05:07:13,300 --> 05:07:13,660 Okay. 7863 05:07:13,660 --> 05:07:17,454 So now you can actually go ahead and go into a terminal 7864 05:07:17,454 --> 05:07:21,600 and type ifconfig to actually look at your network card name 7865 05:07:21,600 --> 05:07:23,200 as you guys can see out here. 7866 05:07:23,200 --> 05:07:24,659 It's called wlo one. 7867 05:07:24,659 --> 05:07:25,900 So the first step 7868 05:07:25,900 --> 05:07:28,900 that we need to do to actually go into the process 7869 05:07:28,900 --> 05:07:32,800 of Wi-Fi cracking is set up our network access card 7870 05:07:32,800 --> 05:07:34,700 or our access point. 7871 05:07:34,946 --> 05:07:36,100 Monitor mode so 7872 05:07:36,100 --> 05:07:38,600 as you guys can see out here after typing ifconfig. 7873 05:07:38,600 --> 05:07:39,700 It shows me 7874 05:07:39,700 --> 05:07:43,300 that my Wi-Fi access God is wl1 interface. 7875 05:07:43,400 --> 05:07:47,200 Now our process of cracking passwords is pretty simple. 7876 05:07:47,200 --> 05:07:49,700 What we want to do is actually monitor 7877 05:07:49,700 --> 05:07:52,670 for all sorts of access points that are nearby to us. 7878 05:07:52,670 --> 05:07:55,200 Once we have chosen the access point that we 7879 05:07:55,200 --> 05:07:58,801 want to actually penetrate into and find the password. 7880 05:07:58,801 --> 05:08:02,200 What you want to do is run a narrow dumps can on it 7881 05:08:02,200 --> 05:08:05,082 and then we will try and D authenticate any device 7882 05:08:05,082 --> 05:08:07,500 that is connected to the access point now 7883 05:08:07,500 --> 05:08:08,963 one assumption out here 7884 05:08:08,963 --> 05:08:11,700 is that the password is saved in that device 7885 05:08:11,700 --> 05:08:14,200 and it will automatically try to re-authenticate 7886 05:08:14,300 --> 05:08:16,100 itself with the access point 7887 05:08:16,100 --> 05:08:19,796 and we want to catch and log this re-authentication process 7888 05:08:19,796 --> 05:08:22,600 which will actually have a four-way handshake 7889 05:08:22,600 --> 05:08:25,319 between your device and the access point. 7890 05:08:25,319 --> 05:08:26,600 So this is basically 7891 05:08:26,600 --> 05:08:30,054 the procedure we are going to follow now another thing 7892 05:08:30,054 --> 05:08:32,689 that you need to know before actually using 7893 05:08:32,689 --> 05:08:35,228 this process to gain any access to any Is 7894 05:08:35,228 --> 05:08:39,100 that you need to know a little bit about what the password is? 7895 05:08:39,100 --> 05:08:43,000 Maybe it could be length or it could be something 7896 05:08:43,000 --> 05:08:46,000 like a specific character at a specific place. 7897 05:08:46,000 --> 05:08:48,200 Maybe you know a series of characters. 7898 05:08:48,200 --> 05:08:51,887 So you just can't really guess the password out of thin air. 7899 05:08:51,887 --> 05:08:53,849 That is not how cracking Works 7900 05:08:53,849 --> 05:08:56,384 unless you have some unlimited potential 7901 05:08:56,384 --> 05:08:58,809 of processing power in that case. 7902 05:08:58,809 --> 05:09:02,741 You can very well brute force it and just find the password, 7903 05:09:02,741 --> 05:09:06,700 but if you are not somebody who Has unlimited processing power 7904 05:09:06,700 --> 05:09:08,500 and you're trying to use aircrack-ng. 7905 05:09:08,500 --> 05:09:11,000 You need to know a little bit about the password. 7906 05:09:11,000 --> 05:09:12,400 Also before we proceed 7907 05:09:12,400 --> 05:09:15,400 with this wireless encryption protocol cracking. 7908 05:09:15,400 --> 05:09:17,700 What I want to say is if you want to get 7909 05:09:17,700 --> 05:09:20,800 into somebody's Wi-Fi network, 7910 05:09:20,800 --> 05:09:23,800 or you want to actually test for vulnerabilities. 7911 05:09:23,800 --> 05:09:26,900 It's better that you test for router vulnerabilities. 7912 05:09:26,900 --> 05:09:29,135 Then actually cracking a Wi-Fi password 7913 05:09:29,135 --> 05:09:30,655 because you're more likely 7914 05:09:30,655 --> 05:09:33,078 than not to find more router vulnerabilities 7915 05:09:33,078 --> 05:09:35,900 than actually successfully Like a Wi-Fi password 7916 05:09:35,900 --> 05:09:37,700 if you don't know anything about it, 7917 05:09:37,700 --> 05:09:39,800 if you don't know anything about the password 7918 05:09:39,800 --> 05:09:42,226 just go ahead and run some vulnerability tests 7919 05:09:42,226 --> 05:09:45,300 on the router itself and more often than not you will just 7920 05:09:45,300 --> 05:09:47,161 find something you can abuse. 7921 05:09:47,161 --> 05:09:47,479 Okay. 7922 05:09:47,479 --> 05:09:49,580 Now let's talk about the two tools 7923 05:09:49,580 --> 05:09:51,300 that I'm going to be using. 7924 05:09:51,300 --> 05:09:52,663 Now these two tools. 7925 05:09:52,663 --> 05:09:55,800 One of them is already installed on Kali Linux, 7926 05:09:55,800 --> 05:09:58,472 but if you are not using this on Carly, 7927 05:09:58,472 --> 05:10:01,800 you can also use this on any Linux based system. 7928 05:10:01,800 --> 05:10:04,228 So what you have to do is download 7929 05:10:04,228 --> 05:10:05,700 and All aircrack-ng, 7930 05:10:05,700 --> 05:10:07,318 which is easily installed 7931 05:10:07,318 --> 05:10:10,116 with the command apt-get install aircrack-ng 7932 05:10:10,116 --> 05:10:13,500 and you also have to install this word list generator 7933 05:10:13,500 --> 05:10:16,804 called crunch now crunch is easily downloadable 7934 05:10:16,804 --> 05:10:18,600 by just Googling the name 7935 05:10:18,600 --> 05:10:21,197 and the first link will be a sourceforge link 7936 05:10:21,197 --> 05:10:23,500 and all you have to do is go inside that 7937 05:10:23,500 --> 05:10:25,911 and install it and once you've figured out 7938 05:10:25,911 --> 05:10:28,300 how to install crunch you can make sure 7939 05:10:28,300 --> 05:10:29,500 that its installed. 7940 05:10:39,700 --> 05:10:44,200 Now once you have installed both the software's you can check out 7941 05:10:44,200 --> 05:10:46,500 if the manual pages are opening up. 7942 05:10:46,500 --> 05:10:50,014 Let me just open the manual page of aircrack-ng and show you 7943 05:10:50,014 --> 05:10:52,100 that it has been properly installed. 7944 05:10:55,400 --> 05:10:57,300 Now as you guys can see the manual page 7945 05:10:57,300 --> 05:10:58,832 of aircrack-ng opened up 7946 05:10:58,832 --> 05:11:01,900 and the manual page of crunch is also opening up. 7947 05:11:01,900 --> 05:11:04,406 So that means both of our software's 7948 05:11:04,406 --> 05:11:07,700 have been successfully installed on our system. 7949 05:11:07,700 --> 05:11:09,086 Now before we go ahead. 7950 05:11:09,086 --> 05:11:11,800 Let me just show you how crunch actually works 7951 05:11:11,800 --> 05:11:14,800 so crunch is basically a wordless generator. 7952 05:11:14,800 --> 05:11:16,800 What you would do is you try 7953 05:11:16,800 --> 05:11:19,857 and generate a word list with given characters. 7954 05:11:19,857 --> 05:11:23,578 So what you can see out here is I've typed in crunch 3/5, 7955 05:11:23,578 --> 05:11:27,500 so Means the minimum length is 3 and the maximum length is 5 7956 05:11:27,500 --> 05:11:29,980 and I've given it a series of numbers. 7957 05:11:29,980 --> 05:11:33,498 So it will use these numbers and generate all the words 7958 05:11:33,498 --> 05:11:36,300 that are possible from length 3 to length 5. 7959 05:11:36,300 --> 05:11:39,420 So the way we are going to use crunch in conjunction 7960 05:11:39,420 --> 05:11:40,400 with aircrack is 7961 05:11:40,400 --> 05:11:43,400 that we are going to use crunch to generate the word list. 7962 05:11:43,400 --> 05:11:45,500 And then we are going to pipe the word list 7963 05:11:45,500 --> 05:11:46,941 through aircrack-ng 7964 05:11:46,941 --> 05:11:50,407 when we are actually trying to capture and crack 7965 05:11:50,407 --> 05:11:53,800 what we will capture in a certain log file now. 7966 05:11:53,800 --> 05:11:56,426 What you want to do first is actually put 7967 05:11:56,426 --> 05:11:59,500 your network interface card on a monitor mode. 7968 05:11:59,500 --> 05:12:00,500 Now you can do 7969 05:12:00,500 --> 05:12:04,500 that by typing in ifconfig and then the interface name 7970 05:12:04,500 --> 05:12:08,400 which happens to be wl1 and first you have to put it down. 7971 05:12:08,400 --> 05:12:13,015 So I've config wl1 down now to put your interface card 7972 05:12:13,015 --> 05:12:14,400 into monitor mode. 7973 05:12:14,400 --> 05:12:17,100 You have to type in IW config 7974 05:12:17,300 --> 05:12:19,358 and you go the name of the interface 7975 05:12:19,358 --> 05:12:20,900 and then you go mode monitor. 7976 05:12:20,900 --> 05:12:22,700 Okay, it seems I've spelled it wrong. 7977 05:12:22,700 --> 05:12:24,200 So let me just do it once again. 7978 05:12:24,200 --> 05:12:27,298 So that has put our network interface card 7979 05:12:27,298 --> 05:12:28,500 into monitor mode 7980 05:12:28,500 --> 05:12:31,809 and what we need to do after that is we need to start 7981 05:12:31,809 --> 05:12:33,400 up our network interface. 7982 05:12:33,400 --> 05:12:38,500 So all we have to do is type in ifconfig wl1 up now. 7983 05:12:38,500 --> 05:12:42,423 Once it is up and running you can check by typing in ifconfig 7984 05:12:42,423 --> 05:12:45,300 that indeed your network interface card is up 7985 05:12:45,300 --> 05:12:47,802 and running don't worry is running in monitor mode 7986 05:12:47,802 --> 05:12:49,300 if it's up and running 7987 05:12:49,500 --> 05:12:51,600 what we want to do next is pretty important 7988 05:12:51,600 --> 05:12:52,716 to the whole process. 7989 05:12:52,716 --> 05:12:53,959 So what we want to do now. 7990 05:12:53,959 --> 05:12:55,556 Now is check for some services 7991 05:12:55,556 --> 05:12:57,900 that might still be running in the background 7992 05:12:57,900 --> 05:13:00,800 that might hamper with our whole scanning process. 7993 05:13:00,800 --> 05:13:05,100 So we do this by actually typing in the command Area 1 and G 7994 05:13:05,100 --> 05:13:07,489 check and then the name of the interface. 7995 05:13:07,489 --> 05:13:11,117 So as you guys can see nothing is exactly running right now. 7996 05:13:11,117 --> 05:13:14,500 But if there were any process running you would only add 7997 05:13:14,500 --> 05:13:16,072 a command airmon-ng check 7998 05:13:16,072 --> 05:13:18,650 and instead of writing the interface name. 7999 05:13:18,650 --> 05:13:20,600 All you have to do is say kill. 8000 05:13:20,700 --> 05:13:23,100 It will kill any processes now 8001 05:13:23,100 --> 05:13:26,217 if you see Any process named the network administrator 8002 05:13:26,217 --> 05:13:28,900 you want to kill that process first separately 8003 05:13:28,900 --> 05:13:31,266 and then kill any other child processes. 8004 05:13:31,266 --> 05:13:34,300 You may need to actually run this command few times 8005 05:13:34,300 --> 05:13:35,623 before all the processes 8006 05:13:35,623 --> 05:13:37,730 are killed and then you're good to go. 8007 05:13:37,730 --> 05:13:38,042 Okay. 8008 05:13:38,042 --> 05:13:41,600 So now that we have finished killing all the subprocesses. 8009 05:13:41,600 --> 05:13:43,500 What we want to do is run 8010 05:13:43,500 --> 05:13:46,800 and error dumps can on the network card. 8011 05:13:46,800 --> 05:13:48,100 So that is WL 1. 8012 05:13:48,100 --> 05:13:50,500 So for this we go Aero dump - 8013 05:13:50,500 --> 05:13:53,700 Angie and then we put in the name of the interface. 8014 05:13:53,700 --> 05:13:55,400 And this will start the scan 8015 05:13:55,400 --> 05:13:57,300 that will look something like this. 8016 05:13:59,100 --> 05:14:01,584 So after you run the aerodrome scan 8017 05:14:01,584 --> 05:14:02,900 on your interface, 8018 05:14:02,900 --> 05:14:06,400 what do you see out here is a result of all the access point 8019 05:14:06,400 --> 05:14:08,700 that is found out to the monitoring mode. 8020 05:14:08,700 --> 05:14:11,700 Now if you see we have a bunch of columns out your first 8021 05:14:11,700 --> 05:14:13,833 of all we have the bssid column. 8022 05:14:13,833 --> 05:14:17,100 Now, the bssid column is basically the MAC address 8023 05:14:17,100 --> 05:14:19,300 of all the routers that are found. 8024 05:14:19,300 --> 05:14:21,900 No, every router obviously has a MAC address. 8025 05:14:21,900 --> 05:14:23,440 So those are the MAC address 8026 05:14:23,440 --> 05:14:25,200 that is tied to the router names, 8027 05:14:25,200 --> 05:14:28,909 which is shown by the SSID then we How the pwr column we have 8028 05:14:28,909 --> 05:14:31,800 the beacons column we have the data packets column. 8029 05:14:31,800 --> 05:14:34,000 Another important column is a channel column. 8030 05:14:34,000 --> 05:14:35,000 It's important know 8031 05:14:35,000 --> 05:14:37,383 which channel your router is working on. 8032 05:14:37,383 --> 05:14:40,500 Then we can see the cipher column the authentication 8033 05:14:40,500 --> 05:14:43,000 so out here we can see the encryption that is used. 8034 05:14:43,000 --> 05:14:45,300 So most of it is using WPA2. 8035 05:14:45,300 --> 05:14:49,400 So what we will be cracking is basically WPA2 so from this is 8036 05:14:49,400 --> 05:14:53,000 what you need to recognize is basically the Wi-Fi router 8037 05:14:53,000 --> 05:14:55,100 that you want to crack into now, 8038 05:14:55,100 --> 05:14:57,700 I'm performing this particular test at my office. 8039 05:14:57,700 --> 05:15:00,652 Is and I don't really have the permission to actually 8040 05:15:00,652 --> 05:15:03,300 go in and test them for these vulnerabilities. 8041 05:15:03,300 --> 05:15:05,400 I'm not a security analyst off here. 8042 05:15:05,400 --> 05:15:06,278 So I don't really 8043 05:15:06,278 --> 05:15:08,500 have the permissions to penetrate into them. 8044 05:15:08,500 --> 05:15:11,500 So what I have done is I have run a similar test 8045 05:15:11,500 --> 05:15:13,400 at home using my own Wi-Fi 8046 05:15:13,400 --> 05:15:15,752 and I will show you the results for that. 8047 05:15:15,752 --> 05:15:17,306 But for this working example, 8048 05:15:17,306 --> 05:15:20,200 you will see the scans that I'm running in this office. 8049 05:15:20,200 --> 05:15:22,300 So as we intend to stay ethical 8050 05:15:22,300 --> 05:15:25,600 what we are going to do out here is we are going to capture 8051 05:15:25,600 --> 05:15:27,500 whatever we find in our office. 8052 05:15:27,500 --> 05:15:29,100 For on the educational purposes, 8053 05:15:29,100 --> 05:15:31,900 but when we are doing the actual cracking step 8054 05:15:31,900 --> 05:15:34,300 that is the last step of this whole procedure. 8055 05:15:34,300 --> 05:15:37,100 I'll be running it on a file that I had generated at home 8056 05:15:37,100 --> 05:15:37,800 as I just said 8057 05:15:37,800 --> 05:15:40,762 because I have four missions to do whatever I want 8058 05:15:40,762 --> 05:15:42,692 with my own Wi-Fi and passwords. 8059 05:15:42,692 --> 05:15:42,989 Okay. 8060 05:15:42,989 --> 05:15:44,029 So for this example, 8061 05:15:44,029 --> 05:15:47,600 I'm going to pick this wi-fi that is called attract of Wi-Fi 8062 05:15:47,600 --> 05:15:49,700 and it's running on channel number 6. 8063 05:15:49,700 --> 05:15:52,700 So what do you want to pick from here is the bssid 8064 05:15:52,700 --> 05:15:53,800 and the channel number 8065 05:15:53,800 --> 05:15:57,100 we need to remember these two things first the bssid 8066 05:15:57,100 --> 05:15:58,600 and Channel number now. 8067 05:15:58,600 --> 05:16:01,600 What do you want to do after that is open up a new window 8068 05:16:01,600 --> 05:16:04,300 on your terminal and login as root. 8069 05:16:05,300 --> 05:16:09,000 Now what we want to do here is run a separate Arrow dumps can 8070 05:16:09,000 --> 05:16:13,300 on this specific bssid and check for all the devices 8071 05:16:13,300 --> 05:16:16,300 that are actually connected to this access point. 8072 05:16:16,300 --> 05:16:18,000 Now we do this by running 8073 05:16:18,000 --> 05:16:20,968 the command airodump-ng and while we're doing this, 8074 05:16:20,968 --> 05:16:23,627 we also want to capture all the scan outputs 8075 05:16:23,627 --> 05:16:26,100 that we actually get into a certain file. 8076 05:16:26,100 --> 05:16:29,900 So we will be actually storing it in a file called capture 8077 05:16:30,073 --> 05:16:33,226 and then we just have to pass in the bssid 8078 05:16:33,300 --> 05:16:40,700 and the interface We also have to specify the channel. 8079 05:16:40,700 --> 05:16:44,351 So let's see what the channel is 1 so the channel is Channel 6. 8080 05:16:44,351 --> 05:16:46,000 So that's what we want to do 8081 05:16:46,000 --> 05:16:49,500 and we specify the Channel with the - see Flags. 8082 05:16:55,100 --> 05:16:57,900 So after you have identified the MAC address, 8083 05:16:57,900 --> 05:17:00,800 all you need to do is copy it down and place it 8084 05:17:00,800 --> 05:17:02,800 with after the bssid flag. 8085 05:17:02,900 --> 05:17:06,500 Okay, so we're going to run our Command out here 8086 05:17:06,500 --> 05:17:08,800 and we just want to say our file is going to be 8087 05:17:08,800 --> 05:17:09,900 well test out capture. 8088 05:17:09,900 --> 05:17:11,958 Now that our scan is up and running. 8089 05:17:11,958 --> 05:17:13,416 All you want to do is wait 8090 05:17:13,416 --> 05:17:16,411 till someone is actually connected to this access point. 8091 05:17:16,411 --> 05:17:18,000 So I forgot to mention this 8092 05:17:18,000 --> 05:17:20,200 for this process to actually work properly. 8093 05:17:20,200 --> 05:17:22,449 Somebody needs to be connected to that access point 8094 05:17:22,449 --> 05:17:25,200 because what we are going to try and do is disconnect. 8095 05:17:25,200 --> 05:17:27,992 That certain device and let them reconnect 8096 05:17:27,992 --> 05:17:29,700 and capture that log file. 8097 05:17:29,799 --> 05:17:30,800 Okay, so it seems 8098 05:17:30,800 --> 05:17:32,800 like nobody is actually connecting to it. 8099 05:17:32,800 --> 05:17:36,900 So at this time I'm going to do is go back to our Aerodrome scan 8100 05:17:36,900 --> 05:17:37,850 that we had run 8101 05:17:37,850 --> 05:17:41,400 on a network interface and look at some other Mac address 8102 05:17:41,400 --> 05:17:43,500 or other access point to actually penetrate 8103 05:17:43,500 --> 05:17:44,900 into and let's see 8104 05:17:44,900 --> 05:17:47,600 if something has actually connected to that. 8105 05:17:48,300 --> 05:17:49,200 Okay, so 8106 05:17:49,300 --> 05:17:51,900 oh la la now what do you see out here is 8107 05:17:51,900 --> 05:17:54,700 that somebody has actually connected to this access point 8108 05:17:54,700 --> 05:17:57,800 and his Mac address can be seen under the station stab. 8109 05:17:57,800 --> 05:17:58,400 Now. 8110 05:17:58,400 --> 05:17:59,978 What we want to do is run 8111 05:17:59,978 --> 05:18:03,200 the authentication broadcast message on that station 8112 05:18:03,200 --> 05:18:04,700 and the authenticate that guy. 8113 05:18:05,700 --> 05:18:08,400 No to actually run the the authentication process. 8114 05:18:08,400 --> 05:18:10,000 All you have to do is go ahead 8115 05:18:10,000 --> 05:18:12,327 and open up a new terminal window again and let 8116 05:18:12,327 --> 05:18:14,200 this can be running in the background. 8117 05:18:14,200 --> 05:18:16,300 Don't use any scanner this moment. 8118 05:18:16,400 --> 05:18:16,727 Okay. 8119 05:18:16,727 --> 05:18:17,897 So the information 8120 05:18:17,897 --> 05:18:20,267 that they need to remember is the bssid 8121 05:18:20,267 --> 05:18:22,700 or rather the Mac ID of the station now, 8122 05:18:22,700 --> 05:18:25,900 you also want your monitoring to be running on the same channel 8123 05:18:25,900 --> 05:18:29,173 so that your the authentication message is being already 8124 05:18:29,173 --> 05:18:30,900 broadcast on the same channel 8125 05:18:30,900 --> 05:18:34,000 so we can do that easily by going airmon-ng 8126 05:18:34,000 --> 05:18:37,100 and saying WL One and you can say start 8127 05:18:37,200 --> 05:18:38,900 on specify channel. 8128 05:18:38,946 --> 05:18:43,253 So what we want to be doing is running this on Channel 6, 8129 05:18:44,300 --> 05:18:48,000 then we want to go and use the third suit of tools 8130 05:18:48,000 --> 05:18:52,100 that is are replay now are replay is used for broadcasting 8131 05:18:52,100 --> 05:18:54,600 the authentication messages and all sorts of stuff. 8132 05:18:54,600 --> 05:18:57,700 Now you can see all this in The Help menu also 8133 05:18:57,700 --> 05:19:00,014 and you can do that by typing in - - 8134 05:19:00,014 --> 05:19:01,800 help if you go down you see 8135 05:19:01,800 --> 05:19:04,100 that you can send the authentication message 8136 05:19:04,100 --> 05:19:05,400 using the - 0 Flag 8137 05:19:05,400 --> 05:19:07,400 and that's exactly what you're going to do. 8138 05:19:08,100 --> 05:19:09,507 Then we stay zero again 8139 05:19:09,507 --> 05:19:12,336 because we wanted constantly send a broadcast 8140 05:19:12,336 --> 05:19:13,700 of the authentication. 8141 05:19:13,700 --> 05:19:15,801 So it's looping basically and until 8142 05:19:15,801 --> 05:19:17,476 and unless we stop the scan. 8143 05:19:17,476 --> 05:19:20,347 Nobody will actually be able to access the Wi-Fi. 8144 05:19:20,347 --> 05:19:22,800 So it's basically like a small toss attack 8145 05:19:23,376 --> 05:19:26,223 and then we want to specify the bssid. 8146 05:19:27,400 --> 05:19:29,700 Okay, so it seems like I forgot the whole a tag 8147 05:19:29,700 --> 05:19:32,700 before the bssid and that should get it working. 8148 05:19:34,300 --> 05:19:35,603 Okay, so it seems 8149 05:19:35,603 --> 05:19:38,900 like I have copied some wrong bssid I guess. 8150 05:19:39,500 --> 05:19:42,400 So, let me just go ahead and copy that once properly. 8151 05:19:45,200 --> 05:19:45,900 Okay. 8152 05:19:45,900 --> 05:19:48,300 So now that we have the proper bssid 8153 05:19:48,300 --> 05:19:49,560 as you guys can see 8154 05:19:49,560 --> 05:19:52,935 we are running the authentication broadcast message 8155 05:19:52,935 --> 05:19:55,500 on that particular network access card, 8156 05:19:55,500 --> 05:19:59,700 and now you want to run this for around a couple of minutes 8157 05:19:59,700 --> 05:20:01,137 so that you become sure 8158 05:20:01,137 --> 05:20:03,500 that all the devices have disconnected. 8159 05:20:03,500 --> 05:20:05,000 Now while this is happening 8160 05:20:05,000 --> 05:20:07,400 what you're doing is basically sending a Dos attack 8161 05:20:07,400 --> 05:20:11,100 to that small little Wi-Fi and you want to catch the handshake 8162 05:20:11,100 --> 05:20:13,612 that occurs between devices and the router 8163 05:20:13,612 --> 05:20:16,800 that it is connected to while reconnecting themselves 8164 05:20:19,500 --> 05:20:19,800 Okay. 8165 05:20:19,800 --> 05:20:22,700 So now that we've let's can run for a couple of minutes. 8166 05:20:22,700 --> 05:20:24,000 Let us just stop it. 8167 05:20:26,000 --> 05:20:28,800 Let's stop this others can too now. 8168 05:20:28,800 --> 05:20:32,200 If I go and list out the files on my desktop, 8169 05:20:32,200 --> 05:20:32,900 you should see 8170 05:20:32,900 --> 05:20:35,300 that there's something called the test capture. 8171 05:20:35,300 --> 05:20:39,303 Now, the test capsule is given to us in various formats. 8172 05:20:39,303 --> 05:20:43,390 We have the capture format, which is just capture - 0 1. 8173 05:20:43,390 --> 05:20:46,012 Cap and then we have test capture CSV. 8174 05:20:46,012 --> 05:20:47,500 We have a Kismet CSV. 8175 05:20:47,500 --> 05:20:48,900 So it gives you a bunch 8176 05:20:48,900 --> 05:20:51,700 of formats to actually run your cracking on now 8177 05:20:51,700 --> 05:20:53,500 if you remember I had told you all 8178 05:20:53,500 --> 05:20:55,900 that I have already generated a similar. 8179 05:20:56,600 --> 05:20:58,000 At home, basically 8180 05:20:58,200 --> 05:21:00,800 when I was trying to crack into my own home password, 8181 05:21:00,900 --> 05:21:03,366 so I will be running the tests on that file 8182 05:21:03,366 --> 05:21:05,617 or the cracking procedure on that file. 8183 05:21:05,617 --> 05:21:08,500 And that is the last step of this whole procedure. 8184 05:21:08,500 --> 05:21:11,000 So, let me just go ahead and move into that folder. 8185 05:21:11,000 --> 05:21:14,235 So I go see these can now as you guys can see out here 8186 05:21:14,235 --> 05:21:15,700 if I list down the files 8187 05:21:15,700 --> 05:21:18,854 if you can see a Capture One Dot Capture One Dot CSV. 8188 05:21:18,854 --> 05:21:21,207 This is Kismet CSV and this and that XML. 8189 05:21:21,207 --> 05:21:22,900 So I was not lying when I said 8190 05:21:22,900 --> 05:21:24,549 that I have already done this at home. 8191 05:21:24,549 --> 05:21:25,900 So we are going to run out. 8192 05:21:25,900 --> 05:21:28,000 Cracking process on capture with 0 1. 8193 05:21:28,000 --> 05:21:28,800 Cap now. 8194 05:21:28,800 --> 05:21:31,300 Let me just tell you guys the password for my home. 8195 05:21:31,300 --> 05:21:34,200 Wi-Fi is sweet ship 346 so you can say 8196 05:21:34,200 --> 05:21:35,824 that I know the entire password, 8197 05:21:35,824 --> 05:21:37,500 but I'm going to act like somebody 8198 05:21:37,500 --> 05:21:41,400 who only has a general idea of what my password look like. 8199 05:21:41,400 --> 05:21:42,800 So let's say I know 8200 05:21:42,800 --> 05:21:44,686 that my password contains tweet ship 8201 05:21:44,686 --> 05:21:47,706 but I don't really know the last three numbers or letters 8202 05:21:47,706 --> 05:21:49,000 or whatever they may be. 8203 05:21:49,000 --> 05:21:52,187 Okay, so we are going to use crunch once again 8204 05:21:52,187 --> 05:21:54,100 to generate a list of words 8205 05:21:54,100 --> 05:21:58,300 that might include Egypt 346 and let me just open 8206 05:21:58,300 --> 05:22:00,400 the crunch manual for once now 8207 05:22:00,400 --> 05:22:02,500 if you go down in the crunch manual 8208 05:22:02,500 --> 05:22:04,400 what you'll see is the - 8209 05:22:04,400 --> 05:22:07,700 t so as you guys can see there is a pattern 8210 05:22:07,700 --> 05:22:10,405 that is pit specified like after it at the red God 8211 05:22:10,405 --> 05:22:12,700 and Then followed by four other ad rates 8212 05:22:12,700 --> 05:22:13,963 and all the ad rates 8213 05:22:13,963 --> 05:22:16,600 will be replaced by a lowercase character. 8214 05:22:16,600 --> 05:22:19,600 Now you can remove other eight and use a comma 8215 05:22:19,600 --> 05:22:22,500 and be replaced with an uppercase character 8216 05:22:22,500 --> 05:22:23,800 or you can use percentages 8217 05:22:23,800 --> 05:22:25,533 which in case it would be numbers. 8218 05:22:25,533 --> 05:22:27,161 Or you could use the caret sign 8219 05:22:27,161 --> 05:22:29,000 in which case it will insert symbol. 8220 05:22:29,000 --> 05:22:31,100 So when you know the length of the password 8221 05:22:31,100 --> 05:22:33,800 and also a certain degree of few letters, 8222 05:22:33,800 --> 05:22:35,362 you can use the hyphen T flag. 8223 05:22:35,362 --> 05:22:36,300 So that is exactly 8224 05:22:36,300 --> 05:22:38,400 what we are going to use with crunch out here 8225 05:22:38,400 --> 05:22:39,500 for this example. 8226 05:22:39,500 --> 05:22:42,400 So, let me just remind you guys that the password 8227 05:22:42,400 --> 05:22:45,400 for my home Wi-Fi is we chipped 346. 8228 05:22:46,100 --> 05:22:48,518 Now what we can do is we can ask crunch 8229 05:22:48,518 --> 05:22:52,400 to actually generate something that looks like sweet ship 346. 8230 05:22:52,998 --> 05:22:58,269 So what I could do is say crunch So the minimum length is 12. 8231 05:22:58,269 --> 05:22:59,000 I already know 8232 05:22:59,000 --> 05:23:01,800 that and the maximum length is also 12 now. 8233 05:23:01,800 --> 05:23:03,900 Let me just input in the pattern. 8234 05:23:04,015 --> 05:23:06,784 So we put in the pattern after - tea. 8235 05:23:07,800 --> 05:23:10,700 So now I'm going to show you how long it can take. 8236 05:23:10,700 --> 05:23:12,300 So we are just going to say sweet 8237 05:23:12,300 --> 05:23:14,530 and then put in some ad rates 8238 05:23:14,600 --> 05:23:17,600 and then also get a try and guess in the numbers. 8239 05:23:17,700 --> 05:23:19,021 So after you've put 8240 05:23:19,021 --> 05:23:22,500 in the pattern you want to also input which letters 8241 05:23:22,500 --> 05:23:23,885 and numbers it could be 8242 05:23:23,885 --> 05:23:27,200 and I'm just going to input my entire keyboard out here. 8243 05:23:27,200 --> 05:23:31,516 Now, what you want to do is pipe this command through aircrack-ng 8244 05:23:31,516 --> 05:23:33,000 is cracking procedure. 8245 05:23:34,800 --> 05:23:35,146 Okay. 8246 05:23:35,146 --> 05:23:39,300 So now what we want to do is type this command to aircrack-ng 8247 05:23:39,900 --> 05:23:41,507 and we want to write 8248 05:23:41,507 --> 05:23:44,584 from a rather read from the capture file. 8249 05:23:45,300 --> 05:23:48,100 So what we go is - W and then - 8250 05:23:48,100 --> 05:23:50,200 and then the capture file name. 8251 05:23:50,200 --> 05:23:51,500 So capture 0 1. 8252 05:23:51,500 --> 05:23:55,246 Cap and then we also have to specify the essid 8253 05:23:55,246 --> 05:23:59,500 which is given to the E flag and the essid for my home. 8254 05:23:59,500 --> 05:24:03,200 Wi-Fi is Nest away underscore cc105. 8255 05:24:03,200 --> 05:24:05,900 So that's actly what I'm going to type in 8256 05:24:05,900 --> 05:24:10,900 and this will start the cracking process on my Wi-Fi 8257 05:24:10,915 --> 05:24:12,684 from the captured file. 8258 05:24:12,800 --> 05:24:15,541 So as you guys can see this is going to take 8259 05:24:15,541 --> 05:24:17,200 a long long long long time 8260 05:24:17,200 --> 05:24:19,600 and I'm not really actually going to complete it. 8261 05:24:19,600 --> 05:24:20,550 So in this time, 8262 05:24:20,550 --> 05:24:23,700 I'm actually just going to try and explain why this is 8263 05:24:23,700 --> 05:24:27,100 not very feasible on a virtual Network. 8264 05:24:27,100 --> 05:24:28,700 So basically this is not feasible 8265 05:24:28,700 --> 05:24:31,100 because at this moment why computer is using 8266 05:24:31,100 --> 05:24:33,300 all four of its course and all the memory 8267 05:24:33,300 --> 05:24:34,300 that is possible. 8268 05:24:34,400 --> 05:24:37,400 So what this means is on a virtual box. 8269 05:24:37,400 --> 05:24:40,600 This is not really possible your virtualbox don't really 8270 05:24:40,600 --> 05:24:41,900 have that much power. 8271 05:24:41,900 --> 05:24:45,400 If you are using a 4 core processor computer only two 8272 05:24:45,400 --> 05:24:47,864 of its maximum course can be actually allotted 8273 05:24:47,864 --> 05:24:50,100 to your virtual box machine above that. 8274 05:24:50,100 --> 05:24:52,329 You can't really give it the entire memory 8275 05:24:52,329 --> 05:24:54,800 because that will make your computer crash. 8276 05:24:54,800 --> 05:24:57,600 So if you want to do something like this, 8277 05:24:57,600 --> 05:25:01,646 it's better that you install Kali Linux as a dual boot or as 8278 05:25:01,646 --> 05:25:05,200 your own daily driver and then you can do this. 8279 05:25:05,200 --> 05:25:08,800 So this is why I have not done this on a virtual machine 8280 05:25:08,800 --> 05:25:11,184 and instead downest on deep in Linux, 8281 05:25:11,184 --> 05:25:13,900 which is my daily driver operating system. 8282 05:25:13,900 --> 05:25:16,300 Now as you guys can see this constantly trying 8283 05:25:16,300 --> 05:25:17,900 to actually guess the password 8284 05:25:17,900 --> 05:25:20,300 by actually going through all the permutations 8285 05:25:20,300 --> 05:25:21,351 and combinations. 8286 05:25:21,351 --> 05:25:24,700 That is basically it's taking in all the words generated 8287 05:25:24,700 --> 05:25:27,400 from crunch piping it into the current command. 8288 05:25:27,400 --> 05:25:30,600 That is the aircrack-ng command and is comparing everything. 8289 05:25:31,200 --> 05:25:33,700 So what I'm going to do is I'm actually going to end this 8290 05:25:33,700 --> 05:25:36,500 because this will take a very very very long time. 8291 05:25:36,500 --> 05:25:39,100 And what we're going to do is we're going to actually try 8292 05:25:39,100 --> 05:25:42,000 and shorten the command of the or the amount of guessing 8293 05:25:42,000 --> 05:25:43,199 that you're trying to do. 8294 05:25:43,199 --> 05:25:44,800 So, let me just try and do that. 8295 05:25:44,800 --> 05:25:46,836 So as you guys can see out here, 8296 05:25:46,836 --> 05:25:49,080 I have reduced the number of alphabets 8297 05:25:49,080 --> 05:25:50,900 that might be actually tested. 8298 05:25:50,900 --> 05:25:52,081 But even in this case, 8299 05:25:52,081 --> 05:25:53,900 this will take a humongous amount 8300 05:25:53,900 --> 05:25:56,000 of time and let me just show that to you. 8301 05:25:56,100 --> 05:25:59,045 So as you guys can see the test is running running 8302 05:25:59,045 --> 05:26:00,162 running and running 8303 05:26:00,162 --> 05:26:03,200 and and there's not really much you can do you can just 8304 05:26:03,200 --> 05:26:05,100 let this run go out for a cup of coffee 8305 05:26:05,100 --> 05:26:06,200 and then come back 8306 05:26:06,200 --> 05:26:08,047 and you might still see that drawing. 8307 05:26:08,047 --> 05:26:10,100 It really depends on what the password is 8308 05:26:10,100 --> 05:26:12,500 and how much time it takes to crack it 8309 05:26:12,500 --> 05:26:15,600 and how much processing power you have directly affects 8310 05:26:15,600 --> 05:26:19,838 how much time this will take so let me just show you guys 8311 05:26:19,838 --> 05:26:22,300 that this is taking a bunch of time. 8312 05:26:27,100 --> 05:26:27,800 Okay. 8313 05:26:27,800 --> 05:26:30,574 So now that I have fast-forwarded a lot 8314 05:26:30,574 --> 05:26:32,400 into the scan you can see 8315 05:26:32,400 --> 05:26:34,687 that I have tried almost two one two, 8316 05:26:34,687 --> 05:26:36,253 seven six zero eight keys. 8317 05:26:36,253 --> 05:26:38,322 So that's more than a million Keys. 8318 05:26:38,322 --> 05:26:39,600 That's 2 million keys 8319 05:26:39,600 --> 05:26:43,200 that have tried so and it still hasn't reached at 3:46. 8320 05:26:43,200 --> 05:26:46,100 So what we're going to do is just to show you 8321 05:26:46,100 --> 05:26:49,300 for demonstration purposes that this procedure actually works. 8322 05:26:49,300 --> 05:26:52,300 Let me just shorten guessing even more. 8323 05:26:52,300 --> 05:26:54,900 So what we want to do is this time we want 8324 05:26:54,900 --> 05:26:56,500 to just guess the numbers 8325 05:26:56,500 --> 05:26:59,700 so We'll modify our Command accordingly. 8326 05:26:59,900 --> 05:27:01,800 So we just put in 8327 05:27:01,800 --> 05:27:06,200 sweet chip and let the algorithm just guess at 3:46 part. 8328 05:27:06,200 --> 05:27:08,376 So we're going to remove the alphabets 8329 05:27:08,376 --> 05:27:10,087 from the guessing scope also 8330 05:27:10,087 --> 05:27:11,565 and as you guys can see 8331 05:27:11,565 --> 05:27:14,200 the password is almost immediately guessed 8332 05:27:14,200 --> 05:27:16,700 because only 456 keys were tested. 8333 05:27:16,700 --> 05:27:19,895 And as you guys can see it shows that the key was found 8334 05:27:19,895 --> 05:27:22,733 and it's sweet ship 346 now let me also show you 8335 05:27:22,733 --> 05:27:25,438 that it works with the guessing of letters just 8336 05:27:25,438 --> 05:27:27,000 because I don't think of did 8337 05:27:27,000 --> 05:27:29,600 that letters are also guest and not just numbers. 8338 05:27:29,600 --> 05:27:32,800 So let me make it just gets the P part that is sweet. 8339 05:27:32,800 --> 05:27:36,000 She and then it should guess B and then 346. 8340 05:27:36,000 --> 05:27:38,004 So let me just show you that and 8341 05:27:38,004 --> 05:27:41,200 as you guys can see it guesses it almost immediately 8342 05:27:41,200 --> 05:27:43,900 after just going through 15,000 Keys. 8343 05:27:43,900 --> 05:27:46,100 Okay, so that brings us to the end 8344 05:27:46,100 --> 05:27:48,215 of this wi-fi cracking tutorial 8345 05:27:48,215 --> 05:27:50,400 and also to the end of this video 8346 05:27:50,400 --> 05:27:53,000 which was regarding ethical hacking using Kali Linux. 8347 05:27:53,000 --> 05:27:55,100 I hope you guys had a bunch of fun learning 8348 05:27:55,100 --> 05:27:57,000 about Mac changes proxy chain. 8349 05:27:57,000 --> 05:28:00,700 And a bunch of stuff that we did like Wi-Fi password cracking. 8350 05:28:00,700 --> 05:28:03,429 I hope you practice these procedures and methodologies 8351 05:28:03,429 --> 05:28:06,900 that have thought you only for your own educational purposes 8352 05:28:06,900 --> 05:28:10,629 and not use it to harm anybody or do anything harmful with it 8353 05:28:10,629 --> 05:28:13,100 because let me just tell you very seriously 8354 05:28:13,100 --> 05:28:15,302 that you can be prosecuted by the law. 8355 05:28:15,302 --> 05:28:18,100 So let's end this video on a good note by saying 8356 05:28:18,100 --> 05:28:20,758 please practice this for only educational purposes. 8357 05:28:20,758 --> 05:28:22,300 Let me just show you that and 8358 05:28:22,300 --> 05:28:25,500 as you guys can see it guesses it almost immediately 8359 05:28:25,500 --> 05:28:28,100 after just going through 18,000 Keys. 8360 05:28:28,100 --> 05:28:30,368 Okay, so that brings us to the end 8361 05:28:30,368 --> 05:28:32,500 of this wi-fi cracking tutorial 8362 05:28:32,500 --> 05:28:34,700 and also to the end of this video 8363 05:28:34,700 --> 05:28:37,300 which was regarding ethical hacking using Kali Linux. 8364 05:28:37,300 --> 05:28:39,400 I hope you guys had a bunch of fun learning 8365 05:28:39,400 --> 05:28:42,455 about Mac changes proxy chains and a bunch of stuff 8366 05:28:42,455 --> 05:28:44,900 that we did like Wi-Fi password cracking. 8367 05:28:44,900 --> 05:28:47,688 I hope you practice these procedures and methodologies 8368 05:28:47,688 --> 05:28:51,179 that have taught you only for your own educational purposes 8369 05:28:51,179 --> 05:28:54,800 and not use it to harm anybody or do anything harmful with it 8370 05:28:54,800 --> 05:28:57,100 because let me just tell you when he sees this. 8371 05:28:57,100 --> 05:28:59,596 You that you can be prosecuted by the law. 8372 05:28:59,596 --> 05:29:02,456 So let's end this video on a good note by saying 8373 05:29:02,456 --> 05:29:05,500 please practice this for only educational purposes. 8374 05:29:10,107 --> 05:29:13,900 If you are a hacker pentester security researcher 8375 05:29:13,900 --> 05:29:15,000 or just another person 8376 05:29:15,000 --> 05:29:17,600 who picks Google in front of friends to look cool, 8377 05:29:17,700 --> 05:29:18,500 then it's likely 8378 05:29:18,500 --> 05:29:21,687 that you must have already known about some Linux distros, 8379 05:29:21,687 --> 05:29:23,700 which are particularly made for them. 8380 05:29:23,700 --> 05:29:24,068 Today. 8381 05:29:24,068 --> 05:29:27,200 We're going to explore one such Linux distro parrot. 8382 05:29:27,200 --> 05:29:30,600 Security OS one of the leading Linux distribution 8383 05:29:30,600 --> 05:29:33,600 and penetration testing and ethical hacking. 8384 05:29:33,600 --> 05:29:36,608 So let's quickly go through today's agenda first. 8385 05:29:36,608 --> 05:29:38,300 We will Begin by discussing 8386 05:29:38,300 --> 05:29:41,587 how Linux distributions are suitable for ethical hacking 8387 05:29:41,587 --> 05:29:43,631 and different type of Linux distros 8388 05:29:43,631 --> 05:29:45,854 that are available for ethical hacking 8389 05:29:45,854 --> 05:29:47,371 and penetration testing. 8390 05:29:47,371 --> 05:29:49,900 Then we will begin with our today's topic 8391 05:29:49,900 --> 05:29:51,613 which is parrot security OS 8392 05:29:51,613 --> 05:29:54,153 we will discuss its features its history. 8393 05:29:54,153 --> 05:29:57,200 If or not parrot security OS is suitable for you. 8394 05:29:57,200 --> 05:29:58,815 Moving on we will see 8395 05:29:58,815 --> 05:30:02,584 how particular day OS is different from Kali Linux 8396 05:30:02,600 --> 05:30:04,134 and then I'll show you 8397 05:30:04,134 --> 05:30:07,900 how to install parrot security OS using VMware software 8398 05:30:07,900 --> 05:30:10,572 and finally we'll end the session by taking 8399 05:30:10,572 --> 05:30:13,543 a look at few popular parrot security OS tools. 8400 05:30:13,543 --> 05:30:15,944 So I hope agenda was cleared you guys. 8401 05:30:15,944 --> 05:30:17,941 Let's get started then a security 8402 05:30:17,941 --> 05:30:21,080 focused operating system is a hacker's best friend 8403 05:30:21,080 --> 05:30:24,000 as it helps a hacker to detect the weaknesses 8404 05:30:24,000 --> 05:30:26,800 in computer systems or computer networks. 8405 05:30:26,800 --> 05:30:30,211 whether you want to pursue a career in information security 8406 05:30:30,211 --> 05:30:33,270 or you are already working as a security professional 8407 05:30:33,270 --> 05:30:36,200 or if you are just interested in this specific field 8408 05:30:36,200 --> 05:30:38,500 for fun or decent Linux distro, 8409 05:30:38,500 --> 05:30:41,700 that suits your purpose is always a must now 8410 05:30:41,700 --> 05:30:42,900 if you're wondering 8411 05:30:42,900 --> 05:30:46,329 what a line X destroys it is a Linux distribution 8412 05:30:46,329 --> 05:30:50,500 that has been curated to perform security related tasks on most 8413 05:30:50,500 --> 05:30:54,459 of the time a lonex distro will have a line X base of the Ubuntu 8414 05:30:54,459 --> 05:30:58,500 or Debian flavor and the usually Some custom tools pre-installed 8415 05:30:58,500 --> 05:30:59,314 in it as well. 8416 05:30:59,314 --> 05:31:01,700 As you guys know line X is the best choice 8417 05:31:01,700 --> 05:31:04,478 for Security Professionals for obvious reasons. 8418 05:31:04,478 --> 05:31:05,083 And hence. 8419 05:31:05,083 --> 05:31:07,885 Most of the Destroyers are usually built on it 8420 05:31:07,885 --> 05:31:09,662 a line X distro can help you 8421 05:31:09,662 --> 05:31:11,027 in performing analysis 8422 05:31:11,027 --> 05:31:14,600 ethical hacking then iteration testing digital forensic task 8423 05:31:14,600 --> 05:31:16,600 and various other auditing purpose, 8424 05:31:16,600 --> 05:31:18,443 but guys apart from these destroys. 8425 05:31:18,443 --> 05:31:21,100 There are other open source tools as well that you 8426 05:31:21,100 --> 05:31:23,949 can bundle and use as per customer requirements, 8427 05:31:23,949 --> 05:31:26,800 but using these destroys have lot of advantages. 8428 05:31:26,800 --> 05:31:27,750 Like first default, 8429 05:31:27,750 --> 05:31:30,550 they save a lot of time and effort that you need to spend 8430 05:31:30,550 --> 05:31:32,800 when you are dealing with customer requirements. 8431 05:31:32,800 --> 05:31:35,333 Secondly the help beginners to easily start 8432 05:31:35,333 --> 05:31:36,600 with security testing 8433 05:31:36,600 --> 05:31:38,900 without having to get into the nitty gritties 8434 05:31:38,900 --> 05:31:40,100 of operating system. 8435 05:31:40,100 --> 05:31:41,400 And lastly the most 8436 05:31:41,400 --> 05:31:44,205 popular reason is you have great pool of distros 8437 05:31:44,205 --> 05:31:45,817 that you can choose from most 8438 05:31:45,817 --> 05:31:48,725 of the time Kali Linux is the obvious first choice 8439 05:31:48,725 --> 05:31:51,200 of operating system for every new hacker. 8440 05:31:51,200 --> 05:31:53,700 If you ask me why the obvious answer would be 8441 05:31:53,700 --> 05:31:57,200 because Kali Linux is lot of cool things it comes bundled. 8442 05:31:57,200 --> 05:32:00,020 With the curated collection of tools moreover. 8443 05:32:00,020 --> 05:32:03,135 These tools are organized into easy-to-navigate menu 8444 05:32:03,135 --> 05:32:04,492 and a Lifeboat option. 8445 05:32:04,492 --> 05:32:08,200 That's very new be user-friendly as an it's very friendly 8446 05:32:08,200 --> 05:32:09,594 to new ethical hacker, 8447 05:32:09,594 --> 05:32:12,455 but guys cullinane X is in the only distribution 8448 05:32:12,455 --> 05:32:14,465 which is targeted at pentesters. 8449 05:32:14,465 --> 05:32:17,522 There are many exciting Alternatives that may better 8450 05:32:17,522 --> 05:32:18,635 fit your use case. 8451 05:32:18,635 --> 05:32:21,800 Anyway, let's begin our discussion with Kali Linux. 8452 05:32:21,800 --> 05:32:24,900 It was developed by a fancy security as a rewrite 8453 05:32:24,900 --> 05:32:27,100 of backtrack Kali Linux distro. 8454 05:32:27,100 --> 05:32:29,294 Those tops the list of best operating system 8455 05:32:29,294 --> 05:32:31,000 for ethical hacking purposes. 8456 05:32:31,000 --> 05:32:32,906 And then there is parrot security OS 8457 05:32:32,906 --> 05:32:34,651 which is our today's discussion. 8458 05:32:34,651 --> 05:32:37,298 It is a mixture of Frozen box operating system 8459 05:32:37,298 --> 05:32:38,100 and Kali Linux. 8460 05:32:38,100 --> 05:32:41,200 It's the second most popular operating system vertical acting 8461 05:32:41,200 --> 05:32:42,800 and penetration testing is well, 8462 05:32:42,900 --> 05:32:44,841 and then you have back box Linux. 8463 05:32:44,841 --> 05:32:48,300 It's a win to based operating system with its focus mainly 8464 05:32:48,300 --> 05:32:51,232 on security assessment and penetration testing. 8465 05:32:51,232 --> 05:32:53,400 Then you have been to and excellent 8466 05:32:53,400 --> 05:32:55,900 hacking operating system with wide variety of tools 8467 05:32:55,900 --> 05:32:57,900 that you can choose from Apart 8468 05:32:57,900 --> 05:33:02,400 from this you have deaf clinics blackout lining cyborg backtrack 8469 05:33:02,400 --> 05:33:03,449 and many others. 8470 05:33:03,449 --> 05:33:05,220 But as for today's session, 8471 05:33:05,220 --> 05:33:08,500 we will be discussing about parrot operating system 8472 05:33:08,500 --> 05:33:10,561 that it OS is the second most 8473 05:33:10,561 --> 05:33:14,400 popular Linux distro vertical hacking after Kali Linux. 8474 05:33:14,400 --> 05:33:17,400 It is a comprehensive portable security lab 8475 05:33:17,400 --> 05:33:20,900 that you can use for cloud penetration testing computer 8476 05:33:20,900 --> 05:33:24,639 for insects reverse engineering hacking cryptography 8477 05:33:24,639 --> 05:33:26,900 and many other security purposes. 8478 05:33:26,900 --> 05:33:30,600 Now a little bit about his history the first release 8479 05:33:30,600 --> 05:33:34,000 of parrot OS appeared in April 10 2013. 8480 05:33:34,200 --> 05:33:37,500 Originally it was developed as part of Frozen box. 8481 05:33:37,500 --> 05:33:39,894 Now it has grown to include a community 8482 05:33:39,894 --> 05:33:41,532 of Open Source developers 8483 05:33:41,532 --> 05:33:45,400 Professional Security Experts Advocates of digital rights 8484 05:33:45,400 --> 05:33:48,700 and Linux enthusiasts from all over the world. 8485 05:33:48,700 --> 05:33:51,556 Well compared to others para sacar TOS promises 8486 05:33:51,556 --> 05:33:53,496 a lightweight operating system 8487 05:33:53,496 --> 05:33:56,600 and it's highly efficient along with its plethora 8488 05:33:56,600 --> 05:34:00,700 of Recognize tools you also get the opportunity to work 8489 05:34:00,700 --> 05:34:02,391 and surf anonymously 8490 05:34:02,400 --> 05:34:05,210 which is like a granted wish to an ethical hacker 8491 05:34:05,210 --> 05:34:08,617 or any penetration tester will learn about other features 8492 05:34:08,617 --> 05:34:10,500 in the later part of the session. 8493 05:34:10,500 --> 05:34:15,400 So moving on since its release in 2013 parrot has grown rapidly 8494 05:34:15,400 --> 05:34:16,630 and currently offers 8495 05:34:16,630 --> 05:34:20,265 many different flavors targeted towards different use cases. 8496 05:34:20,265 --> 05:34:20,994 For example, 8497 05:34:20,994 --> 05:34:22,909 like I said, we have para security. 8498 05:34:22,909 --> 05:34:24,547 It's the original parrot OS 8499 05:34:24,547 --> 05:34:26,899 and is designed with penetration testing. 8500 05:34:26,900 --> 05:34:28,684 Forensics hacking development 8501 05:34:28,684 --> 05:34:31,644 and privacy in mind then you also have parrot home 8502 05:34:31,644 --> 05:34:34,000 which is targeted towards desktop users. 8503 05:34:34,000 --> 05:34:36,482 It strips out the penetration testing packages 8504 05:34:36,482 --> 05:34:39,600 and presents are nicely configured Debian environment. 8505 05:34:39,600 --> 05:34:41,942 Then you have parrot are it's focused 8506 05:34:41,942 --> 05:34:45,000 on wireless penetration testing borrowed Studio. 8507 05:34:45,000 --> 05:34:47,509 It's designed with multimedia Creation in mind. 8508 05:34:47,509 --> 05:34:49,800 Then you have parrot Cloud the most popular 8509 05:34:49,800 --> 05:34:53,010 it Target server applications giving the user access 8510 05:34:53,010 --> 05:34:56,000 to full suit of penetration testing tools included 8511 05:34:56,000 --> 05:34:57,100 in part security. 8512 05:34:57,200 --> 05:34:59,600 But it doesn't have a graphical front end 8513 05:34:59,600 --> 05:35:02,100 like we do in Paris security moving on. 8514 05:35:02,100 --> 05:35:03,700 We also have parrot iot. 8515 05:35:03,700 --> 05:35:06,600 It's designed for low resources devices such as 8516 05:35:06,600 --> 05:35:08,231 orange Pi Raspberry Pi 8517 05:35:08,231 --> 05:35:10,900 and you have pine 64 and many others. 8518 05:35:10,900 --> 05:35:11,700 So it's true 8519 05:35:11,700 --> 05:35:14,300 that pallet security was doesn't have large community 8520 05:35:14,300 --> 05:35:16,900 of users behind it as Kali Linux dust, 8521 05:35:16,900 --> 05:35:19,094 but the distribution has been gaining a lot 8522 05:35:19,094 --> 05:35:20,400 of momentum recent years. 8523 05:35:20,400 --> 05:35:22,700 So things could be very different just a year 8524 05:35:22,700 --> 05:35:23,500 or two from now. 8525 05:35:23,700 --> 05:35:25,700 So let me convince you more. 8526 05:35:25,700 --> 05:35:28,815 Let's just discuss A features of parasitic rtos. 8527 05:35:28,815 --> 05:35:31,400 Let's start with the system requirement. 8528 05:35:31,400 --> 05:35:33,042 It's based on Debian 9. 8529 05:35:33,042 --> 05:35:34,400 It runs on a custom 8530 05:35:34,400 --> 05:35:38,389 hardened line X 4.5 kernel uses a mate desktop 8531 05:35:38,389 --> 05:35:40,620 and light DM display manager. 8532 05:35:40,900 --> 05:35:44,100 It requires a minimum of 256 MB RAM 8533 05:35:44,100 --> 05:35:48,100 and works with both 32 and 64-bit systems as well as 8534 05:35:48,100 --> 05:35:50,500 a are incompatible version apart 8535 05:35:50,500 --> 05:35:53,894 on this parrot OS can also be installed on cloud 8536 05:35:53,894 --> 05:35:57,100 and updated to perform cloud-based security. 8537 05:35:57,400 --> 05:35:59,861 So basically it runs on Debian 9. 8538 05:36:00,015 --> 05:36:03,784 It is compatible with 32 as well as 64-bit systems 8539 05:36:04,000 --> 05:36:05,900 and a RM systems as well 8540 05:36:06,100 --> 05:36:09,100 and it requires a minimum of 256 MB RAM. 8541 05:36:09,100 --> 05:36:12,324 So those are the system requirements moving on it 8542 05:36:12,324 --> 05:36:13,956 also supports anonymity. 8543 05:36:13,956 --> 05:36:17,964 It offers a tool called and non surf including anonymization 8544 05:36:17,964 --> 05:36:19,800 of entire operating system. 8545 05:36:19,800 --> 05:36:21,100 It comes with custom-built 8546 05:36:21,100 --> 05:36:24,625 anti-foreign sick tools interfaces for gpg and crisp 8547 05:36:24,625 --> 05:36:26,400 that up originally it also 8548 05:36:26,400 --> 05:36:30,488 supports Bose encryption tools such as Elle UK has truecrypt 8549 05:36:30,488 --> 05:36:34,700 and veracrypt and many others moving on it also supports 8550 05:36:34,700 --> 05:36:37,762 forensic boot option to shut put Ottomans 8551 05:36:37,762 --> 05:36:39,600 plus many more it braces 8552 05:36:39,600 --> 05:36:43,500 Falcon programming language multiple compilers debuggers 8553 05:36:43,500 --> 05:36:46,115 and Beyond it also provides full support 8554 05:36:46,115 --> 05:36:49,200 for developing Frameworks for embedding systems 8555 05:36:49,200 --> 05:36:50,800 and many other amazing features. 8556 05:36:51,000 --> 05:36:53,855 So Guys, these are few features of para todos. 8557 05:36:53,855 --> 05:36:56,664 So basically parrot operating system supports 8558 05:36:56,664 --> 05:37:00,145 and Amity it offers different kind of cryptography tools. 8559 05:37:00,145 --> 05:37:04,228 It also supports forensic mode and it also provides opportunity 8560 05:37:04,228 --> 05:37:06,694 to develop Frameworks for embedded systems 8561 05:37:06,694 --> 05:37:09,100 and many other amazing features moving on 8562 05:37:09,100 --> 05:37:11,805 before you go ahead and use parrot OS there are 8563 05:37:11,805 --> 05:37:13,351 some important considerations 8564 05:37:13,351 --> 05:37:15,262 that you need to take a look at first 8565 05:37:15,262 --> 05:37:18,182 of all parrot towards provides general purpose features, 8566 05:37:18,182 --> 05:37:20,177 like any other normal operating system, 8567 05:37:20,177 --> 05:37:23,259 but guys before you go ahead and use para Todo es there are 8568 05:37:23,259 --> 05:37:24,800 some important considerations 8569 05:37:24,800 --> 05:37:26,834 that you need to take a look at first. 8570 05:37:26,834 --> 05:37:29,200 Of all it provides general purpose features, 8571 05:37:29,200 --> 05:37:31,300 like any other normal operating system does 8572 05:37:31,400 --> 05:37:34,424 but at its core it is still tuned for security 8573 05:37:34,424 --> 05:37:35,500 and foreign six. 8574 05:37:35,500 --> 05:37:37,852 Now, let's see how different parrot OS is 8575 05:37:37,852 --> 05:37:39,260 from other distributions. 8576 05:37:39,260 --> 05:37:42,300 Bharat is different from a general-purpose distribution 8577 05:37:42,300 --> 05:37:45,200 because it does not try to hide its features. 8578 05:37:45,200 --> 05:37:48,552 For example, there is a tool called parrot update reminder. 8579 05:37:48,552 --> 05:37:51,600 It's simple yet powerful program using this program. 8580 05:37:51,600 --> 05:37:54,129 You can check for system upgrades once a week, 8581 05:37:54,129 --> 05:37:56,996 but instead of hiding the upgrade process behind it. 8582 05:37:56,996 --> 05:37:59,473 This part like any other operating system. 8583 05:37:59,473 --> 05:38:01,826 It shows the user the full update process 8584 05:38:01,826 --> 05:38:03,056 from the APT output. 8585 05:38:03,056 --> 05:38:05,700 So you can see the upgrade process going on. 8586 05:38:05,700 --> 05:38:07,600 Secondly parrot was designed 8587 05:38:07,600 --> 05:38:11,000 to be a very comfortable environment for Security Experts 8588 05:38:11,000 --> 05:38:11,960 and researchers. 8589 05:38:11,960 --> 05:38:14,600 It includes many basic programs for daily use 8590 05:38:14,600 --> 05:38:17,500 which other penetration testing distributions usually 8591 05:38:17,500 --> 05:38:21,200 exclude part security includes its own sandbox system. 8592 05:38:21,200 --> 05:38:25,066 I mean, it provides a secure distribution user applications 8593 05:38:25,066 --> 05:38:28,600 and parrot are protected to Emmett the damages in case 8594 05:38:28,600 --> 05:38:31,000 if the system is compromised anytime. 8595 05:38:31,000 --> 05:38:33,000 So this way no harm is caused. 8596 05:38:33,000 --> 05:38:36,263 So like we discussed earlier it also supports Digital 8597 05:38:36,263 --> 05:38:39,840 four and six digital forensics experts need an environment 8598 05:38:39,840 --> 05:38:42,100 that does not compromise their proof. 8599 05:38:42,100 --> 05:38:44,525 So pirate comes with Autumn and functions 8600 05:38:44,525 --> 05:38:46,240 which are disabled by default 8601 05:38:46,240 --> 05:38:48,900 to all of four and six Acquisitions to perform 8602 05:38:48,900 --> 05:38:50,200 in a very safe way. 8603 05:38:50,400 --> 05:38:52,200 So before you go ahead 8604 05:38:52,200 --> 05:38:54,600 and choose any of these operating system, 8605 05:38:54,600 --> 05:38:56,700 make sure you check out their features. 8606 05:38:56,700 --> 05:38:58,950 The services they offer and make sure that 8607 05:38:58,950 --> 05:39:00,600 if they are suitable for the task, 8608 05:39:00,600 --> 05:39:03,220 which you want to perform but as for Peridot s 8609 05:39:03,220 --> 05:39:05,465 these are its features we discussed earlier 8610 05:39:05,465 --> 05:39:07,126 and these are the certain points 8611 05:39:07,126 --> 05:39:09,100 that you should take into consideration 8612 05:39:09,100 --> 05:39:10,771 before you go ahead and use it. 8613 05:39:10,771 --> 05:39:12,359 Now if you're wondering who 8614 05:39:12,359 --> 05:39:14,435 the parrot security is made for well, 8615 05:39:14,435 --> 05:39:17,200 it's made for Security Experts digital forensics 8616 05:39:17,200 --> 05:39:20,300 experts engineering and IIT students researchers, 8617 05:39:20,300 --> 05:39:23,016 you have journalists and activists as well in the list 8618 05:39:23,016 --> 05:39:25,751 and you have the new be hackers police officers 8619 05:39:25,751 --> 05:39:26,986 and special security. 8620 05:39:26,986 --> 05:39:27,668 Institutions. 8621 05:39:27,668 --> 05:39:30,422 So basically if you ask me it's suitable for a student 8622 05:39:30,422 --> 05:39:32,614 or the entry level Security Experts as well. 8623 05:39:32,614 --> 05:39:33,800 So first, I'll show you 8624 05:39:33,800 --> 05:39:36,600 how to install para sacar TOS on VMware. 8625 05:39:36,600 --> 05:39:38,700 So basically when it comes to installation, 8626 05:39:38,700 --> 05:39:39,700 you have two options, 8627 05:39:39,700 --> 05:39:41,641 you can install parrot security OS 8628 05:39:41,641 --> 05:39:44,829 alongside your operating system using dual boot option 8629 05:39:44,829 --> 05:39:48,500 or you can install it using any of these virtualization software 8630 05:39:48,500 --> 05:39:50,290 like virtual box or VMware. 8631 05:39:50,290 --> 05:39:51,847 Ask for today's session. 8632 05:39:51,847 --> 05:39:54,700 I'll show you how to install it using VMware. 8633 05:39:54,700 --> 05:39:57,000 So let's get started with our installation. 8634 05:39:57,900 --> 05:40:00,499 So, where is this search for the pirate security West 8635 05:40:00,499 --> 05:40:03,500 and it most probably the first link that you find on the net. 8636 05:40:03,500 --> 05:40:06,100 This is particle TOS official website 8637 05:40:06,100 --> 05:40:06,895 as you can see, 8638 05:40:06,895 --> 05:40:09,000 there's a little bit about its history. 8639 05:40:09,000 --> 05:40:09,764 Its features. 8640 05:40:09,764 --> 05:40:11,470 It says it's based on Debian. 8641 05:40:11,470 --> 05:40:14,600 It's designed for security development and privacy in mind. 8642 05:40:14,600 --> 05:40:16,737 It also includes a laboratory for security 8643 05:40:16,737 --> 05:40:20,287 and digital forensics experts along with that it also focuses 8644 05:40:20,287 --> 05:40:22,400 if you want to develop your own software 8645 05:40:22,400 --> 05:40:23,671 and all that and it's 8646 05:40:23,671 --> 05:40:27,000 project goals mostly a security privacy and development. 8647 05:40:27,000 --> 05:40:30,270 This is the Which you should consider important development 8648 05:40:30,270 --> 05:40:32,799 unlike other operating systems its features. 8649 05:40:32,799 --> 05:40:34,089 It secure lightweight 8650 05:40:34,089 --> 05:40:37,588 when compared to Kali Linux or any other operating systems 8651 05:40:37,588 --> 05:40:39,000 and it's a free source. 8652 05:40:39,000 --> 05:40:40,722 So go ahead and explore it. 8653 05:40:40,722 --> 05:40:42,700 So as for the download options, 8654 05:40:42,700 --> 05:40:44,800 you can go for security addition here 8655 05:40:44,800 --> 05:40:47,800 and the download menu here you can see other options as well. 8656 05:40:47,800 --> 05:40:50,000 It says home edition security 8657 05:40:50,000 --> 05:40:53,352 and other bills we discussed few of the flavors of pirate. 8658 05:40:53,352 --> 05:40:54,100 Orsolya. 8659 05:40:54,100 --> 05:40:56,700 We discussed pirate home part are part student 8660 05:40:56,700 --> 05:40:57,783 when you lose any weight 8661 05:40:57,783 --> 05:41:00,091 If you're concerned with parrot security four point 8662 05:41:00,091 --> 05:41:02,400 five point one is a current version that's running. 8663 05:41:02,400 --> 05:41:04,663 So you have two options here to download. 8664 05:41:04,663 --> 05:41:06,700 First of all take a look at the size. 8665 05:41:06,700 --> 05:41:08,800 It's 3.7 GB and 5.9 GB. 8666 05:41:08,800 --> 05:41:11,150 So make sure whichever you want you downloading it 8667 05:41:11,150 --> 05:41:13,500 depending on your operating system requirements. 8668 05:41:13,500 --> 05:41:16,500 And as you can see, this is a lifeblood installer. 8669 05:41:16,500 --> 05:41:18,600 I so this is a virtual Appliance. 8670 05:41:18,600 --> 05:41:20,200 You can choose any of these 8671 05:41:20,200 --> 05:41:22,000 if download is taking a little longer 8672 05:41:22,000 --> 05:41:23,058 than you expected. 8673 05:41:23,058 --> 05:41:25,200 Maybe you can go for mirrors or a torrent. 8674 05:41:25,200 --> 05:41:26,600 So I've already installed it. 8675 05:41:26,600 --> 05:41:28,408 I'm not doing it I have What is 8676 05:41:28,408 --> 05:41:31,500 a file as well as the Soviet format installed as well? 8677 05:41:31,500 --> 05:41:34,200 Next thing we need to do is install VMware. 8678 05:41:34,200 --> 05:41:37,500 So VMware VMware Workstation Pro. 8679 05:41:38,300 --> 05:41:40,300 So you have a download option here. 8680 05:41:40,300 --> 05:41:42,900 You can go ahead and download it you have 8681 05:41:42,900 --> 05:41:46,100 for the free option yard also have VMware Player. 8682 05:41:46,100 --> 05:41:47,600 I guess fate here. 8683 05:41:47,600 --> 05:41:51,400 I go the Ling sorry about that here in the downloads 8684 05:41:51,400 --> 05:41:53,000 so you can go for a workstation Pro 8685 05:41:53,000 --> 05:41:54,900 or you can also go for workstation play 8686 05:41:54,900 --> 05:41:55,896 or hear any of this 8687 05:41:55,896 --> 05:41:58,400 with civil suits you have he downloaded it. 8688 05:41:58,400 --> 05:41:59,782 It's going to take for a while. 8689 05:41:59,782 --> 05:42:01,700 And then all you have to do is install click 8690 05:42:01,700 --> 05:42:04,000 on next and finish the installation process. 8691 05:42:04,000 --> 05:42:06,000 So before you start your virtual machine, 8692 05:42:06,000 --> 05:42:09,200 make sure you have your parrot OS image ISO file 8693 05:42:09,200 --> 05:42:11,900 or Ruby a format which ever is of your choice. 8694 05:42:11,900 --> 05:42:14,800 And then here we go VMware Workstation homepage. 8695 05:42:14,800 --> 05:42:15,744 Yeah, as you can see 8696 05:42:15,744 --> 05:42:18,200 I already have a pirate OS operating system installed 8697 05:42:18,200 --> 05:42:21,241 your or washing machine install your this is I have install 8698 05:42:21,241 --> 05:42:22,145 it using ISO file. 8699 05:42:22,145 --> 05:42:22,918 It's very easy. 8700 05:42:22,918 --> 05:42:24,268 I'll show you how to do it. 8701 05:42:24,268 --> 05:42:25,600 But if you have ovf format, 8702 05:42:25,600 --> 05:42:28,000 all you have to do is click on this file menu. 8703 05:42:28,000 --> 05:42:29,359 Open and as you can see, 8704 05:42:29,359 --> 05:42:32,332 I have a particle T over here and click and import it. 8705 05:42:32,332 --> 05:42:34,800 That's all click select it and click on open. 8706 05:42:34,800 --> 05:42:37,100 So I'm not going to show you how to do that. 8707 05:42:37,300 --> 05:42:39,100 So it's very straightforward process. 8708 05:42:39,100 --> 05:42:39,700 That's it. 8709 05:42:39,700 --> 05:42:40,700 This is my ISO file. 8710 05:42:40,700 --> 05:42:42,900 Let me show it to you again how to install it. 8711 05:42:42,900 --> 05:42:44,100 Anyway current file 8712 05:42:44,100 --> 05:42:46,700 or you can just go for create a new virtual machine. 8713 05:42:46,700 --> 05:42:51,000 Yah, click on next and attached ISO file browse. 8714 05:42:51,000 --> 05:42:53,400 I have it in my local this T here. 8715 05:42:53,400 --> 05:42:57,638 I have a pair of security and open next it selinux it did. 8716 05:42:57,638 --> 05:43:00,999 Bian latest version which is 64 bit and click 8717 05:43:00,999 --> 05:43:05,200 on next give any suitable name for your virtual machine. 8718 05:43:05,200 --> 05:43:09,300 Let's say parrot secured t Okay, 8719 05:43:09,700 --> 05:43:12,300 Wes and click on next. 8720 05:43:12,500 --> 05:43:15,400 Let's assign about 40 GB it again. 8721 05:43:15,400 --> 05:43:16,766 Depends on what you want to do. 8722 05:43:16,766 --> 05:43:18,000 If you're doing heavy tasks. 8723 05:43:18,000 --> 05:43:19,900 Maybe you can assign more disk. 8724 05:43:19,900 --> 05:43:22,900 So as it a store-bought shall discuss a single file 8725 05:43:22,900 --> 05:43:24,495 or split into multiple files. 8726 05:43:24,495 --> 05:43:27,655 I'm going to choose single file click on next and you 8727 05:43:27,655 --> 05:43:28,700 And always go ahead 8728 05:43:28,700 --> 05:43:31,600 and make this customize Hardware settings earlier or later, 8729 05:43:31,900 --> 05:43:33,749 but you can do it now as well. 8730 05:43:33,749 --> 05:43:35,000 Customize Hardware. 8731 05:43:35,000 --> 05:43:36,600 I have not connection as 8732 05:43:36,600 --> 05:43:39,100 for network adapter memory 5 to well, 8733 05:43:39,200 --> 05:43:43,200 let's just say 2 GB and not 8734 05:43:43,200 --> 05:43:45,046 yeah, we set processors. 8735 05:43:45,046 --> 05:43:48,507 I'm just designing one for now cool and clues. 8736 05:43:48,700 --> 05:43:49,850 You can see the changes 8737 05:43:49,850 --> 05:43:51,600 which are made are displayed here. 8738 05:43:51,600 --> 05:43:52,735 Once you're satisfied 8739 05:43:52,735 --> 05:43:55,600 with your settings with that you made click on finish. 8740 05:43:55,600 --> 05:43:57,500 You're good to go your cigars. 8741 05:43:57,500 --> 05:44:00,147 System is been displaying your so like I said, 8742 05:44:00,147 --> 05:44:02,300 you can always make settings later on. 8743 05:44:02,300 --> 05:44:04,900 You have the set it question machine setting options here. 8744 05:44:04,900 --> 05:44:06,100 Just click on this. 8745 05:44:07,500 --> 05:44:10,200 Let me maximize the screen for you guys. 8746 05:44:10,200 --> 05:44:13,611 So as you can see the parrot security ISO is very flexible. 8747 05:44:13,611 --> 05:44:16,850 There are quite a few options you have live mode. 8748 05:44:16,850 --> 05:44:19,300 You have terminal mode you have Ram mode. 8749 05:44:19,300 --> 05:44:22,895 So basically live mode is just a standard live USB boot option 8750 05:44:22,895 --> 05:44:24,130 just like you can see 8751 05:44:24,130 --> 05:44:26,300 while you're installing Kali Linux suppose. 8752 05:44:26,300 --> 05:44:28,400 If you don't know how to install Kali Linux, 8753 05:44:28,400 --> 05:44:30,800 there's a video on how to install it as well by durocher. 8754 05:44:30,800 --> 05:44:33,300 You can refer to that in the the clacking playlist. 8755 05:44:33,300 --> 05:44:34,587 Okay, so coming back. 8756 05:44:34,587 --> 05:44:37,121 Sorry about that you have Have a persistence 8757 05:44:37,121 --> 05:44:39,600 more encrypted persistence foreign six mode 8758 05:44:39,600 --> 05:44:40,987 and all that terminal mode. 8759 05:44:40,987 --> 05:44:43,300 As you can see is out of the live boot option. 8760 05:44:43,300 --> 05:44:46,304 But without graphical user interface the most popular one 8761 05:44:46,304 --> 05:44:47,285 among new hackers, 8762 05:44:47,285 --> 05:44:49,956 or if you're the first time user is install option 8763 05:44:49,956 --> 05:44:51,700 with a graphical user interface. 8764 05:44:51,700 --> 05:44:54,900 So it's almost familiar with Kali Linux users. 8765 05:44:54,900 --> 05:44:56,900 If you want to get a feel of parrot security 8766 05:44:56,900 --> 05:44:57,800 if analyst features, 8767 05:44:57,800 --> 05:44:59,188 maybe you can give for live mode, 8768 05:44:59,188 --> 05:45:00,538 but if you want to get just 8769 05:45:00,538 --> 05:45:02,600 started then you can always go for install mode. 8770 05:45:02,600 --> 05:45:06,400 I'm going to click on that and click on standard install. 8771 05:45:08,000 --> 05:45:11,700 So it's mounting all the installation tools 8772 05:45:11,700 --> 05:45:12,900 and all that. 8773 05:45:13,000 --> 05:45:16,800 So once the machine is booted up you'll be asked to select 8774 05:45:16,800 --> 05:45:19,488 your preferred language the broad menu select 8775 05:45:19,488 --> 05:45:21,400 the graphical installer options 8776 05:45:21,400 --> 05:45:23,300 and click on let's say English 8777 05:45:23,300 --> 05:45:26,500 and United States American English. 8778 05:45:27,400 --> 05:45:28,300 So then the loader 8779 05:45:28,300 --> 05:45:30,900 will automatically install some additional components 8780 05:45:30,900 --> 05:45:33,200 and configure your network related settings. 8781 05:45:33,603 --> 05:45:35,296 It might take a while. 8782 05:45:36,100 --> 05:45:38,400 So basically then the installer should prompt 8783 05:45:38,400 --> 05:45:40,700 you for a host name and the root password. 8784 05:45:40,800 --> 05:45:43,700 Let's give some root password give the password 8785 05:45:43,700 --> 05:45:48,800 of your choice reenter the password for verification. 8786 05:45:49,600 --> 05:45:51,462 And now it's gonna ask you 8787 05:45:51,462 --> 05:45:54,400 to set up a user apart from the root user. 8788 05:45:54,500 --> 05:45:57,700 So let's just say test user continue. 8789 05:45:58,000 --> 05:46:00,449 I'm going to keep it as tests continue 8790 05:46:00,449 --> 05:46:02,700 and choose a password for the new user 8791 05:46:02,700 --> 05:46:03,600 which is different 8792 05:46:03,600 --> 05:46:06,300 from the root user password that you'll have to remember. 8793 05:46:06,300 --> 05:46:08,400 What so just give this new user 8794 05:46:08,400 --> 05:46:12,300 a passport continue re-enter the password? 8795 05:46:13,300 --> 05:46:13,800 Okay. 8796 05:46:13,800 --> 05:46:17,098 Let me just go back and my mistake. 8797 05:46:17,100 --> 05:46:18,400 Let me try it again. 8798 05:46:19,500 --> 05:46:21,100 Select your time zone. 8799 05:46:21,100 --> 05:46:23,872 So basically after you've set your password, 8800 05:46:23,872 --> 05:46:26,000 it's asking you for the time zone. 8801 05:46:26,000 --> 05:46:28,000 Let's say central eastern. 8802 05:46:29,300 --> 05:46:32,182 So now the installer will provide you four choices 8803 05:46:32,182 --> 05:46:34,000 about the partition of the disk. 8804 05:46:34,000 --> 05:46:35,091 The easiest option 8805 05:46:35,091 --> 05:46:37,788 for you is to use guided use entire disk option 8806 05:46:37,788 --> 05:46:41,223 which the first option here experienced users can always go 8807 05:46:41,223 --> 05:46:43,000 for manual partitioning method 8808 05:46:43,000 --> 05:46:45,600 for more granular configuration options. 8809 05:46:47,110 --> 05:46:48,800 So yeah Gaiden partitioning 8810 05:46:48,800 --> 05:46:51,548 I'm going to select that guide use entire disk. 8811 05:46:51,548 --> 05:46:53,576 This is the disc we're going to store 8812 05:46:53,576 --> 05:46:54,400 so it's asking 8813 05:46:54,400 --> 05:46:57,700 if you want to store all files in one partition or different. 8814 05:46:57,700 --> 05:46:59,500 Let's just say all files in one. 8815 05:46:59,500 --> 05:47:01,653 Mission and hit on continue. 8816 05:47:01,700 --> 05:47:03,900 So now we will have to confirm all the changes 8817 05:47:03,900 --> 05:47:06,635 to be made to the disk on the host machine be aware 8818 05:47:06,635 --> 05:47:09,323 that continuing will erase the data on the disk. 8819 05:47:09,323 --> 05:47:12,499 So after that you can just click on finish partitioning 8820 05:47:12,499 --> 05:47:13,800 and writing disk thing. 8821 05:47:13,800 --> 05:47:15,953 It's asking if you want to write the changes 8822 05:47:15,953 --> 05:47:17,100 to the disk, obviously. 8823 05:47:17,100 --> 05:47:17,300 Yes. 8824 05:47:17,300 --> 05:47:17,800 So click. 8825 05:47:17,800 --> 05:47:18,200 Yes. 8826 05:47:18,500 --> 05:47:21,400 So once aren't confirming the partition changes 8827 05:47:21,400 --> 05:47:23,500 the installer will run through the process 8828 05:47:23,500 --> 05:47:27,338 of installing the files let it install the system automatically 8829 05:47:27,338 --> 05:47:28,700 this may take a while. 8830 05:47:28,700 --> 05:47:31,800 So I'm we'll meet you guys once installation is done. 8831 05:47:38,800 --> 05:47:40,700 So once installation is done It'll ask you 8832 05:47:40,700 --> 05:47:42,800 if you want to install the GRUB boot loader 8833 05:47:42,800 --> 05:47:44,400 on your hardest just say yes 8834 05:47:44,400 --> 05:47:46,000 and click on enter device 8835 05:47:46,000 --> 05:47:48,700 manually or sorry just click the device, 8836 05:47:48,700 --> 05:47:51,000 which is already there go back. 8837 05:47:51,542 --> 05:47:55,157 The installation process is now almost complete. 8838 05:47:57,700 --> 05:47:59,600 So guys the installation is done. 8839 05:47:59,600 --> 05:48:01,194 Once the installation is done. 8840 05:48:01,194 --> 05:48:02,900 You can see the machine boots 8841 05:48:02,900 --> 05:48:05,471 you intimated desktop environment as an if you 8842 05:48:05,471 --> 05:48:08,100 have chosen to install option will be presented 8843 05:48:08,100 --> 05:48:10,200 with a light DM login screen. 8844 05:48:10,200 --> 05:48:12,508 So basically you'll have to enter the password 8845 05:48:12,508 --> 05:48:15,057 and the which is set up for the test use earlier. 8846 05:48:15,057 --> 05:48:16,184 Not the root password. 8847 05:48:16,184 --> 05:48:17,300 Please do remember that. 8848 05:48:17,300 --> 05:48:19,400 I'm sure you remember setting up a password 8849 05:48:19,400 --> 05:48:22,700 for the user right that password and login. 8850 05:48:25,011 --> 05:48:26,088 So here we go. 8851 05:48:26,700 --> 05:48:29,026 So guys here we are as you can see 8852 05:48:29,026 --> 05:48:32,708 the machine boots you into the mate desktop environment. 8853 05:48:32,708 --> 05:48:35,209 Let me pronounce it M80 you can call it 8854 05:48:35,209 --> 05:48:38,500 whatever you want mate or mate desktop environment. 8855 05:48:38,500 --> 05:48:39,587 So as you can see, 8856 05:48:39,587 --> 05:48:41,279 it's very good looking apart 8857 05:48:41,279 --> 05:48:44,300 from that parrot Security will automatically detect 8858 05:48:44,300 --> 05:48:45,600 when updates are available 8859 05:48:45,600 --> 05:48:48,600 and prompt you to update the system as soon as you 8860 05:48:48,600 --> 05:48:49,600 install it here. 8861 05:48:49,600 --> 05:48:52,500 It's not showing it to me because I've already updated it, 8862 05:48:52,500 --> 05:48:55,500 but Otherwise, all you can do is just go to the terminal here. 8863 05:48:55,500 --> 05:48:58,100 You can see terminal option here right go to terminal there 8864 05:48:58,100 --> 05:49:03,400 and just say sudo apt-get update last me for the password. 8865 05:49:06,600 --> 05:49:07,900 How'd it go? 8866 05:49:10,000 --> 05:49:13,300 Might be a matter of updated in another virtual machine. 8867 05:49:13,300 --> 05:49:15,500 Anyway, I installed the other one as well. 8868 05:49:15,500 --> 05:49:18,000 Maybe it's in that anyway, I'll update for you. 8869 05:49:18,000 --> 05:49:20,800 So let me just minimize this while it's updating. 8870 05:49:20,800 --> 05:49:22,800 Let's go ahead and do other things. 8871 05:49:22,800 --> 05:49:24,400 So it's almost done I guess. 8872 05:49:24,400 --> 05:49:26,700 Yeah, as you can see it's almost updated 8873 05:49:26,700 --> 05:49:28,500 and it says 116 packages 8874 05:49:28,500 --> 05:49:32,200 more can be upgraded and if I want to have to run update list, 8875 05:49:32,200 --> 05:49:34,249 if you want to see which of those packets 8876 05:49:34,249 --> 05:49:36,760 are have to just list out those using app command. 8877 05:49:36,760 --> 05:49:38,400 Yo, I'm not showing you two guys. 8878 05:49:38,400 --> 05:49:41,300 So anyway when you're making you First make sure you system 8879 05:49:41,300 --> 05:49:42,900 always stays updated. 8880 05:49:42,900 --> 05:49:46,100 Okay, let's go back to exploring parrot towards so 8881 05:49:46,100 --> 05:49:47,900 as you can see system is laid out 8882 05:49:47,900 --> 05:49:49,500 in a very straightforward manner 8883 05:49:49,500 --> 05:49:52,400 with a collection of tools that you might be familiar with. 8884 05:49:52,400 --> 05:49:53,770 If you're using Kali Linux 8885 05:49:53,770 --> 05:49:56,667 before the menu system is almost similar to Kali Linux 8886 05:49:56,667 --> 05:49:59,400 and it's very easy to navigate the real differences 8887 05:49:59,400 --> 05:50:03,100 that parrot security is meant to be used as a daily driver as 8888 05:50:03,100 --> 05:50:04,633 in your regular operating system 8889 05:50:04,633 --> 05:50:06,680 through the other things as well to prove 8890 05:50:06,680 --> 05:50:09,700 that you can see you have sound and video options here a lot 8891 05:50:09,700 --> 05:50:13,000 of Grabbing languages options as well you have system tools 8892 05:50:13,000 --> 05:50:17,103 and you have Graphics included you have office applications 8893 05:50:17,103 --> 05:50:18,978 of software's you have base. 8894 05:50:18,978 --> 05:50:20,300 You have math writer 8895 05:50:20,300 --> 05:50:23,800 and planner just like any other normal operating system. 8896 05:50:23,800 --> 05:50:26,971 So while you can use color index as a desktop workstation, 8897 05:50:26,971 --> 05:50:30,006 it is really is a penetration testing distribution first. 8898 05:50:30,006 --> 05:50:31,596 I'm talking about Kali Linux. 8899 05:50:31,596 --> 05:50:33,875 So with curly you need to build the system 8900 05:50:33,875 --> 05:50:35,581 towards being a daily use system 8901 05:50:35,581 --> 05:50:38,283 as in you start using Kali Linux you need to modify 8902 05:50:38,283 --> 05:50:39,959 or you need to customize it in. 8903 05:50:39,959 --> 05:50:42,555 Your way that you make it more plausible or easy 8904 05:50:42,555 --> 05:50:44,600 for you to use for the daily purposes, 8905 05:50:44,600 --> 05:50:48,000 but that's not the case with parrot security OS its interface 8906 05:50:48,000 --> 05:50:49,249 and everything is so good. 8907 05:50:49,249 --> 05:50:51,600 It almost appears like a normal operating system 8908 05:50:51,600 --> 05:50:54,100 and it is like a very normal operating system. 8909 05:50:54,100 --> 05:50:56,000 So you have your penetrating distance 8910 05:50:56,000 --> 05:50:58,200 which are there and along with that you have 8911 05:50:58,200 --> 05:51:01,900 your day-to-day applications are also there in this now talking 8912 05:51:01,900 --> 05:51:03,791 about the system requirements 8913 05:51:03,791 --> 05:51:06,400 the default palette Security install uses 8914 05:51:06,400 --> 05:51:08,300 about 300 13 MB of ram. 8915 05:51:08,300 --> 05:51:11,300 So as you can see here you can see The squad little bar. 8916 05:51:11,300 --> 05:51:12,800 It's like a task manager, 8917 05:51:12,800 --> 05:51:15,800 which you can find it in your windows can click on that. 8918 05:51:15,800 --> 05:51:18,200 It will show you all the progress that's going on. 8919 05:51:18,350 --> 05:51:19,350 First of all, 8920 05:51:19,400 --> 05:51:23,400 it says the pirate gnu Linux system in the release 8921 05:51:23,446 --> 05:51:24,600 and the colonel 8922 05:51:24,600 --> 05:51:27,100 all the information about your ISO file 8923 05:51:27,100 --> 05:51:29,511 and you have made desktop environment here 8924 05:51:29,511 --> 05:51:30,323 in the hardware, 8925 05:51:30,323 --> 05:51:33,234 which is this and the presser it's based on available space 8926 05:51:33,234 --> 05:51:35,472 and all that when you click on the processes, 8927 05:51:35,472 --> 05:51:37,761 it shows all the processor which are currently 8928 05:51:37,761 --> 05:51:40,000 running sleeping just like your task manager. 8929 05:51:40,000 --> 05:51:41,900 And your Windows operating system. 8930 05:51:41,900 --> 05:51:43,396 So yeah, like I said, 8931 05:51:43,396 --> 05:51:47,600 it requires about 200 13 MB of ram approximately around that 8932 05:51:47,600 --> 05:51:48,500 but of course, 8933 05:51:48,500 --> 05:51:51,000 this is only system related process running 8934 05:51:51,000 --> 05:51:52,400 when compared to Kali Linux. 8935 05:51:52,400 --> 05:51:55,100 It's very lightweight callanetics install requires 8936 05:51:55,100 --> 05:51:56,500 about 600 4 MB of RAM 8937 05:51:56,500 --> 05:51:59,256 and that too only with system related process running. 8938 05:51:59,256 --> 05:52:01,700 So, like I said, it's a very lightweight system. 8939 05:52:01,700 --> 05:52:02,800 So yeah, the bar is 8940 05:52:02,800 --> 05:52:04,800 a task manager it lists all the processes 8941 05:52:04,800 --> 05:52:07,800 that are running and all that you obviously have a terminal 8942 05:52:07,800 --> 05:52:10,900 which I showed earlier the Cool thing with terminal is 8943 05:52:10,900 --> 05:52:12,800 that it goes with their interface. 8944 05:52:12,800 --> 05:52:13,600 Other than that. 8945 05:52:13,600 --> 05:52:15,800 It's pretty much like any other normal dominant. 8946 05:52:15,800 --> 05:52:18,300 And then there is a pure ends of the interface. 8947 05:52:18,300 --> 05:52:21,779 I mean my first reaction when I saw it was wow, amazing, 8948 05:52:21,779 --> 05:52:24,500 right when compared to the plain Kali Linux. 8949 05:52:24,500 --> 05:52:26,906 So yeah, you get to use cool collection 8950 05:52:26,906 --> 05:52:28,300 of wallpapers as well. 8951 05:52:28,300 --> 05:52:31,200 You have change desktop background here you 8952 05:52:31,200 --> 05:52:34,900 have fonts interface and see you have quite a lot 8953 05:52:34,900 --> 05:52:36,900 of collection of wallpapers 8954 05:52:36,900 --> 05:52:40,000 and you can go ahead and add your Customs as well. 8955 05:52:40,200 --> 05:52:42,400 That's all about the interface. 8956 05:52:42,400 --> 05:52:43,600 And like I said, 8957 05:52:43,600 --> 05:52:45,500 it's like any other normal operating system. 8958 05:52:45,500 --> 05:52:48,100 So it comes with a lot of programming languages 8959 05:52:48,100 --> 05:52:50,400 and a bunch of text editors. 8960 05:52:50,700 --> 05:52:52,900 You also have IDs as well. 8961 05:52:52,923 --> 05:52:56,076 It uses plume as your default text editor. 8962 05:52:56,500 --> 05:52:58,000 So that's it 8963 05:52:58,000 --> 05:53:01,400 when talking about the normal operating system not talk 8964 05:53:01,400 --> 05:53:03,782 about the performance almost all of his know 8965 05:53:03,782 --> 05:53:05,500 that color index is a bit laggy 8966 05:53:05,500 --> 05:53:07,505 and when you run it on a low-end system, 8967 05:53:07,505 --> 05:53:09,100 sometimes it's like a nightmare 8968 05:53:09,100 --> 05:53:11,398 when you have Have Brute Force attack going on 8969 05:53:11,398 --> 05:53:12,457 in the background. 8970 05:53:12,457 --> 05:53:14,000 Are you doing something else? 8971 05:53:14,000 --> 05:53:17,824 It's gonna be worried say stock or it's very slow but imperative 8972 05:53:17,824 --> 05:53:18,900 it's very lightweight 8973 05:53:18,900 --> 05:53:20,700 and doesn't like much as you can see, 8974 05:53:20,700 --> 05:53:23,963 it's smooth now talk about Hardware requirements. 8975 05:53:23,963 --> 05:53:25,800 Pretty much both Kali Linux 8976 05:53:25,800 --> 05:53:28,270 and your parrot required high end Hardware, 8977 05:53:28,270 --> 05:53:31,000 but Pat, it needs low specification Hardware 8978 05:53:31,000 --> 05:53:32,300 as compared to Kali. 8979 05:53:32,300 --> 05:53:33,878 So if I have to conclude 8980 05:53:33,878 --> 05:53:36,734 and one board parrot is a good-looking distro. 8981 05:53:36,734 --> 05:53:39,400 It's very lightweight its resource friendly 8982 05:53:39,400 --> 05:53:40,232 and Want to know 8983 05:53:40,232 --> 05:53:42,000 how much resources consuming and all 8984 05:53:42,000 --> 05:53:44,450 that you can always go at click on the little bar, 8985 05:53:44,450 --> 05:53:45,700 which is available there. 8986 05:53:45,700 --> 05:53:46,896 Click on the resources. 8987 05:53:46,896 --> 05:53:48,041 You can see the CPU is 8988 05:53:48,041 --> 05:53:50,800 tree memory Network history file systems and all that. 8989 05:53:50,900 --> 05:53:52,800 So basically it's a good-looking distro 8990 05:53:52,800 --> 05:53:54,600 lightweight resource friendly. 8991 05:53:54,600 --> 05:53:56,430 All this features apart tight. 8992 05:53:56,430 --> 05:54:00,152 Security Os Os has pretty good collection of features as well, 8993 05:54:00,152 --> 05:54:01,800 which we discussed earlier. 8994 05:54:01,800 --> 05:54:04,500 It comes like what hell lot of tools, 8995 05:54:04,500 --> 05:54:05,900 but if you see the sections, 8996 05:54:05,900 --> 05:54:08,900 there are a lot of other things which are not in Kali Linux. 8997 05:54:08,900 --> 05:54:11,000 So the most A pointed tool here is 8998 05:54:11,000 --> 05:54:14,100 that in Kali Linux is supposed want to say private 8999 05:54:14,100 --> 05:54:16,878 when you're doing hacking or any other stuff. 9000 05:54:16,878 --> 05:54:19,089 You have to install a non serve tour 9001 05:54:19,089 --> 05:54:21,100 and then enable them or proxy chain. 9002 05:54:21,100 --> 05:54:23,900 You also have the option of proxy chains to stay yourself 9003 05:54:23,900 --> 05:54:26,050 Anonymous on the system by you doing hacking 9004 05:54:26,050 --> 05:54:27,400 or pen testing or anything, 9005 05:54:27,400 --> 05:54:30,983 but with parrot OS you already have an answer of pre-installed. 9006 05:54:30,983 --> 05:54:33,700 All you have to do is click on the start button. 9007 05:54:33,700 --> 05:54:35,700 So let me show you how to stay Anonymous. 9008 05:54:35,900 --> 05:54:37,600 So this is one of the best feature 9009 05:54:37,600 --> 05:54:39,936 and Palette security OS it has proxy change. 9010 05:54:39,936 --> 05:54:42,600 As well as an unsafe to make yourself an anonymous 9011 05:54:42,700 --> 05:54:44,600 so you can go for this announcer 9012 05:54:44,600 --> 05:54:47,240 of and click on and on Star talk before that. 9013 05:54:47,240 --> 05:54:49,400 You can check your IP of your system. 9014 05:54:49,600 --> 05:54:53,100 So it says 1.65 1.73 doesn't just remember 9015 05:54:53,100 --> 05:54:55,400 it don't have to note it down anywhere. 9016 05:54:55,400 --> 05:54:57,800 Well, not 651 76 now now 9017 05:54:57,800 --> 05:55:01,600 if I go and enable this first of all L ask you 9018 05:55:01,600 --> 05:55:07,400 for the administration passport give that Okay. 9019 05:55:07,800 --> 05:55:09,800 So basically once you enter the password, 9020 05:55:09,900 --> 05:55:10,500 I'll ask you 9021 05:55:10,500 --> 05:55:13,500 if you want an answer to kill the dangerous process 9022 05:55:13,500 --> 05:55:16,762 which that can be D anonymize you are clear cache files 9023 05:55:16,762 --> 05:55:19,300 or modify your IP table rules and all that. 9024 05:55:19,300 --> 05:55:20,031 It'll ask you 9025 05:55:20,031 --> 05:55:22,000 if you want to do that just say yes. 9026 05:55:22,000 --> 05:55:24,235 So basically as soon as you click on S, 9027 05:55:24,235 --> 05:55:27,380 as you can see the notifications here the tool will attempt 9028 05:55:27,380 --> 05:55:30,200 to kill dangerous processes that can be anonymous you 9029 05:55:30,200 --> 05:55:32,700 anytime it will clear your cache files. 9030 05:55:32,700 --> 05:55:35,600 It will modify your iptables modify your 9031 05:55:35,600 --> 05:55:38,500 Of config file disable your IPv6 9032 05:55:38,800 --> 05:55:41,900 and only allow you the outbound traffic through top 9033 05:55:41,900 --> 05:55:44,800 as you can see it's a store is running started for you. 9034 05:55:44,800 --> 05:55:47,100 Imagine doing all this stuff by yourself. 9035 05:55:47,100 --> 05:55:49,500 If you don't have an answer fly can call it an X. 9036 05:55:49,500 --> 05:55:51,752 This would be quite a bit of effort manually, 9037 05:55:51,752 --> 05:55:53,800 but with the script already present here, 9038 05:55:53,800 --> 05:55:55,257 it's just a click away. 9039 05:55:55,257 --> 05:55:58,199 So parrot security also includes a seminal script 9040 05:55:58,199 --> 05:56:00,114 for i2p as well apart from that 9041 05:56:00,114 --> 05:56:02,500 once you've enabled you can also check 9042 05:56:02,500 --> 05:56:04,500 like I said your IP address now. 9043 05:56:14,100 --> 05:56:18,500 So as you can see it says Global Anonymous proxy activated dance, 9044 05:56:18,500 --> 05:56:21,000 like no one's watching encrypt like everyone is so 9045 05:56:21,000 --> 05:56:23,800 basically it's saying the surf is started out. 9046 05:56:26,100 --> 05:56:28,612 As you can see my IP address has been changed it 9047 05:56:28,612 --> 05:56:30,311 for something of 160 something. 9048 05:56:30,311 --> 05:56:31,570 But right now it's 182. 9049 05:56:31,570 --> 05:56:34,259 So on and on surf has made me Anonymous now, 9050 05:56:34,259 --> 05:56:37,200 I can do whatever you want in an anonymous mode. 9051 05:56:37,207 --> 05:56:42,600 So that's all I wanted to show you here now back to Firefox. 9052 05:56:42,700 --> 05:56:45,400 It has quite a documentation part. 9053 05:56:45,400 --> 05:56:46,414 Well, it's still 9054 05:56:46,414 --> 05:56:49,900 in the creation stage here is you can see documentation. 9055 05:56:49,900 --> 05:56:53,000 It's not all that well prepared or created yet. 9056 05:56:53,000 --> 05:56:55,800 So if you have any minor dot you can go ahead and refer 9057 05:56:55,800 --> 05:56:57,600 to the Documentation party. 9058 05:56:57,600 --> 05:56:59,231 Oh, so here you go. 9059 05:56:59,800 --> 05:57:03,400 Okay, then let's go back to the Destro. 9060 05:57:03,700 --> 05:57:06,400 One thing that you can point out about parity with is 9061 05:57:06,400 --> 05:57:10,000 that it has a lot of cryptography tools such as 9062 05:57:10,000 --> 05:57:13,800 it has Zulu script Zulu mount a graphical utility 9063 05:57:13,800 --> 05:57:16,400 that will help you mount your encrypted volumes. 9064 05:57:16,400 --> 05:57:18,756 Then there is something called Crypt Keeper. 9065 05:57:18,756 --> 05:57:20,400 It's another graphical utility 9066 05:57:20,400 --> 05:57:23,906 that allows you to manage encrypted folders and much more. 9067 05:57:23,906 --> 05:57:25,906 These agilities makes confidential. 9068 05:57:25,906 --> 05:57:29,000 LT easily accessible anyone with the minimal experience. 9069 05:57:29,000 --> 05:57:31,800 I mean if you do not have any idea about cryptography you 9070 05:57:31,800 --> 05:57:34,000 can easily start learning your that's what I meant. 9071 05:57:34,000 --> 05:57:35,352 So it just doesn't stop 9072 05:57:35,352 --> 05:57:38,729 with cryptography or a non surf you have lot of other tools 9073 05:57:38,729 --> 05:57:41,000 which you might not find and color next. 9074 05:57:41,000 --> 05:57:42,931 So let me show you guys that part 9075 05:57:42,931 --> 05:57:46,700 as you can see you have lot of tools you have most used tools, 9076 05:57:46,700 --> 05:57:47,900 which is Armitage. 9077 05:57:47,900 --> 05:57:51,100 You have Wireshark Zen map over a span all 9078 05:57:51,100 --> 05:57:54,200 that then you have wireless testing tools. 9079 05:57:54,396 --> 05:57:55,703 Give me a second. 9080 05:57:56,100 --> 05:57:57,800 Yeah, post exploitation this set 9081 05:57:57,800 --> 05:58:00,300 of tools mostly you can't find them in the Kali Linux. 9082 05:58:00,300 --> 05:58:03,000 You have OS back door towards webpack dough tools. 9083 05:58:03,000 --> 05:58:05,900 You have web Covey bleep and all that 9084 05:58:06,400 --> 05:58:10,400 and you have something called social engineering kit. 9085 05:58:10,400 --> 05:58:11,164 If I'm right. 9086 05:58:11,164 --> 05:58:13,116 It should be in the exploitation tools. 9087 05:58:13,116 --> 05:58:14,454 Whereas exploitation here 9088 05:58:14,454 --> 05:58:17,400 how you can see a social engineering tool kit just click 9089 05:58:17,400 --> 05:58:18,854 on that password. 9090 05:58:19,100 --> 05:58:20,805 So it is started up all that. 9091 05:58:20,805 --> 05:58:22,100 So if I just click one, 9092 05:58:22,100 --> 05:58:24,950 you have a lot of options the update set configuration you 9093 05:58:24,950 --> 05:58:25,877 have Social Links. 9094 05:58:25,877 --> 05:58:28,300 Attacks you have different type of attacks here. 9095 05:58:28,300 --> 05:58:30,200 You have power shell attack vectors. 9096 05:58:30,200 --> 05:58:32,000 You have mass mailer attack 9097 05:58:32,000 --> 05:58:34,500 you have phishing attack vectors and all that. 9098 05:58:34,500 --> 05:58:36,800 So basically you can click on that and enable all 9099 05:58:36,800 --> 05:58:39,650 that acts not going to show you in this demo how to do it. 9100 05:58:39,650 --> 05:58:41,784 This is just the basic introductory video 9101 05:58:41,784 --> 05:58:42,638 about Peridot s. 9102 05:58:42,638 --> 05:58:44,400 So, let me just close the terminal 9103 05:58:44,600 --> 05:58:47,400 while there are common tools like you have nmap. 9104 05:58:47,400 --> 05:58:49,341 I'm sure you know how to use nmap. 9105 05:58:49,341 --> 05:58:50,900 Let me just show you anyway 9106 05:58:51,000 --> 05:58:53,200 and then map is one of the scanning tools. 9107 05:58:53,200 --> 05:58:55,900 You can find it in information guy. 9108 05:58:55,900 --> 05:58:58,500 Drink, I'm short and map is you're here to one 9109 05:58:58,500 --> 05:58:59,573 of the basic tools. 9110 05:58:59,573 --> 05:59:02,400 Okay, let's just explore and map and Demetria here. 9111 05:59:02,400 --> 05:59:03,500 Let me just show you 9112 05:59:03,500 --> 05:59:05,144 how to use nmap first just 9113 05:59:05,144 --> 05:59:08,100 click and map you have all the help or then 9114 05:59:08,100 --> 05:59:10,800 map configuration options are displayed in front of you. 9115 05:59:10,800 --> 05:59:12,992 If you don't have to use just go through them. 9116 05:59:12,992 --> 05:59:14,900 It's pretty easy a simple example. 9117 05:59:14,900 --> 05:59:17,200 I'm already using the one which is already there. 9118 05:59:17,200 --> 05:59:22,100 Just say scan me dot nmap dot orgy. 9119 05:59:22,500 --> 05:59:25,100 Okay your aegyo making spelling mistake again. 9120 05:59:27,700 --> 05:59:29,000 Sorry about that. 9121 05:59:29,000 --> 05:59:30,700 It's gonna take a little while. 9122 05:59:30,700 --> 05:59:32,400 That's all while it's scanning. 9123 05:59:32,400 --> 05:59:34,700 Let me just show you another tool, 9124 05:59:34,700 --> 05:59:36,400 which is Dimitri. 9125 05:59:36,400 --> 05:59:39,000 It's a deep magic information gathering tool. 9126 05:59:39,000 --> 05:59:40,034 It has ability. 9127 05:59:40,034 --> 05:59:41,000 So here it is. 9128 05:59:41,000 --> 05:59:43,156 It should be in the information 9129 05:59:43,156 --> 05:59:45,800 gathering only you have your here goes. 9130 05:59:45,800 --> 05:59:47,116 So basically, like I said, 9131 05:59:47,116 --> 05:59:49,900 it has ability to gather as much information as possible 9132 05:59:49,900 --> 05:59:51,500 about a hose subdomains. 9133 05:59:51,500 --> 05:59:54,275 It's email and formation TCP port scan 9134 05:59:54,275 --> 05:59:56,300 who's look up and all that. 9135 05:59:56,300 --> 05:59:57,700 Let's just check out. 9136 05:59:57,700 --> 05:59:59,700 Then map scanning is done. 9137 05:59:59,900 --> 06:00:01,500 Here is the terminal. 9138 06:00:01,900 --> 06:00:03,500 Yeah, it's gonna take a little while. 9139 06:00:03,500 --> 06:00:04,700 So once the scanning is done, 9140 06:00:04,700 --> 06:00:06,626 it's going to show you how many seconds it took 9141 06:00:06,626 --> 06:00:07,500 what are the pores 9142 06:00:07,500 --> 06:00:09,700 which are open and the close personal 9143 06:00:09,700 --> 06:00:12,600 that now about the material you can enable it 9144 06:00:12,600 --> 06:00:13,800 from your dominant, 9145 06:00:13,800 --> 06:00:17,000 but you can also do it from here information gathering 9146 06:00:17,000 --> 06:00:18,300 and click on the me. 9147 06:00:18,300 --> 06:00:19,700 Try password. 9148 06:00:20,000 --> 06:00:23,800 So let's say Huh? 9149 06:00:24,200 --> 06:00:25,300 Here we go. 9150 06:00:25,300 --> 06:00:26,319 So let me maximize. 9151 06:00:26,319 --> 06:00:29,010 All you have to do is you have lot of options here. 9152 06:00:29,010 --> 06:00:31,124 You have W, which performs a who's look up 9153 06:00:31,124 --> 06:00:33,600 you can do it online as an using Firefox as well. 9154 06:00:33,600 --> 06:00:34,900 You have a lot of websites 9155 06:00:34,900 --> 06:00:36,792 where you can gather all the information 9156 06:00:36,792 --> 06:00:38,200 once you have your IP address 9157 06:00:38,200 --> 06:00:40,550 or and all that and you have retrieved 9158 06:00:40,550 --> 06:00:42,700 and crafts outcome information on host perform search 9159 06:00:42,700 --> 06:00:45,100 for possible subdomains email address and all that. 9160 06:00:45,100 --> 06:00:47,700 So basically you can give all this options in one go. 9161 06:00:47,800 --> 06:00:52,900 Let's say TR y - - 9162 06:00:52,900 --> 06:00:56,000 option taste output your host or text or to 9163 06:00:56,000 --> 06:00:58,407 the file specified by - 9164 06:00:58,407 --> 06:01:02,984 oh, so I just press click 0, let me just gives pseudo. 9165 06:01:04,000 --> 06:01:06,600 Let me just check if I've given any file here. 9166 06:01:07,200 --> 06:01:09,900 I do have a file called test dot txt. 9167 06:01:09,900 --> 06:01:10,800 Okay. 9168 06:01:11,500 --> 06:01:13,700 So like I said in the iPhone option, 9169 06:01:13,700 --> 06:01:16,500 it will save your output to the dot txt file out of the file 9170 06:01:16,500 --> 06:01:18,100 specified by - no option. 9171 06:01:18,100 --> 06:01:19,814 So basically just specify the filename 9172 06:01:19,814 --> 06:01:21,900 where you want to store the all the scan info. 9173 06:01:21,900 --> 06:01:24,504 Whoa, and the website where you want to website 9174 06:01:24,504 --> 06:01:26,600 of whose information you want to scan. 9175 06:01:26,600 --> 06:01:29,300 So let's say the blue dot pinterest.com. 9176 06:01:31,800 --> 06:01:32,600 Here you go. 9177 06:01:32,600 --> 06:01:33,980 It started scanning. 9178 06:01:33,980 --> 06:01:35,500 Let me just scroll up. 9179 06:01:37,200 --> 06:01:40,500 The host name and the host IP addresses showing 9180 06:01:40,500 --> 06:01:41,979 once you have IP addresses, 9181 06:01:41,979 --> 06:01:44,500 you know can gather almost all the information. 9182 06:01:44,500 --> 06:01:48,100 It's also showing the places where it's coordinated. 9183 06:01:48,100 --> 06:01:50,600 It's created lost modified. 9184 06:01:50,800 --> 06:01:53,483 You have sources you have address here 9185 06:01:53,483 --> 06:01:57,200 and then yeah last modified created sores and all that. 9186 06:01:57,200 --> 06:02:00,200 So basically it's showing a lot of information here. 9187 06:02:00,200 --> 06:02:00,800 Similarly. 9188 06:02:00,800 --> 06:02:02,200 You can using Dmitry 9189 06:02:02,200 --> 06:02:05,100 or a deep magic information gathering tool you can actually 9190 06:02:05,100 --> 06:02:07,400 gather information about any other website you want to know. 9191 06:02:07,400 --> 06:02:10,500 Let's just check out if in map is done scanning. 9192 06:02:10,500 --> 06:02:12,961 So see as you can see it's done. 9193 06:02:13,000 --> 06:02:15,900 So I've given a website name here instead of that. 9194 06:02:15,900 --> 06:02:17,700 You can go ahead and give the IP address 9195 06:02:17,700 --> 06:02:18,600 which is this one 9196 06:02:18,600 --> 06:02:20,997 and it will show you the same results as you can see. 9197 06:02:20,997 --> 06:02:23,249 There are a lot of ports usually nmap scan is 9198 06:02:23,249 --> 06:02:25,600 about more than thousand votes as you can see. 9199 06:02:25,600 --> 06:02:28,900 It says 992 of the clothes pose and these are the open ports 9200 06:02:28,900 --> 06:02:31,610 and suppose you want to know more information about each Port 9201 06:02:31,610 --> 06:02:34,508 because basically if your hacker if you try to hack something you 9202 06:02:34,508 --> 06:02:36,341 don't need information about all the ports. 9203 06:02:36,341 --> 06:02:38,859 It's basically the One port which you want to so to know 9204 06:02:38,859 --> 06:02:40,600 that you can there are a lot of options 9205 06:02:40,600 --> 06:02:42,200 which are provided by a map. 9206 06:02:42,200 --> 06:02:44,100 If you want to know more about by and Map There's 9207 06:02:44,100 --> 06:02:46,700 and video and I'd wake up playlist all about in map. 9208 06:02:46,700 --> 06:02:48,292 It's under network security. 9209 06:02:48,292 --> 06:02:50,599 So you make sure to take a look at that. 9210 06:02:50,599 --> 06:02:53,400 So while you are taking a look at particular device, 9211 06:02:53,400 --> 06:02:54,600 make sure you go ahead 9212 06:02:54,600 --> 06:02:56,700 and watch a video on Kali Linux as well. 9213 06:02:56,700 --> 06:02:58,994 So you will know how different Heroes 9214 06:02:58,994 --> 06:03:00,205 and color index are 9215 06:03:00,205 --> 06:03:02,500 though they are similar in few parts. 9216 06:03:02,500 --> 06:03:05,800 So that's it about system as in parrot OS so 9217 06:03:05,800 --> 06:03:07,000 like I said, it's 9218 06:03:07,000 --> 06:03:08,248 On good-looking distro, 9219 06:03:08,248 --> 06:03:10,800 which is lightweight when compared to Kali Linux 9220 06:03:10,800 --> 06:03:13,400 and lot of tools lot of unique tools as well. 9221 06:03:13,400 --> 06:03:16,700 When compared to Kali Linux and it's very smooth away smooth. 9222 06:03:16,700 --> 06:03:18,600 Oh apart from all these good things. 9223 06:03:18,600 --> 06:03:19,731 There are a few things 9224 06:03:19,731 --> 06:03:21,531 that are problematic with part ways. 9225 06:03:21,531 --> 06:03:22,201 First of all, 9226 06:03:22,201 --> 06:03:24,029 like you don't find our search body. 9227 06:03:24,029 --> 06:03:25,543 Oh, that's not a problem. 9228 06:03:25,543 --> 06:03:26,875 But that's one demerit 9229 06:03:26,875 --> 06:03:29,522 you can say and it's also a little problematic 9230 06:03:29,522 --> 06:03:32,700 when it comes to launching your application the process LL slow 9231 06:03:32,700 --> 06:03:33,900 and like Carla lineage. 9232 06:03:33,900 --> 06:03:37,305 So guys, this is your parrot OS so basically Lee 9233 06:03:37,305 --> 06:03:38,900 this was a crisp video 9234 06:03:38,900 --> 06:03:42,000 on what parrot devices it's review its features 9235 06:03:42,000 --> 06:03:45,783 and all that and make sure to watch a video on pero no es 9236 06:03:45,783 --> 06:03:47,000 versus Kali Linux. 9237 06:03:51,800 --> 06:03:55,415 So Linux has been known for its various distributions 9238 06:03:55,415 --> 06:03:57,500 that cater to various needs one 9239 06:03:57,500 --> 06:04:00,500 of the most famous distributions is Kali Linux 9240 06:04:00,500 --> 06:04:03,400 that is a penetration testing oriented distribution, 9241 06:04:03,400 --> 06:04:04,600 which was built to bring 9242 06:04:04,600 --> 06:04:07,300 about much-needed Corrections in its previous. 9243 06:04:07,300 --> 06:04:10,000 Duration known as backtrack OS now 9244 06:04:10,000 --> 06:04:12,121 since the release of Kali Linux. 9245 06:04:12,121 --> 06:04:12,812 It has gone 9246 06:04:12,812 --> 06:04:15,820 under various iterations in the form of updates 9247 06:04:15,820 --> 06:04:17,787 while other penetration testing 9248 06:04:17,787 --> 06:04:20,407 and security related distributions were also 9249 06:04:20,407 --> 06:04:22,600 being developed all around the world. 9250 06:04:22,600 --> 06:04:23,717 So in this session, 9251 06:04:23,717 --> 06:04:24,894 we will compare Kali 9252 06:04:24,894 --> 06:04:28,300 to One Source distribution that has come under the spotlight 9253 06:04:28,300 --> 06:04:32,100 and that is parrot OS so today in this video. 9254 06:04:32,100 --> 06:04:35,200 I will first be giving you guys a brief introduction 9255 06:04:35,200 --> 06:04:37,000 to what exactly is Kali Linux. 9256 06:04:37,000 --> 06:04:39,700 And then I will also give a brief introduction to 9257 06:04:39,700 --> 06:04:43,300 what parrot OS is then we will be comparing Kali 9258 06:04:43,300 --> 06:04:46,500 versus parrot according to various parameters. 9259 06:04:46,900 --> 06:04:49,200 So let's move ahead now. 9260 06:04:49,200 --> 06:04:51,200 Let me give you guys a brief introduction 9261 06:04:51,200 --> 06:04:52,700 to what Kali Linux is. 9262 06:04:52,700 --> 06:04:56,348 So Kali Linux is a penetration testing and security 9263 06:04:56,348 --> 06:04:58,100 focused operating system 9264 06:04:58,100 --> 06:05:02,800 as the name suggests Carly has a Linux kernel at its core above 9265 06:05:02,800 --> 06:05:05,725 that the creators of Carly Marty are Oni 9266 06:05:05,725 --> 06:05:07,000 and Devon Kearns. 9267 06:05:07,000 --> 06:05:10,626 Added the latest injection packages to help pentesters. 9268 06:05:10,626 --> 06:05:14,521 Save some time Kali Linux has developed according to the DB 9269 06:05:14,521 --> 06:05:16,200 and development standards 9270 06:05:16,300 --> 06:05:19,000 and it was developed as a refined penetration test 9271 06:05:19,000 --> 06:05:20,000 during distribution. 9272 06:05:20,000 --> 06:05:21,385 That would be served as 9273 06:05:21,385 --> 06:05:25,234 a replacement for backtrack OS currently the development 9274 06:05:25,234 --> 06:05:28,084 of Carly is being handled by offensive security, 9275 06:05:28,084 --> 06:05:29,600 which is the organization 9276 06:05:29,600 --> 06:05:34,100 that provides prestigious certifications, like oscp osce 9277 06:05:34,100 --> 06:05:36,900 and Os WP over the years. 9278 06:05:36,900 --> 06:05:40,664 Carly has developed its own cult following with people 9279 06:05:40,664 --> 06:05:44,500 who swear by the word and by the power provided by Kali 9280 06:05:44,900 --> 06:05:47,583 while I may not be such a staunch believer 9281 06:05:47,583 --> 06:05:48,533 in Kali Linux. 9282 06:05:48,533 --> 06:05:52,400 There are plenty of reasons for want to use curly for one. 9283 06:05:52,400 --> 06:05:53,900 It's absolutely free. 9284 06:05:54,000 --> 06:05:54,600 Secondly. 9285 06:05:54,600 --> 06:05:55,894 It comes pre-installed 9286 06:05:55,894 --> 06:05:58,600 with tons and tons of penetration testing tools 9287 06:05:58,600 --> 06:06:00,800 and security related tools above that. 9288 06:06:00,800 --> 06:06:04,000 It can be completely customized according to your needs 9289 06:06:04,000 --> 06:06:06,431 as the code is an open-source get tree 9290 06:06:06,431 --> 06:06:09,100 and The whole code is basically available 9291 06:06:09,100 --> 06:06:10,858 to the public to be tweaked. 9292 06:06:10,858 --> 06:06:11,800 Also the kernel 9293 06:06:11,800 --> 06:06:15,600 that runs Kali Linux comes with the latest injection packages. 9294 06:06:15,600 --> 06:06:18,200 And it also comes with gpg signed packages 9295 06:06:18,200 --> 06:06:19,958 and repositories above that. 9296 06:06:19,958 --> 06:06:22,877 Kali Linux has some true multi-language support 9297 06:06:22,877 --> 06:06:26,495 and it was developed in an extremely secure environment. 9298 06:06:26,495 --> 06:06:28,600 Also Carly supports a wide range 9299 06:06:28,600 --> 06:06:31,600 of wireless devices now at this moment Callie 9300 06:06:31,600 --> 06:06:34,500 may seem like a very useful operating system. 9301 06:06:34,800 --> 06:06:37,100 But as you guys might remember the great quote, 9302 06:06:37,100 --> 06:06:38,646 From Spider-Man create 9303 06:06:38,646 --> 06:06:41,600 power comes with heavy resource utilization 9304 06:06:41,700 --> 06:06:44,685 according to the official documentation of Carly 9305 06:06:44,685 --> 06:06:47,100 the system requirements are quite heavy 9306 06:06:47,276 --> 06:06:49,200 on the low-end Kali Linux 9307 06:06:49,200 --> 06:06:52,700 needs a basic of at least 128 MB of RAM 9308 06:06:52,900 --> 06:06:56,750 and a 2 GB hard disk space to set up a simple SSH server 9309 06:06:56,750 --> 06:06:59,900 that will not even have the GUI of the desktop 9310 06:07:00,000 --> 06:07:01,163 on the higher end. 9311 06:07:01,163 --> 06:07:04,128 If you opt to install the default genome desktop 9312 06:07:04,128 --> 06:07:06,400 and the Kali Linux full meta package. 9313 06:07:06,400 --> 06:07:09,500 You should really Aim for at least round 2 gigs of RAM 9314 06:07:09,500 --> 06:07:10,429 and around 20 GB 9315 06:07:10,429 --> 06:07:13,100 of free hard disk space now besides the RAM 9316 06:07:13,100 --> 06:07:14,300 and hardest requirement. 9317 06:07:14,300 --> 06:07:17,100 Your computer needs to have CPU supported by at least one 9318 06:07:17,100 --> 06:07:21,800 of the following architectures them being amd64 i386 9319 06:07:22,083 --> 06:07:27,200 and Armel and AR M HF and also arm 64 now, 9320 06:07:27,200 --> 06:07:29,969 even though the official documentation says 2GB 9321 06:07:29,969 --> 06:07:31,021 of RAM is enough. 9322 06:07:31,021 --> 06:07:33,090 I have personally faced numerous lag 9323 06:07:33,090 --> 06:07:34,218 and stutter issues 9324 06:07:34,218 --> 06:07:36,600 when running Carly on a virtual machine 9325 06:07:36,600 --> 06:07:38,500 with 6G EB of allocated Ram 9326 06:07:38,500 --> 06:07:41,100 which in my opinion is a definite bummer. 9327 06:07:41,500 --> 06:07:43,500 Now, let's take a moment to discuss 9328 06:07:43,500 --> 06:07:46,200 about parrot OS so parrot much 9329 06:07:46,200 --> 06:07:50,200 like Carly is also a deviant based distribution of Linux. 9330 06:07:50,200 --> 06:07:51,739 When I see Debian based, 9331 06:07:51,739 --> 06:07:54,342 it means that the code repositories adhere 9332 06:07:54,342 --> 06:07:57,890 to the Debian development standards para Todo es 2 comes 9333 06:07:57,890 --> 06:08:00,600 with its own arsenal of penetration testing 9334 06:08:00,600 --> 06:08:02,400 and security related tools. 9335 06:08:02,500 --> 06:08:05,900 Most of these tools are also available on Carly. 9336 06:08:06,315 --> 06:08:09,084 No, but it was first released in 2013 9337 06:08:09,400 --> 06:08:11,300 and was developed by a team of Security 9338 06:08:11,300 --> 06:08:14,700 Experts Linux enthusiasts open source developers 9339 06:08:14,700 --> 06:08:17,000 and Advocates of digital rights. 9340 06:08:17,000 --> 06:08:19,665 The team was headed by Lorenz of Elektra 9341 06:08:19,665 --> 06:08:22,400 and part is designed in a very unique way 9342 06:08:22,600 --> 06:08:25,885 while the operating system has everything that is needed 9343 06:08:25,885 --> 06:08:27,200 for a security expert. 9344 06:08:27,200 --> 06:08:28,558 It doesn't present itself 9345 06:08:28,558 --> 06:08:31,268 to be a daunting learning experience for beginners 9346 06:08:31,268 --> 06:08:34,200 who want to set foot into the world of ethical hacking 9347 06:08:34,200 --> 06:08:36,100 and vulnerability analysis. 9348 06:08:36,200 --> 06:08:39,300 But it OS can be very well used as a daily driver 9349 06:08:39,300 --> 06:08:40,369 as it provides all 9350 06:08:40,369 --> 06:08:43,400 of the necessary tools to complete day to day tasks. 9351 06:08:43,500 --> 06:08:46,800 So who exactly is peridot s made for well, 9352 06:08:46,800 --> 06:08:47,601 first of all, 9353 06:08:47,601 --> 06:08:51,400 it is made for Security Experts and digital forensic experts. 9354 06:08:51,400 --> 06:08:54,689 It can be also used by engineers and IIT students 9355 06:08:54,689 --> 06:08:57,500 who are enthusiastic about ethical hacking 9356 06:08:58,100 --> 06:09:01,759 then parrot OS can be also used by researchers journalists 9357 06:09:01,759 --> 06:09:03,300 and hacktivists and last 9358 06:09:03,300 --> 06:09:05,800 but not the least but it OS is also meant 9359 06:09:05,800 --> 06:09:09,000 for these officers and special security institution. 9360 06:09:09,500 --> 06:09:09,900 Okay. 9361 06:09:10,000 --> 06:09:11,900 So now let's take a moment 9362 06:09:11,900 --> 06:09:14,300 to actually discuss the system requirements 9363 06:09:14,300 --> 06:09:17,000 that one might need to run parrot OS 9364 06:09:17,300 --> 06:09:18,900 so the system requirements 9365 06:09:18,900 --> 06:09:22,200 for Bharat is much more forgiving than Kali Linux 9366 06:09:22,200 --> 06:09:23,400 on the CPU side. 9367 06:09:23,400 --> 06:09:28,100 You need an x86 architecture with at least 700 megahertz 9368 06:09:28,100 --> 06:09:30,500 of frequency and architecture. 9369 06:09:30,500 --> 06:09:33,600 Why is you need i386 amd64 9370 06:09:33,600 --> 06:09:37,900 or AMD 486 which is basically the X86 architecture 9371 06:09:38,000 --> 06:09:39,846 or are male and Armature 9372 06:09:39,846 --> 06:09:44,461 which are basically iot devices like Raspberry Pi on the side 9373 06:09:44,461 --> 06:09:46,800 of ram you need at least 256 MB 9374 06:09:46,800 --> 06:09:50,300 on a nine three eight six architecture three a 20mb 9375 06:09:50,300 --> 06:09:52,146 on an amd64 architecture 9376 06:09:52,300 --> 06:09:55,500 and as a general documentation 512mb 9377 06:09:55,500 --> 06:09:59,700 of RAM is generally recommended by the parrot zik OS people. 9378 06:10:00,100 --> 06:10:02,930 On the GPU side parrot OS is very surprising 9379 06:10:02,930 --> 06:10:03,700 as it needs. 9380 06:10:03,700 --> 06:10:05,158 No graphic acceleration. 9381 06:10:05,158 --> 06:10:06,800 That means you can run this 9382 06:10:06,800 --> 06:10:09,100 without a graphic card on the side 9383 06:10:09,100 --> 06:10:12,300 of hard disk space pirate OS needs at least 16 GB 9384 06:10:12,300 --> 06:10:15,400 of free hard disk space for its full installation. 9385 06:10:15,400 --> 06:10:19,200 That is for G 4 gigabytes Left 4 gigabytes 9386 06:10:19,500 --> 06:10:24,300 lesser than Kali Linux and for booting options both Kali Linux 9387 06:10:24,300 --> 06:10:27,200 and parrot OS have the Legacy BIOS preferred. 9388 06:10:28,000 --> 06:10:30,944 Now comparing two operating systems when it comes 9389 06:10:30,944 --> 06:10:32,600 to Parrot OS and Kali Linux 9390 06:10:32,600 --> 06:10:35,600 that are both operating systems meant for similar purposes 9391 06:10:35,600 --> 06:10:36,600 that is penetration. 9392 06:10:36,600 --> 06:10:37,010 Testing. 9393 06:10:37,010 --> 06:10:37,700 In this case. 9394 06:10:37,700 --> 06:10:38,900 It becomes really tough. 9395 06:10:39,000 --> 06:10:42,684 Most of the factors in such cases boil down to a matter 9396 06:10:42,684 --> 06:10:46,300 of personal taste rather than an objective comparison. 9397 06:10:46,600 --> 06:10:49,311 Now before we move ahead with the comparison, 9398 06:10:49,311 --> 06:10:51,700 let me list out a few similarities that you 9399 06:10:51,700 --> 06:10:54,300 might have noticed between the two operating systems. 9400 06:10:54,600 --> 06:10:55,300 So first of all, 9401 06:10:55,500 --> 06:10:56,600 both operating systems 9402 06:10:56,600 --> 06:11:00,046 are tuned for Operating penetration testing 9403 06:11:00,046 --> 06:11:01,800 and network related tools 9404 06:11:02,000 --> 06:11:03,900 and both operating systems are based 9405 06:11:03,900 --> 06:11:07,700 on Debian development standards both of the operating system 9406 06:11:07,700 --> 06:11:09,981 Support 32 and 64-bit architecture 9407 06:11:09,981 --> 06:11:13,239 and both operating systems also support Cloud VPS 9408 06:11:13,239 --> 06:11:14,800 along with iot devices. 9409 06:11:14,800 --> 06:11:15,510 And of course, 9410 06:11:15,510 --> 06:11:18,400 both of them come pre-installed with their own arsenal 9411 06:11:18,400 --> 06:11:19,500 of hacking tools. 9412 06:11:19,700 --> 06:11:22,100 Now, let's get down with the differences. 9413 06:11:22,500 --> 06:11:24,200 The first criteria 9414 06:11:24,200 --> 06:11:27,337 of differences that we are going to discuss is Hardware. 9415 06:11:27,337 --> 06:11:29,866 Points now as you guys can see on the slide. 9416 06:11:29,866 --> 06:11:32,866 I have put down the system requirements of parrot OS 9417 06:11:32,866 --> 06:11:34,100 on the left hand side 9418 06:11:34,100 --> 06:11:37,573 and I have put down the system requirements of Kali Linux 9419 06:11:37,573 --> 06:11:39,000 on the right hand side. 9420 06:11:39,400 --> 06:11:41,730 So as you guys can see parrot OS 9421 06:11:41,730 --> 06:11:45,300 and Kali Linux both need 1 gigahertz dual-core CPU 9422 06:11:45,400 --> 06:11:49,067 when it comes to Ram parrot OS needs much lesser arm 9423 06:11:49,067 --> 06:11:50,239 than Kali Linux, 9424 06:11:50,239 --> 06:11:54,200 but it needs 384 MB of RAM for its minimal running time 9425 06:11:54,200 --> 06:11:57,553 and Kali Linux needs a 1 gigahertz of RAM. 9426 06:11:57,553 --> 06:12:00,200 The other hand in terms of GPU, 9427 06:12:00,200 --> 06:12:03,281 but it OS doesn't really need a graphic card 9428 06:12:03,281 --> 06:12:04,500 as it has no need 9429 06:12:04,500 --> 06:12:07,800 for graphical acceleration Kali Linux on the other hand. 9430 06:12:07,800 --> 06:12:10,673 If you're trying to run the genome desktop version, 9431 06:12:10,673 --> 06:12:12,800 you will certainly need a graphic card 9432 06:12:13,200 --> 06:12:17,100 on the other hand pirate OS need 16 GB of free hard disk space 9433 06:12:17,100 --> 06:12:19,023 for its full installation 9434 06:12:19,500 --> 06:12:22,800 and Kali Linux needs 20 GB of free space. 9435 06:12:22,800 --> 06:12:26,900 So basically parrot OS is a much more lightweight version. 9436 06:12:27,200 --> 06:12:29,321 So we see that parrot OS definitely wins 9437 06:12:29,321 --> 06:12:30,323 against Kali Linux 9438 06:12:30,323 --> 06:12:31,034 when it comes 9439 06:12:31,034 --> 06:12:34,427 to Hardware requirements due to its lightweight nature not only 9440 06:12:34,427 --> 06:12:36,800 does it require lesser Ram to function properly, 9441 06:12:36,800 --> 06:12:39,700 but the full installation is also pretty lightweight thanks 9442 06:12:39,700 --> 06:12:43,100 to the use of the mate desktop environment by the developers. 9443 06:12:43,100 --> 06:12:46,862 So basically if you're having an older Hardware configuration 9444 06:12:46,862 --> 06:12:49,559 on your computer pirate OS should definitely 9445 06:12:49,559 --> 06:12:50,500 be your choice. 9446 06:12:51,100 --> 06:12:53,500 Now the next parameter that we are going to compare. 9447 06:12:53,500 --> 06:12:57,292 The two OS is in is look and feel now this section. 9448 06:12:57,292 --> 06:13:00,600 Be boils down to personal choice personally. 9449 06:13:00,600 --> 06:13:02,648 I prefer the minimalistic look 9450 06:13:02,648 --> 06:13:06,692 that is given by parrot OS the interface of parrot OS 9451 06:13:06,692 --> 06:13:10,162 is built using the Ubuntu mate desktop environment. 9452 06:13:10,162 --> 06:13:12,800 There are two clear sections on top you 9453 06:13:12,800 --> 06:13:16,800 see a pain which contains applications places systems, 9454 06:13:16,800 --> 06:13:19,000 which is much like Kali itself, 9455 06:13:19,100 --> 06:13:21,442 but it also gives some cool information 9456 06:13:21,442 --> 06:13:24,400 about CPU temperatures along with the usage graph 9457 06:13:24,400 --> 06:13:26,800 and the bottom pane contains the menu manager 9458 06:13:26,800 --> 06:13:28,399 and the work station manager, 9459 06:13:28,399 --> 06:13:30,000 which is a brilliant addition 9460 06:13:30,000 --> 06:13:33,975 to the Linux system Kali Linux on the other hand follows 9461 06:13:33,975 --> 06:13:36,000 the genome desktop interface 9462 06:13:36,000 --> 06:13:38,246 while it still has the functionality 9463 06:13:38,246 --> 06:13:40,300 that is offered by para Todo es. 9464 06:13:40,400 --> 06:13:42,600 It doesn't provide the same clean and refined 9465 06:13:42,600 --> 06:13:43,900 look in my opinion. 9466 06:13:44,200 --> 06:13:47,100 If you don't know your way around a collie interface, 9467 06:13:47,100 --> 06:13:49,800 it is pretty easy to actually get lost. 9468 06:13:50,300 --> 06:13:51,900 Now, the next parameter 9469 06:13:51,900 --> 06:13:55,000 that we're going to compare them is hacking tools now 9470 06:13:55,000 --> 06:13:57,312 since both these operating systems are 9471 06:13:57,312 --> 06:14:00,000 For penetration testers and ethical hackers. 9472 06:14:00,000 --> 06:14:03,278 I think hacking tools is the most important criteria 9473 06:14:03,278 --> 06:14:07,000 that both the operating systems are going to be compared in so 9474 06:14:07,000 --> 06:14:08,500 when it comes to General tools 9475 06:14:08,500 --> 06:14:11,423 and functional features para Todo es takes the price 9476 06:14:11,423 --> 06:14:15,200 when compared to Kali Linux pirate OS has all the tools 9477 06:14:15,200 --> 06:14:19,800 that are available in Kali Linux and also it adds his own tools. 9478 06:14:19,800 --> 06:14:22,700 There are several tools that you will find on parrot 9479 06:14:22,700 --> 06:14:24,582 that is not found on Kali Linux. 9480 06:14:24,582 --> 06:14:26,682 Let's take a look at a few of them. 9481 06:14:26,682 --> 06:14:29,500 So the first on that you see is called Wi-Fi Fisher 9482 06:14:29,600 --> 06:14:33,320 now Wi-Fi fish oil is a rogue access point framework 9483 06:14:33,320 --> 06:14:35,732 for conducting red team engagements 9484 06:14:35,732 --> 06:14:40,200 or Wi-Fi security testing using Wi-Fi Fisher penetration testers 9485 06:14:40,200 --> 06:14:41,700 can easily achieve a man 9486 06:14:41,700 --> 06:14:44,700 in the middle position against the wireless clients 9487 06:14:44,700 --> 06:14:47,400 by performing targeted Wi-Fi Association attacks. 9488 06:14:47,600 --> 06:14:49,400 Wi-Fi Fisher can be further 9489 06:14:49,400 --> 06:14:52,400 used to mount victim customized web phishing attacks 9490 06:14:52,400 --> 06:14:55,900 against the connected clients in order to capture credentials 9491 06:14:55,900 --> 06:14:57,500 or in fact the victim 9492 06:14:57,500 --> 06:15:01,000 With some sort of malware another tool 9493 06:15:01,000 --> 06:15:03,950 that is seen on parrot and is much appreciated 9494 06:15:03,950 --> 06:15:04,993 that is not seen 9495 06:15:04,993 --> 06:15:08,644 on the Kali sign is called a non surf now being anonymous 9496 06:15:08,644 --> 06:15:12,100 for a hacker is the first step before hacking a system 9497 06:15:12,300 --> 06:15:14,008 and anonymizing a system 9498 06:15:14,008 --> 06:15:16,500 in an ideal way is not an easy task. 9499 06:15:16,500 --> 06:15:19,323 No one can perfectly anonymize a system and there 9500 06:15:19,323 --> 06:15:22,100 are many tools available on the internet that see 9501 06:15:22,100 --> 06:15:25,400 that they are no no my system one such tool is 9502 06:15:25,400 --> 06:15:27,100 a non surf now, announce. 9503 06:15:27,100 --> 06:15:28,433 So of is pretty good 9504 06:15:28,433 --> 06:15:32,300 as it uses the tour iptables to anonymize the whole system. 9505 06:15:32,600 --> 06:15:35,417 Also, if you guys have not already realizes 9506 06:15:35,417 --> 06:15:38,700 tour also also comes pre-installed on parrot 9507 06:15:38,700 --> 06:15:41,900 while it has to be externally installed on Carly. 9508 06:15:42,100 --> 06:15:43,993 Now these things that you see 9509 06:15:43,993 --> 06:15:45,803 that Wi-Fi Fisher Tor Browser 9510 06:15:45,803 --> 06:15:48,300 and announcer surely they can be imported 9511 06:15:48,300 --> 06:15:51,683 and download it on curly but they don't really come 9512 06:15:51,683 --> 06:15:54,300 pre-installed and that is what counts right now. 9513 06:15:54,900 --> 06:15:57,800 So since pirate OS also Is designed 9514 06:15:57,800 --> 06:16:00,987 with development in mind it also comes pre-installed 9515 06:16:00,987 --> 06:16:04,300 with a bunch of useful compilers for various languages 9516 06:16:04,300 --> 06:16:07,369 and ideas for their respective development, 9517 06:16:07,369 --> 06:16:10,600 which is completely absent on the Kali Linux side. 9518 06:16:10,600 --> 06:16:12,442 So for this part of hacking 9519 06:16:12,442 --> 06:16:16,400 tools parrot OS definitely takes a price now the next thing 9520 06:16:16,400 --> 06:16:17,484 that we are going 9521 06:16:17,484 --> 06:16:20,800 to compare both y'all both these operating systems is 9522 06:16:20,800 --> 06:16:24,300 release variations now both operating systems come 9523 06:16:24,300 --> 06:16:26,100 with a variety of variations, 9524 06:16:26,100 --> 06:16:28,700 but part OS has much more diversity 9525 06:16:28,700 --> 06:16:30,100 in terms of variety. 9526 06:16:30,100 --> 06:16:32,000 So let me just explain what I mean. 9527 06:16:32,000 --> 06:16:34,200 So as you guys can see on the left-hand side, 9528 06:16:34,200 --> 06:16:36,916 I have listed down the release variations 9529 06:16:36,916 --> 06:16:39,700 that are available for parrot OS now aside 9530 06:16:39,700 --> 06:16:41,101 from the full editions, 9531 06:16:41,101 --> 06:16:43,600 which is both provided by parrot and Kali. 9532 06:16:43,600 --> 06:16:47,700 They also both provide the light additions on parrot side 9533 06:16:47,700 --> 06:16:49,900 and the light Edition on Carly side. 9534 06:16:49,900 --> 06:16:52,200 They are both basically the same thing. 9535 06:16:52,200 --> 06:16:56,100 We're in minimalistic tools are actually pre-installed 9536 06:16:56,100 --> 06:16:59,371 and you can Install and customize the operating system 9537 06:16:59,371 --> 06:17:01,100 according to your own needs. 9538 06:17:01,100 --> 06:17:04,217 If you don't choose to customize the operating system, 9539 06:17:04,217 --> 06:17:06,864 you can very well use it as a very lightweight 9540 06:17:06,864 --> 06:17:08,600 and portable operating system. 9541 06:17:08,600 --> 06:17:10,247 So Peridot a slight addition 9542 06:17:10,247 --> 06:17:12,400 and Carly light additions are two flavors 9543 06:17:12,400 --> 06:17:13,600 of the operating system. 9544 06:17:14,000 --> 06:17:14,800 Now, this is 9545 06:17:14,800 --> 06:17:17,400 where the difference is such differences start. 9546 06:17:17,400 --> 06:17:19,610 So parrot os are Edition also exist. 9547 06:17:19,610 --> 06:17:21,000 So this is an addition 9548 06:17:21,000 --> 06:17:23,262 that is used for wireless penetration, 9549 06:17:23,262 --> 06:17:25,900 testing and wireless vulnerability testing. 9550 06:17:25,900 --> 06:17:28,700 So basically anything Thing Wireless parrot 9551 06:17:28,700 --> 06:17:32,300 OS erudition does it faster and does it better then? 9552 06:17:32,300 --> 06:17:34,709 There's also parrot OS Studio Edition, 9553 06:17:34,709 --> 06:17:37,900 which is used for multimedia content creation Yes. 9554 06:17:37,900 --> 06:17:41,275 You heard that right part it OS can also make content 9555 06:17:41,275 --> 06:17:42,774 for your social media. 9556 06:17:42,774 --> 06:17:45,500 So if you're thinking about using part OS 9557 06:17:45,500 --> 06:17:49,086 for marketing as well as security deposit OSU has 9558 06:17:49,086 --> 06:17:52,300 definitely your go-to operating system Carly 9559 06:17:52,300 --> 06:17:55,400 on the other hand aside from its light version 9560 06:17:55,400 --> 06:17:57,187 and full edition offers. 9561 06:17:57,187 --> 06:17:58,900 Some desktop interfaces 9562 06:17:58,900 --> 06:18:04,700 like the E17 KDE and xfce the Ubuntu mate and the lxde. 9563 06:18:05,000 --> 06:18:07,471 So these are basically just skins 9564 06:18:07,471 --> 06:18:08,856 that run over Cali 9565 06:18:09,100 --> 06:18:11,657 and basically make Ali look a little different 9566 06:18:11,657 --> 06:18:13,760 from one another you can check out all 9567 06:18:13,760 --> 06:18:17,000 these different customizations on the khari documentation. 9568 06:18:17,300 --> 06:18:20,300 Other than that Callie has also support for cloud 9569 06:18:20,300 --> 06:18:24,300 and iot devices in the form of the Armel and arm HF releases. 9570 06:18:24,300 --> 06:18:27,307 These releases are also available in parrot over. 9571 06:18:27,307 --> 06:18:29,500 ESO para Todo es doesn't stand down. 9572 06:18:29,500 --> 06:18:31,417 So as you guys see Peridot s 9573 06:18:31,417 --> 06:18:34,500 provides you a lot of diversity in the variety 9574 06:18:34,500 --> 06:18:35,900 that it is offering. 9575 06:18:35,900 --> 06:18:39,164 So in my opinion parrot OS also takes the price 9576 06:18:39,164 --> 06:18:40,300 in this section. 9577 06:18:41,200 --> 06:18:42,972 Now the main question remains 9578 06:18:42,972 --> 06:18:46,718 which of these two distributions is better for beginners Well, 9579 06:18:46,718 --> 06:18:49,850 it is to be duly noted that both these distributions 9580 06:18:49,850 --> 06:18:52,000 are not exactly meant for beginners. 9581 06:18:52,000 --> 06:18:55,600 If you want to learn about Linux as an operating system, 9582 06:18:55,600 --> 06:18:57,900 you're better off using something like Go bond 9583 06:18:57,900 --> 06:18:58,900 to or deepen. 9584 06:18:59,000 --> 06:19:00,431 This also doesn't mean 9585 06:19:00,431 --> 06:19:03,100 that you cannot learn the basics on parrot 9586 06:19:03,100 --> 06:19:05,100 or Kali on the other hand. 9587 06:19:05,100 --> 06:19:08,000 If you are already knowing the basics of Linux 9588 06:19:08,000 --> 06:19:09,300 and want to get your hands 9589 06:19:09,300 --> 06:19:12,000 on an operating system to learn ethical hacking. 9590 06:19:12,500 --> 06:19:16,013 I would personally recommend using the parrot SEC OS light 9591 06:19:16,013 --> 06:19:17,000 addition this is 9592 06:19:17,000 --> 06:19:19,500 because the light version comes with the bare minimum 9593 06:19:19,500 --> 06:19:20,706 of networking tools. 9594 06:19:20,706 --> 06:19:21,941 This means as you learn 9595 06:19:21,941 --> 06:19:25,200 your ethical hacking concept slowly you could develop 9596 06:19:25,200 --> 06:19:27,000 or install tools one by one. 9597 06:19:27,000 --> 06:19:30,100 Instead of being overwhelmed with a whole bunch of them 9598 06:19:30,100 --> 06:19:33,300 from the beginning not only does this allow yourself 9599 06:19:33,300 --> 06:19:35,167 to evolve as an ethical hacker 9600 06:19:35,167 --> 06:19:36,600 and penetration tester, 9601 06:19:36,600 --> 06:19:39,594 but it also makes sure your fundamentals are built 9602 06:19:39,594 --> 06:19:41,000 in a methodical manner. 9603 06:19:41,300 --> 06:19:43,453 Now, I recommend parrot OS / 9604 06:19:43,453 --> 06:19:46,174 Carly for one other reason to that is 9605 06:19:46,174 --> 06:19:49,500 because the default user for Callie is Route. 9606 06:19:49,500 --> 06:19:52,900 This makes the environment a whole lot more aggressive 9607 06:19:52,900 --> 06:19:55,045 and mistakes tend to be punished 9608 06:19:55,045 --> 06:19:58,800 and a whole lot more difficult to deal with So this means 9609 06:19:58,800 --> 06:20:02,400 that parted OS is generally the winner in my opinion. 9610 06:20:07,400 --> 06:20:10,000 When you get hired as a penetration tester 9611 06:20:10,000 --> 06:20:11,600 or a security analyst one 9612 06:20:11,600 --> 06:20:14,800 of the main rules is vulnerability assessment. 9613 06:20:15,000 --> 06:20:18,100 So what exactly is vulnerability assessment? 9614 06:20:18,100 --> 06:20:21,537 Well, I've already possessed man is the process of defining 9615 06:20:21,537 --> 06:20:22,900 identifying classifying 9616 06:20:22,900 --> 06:20:26,511 and prioritizing vulnerabilities in a computer system application 9617 06:20:26,511 --> 06:20:28,100 and network infrastructures 9618 06:20:28,100 --> 06:20:30,563 and providing organization doing the assessment 9619 06:20:30,563 --> 06:20:32,522 with the necessary knowledge awareness 9620 06:20:32,522 --> 06:20:34,952 and risk background to understand the threats 9621 06:20:34,952 --> 06:20:37,600 to its environment and react appropriately to them. 9622 06:20:37,600 --> 06:20:39,459 So vulnerability is a situation 9623 06:20:39,459 --> 06:20:41,997 that can be taken advantage of by a hacker 9624 06:20:41,997 --> 06:20:43,404 or a penetration tester 9625 06:20:43,404 --> 06:20:46,647 for their own misuse or actually for fixing the issue. 9626 06:20:46,647 --> 06:20:49,400 So while I'm ready assessment has three steps. 9627 06:20:49,400 --> 06:20:52,700 So the first step is actually identifying the assets 9628 06:20:52,700 --> 06:20:54,796 and the vulnerabilities of the system. 9629 06:20:54,796 --> 06:20:57,764 The second step is actually quantifying the assessment 9630 06:20:57,764 --> 06:21:01,000 and the third is reporting the results now vulnerability 9631 06:21:01,000 --> 06:21:02,901 assessment is only a small part 9632 06:21:02,901 --> 06:21:05,008 and Pen testing is an extended process 9633 06:21:05,008 --> 06:21:06,510 of vulnerability assessment 9634 06:21:06,510 --> 06:21:08,774 when testing NG or penetration testing 9635 06:21:08,774 --> 06:21:12,400 includes processes like scanning vulnerability assessment 9636 06:21:12,400 --> 06:21:14,411 and itself exploitation research 9637 06:21:14,411 --> 06:21:16,800 and Reporting whatever the results are. 9638 06:21:16,800 --> 06:21:19,442 So in the industry was the most widely 9639 06:21:19,442 --> 06:21:23,300 used Frameworks when penetration testing is Metasploit. 9640 06:21:23,300 --> 06:21:26,425 So Metasploit is widely used in penetration testing 9641 06:21:26,425 --> 06:21:29,938 as I just said and also used for exploitation research. 9642 06:21:29,938 --> 06:21:31,447 So some of you might ask 9643 06:21:31,447 --> 06:21:33,900 what exactly is an exploit research well 9644 06:21:33,900 --> 06:21:36,093 in this world there are tons of exploits 9645 06:21:36,093 --> 06:21:39,500 and the way to approach each Of them is ever so different. 9646 06:21:39,500 --> 06:21:42,700 So what we have to do is exploit all the research 9647 06:21:42,700 --> 06:21:43,945 that is available to us 9648 06:21:43,945 --> 06:21:46,584 and we have to find the best way to approach them. 9649 06:21:46,584 --> 06:21:49,479 So suppose, for example, you have a secure shell login. 9650 06:21:49,479 --> 06:21:52,382 So the best way to actually approach secure shell login 9651 06:21:52,382 --> 06:21:53,521 until my knowledge is 9652 06:21:53,521 --> 06:21:55,697 that you have to get a backdoor access 9653 06:21:55,697 --> 06:21:57,438 to this from the port numbers 9654 06:21:57,438 --> 06:21:59,556 that you can scan via nmap or eczema. 9655 06:21:59,556 --> 06:21:59,852 Okay. 9656 06:21:59,852 --> 06:22:02,087 So without wasting much time at looking 9657 06:22:02,087 --> 06:22:03,577 at prop and presentations, 9658 06:22:03,577 --> 06:22:06,900 let's actually get started as to how we can use Metasploit. 9659 06:22:06,900 --> 06:22:10,200 So So Metasploit is a freely available open source framework 9660 06:22:10,200 --> 06:22:12,000 that is widely used by pentesters 9661 06:22:12,000 --> 06:22:13,200 as we just discussed. 9662 06:22:13,200 --> 06:22:15,703 So to actually install Metasploit, 9663 06:22:15,703 --> 06:22:18,800 which is easily available on Linux and windows. 9664 06:22:18,800 --> 06:22:19,600 I guess. 9665 06:22:19,600 --> 06:22:21,100 Let me just check it out. 9666 06:22:21,100 --> 06:22:22,882 So you go on your browser 9667 06:22:22,882 --> 06:22:26,000 and you time Metasploit downloads now you just 9668 06:22:26,000 --> 06:22:27,600 visit the first link and 9669 06:22:27,600 --> 06:22:30,056 as you guys can see it says it's the world's most 9670 06:22:30,056 --> 06:22:31,491 used penetration testing tool 9671 06:22:31,491 --> 06:22:33,996 and then you just download the Metasploit framework 9672 06:22:33,996 --> 06:22:35,800 by clicking the download button here. 9673 06:22:35,800 --> 06:22:37,949 So y'all might also find Pro version 9674 06:22:37,949 --> 06:22:39,300 which is a paid thing. 9675 06:22:39,300 --> 06:22:41,500 And this has a little bit of extra features 9676 06:22:41,500 --> 06:22:42,558 like group support 9677 06:22:42,558 --> 06:22:45,600 and actually helping a company work as an organization, 9678 06:22:45,600 --> 06:22:47,000 but we don't actually need 9679 06:22:47,000 --> 06:22:49,500 that and practicing our pentesting abilities. 9680 06:22:49,500 --> 06:22:50,950 So for that you just go ahead 9681 06:22:50,950 --> 06:22:53,300 and download Metasploit framework and install it 9682 06:22:53,300 --> 06:22:54,149 on your system above 9683 06:22:54,149 --> 06:22:56,700 that there is another thing I want to get make you guys aware 9684 06:22:56,700 --> 06:22:58,400 of and that is Metasploit table. 9685 06:22:58,400 --> 06:23:01,400 So when actually been testing we need a server 9686 06:23:01,400 --> 06:23:04,000 or a website to actually pen testing zone. 9687 06:23:04,000 --> 06:23:05,200 So normally this is 9688 06:23:05,200 --> 06:23:07,500 a very illegal thing to do with our permission. 9689 06:23:07,500 --> 06:23:10,100 Ian so Met exploitable has actually created 9690 06:23:10,100 --> 06:23:12,700 a server with a lot of vulnerabilities on it 9691 06:23:12,700 --> 06:23:15,600 and it's called Metasploit able to somet exploitable 9692 06:23:15,600 --> 06:23:18,300 to is easily downloadable from this link 9693 06:23:18,300 --> 06:23:19,916 and it's a virtual box file. 9694 06:23:19,916 --> 06:23:22,681 So you guys must have a virtual machine software 9695 06:23:22,681 --> 06:23:25,100 on your system to actually set this thing up. 9696 06:23:25,100 --> 06:23:26,163 I'll also go through 9697 06:23:26,163 --> 06:23:28,334 how to actually set up Metasploit herbal 9698 06:23:28,334 --> 06:23:29,428 because it has a lot 9699 06:23:29,428 --> 06:23:32,311 of configuration and network management to go with it. 9700 06:23:32,311 --> 06:23:33,900 So we'll get to that later. 9701 06:23:33,900 --> 06:23:34,500 But for now, 9702 06:23:34,500 --> 06:23:37,200 let's get started with Metasploit table. 9703 06:23:37,200 --> 06:23:40,800 So before that Metasploit herbal is written in Ruby 9704 06:23:40,800 --> 06:23:43,535 and if you all know Ruby coding and y'all know 9705 06:23:43,535 --> 06:23:44,751 how to make exploits 9706 06:23:44,751 --> 06:23:48,400 y'all can also always contribute to the Metasploit community. 9707 06:23:48,400 --> 06:23:52,361 So Metasploit is one of the most widely used pen testing tools 9708 06:23:52,361 --> 06:23:53,400 in the industry. 9709 06:23:53,400 --> 06:23:55,452 So what exactly is Metasploit? 9710 06:23:55,452 --> 06:23:56,905 Well, it's a framework 9711 06:23:56,905 --> 06:24:01,000 and what a framework is is it's actually a collection of tools. 9712 06:24:01,000 --> 06:24:04,300 So these tools are majorly used for penetration testing 9713 06:24:04,300 --> 06:24:07,110 and exploitation research now one might ask 9714 06:24:07,110 --> 06:24:09,100 what Exactly is exploit research. 9715 06:24:09,100 --> 06:24:11,307 Well, there are tons of exploits out there 9716 06:24:11,307 --> 06:24:14,013 and there are tons of ways to actually approach them 9717 06:24:14,013 --> 06:24:15,372 and this only comes to us 9718 06:24:15,372 --> 06:24:18,198 from thorough research as to how we can approach each 9719 06:24:18,198 --> 06:24:20,100 and every exploit in their best way. 9720 06:24:20,200 --> 06:24:21,600 So talking about Metasploit. 9721 06:24:21,600 --> 06:24:25,155 Well, it's open source and free and it's also written in Ruby. 9722 06:24:25,155 --> 06:24:27,300 So if you guys know Ruby coding and know 9723 06:24:27,300 --> 06:24:29,743 how to make exploits y'all can always contribute 9724 06:24:29,743 --> 06:24:33,021 to the Metasploit framework now talking about the download part. 9725 06:24:33,021 --> 06:24:35,147 Well y'all can easily download Metasploit 9726 06:24:35,147 --> 06:24:36,500 from its download page, 9727 06:24:36,500 --> 06:24:37,822 which is - 9728 06:24:37,822 --> 06:24:41,600 Floyd.com download I'll be leaving the download link 9729 06:24:41,600 --> 06:24:43,000 in the description. 9730 06:24:43,000 --> 06:24:45,117 And once you're on the download page, 9731 06:24:45,117 --> 06:24:47,629 you'll see two versions one is the free version 9732 06:24:47,629 --> 06:24:49,800 which is the original Metasploit framework 9733 06:24:49,800 --> 06:24:52,449 and it's the core framework that everybody works on 9734 06:24:52,449 --> 06:24:54,184 and then there's Metasploit Pro 9735 06:24:54,184 --> 06:24:56,200 which comes with a 14 day free trial. 9736 06:24:56,200 --> 06:24:59,200 So Metasploit Pro actually has a few extra features, 9737 06:24:59,200 --> 06:25:01,200 which is great for an organization. 9738 06:25:01,200 --> 06:25:02,800 Like it helps you work as a team, 9739 06:25:02,800 --> 06:25:03,858 but if you're a guy 9740 06:25:03,858 --> 06:25:07,447 who's just practicing pentesting like me Metasploit framework, 9741 06:25:07,447 --> 06:25:10,300 Work the free version is the absolute way to go now. 9742 06:25:10,300 --> 06:25:11,611 Also when pentesting 9743 06:25:11,611 --> 06:25:14,727 you all will also need Metasploit table now met 9744 06:25:14,727 --> 06:25:18,200 exploitable is an intentionally vulnerable Target machine 9745 06:25:18,200 --> 06:25:20,900 for actually practicing your medicine flight skills 9746 06:25:20,900 --> 06:25:21,900 on so we will go 9747 06:25:21,900 --> 06:25:24,458 over the installation of Metasploit table later. 9748 06:25:24,458 --> 06:25:26,863 But for now, let's go over Metasploit table. 9749 06:25:26,863 --> 06:25:29,100 So once you guys have actually downloaded 9750 06:25:29,100 --> 06:25:32,200 the link y'all can actually install it on your systems 9751 06:25:32,200 --> 06:25:34,900 and Metasploit actually has three interfaces. 9752 06:25:34,900 --> 06:25:37,500 So we are going to be using the command line interface. 9753 06:25:37,500 --> 06:25:40,038 Or the msf console in other words, 9754 06:25:40,038 --> 06:25:44,500 but you all can also use the GUI interface which is called 9755 06:25:44,500 --> 06:25:46,325 Armitage if I'm not wrong. 9756 06:25:46,325 --> 06:25:47,800 So let's get started. 9757 06:25:47,800 --> 06:25:48,756 So first of all, 9758 06:25:48,756 --> 06:25:51,226 I've already actually downloaded Metasploit 9759 06:25:51,226 --> 06:25:52,911 and install it on my computer 9760 06:25:52,911 --> 06:25:56,500 and y'all can just do the same by pressing the download button 9761 06:25:56,500 --> 06:25:59,700 as you guys can see so just start up Metasploit. 9762 06:25:59,700 --> 06:26:02,300 All you have to do is go on your terminal 9763 06:26:02,500 --> 06:26:07,061 and so to start a Metasploit all you have to do. 9764 06:26:07,061 --> 06:26:09,676 Do is go on your terminal on Linux? 9765 06:26:10,400 --> 06:26:12,900 Well, we're starting upholstery SQL Server 9766 06:26:12,900 --> 06:26:15,800 because first of all the postgresql server 9767 06:26:15,800 --> 06:26:18,681 is the basis of all the Metasploit exploits 9768 06:26:18,681 --> 06:26:22,800 that are stored and starting it will just make it run faster. 9769 06:26:22,800 --> 06:26:29,600 So we go service post gray SQL and start 9770 06:26:29,700 --> 06:26:31,900 so that's the start of a service 9771 06:26:31,900 --> 06:26:37,200 and indeed it has so next thing you want to do is go in 9772 06:26:37,200 --> 06:26:39,400 and type msf console. 9773 06:26:39,900 --> 06:26:42,100 And that's going to take a little bit of time 9774 06:26:42,100 --> 06:26:43,700 because I was very slow computer 9775 06:26:43,700 --> 06:26:46,000 and it's going to start up our Metasploit free. 9776 06:26:47,100 --> 06:26:50,796 So as you guys can see you got a big banner out here. 9777 06:26:50,796 --> 06:26:53,000 It says Metasploit cyber mesial 9778 06:26:53,200 --> 06:26:56,494 and it's the banner changes every time don't get worried. 9779 06:26:56,494 --> 06:26:59,717 If you have a different banner and the main thing is 9780 06:26:59,717 --> 06:27:02,044 that you should see this msf thing out here. 9781 06:27:02,044 --> 06:27:04,589 So this means we are in the msf Shell right now, 9782 06:27:04,589 --> 06:27:06,700 which is the Metasploit framework shell. 9783 06:27:06,700 --> 06:27:09,500 So let's get started by actually curing our screen. 9784 06:27:09,700 --> 06:27:13,000 So first things first the first command that you 9785 06:27:13,000 --> 06:27:16,200 might want to run on a deployed is the help command. 9786 06:27:16,200 --> 06:27:17,916 So help will tell us everything 9787 06:27:17,916 --> 06:27:19,800 that we can do with this framework. 9788 06:27:19,800 --> 06:27:22,434 So as you guys can see there are a bunch of commands 9789 06:27:22,434 --> 06:27:24,500 and the descriptions to go along with it. 9790 06:27:24,500 --> 06:27:27,050 Y'all can give it a quick read and find the things 9791 06:27:27,050 --> 06:27:28,400 that are interesting to you. 9792 06:27:28,400 --> 06:27:30,464 So as you guys can see Banner is display 9793 06:27:30,464 --> 06:27:33,700 an awesome Metasploit Banner y'all can change the banner 9794 06:27:33,700 --> 06:27:35,900 as you guys can see there are a lot of Juicy commands 9795 06:27:35,900 --> 06:27:37,400 like there's a banner command, 9796 06:27:37,400 --> 06:27:38,600 which I just had used. 9797 06:27:38,600 --> 06:27:41,813 So if you go and die panel will give you a nice cool Banner 9798 06:27:41,813 --> 06:27:44,100 about Metasploit and there are other commands 9799 06:27:44,100 --> 06:27:46,300 which work very similar to Linux like CD. 9800 06:27:46,300 --> 06:27:49,300 Changes the current directory you can change the color 9801 06:27:49,300 --> 06:27:50,684 by toggling colors 9802 06:27:50,800 --> 06:27:54,100 and then you can connect to the host and all sorts of stuff. 9803 06:27:54,200 --> 06:27:56,900 So Metasploit has a bunch of exploits. 9804 06:27:56,900 --> 06:27:58,400 So before we go further, 9805 06:27:58,400 --> 06:28:01,300 I want to make you guys aware of three important terms 9806 06:28:01,300 --> 06:28:02,500 regarding Metasploit. 9807 06:28:02,500 --> 06:28:05,700 The first is a vulnerability and we had already discussed this 9808 06:28:05,700 --> 06:28:07,700 that a vulnerability is a situation 9809 06:28:07,700 --> 06:28:11,451 which can be taken advantage of by a system or a person 9810 06:28:11,451 --> 06:28:14,300 who axis so the second part is an exploit. 9811 06:28:14,300 --> 06:28:16,447 So what exactly is an exploit Yeah, 9812 06:28:16,447 --> 06:28:18,100 well an exploit is a module 9813 06:28:18,100 --> 06:28:21,300 which is a bunch of code written in Ruby on Metasploit 9814 06:28:21,300 --> 06:28:24,000 that is used to Target different vulnerabilities. 9815 06:28:24,000 --> 06:28:26,100 And the third thing is a payload. 9816 06:28:26,100 --> 06:28:29,400 So a payload is the action that you do 9817 06:28:29,400 --> 06:28:32,386 once you actually have access to somebody system. 9818 06:28:32,386 --> 06:28:35,000 So basically suppose you have hack somebody 9819 06:28:35,000 --> 06:28:37,300 and you've gained access to their system. 9820 06:28:37,300 --> 06:28:40,151 Now the activities you do after gaining access 9821 06:28:40,151 --> 06:28:43,700 is defined as the payload so we just spoke about exploits 9822 06:28:43,700 --> 06:28:44,751 and I told you guys 9823 06:28:44,751 --> 06:28:46,743 that Metasploit has a bunch of Right. 9824 06:28:46,743 --> 06:28:49,400 So how do we see all the exploits that are there? 9825 06:28:49,400 --> 06:28:52,000 So you go show exploits. 9826 06:28:57,500 --> 06:28:58,900 Well, as you guys 9827 06:28:58,900 --> 06:29:01,600 can see we've loaded up a bunch of exploits 9828 06:29:01,600 --> 06:29:03,600 which is basically all the exploits 9829 06:29:03,600 --> 06:29:06,000 that Metasploit has to offer at this moment. 9830 06:29:06,000 --> 06:29:10,214 So let me just increase the screen a bit and let's cruel 9831 06:29:10,214 --> 06:29:11,900 completely to the top. 9832 06:29:16,100 --> 06:29:16,900 Yep. 9833 06:29:17,100 --> 06:29:18,792 So as you guys can see 9834 06:29:19,300 --> 06:29:22,201 show exploits give us a bunch of exploits 9835 06:29:22,201 --> 06:29:27,000 and shows the name a description a disclosure did and the rank. 9836 06:29:27,000 --> 06:29:28,700 So the name and description is 9837 06:29:28,700 --> 06:29:31,297 as it says it's the name of the exploit and it's 9838 06:29:31,297 --> 06:29:32,900 a short description about it. 9839 06:29:32,900 --> 06:29:34,226 The disclosure date is 9840 06:29:34,226 --> 06:29:37,300 when the extract was actually released by Metasploit 9841 06:29:37,300 --> 06:29:38,113 and the rank is 9842 06:29:38,113 --> 06:29:40,489 how it has fared against the vulnerability. 9843 06:29:40,489 --> 06:29:43,600 It was released for since it was actually released. 9844 06:29:43,600 --> 06:29:47,139 So as you guys can see ranks range from Great good 9845 06:29:47,139 --> 06:29:50,100 and stuff and we have a bunch of exploits. 9846 06:29:50,100 --> 06:29:53,200 So as you guys can see there's an Android exploit. 9847 06:29:53,200 --> 06:29:56,300 There's a Samsung Galaxy knocks Android exploit. 9848 06:29:56,300 --> 06:29:58,800 There are bunch of Windows exploit 9849 06:29:58,800 --> 06:30:04,400 Adobe Flash exploit FTP exploits MySQL exploit asp.net exploits 9850 06:30:04,400 --> 06:30:05,956 and a bunch of other stuff. 9851 06:30:05,956 --> 06:30:09,300 So as you guys can see there are a bunch of exploits to use 9852 06:30:09,300 --> 06:30:10,900 and it can get confusing 9853 06:30:10,900 --> 06:30:14,100 and rather Troublesome to search for the exploit. 9854 06:30:14,100 --> 06:30:15,900 You actually want to use so 9855 06:30:15,900 --> 06:30:20,300 as A pen tester you can always go for the search keyword, 9856 06:30:20,300 --> 06:30:21,784 which is basically suppose, 9857 06:30:21,784 --> 06:30:23,740 you know that you have a MySQL server 9858 06:30:23,740 --> 06:30:24,550 which has a bunch 9859 06:30:24,550 --> 06:30:27,000 of vulnerabilities and you want to test those out. 9860 06:30:27,200 --> 06:30:30,500 So you simply go search my SQL now, 9861 06:30:30,500 --> 06:30:32,912 I'll search the database for all the exploits 9862 06:30:32,912 --> 06:30:35,600 that are related to mySQL and present them to you. 9863 06:30:42,100 --> 06:30:44,200 Okay, so we have our results. 9864 06:30:44,200 --> 06:30:47,266 So as you guys can see we have a bunch 9865 06:30:47,266 --> 06:30:49,500 of MySQL related module system. 9866 06:30:49,600 --> 06:30:53,205 Now at this makes it very easier if you are a pen tester 9867 06:30:53,205 --> 06:30:55,500 and you're looking for MySQL exploits 9868 06:30:55,500 --> 06:30:59,600 now suppose you choose your exploit and let's see, 9869 06:30:59,800 --> 06:31:01,300 let's choose. 9870 06:31:01,300 --> 06:31:03,500 Which one do we want to use today? 9871 06:31:03,500 --> 06:31:06,188 We're going to just use this MySQL hash dump. 9872 06:31:06,188 --> 06:31:08,587 So to actually use this we have to copy 9873 06:31:08,587 --> 06:31:12,500 the knee so double click on it and it'll just select it and New 9874 06:31:12,500 --> 06:31:14,600 go Ctrl shift C in your terminal 9875 06:31:15,000 --> 06:31:17,800 so that copies it and so 9876 06:31:17,800 --> 06:31:20,000 if you want some more information about it, 9877 06:31:20,000 --> 06:31:21,900 you can always go info 9878 06:31:22,300 --> 06:31:26,200 and then just paste in the name of the exploit. 9879 06:31:26,400 --> 06:31:29,500 So this gives us a bunch of information actually 9880 06:31:29,500 --> 06:31:32,599 gives us all the information you need about the exploits. 9881 06:31:32,599 --> 06:31:35,600 So it gives you the name that it's a MySQL password. 9882 06:31:35,600 --> 06:31:38,994 Hash dump its module name is Ox Terry scanner 9883 06:31:39,027 --> 06:31:40,423 and all this stuff. 9884 06:31:40,500 --> 06:31:42,147 It's licensed by Metasploit. 9885 06:31:42,147 --> 06:31:44,400 Framework in itself and it has a normal rang 9886 06:31:44,600 --> 06:31:48,200 and these are all the options that you might need to set 9887 06:31:48,200 --> 06:31:50,200 when actually using the exploit 9888 06:31:50,200 --> 06:31:52,761 and this also gives you a small description. 9889 06:31:52,761 --> 06:31:55,408 So it says this module extracts the user names 9890 06:31:55,408 --> 06:31:58,297 and encrypted password hashes from a MySQL server 9891 06:31:58,297 --> 06:31:59,200 and stores them 9892 06:31:59,200 --> 06:32:02,348 for later cracking so seems like really cool stuff. 9893 06:32:02,348 --> 06:32:06,000 You can do with ice cubes server and its password database. 9894 06:32:06,000 --> 06:32:08,300 So if you actually want to use this 9895 06:32:08,300 --> 06:32:10,800 so you have to use the use keyword. 9896 06:32:10,800 --> 06:32:15,000 So we go you Who's and control shift V? 9897 06:32:16,000 --> 06:32:19,600 So as you guys can see it's denoted in red out here 9898 06:32:19,600 --> 06:32:23,498 that we are indeed and exploit that we want to use. 9899 06:32:24,000 --> 06:32:24,800 Now. 9900 06:32:24,800 --> 06:32:26,700 The first thing you want to do 9901 06:32:26,700 --> 06:32:29,300 when you're using an exploit is you want 9902 06:32:29,300 --> 06:32:31,800 to go and say show options. 9903 06:32:32,900 --> 06:32:36,182 Now as you guys can see these are the options 9904 06:32:36,182 --> 06:32:39,300 that we actually need to set before using the exploit. 9905 06:32:39,300 --> 06:32:43,296 Now the options can be necessary or they can be optional 9906 06:32:43,296 --> 06:32:46,000 like so there's a password field out here, 9907 06:32:46,000 --> 06:32:47,571 which is not really necessary, 9908 06:32:47,571 --> 06:32:49,002 but will help your exploit 9909 06:32:49,002 --> 06:32:52,100 if you actually provide it but you need to provide 9910 06:32:52,100 --> 06:32:52,901 the our hosts 9911 06:32:52,901 --> 06:32:55,808 which is the targeting host machine and the port 9912 06:32:55,808 --> 06:32:58,900 and the threads is already set now suppose you want 9913 06:32:58,900 --> 06:33:00,843 to set the our hosts 9914 06:33:00,843 --> 06:33:02,612 so you can just go set. 9915 06:33:02,838 --> 06:33:06,300 Host and you can set it to whatever IP address 9916 06:33:06,300 --> 06:33:13,569 you want like suppose you want to address 192.168.1.1 56 some 9917 06:33:13,569 --> 06:33:14,876 of that sandwich. 9918 06:33:14,876 --> 06:33:16,722 I will set the our hosts. 9919 06:33:16,722 --> 06:33:21,300 You can also set the number of threads now threads are actually 9920 06:33:21,300 --> 06:33:23,669 what the threads mean and parallel processing 9921 06:33:23,669 --> 06:33:26,841 that mean how many parallel threads you're gonna run 9922 06:33:26,841 --> 06:33:28,900 so that you have faster computation. 9923 06:33:28,900 --> 06:33:30,980 So this means new need GPU power 9924 06:33:30,980 --> 06:33:34,100 if you have multiple threads running So let's set 9925 06:33:34,100 --> 06:33:35,404 threads 234 now 9926 06:33:35,800 --> 06:33:38,000 so we've set the threads 30 9927 06:33:38,200 --> 06:33:41,600 and then you can go show options again and see 9928 06:33:41,600 --> 06:33:44,900 that you have indeed actually set your options. 9929 06:33:44,900 --> 06:33:49,400 So we've set the threats to 30 and our host has also been set. 9930 06:33:49,500 --> 06:33:53,545 So that was all about how you can get into a module know 9931 06:33:53,545 --> 06:33:56,225 get some information about a module and 9932 06:33:56,225 --> 06:33:58,200 how can also use them or you 9933 06:33:58,200 --> 06:34:00,381 so once you're done using the module 9934 06:34:00,381 --> 06:34:03,000 or once you're done setting up the options, 9935 06:34:03,300 --> 06:34:08,300 You can go ahead and run the command run or even exploit 9936 06:34:08,500 --> 06:34:12,000 and this will start actually running exploit on the system 9937 06:34:12,000 --> 06:34:16,199 that we want to now of put in a very arbitrary IP address. 9938 06:34:16,199 --> 06:34:19,100 So and that not have MySQL Port running 9939 06:34:19,100 --> 06:34:20,900 so our exploit feel now 9940 06:34:20,900 --> 06:34:23,100 once you have desiderio exploit 9941 06:34:23,100 --> 06:34:26,000 and you want to go back to the main msf. 9942 06:34:26,000 --> 06:34:28,800 Unix shell just go ahead and type back. 9943 06:34:28,800 --> 06:34:30,400 It's as simple as that so 9944 06:34:30,400 --> 06:34:32,800 that brings us back to the msf command line. 9945 06:34:32,800 --> 06:34:35,100 I'm so let's go ahead and clear our screen now. 9946 06:34:36,200 --> 06:34:39,738 Okay, so it's time to do something interesting. 9947 06:34:40,300 --> 06:34:41,500 So to do that. 9948 06:34:41,500 --> 06:34:42,431 First of all, 9949 06:34:42,431 --> 06:34:43,729 we need to go ahead 9950 06:34:43,729 --> 06:34:46,600 and actually download Metasploit able to so 9951 06:34:46,600 --> 06:34:50,164 download Metasploit able to do you have to go on this link. 9952 06:34:50,164 --> 06:34:52,500 I'll leave the link in the description. 9953 06:34:52,800 --> 06:34:55,900 So or rather you can just go on your browser 9954 06:34:55,900 --> 06:35:00,100 and type in Metasploit able to download so met exploitable 9955 06:35:00,100 --> 06:35:04,800 as we had earlier discussed is a Linux based distribution 9956 06:35:04,800 --> 06:35:06,500 and It's mostly meant 9957 06:35:06,500 --> 06:35:09,100 for actually practicing your pen testing skills. 9958 06:35:09,100 --> 06:35:11,700 So basically it has a bunch of ports open on it. 9959 06:35:11,700 --> 06:35:13,570 So it's basically just for your he's 9960 06:35:13,570 --> 06:35:15,082 so that you don't go ahead 9961 06:35:15,082 --> 06:35:17,300 and test it out on some valid website 9962 06:35:17,300 --> 06:35:18,791 and then get thrown into jail 9963 06:35:18,791 --> 06:35:20,900 because that's a very illegal thing to do. 9964 06:35:20,900 --> 06:35:24,600 So go ahead and download Metasploit able to and then 9965 06:35:24,600 --> 06:35:30,100 also download Oracle virtualbox machine Oracle virtualbox. 9966 06:35:30,300 --> 06:35:32,600 So you all can also easily download 9967 06:35:32,600 --> 06:35:35,580 that from www.virtualbox.org. 9968 06:35:35,610 --> 06:35:36,500 And this is 9969 06:35:36,500 --> 06:35:39,400 because you should never run mad exploitable to on a system 9970 06:35:39,400 --> 06:35:40,933 that is connected to a network. 9971 06:35:40,933 --> 06:35:43,179 You should always use it on a virtual machine 9972 06:35:43,179 --> 06:35:45,071 because it's Protected Their Faith so 9973 06:35:45,071 --> 06:35:46,700 that nobody else can access it. 9974 06:35:46,700 --> 06:35:49,100 So to actually set up Metasploit table. 9975 06:35:49,100 --> 06:35:51,790 Once you've downloaded it you go ahead 9976 06:35:51,790 --> 06:35:53,900 and open up your virtual box. 9977 06:35:54,200 --> 06:35:57,700 So out here you have to go into Global tools 9978 06:35:57,800 --> 06:36:01,700 and you create a host only network manager now already 9979 06:36:01,700 --> 06:36:05,200 created a host only network manager and then you go ahead 9980 06:36:05,200 --> 06:36:08,600 and enable the DHCP server by pressing this out here 9981 06:36:08,600 --> 06:36:10,800 like enable then you go back 9982 06:36:10,800 --> 06:36:13,500 and you just go new you give it 9983 06:36:13,500 --> 06:36:15,500 a name like whatever you want to name it. 9984 06:36:15,500 --> 06:36:17,600 I have already named mine Metasploit with to 9985 06:36:17,600 --> 06:36:18,776 as you guys can see. 9986 06:36:18,776 --> 06:36:20,400 So we're going to call this demo 9987 06:36:20,400 --> 06:36:24,400 for just demonstration purposes choose a type to be Linux 9988 06:36:24,400 --> 06:36:28,800 and it someone to 64-bit click next give it a gig of RAM 9989 06:36:28,800 --> 06:36:32,400 and you are going to use an existing virtual hard disk 9990 06:36:32,400 --> 06:36:35,000 so out here you just click on this button out here 9991 06:36:35,000 --> 06:36:36,150 and Browse to the place 9992 06:36:36,150 --> 06:36:37,619 where you actually downloaded 9993 06:36:37,619 --> 06:36:40,000 and unzipped your Metasploit will download file. 9994 06:36:40,000 --> 06:36:42,824 Then you get this virtual machine disk file, 9995 06:36:42,824 --> 06:36:44,257 which is with vmdk file 9996 06:36:44,257 --> 06:36:46,500 and you just go ahead and load it up. 9997 06:36:46,500 --> 06:36:47,600 So I'm not going to do 9998 06:36:47,600 --> 06:36:49,800 that again because that's just going to eat up my Ram 9999 06:36:49,800 --> 06:36:51,750 and I've already installed it up to you. 10000 06:36:51,750 --> 06:36:53,474 So that was all about the installation 10001 06:36:53,474 --> 06:36:54,500 and the configuration. 10002 06:36:54,500 --> 06:36:57,300 So now let's get started and let's start playing 10003 06:36:57,300 --> 06:36:58,652 around with Metasploit. 10004 06:36:58,652 --> 06:37:00,500 So once you're done downloading 10005 06:37:00,500 --> 06:37:03,711 and installing Metasploit table on your computer, 10006 06:37:03,711 --> 06:37:06,817 all you have to do is Is go ahead and start it up 10007 06:37:06,817 --> 06:37:10,000 in your virtual box machine and the login ID 10008 06:37:10,000 --> 06:37:11,800 and the password both are msf. 10009 06:37:11,800 --> 06:37:12,300 Admin. 10010 06:37:12,700 --> 06:37:13,500 So first of all, 10011 06:37:13,500 --> 06:37:17,510 we need the IP address of our Metasploit double server. 10012 06:37:17,510 --> 06:37:21,800 So we go ifconfig and this gives us the address. 10013 06:37:21,802 --> 06:37:26,500 So as you can see out here are addresses 192.168.1.2 6. 10014 06:37:26,500 --> 06:37:27,500 101. 10015 06:37:27,700 --> 06:37:30,600 So once you've go ahead and started a Metasploit herbal, 10016 06:37:30,600 --> 06:37:33,879 it's time that we go ahead and exploit all the vulnerabilities 10017 06:37:33,879 --> 06:37:35,600 that is presented to us by meds. 10018 06:37:35,600 --> 06:37:37,100 Able to so do that. 10019 06:37:37,100 --> 06:37:40,100 Let's head back to our Linux terminal again. 10020 06:37:40,700 --> 06:37:46,280 So once we have the IP address that was 192.168.0 6.11 10021 06:37:46,300 --> 06:37:47,600 if I am correct, 10022 06:37:47,900 --> 06:37:49,115 so let's go 10023 06:37:49,115 --> 06:37:53,269 and quickly get a little bit of information about that. 10024 06:37:53,300 --> 06:38:00,600 So who is 192.168.1.1 6.1 o 1 so this will give us 10025 06:38:00,700 --> 06:38:03,974 who is on Metasploit able to and will give us a bunch 10026 06:38:03,974 --> 06:38:06,903 of information as to To how the server is set up 10027 06:38:06,903 --> 06:38:07,900 where is set up? 10028 06:38:07,900 --> 06:38:10,700 The ports are open and various other things. 10029 06:38:10,900 --> 06:38:13,800 So as you guys can see this gave us a complete 10030 06:38:13,800 --> 06:38:16,301 who is so to get some more information 10031 06:38:16,301 --> 06:38:17,600 about our Metasploit. 10032 06:38:17,600 --> 06:38:18,400 Double Servo. 10033 06:38:18,400 --> 06:38:20,136 We're going to be using nmap. 10034 06:38:20,136 --> 06:38:20,372 Now. 10035 06:38:20,372 --> 06:38:23,425 If you guys don't know about how to use nmap you can go out 10036 06:38:23,425 --> 06:38:25,900 and check my other video on the playlist of made 10037 06:38:25,900 --> 06:38:27,700 a pretty good and map tutorial. 10038 06:38:28,000 --> 06:38:30,400 So we go and map - 10039 06:38:30,400 --> 06:38:35,300 F - s and V which is steel version and we give it. 10040 06:38:35,600 --> 06:38:41,400 the name or the domain name server and 2.16 856 R11 10041 06:38:42,500 --> 06:38:46,000 So we've got a juicy result out here and we can see 10042 06:38:46,000 --> 06:38:48,400 that there's a bunch of stuff open. 10043 06:38:48,500 --> 06:38:52,192 So as you guys can see there's the FTP poor open, 10044 06:38:52,192 --> 06:38:55,800 which has a version of vsf tpd 2.3.4. 10045 06:38:55,900 --> 06:39:00,200 There's also openssh, which is for .7 P1 DPN. 10046 06:39:00,300 --> 06:39:03,429 There's also tell languages almost miserable to have talent 10047 06:39:03,429 --> 06:39:04,900 running on your computer. 10048 06:39:05,000 --> 06:39:06,400 Then there's SMTP. 10049 06:39:06,500 --> 06:39:09,200 There's HTTP and there's a bunch of ports open 10050 06:39:09,200 --> 06:39:11,400 as you guys can just see on your screen. 10051 06:39:11,600 --> 06:39:14,836 So it's We actually used Metasploit like a pen tester 10052 06:39:14,836 --> 06:39:17,700 to go ahead and test out these vulnerabilities. 10053 06:39:17,800 --> 06:39:20,400 So let's choose these FTP things. 10054 06:39:20,600 --> 06:39:23,300 So we have this fdp out here. 10055 06:39:23,700 --> 06:39:25,800 So from the version number, 10056 06:39:25,800 --> 06:39:28,700 which is given to us by the steel version flag 10057 06:39:28,700 --> 06:39:33,100 on and map we know that it's using vsf tpd 2.3.4. 10058 06:39:33,300 --> 06:39:37,500 So we can easily search for an exploit of the same version. 10059 06:39:37,500 --> 06:39:44,500 So as a pen tester you would go search V SFTP D 2.3.4. 10060 06:39:45,200 --> 06:39:47,100 So this should give us all the exploits 10061 06:39:47,100 --> 06:39:50,400 that are available for this particular vulnerability. 10062 06:39:51,800 --> 06:39:54,400 So as you guys can see after a long search 10063 06:39:54,400 --> 06:39:56,500 from the search vsf tpd, 10064 06:39:56,500 --> 06:39:58,000 we found a vulnerability 10065 06:39:58,000 --> 06:40:01,095 or an exploit that can take advantage of the binary. 10066 06:40:01,095 --> 06:40:03,100 So it's time we actually use this. 10067 06:40:03,100 --> 06:40:04,200 So first of all, 10068 06:40:04,200 --> 06:40:06,856 let's get some info about this so info. 10069 06:40:06,856 --> 06:40:08,593 Let's copy down this thing 10070 06:40:08,593 --> 06:40:11,200 and then let's get some info about this. 10071 06:40:11,200 --> 06:40:13,200 So as a small module description 10072 06:40:13,200 --> 06:40:15,500 says this module exploits a malicious back door 10073 06:40:15,500 --> 06:40:18,600 that was added to be SFTP D download archive. 10074 06:40:18,600 --> 06:40:20,600 This backdoor was introduced. 10075 06:40:20,602 --> 06:40:22,700 In the vsf tpd, 2.3.4, 10076 06:40:22,700 --> 06:40:26,400 tar.gz archive between June 30th and voila voila. 10077 06:40:26,700 --> 06:40:30,200 So we have the options of setting in our host. 10078 06:40:30,200 --> 06:40:34,200 It has an available targets provided by these guys, 10079 06:40:34,200 --> 06:40:37,000 and it's a pretty good exploit in my opinion. 10080 06:40:37,700 --> 06:40:39,600 So let's go ahead and use it. 10081 06:40:39,600 --> 06:40:43,200 So we go use and love the exploit. 10082 06:40:43,684 --> 06:40:45,300 So it's visible to us 10083 06:40:45,300 --> 06:40:49,300 that again entered exploit module which is eunuch / 10084 06:40:49,300 --> 06:40:52,400 FTP SFTP D 234 back door. 10085 06:40:52,500 --> 06:40:55,100 So what we're going to do is we are going to actually 10086 06:40:55,100 --> 06:40:58,400 gain a backdoor access to our met exploitable system. 10087 06:40:58,800 --> 06:41:00,800 So to actually make this more believable. 10088 06:41:01,200 --> 06:41:05,700 So if you guys go into your Metasploit herbal system, 10089 06:41:05,700 --> 06:41:06,817 so you guys can see 10090 06:41:06,817 --> 06:41:09,100 that That you are in the root directory 10091 06:41:09,100 --> 06:41:11,100 so you can gain some root access 10092 06:41:11,100 --> 06:41:16,200 by going sudo Su and going msf admin. 10093 06:41:16,600 --> 06:41:18,814 So we're now root user in the msf. 10094 06:41:18,814 --> 06:41:21,700 Admin or rather the Metasploit will console. 10095 06:41:21,700 --> 06:41:26,000 So if we go LS we can see the various files and 10096 06:41:26,000 --> 06:41:28,500 if you go sleepy / home 10097 06:41:28,500 --> 06:41:32,400 when the home directory now and if you do LS out here we can see 10098 06:41:32,400 --> 06:41:34,600 that there are a bunch of stuff. 10099 06:41:34,600 --> 06:41:36,300 So there's an FTP folder. 10100 06:41:36,300 --> 06:41:39,358 There's a hack Folder there's a times of admin folder 10101 06:41:39,358 --> 06:41:41,024 and the service in this user. 10102 06:41:41,102 --> 06:41:42,396 So that's five folders 10103 06:41:42,396 --> 06:41:43,861 if you guys remember so now 10104 06:41:43,861 --> 06:41:46,137 what we're going to do is we're going to gain 10105 06:41:46,137 --> 06:41:48,000 some back door access into the system 10106 06:41:48,000 --> 06:41:50,050 and we're going to create a bunch of folders 10107 06:41:50,050 --> 06:41:51,100 in the home directory. 10108 06:41:51,100 --> 06:41:52,900 So let's get on doing that. 10109 06:41:52,900 --> 06:41:56,900 So to do that we head back to our marriage like terminal 10110 06:41:57,300 --> 06:41:59,200 and we go show options 10111 06:41:59,200 --> 06:42:02,200 as we had already entered are exploited. 10112 06:42:02,200 --> 06:42:03,788 So go show options. 10113 06:42:04,200 --> 06:42:05,611 So as we see the options 10114 06:42:05,611 --> 06:42:08,542 that we have to provide is the ER host and port number 10115 06:42:08,542 --> 06:42:10,700 now the port number has already been set 10116 06:42:10,700 --> 06:42:11,700 because it's 21. 10117 06:42:11,700 --> 06:42:12,960 That's where FTB runs 10118 06:42:12,960 --> 06:42:16,200 or other TCP runs and we now just have to set the host. 10119 06:42:16,200 --> 06:42:19,500 So to set the host we have to just put it in the IP address 10120 06:42:19,500 --> 06:42:21,100 of our Metasploit herbal server. 10121 06:42:21,800 --> 06:42:24,700 So if I remember correctly it set our hosts 10122 06:42:24,900 --> 06:42:28,800 to 192.168 / 56 Art 101. 10123 06:42:29,500 --> 06:42:32,700 So that has said are our hosts so we can again check 10124 06:42:32,700 --> 06:42:36,100 that if we've done it correctly by going show options. 10125 06:42:36,600 --> 06:42:39,200 And we indeed have set our hosts. 10126 06:42:39,300 --> 06:42:39,579 Now. 10127 06:42:39,579 --> 06:42:42,100 All we have to do is run the exploit. 10128 06:42:42,100 --> 06:42:44,000 So we go and hit run. 10129 06:42:44,800 --> 06:42:47,830 So as you guys can see we have actually gained 10130 06:42:47,830 --> 06:42:50,500 a back door service has found and handling 10131 06:42:50,500 --> 06:42:53,300 and the command shell session has started now you 10132 06:42:53,300 --> 06:42:56,500 might be confused as to why do I have this blinking line? 10133 06:42:56,500 --> 06:42:59,200 Well, this blinking line actually means 10134 06:42:59,200 --> 06:43:02,700 that you are inside the Metasploit herbal server. 10135 06:43:02,700 --> 06:43:05,470 That means we have already gained the backdoor access 10136 06:43:05,470 --> 06:43:06,847 and is taking line denotes 10137 06:43:06,847 --> 06:43:09,600 that we are on the terminal of Metasploit able to now 10138 06:43:09,600 --> 06:43:11,300 if you don't guys don't believe me, 10139 06:43:11,300 --> 06:43:13,100 let's do some experimenting. 10140 06:43:13,200 --> 06:43:14,200 So as I had said, 10141 06:43:14,200 --> 06:43:17,785 I'll create a bunch of folders in the home directory. 10142 06:43:17,785 --> 06:43:20,300 So let's change the home directory first 10143 06:43:20,300 --> 06:43:21,310 or rather first. 10144 06:43:21,310 --> 06:43:23,900 You can also do a who am I and instead you 10145 06:43:23,900 --> 06:43:28,500 that you're the root user next you go and do CD / home 10146 06:43:28,800 --> 06:43:30,900 and I'll change the home directory. 10147 06:43:30,900 --> 06:43:33,300 Now, let's make a bunch of folders 10148 06:43:33,300 --> 06:43:35,300 like make directory. 10149 06:43:36,200 --> 06:43:39,400 This is a test. 10150 06:43:39,600 --> 06:43:41,700 So that should have made a directory. 10151 06:43:42,292 --> 06:43:44,907 So let's go into that directory CD. 10152 06:43:45,000 --> 06:43:47,900 This is a test. 10153 06:43:48,400 --> 06:43:51,092 So we're already into the directory. 10154 06:43:51,092 --> 06:43:52,246 This is a test. 10155 06:43:52,255 --> 06:43:52,563 Now. 10156 06:43:52,563 --> 06:43:57,100 Let's make a file called targets Dot txt. 10157 06:43:58,400 --> 06:44:00,100 So that creates 12. 10158 06:44:00,700 --> 06:44:01,951 So just to see 10159 06:44:01,951 --> 06:44:04,797 if you have actually done it properly. 10160 06:44:04,800 --> 06:44:06,700 Let's go back to our Metasploit herbal. 10161 06:44:06,700 --> 06:44:11,500 So Now in the home directory you go and type in LS again. 10162 06:44:12,500 --> 06:44:13,200 Okay. 10163 06:44:13,200 --> 06:44:15,100 So let's type in LS and see so 10164 06:44:15,100 --> 06:44:17,725 as you guys can see we have created. 10165 06:44:17,725 --> 06:44:19,000 This is a test folder 10166 06:44:19,000 --> 06:44:21,270 and it's already available then so let's go 10167 06:44:21,270 --> 06:44:22,800 and move into that folder. 10168 06:44:22,800 --> 06:44:26,200 So this is a test and we are already in that folder. 10169 06:44:26,200 --> 06:44:28,600 So I'm we are also created a text file 10170 06:44:28,600 --> 06:44:30,200 which was called targets. 10171 06:44:30,300 --> 06:44:31,800 So that was LS 10172 06:44:31,900 --> 06:44:33,900 and it should give us a Target start txt. 10173 06:44:34,000 --> 06:44:37,381 So as you guys just saw we gained a backdoor access 10174 06:44:37,381 --> 06:44:40,358 into a remote system through a vulnerability 10175 06:44:40,358 --> 06:44:42,682 that was available to us on the FTP. 10176 06:44:42,682 --> 06:44:44,000 Port so we first did 10177 06:44:44,000 --> 06:44:46,812 that by scanning the entire domain name server 10178 06:44:46,812 --> 06:44:48,500 of Metasploit table by nmap 10179 06:44:48,500 --> 06:44:51,617 and gaining some intelligence as to what ports are running 10180 06:44:51,617 --> 06:44:53,530 and watch boats are actually open 10181 06:44:53,530 --> 06:44:56,100 then we found out that the FTP port is open. 10182 06:44:56,100 --> 06:44:59,400 Then we went on to Metasploit and we found out exploit 10183 06:44:59,400 --> 06:45:02,265 that vulnerability very successfully we found out 10184 06:45:02,265 --> 06:45:03,458 how to use the exploit 10185 06:45:03,458 --> 06:45:06,400 some information about that exploit and in the end, 10186 06:45:06,400 --> 06:45:08,700 we actually executed at months 10187 06:45:08,700 --> 06:45:10,714 and we are already in that folder. 10188 06:45:10,714 --> 06:45:12,973 So and we are also created a Text file 10189 06:45:12,973 --> 06:45:14,500 which was called targets. 10190 06:45:14,500 --> 06:45:16,100 So that was LS 10191 06:45:16,100 --> 06:45:18,100 and it should give us a Target start txt. 10192 06:45:18,300 --> 06:45:21,687 So as you guys just saw we gained a backdoor access 10193 06:45:21,687 --> 06:45:24,600 into a remote system through a vulnerability 10194 06:45:24,600 --> 06:45:27,500 that was available to us on the FTP Port. 10195 06:45:27,500 --> 06:45:31,173 So we first did that by scanning the entire domain name server 10196 06:45:31,173 --> 06:45:32,800 of Metasploit table by nmap 10197 06:45:32,800 --> 06:45:35,858 and gaining some intelligence as to what ports are running 10198 06:45:35,858 --> 06:45:37,800 and what sports are actually open. 10199 06:45:37,800 --> 06:45:40,300 Then we found out that the FTP port is open. 10200 06:45:40,300 --> 06:45:43,658 Then we went on to Metasploit and He found out exploit 10201 06:45:43,658 --> 06:45:46,700 that vulnerability very successfully we found out 10202 06:45:46,700 --> 06:45:47,800 how to use the exploit 10203 06:45:47,800 --> 06:45:50,400 some information about that exploit and in the end, 10204 06:45:50,400 --> 06:45:52,800 we actually executed at months. 10205 06:45:58,000 --> 06:45:59,500 Now you guys must be wondering 10206 06:45:59,500 --> 06:46:02,000 what exactly is and map and why should I learn it? 10207 06:46:02,000 --> 06:46:03,883 Well and map is a network scanner 10208 06:46:03,883 --> 06:46:07,059 that is widely used by ethical hackers to scan networks 10209 06:46:07,059 --> 06:46:08,295 as the name suggests. 10210 06:46:08,295 --> 06:46:11,500 Now, you might wonder why do I need a network scallop? 10211 06:46:11,500 --> 06:46:13,900 Well, Let me give you an example. 10212 06:46:13,900 --> 06:46:15,714 So suppose you have a Wi-Fi 10213 06:46:15,714 --> 06:46:18,194 that has been set up in your new house 10214 06:46:18,194 --> 06:46:19,237 and you realize 10215 06:46:19,237 --> 06:46:23,200 that your data is being actually consumed at a faster rate 10216 06:46:23,200 --> 06:46:25,100 than you are using it. 10217 06:46:25,200 --> 06:46:25,700 Now. 10218 06:46:25,800 --> 06:46:26,900 You have suspected 10219 06:46:26,900 --> 06:46:29,500 that it's your pesky neighbor who keeps on connecting 10220 06:46:29,500 --> 06:46:31,700 to your Wi-Fi and eating up all your data. 10221 06:46:31,700 --> 06:46:34,000 So to actually confirm all your doubts. 10222 06:46:34,000 --> 06:46:36,200 What you want to do is a network scan 10223 06:46:36,200 --> 06:46:39,100 and nmap is a pretty wonderful tool to do 10224 06:46:39,100 --> 06:46:42,300 that now nmap runs on Linux. 10225 06:46:42,500 --> 06:46:43,900 Mac OS and windows 10226 06:46:43,900 --> 06:46:47,071 and I'm mostly going to be running this on Linux 10227 06:46:47,071 --> 06:46:50,715 because that's what I do most of my penetration testing 10228 06:46:50,715 --> 06:46:52,200 and network testing on 10229 06:46:52,269 --> 06:46:54,461 so let's go ahead and get on 10230 06:46:54,461 --> 06:46:58,000 with the installation of nmap on your computer. 10231 06:46:58,000 --> 06:47:02,000 So what you do is go apt-get install and map now 10232 06:47:02,000 --> 06:47:05,100 for this you have to be logged in as root. 10233 06:47:05,100 --> 06:47:07,400 If you're not logged in as root just add pseudo 10234 06:47:07,400 --> 06:47:10,200 before this whole command and it will install it now. 10235 06:47:10,200 --> 06:47:12,400 I already have nmap installed so Um, 10236 06:47:12,400 --> 06:47:14,800 not really going to install it again and again, 10237 06:47:14,900 --> 06:47:20,700 so let's just go ahead and just do a few scans on our website 10238 06:47:20,700 --> 06:47:22,623 that is www.eddecosta.com 10239 06:47:22,623 --> 06:47:26,800 and we are going to see what we get back as results. 10240 06:47:26,800 --> 06:47:28,900 So first of all, let me just show you 10241 06:47:28,900 --> 06:47:32,100 how you can scan a certain domain name servers or DNS. 10242 06:47:32,100 --> 06:47:35,200 So at map we are going to use a flag all the time now, 10243 06:47:35,200 --> 06:47:37,200 let me just tell you what our flag. 10244 06:47:37,200 --> 06:47:39,246 So if you just go to nmap and type - - 10245 06:47:39,246 --> 06:47:41,900 help this will give you all the flags and options 10246 06:47:41,900 --> 06:47:45,100 that are available to Actually use on any map. 10247 06:47:45,100 --> 06:47:48,647 So if you are actually stuck and you can't remember stuff, 10248 06:47:48,647 --> 06:47:50,444 let's go in and type and Mom - 10249 06:47:50,444 --> 06:47:53,800 help and it will give you all the stuff now Network scans 10250 06:47:53,800 --> 06:47:55,314 generally take a long time. 10251 06:47:55,314 --> 06:47:58,400 So I'm going to be using the fast mode most of the time. 10252 06:47:58,400 --> 06:47:59,400 So for fast mode, 10253 06:47:59,400 --> 06:48:02,731 all you have to do is type in any record dot go and sit 10254 06:48:02,731 --> 06:48:05,021 and wait for this can't get over now 10255 06:48:05,021 --> 06:48:06,200 when the scan gets 10256 06:48:06,200 --> 06:48:10,600 over you will see a bunch of information and let me just wait 10257 06:48:10,600 --> 06:48:12,083 till that information pops up 10258 06:48:12,083 --> 06:48:14,800 and then we will talk about the information together. 10259 06:48:14,800 --> 06:48:15,124 Okay. 10260 06:48:15,124 --> 06:48:18,500 So as you guys can see our scan has been completed 10261 06:48:18,500 --> 06:48:21,700 it took 13 .71 seconds to actually do the scan. 10262 06:48:21,700 --> 06:48:25,200 Now as you guys can see it shows us the port's the states 10263 06:48:25,200 --> 06:48:28,800 and the services now the porch is basically the port number 10264 06:48:28,800 --> 06:48:29,867 which are service 10265 06:48:29,867 --> 06:48:33,135 that is also bind it to is working on so we can see 10266 06:48:33,135 --> 06:48:34,900 that SSH service is working 10267 06:48:34,900 --> 06:48:38,200 on port number 22 SMTP on 25 actually 10268 06:48:38,200 --> 06:48:42,300 Beyond 80 our PC by 911 and Sgt. 10269 06:48:42,500 --> 06:48:44,900 BS on 443 so that is 10270 06:48:44,900 --> 06:48:48,255 how you can use nmap to scan a certain website. 10271 06:48:48,255 --> 06:48:51,100 Now if you see and map has also given us 10272 06:48:51,100 --> 06:48:53,000 the public IP of the DNS 10273 06:48:53,000 --> 06:48:56,100 because what nmap does is it looks at the DNS 10274 06:48:56,100 --> 06:48:58,204 and then translate it to an IP 10275 06:48:58,204 --> 06:49:00,800 that is recognized to that DNS server. 10276 06:49:00,800 --> 06:49:01,600 So nmap. 10277 06:49:01,600 --> 06:49:03,500 Also Returns the public IP. 10278 06:49:03,500 --> 06:49:06,600 So what we can do also is and map - 10279 06:49:06,600 --> 06:49:12,300 F and 34.2 10.2 30 and Dot. 10280 06:49:12,400 --> 06:49:13,400 35. 10281 06:49:13,900 --> 06:49:14,219 Okay. 10282 06:49:14,219 --> 06:49:15,615 So as you guys can see 10283 06:49:15,615 --> 06:49:19,200 that our command also works when we put in the IP address 10284 06:49:19,200 --> 06:49:21,400 and it produces the same results. 10285 06:49:21,400 --> 06:49:24,700 Now we can also scan 10286 06:49:24,700 --> 06:49:28,800 for multiple hosts now suppose you are on a network 10287 06:49:28,800 --> 06:49:30,754 and you want to scan for multiple hosts now. 10288 06:49:30,754 --> 06:49:33,300 You don't really want to run different commands for that. 10289 06:49:33,300 --> 06:49:36,700 Now what you can do is just go in and type and map and a bunch 10290 06:49:36,700 --> 06:49:48,290 of IP addresses like 192.168.1.1 and Or 1.2 and 192.168.1.3 10291 06:49:48,320 --> 06:49:51,800 and what this will do is it will draw the net Maps scan 10292 06:49:51,800 --> 06:49:53,600 on these three different IP addresses 10293 06:49:53,600 --> 06:49:57,100 and you did this in just one command. 10294 06:49:57,100 --> 06:49:59,700 So that's a way that you can do this. 10295 06:49:59,700 --> 06:50:00,500 Now. 10296 06:50:00,500 --> 06:50:01,852 You can also know about 10297 06:50:01,852 --> 06:50:05,000 how much of your scan is left by just pressing the up button 10298 06:50:05,000 --> 06:50:06,290 so that will tell you 10299 06:50:06,290 --> 06:50:10,100 and give you a constant update on how your scan is going like - 10300 06:50:10,100 --> 06:50:13,300 32.4% Dot and 4.7 now 10301 06:50:13,300 --> 06:50:16,000 and also show you kind of the time remaining. 10302 06:50:16,200 --> 06:50:16,559 Okay. 10303 06:50:16,559 --> 06:50:19,000 So till this port scan is going on. 10304 06:50:19,000 --> 06:50:21,300 Let me just tell you about the states now States 10305 06:50:21,300 --> 06:50:24,300 can be of two types open closed and unavailable. 10306 06:50:24,300 --> 06:50:27,050 Sometimes you will see that it is unavailable and that's 10307 06:50:27,050 --> 06:50:29,700 because some sort of 5 all or something is running out 10308 06:50:29,700 --> 06:50:32,700 there states can also be closed in that case mostly 10309 06:50:32,700 --> 06:50:34,600 and math will not return you any result 10310 06:50:34,600 --> 06:50:38,627 unless you're explicitly finding something of the closed state. 10311 06:50:38,627 --> 06:50:42,200 So that was a little trivia on States and how they work. 10312 06:50:42,219 --> 06:50:44,312 How much are Scott has done 10313 06:50:44,312 --> 06:50:48,389 so a scout is dot 81% takes around another 20 seconds. 10314 06:50:48,400 --> 06:50:49,800 It should be done soon. 10315 06:50:49,800 --> 06:50:50,400 Now. 10316 06:50:50,400 --> 06:50:54,815 This scan could be significantly made faster with just EF tag, 10317 06:50:54,815 --> 06:50:58,000 but I really want to give you all a good look 10318 06:50:58,000 --> 06:50:59,538 into how this works. 10319 06:50:59,538 --> 06:51:02,000 97 98 99. 10320 06:51:02,515 --> 06:51:02,900 Okay. 10321 06:51:02,900 --> 06:51:05,794 So as you guys can see this is our result. 10322 06:51:05,794 --> 06:51:08,900 It gives us a bunch of ports and services now 10323 06:51:08,900 --> 06:51:11,517 as I just said this thing can be also closed 10324 06:51:11,517 --> 06:51:13,100 and also unable Available. 10325 06:51:13,100 --> 06:51:16,200 So open and closed we see both the examples. 10326 06:51:16,200 --> 06:51:19,700 Okay, so that was about how you can scan multiple ports. 10327 06:51:19,700 --> 06:51:23,159 So you can also scan multiple boards with this command 10328 06:51:23,159 --> 06:51:24,400 as I will show you. 10329 06:51:24,400 --> 06:51:29,500 So what I do not one six eight dot one dot one to Thirty. 10330 06:51:29,500 --> 06:51:32,800 Now what this will do is basically scan everything 10331 06:51:32,800 --> 06:51:39,100 from 192.168.1.1 to 192.168.1.2 up to 30 like that. 10332 06:51:39,100 --> 06:51:42,600 So this is a very useful way of actually scanning. 10333 06:51:42,600 --> 06:51:44,197 Tubal IP addresses. 10334 06:51:44,600 --> 06:51:47,000 Let me just show you how that works. 10335 06:51:47,600 --> 06:51:49,600 Since we have used the a flag, 10336 06:51:49,600 --> 06:51:52,500 this is going to work considerably faster now 10337 06:51:52,500 --> 06:51:54,400 as you guys can see out here. 10338 06:51:54,400 --> 06:51:57,880 This had taken around a hundred nineteen seconds. 10339 06:51:57,880 --> 06:52:00,200 So that's round two minutes now. 10340 06:52:00,200 --> 06:52:02,900 This will take a considerably less a time. 10341 06:52:02,900 --> 06:52:06,078 So, let's see this was done in 29.91 seconds, 10342 06:52:06,078 --> 06:52:08,100 and we'd it 30 IP addresses. 10343 06:52:08,100 --> 06:52:09,900 So we see that - 10344 06:52:09,900 --> 06:52:13,900 F surely speed ins the whole scanning process now, 10345 06:52:14,000 --> 06:52:17,100 you can also give nmap a Target list now, 10346 06:52:17,100 --> 06:52:20,400 let me Could Target list so targets D XD. 10347 06:52:20,400 --> 06:52:22,200 We just got it out for you. 10348 06:52:22,600 --> 06:52:24,160 So that's starting it now. 10349 06:52:24,160 --> 06:52:26,200 All I want to do is edit this file. 10350 06:52:26,200 --> 06:52:28,600 So, let me just edit that file and put 10351 06:52:28,600 --> 06:52:41,850 a 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.5 10352 06:52:41,900 --> 06:52:46,600 for 192.168.1.5 or 15. 10353 06:52:46,600 --> 06:52:47,300 Boom Rose. 10354 06:52:47,300 --> 06:52:49,753 Sit now, all we have to do is save it. 10355 06:52:49,753 --> 06:52:53,200 So that saves it and control X to actually access it. 10356 06:52:53,200 --> 06:52:56,900 Now, you can go ahead and view what is a target set txt. 10357 06:52:56,900 --> 06:53:00,600 So as you guys can see this is what isn't Target such cxt. 10358 06:53:00,600 --> 06:53:04,411 And now you can just pass it to end map with the IL flag 10359 06:53:04,411 --> 06:53:07,798 and you could say that nmap is going to actually 10360 06:53:07,798 --> 06:53:09,600 scan all the IP addresses 10361 06:53:09,600 --> 06:53:11,288 that are in this file. 10362 06:53:11,288 --> 06:53:12,900 So let that just run. 10363 06:53:12,900 --> 06:53:15,000 So this will take a little bit of time 10364 06:53:15,000 --> 06:53:17,300 because it's five IP addresses 10365 06:53:17,300 --> 06:53:22,200 and it's really radical the fast boat 83% 10366 06:53:22,200 --> 06:53:24,100 of our work is done. 10367 06:53:24,300 --> 06:53:25,000 Okay. 10368 06:53:25,000 --> 06:53:28,127 So as we see our scan has been completed now, 10369 06:53:28,127 --> 06:53:30,900 what do you see out here is scan results 10370 06:53:30,900 --> 06:53:36,300 for whatever we had provided and targets dot txt list. 10371 06:53:36,600 --> 06:53:40,200 So that's how you can also provide and map input file 10372 06:53:40,200 --> 06:53:43,400 and it will give you the results for all the targets 10373 06:53:43,400 --> 06:53:45,400 that were specified in the file. 10374 06:53:45,400 --> 06:53:46,636 Now, let's go ahead 10375 06:53:46,636 --> 06:53:49,500 and talk about a little bit on Port scanning. 10376 06:53:49,500 --> 06:53:53,300 So nmap is also A brilliant tool for scouting boards. 10377 06:53:53,300 --> 06:53:55,100 And if you have a server or web site, 10378 06:53:55,100 --> 06:53:58,600 you know that there are 65535 ports out there 10379 06:53:58,600 --> 06:54:04,661 or every silver and almost 99% are unused so sometimes kind 10380 06:54:04,661 --> 06:54:07,200 of ports is really at the society. 10381 06:54:07,200 --> 06:54:10,100 Now you can scan boards by just using the pflag 10382 06:54:10,100 --> 06:54:14,198 and specifying the port number and this is how you would do it. 10383 06:54:14,198 --> 06:54:17,200 And if you just specify the IP address after that, 10384 06:54:17,200 --> 06:54:20,600 so I'm going to use w-w-w dot Ed u-- record. 10385 06:54:20,900 --> 06:54:23,700 Go and what you can also do is 10386 06:54:23,700 --> 06:54:26,273 this will scan only the port number 20, 10387 06:54:26,273 --> 06:54:29,349 but you can also scan from port number 20 to 25. 10388 06:54:29,349 --> 06:54:32,100 You can also put in comas and tell and lap. 10389 06:54:32,100 --> 06:54:34,000 You also want to scan all these 10390 06:54:34,000 --> 06:54:37,900 are the port 80 is HTTP and 443 is HTTP, 10391 06:54:38,200 --> 06:54:40,003 so you can surely do that. 10392 06:54:40,003 --> 06:54:42,508 So let me just go ahead and run this. 10393 06:54:42,508 --> 06:54:46,000 Okay, so that gives us an information on the boards 10394 06:54:46,000 --> 06:54:48,730 that is there now something about ports. 10395 06:54:48,730 --> 06:54:50,708 Also you suppose, you know. 10396 06:54:50,708 --> 06:54:53,200 You want to scan for some HTTP Port 10397 06:54:53,200 --> 06:54:56,312 so you can just say and map and with the - 10398 06:54:56,312 --> 06:54:57,698 be you can just say 10399 06:54:57,698 --> 06:55:01,200 that I want to scan the HTTP board www dot Ed u-- 10400 06:55:01,200 --> 06:55:04,678 red card dot go so that will just go ahead and do that. 10401 06:55:04,678 --> 06:55:06,200 And as you guys can see 10402 06:55:06,200 --> 06:55:09,000 that give us a result and you can also add 10403 06:55:09,000 --> 06:55:13,100 in stuff like MySQL FTP and stuff like that. 10404 06:55:13,100 --> 06:55:15,900 So let me just see show you 10405 06:55:15,900 --> 06:55:18,900 how that rods okhttp is done poor Sgt. 10406 06:55:18,900 --> 06:55:22,700 Okay, so as you can You guys can see these artboards 10407 06:55:22,700 --> 06:55:26,414 that are running and it gave us according to the day. 10408 06:55:26,414 --> 06:55:26,700 Now. 10409 06:55:26,700 --> 06:55:28,600 If you want to scan all the ports, 10410 06:55:28,600 --> 06:55:30,482 you can use - P - 10411 06:55:30,482 --> 06:55:33,635 and the IP address at www.deeptrekker.com. 10412 06:55:35,000 --> 06:55:36,800 Now this generate takes a lot of time 10413 06:55:36,800 --> 06:55:38,900 because you're basically doing 65,000 scan. 10414 06:55:38,900 --> 06:55:40,416 So I'm not really going to do that. 10415 06:55:40,416 --> 06:55:41,709 I'm going to quit this out. 10416 06:55:41,709 --> 06:55:42,350 Another thing 10417 06:55:42,350 --> 06:55:45,000 that I want to show you all that generally takes a lot 10418 06:55:45,000 --> 06:55:48,022 of time to actually execute is called something 10419 06:55:48,022 --> 06:55:49,600 like an aggressive scam. 10420 06:55:49,600 --> 06:55:51,690 So as you guys can See out here. 10421 06:55:51,690 --> 06:55:54,500 I have done an aggressive scan on Ed Eureka. 10422 06:55:54,600 --> 06:55:55,500 So do that. 10423 06:55:55,500 --> 06:55:58,800 All you have to do is and map - A 10424 06:55:58,800 --> 06:56:01,100 and then you go Eddie record dot go. 10425 06:56:01,100 --> 06:56:03,093 So let us see how much time 10426 06:56:03,093 --> 06:56:07,147 did this take to actually execute this deck 459 seconds 10427 06:56:07,147 --> 06:56:09,098 that's long time for scan, 10428 06:56:09,098 --> 06:56:12,400 but it gives us a bunch of other information. 10429 06:56:12,400 --> 06:56:14,991 For example, it gives us the traceroute. 10430 06:56:14,991 --> 06:56:18,445 So what is the traceroute first of all so traceroute 10431 06:56:18,445 --> 06:56:22,645 is the route taken by a packet to to actually reach the clients 10432 06:56:22,645 --> 06:56:24,000 and the target cell. 10433 06:56:24,100 --> 06:56:28,300 So as you guys can see our back it had 22 hops first went 10434 06:56:28,300 --> 06:56:30,400 to the first stop was to the Gateway router 10435 06:56:30,400 --> 06:56:32,590 that is 192.168.1.1. 10436 06:56:32,900 --> 06:56:37,700 Then when to the Airtel lease line then rent this IP address 10437 06:56:37,700 --> 06:56:40,400 that went to the pslv SNL dotnet 10438 06:56:40,446 --> 06:56:43,600 and it went to London New York the Chicago 10439 06:56:43,600 --> 06:56:47,700 and the went all the way up to wherever this thing has hosted 10440 06:56:47,700 --> 06:56:49,301 that was some information 10441 06:56:49,301 --> 06:56:51,800 and then there is some other Information 10442 06:56:51,800 --> 06:56:54,100 given to us like the TCB open 10443 06:56:54,100 --> 06:56:58,100 TCB rap program version sport type sport States 10444 06:56:58,100 --> 06:57:01,328 and all sorts of other information is given about 10445 06:57:01,328 --> 06:57:02,786 in an aggressive scan 10446 06:57:02,786 --> 06:57:05,706 another scan that I have previously also done 10447 06:57:05,706 --> 06:57:07,100 and kept for y'all is 10448 06:57:07,100 --> 06:57:10,900 because it takes a lot of time and I have done something 10449 06:57:10,900 --> 06:57:13,825 called this service version so and map - 10450 06:57:13,825 --> 06:57:18,100 s and V where V Capital will give you the service version. 10451 06:57:18,100 --> 06:57:20,600 So it tries to actually guess the word. 10452 06:57:20,600 --> 06:57:22,400 Asian of the service that is running. 10453 06:57:22,400 --> 06:57:27,500 So for example on TCP Port it tells us it is postfix SMTP D 10454 06:57:27,600 --> 06:57:28,700 or the Apache. 10455 06:57:28,700 --> 06:57:30,700 It's Apache HTTP D. 10456 06:57:30,900 --> 06:57:33,832 You can see all sorts of versions that are here. 10457 06:57:33,832 --> 06:57:36,562 Another thing and map is generally brilliant 10458 06:57:36,562 --> 06:57:38,797 is for guessing the operating system 10459 06:57:38,797 --> 06:57:39,763 that is running. 10460 06:57:39,763 --> 06:57:42,300 Oh, I have already done this can previously 10461 06:57:42,300 --> 06:57:44,700 because this takes a humongous amount of time 10462 06:57:44,700 --> 06:57:47,700 that I don't really have and that is three eighty six point 10463 06:57:47,700 --> 06:57:48,650 three four seconds 10464 06:57:48,650 --> 06:57:50,708 and this can together basically took me. 10465 06:57:50,708 --> 06:57:51,500 In ten minutes, 10466 06:57:51,500 --> 06:57:53,500 and I don't really have that kind of time 10467 06:57:53,500 --> 06:57:55,100 for explaining all this stuff. 10468 06:57:55,100 --> 06:57:58,428 So as you guys could see out here the OS get is 10469 06:57:58,428 --> 06:58:00,600 kind of os detail is fortunate 10470 06:58:00,600 --> 06:58:03,781 for the gate it kind of tries to guess the OS 10471 06:58:03,781 --> 06:58:05,300 upon the time to live 10472 06:58:05,300 --> 06:58:08,000 that is in the response from the packets 10473 06:58:08,000 --> 06:58:09,000 that it sends. 10474 06:58:09,000 --> 06:58:11,600 So - SVP - oh and - 10475 06:58:11,600 --> 06:58:13,700 A are some really cool stuff stuff 10476 06:58:13,700 --> 06:58:15,347 that you might want to know. 10477 06:58:15,347 --> 06:58:17,930 Another thing that you can do is trace route 10478 06:58:17,930 --> 06:58:20,800 as I had just told y'all and y'all can do Trace. 10479 06:58:20,800 --> 06:58:21,800 Trout separately. 10480 06:58:21,800 --> 06:58:22,900 So you go - - 10481 06:58:22,900 --> 06:58:26,700 traceroute and then you say the name of any sort of website. 10482 06:58:26,700 --> 06:58:27,500 So suppose. 10483 06:58:27,500 --> 06:58:30,000 I want to know how I reach netflix.com. 10484 06:58:30,000 --> 06:58:34,700 So I go netflix.com and this will give me a trace route 10485 06:58:34,700 --> 06:58:39,400 that shows me how my packet actually reaches the flicks.com. 10486 06:58:40,000 --> 06:58:40,400 Okay. 10487 06:58:40,400 --> 06:58:44,100 So this is basically it was a direct one hop. 10488 06:58:44,200 --> 06:58:47,289 Okay, so that was surprising all the other hand. 10489 06:58:47,289 --> 06:58:49,700 If I were to do this on Eddie record dot 10490 06:58:49,700 --> 06:58:52,900 go it would take A bunch of hops to actually reach 10491 06:58:52,900 --> 06:58:55,700 that it is by just take some time to run. 10492 06:58:55,900 --> 06:58:58,100 Okay, so it's 94 percent down. 10493 06:58:58,100 --> 06:59:00,500 I'm just waiting for it to get completed. 10494 06:59:00,600 --> 06:59:00,900 Okay. 10495 06:59:00,900 --> 06:59:03,958 So this gave us a hop and as you guys can see we took 10496 06:59:03,958 --> 06:59:06,800 twenty two hops to actually reach a direct cannot go 10497 06:59:06,800 --> 06:59:10,900 and it's the same process you go through a bunch of IP addresses 10498 06:59:10,900 --> 06:59:13,000 and then you reach this thing called you 10499 06:59:13,000 --> 06:59:15,900 as West do compute that Amazon AWS. 10500 06:59:15,900 --> 06:59:17,200 Okay, so that was 10501 06:59:17,200 --> 06:59:20,500 about traceroute now just to end this tutorial. 10502 06:59:20,500 --> 06:59:22,100 Let me just tell you guys 10503 06:59:22,100 --> 06:59:25,000 that you all can also save a file to add map. 10504 06:59:25,000 --> 06:59:28,100 And that is basically save all whatever you found 10505 06:59:28,100 --> 06:59:30,719 from a search into a file and let me just show you 10506 06:59:30,719 --> 06:59:31,619 how to do that. 10507 06:59:31,619 --> 06:59:31,841 Now. 10508 06:59:31,841 --> 06:59:34,900 Sometimes when you are working as a security analyst you 10509 06:59:34,900 --> 06:59:38,957 will have to perform Network scans on a wide area network 10510 06:59:38,957 --> 06:59:39,900 that is huge. 10511 06:59:39,900 --> 06:59:43,362 It's basically huge these cards take a lot of time 10512 06:59:43,362 --> 06:59:46,628 and you don't really have the space or your command line 10513 06:59:46,628 --> 06:59:47,694 to actually store 10514 06:59:47,694 --> 06:59:49,700 that and see that in the parade. 10515 06:59:49,700 --> 06:59:50,800 That is feasible. 10516 06:59:50,800 --> 06:59:51,800 Little for analysis. 10517 06:59:51,800 --> 06:59:55,300 So what do you want to do is actually save it in a file. 10518 06:59:55,300 --> 06:59:57,400 So what you can do is say Ed map. 10519 06:59:57,400 --> 06:59:59,100 Oh n and then you 10520 06:59:59,100 --> 07:00:04,000 can see the other file we could say results Dot txt, 10521 07:00:04,200 --> 07:00:07,400 and we could save this in file. 10522 07:00:07,400 --> 07:00:11,000 So w-w-w dot Ed u-- Rekha dot go. 10523 07:00:11,200 --> 07:00:13,400 So whatever search result 10524 07:00:13,400 --> 07:00:16,700 is going to be generated is going to be stored 10525 07:00:16,700 --> 07:00:18,943 in this file called results dot txt. 10526 07:00:18,943 --> 07:00:19,209 Now. 10527 07:00:19,209 --> 07:00:20,874 This file need not exist. 10528 07:00:20,874 --> 07:00:24,332 List from before it will just be created by and map 10529 07:00:24,332 --> 07:00:26,200 and now you see if I do LS. 10530 07:00:26,200 --> 07:00:28,800 We have a Target or a results dot txt. 10531 07:00:28,800 --> 07:00:30,700 Now if I just cut out that file, 10532 07:00:30,700 --> 07:00:33,400 let me just less it actually results Dot txt. 10533 07:00:33,400 --> 07:00:36,204 And what you see out here is an nmap scan result 10534 07:00:36,204 --> 07:00:37,100 that is stored. 10535 07:00:37,400 --> 07:00:40,800 Another thing that I would like to show you all before I end 10536 07:00:40,800 --> 07:00:43,188 this at map tutorial is a verbose mode. 10537 07:00:43,188 --> 07:00:45,200 So for verbose mode is basically 10538 07:00:45,200 --> 07:00:47,173 when we were pressing up arrows to see 10539 07:00:47,173 --> 07:00:48,762 how much of our scan is done. 10540 07:00:48,762 --> 07:00:50,900 You can basically do that for postponed. 10541 07:00:50,900 --> 07:00:52,238 Take all - F + - 10542 07:00:52,238 --> 07:00:55,700 V for verbose and you could say www dot Ed u-- 10543 07:00:55,700 --> 07:00:59,100 record Dot and this will basically give 10544 07:00:59,100 --> 07:01:02,700 you a verbose mode of what is actually going on. 10545 07:01:02,700 --> 07:01:06,160 I'll tell you everything and boom roasted there it's done 10546 07:01:06,160 --> 07:01:08,691 and we have finished our and map tutorial 10547 07:01:08,691 --> 07:01:10,400 and now you see if I do LS. 10548 07:01:10,405 --> 07:01:13,200 We have a Target or a results dot txt 10549 07:01:13,200 --> 07:01:14,950 if I just cut out that file. 10550 07:01:14,950 --> 07:01:17,700 Let me just less it actually results Dot txt. 10551 07:01:17,700 --> 07:01:20,600 And what do you see out here is an nmap scan result. 10552 07:01:20,600 --> 07:01:22,258 That is Stored a lot of thing 10553 07:01:22,258 --> 07:01:25,200 that I would like to show you all before I end this 10554 07:01:25,200 --> 07:01:27,383 at map tutorial is a verbose mode. 10555 07:01:27,383 --> 07:01:29,500 So for verbose mode is basically 10556 07:01:29,500 --> 07:01:31,473 when we were pressing up arrows to see 10557 07:01:31,473 --> 07:01:33,062 how much of our scan is done. 10558 07:01:33,062 --> 07:01:35,200 You can basically do that for postponed. 10559 07:01:35,200 --> 07:01:36,538 So you go - F + - 10560 07:01:36,538 --> 07:01:40,000 V for verbose and you could say www dot Ed u-- 10561 07:01:40,000 --> 07:01:43,300 record Dot and this will basically give 10562 07:01:43,300 --> 07:01:46,900 you a verbose mode of what is actually going on. 10563 07:01:46,900 --> 07:01:50,500 I'll tell you everything and boom roasted there it's done 10564 07:01:50,500 --> 07:01:53,200 and We have finished our and map tutorial. 10565 07:01:58,100 --> 07:01:59,000 So first of all, 10566 07:01:59,000 --> 07:02:00,800 what exactly is cross-site scripting? 10567 07:02:01,300 --> 07:02:03,028 Well cross-site scripting 10568 07:02:03,028 --> 07:02:05,943 refers to client-side code injection attacks 10569 07:02:05,943 --> 07:02:07,300 where in an attacker 10570 07:02:07,300 --> 07:02:10,700 can execute a malicious script also commonly referred 10571 07:02:10,700 --> 07:02:14,000 to as a malicious payload into a legitimate website 10572 07:02:14,000 --> 07:02:17,700 or web application now xss is amongst the most rampant 10573 07:02:17,700 --> 07:02:20,288 of web application vulnerabilities and occurs 10574 07:02:20,288 --> 07:02:23,000 when of Web application makes use of something 10575 07:02:23,000 --> 07:02:24,300 like a nun validated 10576 07:02:24,300 --> 07:02:26,900 or unencoded user input within the output 10577 07:02:26,900 --> 07:02:30,100 that it generates Now by leveraging xss 10578 07:02:30,100 --> 07:02:34,000 and attacker does not Target a victim directly instead 10579 07:02:34,000 --> 07:02:37,700 an attacker would be exploiting a vulnerability within a website 10580 07:02:37,700 --> 07:02:39,611 or something like a web application 10581 07:02:39,611 --> 07:02:41,200 that the victim would visit 10582 07:02:41,200 --> 07:02:43,566 and essentially using the vulnerable website 10583 07:02:43,566 --> 07:02:46,043 or the web application as a vehicle to deliver 10584 07:02:46,043 --> 07:02:48,300 a malicious script to the victims browser. 10585 07:02:49,100 --> 07:02:52,000 Now while exercise can be taken advantage 10586 07:02:52,000 --> 07:02:56,000 of within a virtual box script ActiveX and Flash 10587 07:02:56,100 --> 07:02:59,473 unquestionably the most widely abused is Javascript. 10588 07:02:59,473 --> 07:03:00,400 This is mostly 10589 07:03:00,400 --> 07:03:02,581 because JavaScript is the fundamental 10590 07:03:02,581 --> 07:03:04,400 to any browsing experience all 10591 07:03:04,400 --> 07:03:07,600 the modern sides today have some JavaScript framework running 10592 07:03:07,600 --> 07:03:11,600 in the background now xss can be used 10593 07:03:11,600 --> 07:03:13,900 in a range of ways to cause serious problems. 10594 07:03:14,100 --> 07:03:17,335 Well, the traditional is uses of exercise is the ability 10595 07:03:17,335 --> 07:03:18,727 for an attacker to steal. 10596 07:03:18,727 --> 07:03:20,135 Session cookies allowing 10597 07:03:20,135 --> 07:03:22,900 an attacker to probably impersonate a victim and 10598 07:03:22,900 --> 07:03:25,200 that Justin's and that just doesn't stop there. 10599 07:03:25,600 --> 07:03:28,220 So exercise has been used to wreak havoc 10600 07:03:28,220 --> 07:03:29,900 on social websites spread 10601 07:03:29,900 --> 07:03:32,800 malware website defa commence and fish for credentials 10602 07:03:32,800 --> 07:03:34,334 and even used in conjunction 10603 07:03:34,334 --> 07:03:36,800 with some clever social engineering techniques 10604 07:03:36,800 --> 07:03:39,200 to escalate to even more damaging attacks. 10605 07:03:40,300 --> 07:03:42,854 Now cross site scripting can be classified 10606 07:03:42,854 --> 07:03:44,600 into three major categories. 10607 07:03:44,600 --> 07:03:47,223 So the first is reflected cross-site scripting. 10608 07:03:47,223 --> 07:03:50,400 The second is stored or persistent cross-site scripting 10609 07:03:50,400 --> 07:03:52,889 and the third is dom-based cross-site scripting so 10610 07:03:52,889 --> 07:03:55,654 out here Dom refers to the document object model 10611 07:03:55,654 --> 07:03:58,000 that is used file web application building. 10612 07:03:58,600 --> 07:04:01,400 So let's take a moment to discuss the three types 10613 07:04:01,400 --> 07:04:02,900 of cross-site scripting. 10614 07:04:02,900 --> 07:04:05,815 So the first one we're going to be discussing is reflected 10615 07:04:05,815 --> 07:04:07,015 cross-site scripting Now 10616 07:04:07,015 --> 07:04:09,450 by far the most common type of cross-site scripting 10617 07:04:09,450 --> 07:04:10,400 that you'll become. 10618 07:04:10,400 --> 07:04:13,700 Because is probably reflected cross-site scripting here. 10619 07:04:13,700 --> 07:04:14,900 The attackers payload 10620 07:04:14,900 --> 07:04:17,100 is a script and has to be part of a request 10621 07:04:17,100 --> 07:04:20,500 which is sent to the web server and reflected back in such a way 10622 07:04:20,500 --> 07:04:23,300 that the HTTP response includes the payload 10623 07:04:23,300 --> 07:04:27,300 from the HTTP request Now using a phishing email 10624 07:04:27,300 --> 07:04:30,488 and other social engineering techniques the attacker layers 10625 07:04:30,488 --> 07:04:33,900 in the victim to inadvertently make a request to the server 10626 07:04:33,900 --> 07:04:36,468 which contains the cross site scripting payload, 10627 07:04:36,468 --> 07:04:38,600 and then he ends up executing the script 10628 07:04:38,600 --> 07:04:41,800 that gets reflected and cute it inside his own browser. 10629 07:04:42,300 --> 07:04:44,900 Now since reflected cross-site scripting isn't really 10630 07:04:44,900 --> 07:04:45,900 a persistent kind 10631 07:04:45,900 --> 07:04:47,929 of attack the attacker needs to deliver 10632 07:04:47,929 --> 07:04:49,363 this payload to each victim 10633 07:04:49,363 --> 07:04:50,600 that he wants to serve. 10634 07:04:50,600 --> 07:04:53,600 So a medium like a social network is very conveniently 10635 07:04:53,600 --> 07:04:55,700 used for destination of these attacks. 10636 07:04:55,800 --> 07:04:57,744 So now let's take a step by step. 10637 07:04:57,744 --> 07:05:00,600 Look at how cross-site scripting actually works. 10638 07:05:00,900 --> 07:05:03,800 So firstly the attacker crafts a URL containing 10639 07:05:03,800 --> 07:05:06,500 a malicious string and sends it to the victim. 10640 07:05:07,000 --> 07:05:09,300 Now the poor victim is tricked by the attacker 10641 07:05:09,300 --> 07:05:11,500 into requesting the URL from the website, 10642 07:05:11,500 --> 07:05:13,500 which is running a I respond script 10643 07:05:13,600 --> 07:05:16,197 and then the website includes the militia string 10644 07:05:16,197 --> 07:05:17,800 from the URL in the response. 10645 07:05:17,800 --> 07:05:20,287 And then in the end the victims browser executes, 10646 07:05:20,287 --> 07:05:22,723 the malicious script inside the response sending 10647 07:05:22,723 --> 07:05:24,900 the victims cookies to the attacker silver. 10648 07:05:25,400 --> 07:05:26,200 Okay. 10649 07:05:26,200 --> 07:05:29,500 So at first reflected xss might seem very harmless 10650 07:05:29,500 --> 07:05:32,600 because it requires a victim himself to actually send 10651 07:05:32,600 --> 07:05:35,100 a request containing a militia string now 10652 07:05:35,100 --> 07:05:37,900 since nobody would be willingly attacking himself. 10653 07:05:37,900 --> 07:05:38,900 So there seems to be 10654 07:05:38,900 --> 07:05:41,700 no way of actually performing the attack but 10655 07:05:41,700 --> 07:05:44,222 as it turns out there are at least two common ways 10656 07:05:44,222 --> 07:05:45,200 of causing a victim 10657 07:05:45,200 --> 07:05:47,700 to launcher reflected cross-eyed attack on himself. 10658 07:05:48,000 --> 07:05:49,197 So the first way is 10659 07:05:49,197 --> 07:05:51,907 if the user or targets a specific individual 10660 07:05:51,907 --> 07:05:55,500 and the attacker can send the malicious URL to the victim. 10661 07:05:55,500 --> 07:05:59,500 For example using email or for example instant messaging 10662 07:05:59,500 --> 07:06:01,700 and then trick him into visiting the site. 10663 07:06:02,000 --> 07:06:04,505 Secondly if the user targets a large group 10664 07:06:04,505 --> 07:06:07,388 of people the attacker then can publish the link 10665 07:06:07,388 --> 07:06:08,597 or the malicious URL 10666 07:06:08,597 --> 07:06:10,654 or his own website or social media, 10667 07:06:10,654 --> 07:06:13,800 and then he'll just wait for visitors to click on it. 10668 07:06:14,500 --> 07:06:16,493 So these two methods are similar 10669 07:06:16,493 --> 07:06:19,129 and both can be very successful with the use 10670 07:06:19,129 --> 07:06:22,500 of a URL shortening service like one provided by Google. 10671 07:06:22,500 --> 07:06:24,974 So this masks the militia string from users 10672 07:06:24,974 --> 07:06:26,800 who might otherwise identifier. 10673 07:06:27,000 --> 07:06:27,263 Okay. 10674 07:06:27,263 --> 07:06:30,000 So that was all about reflected cross-site scripting. 10675 07:06:30,000 --> 07:06:32,300 Let's move on to store cross-site scripting now. 10676 07:06:33,400 --> 07:06:36,029 So the most damaging type of cross-site scripting 10677 07:06:36,029 --> 07:06:38,553 that is there today is persistent or stored 10678 07:06:38,553 --> 07:06:42,100 cross-site scripting installed cross-site scripting attacks. 10679 07:06:42,100 --> 07:06:43,200 It attacks. 10680 07:06:43,200 --> 07:06:46,000 I'm sorry installed cross-site scripting attacks. 10681 07:06:46,100 --> 07:06:49,100 The attacker is injecting a script into the database 10682 07:06:49,100 --> 07:06:51,900 that is permanently stored on the target application. 10683 07:06:52,000 --> 07:06:53,500 So a classic example 10684 07:06:53,500 --> 07:06:56,000 is a malicious script inserted by an attacker 10685 07:06:56,000 --> 07:06:59,100 in the comment field or on a blog or a forum post. 10686 07:06:59,200 --> 07:07:00,759 So when a victim navigates 10687 07:07:00,759 --> 07:07:03,100 to the affected webpage now in a browser 10688 07:07:03,100 --> 07:07:05,590 The cross site scripting payload will be served. 10689 07:07:05,590 --> 07:07:07,105 As a part of the web page just 10690 07:07:07,105 --> 07:07:09,162 like any legitimate comment would be now. 10691 07:07:09,162 --> 07:07:11,906 This means that the victim will be inadvertently ended 10692 07:07:11,906 --> 07:07:14,132 up ending up executing the malicious script. 10693 07:07:14,132 --> 07:07:16,100 Once the page is viewed in the browser. 10694 07:07:16,500 --> 07:07:18,200 Now, let's also take a step by step. 10695 07:07:18,200 --> 07:07:21,300 Look at how cross-site scripting in the stored version works. 10696 07:07:21,500 --> 07:07:24,500 So the attacker uses one of the websites form to insert 10697 07:07:24,500 --> 07:07:27,500 a malicious string into the websites database first. 10698 07:07:27,500 --> 07:07:30,468 Now the victim unknowingly request the page 10699 07:07:30,468 --> 07:07:31,600 from the website 10700 07:07:31,600 --> 07:07:34,013 and then the website Glued some malicious string 10701 07:07:34,013 --> 07:07:35,656 from the database in the response 10702 07:07:35,656 --> 07:07:37,300 and then sends it to the victim. 10703 07:07:37,700 --> 07:07:40,300 Now the poor victim will be actually executing 10704 07:07:40,300 --> 07:07:42,293 the malicious script inside the response 10705 07:07:42,293 --> 07:07:44,900 and sending all the cookies to the attackers server. 10706 07:07:45,100 --> 07:07:46,600 So that's basically 10707 07:07:46,600 --> 07:07:50,300 how stored or persistent cross-site scripting works. 10708 07:07:50,300 --> 07:07:54,000 Now it's time for the last type of cross-site scripting 10709 07:07:54,000 --> 07:07:57,500 which is document object model based cross-site scripting. 10710 07:07:57,500 --> 07:08:00,632 So dom-based cross-site scripting is an advanced type 10711 07:08:00,632 --> 07:08:02,500 of cross-site scripting attack. 10712 07:08:02,800 --> 07:08:04,500 So which is made possible 10713 07:08:04,500 --> 07:08:08,100 when the web applications client-side script writer uses 10714 07:08:08,100 --> 07:08:10,600 provided data to the document object model. 10715 07:08:11,200 --> 07:08:12,400 So basically it means 10716 07:08:12,400 --> 07:08:15,455 that data is subsequently read from the document object model 10717 07:08:15,455 --> 07:08:18,256 by the web application and output it to the browser. 10718 07:08:18,256 --> 07:08:20,756 So if the data is incorrectly handled in this place 10719 07:08:20,756 --> 07:08:22,813 and attacker can very well inject a payload, 10720 07:08:22,813 --> 07:08:25,700 which will be stored as a part of the document object model 10721 07:08:25,700 --> 07:08:26,564 and then executed 10722 07:08:26,564 --> 07:08:28,600 when the data is read back from the Dome. 10723 07:08:29,400 --> 07:08:31,800 No, let's see how that actually happens. 10724 07:08:31,800 --> 07:08:34,152 So first attacker craft the URL containing 10725 07:08:34,152 --> 07:08:36,900 a malicious string and sends it to the victim. 10726 07:08:37,000 --> 07:08:39,368 Now this victim is again tricked by the attacker 10727 07:08:39,368 --> 07:08:41,888 into actually requesting the URL from the website. 10728 07:08:41,888 --> 07:08:43,302 This is like the primary step 10729 07:08:43,302 --> 07:08:45,400 in actually performing cross-site scripting. 10730 07:08:45,600 --> 07:08:46,659 Now the third step is 10731 07:08:46,659 --> 07:08:49,509 that the website receives the request but does not include 10732 07:08:49,509 --> 07:08:51,100 the militia string in the response. 10733 07:08:51,100 --> 07:08:54,200 Here's the catch of dom-based cross-site scripting. 10734 07:08:54,700 --> 07:08:57,500 So now the victims browser executes the legitimate script 10735 07:08:57,500 --> 07:08:58,500 inside the response. 10736 07:08:58,600 --> 07:09:01,400 Causing the malicious script to be inserted into the page 10737 07:09:01,400 --> 07:09:04,100 that is basically into the inner HTML attributes 10738 07:09:04,300 --> 07:09:06,826 and the final step is then the victims browser then 10739 07:09:06,826 --> 07:09:09,376 executes the malicious script inserted into the page 10740 07:09:09,376 --> 07:09:10,493 and then just sends 10741 07:09:10,493 --> 07:09:12,900 the victim the cookies to the attacker silver. 10742 07:09:13,700 --> 07:09:15,641 Now if you guys must have realized 10743 07:09:15,641 --> 07:09:17,571 in the previous examples of persistent 10744 07:09:17,571 --> 07:09:20,452 and reflected cross-site scripting those server inserts, 10745 07:09:20,452 --> 07:09:22,249 the malicious script into the page, 10746 07:09:22,249 --> 07:09:24,839 which is then sent as a response to the victim now 10747 07:09:24,839 --> 07:09:27,800 when the victims browser receives the response it assumes 10748 07:09:27,800 --> 07:09:29,800 that the malicious Ripped is to be a part 10749 07:09:29,800 --> 07:09:31,428 of the pages legitimate content 10750 07:09:31,428 --> 07:09:34,211 and then automatically executes it during page load as 10751 07:09:34,211 --> 07:09:38,100 with any other script would be but in a Dom base attack, 10752 07:09:38,100 --> 07:09:41,200 there is no malicious script insert it as a part of the page. 10753 07:09:41,200 --> 07:09:42,048 The only scripts 10754 07:09:42,048 --> 07:09:44,700 that are being actually automatically automatically 10755 07:09:44,700 --> 07:09:48,000 executed during the page load is legitimate part of the page. 10756 07:09:48,000 --> 07:09:49,600 So that's the scary part. 10757 07:09:49,600 --> 07:09:50,600 So the problem is 10758 07:09:50,600 --> 07:09:53,818 that this legitimate script directly makes user input 10759 07:09:53,818 --> 07:09:55,800 in order to add HTML to the page. 10760 07:09:55,800 --> 07:09:57,100 So the militia string 10761 07:09:57,100 --> 07:09:59,700 is inserted into the page using Nice chairman, 10762 07:09:59,700 --> 07:10:01,084 so it's pastas sgml. 10763 07:10:01,084 --> 07:10:04,200 So mostly people who are actually in servicing 10764 07:10:04,200 --> 07:10:07,700 or surveying any server for cross-site scripting attacks. 10765 07:10:07,700 --> 07:10:10,200 They will not be actually checking the client side. 10766 07:10:10,200 --> 07:10:13,000 So it's a very subtle difference but it's very important. 10767 07:10:13,200 --> 07:10:15,700 So in traditional cross site scripting the militias 10768 07:10:15,700 --> 07:10:17,400 JavaScript is actually executed 10769 07:10:17,400 --> 07:10:20,700 when the page is loaded as a part of the HTML server 10770 07:10:20,700 --> 07:10:23,100 and in dom-based cross-site scripting 10771 07:10:23,100 --> 07:10:26,400 the militias JavaScript is executed at some point 10772 07:10:26,400 --> 07:10:28,300 after the page has already been loaded. 10773 07:10:28,500 --> 07:10:31,100 Because the page is legitimate JavaScript treating 10774 07:10:31,100 --> 07:10:33,800 user input is using it in an unsafe way. 10775 07:10:34,000 --> 07:10:38,000 So now that we have actually discussed all the three types 10776 07:10:38,000 --> 07:10:39,555 of cross-site scripting 10777 07:10:39,555 --> 07:10:42,600 that is varied that is widely available today. 10778 07:10:42,700 --> 07:10:45,060 Now, let's see what can actually happen 10779 07:10:45,060 --> 07:10:46,800 if cross-site scripting will 10780 07:10:46,800 --> 07:10:49,300 if you were actually a victim of cross-site scripting, 10781 07:10:49,300 --> 07:10:49,800 I'm sorry. 10782 07:10:50,100 --> 07:10:51,337 So, let's see what can happen 10783 07:10:51,337 --> 07:10:53,600 if you actually were a victim of cross-site scripting. 10784 07:10:54,100 --> 07:10:56,754 So the consequences of what an attacker can do 10785 07:10:56,754 --> 07:10:58,931 with the ability to execute JavaScript 10786 07:10:58,931 --> 07:11:01,800 on a webpage may not immediately stand out to you guys, 10787 07:11:01,900 --> 07:11:03,100 but especially 10788 07:11:03,100 --> 07:11:05,900 since browsers like Java like Chrome run JavaScript 10789 07:11:05,900 --> 07:11:08,400 in a very tightly controlled environment these days 10790 07:11:08,400 --> 07:11:10,300 and JavaScript has very limited access 10791 07:11:10,300 --> 07:11:12,500 to users operating systems and user files. 10792 07:11:12,500 --> 07:11:14,100 But when considering 10793 07:11:14,100 --> 07:11:16,800 the JavaScript has the access to the following 10794 07:11:16,800 --> 07:11:18,900 that we're going to discuss we can only see 10795 07:11:18,900 --> 07:11:21,900 how creative JavaScript attackers can get. 10796 07:11:22,300 --> 07:11:25,800 So firstly with malicious JavaScript has access 10797 07:11:25,800 --> 07:11:27,300 to all the same objects 10798 07:11:27,300 --> 07:11:30,747 that the rest of the web page has so this includes a thing 10799 07:11:30,747 --> 07:11:31,805 called cookies now 10800 07:11:31,805 --> 07:11:34,300 cookies are often used to store session tokens. 10801 07:11:34,300 --> 07:11:36,994 And if an attacker can obtain a user session cookie, 10802 07:11:36,994 --> 07:11:39,900 they can impersonate that user anywhere on the internet. 10803 07:11:40,500 --> 07:11:44,400 Secondly JavaScript can read and make arbitrary modifications 10804 07:11:44,400 --> 07:11:46,300 to the browser's document object model. 10805 07:11:46,700 --> 07:11:49,600 So your page will just be incorporated 10806 07:11:49,600 --> 07:11:51,247 with all sorts of scripts 10807 07:11:51,247 --> 07:11:55,200 and viruses without You even knowing from the server side now 10808 07:11:55,200 --> 07:11:56,743 JavaScript can be used 10809 07:11:56,743 --> 07:11:59,900 with the XML HTTP request to send HTTP request 10810 07:11:59,900 --> 07:12:02,900 with arbitrary content to arbitrary destinations. 10811 07:12:03,000 --> 07:12:04,600 And the most scary part is 10812 07:12:04,600 --> 07:12:08,500 that JavaScript and modern browsers can leverage HTML5 apis 10813 07:12:08,500 --> 07:12:12,400 such as accessing a user's geolocation webcam microphone 10814 07:12:12,400 --> 07:12:13,600 and whatnot and even 10815 07:12:13,600 --> 07:12:16,000 specific files from the users file system. 10816 07:12:16,100 --> 07:12:19,682 Now while most of these apis require the users to opt 10817 07:12:19,682 --> 07:12:22,300 in cross-site scripting with in actions 10818 07:12:22,300 --> 07:12:23,023 with some very 10819 07:12:23,023 --> 07:12:25,400 clever social engineering can bring an attacker 10820 07:12:25,400 --> 07:12:28,200 of very long way now the above in combination 10821 07:12:28,200 --> 07:12:29,651 with social engineering 10822 07:12:29,651 --> 07:12:31,044 as I just said allows 10823 07:12:31,044 --> 07:12:33,700 an attacker to pull off Advanced attacks, 10824 07:12:33,700 --> 07:12:36,500 including cookie theft keylogging fishing 10825 07:12:36,500 --> 07:12:38,900 and identity theft to now 10826 07:12:38,900 --> 07:12:41,650 critically cross-site scripting vulnerabilities provide. 10827 07:12:41,650 --> 07:12:42,637 The perfect ground 10828 07:12:42,637 --> 07:12:45,600 for attackers to escalate attacks to more serious ones. 10829 07:12:45,600 --> 07:12:48,900 So now that we understand what cross-site scripting attacks are 10830 07:12:48,900 --> 07:12:51,300 and how damaging they can be to your application. 10831 07:12:51,300 --> 07:12:53,200 Let's dive To the best known practices 10832 07:12:53,200 --> 07:12:56,200 that are actually followed to prevent them in the first place. 10833 07:12:56,700 --> 07:13:00,191 So the first mechanism that is used is called escaping. 10834 07:13:00,191 --> 07:13:01,614 So escaping data means 10835 07:13:01,614 --> 07:13:05,100 that taking data and application has received and ensuring 10836 07:13:05,100 --> 07:13:08,200 that it's secure before actually rendering it for the end user. 10837 07:13:08,800 --> 07:13:11,300 Now by escaping user input key characters 10838 07:13:11,300 --> 07:13:14,000 in the data received by a web page will be prevented 10839 07:13:14,000 --> 07:13:15,294 from being interpreted 10840 07:13:15,294 --> 07:13:17,705 in any malicious sort of way now innocence 10841 07:13:17,705 --> 07:13:20,323 your censoring the data or webpage receives in a way 10842 07:13:20,323 --> 07:13:23,800 that will disallow characters especially those brackets 10843 07:13:23,800 --> 07:13:27,800 that begin the HTML attributes like in HTML and I'm G 10844 07:13:27,800 --> 07:13:29,950 so these will be stopped from being rendered 10845 07:13:29,950 --> 07:13:32,300 which would otherwise cause harm to your application 10846 07:13:32,300 --> 07:13:33,800 and users and database, 10847 07:13:33,900 --> 07:13:37,100 but if your page doesn't allow users to add their own code 10848 07:13:37,100 --> 07:13:40,000 to the page A good rule of thumb is We need to escape any 10849 07:13:40,000 --> 07:13:42,700 and all HTML URL and JavaScript entities. 10850 07:13:43,400 --> 07:13:45,800 However, if you are running a forum 10851 07:13:45,800 --> 07:13:49,800 and you do allow users to as Rich text to your content, 10852 07:13:49,800 --> 07:13:51,400 you have a few choices. 10853 07:13:51,400 --> 07:13:53,800 So firstly you will need to carefully choose 10854 07:13:53,800 --> 07:13:55,935 which HTML entities you will escape 10855 07:13:55,935 --> 07:13:58,726 and which you won't or buy replacement format 10856 07:13:58,726 --> 07:14:00,500 for raw HTML such as markdown 10857 07:14:00,500 --> 07:14:03,135 which will in turn allow you to continue escaping all 10858 07:14:03,135 --> 07:14:06,520 the sorts of HTML characters now the second method 10859 07:14:06,520 --> 07:14:09,000 that is normally used is called validating input 10860 07:14:09,000 --> 07:14:11,200 And so validating input is the process 10861 07:14:11,200 --> 07:14:14,500 of ensuring an application is rendering the correct data 10862 07:14:14,500 --> 07:14:16,282 and preventing malicious data 10863 07:14:16,282 --> 07:14:19,600 from doing harm to the site the database and the users. 10864 07:14:19,700 --> 07:14:23,454 So while whitelisting and input validation are more commonly 10865 07:14:23,454 --> 07:14:26,000 associated with stuff like SQL injection, 10866 07:14:26,000 --> 07:14:28,395 they can also be used as an additional method 10867 07:14:28,395 --> 07:14:30,900 of prevention for cross-site scripting attacks. 10868 07:14:31,100 --> 07:14:33,492 So input validation is especially helpful 10869 07:14:33,492 --> 07:14:36,400 and good at preventing cross-site scripting in forms 10870 07:14:36,400 --> 07:14:38,700 as it prevents a user from adding special. 10871 07:14:38,700 --> 07:14:41,300 Characters into the fields instead of refusing 10872 07:14:41,300 --> 07:14:42,535 the quest completely. 10873 07:14:42,535 --> 07:14:44,521 But in fact valid input validation is 10874 07:14:44,521 --> 07:14:47,541 not the primary method of prevention for vulnerabilities 10875 07:14:47,541 --> 07:14:49,188 such as cross-site scripting 10876 07:14:49,188 --> 07:14:51,259 and even SQL injection for that example, 10877 07:14:51,259 --> 07:14:54,500 but instead they help to reduce the effects should an attacker 10878 07:14:54,500 --> 07:14:57,100 actually discover such a vulnerability in your system. 10879 07:14:57,500 --> 07:15:00,300 Now the third way to prevent cross-site scripting attack 10880 07:15:00,300 --> 07:15:01,829 is to sanitize user input. 10881 07:15:01,829 --> 07:15:03,900 So sanitizing data is a strong defense 10882 07:15:03,900 --> 07:15:05,384 but should not be used alone 10883 07:15:05,384 --> 07:15:07,400 to battle cross-site scripting attacks. 10884 07:15:07,400 --> 07:15:08,605 It's totally possible. 10885 07:15:08,605 --> 07:15:11,400 Will that you find the need to use all three methods 10886 07:15:11,400 --> 07:15:14,900 of prevention in working towards a more secure application. 10887 07:15:15,200 --> 07:15:16,900 Now as you guys might notice 10888 07:15:16,900 --> 07:15:20,300 that sanitizing user inputs is especially helpful on sites 10889 07:15:20,300 --> 07:15:23,886 that allow HTML markup to ensure data received Can Do no harm 10890 07:15:23,886 --> 07:15:25,800 to users as well as your database 10891 07:15:25,800 --> 07:15:29,000 by scrubbing the data clean of potentially harmful markup 10892 07:15:29,000 --> 07:15:31,520 and changing the unacceptable user input 10893 07:15:31,520 --> 07:15:33,200 into an acceptable format. 10894 07:15:33,800 --> 07:15:34,376 OK guys. 10895 07:15:34,376 --> 07:15:38,918 So that was all the theory about cross-site scripting it's time. 10896 07:15:38,918 --> 07:15:40,000 Demo right now. 10897 07:15:40,684 --> 07:15:42,915 So for the demonstration now, 10898 07:15:43,600 --> 07:15:45,679 I'm going to be showing you guys the three types 10899 07:15:45,679 --> 07:15:46,767 of cross-site scripting 10900 07:15:46,767 --> 07:15:48,800 that we have discussed throughout the course 10901 07:15:48,800 --> 07:15:49,600 of the session. 10902 07:15:50,300 --> 07:15:53,007 So not only will this be a rather interesting to see 10903 07:15:53,007 --> 07:15:56,214 how cross-site scripting works on a vulnerable web application, 10904 07:15:56,214 --> 07:15:57,300 but it will also give 10905 07:15:57,300 --> 07:15:59,700 us a better understanding of cross-site scripting 10906 07:15:59,700 --> 07:16:02,900 in itself now to perform cross-site scripting is 10907 07:16:02,900 --> 07:16:03,900 a very big crime. 10908 07:16:03,900 --> 07:16:06,900 So we really can Target any random web platform website 10909 07:16:06,900 --> 07:16:08,600 or web application for that matter. 10910 07:16:09,700 --> 07:16:11,511 So keeping that thing in mind I 10911 07:16:11,511 --> 07:16:14,200 have chosen the broken web application project. 10912 07:16:14,200 --> 07:16:16,306 So this is brought To Us by a wasp 10913 07:16:16,306 --> 07:16:20,200 which stands for open source web application security project. 10914 07:16:20,300 --> 07:16:23,600 The broken web application project or Bebop is 10915 07:16:23,600 --> 07:16:25,185 a broken web application 10916 07:16:25,185 --> 07:16:27,300 that is intentionally vulnerable 10917 07:16:27,300 --> 07:16:30,204 and it incorporates a majority of the known bugs 10918 07:16:30,204 --> 07:16:33,600 that are out there and it is widely used by 10919 07:16:33,600 --> 07:16:35,484 security enthusiastic students 10920 07:16:35,484 --> 07:16:38,500 and practicing ethical hackers to mostly practice 10921 07:16:38,500 --> 07:16:40,800 and nurture their skills in the right direction. 10922 07:16:41,400 --> 07:16:43,895 Okay, so to get started first of all, 10923 07:16:43,895 --> 07:16:47,500 we need to download a few files and get things ready. 10924 07:16:47,600 --> 07:16:50,039 So first of all, we will download the broken web. 10925 07:16:50,039 --> 07:16:50,700 Ation project 10926 07:16:50,700 --> 07:16:52,400 and I'll be leaving the download link 10927 07:16:52,400 --> 07:16:55,405 in the description just in case you guys want to practice 10928 07:16:55,405 --> 07:16:56,700 in your own free time. 10929 07:16:56,800 --> 07:16:57,442 Secondly. 10930 07:16:57,442 --> 07:16:59,800 We need to download a virtual box. 10931 07:16:59,800 --> 07:17:02,400 Now after we have both the files ready 10932 07:17:02,400 --> 07:17:04,200 and we have it installed 10933 07:17:04,200 --> 07:17:07,400 and we have our broken web application installed 10934 07:17:07,400 --> 07:17:08,800 in the virtual machine. 10935 07:17:08,800 --> 07:17:09,900 We are good to go. 10936 07:17:10,492 --> 07:17:10,800 Now. 10937 07:17:10,800 --> 07:17:12,814 I've already done all that boring job 10938 07:17:12,814 --> 07:17:15,500 and actually installed the broken web application 10939 07:17:15,500 --> 07:17:16,576 as you guys can see. 10940 07:17:16,576 --> 07:17:17,600 I'm already running 10941 07:17:17,600 --> 07:17:20,200 the owasp broken web application on my virtual. 10942 07:17:21,100 --> 07:17:24,400 And this is the Oval Office virtual machine. 10943 07:17:26,200 --> 07:17:29,530 So as you guys can see it's based off Linux 10944 07:17:29,530 --> 07:17:31,500 and if we go ifconfig, 10945 07:17:31,700 --> 07:17:34,400 it'll give us the IP address that it's running on. 10946 07:17:34,400 --> 07:17:36,100 So as you guys can see, 10947 07:17:36,100 --> 07:17:44,800 it's running on 192.168.1 46.4 so If we just head over there, 10948 07:17:44,800 --> 07:17:46,800 yeah, I've already open that up. 10949 07:17:46,800 --> 07:17:47,800 We get a portal. 10950 07:17:47,800 --> 07:17:49,600 So for this particular demonstration, 10951 07:17:49,600 --> 07:17:52,300 I'm going to be using the broken web application project 10952 07:17:52,300 --> 07:17:53,644 and also webgoat. 10953 07:17:53,900 --> 07:17:54,804 So first of all, 10954 07:17:54,804 --> 07:17:57,800 let's head over to the broken web application project. 10955 07:18:00,100 --> 07:18:02,700 So we'll be greeted with a login screen out here 10956 07:18:02,700 --> 07:18:05,052 and the credentials for this is B and Bug 10957 07:18:05,052 --> 07:18:06,200 as you guys can see, 10958 07:18:06,200 --> 07:18:09,400 so just go and enter login after you enter the credentials. 10959 07:18:12,500 --> 07:18:17,000 Okay, so y'all will be welcomed with a place 10960 07:18:17,000 --> 07:18:18,491 where you can choose your bug 10961 07:18:18,491 --> 07:18:20,782 and you can also choose the amount of security 10962 07:18:20,782 --> 07:18:22,400 that you want to practice with. 10963 07:18:22,400 --> 07:18:24,735 So since this is a very simple demonstration, 10964 07:18:24,735 --> 07:18:26,700 I'm going to set the security too low. 10965 07:18:26,700 --> 07:18:27,907 And the first thing 10966 07:18:27,907 --> 07:18:30,130 that we're going to test is actually 10967 07:18:30,130 --> 07:18:32,100 reflected cross-site scripting. 10968 07:18:32,300 --> 07:18:35,400 So reflected cross-site scripting mostly has things 10969 07:18:35,400 --> 07:18:37,200 to do with the get request 10970 07:18:37,300 --> 07:18:39,789 when we are actually coding on the back end. 10971 07:18:39,789 --> 07:18:40,600 So, let's see. 10972 07:18:41,500 --> 07:18:43,003 First of all we go ahead 10973 07:18:43,003 --> 07:18:46,700 and choose reflected cross-site scripting for the get method 10974 07:18:46,700 --> 07:18:48,400 and we go and press hack. 10975 07:18:49,600 --> 07:18:51,541 Now will be presented with a form. 10976 07:18:51,541 --> 07:18:53,100 Now form is a very good way 10977 07:18:53,100 --> 07:18:56,000 of actually showing reflected cross-site scripting 10978 07:18:56,000 --> 07:18:58,926 because normally when an attacker will be trying 10979 07:18:58,926 --> 07:19:02,600 to attack you he'll be trying to send you a form or any way. 10980 07:19:02,600 --> 07:19:04,100 You can actually input 10981 07:19:04,100 --> 07:19:07,800 something into the his soul so interestingly 10982 07:19:07,800 --> 07:19:11,442 if we go and just in put nothing into these two fields 10983 07:19:11,442 --> 07:19:14,304 and just go will see the URL change out here. 10984 07:19:14,304 --> 07:19:15,800 So firstly you guys see 10985 07:19:15,800 --> 07:19:19,023 that it's the fields are very clearly visible 10986 07:19:19,023 --> 07:19:22,100 and These are the two fields and that means 10987 07:19:22,100 --> 07:19:24,200 that it's an uncoded input. 10988 07:19:24,200 --> 07:19:26,240 So this is a very rich place 10989 07:19:26,240 --> 07:19:29,300 to actually practice your web vulnerability 10990 07:19:29,300 --> 07:19:31,400 and penetration testing skills. 10991 07:19:31,900 --> 07:19:33,700 So if I were to hackl, 10992 07:19:33,700 --> 07:19:36,200 I would try and run a script out here. 10993 07:19:36,500 --> 07:19:38,423 So if I were to go script 10994 07:19:38,700 --> 07:19:40,800 and I've already practiced a few out here 10995 07:19:40,800 --> 07:19:42,100 as you guys can see, 10996 07:19:42,600 --> 07:19:44,600 so if you go script alert, 10997 07:19:44,700 --> 07:19:47,600 this is an example of reflected xss. 10998 07:19:50,600 --> 07:19:53,600 Yeah, and if we go and just end the script out here. 10999 07:19:55,300 --> 07:19:57,404 This is going to actually render 11000 07:19:57,404 --> 07:20:00,200 the JavaScript input as a part of the page 11001 07:20:00,200 --> 07:20:02,500 and we are going to get an output because of this. 11002 07:20:02,700 --> 07:20:05,700 So that's how reflected cross-site script 11003 07:20:05,700 --> 07:20:06,700 is actually working. 11004 07:20:09,000 --> 07:20:13,000 So as you guys can see we the what am I saying? 11005 07:20:13,000 --> 07:20:16,500 As you guys can see the web application has actually 11006 07:20:16,500 --> 07:20:19,200 rendered our JavaScript and now we can see 11007 07:20:19,200 --> 07:20:20,500 that reflected cross-site 11008 07:20:20,500 --> 07:20:22,400 scripting is actually working out here. 11009 07:20:22,600 --> 07:20:24,478 So now you guys must have realized 11010 07:20:24,478 --> 07:20:26,103 that in a practical scenario. 11011 07:20:26,103 --> 07:20:28,162 This form must be sent to the victim 11012 07:20:28,162 --> 07:20:30,400 and must be tricked into filling the form 11013 07:20:30,400 --> 07:20:32,000 for the attack to be successful. 11014 07:20:32,400 --> 07:20:34,467 Also in more practical scenarios 11015 07:20:34,467 --> 07:20:36,600 where sites are also having forms. 11016 07:20:36,600 --> 07:20:38,966 They're going to be putting filters to the Of 11017 07:20:38,966 --> 07:20:40,310 the input parameters such 11018 07:20:40,310 --> 07:20:42,300 that you cannot run JavaScript in them 11019 07:20:42,500 --> 07:20:47,000 and you cannot also input any unencoded inputs into them. 11020 07:20:47,500 --> 07:20:50,000 So that was all about reflective JavaScript. 11021 07:20:50,000 --> 07:20:51,900 I mean reflected cross-site scripting. 11022 07:20:52,300 --> 07:20:55,600 So now let's move on to store cross-site scripting 11023 07:20:55,600 --> 07:20:58,700 which is the most dangerous form of cross-site scripting. 11024 07:21:01,600 --> 07:21:04,400 Okay, so as I had discussed 11025 07:21:04,400 --> 07:21:07,895 the comment sections are normally the best place 11026 07:21:07,895 --> 07:21:10,700 for actually stored cross-site scripting. 11027 07:21:13,800 --> 07:21:19,400 so as you guys can see out here 11028 07:21:19,800 --> 07:21:22,200 if we already have a few comments 11029 07:21:22,200 --> 07:21:26,500 that had added for practicing now in store cross-site 11030 07:21:26,500 --> 07:21:29,600 scripting the attacker is normally attacking the data 11031 07:21:29,600 --> 07:21:30,438 that is stored. 11032 07:21:30,438 --> 07:21:32,950 So basically we are going to inject the script 11033 07:21:32,950 --> 07:21:35,056 into the database into the server. 11034 07:21:35,056 --> 07:21:37,300 So if the script has some malicious intent 11035 07:21:37,300 --> 07:21:38,989 and it can do a multitude of thing 11036 07:21:38,989 --> 07:21:41,600 if it has a malicious intent will not get into that. 11037 07:21:41,600 --> 07:21:42,866 So for that reason, 11038 07:21:42,866 --> 07:21:45,600 let's first add a normal comment out here. 11039 07:21:45,600 --> 07:21:46,600 So let's say 11040 07:21:46,600 --> 07:21:49,900 if this was blog I'd say good job there. 11041 07:21:49,900 --> 07:21:52,600 Like I said or something like hey, 11042 07:21:52,600 --> 07:21:54,000 man, nice work. 11043 07:21:57,500 --> 07:22:00,000 If you go and press submit, okay, 11044 07:22:00,000 --> 07:22:01,900 it's showing this is an example of persistent 11045 07:22:01,900 --> 07:22:02,900 cross-site scripting 11046 07:22:02,900 --> 07:22:06,522 because I had already inserted malicious script. 11047 07:22:06,522 --> 07:22:11,200 So this is that script out here the second input but just 11048 07:22:11,200 --> 07:22:12,900 for demonstration purposes. 11049 07:22:12,900 --> 07:22:16,800 Let's go in and put it again so we can also input raw data 11050 07:22:16,800 --> 07:22:19,600 that is unencoded input in the form of script. 11051 07:22:19,900 --> 07:22:21,500 So let's go alerts. 11052 07:22:23,500 --> 07:22:25,700 Unless his print hello world. 11053 07:22:38,100 --> 07:22:41,600 So if we go and press submit so at first ones 11054 07:22:41,600 --> 07:22:44,522 that other cross-site script and then it will say 11055 07:22:44,522 --> 07:22:45,982 that this page isn't working. 11056 07:22:45,982 --> 07:22:48,064 So this is also a very good example now we 11057 07:22:48,064 --> 07:22:50,400 have two scripts actually running on this page. 11058 07:22:50,400 --> 07:22:51,455 So the first one is 11059 07:22:51,455 --> 07:22:54,900 actually this is an example of cross-site scripting persistent. 11060 07:22:54,900 --> 07:22:58,900 So that was the second one and then comes the hello world. 11061 07:22:58,900 --> 07:23:02,800 So that's actually two scripts running back to back. 11062 07:23:03,200 --> 07:23:05,500 So anybody if I were to actually come back 11063 07:23:05,500 --> 07:23:06,800 to this side any other day 11064 07:23:06,800 --> 07:23:08,797 and these comments existed It would just 11065 07:23:08,797 --> 07:23:11,000 get automatically executed from the database 11066 07:23:11,000 --> 07:23:13,200 because just because we are referring to it. 11067 07:23:13,500 --> 07:23:17,000 Okay, so time for dom-based cross-site scripting 11068 07:23:17,000 --> 07:23:20,709 and I was using this application for the first time yesterday 11069 07:23:20,709 --> 07:23:21,533 and I realized 11070 07:23:21,533 --> 07:23:23,600 that there is actually no way that we 11071 07:23:23,600 --> 07:23:26,300 can actually test dom-based cross-site scripting you. 11072 07:23:26,300 --> 07:23:28,800 So to actually test on base cross site scripting 11073 07:23:28,800 --> 07:23:31,300 we are going to be using this thing called webgoat. 11074 07:23:32,000 --> 07:23:33,598 Now the login credentials 11075 07:23:33,598 --> 07:23:35,900 to webgoat is guests for the username 11076 07:23:35,900 --> 07:23:37,442 and guests for the password. 11077 07:23:37,442 --> 07:23:39,700 I'd already logged in so it didn't ask me. 11078 07:23:39,700 --> 07:23:41,300 So now if we go out here 11079 07:23:41,300 --> 07:23:44,100 and go on the cross site scripting in xs/s, 11080 07:23:44,100 --> 07:23:46,940 you will also see that there is no options 11081 07:23:46,940 --> 07:23:50,841 available for actually donbass cross-site scripting this is 11082 07:23:50,841 --> 07:23:53,600 because it's under a acts security or Ajax 11083 07:23:53,600 --> 07:23:55,300 if you might pronounce it that way. 11084 07:23:56,200 --> 07:23:59,000 So in this is under a acts security 11085 07:23:59,000 --> 07:24:01,579 because if you guys remember we had just discussed 11086 07:24:01,579 --> 07:24:04,264 that don't be cross site scripting is a client-side 11087 07:24:04,264 --> 07:24:05,500 cross-site scripting. 11088 07:24:05,500 --> 07:24:09,141 So things like a normal script would normally be checked 11089 07:24:09,141 --> 07:24:10,400 on the server side. 11090 07:24:10,400 --> 07:24:12,769 But when we are talking on client side, 11091 07:24:12,769 --> 07:24:16,200 we are talking about languages like HTML a acts etcetera 11092 07:24:16,200 --> 07:24:19,008 so you can put your scripts in HTML form. 11093 07:24:19,008 --> 07:24:23,100 So suppose we were to go so let's input a script first. 11094 07:24:23,100 --> 07:24:24,800 So suppose you have to go script. 11095 07:24:24,800 --> 07:24:25,800 Hello world now. 11096 07:24:25,800 --> 07:24:29,531 If we go and submit the solution nothing actually happens 11097 07:24:29,531 --> 07:24:33,100 because we are actually putting in encoded in puts out there. 11098 07:24:33,100 --> 07:24:35,100 It's the Dom that is unencoded. 11099 07:24:36,000 --> 07:24:40,000 Now if we were to actually go in and input in a language 11100 07:24:40,000 --> 07:24:44,200 that the client-side actually understands for example HTML, 11101 07:24:44,200 --> 07:24:46,584 so we immediately get a result. 11102 07:24:46,800 --> 07:24:48,400 So first of all, 11103 07:24:48,400 --> 07:24:51,570 it's going to actually manipulate the inner 11104 07:24:51,570 --> 07:24:53,100 HTML attributes of this site. 11105 07:24:53,100 --> 07:24:56,361 So if we go image and we put a source now, 11106 07:24:56,361 --> 07:24:59,900 let's not give the source anything and on alert 11107 07:25:00,800 --> 07:25:02,800 on are urado on an error. 11108 07:25:03,200 --> 07:25:06,200 We're going to run some simple JavaScript so alert 11109 07:25:07,600 --> 07:25:17,900 And we can say this is an example of dom-based xss. 11110 07:25:19,500 --> 07:25:22,800 Now as soon as I end end the image tag, 11111 07:25:22,800 --> 07:25:25,636 this is going to get done because the client side 11112 07:25:25,636 --> 07:25:28,000 is always rendering the client-side page. 11113 07:25:28,000 --> 07:25:29,900 So watch this. 11114 07:25:34,100 --> 07:25:36,869 Sorry, I think I miss type somewhere. 11115 07:25:37,900 --> 07:25:40,600 Let's go again so image. 11116 07:25:44,100 --> 07:25:47,700 Unless you something I've already used and you can see 11117 07:25:47,700 --> 07:25:49,600 that it says hacked and out. 11118 07:25:49,600 --> 07:25:52,500 He'll we've not even press submit solution. 11119 07:25:53,300 --> 07:25:54,726 So out here you can see 11120 07:25:54,726 --> 07:25:58,000 that as soon as we completed it is again saying hacked so 11121 07:25:58,000 --> 07:26:00,300 that means as soon as you complete the query or 11122 07:26:00,300 --> 07:26:02,600 the client-side HTML language, 11123 07:26:02,600 --> 07:26:04,206 so that will completely 11124 07:26:04,206 --> 07:26:07,000 trigger the cross-eyed payload image tag. 11125 07:26:07,000 --> 07:26:08,431 This is going to get run 11126 07:26:08,431 --> 07:26:10,902 because the client side is always rendering 11127 07:26:10,902 --> 07:26:12,300 the client-side page. 11128 07:26:12,300 --> 07:26:14,100 So watch this. 11129 07:26:18,200 --> 07:26:19,000 I'm sorry. 11130 07:26:19,000 --> 07:26:21,100 I think I miss type somewhere. 11131 07:26:22,100 --> 07:26:24,900 Let's go again so image. 11132 07:26:28,300 --> 07:26:32,166 Okay, let's use something I've already used and you can see 11133 07:26:32,166 --> 07:26:34,300 that it says hacked and out here. 11134 07:26:34,300 --> 07:26:36,800 We've not even press submit solution. 11135 07:26:37,600 --> 07:26:39,066 So out here you can see 11136 07:26:39,066 --> 07:26:41,800 that as soon as we completed it is again saying 11137 07:26:41,800 --> 07:26:44,500 that so that means as soon as you complete the query or 11138 07:26:44,500 --> 07:26:46,807 the client-side HTML language, 11139 07:26:46,911 --> 07:26:50,988 so that will completely trigger the cross-eyed payload 11140 07:26:55,600 --> 07:26:56,815 firstly let's go 11141 07:26:56,815 --> 07:27:01,300 or what does and DDOS means now to understand a DDOS attack. 11142 07:27:01,300 --> 07:27:05,000 It is essential to understand the fundamentals of a Dos attack 11143 07:27:05,000 --> 07:27:07,600 does simply stands for denial of service? 11144 07:27:07,600 --> 07:27:10,400 The service could be of any kind for example, 11145 07:27:10,400 --> 07:27:12,700 imagine your mother confiscate your cellphone 11146 07:27:12,700 --> 07:27:15,400 when you are preparing for your exams to help you study 11147 07:27:15,400 --> 07:27:16,968 without any sort of distraction 11148 07:27:16,968 --> 07:27:19,700 while the intentions of your model is truly out of care 11149 07:27:19,700 --> 07:27:22,528 and concern you are being denied the service of calling 11150 07:27:22,528 --> 07:27:25,244 and any other service offered by your cell phone now 11151 07:27:25,244 --> 07:27:27,800 with respect to a computer and computer networks. 11152 07:27:27,800 --> 07:27:29,800 A denial of service could be in the form 11153 07:27:29,800 --> 07:27:32,500 of hijacking web servers overloading ports, 11154 07:27:32,500 --> 07:27:33,893 which request rendering 11155 07:27:33,893 --> 07:27:36,659 them unusable the dying Wireless authentication 11156 07:27:36,659 --> 07:27:38,423 and eyeing any sort of service 11157 07:27:38,423 --> 07:27:40,500 that is provided on the internet attacks 11158 07:27:40,500 --> 07:27:43,100 of such intent can be performed from a single machine 11159 07:27:43,100 --> 07:27:45,909 while single machine attacks are much easier to execute 11160 07:27:45,909 --> 07:27:47,497 and monitor their also easy 11161 07:27:47,497 --> 07:27:49,900 to detect and mitigate to solve this issue. 11162 07:27:49,900 --> 07:27:52,900 The attack could be executed from multiple devices spread 11163 07:27:52,900 --> 07:27:54,017 across a wide area. 11164 07:27:54,017 --> 07:27:57,000 Not only does this make it difficult to stop the attack 11165 07:27:57,000 --> 07:27:59,671 but it also becomes near impossible to point out. 11166 07:27:59,671 --> 07:28:02,900 The main culprit such attacks are called distributed denial 11167 07:28:02,900 --> 07:28:04,900 of service or DDOS attacks. 11168 07:28:04,900 --> 07:28:08,200 Now, let us see how they work the main idea of a U.s. 11169 07:28:08,200 --> 07:28:09,304 Attack as explained 11170 07:28:09,304 --> 07:28:12,700 is making a certain service unavailable since everything 11171 07:28:12,700 --> 07:28:15,700 that is attacked is in reality running on a machine. 11172 07:28:15,700 --> 07:28:17,600 The service can be made available. 11173 07:28:17,600 --> 07:28:20,400 If the performance of the machine can be brought down. 11174 07:28:20,400 --> 07:28:23,800 This is the fundamental behind dose and DDOS attacks. 11175 07:28:23,800 --> 07:28:26,656 Now some dos attacks are executed by flooding servers 11176 07:28:26,656 --> 07:28:28,068 with connection requests 11177 07:28:28,068 --> 07:28:29,787 until the server is overloaded 11178 07:28:29,787 --> 07:28:32,787 and is deemed useless others are executed by sending 11179 07:28:32,787 --> 07:28:34,511 unfragmented packets to a server 11180 07:28:34,511 --> 07:28:37,100 which they are unable to handle these methods 11181 07:28:37,100 --> 07:28:38,500 when Muted by a botnet 11182 07:28:38,500 --> 07:28:40,600 exponentially increase the amount of damage 11183 07:28:40,600 --> 07:28:41,644 that they are doing 11184 07:28:41,644 --> 07:28:44,288 and their difficulty to mitigate increases in Leaps 11185 07:28:44,288 --> 07:28:47,700 and Bounds to understand more about how these attacks work. 11186 07:28:47,700 --> 07:28:50,166 Let us look at the different types of attacks. 11187 07:28:50,166 --> 07:28:53,372 Now while there are plenty of ways to perform a DDOS attack. 11188 07:28:53,372 --> 07:28:55,700 I'll be listing down the more famous ones. 11189 07:28:55,700 --> 07:28:58,891 These methodologies have become famous due to their success rate 11190 07:28:58,891 --> 07:29:00,984 and the Damage they have caused over time. 11191 07:29:00,984 --> 07:29:03,434 It is important to note that with the advancement 11192 07:29:03,434 --> 07:29:04,200 and Technology. 11193 07:29:04,200 --> 07:29:06,200 The more creative minds have devised more 11194 07:29:06,200 --> 07:29:07,700 devious ways to perform. 11195 07:29:07,700 --> 07:29:08,500 Dos attacks. 11196 07:29:08,500 --> 07:29:10,382 Now the first type of methodology 11197 07:29:10,382 --> 07:29:13,400 that we are going to discuss is called ping of death now 11198 07:29:13,400 --> 07:29:16,100 according to the TCP IP protocol the maximum size 11199 07:29:16,100 --> 07:29:19,600 of the packet can be 65,535 bytes the Ping 11200 07:29:19,600 --> 07:29:22,029 of death attack exploits this particular fact 11201 07:29:22,029 --> 07:29:23,300 in this type of attack. 11202 07:29:23,300 --> 07:29:24,600 The attacker sends packets 11203 07:29:24,600 --> 07:29:26,502 that are more than the max packet size 11204 07:29:26,502 --> 07:29:28,912 when the packet fragments are added up computers 11205 07:29:28,912 --> 07:29:30,050 generally do not know 11206 07:29:30,050 --> 07:29:32,558 what to do with such packets and end up freezing 11207 07:29:32,558 --> 07:29:34,814 or sometimes crashing entirely then we come 11208 07:29:34,814 --> 07:29:37,533 to reflect on the docks this particular attack. 11209 07:29:37,533 --> 07:29:40,605 Iraq is more often than not used with the help of a botnet. 11210 07:29:40,605 --> 07:29:42,075 The attacker sends a host 11211 07:29:42,075 --> 07:29:44,400 of innocent computers a connection request 11212 07:29:44,400 --> 07:29:47,200 using a botnet which are also called reflectors. 11213 07:29:47,200 --> 07:29:49,750 Now this connection that comes from the botnet looks 11214 07:29:49,750 --> 07:29:52,100 like it comes from the victim and this is done 11215 07:29:52,100 --> 07:29:54,693 by spoofing The Source part in the packet header. 11216 07:29:54,693 --> 07:29:56,600 This makes the host of computers send 11217 07:29:56,600 --> 07:29:58,600 an acknowledgement to the victim computer 11218 07:29:58,600 --> 07:30:00,352 since there are multiple such requests 11219 07:30:00,352 --> 07:30:01,794 from the different computers 11220 07:30:01,794 --> 07:30:04,163 to the same machine this overloads the computer 11221 07:30:04,163 --> 07:30:05,400 and crashes it this type 11222 07:30:05,400 --> 07:30:07,300 of attack is also known as a Smurfette. 11223 07:30:08,000 --> 07:30:11,400 Another type of attack is called mail bomb now mail bomb attacks 11224 07:30:11,400 --> 07:30:13,504 generally attack email servers in this type 11225 07:30:13,504 --> 07:30:16,800 of attack instead of packets oversized emails filled with 11226 07:30:16,800 --> 07:30:19,900 random garbage values are sent to the targeted email server. 11227 07:30:19,900 --> 07:30:21,820 This generally crashes the email server 11228 07:30:21,820 --> 07:30:24,500 due to a sudden spike in load and renders them useless 11229 07:30:24,500 --> 07:30:25,391 until fixed last 11230 07:30:25,391 --> 07:30:27,900 but not the least we have the teardrop attack. 11231 07:30:27,900 --> 07:30:29,310 So in this type of attack, 11232 07:30:29,310 --> 07:30:30,956 the fragmentation offset field 11233 07:30:30,956 --> 07:30:33,391 of a packet is abused one of the fields 11234 07:30:33,391 --> 07:30:36,261 in an IP header is a fragment offset field indicating 11235 07:30:36,261 --> 07:30:38,048 the starting position or offset. 11236 07:30:38,048 --> 07:30:40,577 Of the data contained in a fragmented packet 11237 07:30:40,577 --> 07:30:42,819 relative to the data in the original packet 11238 07:30:42,819 --> 07:30:44,230 if the sum of the offset 11239 07:30:44,230 --> 07:30:46,992 and the size of one fragmented packet differs from that 11240 07:30:46,992 --> 07:30:49,817 of the next fragmented packet the packet overlap now 11241 07:30:49,817 --> 07:30:52,700 when this happens a server vulnerable to teardrop attacks 11242 07:30:52,700 --> 07:30:55,189 is unable to reassemble the packets resulting 11243 07:30:55,189 --> 07:30:57,000 in a denial of service condition. 11244 07:30:57,000 --> 07:30:57,314 Okay. 11245 07:30:57,314 --> 07:31:00,900 So that was all the theoretical portion of this video now, 11246 07:31:00,900 --> 07:31:04,600 it's time to actually perform our very own DDOS attack. 11247 07:31:04,800 --> 07:31:05,147 Okay. 11248 07:31:05,147 --> 07:31:07,871 So now that we finish the theoretical part 11249 07:31:07,871 --> 07:31:09,600 of how DDOS actually works 11250 07:31:09,600 --> 07:31:12,322 and what it actually is but it's different types. 11251 07:31:12,322 --> 07:31:15,000 Let me just give you guys a quick demonstration on 11252 07:31:15,000 --> 07:31:16,866 how you could apply a denial 11253 07:31:16,866 --> 07:31:17,999 of service attack 11254 07:31:17,999 --> 07:31:20,100 on a wireless network anywhere around you 11255 07:31:20,100 --> 07:31:22,150 like this could be somewhere like Starbucks 11256 07:31:22,150 --> 07:31:25,035 where you're sitting or this could be a library also 11257 07:31:25,035 --> 07:31:26,930 or your college institution no matter 11258 07:31:26,930 --> 07:31:29,400 where you're sitting this procedure will work. 11259 07:31:29,400 --> 07:31:33,200 So the first thing we want to do is actually open up a terminal 11260 07:31:33,200 --> 07:31:36,216 as because we were Be doing most of our work 11261 07:31:36,216 --> 07:31:37,901 on a command line basis. 11262 07:31:37,901 --> 07:31:40,447 Now for this particular demonstration. 11263 07:31:40,447 --> 07:31:44,309 We will be actually using two tools first is aircrack-ng, 11264 07:31:44,309 --> 07:31:45,986 which is a suit of tools 11265 07:31:45,986 --> 07:31:49,128 which contains aircrack-ng airmon-ng a replay 11266 07:31:49,128 --> 07:31:50,600 and G and airodump-ng. 11267 07:31:50,600 --> 07:31:53,258 So these are the four tools that come along with it. 11268 07:31:53,258 --> 07:31:54,199 And the second one 11269 07:31:54,199 --> 07:31:56,900 that we'll be using is called Mac change of okay. 11270 07:31:56,900 --> 07:31:59,500 So let me just put my terminal on maximum. 11271 07:31:59,500 --> 07:32:02,798 So you guys can see what I'm actually writing out. 11272 07:32:02,798 --> 07:32:06,500 So first thing we want to do is Actually log in as root. 11273 07:32:06,500 --> 07:32:08,200 So let me just do that quickly 11274 07:32:08,200 --> 07:32:11,100 because we need to login as root because most of the stuff 11275 07:32:11,100 --> 07:32:14,500 that we're going to do right now will need administrator access. 11276 07:32:14,500 --> 07:32:14,766 Now. 11277 07:32:14,766 --> 07:32:17,699 If the first thing we want to do is check out 11278 07:32:17,699 --> 07:32:19,700 our wireless network cards name 11279 07:32:19,700 --> 07:32:22,559 and we can do that easily by typing ifconfig. 11280 07:32:22,559 --> 07:32:23,600 Now, you can see 11281 07:32:23,600 --> 07:32:28,900 that my wireless card is called WL 1 and we get the MAC address 11282 07:32:28,900 --> 07:32:31,300 and we also get the IPv6 dress. 11283 07:32:31,300 --> 07:32:35,553 So that's my wireless network card and we'll Actually setting 11284 07:32:35,553 --> 07:32:37,468 that up in monitor mode now 11285 07:32:37,468 --> 07:32:40,600 before we actually go in to start up our Network 11286 07:32:40,600 --> 07:32:41,885 are in monitor mode. 11287 07:32:41,885 --> 07:32:43,905 Let me just show you how you can install 11288 07:32:43,905 --> 07:32:47,200 the two tools that I just spoke about that is aircrack-ng 11289 07:32:47,200 --> 07:32:48,300 at Mac changer. 11290 07:32:48,300 --> 07:32:50,250 So do install aircrack-ng. 11291 07:32:50,250 --> 07:32:51,919 You can just go app get 11292 07:32:51,919 --> 07:32:56,700 install aircrack-ng hit enter and this should do it for you. 11293 07:32:56,700 --> 07:32:58,578 I already have it installed. 11294 07:32:58,578 --> 07:33:02,000 So it's not going to do much to install mac changer. 11295 07:33:02,000 --> 07:33:04,317 You could just go the same command 11296 07:33:04,317 --> 07:33:06,500 that is zap get install mac changer 11297 07:33:06,700 --> 07:33:08,000 and you can check 11298 07:33:08,000 --> 07:33:11,061 if both the tools have been installed properly 11299 07:33:11,061 --> 07:33:14,700 by opening the manual pages by typing man aircrack-ng 11300 07:33:14,700 --> 07:33:17,200 and this will open up the manual page for you. 11301 07:33:17,200 --> 07:33:20,000 And let's also do the same format to ensure. 11302 07:33:20,000 --> 07:33:22,500 So what we're going to do first is set up 11303 07:33:22,500 --> 07:33:25,300 our network interface card into monitor mode. 11304 07:33:25,400 --> 07:33:26,600 So to do that, 11305 07:33:26,600 --> 07:33:29,300 all we have to do is type ifconfig, 11306 07:33:29,300 --> 07:33:31,399 and we need to put a network interface card down. 11307 07:33:31,399 --> 07:33:31,900 So we go. 11308 07:33:31,900 --> 07:33:35,900 Wlo one down and with the command IW Go mode monitor. 11309 07:33:35,900 --> 07:33:37,100 Don't forget to specify 11310 07:33:37,100 --> 07:33:38,700 the interface that you're working on. 11311 07:33:38,700 --> 07:33:40,848 So IW config WL 1 mode Monitor 11312 07:33:40,848 --> 07:33:44,000 and all you have to do now is put it back up. 11313 07:33:44,000 --> 07:33:47,100 So what we are going to type is ifconfig. 11314 07:33:47,100 --> 07:33:48,100 Wl1 up. 11315 07:33:48,200 --> 07:33:50,971 You can check the mode it will see managed 11316 07:33:50,971 --> 07:33:52,537 if it's monitoring mode. 11317 07:33:52,537 --> 07:33:55,300 So as you guys can see it says mode managed, 11318 07:33:55,300 --> 07:33:58,600 so that's how we're going to go ahead so you can check 11319 07:33:58,600 --> 07:34:00,423 that just for your own purposes 11320 07:34:00,423 --> 07:34:02,200 so we can also check for only. 11321 07:34:02,200 --> 07:34:04,600 Wlo one by specifying the interface. 11322 07:34:04,600 --> 07:34:08,500 Or you could also check the mode only by passing it 11323 07:34:08,500 --> 07:34:11,900 through a pipe function and that is using grep mode. 11324 07:34:12,000 --> 07:34:16,000 So IW config wl1 crap and mold. 11325 07:34:16,400 --> 07:34:18,302 Well mode begin to the capital M. 11326 07:34:18,302 --> 07:34:20,800 So that's how you would probably return it. 11327 07:34:20,900 --> 07:34:22,100 So as you guys can see 11328 07:34:22,100 --> 07:34:24,026 that has returned the mode for us icon 11329 07:34:24,026 --> 07:34:26,468 along with the access point and the frequency. 11330 07:34:26,468 --> 07:34:28,600 Okay, so that was a little fun trivia on 11331 07:34:28,600 --> 07:34:31,500 how you could fetch the mode from a certain command 11332 07:34:31,500 --> 07:34:34,300 that like iwconfig by passing it through a pipe 11333 07:34:34,300 --> 07:34:37,215 and Open your list mode crap basically means grab. 11334 07:34:37,215 --> 07:34:39,862 Okay, so now moving on we will get to the more 11335 07:34:39,862 --> 07:34:42,295 important stuff now so firstly we need to check 11336 07:34:42,295 --> 07:34:43,475 for some sub processes 11337 07:34:43,475 --> 07:34:45,298 that might still be running and 11338 07:34:45,298 --> 07:34:48,600 that right actually interfere with the scanning process. 11339 07:34:48,600 --> 07:34:49,500 So to do that, 11340 07:34:49,500 --> 07:34:51,800 what we do is airmon-ng check 11341 07:34:51,800 --> 07:34:54,700 and then the name of the interface now 11342 07:34:54,700 --> 07:34:57,012 as you guys can see I have the network manager 11343 07:34:57,012 --> 07:34:59,600 that is running out here and we need to kill that first 11344 07:34:59,600 --> 07:35:01,600 and that can be easily done by going kill 11345 07:35:01,600 --> 07:35:02,920 with the PID after that. 11346 07:35:02,920 --> 07:35:04,900 You can run a general command called. 11347 07:35:04,900 --> 07:35:06,700 Old airmon-ng check 11348 07:35:06,700 --> 07:35:10,700 and kill so whatever it finds it will kill it accordingly 11349 07:35:10,700 --> 07:35:13,000 and when it produces no results like this, 11350 07:35:13,000 --> 07:35:14,300 that means you're ready to go 11351 07:35:14,300 --> 07:35:15,900 as there are no sub processes running 11352 07:35:15,900 --> 07:35:17,700 that might actually interfere with us 11353 07:35:17,700 --> 07:35:21,400 can now what we want to do is we want to run a dump scan 11354 07:35:21,400 --> 07:35:23,630 on the network interface card 11355 07:35:23,700 --> 07:35:26,900 and check out all the possible access points 11356 07:35:26,900 --> 07:35:28,500 that are available to us. 11357 07:35:28,500 --> 07:35:31,171 So as you guys can see this produces a bunch 11358 07:35:31,171 --> 07:35:34,600 of access points and they come with their be ssids there. 11359 07:35:34,600 --> 07:35:36,645 So have the power which is the pwr 11360 07:35:36,645 --> 07:35:40,834 that is the power of the signal and let me go down back again. 11361 07:35:40,834 --> 07:35:44,400 So yeah, you can see the beacons you can see the data you can see 11362 07:35:44,400 --> 07:35:48,055 the channels available and what the bssid is. 11363 07:35:48,055 --> 07:35:49,200 It's the Mac ID 11364 07:35:49,200 --> 07:35:52,039 that is actually tied in with the essid 11365 07:35:52,039 --> 07:35:55,700 which basically represents the name of the router. 11366 07:35:55,700 --> 07:35:58,300 Now, what we want to do from here is we want 11367 07:35:58,300 --> 07:36:01,700 to choose which router we want to actually dose. 11368 07:36:01,700 --> 07:36:03,850 Now, the whole process of dosing is actually 11369 07:36:03,850 --> 07:36:06,400 we will continue Sleety authenticate all the devices 11370 07:36:06,400 --> 07:36:07,700 that are connected to it. 11371 07:36:07,700 --> 07:36:10,600 So for now I have chosen Eddie Rekha Wi-Fi to actually 11372 07:36:10,600 --> 07:36:13,638 toss out and once I send it the authentication broadcast, 11373 07:36:13,638 --> 07:36:14,508 it will actually 11374 07:36:14,508 --> 07:36:17,411 the authenticate all the devices that are connected to it. 11375 07:36:17,411 --> 07:36:19,121 Now this the authentication 11376 07:36:19,121 --> 07:36:21,400 is done with a tool called are replay 11377 07:36:21,400 --> 07:36:24,454 which is a part of the aircrack-ng suit of tools. 11378 07:36:24,454 --> 07:36:24,687 Now. 11379 07:36:24,687 --> 07:36:25,505 Let's just see 11380 07:36:25,505 --> 07:36:28,800 how we can use are a play by opening up the help command. 11381 07:36:28,800 --> 07:36:29,600 So we go - - 11382 07:36:29,600 --> 07:36:31,731 help and this opens up the help command for us. 11383 07:36:31,731 --> 07:36:33,497 Now as you guys can see it shows us 11384 07:36:33,497 --> 07:36:34,900 that we can send a D'Orsay. 11385 07:36:34,900 --> 07:36:36,928 Gation message by tapping into - 11386 07:36:36,928 --> 07:36:39,400 0 and then we need to type in the count. 11387 07:36:39,400 --> 07:36:41,464 So what we are going to do is type in - 11388 07:36:41,464 --> 07:36:43,800 0 which will send the DL syndication message 11389 07:36:43,800 --> 07:36:45,700 and now we can dive 1 or 0. 11390 07:36:45,700 --> 07:36:48,738 So 1 will send only one the authentication message 11391 07:36:48,738 --> 07:36:51,716 while 0 will continuously Loop it and send a bunch 11392 07:36:51,716 --> 07:36:53,600 of the authentication messages. 11393 07:36:53,600 --> 07:36:56,100 We are going to say zero because we want to be sure 11394 07:36:56,100 --> 07:36:59,100 that we are the authenticating everybody and we can also 11395 07:36:59,100 --> 07:37:00,636 generally specify the person. 11396 07:37:00,636 --> 07:37:03,246 We also want to specifically the authenticate but for 11397 07:37:03,246 --> 07:37:04,200 this demonstration, 11398 07:37:04,200 --> 07:37:06,900 I'm just Just going to try and the authenticate everybody 11399 07:37:06,900 --> 07:37:07,600 that is there. 11400 07:37:07,600 --> 07:37:09,334 So what we are going to do is 11401 07:37:09,334 --> 07:37:12,500 we are going to copy down the MAC address or the bssid 11402 07:37:12,500 --> 07:37:13,556 as you would know it 11403 07:37:13,556 --> 07:37:16,770 and then we are going to run the authentication message. 11404 07:37:16,770 --> 07:37:19,700 Now as you guys can see Rd authentication message 11405 07:37:19,700 --> 07:37:22,100 is beginning to hunt on Channel Nine. 11406 07:37:22,146 --> 07:37:25,300 Now as you guys know and as I already know 11407 07:37:25,300 --> 07:37:30,800 that our bssid or Mac address is working on Channel 6 now, 11408 07:37:30,800 --> 07:37:34,600 we can easily change the channel that are interface. 11409 07:37:34,600 --> 07:37:38,700 Working on by just going IW config WL 1 and then Channel 11410 07:37:38,700 --> 07:37:40,400 and then specifying the channel 11411 07:37:40,400 --> 07:37:44,200 as you guys can see our chosen router is working on Channel 6. 11412 07:37:44,200 --> 07:37:46,000 So that's exactly what we're going to do. 11413 07:37:46,000 --> 07:37:49,000 Now as you guys can see it immediately starts sending 11414 07:37:49,000 --> 07:37:52,357 the authentication codes to the specified router 11415 07:37:52,357 --> 07:37:55,000 and this will actually make any device 11416 07:37:55,000 --> 07:37:57,732 that is connected to that router almost unusable. 11417 07:37:57,732 --> 07:38:00,968 You might see that you are still connected to the Wi-Fi, 11418 07:38:00,968 --> 07:38:02,553 but try browsing the internet 11419 07:38:02,553 --> 07:38:05,619 with them you will never be able to actually Each any site 11420 07:38:05,619 --> 07:38:06,484 as I'm constantly 11421 07:38:06,484 --> 07:38:08,719 the authenticating your service you will need 11422 07:38:08,719 --> 07:38:10,379 that for a handshake all the time. 11423 07:38:10,379 --> 07:38:13,600 And even if it completes you are suddenly the authenticated again 11424 07:38:13,600 --> 07:38:15,800 because I'm running this thing on a loop. 11425 07:38:15,800 --> 07:38:19,000 Now, you can let this command run for a few moments 11426 07:38:19,000 --> 07:38:22,000 or how much of a time you want to DDOS at guy for well, 11427 07:38:22,000 --> 07:38:23,200 this is not exactly a DDOS 11428 07:38:23,200 --> 07:38:25,200 because you're doing it from one single machine, 11429 07:38:25,200 --> 07:38:28,060 but you can also optimize this code to actually looks 11430 07:38:28,060 --> 07:38:30,700 like it's running from several different machine. 11431 07:38:30,700 --> 07:38:32,397 So let me just show you how to do that. 11432 07:38:32,397 --> 07:38:34,899 We are going to write a script file to actually optimize. 11433 07:38:34,899 --> 07:38:37,299 Is our code lat so this script file 11434 07:38:37,299 --> 07:38:39,400 will actually automate most of the things 11435 07:38:39,400 --> 07:38:41,500 that we just did and also optimize a little 11436 07:38:41,500 --> 07:38:43,800 by changing our Mac address every single time. 11437 07:38:43,800 --> 07:38:46,400 So we become hard to actually point out. 11438 07:38:46,400 --> 07:38:49,000 So the first thing that we want to do is 11439 07:38:49,000 --> 07:38:53,000 we want to put our wireless network card down and maybe 11440 07:38:53,000 --> 07:38:55,300 that's not the first thing that I want to do. 11441 07:38:55,300 --> 07:38:57,200 Just give me a moment to think about this. 11442 07:38:57,200 --> 07:38:59,400 I haven't actually thought this true I'm doing 11443 07:38:59,400 --> 07:39:00,314 this on the Fly. 11444 07:39:00,314 --> 07:39:00,600 Okay. 11445 07:39:00,600 --> 07:39:01,457 So the first thing 11446 07:39:01,457 --> 07:39:03,600 that we're going to do is we're going to start 11447 07:39:03,600 --> 07:39:05,953 a while loop that Is going to continuously run 11448 07:39:05,953 --> 07:39:07,757 until we actually externally stop it. 11449 07:39:07,757 --> 07:39:10,431 So we go while true and then we're going to say do 11450 07:39:10,431 --> 07:39:12,300 and the first thing that we want to do 11451 07:39:12,300 --> 07:39:16,600 is send out the authentication message and we are going 11452 07:39:16,600 --> 07:39:20,900 to send a it around 10 the authentication messages 11453 07:39:21,400 --> 07:39:24,488 and we want to run it on a specific bssid. 11454 07:39:24,488 --> 07:39:27,200 So that is the bssid that had copied. 11455 07:39:27,200 --> 07:39:28,500 So let me just put in that 11456 07:39:28,600 --> 07:39:30,739 and then we just put in the interface 11457 07:39:30,739 --> 07:39:32,504 is it supposed to work on now? 11458 07:39:32,504 --> 07:39:34,857 What we want to do after that is You want 11459 07:39:34,857 --> 07:39:36,300 to change the MAC address 11460 07:39:36,300 --> 07:39:39,420 after we have sent all these 10 packets. 11461 07:39:39,420 --> 07:39:43,676 So what we will need to do is put down our wireless network 11462 07:39:43,676 --> 07:39:46,098 and as already discussed we can do 11463 07:39:46,098 --> 07:39:48,300 that with ifconfig wlan0 down. 11464 07:39:48,300 --> 07:39:52,223 And now what we want to do is change our Mac address 11465 07:39:52,223 --> 07:39:53,023 so we can do 11466 07:39:53,023 --> 07:39:55,800 that with the simple tool that we had installed 11467 07:39:55,800 --> 07:39:58,200 and saying Mac changer - 11468 07:39:58,200 --> 07:40:02,300 are so let me just open up a Quick Tab and show you guys 11469 07:40:02,300 --> 07:40:04,400 how much Ginger actually works. 11470 07:40:04,500 --> 07:40:05,970 Now you can already check 11471 07:40:05,970 --> 07:40:08,900 out my other video called the ethical hacking course, 11472 07:40:08,900 --> 07:40:11,231 which actually covers a lot of topics 11473 07:40:11,231 --> 07:40:14,521 and Mac changer is just one of them and you can check 11474 07:40:14,521 --> 07:40:16,800 how to use it in depth in that video. 11475 07:40:16,800 --> 07:40:19,100 But for now, let me just give you a brief introduction 11476 07:40:19,100 --> 07:40:22,000 how much change it works the Mac changer will basically give you 11477 07:40:22,000 --> 07:40:22,800 a new Mac address 11478 07:40:22,800 --> 07:40:25,650 every time let me just open up the help menu for you guys. 11479 07:40:25,650 --> 07:40:27,515 So as you guys can see these are the options 11480 07:40:27,515 --> 07:40:28,600 that are available to us. 11481 07:40:28,600 --> 07:40:30,600 We can get a random Mac address. 11482 07:40:30,600 --> 07:40:33,700 We can also tell to show our Mac address and we also 11483 07:40:33,700 --> 07:40:35,800 have to specify Interface 11484 07:40:35,800 --> 07:40:38,358 when we want to show us the MAC address now, 11485 07:40:38,358 --> 07:40:40,500 let me just generate new Mac address. 11486 07:40:40,500 --> 07:40:42,800 So you see our chair that interface up 11487 07:40:42,800 --> 07:40:45,270 or insufficient permissions is being shown. 11488 07:40:45,270 --> 07:40:48,800 So this means we always have to put down our interface first. 11489 07:40:48,800 --> 07:40:51,600 So let me just do that quickly ifconfig wlan0 down. 11490 07:40:51,600 --> 07:40:54,800 And now what we want to do is give ourselves a new Mac address 11491 07:40:54,800 --> 07:40:55,700 and boom roasted. 11492 07:40:55,700 --> 07:40:57,250 We already have a new Mac address 11493 07:40:57,250 --> 07:40:59,300 as you guys can see from the new Mac part. 11494 07:40:59,300 --> 07:41:01,900 Now if you put back are in network interface card, 11495 07:41:01,900 --> 07:41:04,424 and then try and show up Mac address again weeks. 11496 07:41:04,424 --> 07:41:06,600 See that our current MAC and are from red. 11497 07:41:06,600 --> 07:41:09,100 Mack are two completely different Mac addresses 11498 07:41:09,100 --> 07:41:12,400 and of current MAC and the new Mac I identical. 11499 07:41:12,400 --> 07:41:14,945 So this is how you can actually generate 11500 07:41:14,945 --> 07:41:18,600 new Mac addresses to spoof your own identity on the while 11501 07:41:18,600 --> 07:41:20,466 and that is very useful in this case 11502 07:41:20,466 --> 07:41:21,400 because the person 11503 07:41:21,400 --> 07:41:24,000 you're attacking will be so confused as to what to do 11504 07:41:24,000 --> 07:41:26,300 because your Mac address is changing every time 11505 07:41:26,300 --> 07:41:27,581 and there's no real solution 11506 07:41:27,581 --> 07:41:29,881 to the situation that you're creating for them. 11507 07:41:29,881 --> 07:41:30,300 At least. 11508 07:41:30,300 --> 07:41:31,752 I don't know of any solution. 11509 07:41:31,752 --> 07:41:33,952 If you do know how to stop this for yourself. 11510 07:41:33,952 --> 07:41:34,682 Please leave it. 11511 07:41:34,682 --> 07:41:36,550 Down in the comment section below and help 11512 07:41:36,550 --> 07:41:37,600 the world a little bit. 11513 07:41:37,600 --> 07:41:37,900 Now. 11514 07:41:37,900 --> 07:41:42,400 We wanted also get to know what our Mac address is every time. 11515 07:41:42,400 --> 07:41:44,800 So let me just type my function 11516 07:41:44,800 --> 07:41:47,300 through the whole thing and let me just try 11517 07:41:47,300 --> 07:41:49,000 and grab the new Mac address. 11518 07:41:49,000 --> 07:41:51,200 So my changer are wl1 11519 07:41:51,200 --> 07:41:54,586 and grab Mark and then we want to put our Rental Car 11520 07:41:54,586 --> 07:41:55,848 in the monitor mode 11521 07:41:55,848 --> 07:41:59,500 and then we also want to put up our network interface card. 11522 07:41:59,500 --> 07:42:01,800 Now, what we want to do out here is optimize it 11523 07:42:01,800 --> 07:42:03,779 so we can be attacking constantly. 11524 07:42:03,779 --> 07:42:05,426 So let us Put a sleep timer. 11525 07:42:05,426 --> 07:42:07,300 So this will make our program sleep 11526 07:42:07,300 --> 07:42:08,967 for a particular amount of time. 11527 07:42:08,967 --> 07:42:11,000 I'm going to make a sleep for 5 seconds. 11528 07:42:11,000 --> 07:42:13,000 So after every 5 seconds, 11529 07:42:13,000 --> 07:42:15,900 it's gonna send that particular bssid. 11530 07:42:15,900 --> 07:42:17,900 Then the authentication messages 11531 07:42:17,900 --> 07:42:20,400 then just going to bring down my interface card. 11532 07:42:20,400 --> 07:42:22,500 It's gonna change my Mac address. 11533 07:42:22,500 --> 07:42:24,668 It's going to put back the interface card 11534 07:42:24,668 --> 07:42:27,300 in the monitor mode and sleep for 5 seconds. 11535 07:42:27,300 --> 07:42:29,400 And then repeat the entire process 11536 07:42:29,600 --> 07:42:31,500 and to end the script. 11537 07:42:31,500 --> 07:42:33,038 Let's just say done. 11538 07:42:33,038 --> 07:42:36,192 So that will denote when Loop is done now. 11539 07:42:36,192 --> 07:42:39,500 Let me just save it Ctrl o control X to exit 11540 07:42:39,500 --> 07:42:40,600 and there we go. 11541 07:42:40,600 --> 07:42:41,300 Okay. 11542 07:42:41,300 --> 07:42:43,800 So first of all to actually run 11543 07:42:43,800 --> 07:42:47,600 this need to give it some more permission. 11544 07:42:47,600 --> 07:42:50,146 So as you guys can see we already have it. 11545 07:42:50,146 --> 07:42:53,139 Let me just put it in a much more readable format. 11546 07:42:53,139 --> 07:42:53,472 Okay. 11547 07:42:53,472 --> 07:42:55,600 So as you guys can see our doors 11548 07:42:55,600 --> 07:42:58,723 does sh doesn't really have execute ability 11549 07:42:58,723 --> 07:43:01,400 so we can do that with command chmod. 11550 07:43:01,400 --> 07:43:03,925 So I'm going to give it some executable permission. 11551 07:43:03,925 --> 07:43:06,400 So chmod One plus X and then the name of the file. 11552 07:43:06,400 --> 07:43:09,542 So this will actually change our dos dos SSH 11553 07:43:09,542 --> 07:43:11,600 into a executable bash script. 11554 07:43:11,600 --> 07:43:11,913 Okay. 11555 07:43:11,913 --> 07:43:14,524 So it seems that we have done some error. 11556 07:43:14,524 --> 07:43:17,200 So let's just go back into our bash script 11557 07:43:17,200 --> 07:43:20,800 and check for the error that we have probably done. 11558 07:43:20,800 --> 07:43:24,400 So now - does a jet d'eau start sh. 11559 07:43:24,900 --> 07:43:25,600 Okay. 11560 07:43:25,600 --> 07:43:27,600 So the thing that I am missing is 11561 07:43:27,600 --> 07:43:29,400 that I forgot - 11562 07:43:29,400 --> 07:43:33,000 A that I'm supposed to put before putting the bssid 11563 07:43:33,000 --> 07:43:36,100 and the are replay Angie part of the code. 11564 07:43:36,100 --> 07:43:38,700 So let me just go ahead and quickly do that. 11565 07:43:38,700 --> 07:43:39,028 Okay. 11566 07:43:39,028 --> 07:43:40,661 So now that that is done. 11567 07:43:40,661 --> 07:43:43,468 Let me just save it and quickly exit and see 11568 07:43:43,468 --> 07:43:45,100 if this thing is working. 11569 07:43:45,900 --> 07:43:46,200 Ok. 11570 07:43:46,200 --> 07:43:50,413 So now we are trying to work out our script 11571 07:43:50,413 --> 07:43:52,400 now you guys should know 11572 07:43:52,400 --> 07:43:55,000 that this Erica Wi-Fi is my company's Wi-Fi 11573 07:43:55,000 --> 07:43:58,300 and I have complete permission to go ahead and do this to them. 11574 07:43:58,300 --> 07:43:58,900 Also. 11575 07:43:58,900 --> 07:44:00,913 My company's Wi-Fi is kind of secure. 11576 07:44:00,913 --> 07:44:02,200 So every time it senses 11577 07:44:02,200 --> 07:44:04,400 that ADI authentication message is being sent. 11578 07:44:04,400 --> 07:44:05,300 I ain't like that. 11579 07:44:05,300 --> 07:44:07,800 It kind of changes the channel that it is working on. 11580 07:44:07,800 --> 07:44:09,862 So these guys are really smart smarter 11581 07:44:09,862 --> 07:44:11,200 than me most of the time 11582 07:44:11,200 --> 07:44:12,759 and this time I'm just going 11583 07:44:12,759 --> 07:44:15,100 to try and force them to work on Channel 6. 11584 07:44:15,100 --> 07:44:17,500 So let me just go ahead and run my script once. 11585 07:44:17,500 --> 07:44:19,100 Okay, so let me just check that. 11586 07:44:19,100 --> 07:44:21,422 They're still working on Channel 6 Yep. 11587 07:44:21,422 --> 07:44:23,500 They're still working on Channel 6. 11588 07:44:23,700 --> 07:44:27,100 Let me just check my script once if it's correctly done 11589 07:44:27,100 --> 07:44:29,200 if I have the perfect Mark ID. 11590 07:44:29,200 --> 07:44:33,200 Let me just copy in the Mac ID just to be sure once again, 11591 07:44:33,200 --> 07:44:34,400 so they go. 11592 07:44:34,400 --> 07:44:35,200 Copied it. 11593 07:44:35,200 --> 07:44:39,066 Let's go into the script and let's face it out. 11594 07:44:39,066 --> 07:44:39,391 Okay. 11595 07:44:39,391 --> 07:44:40,886 So now that that is done 11596 07:44:40,886 --> 07:44:44,000 and we have mac IDs and everything set up properly. 11597 07:44:44,000 --> 07:44:46,700 Let me just show you how to run the script so you go 11598 07:44:46,700 --> 07:44:49,304 Dot and backward slash and then you said - 11599 07:44:49,304 --> 07:44:50,104 does SH now. 11600 07:44:50,104 --> 07:44:52,858 I see that our thing is working on Channel 8. 11601 07:44:52,858 --> 07:44:55,300 So this will definitely not book and say 11602 07:44:55,300 --> 07:44:59,400 that the SSID is not so what we need to do 11603 07:44:59,400 --> 07:45:01,035 as I have showed you guys 11604 07:45:01,035 --> 07:45:04,700 earlier we can go aw config wl1 and change the channel 2. 11605 07:45:04,700 --> 07:45:05,500 Channel 6. 11606 07:45:05,500 --> 07:45:07,800 Oops, I channel to channel it again. 11607 07:45:08,000 --> 07:45:09,266 This will not work. 11608 07:45:09,266 --> 07:45:09,858 I'm sorry. 11609 07:45:09,858 --> 07:45:10,800 That was my bad. 11610 07:45:10,800 --> 07:45:12,900 So now that we have changed it to channel 6, 11611 07:45:12,900 --> 07:45:16,200 you can see that it is sending everything immediately. 11612 07:45:16,200 --> 07:45:16,900 Okay. 11613 07:45:16,900 --> 07:45:20,500 So that is actually running our script very well. 11614 07:45:20,500 --> 07:45:22,700 And as you guys can see the security measures 11615 07:45:22,700 --> 07:45:24,100 are taken by my company. 11616 07:45:24,100 --> 07:45:26,299 It will not always work on Channel 6. 11617 07:45:26,300 --> 07:45:29,757 It will keep rotating now until it finds the safe channel. 11618 07:45:29,757 --> 07:45:32,000 So it really can't find a safe Channel. 11619 07:45:32,000 --> 07:45:35,600 I was always be dosing on Channel 6 and It will run. 11620 07:45:35,600 --> 07:45:39,194 Sometimes it won't run sometimes but mostly with unsecured Wi-Fi 11621 07:45:39,194 --> 07:45:40,900 that is running at your home. 11622 07:45:40,900 --> 07:45:43,900 Mostly this will work a hundred percent times. 11623 07:45:43,900 --> 07:45:45,100 So let me just stop this 11624 07:45:45,100 --> 07:45:46,976 because my company will go mad on me 11625 07:45:46,976 --> 07:45:48,800 if I just keep on dancing them. 11626 07:45:48,800 --> 07:45:51,916 So this brings us to the end of a demonstration. 11627 07:45:51,916 --> 07:45:55,100 This is how you can always toss your neighbors 11628 07:45:55,100 --> 07:45:56,452 if they're annoying you 11629 07:45:56,452 --> 07:45:59,300 but remember if you're caught you could be prosecuted. 11630 07:45:59,300 --> 07:46:01,516 So this was about how the device works 11631 07:46:01,516 --> 07:46:04,141 with DDOS actually is and the different types 11632 07:46:04,141 --> 07:46:07,509 and how you can do one on your own with your own system 11633 07:46:07,509 --> 07:46:08,400 by my company. 11634 07:46:08,400 --> 07:46:12,009 It will not always work on Channel 6 will keep rotating now 11635 07:46:12,009 --> 07:46:14,000 until it finds the safe channel. 11636 07:46:14,000 --> 07:46:16,300 So it really can't find a safe Channel. 11637 07:46:16,300 --> 07:46:17,668 I was always be dosing 11638 07:46:17,668 --> 07:46:21,500 on Channel 6 and it will run sometimes it won't run sometimes 11639 07:46:21,500 --> 07:46:23,411 but mostly with unsecured Wi-Fi 11640 07:46:23,411 --> 07:46:25,200 that is running at your home. 11641 07:46:25,200 --> 07:46:28,200 Mostly this will work a hundred percent times. 11642 07:46:28,200 --> 07:46:29,400 So let me just stop this 11643 07:46:29,400 --> 07:46:31,315 because my company will go mad on me 11644 07:46:31,315 --> 07:46:33,064 if I just keep on dancing them. 11645 07:46:33,064 --> 07:46:34,700 So this brings us to the end. 11646 07:46:34,700 --> 07:46:36,188 To off a demonstration. 11647 07:46:36,188 --> 07:46:39,300 This is how you can always dose your neighbors 11648 07:46:39,300 --> 07:46:40,596 if they're annoying you 11649 07:46:40,596 --> 07:46:43,600 but remember if you're caught you could be prosecuted. 11650 07:46:43,600 --> 07:46:45,867 So this was about how the device Works 11651 07:46:45,867 --> 07:46:47,400 would beat us actually is 11652 07:46:47,400 --> 07:46:50,800 and the different types and how you can do one on your own 11653 07:46:50,800 --> 07:46:52,100 with your own system. 11654 07:46:56,700 --> 07:46:57,484 In early days 11655 07:46:57,484 --> 07:47:00,602 of Internet building websites were straightforward. 11656 07:47:00,602 --> 07:47:02,100 There was no JavaScript. 11657 07:47:02,100 --> 07:47:05,012 No back-end know CSS and very few images 11658 07:47:05,012 --> 07:47:07,700 but as web gained popularity the need 11659 07:47:07,700 --> 07:47:09,645 for more advanced technology 11660 07:47:09,645 --> 07:47:11,800 and dynamic websites group this 11661 07:47:11,800 --> 07:47:15,284 led to development of common Gateway interface or CGI 11662 07:47:15,284 --> 07:47:18,500 as we call it and server-side scripting languages 11663 07:47:18,500 --> 07:47:20,700 like ASP JavaScript PHP 11664 07:47:20,700 --> 07:47:25,508 and many others websites changed and started storing user input 11665 07:47:25,508 --> 07:47:26,800 and site content. 11666 07:47:26,811 --> 07:47:30,700 Databases each and every data field of a website is 11667 07:47:30,700 --> 07:47:34,400 like a gate to database for example in login form. 11668 07:47:34,400 --> 07:47:36,413 The user enters the login data 11669 07:47:36,413 --> 07:47:39,500 and search failed the user enters a search text 11670 07:47:39,500 --> 07:47:43,700 and in data saving form the user enters the data to be saved. 11671 07:47:43,800 --> 07:47:46,800 All this indicate data goes to database. 11672 07:47:46,800 --> 07:47:48,500 So instead of correct data, 11673 07:47:48,500 --> 07:47:52,264 if any malicious code is entered then there are possibilities 11674 07:47:52,264 --> 07:47:55,181 for some serious damage to happen to the database 11675 07:47:55,181 --> 07:47:56,700 and sometimes to the end. 11676 07:47:56,700 --> 07:48:00,467 Fire system and this is what SQL injection is all about. 11677 07:48:00,467 --> 07:48:03,718 I'm sure you've heard of SQL SQL query language 11678 07:48:03,718 --> 07:48:06,900 or SQL is a language which is designed to man, 11679 07:48:06,900 --> 07:48:09,590 you plate and manage data in a database 11680 07:48:09,590 --> 07:48:13,315 SQL injection attack is a type of cybersecurity attack 11681 07:48:13,315 --> 07:48:16,600 that targets these databases using specifically 11682 07:48:16,600 --> 07:48:19,600 crafted SQL statements to trick the systems 11683 07:48:19,600 --> 07:48:22,500 into doing unexpected and undesired things. 11684 07:48:22,500 --> 07:48:23,522 So by leveraging 11685 07:48:23,522 --> 07:48:26,400 an SQL injection vulnerability present in web. 11686 07:48:26,911 --> 07:48:27,800 Or the website 11687 07:48:27,800 --> 07:48:31,000 given the right circumstances an attacker can use it 11688 07:48:31,000 --> 07:48:34,304 to bypass web applications authentication details as 11689 07:48:34,304 --> 07:48:35,600 in if you have login 11690 07:48:35,600 --> 07:48:37,040 and password user can 11691 07:48:37,040 --> 07:48:39,555 or attacker can enter just the user ID. 11692 07:48:39,555 --> 07:48:42,600 Skip the password entry and get into the system 11693 07:48:42,600 --> 07:48:44,900 or it can sometimes retrieve the content 11694 07:48:44,900 --> 07:48:46,338 of an entire database. 11695 07:48:46,338 --> 07:48:50,090 He can also use SQL injection vulnerability to add modify 11696 07:48:50,090 --> 07:48:51,900 and sometime delete records 11697 07:48:51,900 --> 07:48:54,611 in a database affecting data Integrity 11698 07:48:54,611 --> 07:48:56,800 while using this vulnerability. 11699 07:48:56,800 --> 07:49:00,800 Attacker can do unimaginable things this exactly shows 11700 07:49:00,800 --> 07:49:03,300 how dangerous and SQL injection can be now. 11701 07:49:03,300 --> 07:49:06,711 Let's check out how a typical SQL injection is carried out. 11702 07:49:06,711 --> 07:49:09,700 Well, let's start with non-technical explanation guys. 11703 07:49:09,700 --> 07:49:11,288 Have a simple analogy here. 11704 07:49:11,288 --> 07:49:13,000 So first let's go through this. 11705 07:49:13,000 --> 07:49:15,100 Once you understand this you are easily able 11706 07:49:15,100 --> 07:49:18,100 to relate this with what SQL injection attack is. 11707 07:49:18,100 --> 07:49:19,700 So anyway first imagine 11708 07:49:19,700 --> 07:49:21,700 that you have a fully automated bus 11709 07:49:21,700 --> 07:49:22,998 that functions based 11710 07:49:22,998 --> 07:49:26,700 on the instructions given by human through a standard web. 11711 07:49:26,800 --> 07:49:29,500 Well that for might look something like this. 11712 07:49:29,500 --> 07:49:33,459 For example the for might say drive through the route 11713 07:49:33,459 --> 07:49:35,500 and where should the bus stop 11714 07:49:35,500 --> 07:49:38,500 if when should the bus stop this route and 11715 07:49:38,500 --> 07:49:40,887 where should the bus stop and this condition? 11716 07:49:40,887 --> 07:49:43,600 That's when should the bus stop or the user inputs. 11717 07:49:43,600 --> 07:49:46,000 This is where you will have to enter the input 11718 07:49:46,000 --> 07:49:49,000 into the form now after putting some data into the field. 11719 07:49:49,000 --> 07:49:51,700 It looks something like this drive through Route 11720 07:49:51,700 --> 07:49:54,400 77 and stop at the bus stop 11721 07:49:54,400 --> 07:49:56,700 if there are people at the bus stop. 11722 07:49:56,700 --> 07:49:58,700 Well, that looks simple enough, right? 11723 07:49:58,700 --> 07:50:00,500 So basically you're the human 11724 07:50:00,500 --> 07:50:03,200 or the person is trying to give 3 instruction 11725 07:50:03,200 --> 07:50:05,900 that is per should stop at Route 77. 11726 07:50:06,200 --> 07:50:07,700 It should stop at the bus stop 11727 07:50:07,700 --> 07:50:09,880 if there are people at the bus stop. 11728 07:50:09,880 --> 07:50:13,270 Well, that sounds harmless now imagine a scenario 11729 07:50:13,270 --> 07:50:16,193 where someone manages to send these instructions 11730 07:50:16,193 --> 07:50:17,500 which looks something 11731 07:50:17,500 --> 07:50:22,236 like this drive through Route 77 and do not stop at the bus stop 11732 07:50:22,236 --> 07:50:24,158 and ignore rest of the firm 11733 07:50:24,158 --> 07:50:26,651 if there are people at the bus stop. 11734 07:50:26,651 --> 07:50:29,500 And now since the bus is fully automated. 11735 07:50:29,500 --> 07:50:31,807 It does exactly as instructed. 11736 07:50:31,807 --> 07:50:35,000 It drives up Route 77 and does not stop 11737 07:50:35,000 --> 07:50:38,600 at any bus stop even when there are people waited 11738 07:50:38,600 --> 07:50:42,693 because the instruction says do not stop at the bus stop 11739 07:50:42,693 --> 07:50:44,900 and ignore the rest of the form. 11740 07:50:44,900 --> 07:50:46,244 So this part which is 11741 07:50:46,244 --> 07:50:49,200 if there are people at the bus stop is ignored 11742 07:50:49,200 --> 07:50:50,788 we were able to do this 11743 07:50:50,788 --> 07:50:52,617 because the query structure 11744 07:50:52,617 --> 07:50:55,900 and the supplied data are not separated properly 11745 07:50:55,900 --> 07:50:58,388 so that Automated bus does not differentiate 11746 07:50:58,388 --> 07:50:59,800 between the instructions 11747 07:50:59,800 --> 07:51:03,243 and the data it simply does anything that it is fed 11748 07:51:03,243 --> 07:51:07,100 with are asked to do well SQL injection attacks are based 11749 07:51:07,100 --> 07:51:09,033 on the same concept attackers 11750 07:51:09,033 --> 07:51:11,700 are able to inject malicious instructions 11751 07:51:11,700 --> 07:51:15,441 into good ones all of which are then sent to database server 11752 07:51:15,441 --> 07:51:16,900 through web application 11753 07:51:16,900 --> 07:51:20,105 and now the technical explanation and SQL injection 11754 07:51:20,105 --> 07:51:21,900 needs to conditions to exist 11755 07:51:21,900 --> 07:51:26,200 which is a relational database that uses SQL and a user. 11756 07:51:26,400 --> 07:51:29,660 And put which is directly used in an SQL query. 11757 07:51:29,660 --> 07:51:32,000 Let's say we have an SQL statement 11758 07:51:32,000 --> 07:51:33,733 a simple SQL statement. 11759 07:51:33,733 --> 07:51:36,900 This statement says select from table users 11760 07:51:36,900 --> 07:51:39,600 where username is so-and-so and password is so 11761 07:51:39,600 --> 07:51:42,300 and so basically you can think of it as a code 11762 07:51:42,300 --> 07:51:43,300 for a login form. 11763 07:51:43,300 --> 07:51:45,045 It's asking for the username 11764 07:51:45,045 --> 07:51:47,280 and the password this SQL statement 11765 07:51:47,280 --> 07:51:48,697 is passed to a function 11766 07:51:48,697 --> 07:51:51,630 that sends the entire string to Connected database 11767 07:51:51,630 --> 07:51:55,400 where it will be passed executed and returns a result at the end 11768 07:51:55,400 --> 07:51:57,867 if you have noticed First the statement contains 11769 07:51:57,867 --> 07:51:59,579 some special characters, right? 11770 07:51:59,579 --> 07:52:01,900 We have asked her to return all the columns 11771 07:52:01,900 --> 07:52:03,549 for selected database row 11772 07:52:03,549 --> 07:52:06,651 and then there is equals to only riddance values 11773 07:52:06,651 --> 07:52:08,500 that match the search string 11774 07:52:08,500 --> 07:52:11,038 and then we have single quote here 11775 07:52:11,038 --> 07:52:13,261 and here to tell the SQL database 11776 07:52:13,261 --> 07:52:15,900 where the search string starts or ends. 11777 07:52:15,900 --> 07:52:16,862 So for user you 11778 07:52:16,862 --> 07:52:20,248 have starting here and in here and for password here, 11779 07:52:20,248 --> 07:52:23,700 so basically a pair now consider the following example 11780 07:52:23,700 --> 07:52:28,100 in which a website user is able to change the Use of this user 11781 07:52:28,200 --> 07:52:31,000 and password such as n log in form. 11782 07:52:31,200 --> 07:52:34,365 So if the values are put into user and password, 11783 07:52:34,365 --> 07:52:36,587 it looks something like this select 11784 07:52:36,587 --> 07:52:37,672 from users table. 11785 07:52:37,672 --> 07:52:40,800 The user name is Dean and password as Winchester's 11786 07:52:40,800 --> 07:52:43,133 and the SQL statement is simple enough. 11787 07:52:43,133 --> 07:52:44,190 It's very direct. 11788 07:52:44,190 --> 07:52:47,900 So if there is a user called Dean with password Winchester's 11789 07:52:47,900 --> 07:52:49,221 then all the columns 11790 07:52:49,221 --> 07:52:51,800 of table users are extracted now suppose 11791 07:52:51,800 --> 07:52:55,700 if the input is not properly sanitized by the web application 11792 07:52:55,700 --> 07:52:59,900 the attacker Can easily insert some malicious SQL statement 11793 07:52:59,900 --> 07:53:02,715 like this the username might be Dean 11794 07:53:02,715 --> 07:53:04,100 or 1 is equal to 1 11795 07:53:04,100 --> 07:53:08,100 and then you have double hyphen followed by password is equal 11796 07:53:08,100 --> 07:53:12,094 to Winchester's so basically along with the data the user 11797 07:53:12,094 --> 07:53:14,372 or the attacker has tried to enter 11798 07:53:14,372 --> 07:53:18,100 a malicious SQL statement disguising it as a data here. 11799 07:53:18,100 --> 07:53:20,600 So guys, you need to notice two things here. 11800 07:53:20,600 --> 07:53:24,400 First one we have or 1 is equal to 1 it's a condition 11801 07:53:24,400 --> 07:53:26,518 that will always be true therefore. 11802 07:53:26,518 --> 07:53:29,279 It is accepted as a valid input by application. 11803 07:53:29,279 --> 07:53:31,800 For example, if Dean is not a valid user or 11804 07:53:31,800 --> 07:53:33,441 if there is no user called Dean 11805 07:53:33,441 --> 07:53:36,600 in the database application would consider the next value 11806 07:53:36,600 --> 07:53:37,900 because there is or in 11807 07:53:37,900 --> 07:53:40,400 between our next value is 1 is equal to 1 11808 07:53:40,400 --> 07:53:42,084 which always returns true. 11809 07:53:42,084 --> 07:53:46,100 So basically our input will be something like this Dean or true 11810 07:53:46,100 --> 07:53:49,600 and if there is no user called Dean the next input will be true 11811 07:53:49,600 --> 07:53:51,898 and it will be taken as an input value 11812 07:53:51,898 --> 07:53:53,700 and values will be displayed. 11813 07:53:53,700 --> 07:53:56,300 So the next part which has double - 11814 07:53:56,300 --> 07:53:58,400 I'm sure you know what double - 11815 07:53:58,400 --> 07:53:59,457 represents Droid. 11816 07:53:59,457 --> 07:54:02,932 Basically, it's commenting the next part of the SQL query. 11817 07:54:02,932 --> 07:54:04,700 So it instruct the SQL passer 11818 07:54:04,700 --> 07:54:06,900 that the rest of the line is a comment 11819 07:54:06,900 --> 07:54:08,600 and should not be executed. 11820 07:54:08,600 --> 07:54:11,800 So the part that's password part will be ignored. 11821 07:54:11,800 --> 07:54:14,600 So basically what we're trying to do is we're trying 11822 07:54:14,600 --> 07:54:17,070 to bypass the password authentication here. 11823 07:54:17,070 --> 07:54:19,964 So once the query executes the SQL injection effectively 11824 07:54:19,964 --> 07:54:22,100 removes the password verification resulting 11825 07:54:22,100 --> 07:54:24,700 in an authentication bypass by using double life, 11826 07:54:24,700 --> 07:54:26,600 and we're commenting rest of the comment. 11827 07:54:26,600 --> 07:54:28,600 And before that using one is equal to one 11828 07:54:28,600 --> 07:54:30,500 which is translated to true. 11829 07:54:30,500 --> 07:54:33,000 We are trying to enter the database without even 11830 07:54:33,000 --> 07:54:34,400 giving an invalid value. 11831 07:54:34,400 --> 07:54:37,100 So the application will most likely log the attacker in 11832 07:54:37,100 --> 07:54:39,300 with the first account from the query result. 11833 07:54:39,300 --> 07:54:41,800 And as you guys know most of the time the first account 11834 07:54:41,800 --> 07:54:42,667 in a database is 11835 07:54:42,667 --> 07:54:45,973 that if an administrative user so basically by doing nothing 11836 07:54:45,973 --> 07:54:48,258 or basically by giving some random data here 11837 07:54:48,258 --> 07:54:51,199 the attacker was able to extract the admin details, 11838 07:54:51,200 --> 07:54:52,938 it sounds very dangerous, right? 11839 07:54:52,938 --> 07:54:55,600 So that's all an SQL injection attack is all about 900782