Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,120 --> 00:00:06,420
Now, before we dive into the course content, I'd like to give you a teaser or a taste of what you'll
2
00:00:06,420 --> 00:00:08,610
be able to do by the end of the course.
3
00:00:09,600 --> 00:00:16,320
So this is going to be one example that's based on one topic that's covered in one subsection of the
4
00:00:16,320 --> 00:00:16,800
course.
5
00:00:17,700 --> 00:00:23,370
Now, because this is a teaser lecture, I'm not going to explain the technical aspect of how am I doing
6
00:00:23,370 --> 00:00:23,610
this?
7
00:00:23,820 --> 00:00:27,390
Because I'm going to teach you how to do this as you go through the course.
8
00:00:27,810 --> 00:00:30,690
For now, just sit back and enjoy this lecture.
9
00:00:31,020 --> 00:00:36,060
And after this lecture, we're going to dive into the course content where you learn how to do things
10
00:00:36,060 --> 00:00:38,010
like this and much, much more.
11
00:00:38,610 --> 00:00:44,130
So in this example, we're going to be hacking this Windows 11 computer from this hacking machine.
12
00:00:45,070 --> 00:00:49,570
And the first section of the course, I'm going to show you how to set up your hiking club, including
13
00:00:49,570 --> 00:00:52,090
this hiking machine and the target windows machine.
14
00:00:52,480 --> 00:00:57,970
But for now, what I want to do is I want to hike this computer from this hiking machine.
15
00:00:59,020 --> 00:01:02,290
Now, the attack that I'm going to show you right now and everything that I show you throughout the
16
00:01:02,290 --> 00:01:06,280
course works on Windows 11 and Windows ten and previous versions.
17
00:01:06,550 --> 00:01:09,640
But for now, I'm using Windows 11 because it's the latest.
18
00:01:10,420 --> 00:01:12,430
And the way that I'm going to hack that computer.
19
00:01:12,580 --> 00:01:15,730
Mainly, I'm going to be using a framework called beef.
20
00:01:16,330 --> 00:01:22,960
Beef is a browser exploitation framework that allows us to run a number of attacks against a target
21
00:01:22,960 --> 00:01:23,440
browser.
22
00:01:23,950 --> 00:01:30,160
Now, for us to be able to use beef, we have to inject beef code into the target's browser.
23
00:01:30,400 --> 00:01:36,610
So we have to actually inject beef code into the browser of the target computer, which happens to be
24
00:01:36,610 --> 00:01:37,840
Chrome in this example.
25
00:01:38,290 --> 00:01:45,250
Now we're going to use another program called Buttercup in order to inject beef hook code automatically
26
00:01:45,370 --> 00:01:46,960
into the target browser.
27
00:01:47,440 --> 00:01:52,180
So the target user will not even know that they clicked or did something suspicious.
28
00:01:52,570 --> 00:01:57,910
Now, I've already configured Buttercup to do that, so I'm simply just going to run it by giving it
29
00:01:57,910 --> 00:02:02,590
to my network interface and giving it a script that I'm calling here.
30
00:02:02,590 --> 00:02:08,860
Spoof the cup that will place me in the middle of the connections, allowing us allowing Buttercup to
31
00:02:08,860 --> 00:02:13,240
inject the hook code of beef into the browser off the target.
32
00:02:13,720 --> 00:02:17,800
Now I'm going to show you how to do this, how to use Buttercup and how to write this script yourself
33
00:02:18,010 --> 00:02:19,150
as we go through the course.
34
00:02:19,240 --> 00:02:21,400
So this is just a teaser for you to enjoy.
35
00:02:21,580 --> 00:02:23,590
Do not worry about the technicalities.
36
00:02:23,980 --> 00:02:25,340
So I'm going to simply run it.
37
00:02:25,600 --> 00:02:30,970
And now Buttercup is going to intercept all the data that will be sent and received from this computer.
38
00:02:31,390 --> 00:02:36,430
And the last step, I'm going to run a couplet that is called Steph's hijack couplet.
39
00:02:36,820 --> 00:02:43,990
This script will allow us to downgrade connections and inject Beef's code into the browser.
40
00:02:44,530 --> 00:02:48,250
Again, I'm going to show you how to write that script and use it later on in the course.
41
00:02:48,250 --> 00:02:50,080
So just watch it and enjoy.
42
00:02:50,410 --> 00:02:52,930
So I'm simply going to hit enter to run that.
43
00:02:52,960 --> 00:02:57,100
And as you can see, we get no errors, meaning that everything is running successfully.
44
00:02:57,670 --> 00:03:03,700
And I'm also in here, if you look at the top part of my terminal window, I'm actually listening for
45
00:03:03,700 --> 00:03:09,880
incoming connections because eventually the end goal is I want to be able to receive a connection from
46
00:03:09,880 --> 00:03:15,580
the target computer, from my backdoor so that I can control their computer and do anything I want on
47
00:03:15,580 --> 00:03:15,700
it.
48
00:03:16,030 --> 00:03:18,280
So right now, I'm listening for incoming connections.
49
00:03:18,280 --> 00:03:21,850
So when my attack is successful, I will get a connection in here.
50
00:03:23,380 --> 00:03:27,170
So let's go ahead to the target computer and simply run the browser.
51
00:03:27,190 --> 00:03:29,980
So we're assuming that this is the normal target user.
52
00:03:30,430 --> 00:03:31,240
On their browser.
53
00:03:31,390 --> 00:03:37,060
And for example, they go to Google Dot IEEE in order to just browse the Internet or search for something
54
00:03:37,060 --> 00:03:38,410
that is interesting to them.
55
00:03:39,250 --> 00:03:45,040
Now, when this happens, Buttercup is going to automatically inject the hook code for beef.
56
00:03:45,430 --> 00:03:50,200
And if we go to beef, you can see that now we have a new online browser.
57
00:03:50,470 --> 00:03:54,370
So right now, beef is connected to this browser right here.
58
00:03:54,370 --> 00:04:01,270
This browser is hooked to beef, and therefore we can click on it, get the detailed information about
59
00:04:01,270 --> 00:04:01,450
it.
60
00:04:01,930 --> 00:04:08,350
And if we click on the commands, we'll be able to run a large number of commands that'll allow us to
61
00:04:08,350 --> 00:04:10,480
do so much on that target.
62
00:04:11,230 --> 00:04:15,580
Now, we will go through all of that later on in the course, but the one that I want to show you right
63
00:04:15,580 --> 00:04:18,220
now is in the social engineering category.
64
00:04:18,400 --> 00:04:23,200
It basically shows a fake notification bar for Chrome browsers.
65
00:04:23,980 --> 00:04:28,270
So we're going to display a message saying Critical update.
66
00:04:28,810 --> 00:04:36,130
Click here to install and then we're going to give a link to my backdoor.
67
00:04:36,970 --> 00:04:40,390
So when the user clicks on that message, they will install a backdoor.
68
00:04:40,840 --> 00:04:45,500
Now I've already created that backdoor and hosted it on the web server of KDE.
69
00:04:45,520 --> 00:04:50,470
Again, I will show you how to use that web server and I'll show you how to create backdoors later on
70
00:04:50,470 --> 00:04:51,130
in the course.
71
00:04:51,160 --> 00:04:56,500
So for now, we're just executing and running information that we already know, just as a teaser.
72
00:04:57,660 --> 00:05:00,930
So I'm going to hit, execute and let's go to the target browser.
73
00:05:01,350 --> 00:05:06,990
And as you can see, we're getting a notification bar in here telling us that there is a critical update.
74
00:05:07,000 --> 00:05:08,130
Click here to install.
75
00:05:08,310 --> 00:05:10,770
Now, you could say that there's an update for Chrome or whatever.
76
00:05:10,770 --> 00:05:12,660
You can make this message more convincing.
77
00:05:13,350 --> 00:05:19,350
So if you click on install, you'll see that the file will get downloaded into my downloads just like
78
00:05:19,350 --> 00:05:20,250
any other file.
79
00:05:20,730 --> 00:05:24,340
And if I go to the downloads, let me show you what this file looks like.
80
00:05:26,460 --> 00:05:30,310
You will notice that the file has the right icon for the Chrome installer.
81
00:05:30,330 --> 00:05:33,210
So right here I actually have a clean Chrome installer.
82
00:05:33,240 --> 00:05:38,160
As you can see, I'm naming it clean and this is the one that actually contains a backdoor.
83
00:05:38,460 --> 00:05:40,590
So you can see the files look identical.
84
00:05:40,950 --> 00:05:43,590
But if I run the updates that we just downloaded.
85
00:05:45,170 --> 00:05:49,300
You will notice that you get this warning for running an executable.
86
00:05:49,310 --> 00:05:54,980
So we're going to run it for an unknown publisher and then it's actually going to let you install Chrome,
87
00:05:55,070 --> 00:05:55,850
as you can see.
88
00:05:55,850 --> 00:05:58,090
So it's a Google update set up.
89
00:05:58,370 --> 00:06:02,000
If you say yes, you'll actually get the normal installer for Chrome.
90
00:06:03,260 --> 00:06:09,590
But if we go to the High Commission in here and look at where I was listening for income and connections,
91
00:06:09,980 --> 00:06:14,240
you will notice that I actually got a connection from the Target Windows Machine.
92
00:06:14,840 --> 00:06:22,310
So now I hacked that computer and I can do anything that the normal user can do on their computer so
93
00:06:22,310 --> 00:06:23,930
I can access their file system.
94
00:06:24,110 --> 00:06:27,290
I can register every keystroke they type on their keyboard.
95
00:06:27,470 --> 00:06:28,790
I can listen to their music.
96
00:06:28,790 --> 00:06:30,110
I can turn on their keyboard.
97
00:06:30,230 --> 00:06:31,640
I can turn on their camera.
98
00:06:31,850 --> 00:06:34,520
I can do anything that they can do on their computer.
99
00:06:35,030 --> 00:06:42,860
And just as a quick example to show you how severe this is, I'm going to do a webcam list to list all
100
00:06:42,860 --> 00:06:45,080
of the webcams connected to this computer.
101
00:06:45,290 --> 00:06:47,420
And as you can see, we have only one webcam.
102
00:06:47,660 --> 00:06:50,390
So I'm going to do webcam stream.
103
00:06:50,870 --> 00:06:52,460
Number one, the first camera.
104
00:06:53,000 --> 00:06:57,230
And if I hit enter, we can see a live stream of the target person.
105
00:06:57,710 --> 00:07:00,890
Now, this is just one example of what you're going to learn in this course.
106
00:07:01,130 --> 00:07:04,340
And like I said, don't worry about the technical aspects.
107
00:07:04,370 --> 00:07:07,550
I've connected a number of attacks here in order to achieve this.
108
00:07:07,730 --> 00:07:13,370
But we're going to focus and cover every single piece of the puzzle that allowed us to do this.
109
00:07:13,550 --> 00:07:14,870
So don't worry about it at all.
110
00:07:14,960 --> 00:07:20,060
This is just a teaser to show you what you're going to be able to do by the end of the course.
11670
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.