Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,120 --> 00:00:06,420 ‫Now, before we dive into the course content, I'd like to give you a teaser or a taste of what you'll 2 00:00:06,420 --> 00:00:08,610 ‫be able to do by the end of the course. 3 00:00:09,600 --> 00:00:16,320 ‫So this is going to be one example that's based on one topic that's covered in one subsection of the 4 00:00:16,320 --> 00:00:16,800 ‫course. 5 00:00:17,700 --> 00:00:23,370 ‫Now, because this is a teaser lecture, I'm not going to explain the technical aspect of how am I doing 6 00:00:23,370 --> 00:00:23,610 ‫this? 7 00:00:23,820 --> 00:00:27,390 ‫Because I'm going to teach you how to do this as you go through the course. 8 00:00:27,810 --> 00:00:30,690 ‫For now, just sit back and enjoy this lecture. 9 00:00:31,020 --> 00:00:36,060 ‫And after this lecture, we're going to dive into the course content where you learn how to do things 10 00:00:36,060 --> 00:00:38,010 ‫like this and much, much more. 11 00:00:38,610 --> 00:00:44,130 ‫So in this example, we're going to be hacking this Windows 11 computer from this hacking machine. 12 00:00:45,070 --> 00:00:49,570 ‫And the first section of the course, I'm going to show you how to set up your hiking club, including 13 00:00:49,570 --> 00:00:52,090 ‫this hiking machine and the target windows machine. 14 00:00:52,480 --> 00:00:57,970 ‫But for now, what I want to do is I want to hike this computer from this hiking machine. 15 00:00:59,020 --> 00:01:02,290 ‫Now, the attack that I'm going to show you right now and everything that I show you throughout the 16 00:01:02,290 --> 00:01:06,280 ‫course works on Windows 11 and Windows ten and previous versions. 17 00:01:06,550 --> 00:01:09,640 ‫But for now, I'm using Windows 11 because it's the latest. 18 00:01:10,420 --> 00:01:12,430 ‫And the way that I'm going to hack that computer. 19 00:01:12,580 --> 00:01:15,730 ‫Mainly, I'm going to be using a framework called beef. 20 00:01:16,330 --> 00:01:22,960 ‫Beef is a browser exploitation framework that allows us to run a number of attacks against a target 21 00:01:22,960 --> 00:01:23,440 ‫browser. 22 00:01:23,950 --> 00:01:30,160 ‫Now, for us to be able to use beef, we have to inject beef code into the target's browser. 23 00:01:30,400 --> 00:01:36,610 ‫So we have to actually inject beef code into the browser of the target computer, which happens to be 24 00:01:36,610 --> 00:01:37,840 ‫Chrome in this example. 25 00:01:38,290 --> 00:01:45,250 ‫Now we're going to use another program called Buttercup in order to inject beef hook code automatically 26 00:01:45,370 --> 00:01:46,960 ‫into the target browser. 27 00:01:47,440 --> 00:01:52,180 ‫So the target user will not even know that they clicked or did something suspicious. 28 00:01:52,570 --> 00:01:57,910 ‫Now, I've already configured Buttercup to do that, so I'm simply just going to run it by giving it 29 00:01:57,910 --> 00:02:02,590 ‫to my network interface and giving it a script that I'm calling here. 30 00:02:02,590 --> 00:02:08,860 ‫Spoof the cup that will place me in the middle of the connections, allowing us allowing Buttercup to 31 00:02:08,860 --> 00:02:13,240 ‫inject the hook code of beef into the browser off the target. 32 00:02:13,720 --> 00:02:17,800 ‫Now I'm going to show you how to do this, how to use Buttercup and how to write this script yourself 33 00:02:18,010 --> 00:02:19,150 ‫as we go through the course. 34 00:02:19,240 --> 00:02:21,400 ‫So this is just a teaser for you to enjoy. 35 00:02:21,580 --> 00:02:23,590 ‫Do not worry about the technicalities. 36 00:02:23,980 --> 00:02:25,340 ‫So I'm going to simply run it. 37 00:02:25,600 --> 00:02:30,970 ‫And now Buttercup is going to intercept all the data that will be sent and received from this computer. 38 00:02:31,390 --> 00:02:36,430 ‫And the last step, I'm going to run a couplet that is called Steph's hijack couplet. 39 00:02:36,820 --> 00:02:43,990 ‫This script will allow us to downgrade connections and inject Beef's code into the browser. 40 00:02:44,530 --> 00:02:48,250 ‫Again, I'm going to show you how to write that script and use it later on in the course. 41 00:02:48,250 --> 00:02:50,080 ‫So just watch it and enjoy. 42 00:02:50,410 --> 00:02:52,930 ‫So I'm simply going to hit enter to run that. 43 00:02:52,960 --> 00:02:57,100 ‫And as you can see, we get no errors, meaning that everything is running successfully. 44 00:02:57,670 --> 00:03:03,700 ‫And I'm also in here, if you look at the top part of my terminal window, I'm actually listening for 45 00:03:03,700 --> 00:03:09,880 ‫incoming connections because eventually the end goal is I want to be able to receive a connection from 46 00:03:09,880 --> 00:03:15,580 ‫the target computer, from my backdoor so that I can control their computer and do anything I want on 47 00:03:15,580 --> 00:03:15,700 ‫it. 48 00:03:16,030 --> 00:03:18,280 ‫So right now, I'm listening for incoming connections. 49 00:03:18,280 --> 00:03:21,850 ‫So when my attack is successful, I will get a connection in here. 50 00:03:23,380 --> 00:03:27,170 ‫So let's go ahead to the target computer and simply run the browser. 51 00:03:27,190 --> 00:03:29,980 ‫So we're assuming that this is the normal target user. 52 00:03:30,430 --> 00:03:31,240 ‫On their browser. 53 00:03:31,390 --> 00:03:37,060 ‫And for example, they go to Google Dot IEEE in order to just browse the Internet or search for something 54 00:03:37,060 --> 00:03:38,410 ‫that is interesting to them. 55 00:03:39,250 --> 00:03:45,040 ‫Now, when this happens, Buttercup is going to automatically inject the hook code for beef. 56 00:03:45,430 --> 00:03:50,200 ‫And if we go to beef, you can see that now we have a new online browser. 57 00:03:50,470 --> 00:03:54,370 ‫So right now, beef is connected to this browser right here. 58 00:03:54,370 --> 00:04:01,270 ‫This browser is hooked to beef, and therefore we can click on it, get the detailed information about 59 00:04:01,270 --> 00:04:01,450 ‫it. 60 00:04:01,930 --> 00:04:08,350 ‫And if we click on the commands, we'll be able to run a large number of commands that'll allow us to 61 00:04:08,350 --> 00:04:10,480 ‫do so much on that target. 62 00:04:11,230 --> 00:04:15,580 ‫Now, we will go through all of that later on in the course, but the one that I want to show you right 63 00:04:15,580 --> 00:04:18,220 ‫now is in the social engineering category. 64 00:04:18,400 --> 00:04:23,200 ‫It basically shows a fake notification bar for Chrome browsers. 65 00:04:23,980 --> 00:04:28,270 ‫So we're going to display a message saying Critical update. 66 00:04:28,810 --> 00:04:36,130 ‫Click here to install and then we're going to give a link to my backdoor. 67 00:04:36,970 --> 00:04:40,390 ‫So when the user clicks on that message, they will install a backdoor. 68 00:04:40,840 --> 00:04:45,500 ‫Now I've already created that backdoor and hosted it on the web server of KDE. 69 00:04:45,520 --> 00:04:50,470 ‫Again, I will show you how to use that web server and I'll show you how to create backdoors later on 70 00:04:50,470 --> 00:04:51,130 ‫in the course. 71 00:04:51,160 --> 00:04:56,500 ‫So for now, we're just executing and running information that we already know, just as a teaser. 72 00:04:57,660 --> 00:05:00,930 ‫So I'm going to hit, execute and let's go to the target browser. 73 00:05:01,350 --> 00:05:06,990 ‫And as you can see, we're getting a notification bar in here telling us that there is a critical update. 74 00:05:07,000 --> 00:05:08,130 ‫Click here to install. 75 00:05:08,310 --> 00:05:10,770 ‫Now, you could say that there's an update for Chrome or whatever. 76 00:05:10,770 --> 00:05:12,660 ‫You can make this message more convincing. 77 00:05:13,350 --> 00:05:19,350 ‫So if you click on install, you'll see that the file will get downloaded into my downloads just like 78 00:05:19,350 --> 00:05:20,250 ‫any other file. 79 00:05:20,730 --> 00:05:24,340 ‫And if I go to the downloads, let me show you what this file looks like. 80 00:05:26,460 --> 00:05:30,310 ‫You will notice that the file has the right icon for the Chrome installer. 81 00:05:30,330 --> 00:05:33,210 ‫So right here I actually have a clean Chrome installer. 82 00:05:33,240 --> 00:05:38,160 ‫As you can see, I'm naming it clean and this is the one that actually contains a backdoor. 83 00:05:38,460 --> 00:05:40,590 ‫So you can see the files look identical. 84 00:05:40,950 --> 00:05:43,590 ‫But if I run the updates that we just downloaded. 85 00:05:45,170 --> 00:05:49,300 ‫You will notice that you get this warning for running an executable. 86 00:05:49,310 --> 00:05:54,980 ‫So we're going to run it for an unknown publisher and then it's actually going to let you install Chrome, 87 00:05:55,070 --> 00:05:55,850 ‫as you can see. 88 00:05:55,850 --> 00:05:58,090 ‫So it's a Google update set up. 89 00:05:58,370 --> 00:06:02,000 ‫If you say yes, you'll actually get the normal installer for Chrome. 90 00:06:03,260 --> 00:06:09,590 ‫But if we go to the High Commission in here and look at where I was listening for income and connections, 91 00:06:09,980 --> 00:06:14,240 ‫you will notice that I actually got a connection from the Target Windows Machine. 92 00:06:14,840 --> 00:06:22,310 ‫So now I hacked that computer and I can do anything that the normal user can do on their computer so 93 00:06:22,310 --> 00:06:23,930 ‫I can access their file system. 94 00:06:24,110 --> 00:06:27,290 ‫I can register every keystroke they type on their keyboard. 95 00:06:27,470 --> 00:06:28,790 ‫I can listen to their music. 96 00:06:28,790 --> 00:06:30,110 ‫I can turn on their keyboard. 97 00:06:30,230 --> 00:06:31,640 ‫I can turn on their camera. 98 00:06:31,850 --> 00:06:34,520 ‫I can do anything that they can do on their computer. 99 00:06:35,030 --> 00:06:42,860 ‫And just as a quick example to show you how severe this is, I'm going to do a webcam list to list all 100 00:06:42,860 --> 00:06:45,080 ‫of the webcams connected to this computer. 101 00:06:45,290 --> 00:06:47,420 ‫And as you can see, we have only one webcam. 102 00:06:47,660 --> 00:06:50,390 ‫So I'm going to do webcam stream. 103 00:06:50,870 --> 00:06:52,460 ‫Number one, the first camera. 104 00:06:53,000 --> 00:06:57,230 ‫And if I hit enter, we can see a live stream of the target person. 105 00:06:57,710 --> 00:07:00,890 ‫Now, this is just one example of what you're going to learn in this course. 106 00:07:01,130 --> 00:07:04,340 ‫And like I said, don't worry about the technical aspects. 107 00:07:04,370 --> 00:07:07,550 ‫I've connected a number of attacks here in order to achieve this. 108 00:07:07,730 --> 00:07:13,370 ‫But we're going to focus and cover every single piece of the puzzle that allowed us to do this. 109 00:07:13,550 --> 00:07:14,870 ‫So don't worry about it at all. 110 00:07:14,960 --> 00:07:20,060 ‫This is just a teaser to show you what you're going to be able to do by the end of the course. 11670