Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,960 --> 00:00:04,790
Now let's do a full attack using Issaka.
2
00:00:05,190 --> 00:00:10,650
This attack will depend on intercepting traffic and changing the.
3
00:00:11,250 --> 00:00:13,020
And before showing you the attack.
4
00:00:13,020 --> 00:00:15,210
Let me show you a scenario.
5
00:00:15,630 --> 00:00:17,370
So this is my vector machine.
6
00:00:17,370 --> 00:00:20,960
It has a Windows 8 could be immobile it could be anything it has Windows 8.
7
00:00:21,420 --> 00:00:30,370
And notice that when I tried to go to a specific Web site and this actually work on any platform.
8
00:00:30,390 --> 00:00:31,190
So.
9
00:00:31,440 --> 00:00:38,760
So let's if I try to go to a Microsoft Web site Canute's type in Microsoft
10
00:00:44,120 --> 00:00:48,570
come.
11
00:00:48,710 --> 00:01:01,080
Oh sorry my go soft so come so we have internet connectivity.
12
00:01:01,080 --> 00:01:05,750
And when you type any website he's going to this Web site.
13
00:01:05,790 --> 00:01:09,660
And if we try to ping on Microsoft dot come let me show you.
14
00:01:09,660 --> 00:01:11,390
Microsoft IP.
15
00:01:12,420 --> 00:01:19,410
So if I try to ping on this Web site to see if we have a connectivity with it or not.
16
00:01:20,400 --> 00:01:31,840
My rule of thumb is pinging and so we have internet connectivity and this is the IP of Microsoft start
17
00:01:31,840 --> 00:01:33,010
two one zero.
18
00:01:33,420 --> 00:01:34,440
OK.
19
00:01:34,510 --> 00:01:42,810
Now getting back to our candy Linux machine now we can intercept the traffic but we need to intercept
20
00:01:42,810 --> 00:01:46,110
the traffic and whatever traffic will be intercepted it need to be modified.
21
00:01:46,440 --> 00:01:48,370
And I'm going to focus on DNS traffic.
22
00:01:48,390 --> 00:01:50,320
Now what is DNS exactly.
23
00:01:50,550 --> 00:01:54,840
DNS is a service that change from name to IP.
24
00:01:54,840 --> 00:02:02,040
I mean when you type Microsoft the router cannot understand that you have to translate that to Microsoft
25
00:02:02,040 --> 00:02:03,950
IP to be able to reach it.
26
00:02:03,960 --> 00:02:08,470
So what will happen if we poison's this IP if we change that right.
27
00:02:08,510 --> 00:02:12,160
Or is the correct Microsoft IP put a fake Microsoft Web site.
28
00:02:12,570 --> 00:02:22,320
Once the victim type Microsoft does come it will be translated to fake IP from Microsoft fake page and
29
00:02:22,320 --> 00:02:25,360
the user will be taken to this fake page.
30
00:02:26,100 --> 00:02:27,180
Let me show you how to do that.
31
00:02:27,180 --> 00:02:31,410
But before doing that the only things that need some effort is a cap set.
32
00:02:31,410 --> 00:02:35,790
If you need to apply those plug you need to do some modification.
33
00:02:35,880 --> 00:02:37,110
So lets take Genest.
34
00:02:37,110 --> 00:02:42,210
We're going to make a modification in DNS any DNS traffic it will be modified according to some rules
35
00:02:42,210 --> 00:02:43,990
that we can implement right now.
36
00:02:44,370 --> 00:02:54,300
So we need to go here into the it is so we go to other location and go to computer and go to ATC and
37
00:02:54,370 --> 00:03:00,090
it says it is a folder called Issaka where this folder has all the configuration files.
38
00:03:00,420 --> 00:03:05,740
So when you plan to implement some plug in some modification it'll be done according to the plan.
39
00:03:05,940 --> 00:03:11,740
And as you can see you have like four or five our files that we can change is called insur DNS.
40
00:03:11,760 --> 00:03:15,480
This is the file that we need to do some modification inside.
41
00:03:15,490 --> 00:03:21,270
Now you can change from here but actually it's confusing me because the font is too big and I don't
42
00:03:21,300 --> 00:03:23,060
spend time changing and so on.
43
00:03:23,220 --> 00:03:25,920
So I'm going to repeat the step from the command line.
44
00:03:26,230 --> 00:03:32,150
So I'm gonna open a terminal and you need to locate the file.
45
00:03:32,610 --> 00:03:37,040
So the file name is easier not the.
46
00:03:37,090 --> 00:03:42,220
And as and as you can see this is the location of the file.
47
00:03:42,270 --> 00:03:47,910
So I need to modify from the command line you can do from the UI I I'm just showing you different option
48
00:03:48,390 --> 00:03:49,220
now.
49
00:03:49,530 --> 00:03:51,590
And you put the footbaths.
50
00:03:51,860 --> 00:03:52,260
Sorry
51
00:03:59,360 --> 00:04:03,500
copy and paste.
52
00:04:03,830 --> 00:04:05,130
And he opens a fine.
53
00:04:05,210 --> 00:04:09,040
Now it's not it's and it's readable file.
54
00:04:09,040 --> 00:04:13,920
I mean you can read exactly what you need to change but let me brief you instead of let you search and
55
00:04:14,450 --> 00:04:18,310
you need to go to a place that doesn't have those hash specially.
56
00:04:18,350 --> 00:04:25,460
Or is it just one Microsoft that can or go through the record.
57
00:04:25,820 --> 00:04:31,970
So here is thank you whenever someone inside the network is going to Microsoft I usually translate that.
58
00:04:32,120 --> 00:04:36,250
Translate that to Microsoft IP and this is right.
59
00:04:36,250 --> 00:04:41,350
Microsoft IP or the start of Microsoft to come I mean it could be Microsoft.
60
00:04:41,360 --> 00:04:47,720
It could be portal of Microsoft the com or local or anything related to Microsoft syndicate to this
61
00:04:47,720 --> 00:04:49,250
IP or that.
62
00:04:49,250 --> 00:04:55,610
So what he's trying to say is that anyone is going to any Microsoft website or something related to
63
00:04:55,640 --> 00:04:59,120
Microsoft's website it's redirected to the regular Microsoft upset.
64
00:04:59,120 --> 00:05:05,810
Now what will happen if I change those IP and put another IP whoever to go to Microsoft to go to this
65
00:05:05,810 --> 00:05:06,420
IP.
66
00:05:06,770 --> 00:05:11,930
What if I change that and it put Facebook and I put fake Facebook page it will do the same.
67
00:05:12,230 --> 00:05:14,160
Or Twitter or so on.
68
00:05:14,210 --> 00:05:18,140
So it's not about Microsoft website it's about the concept.
69
00:05:18,170 --> 00:05:23,780
So if this work you can change just Microsoft that come and put a fake Microsoft to page and the user
70
00:05:23,780 --> 00:05:25,990
will never feel that he went to a fake page.
71
00:05:26,300 --> 00:05:29,340
So let's see what I'm going to do right now as a proof of concept.
72
00:05:29,360 --> 00:05:34,330
I'm going to whoever go to Microsoft would be directed to google for it.
73
00:05:34,580 --> 00:05:39,960
So I need to open another terminal because I need to get Google IP.
74
00:05:40,100 --> 00:05:43,760
So let's type ping.
75
00:05:45,670 --> 00:05:56,360
W w w Google dot com and you'll see that the.
76
00:05:56,450 --> 00:05:57,120
OK.
77
00:05:57,260 --> 00:06:08,070
Control-C This is the Google ipe 0 8 1 1 7 2 3 1 1 8 7 excellence so I'm going to copy that.
78
00:06:10,640 --> 00:06:11,220
Copy.
79
00:06:11,510 --> 00:06:18,440
And I'm going to go here and we're going to change the IP and put the Google IP
80
00:06:25,800 --> 00:06:27,700
is and then
81
00:06:34,310 --> 00:06:35,860
beast and then
82
00:06:39,390 --> 00:06:44,430
last one and based.
83
00:06:45,040 --> 00:06:46,210
And we are set to go.
84
00:06:46,270 --> 00:06:48,040
So I need to save this file.
85
00:06:48,160 --> 00:06:53,080
So I'm going to click on control X and click on yes.
86
00:06:53,110 --> 00:07:07,950
And now let's run Essar cap minus get algae and let's do the sense that the user care minus the G.
87
00:07:09,310 --> 00:07:15,460
And let's follow the previous the step from the previous lecture with where I need to go to sniff and
88
00:07:15,460 --> 00:07:20,710
choose the first one to identify which network I'm going to sniff the wire and wireless.
89
00:07:20,710 --> 00:07:25,630
Then go to host and scan for host scan for host.
90
00:07:25,810 --> 00:07:31,060
And sometimes you may need to do scan more than one time because you know he's not detecting all the
91
00:07:31,060 --> 00:07:32,460
machine from the first time.
92
00:07:32,770 --> 00:07:33,930
So it's better to do it twice.
93
00:07:33,940 --> 00:07:37,260
But anyway I'm going to do it right one more time.
94
00:07:37,270 --> 00:07:38,900
Scan for host.
95
00:07:39,280 --> 00:07:41,940
And it seems that he finds five holes.
96
00:07:41,950 --> 00:07:44,760
I know that there are five or six here.
97
00:07:44,920 --> 00:07:50,200
And second step Z by doing more than one scan you get more machines so you have to repeat a couple of
98
00:07:50,200 --> 00:07:55,390
times then go to host and go to a host test.
99
00:07:56,230 --> 00:07:58,690
And as I told you need to identify it that way.
100
00:07:58,690 --> 00:08:01,400
This is my gateway as target one.
101
00:08:01,600 --> 00:08:09,780
And then I can identify is when the computer started to or I can keep all the machine to be DNS posing.
102
00:08:09,850 --> 00:08:17,250
So I'm going to keep the remaining of the machine and then we'll go to MTM.
103
00:08:17,380 --> 00:08:23,940
Now before going to Antium or before going to start sniffing we need to go to plug ins and Mohnish plug
104
00:08:23,940 --> 00:08:31,510
ins and activate the Genesis poof which is the files that we did the modification in a few seconds ago.
105
00:08:31,690 --> 00:08:37,210
So by clicking here and make sure you have a sign besides this plug in Jesmyn any traffic that will
106
00:08:37,210 --> 00:08:43,580
be intercepted by this bicycle and Linux machine it will apply is the content of this file on it.
107
00:08:43,600 --> 00:08:50,260
So I need to make sure that this one is active then going back to mennes amental are poisoning and choose
108
00:08:50,260 --> 00:08:58,460
the first one sniffer remote connection and click on OK and then start and start sniffing.
109
00:08:58,780 --> 00:09:00,650
And let's see if it going to work or not.
110
00:09:01,060 --> 00:09:09,460
So going to my Windows 8 machine you remember a few seconds ago you were pinging on Microsoft and we
111
00:09:09,460 --> 00:09:14,080
are getting a reply from Microsoft server and those are the Microsoft server IP right.
112
00:09:14,110 --> 00:09:24,370
Let's think one more time on Microsoft see we are getting a reply from the IPs that we added to the
113
00:09:24,710 --> 00:09:32,100
fine or not is or that is fine let's say to go to Microsoft to come refresh the page
114
00:09:36,810 --> 00:09:40,410
sketch so we get too close and open it one more time.
115
00:09:48,210 --> 00:09:52,290
My crew so the
116
00:09:56,560 --> 00:10:00,090
Nagios you can see it has been redirected to Google.
117
00:10:00,100 --> 00:10:05,960
But the amazing part that this still you are and has Microsoft.
118
00:10:06,910 --> 00:10:13,510
So according to that if it's not about Microsoft and Google if you change the website from Microsoft
119
00:10:13,630 --> 00:10:21,920
to Twitter or Facebook or any other Web sites that need credential and then redirect those request to
120
00:10:22,060 --> 00:10:32,590
Facebook pages that look like exactly like those pages user will never or a victim will never feel that
121
00:10:32,770 --> 00:10:37,800
it has been redirected besides creating a fake Web site.
122
00:10:37,810 --> 00:10:43,330
It's quite easy in the hacking and droite section we're going to take a tool called social engineering
123
00:10:43,390 --> 00:10:48,800
toolkit that is used for doing that in a few steps.
124
00:10:48,850 --> 00:10:55,390
So it's not that hard to create a fake Web site and to activate a web server on your colonics and to
125
00:10:55,390 --> 00:10:56,500
redirect the traffic.
126
00:10:56,710 --> 00:11:01,970
So keep in mind this attack and then later on you're going to see how to as you said this attack with
127
00:11:01,990 --> 00:11:08,260
another attack that we'll be taking in social engineering toolkit in Xandros section.
12606
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.