Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,140 --> 00:00:10,200 Now let's see how to set practically how to do a remote attack on any device could be a computer it 2 00:00:10,200 --> 00:00:18,600 could be a smartphone but how can we do the same attack that we explained earlier remotely. 3 00:00:18,900 --> 00:00:26,950 As I explained in the previous lecture you have first to forwarned support and I went through that on 4 00:00:26,970 --> 00:00:32,460 the previous lecture and show you how to go in your router to the port for rorting. 5 00:00:32,460 --> 00:00:38,220 It could be different interface but definitely you will find something called the port forwarding and 6 00:00:38,220 --> 00:00:40,690 you can do it on the scene where it is right now. 7 00:00:40,710 --> 00:00:50,460 I did forward all the traffic coming from outside to my router through port that target port 44 or 80 8 00:00:50,460 --> 00:01:02,450 or 443 to the computer 1 9 2 and 6 8 1 0 1 1 0 7 which is my next machine if I go to the clinics and 9 00:01:02,450 --> 00:01:14,450 i search I'm sorry and I check the IP you'll see that the local IP it's 1 7 and depend on the tags that 10 00:01:14,450 --> 00:01:22,010 you want to implement you can add here any IPU or any port so you can say OK I want any traffic coming 11 00:01:22,010 --> 00:01:27,170 from outside targeting for instance 4 5 5 5 5 12 00:01:30,270 --> 00:01:37,370 till port 5 5 5 5 and you give it any name and you add it and it will be added here as well. 13 00:01:37,370 --> 00:01:43,850 So what I'm seeing here is that I'm configuring for my router that any traffic coming to this router 14 00:01:44,540 --> 00:01:46,430 and target specific port. 15 00:01:46,430 --> 00:01:52,520 It will be directed to a specific computer and according to that if I do an attack in my county the 16 00:01:52,520 --> 00:02:00,650 next machine that accepts connection port 80 or four 4C as I'm going to show you right now and the victim 17 00:02:00,680 --> 00:02:02,150 from outside my network. 18 00:02:02,150 --> 00:02:08,190 Click on the link and the traffic is going to my the next machine it reaches the routers router or leader 19 00:02:08,330 --> 00:02:15,220 redirected to my Canon Linux machine and I will accept my connection on my feelings. 20 00:02:15,500 --> 00:02:18,610 Even if I have more machine behind than it will. 21 00:02:18,760 --> 00:02:24,500 I have other machines that have as an IP and the tablet and smartphone but not the traffic would be 22 00:02:24,500 --> 00:02:27,610 redirected from my router to my specific condition. 23 00:02:28,160 --> 00:02:29,350 And same concept apply. 24 00:02:29,360 --> 00:02:36,050 I mean if I have one computer inside my local network that has an IP server and I need people to connect 25 00:02:36,050 --> 00:02:42,030 whenever they connect remotely to my network they will connect to this specific computer in mine and 26 00:02:42,410 --> 00:02:45,660 I can forward the traffic to port 21 to this computer. 27 00:02:45,950 --> 00:02:51,470 So the concept of play on menacing now to test the settings that I did. 28 00:02:51,530 --> 00:02:59,420 I can go from any machine including Linux or any machine and I can type or scan and I can use a map 29 00:02:59,420 --> 00:03:06,650 which already explain mine a small scepters and we can put the IP of the router. 30 00:03:06,800 --> 00:03:08,560 How can I get the IP of the router. 31 00:03:08,750 --> 00:03:14,090 If you go to what is my IP that can it will show you the public IPs that you have. 32 00:03:14,210 --> 00:03:20,990 And this would be the IPs that will be sent to the victim so we can copy that and we can put it here 33 00:03:21,800 --> 00:03:22,850 based. 34 00:03:23,150 --> 00:03:25,250 And let's see. 35 00:03:25,250 --> 00:03:31,650 We should find all support that we full route has been opened put it put for for sleep and for for for. 36 00:03:31,820 --> 00:03:36,030 And if we had more pooled it would be open on the router as well because it will accept traffic to this 37 00:03:36,050 --> 00:03:40,420 port and forwards this port to the specific machine. 38 00:03:40,640 --> 00:03:43,660 Now let's test this attack. 39 00:03:43,710 --> 00:03:46,340 What I'm going to do I will go for instance. 40 00:03:46,440 --> 00:03:47,970 Now for the attack. 41 00:03:47,970 --> 00:03:53,220 I don't need to go through that text one more time you can do the same exact text that we explain during 42 00:03:53,220 --> 00:03:58,680 the course except instead of sending a private IP as we used to do. 43 00:03:58,740 --> 00:04:03,360 You're going to send to the victims of public I.D. and we will not send it this way because it's very 44 00:04:03,360 --> 00:04:06,580 easy to discover at the center that we're going to do some manipulation. 45 00:04:06,750 --> 00:04:15,510 But my point is we going to use a public IP which is an 86 97 certified 1:46 this would be IP to be 46 00:04:15,510 --> 00:04:22,410 sent to the victim so it will allow according to the port forwarding it will connect to our Kenyan Linux 47 00:04:22,410 --> 00:04:22,990 machine. 48 00:04:23,220 --> 00:04:29,720 So let me go to exploitation too and I'm going to say that just as a proof of concept. 49 00:04:29,990 --> 00:04:30,600 OK. 50 00:04:30,720 --> 00:04:33,130 And from certain chooser. 51 00:04:33,510 --> 00:04:37,640 Let's take for instance social engineering at Tech. 52 00:04:37,670 --> 00:04:43,160 And let's take a website site that we went through that before going to just follow the steps. 53 00:04:43,170 --> 00:04:49,880 The only change we're going to meet is to change the support as IP from private IP to a public IP. 54 00:04:49,890 --> 00:04:57,020 So ultimately for us in Java applet attack and we're going to use the word template and I will not repeat 55 00:04:57,260 --> 00:04:59,930 the steps because this attack has been already explained. 56 00:05:00,080 --> 00:05:04,390 Now notice Steve that is asking me Are you using a port forwarding. 57 00:05:04,430 --> 00:05:05,790 Yes. 58 00:05:05,810 --> 00:05:09,780 In my router I did configure the port for someone that could type here. 59 00:05:09,830 --> 00:05:10,110 Yes 60 00:05:13,860 --> 00:05:18,360 let me just move the screen so it would not confuse us or even close it. 61 00:05:21,370 --> 00:05:25,860 And he needs the IP address to be Hypatia's and set up server. 62 00:05:25,900 --> 00:05:27,940 This could be an external IP. 63 00:05:27,950 --> 00:05:32,500 So now what I'm going to do I would not as a private IP I'm going as a public idea so I'm going to copy 64 00:05:32,500 --> 00:05:39,050 this IP and this would be the IP to be sent to the victim. 65 00:05:39,360 --> 00:05:48,620 No if a payload is on a different machine and here you know I'm not explaining that because this has 66 00:05:48,620 --> 00:05:53,710 been already explained trusting on just two of them just going through the steps as a proof of concept 67 00:05:54,460 --> 00:06:01,870 and he's creating a website that includes a payload so I'm going to choose for instance number two because 68 00:06:01,870 --> 00:06:10,580 number two it allows the victim to connect to us and we going to choose number one and which port support 69 00:06:10,730 --> 00:06:11,530 that I'm going to choose. 70 00:06:11,530 --> 00:06:16,960 I have to make sure that on my router it has been forward to my call in the next machine. 71 00:06:16,990 --> 00:06:23,650 So I'm going to keep the full for three and actually this was why I requested to forward the traffic 72 00:06:23,650 --> 00:06:31,310 to see my daughter and we get to choose 6 I'm finished. 73 00:06:31,490 --> 00:06:38,100 And he's doing the payload right now according to that if everything went well. 74 00:06:38,770 --> 00:06:44,920 If I open once he finish and he told me that the payload is ready if I go to any computer on a different 75 00:06:44,920 --> 00:06:53,440 network and put the public IP I should be connected to my colleague Linux machine and we are going to 76 00:06:53,440 --> 00:06:54,740 see that in a few seconds. 77 00:06:58,680 --> 00:07:05,540 So while you know exactly I believe you know he's preparing a pillow. 78 00:07:05,540 --> 00:07:09,080 But my point is. 79 00:07:09,500 --> 00:07:13,550 Let's exert here and let's go to any machine. 80 00:07:13,700 --> 00:07:16,850 I don't have any other network but I'm going to try it for him. 81 00:07:17,270 --> 00:07:19,930 As you can see this is my public IP right. 82 00:07:19,940 --> 00:07:22,310 I use them a few seconds ago. 83 00:07:22,340 --> 00:07:27,930 I put it inside the browser and nothing will show up let me know right to type. 84 00:07:27,950 --> 00:07:36,000 H t t d s and Z IP. 85 00:07:36,170 --> 00:07:38,180 And let's see what will happen. 86 00:07:38,390 --> 00:07:41,540 Now you can see that he's establishing a connection. 87 00:07:41,710 --> 00:07:43,040 OK. 88 00:07:44,600 --> 00:07:46,490 So he is taking full time. 89 00:07:46,540 --> 00:07:47,950 Let's see him clinics. 90 00:07:48,120 --> 00:07:54,820 Is he accepting anything or any connection is going to be established. 91 00:07:54,850 --> 00:07:55,720 Not yet. 92 00:08:00,460 --> 00:08:03,530 Just a few seconds until you get to page. 93 00:08:03,640 --> 00:08:11,740 Now there's a point here what I'm trying to say is that I'm using now the public IP and it's connected 94 00:08:11,740 --> 00:08:13,440 to my local computer. 95 00:08:13,510 --> 00:08:20,640 It will take a few seconds but if you do that from a different place using any device you can do that 96 00:08:20,640 --> 00:08:23,300 from a smartphone from a computer as a victim. 97 00:08:23,300 --> 00:08:27,860 A victim can connect through a smartphone through a computer is not the case. 98 00:08:28,110 --> 00:08:32,810 All the attacks that we already explained can be repeated one more time. 99 00:08:33,210 --> 00:08:35,700 But using the public IP and 100 00:08:39,880 --> 00:08:45,540 configuring support for the is this may take a few seconds. 101 00:08:47,300 --> 00:08:59,400 Let me was just two Wait onto the swinish. 102 00:08:59,870 --> 00:09:01,280 It's taking too much time. 103 00:09:01,280 --> 00:09:06,650 So what I'm going to do I'm going to try from my smartphone to log to the same website and I'm going 104 00:09:06,650 --> 00:09:08,510 to see here what can happen. 105 00:09:08,510 --> 00:09:17,360 So from my smartphone I'm going to the browser and I'm going to type the same IP and I want you to watch 106 00:09:17,360 --> 00:09:23,620 what will happen on screen if you're going to do a connection or 107 00:09:27,100 --> 00:09:35,890 just need to make sure that it's teaching yes because it should connect to port for falsely why if what 108 00:09:35,890 --> 00:09:42,080 we are doing is that we configured HTP it should work comport. 109 00:09:42,100 --> 00:09:47,610 See now my smartphone has been compromised. 110 00:09:48,630 --> 00:09:57,950 Locally and even this is the IP from the smartphone it's a public IP and I'm compromising the smartphone 111 00:09:58,640 --> 00:10:02,070 from my public from outside. 112 00:10:02,360 --> 00:10:04,780 So it's not about this specific attack. 113 00:10:04,790 --> 00:10:13,900 My objective of this lecture is to show you how can we do the same attack that we explained earlier 114 00:10:14,410 --> 00:10:16,630 but remotely. 115 00:10:16,630 --> 00:10:19,950 And the point here was the port forwarding. 116 00:10:20,020 --> 00:10:26,350 I mean you want to just need to make sure that you understood exactly what is port forwarding just the 117 00:10:26,350 --> 00:10:27,360 sitting senator. 118 00:10:27,360 --> 00:10:32,250 Now if you if you do that you can repeat all the attacks one more time remotely. 119 00:10:32,270 --> 00:10:37,820 But please do not do that in an unprofessional way. 120 00:10:38,240 --> 00:10:43,760 So you can do it you can have two different networks right from a day to another but to not misuse. 121 00:10:45,210 --> 00:10:50,960 I already went through that through the disclaimer at the beginning but I'm repeating myself. 122 00:10:51,280 --> 00:10:59,150 Finally one point Romanek which is I can not see into the victim so I pee this way because this is like 123 00:10:59,160 --> 00:11:08,290 an evidence he can do some search and know from where the IP is coming and it's it's not the right way. 124 00:11:08,340 --> 00:11:10,700 You already explained how to shorten Zipes. 125 00:11:10,710 --> 00:11:16,250 If you remember there is some website you give SSMS IP it will give you a name but during the next election 126 00:11:16,250 --> 00:11:19,780 I'm going to show you how that it's done in a professional way. 127 00:11:21,020 --> 00:11:28,700 Using some of the dynamic DNS Web sites you register in some web site and they will give you a name 128 00:11:28,700 --> 00:11:31,820 instead of IP and you send two people name and said the state of IP. 13513