Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:06,800 --> 00:00:08,770 Hi guys, my name is Aarya and I'm going 2 00:00:08,770 --> 00:00:11,000 to be your instructor for this course today. 3 00:00:11,000 --> 00:00:13,327 So in this Ethical Hacking full course video, 4 00:00:13,327 --> 00:00:15,971 we'll be learning almost everything that is required 5 00:00:15,971 --> 00:00:18,200 for you to get started as an Ethical Hacker. 6 00:00:18,200 --> 00:00:20,156 So come let's quickly go over the topics 7 00:00:20,156 --> 00:00:22,399 that we are going to be covering today firstly. 8 00:00:22,399 --> 00:00:25,100 We're going to be going to the basics of cyber security 9 00:00:25,100 --> 00:00:25,972 and cryptography 10 00:00:25,972 --> 00:00:28,100 where we'll be learning the key concepts 11 00:00:28,100 --> 00:00:30,632 of confidentiality integrity and availability 12 00:00:30,632 --> 00:00:32,900 and how the cryptography Concepts also tie 13 00:00:32,900 --> 00:00:34,700 into the whole picture next. 14 00:00:34,700 --> 00:00:36,600 We'll be looking at some cyber threats. 15 00:00:36,600 --> 00:00:37,248 We be seeing 16 00:00:37,248 --> 00:00:39,847 how the Cyber threads actually affect our computer 17 00:00:39,847 --> 00:00:42,500 and then we will also see how we can mitigate them. 18 00:00:42,500 --> 00:00:44,097 After which we will be looking 19 00:00:44,097 --> 00:00:46,000 into the history of ethical hacking. 20 00:00:46,000 --> 00:00:47,497 We learn how this all began 21 00:00:47,497 --> 00:00:49,939 in the Massachusetts Institute of Technology. 22 00:00:49,939 --> 00:00:52,763 And then we will be looking into the fundamentals 23 00:00:52,763 --> 00:00:55,670 of networking and ethical hacking in this will be learning 24 00:00:55,670 --> 00:00:56,556 the various tools 25 00:00:56,556 --> 00:00:57,321 that are used 26 00:00:57,321 --> 00:01:00,100 in ethical hacking and also the network architectures. 27 00:01:00,100 --> 00:01:02,000 These tools are used in after this. 28 00:01:02,000 --> 00:01:03,300 We will be having a look 29 00:01:03,300 --> 00:01:05,625 into what the most famous operating systems 30 00:01:05,625 --> 00:01:06,400 that is there. 31 00:01:06,400 --> 00:01:07,519 That is Kali Linux. 32 00:01:07,519 --> 00:01:09,508 Kali Linux is used by ethical hackers 33 00:01:09,508 --> 00:01:11,000 and penetration testers all 34 00:01:11,000 --> 00:01:12,900 around the world will be learning 35 00:01:12,900 --> 00:01:13,763 how to install this 36 00:01:13,763 --> 00:01:16,150 on our local systems will be learning the tools 37 00:01:16,150 --> 00:01:17,300 that come along with it 38 00:01:17,300 --> 00:01:19,900 and Bash we should be using them after that. 39 00:01:19,900 --> 00:01:22,100 We'll be learning about penetration testing 40 00:01:22,100 --> 00:01:22,900 and penetration. 41 00:01:22,900 --> 00:01:24,800 Testing is a subset of ethical hacking. 42 00:01:25,100 --> 00:01:28,141 So in this we will be learning about a tool called Metasploit 43 00:01:28,141 --> 00:01:30,074 and using Metasploit will be learning. 44 00:01:30,074 --> 00:01:32,679 Learn more about vulnerability analysis and how we 45 00:01:32,679 --> 00:01:35,500 can install back doors in different computer systems 46 00:01:35,500 --> 00:01:36,600 and take advantages 47 00:01:36,600 --> 00:01:40,100 of these vulnerabilities now nmap is also another tool 48 00:01:40,100 --> 00:01:42,249 that we are going to be discussing in this course, 49 00:01:42,249 --> 00:01:43,200 we will be learning 50 00:01:43,200 --> 00:01:45,316 how we can use nmap to gather information 51 00:01:45,316 --> 00:01:46,551 from our networks and 52 00:01:46,551 --> 00:01:49,767 how we can use this information to our advantage after that. 53 00:01:49,767 --> 00:01:52,445 We'll be learning deeply about three cyber attacks 54 00:01:52,445 --> 00:01:54,563 that are there in this industry first 55 00:01:54,563 --> 00:01:58,100 is cross-site scripting secondly distributed denial of service 56 00:01:58,100 --> 00:02:00,100 and thirdly SQL injection attacks. 57 00:02:00,200 --> 00:02:03,000 Now we be doing these attacks ourselves on dummy targets 58 00:02:03,000 --> 00:02:04,800 and learning more about these attacks 59 00:02:04,800 --> 00:02:07,850 and how they are orchestrated and thus we will be learning 60 00:02:07,850 --> 00:02:09,400 more about how we can mitigate them. 61 00:02:09,400 --> 00:02:12,100 If we actually become ethical hackers now, 62 00:02:12,100 --> 00:02:13,400 we will also be discussing 63 00:02:13,400 --> 00:02:16,400 some very Advanced cryptography methods called steganography, 64 00:02:16,400 --> 00:02:19,000 which is basically used for hiding digital code 65 00:02:19,000 --> 00:02:22,535 inside images last but not the least we will be also discussing 66 00:02:22,535 --> 00:02:25,100 how you could become an ethical hacker yourself. 67 00:02:25,100 --> 00:02:27,300 So we'll be discussing a roadmap will also 68 00:02:27,300 --> 00:02:29,841 be discussing the job profiles that are there in the industry. 69 00:02:29,841 --> 00:02:31,842 Re and we will also be discussing the companies 70 00:02:31,842 --> 00:02:34,495 that are hiring for these job profiles along with the salaries 71 00:02:34,495 --> 00:02:35,800 that they are trying to offer. 72 00:02:36,100 --> 00:02:39,000 Also, we won't be leaving hanging right there will also 73 00:02:39,000 --> 00:02:41,620 be discussing the 50 most common interview questions 74 00:02:41,620 --> 00:02:43,675 that come along with these job profiles 75 00:02:43,675 --> 00:02:44,800 so that you can snag 76 00:02:44,800 --> 00:02:48,346 that job interview and if you do like our content in the end, 77 00:02:48,346 --> 00:02:49,700 please leave us a like, 78 00:02:49,700 --> 00:02:50,832 please leave a comment 79 00:02:50,832 --> 00:02:53,200 if you want to and do hit the Subscribe button 80 00:02:53,200 --> 00:02:55,200 so that you can join our ever-growing 81 00:02:55,200 --> 00:02:56,600 community of learners. 82 00:03:01,800 --> 00:03:03,179 It can be rightfully said 83 00:03:03,179 --> 00:03:05,533 that today's generation lives on the internet 84 00:03:05,533 --> 00:03:08,094 and we generally users are almost ignorant as to 85 00:03:08,094 --> 00:03:09,800 how those random bits of ones 86 00:03:09,800 --> 00:03:12,150 and zeros Rich securely to a computer. 87 00:03:12,150 --> 00:03:15,200 It's not magic its work and sweat that makes sure 88 00:03:15,200 --> 00:03:18,814 that your packets reach to you on sniffed today Ira ball 89 00:03:18,814 --> 00:03:19,800 from at Eureka. 90 00:03:19,800 --> 00:03:22,664 I'm here to tell you guys about how cybersecurity makes 91 00:03:22,664 --> 00:03:23,900 this all possible now 92 00:03:23,900 --> 00:03:26,190 before we begin let me brief you all about the topics 93 00:03:26,190 --> 00:03:27,600 that we're going to cover today. 94 00:03:27,600 --> 00:03:29,598 So basically we're going to ask three questions. 95 00:03:29,598 --> 00:03:30,898 Options that are important 96 00:03:30,898 --> 00:03:33,100 to cybersecurity firstly we're going to see why 97 00:03:33,100 --> 00:03:35,500 cyber security is needed next we're going to see 98 00:03:35,500 --> 00:03:37,128 what exactly is cyber security 99 00:03:37,128 --> 00:03:39,894 and in the end I'm going to show you also a scenario 100 00:03:39,894 --> 00:03:42,800 how cybersecurity can save a whole organization 101 00:03:42,800 --> 00:03:44,449 from organized cybercrime. 102 00:03:44,449 --> 00:03:44,767 Okay. 103 00:03:44,767 --> 00:03:46,100 So let's get started. 104 00:03:46,200 --> 00:03:49,500 Now as I just said we are living in a digital era 105 00:03:49,500 --> 00:03:52,415 whether it be booking a hotel room ordering some dinner 106 00:03:52,415 --> 00:03:53,717 or even booking a cab. 107 00:03:53,717 --> 00:03:56,600 We're constantly using the internet and inherently 108 00:03:56,600 --> 00:03:59,900 constantly generating data this data is generally He 109 00:03:59,900 --> 00:04:01,000 stored on the cloud 110 00:04:01,100 --> 00:04:04,100 which is basically a huge data server or data center 111 00:04:04,100 --> 00:04:05,918 that you can access online. 112 00:04:05,918 --> 00:04:07,395 Also, we use an array 113 00:04:07,395 --> 00:04:10,556 of devices to access this data now for a hacker. 114 00:04:10,556 --> 00:04:11,700 It's a golden age 115 00:04:11,700 --> 00:04:14,700 with so many access points public IP addresses 116 00:04:14,700 --> 00:04:15,700 and constant traffic 117 00:04:15,700 --> 00:04:18,944 and tons of data to exploit black hat hackers are having 118 00:04:18,944 --> 00:04:21,423 one hell of a time exploiting vulnerabilities 119 00:04:21,423 --> 00:04:23,100 and creating malicious software 120 00:04:23,100 --> 00:04:25,764 for the same above that cyber attacks are evolving 121 00:04:25,764 --> 00:04:28,000 by the day hackers are becoming smarter 122 00:04:28,000 --> 00:04:29,900 and more creative with their malware's. 123 00:04:29,900 --> 00:04:31,671 And how they bypass virus scans 124 00:04:31,671 --> 00:04:33,900 and firewalls still baffled many people. 125 00:04:33,900 --> 00:04:36,000 Let's go through some of the most common types 126 00:04:36,000 --> 00:04:37,000 of cyber attacks now, 127 00:04:37,500 --> 00:04:40,600 so as you guys can see I've listed out eight cyber attacks 128 00:04:40,600 --> 00:04:43,300 that have plagued us since the beginning of the internet. 129 00:04:43,300 --> 00:04:44,888 Let's go through them briefly. 130 00:04:44,888 --> 00:04:46,000 So first on the list, 131 00:04:46,000 --> 00:04:48,149 we have General malware's malware is 132 00:04:48,149 --> 00:04:51,500 an all-encompassing term for a variety of cyber threats 133 00:04:51,500 --> 00:04:53,141 including Trojans viruses 134 00:04:53,141 --> 00:04:55,938 and worms malware is simply defined as code 135 00:04:55,938 --> 00:04:57,263 with malicious intent 136 00:04:57,263 --> 00:04:59,600 that typically steals data or destroy. 137 00:04:59,600 --> 00:05:01,700 On the computer next on the list. 138 00:05:01,700 --> 00:05:04,400 We have fishing often posing as a request for data 139 00:05:04,400 --> 00:05:07,400 from a trusted third party phishing attacks are sent 140 00:05:07,400 --> 00:05:10,100 via email and ask users to click on a link 141 00:05:10,100 --> 00:05:13,281 and enter the personal data phishing emails have gotten 142 00:05:13,281 --> 00:05:16,693 much more sophisticated in recent years making it difficult 143 00:05:16,693 --> 00:05:19,500 for some people to discern a legitimate request 144 00:05:19,500 --> 00:05:23,100 for information from a false one phishing emails often fall 145 00:05:23,100 --> 00:05:25,908 into the same category as spam but are more harmful 146 00:05:25,908 --> 00:05:28,229 than just a simple ad next on the list. 147 00:05:28,229 --> 00:05:29,514 We have password attacks. 148 00:05:29,514 --> 00:05:32,226 It's a password attack is exactly what it sounds 149 00:05:32,226 --> 00:05:35,400 like a third party trying to gain access to your system. 150 00:05:35,400 --> 00:05:37,300 My tracking a user's password. 151 00:05:37,300 --> 00:05:38,600 Next up is DDOS 152 00:05:38,600 --> 00:05:41,200 which stands for distributed denial-of-service 153 00:05:41,200 --> 00:05:42,300 DDOS attack focuses 154 00:05:42,300 --> 00:05:45,023 on disrupting the service of a network a darker send 155 00:05:45,023 --> 00:05:46,200 High volumes of data 156 00:05:46,200 --> 00:05:47,800 or traffic through the network 157 00:05:47,800 --> 00:05:50,035 that is making a lot of connection requests 158 00:05:50,035 --> 00:05:52,190 until the network becomes overloaded 159 00:05:52,190 --> 00:05:54,300 and can no longer function next up. 160 00:05:54,300 --> 00:05:57,490 We have man-in-the-middle attacks by impersonating 161 00:05:57,490 --> 00:05:59,900 the endpoint in an online information. 162 00:05:59,900 --> 00:06:01,900 That is the connection from your smartphone 163 00:06:01,900 --> 00:06:03,260 to a website the MIT. 164 00:06:03,260 --> 00:06:07,300 Emma docs can obtain information from the end users and entity he 165 00:06:07,300 --> 00:06:09,800 or she is communicating with for example, 166 00:06:09,800 --> 00:06:12,263 if your Banking online the man in the middle 167 00:06:12,263 --> 00:06:15,004 would communicate with you by impersonating your bank 168 00:06:15,004 --> 00:06:17,900 and communicate with the bank by impersonating you the man 169 00:06:17,900 --> 00:06:20,600 in the middle would then receive all the information transferred 170 00:06:20,600 --> 00:06:21,600 between both parties 171 00:06:21,600 --> 00:06:24,011 which could include sensitive data such as 172 00:06:24,011 --> 00:06:26,562 bank accounts and personal information next up. 173 00:06:26,562 --> 00:06:29,800 We have drive-by downloads through malware on a Ledge. 174 00:06:29,800 --> 00:06:31,400 Emmett website a program 175 00:06:31,400 --> 00:06:34,570 is downloaded to a user system just by visiting the site. 176 00:06:34,570 --> 00:06:36,400 It doesn't require any type of action 177 00:06:36,400 --> 00:06:38,929 by the user to download it actually next up. 178 00:06:38,929 --> 00:06:40,302 We have mail advertising 179 00:06:40,302 --> 00:06:42,487 which is a way to compromise your computer 180 00:06:42,487 --> 00:06:43,517 with malicious code 181 00:06:43,517 --> 00:06:45,400 that is downloaded to your system 182 00:06:45,400 --> 00:06:47,700 when you click on an effective ad lastly, 183 00:06:47,700 --> 00:06:48,900 we have Rogue softwares, 184 00:06:48,900 --> 00:06:50,500 which are basically malware's 185 00:06:50,500 --> 00:06:51,900 that are masquerading as 186 00:06:51,900 --> 00:06:54,300 legitimate and necessary security software 187 00:06:54,300 --> 00:06:56,100 that will keep your system safe. 188 00:06:56,100 --> 00:06:57,345 So as you guys can see 189 00:06:57,345 --> 00:06:59,552 now the internet sure isn't the safe place. 190 00:06:59,552 --> 00:07:02,338 As you might think it is this not only applies 191 00:07:02,338 --> 00:07:03,700 for us as individuals. 192 00:07:03,700 --> 00:07:05,500 But also large organizations. 193 00:07:05,600 --> 00:07:08,200 They're having multiple cyber breaches in the past 194 00:07:08,200 --> 00:07:11,600 that has compromised the privacy and confidentiality of a data. 195 00:07:11,600 --> 00:07:14,900 If we head over to the site called information is beautiful. 196 00:07:14,900 --> 00:07:16,950 We can see all the major cyber breaches 197 00:07:16,950 --> 00:07:18,300 that have been committed. 198 00:07:18,800 --> 00:07:22,493 So as you guys can see even big companies like eBay, 199 00:07:22,493 --> 00:07:25,300 AOL Evernote Adobe have actually gone 200 00:07:25,300 --> 00:07:27,005 through major cyber breaches, 201 00:07:27,005 --> 00:07:29,979 even though they have a lot of security measures taken 202 00:07:29,979 --> 00:07:32,000 to protect the data that they contain 203 00:07:32,000 --> 00:07:33,163 so it's not only 204 00:07:33,163 --> 00:07:36,289 that small individuals are targeted by hackers 205 00:07:36,289 --> 00:07:37,400 and other people 206 00:07:37,400 --> 00:07:41,000 but even bigger organizations are constantly being targeted 207 00:07:41,000 --> 00:07:41,900 by these guys. 208 00:07:42,100 --> 00:07:43,805 So after looking at all sorts 209 00:07:43,805 --> 00:07:46,625 of cyberattacks possible the breaches of the past 210 00:07:46,625 --> 00:07:48,700 and the sheer amount of data available. 211 00:07:48,700 --> 00:07:49,676 We must be thinking 212 00:07:49,676 --> 00:07:52,400 that there must be some sort of mechanism and protocol 213 00:07:52,400 --> 00:07:55,600 to actually protect us from all these sorts of cyberattacks 214 00:07:55,600 --> 00:07:57,178 and indeed there is a way 215 00:07:57,178 --> 00:07:59,392 and this is called cyber security in 216 00:07:59,392 --> 00:08:02,666 a Computing context security comprises of cybersecurity 217 00:08:02,666 --> 00:08:04,000 and physical security. 218 00:08:04,000 --> 00:08:06,320 Both are used by Enterprises to protect 219 00:08:06,320 --> 00:08:08,885 against unauthorized access to data centers 220 00:08:08,885 --> 00:08:12,000 and other computerized systems information security, 221 00:08:12,000 --> 00:08:14,900 which is designed to maintain the confidentiality integrity 222 00:08:14,900 --> 00:08:16,400 and availability of data is 223 00:08:16,400 --> 00:08:18,700 a subset of cybersecurity the use of cyber. 224 00:08:18,700 --> 00:08:20,300 Cybersecurity can help prevent 225 00:08:20,300 --> 00:08:23,155 against cyberattacks data breaches identity theft 226 00:08:23,155 --> 00:08:25,069 and can Aid in Risk Management. 227 00:08:25,069 --> 00:08:27,600 So when an organization has a strong sense 228 00:08:27,600 --> 00:08:28,793 of network security 229 00:08:28,793 --> 00:08:31,300 and an effective incident response plan, 230 00:08:31,300 --> 00:08:33,109 it is better able to prevent 231 00:08:33,109 --> 00:08:35,500 and mitigate these attacks for example 232 00:08:35,500 --> 00:08:38,381 and user protection defense information and guards 233 00:08:38,381 --> 00:08:39,616 against loss of theft 234 00:08:39,616 --> 00:08:42,177 while also scanning computers for malicious code. 235 00:08:42,178 --> 00:08:44,100 Now when talking about cybersecurity, 236 00:08:44,100 --> 00:08:45,550 there are three main activities 237 00:08:45,550 --> 00:08:48,500 that we are trying to protect ourselves against and they 238 00:08:48,500 --> 00:08:52,100 are Unauthorized modification unauthorised deletion 239 00:08:52,100 --> 00:08:53,725 and unauthorized access. 240 00:08:53,725 --> 00:08:54,931 These freedoms are 241 00:08:54,931 --> 00:08:58,347 very synonymous to the very commonly known CIA Triad 242 00:08:58,347 --> 00:09:02,500 which stands for confidentiality integrity and availability. 243 00:09:03,000 --> 00:09:04,500 The CIA Triad is also 244 00:09:04,500 --> 00:09:07,500 commonly referred to as a three pillars of security 245 00:09:07,500 --> 00:09:10,500 and more security policies of bigger organizations. 246 00:09:10,500 --> 00:09:13,887 And even smaller companies are based on these three principles. 247 00:09:13,887 --> 00:09:15,800 So let's go through them one by one. 248 00:09:16,300 --> 00:09:18,135 So first on the list we have 249 00:09:18,135 --> 00:09:21,429 confidentiality confidentiality is roughly equivalent 250 00:09:21,429 --> 00:09:23,900 to privacy measures undertaken to ensure 251 00:09:23,900 --> 00:09:27,099 confidentiality are designed to prevent sensitive information 252 00:09:27,099 --> 00:09:28,700 from reaching the wrong people 253 00:09:28,700 --> 00:09:30,600 while making sure that the right people 254 00:09:30,600 --> 00:09:33,100 can in fact get it access must be restricted. 255 00:09:33,100 --> 00:09:36,000 To those authorized to view the data in question 256 00:09:36,200 --> 00:09:39,300 in as common as well for data to be categorized 257 00:09:39,300 --> 00:09:40,652 according to the amount 258 00:09:40,652 --> 00:09:41,746 and type of damage 259 00:09:41,746 --> 00:09:42,900 that could be done. 260 00:09:42,900 --> 00:09:45,451 Should it fall into unintended hands more 261 00:09:45,451 --> 00:09:49,024 or less stringent measures can then be implemented across 262 00:09:49,024 --> 00:09:50,300 to those categories? 263 00:09:50,400 --> 00:09:53,458 Sometimes safeguarding data confidentiality meanwhile 264 00:09:53,458 --> 00:09:55,300 special training for those privy 265 00:09:55,300 --> 00:09:56,400 to such documents 266 00:09:56,400 --> 00:09:59,100 such training would typically include security risks 267 00:09:59,100 --> 00:10:01,402 that could threaten this information training 268 00:10:01,402 --> 00:10:02,984 can help familiarize ourselves. 269 00:10:02,984 --> 00:10:04,600 Her eyes people with risk factors 270 00:10:04,600 --> 00:10:07,800 and how to guard against them further aspects of training 271 00:10:07,800 --> 00:10:09,400 can include strong password 272 00:10:09,400 --> 00:10:11,400 and password related best practices 273 00:10:11,400 --> 00:10:14,615 and information about social engineering methods to prevent 274 00:10:14,615 --> 00:10:16,733 them from bending data handling rules 275 00:10:16,733 --> 00:10:17,868 with good intention 276 00:10:17,868 --> 00:10:19,868 and potentially disastrous results. 277 00:10:19,868 --> 00:10:20,633 Next on list. 278 00:10:20,633 --> 00:10:23,400 We have integrity Integrity involves maintaining 279 00:10:23,400 --> 00:10:24,956 the consistency accuracy 280 00:10:24,956 --> 00:10:26,646 and trustworthiness of data 281 00:10:26,646 --> 00:10:30,400 over its entire lifecycle data must not be changed in transit 282 00:10:30,400 --> 00:10:33,093 and steps must be taken to ensure that data. 283 00:10:33,093 --> 00:10:34,300 Cannot be altered by 284 00:10:34,300 --> 00:10:38,200 unauthorized people for example in a breach of confidentiality. 285 00:10:38,200 --> 00:10:39,582 These measures include 286 00:10:39,582 --> 00:10:43,149 file permissions and user access controls Version Control 287 00:10:43,149 --> 00:10:45,700 may be used to prevent are honest changes 288 00:10:45,700 --> 00:10:47,129 or accidental deletion 289 00:10:47,129 --> 00:10:49,462 by authorized users becoming a problem. 290 00:10:49,462 --> 00:10:50,200 In addition. 291 00:10:50,200 --> 00:10:53,400 Some means must be in place to detect any changes in data 292 00:10:53,400 --> 00:10:54,800 that might occur as a result 293 00:10:54,800 --> 00:10:58,600 of non-human caused events such as electromagnetic pulses 294 00:10:58,600 --> 00:10:59,700 or server crash 295 00:10:59,700 --> 00:11:02,753 some data might include checksums even cryptography. 296 00:11:02,753 --> 00:11:05,920 Graphic checksums for verification of Integrity backup 297 00:11:05,920 --> 00:11:08,591 or redundancies must be available to restore 298 00:11:08,591 --> 00:11:11,200 the affected data to its correct State last 299 00:11:11,200 --> 00:11:14,800 but not least is availability availability is best ensured 300 00:11:14,800 --> 00:11:16,100 by rigorous maintaining 301 00:11:16,100 --> 00:11:18,800 of all Hardware performing Hardware repairs immediately 302 00:11:18,800 --> 00:11:20,400 when needed and maintaining 303 00:11:20,400 --> 00:11:22,800 a correctly functional operating system environment 304 00:11:22,800 --> 00:11:24,800 that is free of software conflicts. 305 00:11:24,800 --> 00:11:27,679 It's also important to keep current with all necessary 306 00:11:27,679 --> 00:11:31,165 system upgrades providing adequate communication bandwidth 307 00:11:31,165 --> 00:11:33,000 and preventing the occurrences 308 00:11:33,000 --> 00:11:36,400 of Bottlenecks are equally important redundancy failover 309 00:11:36,400 --> 00:11:39,282 and even higher availability clusters can mitigate 310 00:11:39,282 --> 00:11:40,564 serious consequences 311 00:11:40,564 --> 00:11:42,839 when hardware issues do occur fast in 312 00:11:42,839 --> 00:11:45,382 as adaptive Disaster Recovery is essential 313 00:11:45,382 --> 00:11:47,119 for the worst-case scenarios 314 00:11:47,119 --> 00:11:49,599 that capacity is reliant on the existence 315 00:11:49,599 --> 00:11:52,599 of a comprehensive Disaster Recovery plan safeguards 316 00:11:52,599 --> 00:11:53,613 against data loss 317 00:11:53,613 --> 00:11:55,400 or interruption in connection 318 00:11:55,400 --> 00:11:59,000 must include unpredictable events such as natural disasters 319 00:11:59,000 --> 00:12:00,800 and file to prevent data loss 320 00:12:00,800 --> 00:12:02,700 from such occurrences a backup copy. 321 00:12:02,700 --> 00:12:04,600 He must be stored in a geographically 322 00:12:04,600 --> 00:12:05,691 isolated location, 323 00:12:05,691 --> 00:12:08,300 perhaps even in a fireproof water safe place 324 00:12:08,400 --> 00:12:11,700 extra security equipments or software such as firewalls 325 00:12:11,700 --> 00:12:12,700 and proxy servers 326 00:12:12,800 --> 00:12:14,633 and goddess against down times 327 00:12:14,633 --> 00:12:16,100 and unreachable data you 328 00:12:16,100 --> 00:12:19,200 to malicious actions such as denial-of-service attacks 329 00:12:19,200 --> 00:12:20,700 and network intrusions. 330 00:12:20,800 --> 00:12:24,000 So now that we have seen what we are actually trying to implement 331 00:12:24,000 --> 00:12:26,400 when trying to protect ourselves on the internet. 332 00:12:26,400 --> 00:12:27,968 We should also know the ways 333 00:12:27,968 --> 00:12:29,870 that we actually protect ourselves 334 00:12:29,870 --> 00:12:32,400 when we are attacked by cyber organizations. 335 00:12:32,400 --> 00:12:35,579 So the Step to actually mitigate any type of Cyber attack is 336 00:12:35,579 --> 00:12:37,943 to identify the malware or the Cyber threat 337 00:12:37,943 --> 00:12:40,784 that is being currently going on in your organization. 338 00:12:40,784 --> 00:12:41,079 Next. 339 00:12:41,079 --> 00:12:42,674 We have to actually analyze 340 00:12:42,674 --> 00:12:44,800 and evaluate all the affected parties 341 00:12:44,800 --> 00:12:45,800 and the file systems 342 00:12:45,800 --> 00:12:47,317 that have been compromised 343 00:12:47,317 --> 00:12:50,200 and in the end we have to patch the hole treatment 344 00:12:50,200 --> 00:12:52,427 so that our organization can come back 345 00:12:52,427 --> 00:12:55,900 to its original running State without any cyber breaches. 346 00:12:55,900 --> 00:12:57,600 So how is it exactly done? 347 00:12:57,600 --> 00:13:01,100 This is mostly done by actually calculating three factors. 348 00:13:01,100 --> 00:13:02,923 The first factor is vulnerable. 349 00:13:02,923 --> 00:13:06,300 Leti the second factor is threat and the third is risk. 350 00:13:06,300 --> 00:13:09,100 So let me tell you about the three of them a little bit. 351 00:13:09,300 --> 00:13:10,421 So first on the list 352 00:13:10,421 --> 00:13:13,000 of actual calculation is we have vulnerability. 353 00:13:13,000 --> 00:13:16,781 So a vulnerability refers to a known weakness of an asset 354 00:13:16,781 --> 00:13:19,782 that can be exploited by one or more attackers. 355 00:13:19,782 --> 00:13:20,700 In other words. 356 00:13:20,700 --> 00:13:21,833 It is a known issue 357 00:13:21,833 --> 00:13:24,099 that allows an attack to be successful. 358 00:13:24,099 --> 00:13:24,728 For example, 359 00:13:24,728 --> 00:13:27,352 when a team member resigns and you forget to disable 360 00:13:27,352 --> 00:13:29,757 their access to external accounts change logins 361 00:13:29,757 --> 00:13:30,889 or remove their names 362 00:13:30,889 --> 00:13:33,100 from the company credit cards this leaves. 363 00:13:33,100 --> 00:13:34,242 Your business open 364 00:13:34,242 --> 00:13:37,300 to both unintentional and intentional threats. 365 00:13:37,300 --> 00:13:41,300 However, most vulnerabilities are exploited by automated tacos 366 00:13:41,300 --> 00:13:43,700 and not a human typing on the other side 367 00:13:43,700 --> 00:13:44,700 of the network. 368 00:13:45,200 --> 00:13:47,100 Next testing for vulnerabilities 369 00:13:47,100 --> 00:13:49,613 is critical to ensuring the continued security 370 00:13:49,613 --> 00:13:52,125 of your systems by identifying weak points 371 00:13:52,125 --> 00:13:54,647 and developing a strategy to respond quickly. 372 00:13:54,647 --> 00:13:56,000 Here are some questions 373 00:13:56,000 --> 00:13:59,700 that you ask when determining your security vulnerabilities. 374 00:13:59,700 --> 00:14:02,429 So you have questions like is your data backed up 375 00:14:02,429 --> 00:14:05,899 and stored in a secure off-site location is your data stored 376 00:14:05,899 --> 00:14:07,076 in the cloud if yes, 377 00:14:07,076 --> 00:14:08,958 how exactly is it being protected 378 00:14:08,958 --> 00:14:10,400 from cloud vulnerabilities? 379 00:14:10,400 --> 00:14:13,100 What kind of security do you have to determine 380 00:14:13,100 --> 00:14:14,372 who can access modify 381 00:14:14,372 --> 00:14:17,700 or delete information from within your organization next 382 00:14:17,700 --> 00:14:19,280 like you could ask questions 383 00:14:19,280 --> 00:14:22,121 like what kind of antivirus protection is in use? 384 00:14:22,121 --> 00:14:25,200 What is the license currents are the license current? 385 00:14:25,200 --> 00:14:27,468 And is it running as often as needed? 386 00:14:27,468 --> 00:14:29,800 Also, do you have a data recovery plan 387 00:14:29,800 --> 00:14:32,700 in the event of vulnerability being exploited? 388 00:14:32,700 --> 00:14:34,300 These are the normal questions 389 00:14:34,300 --> 00:14:37,600 that one asks when actually checking their vulnerability. 390 00:14:37,600 --> 00:14:40,900 Next up is thread a thread refers to a new or newly 391 00:14:40,900 --> 00:14:44,325 discovered incident with potential to do harm to a system 392 00:14:44,325 --> 00:14:46,100 or your overall organization. 393 00:14:46,100 --> 00:14:47,400 There are three main types 394 00:14:47,400 --> 00:14:49,723 of thread National threats like floods 395 00:14:49,723 --> 00:14:52,900 or tornadoes unintentional threats such as employee 396 00:14:52,900 --> 00:14:55,509 mistakingly accessing the wrong information 397 00:14:55,509 --> 00:14:57,000 and intentional threats. 398 00:14:57,000 --> 00:14:58,400 There are many examples 399 00:14:58,400 --> 00:15:02,492 of intentional threats including spyware malware advert companies 400 00:15:02,492 --> 00:15:05,938 or the Actions of disgruntled employees in addition worms 401 00:15:05,938 --> 00:15:07,600 and viruses are categorized 402 00:15:07,600 --> 00:15:10,382 as threats because they could potentially cause harm 403 00:15:10,382 --> 00:15:13,852 to your organization through exposure to an automated attack 404 00:15:13,852 --> 00:15:16,500 as opposed to one perpetrated by human beings. 405 00:15:16,600 --> 00:15:19,082 Although these threats are generally outside 406 00:15:19,082 --> 00:15:22,200 of one's control and difficult to identify in advance. 407 00:15:22,200 --> 00:15:25,100 It is essential to take appropriate measures to assess 408 00:15:25,100 --> 00:15:28,400 threats regularly here are some ways to do so and sure 409 00:15:28,400 --> 00:15:30,393 that your team members are staying informed 410 00:15:30,393 --> 00:15:31,200 of current trends 411 00:15:31,200 --> 00:15:34,486 in cyber security so they can The identify new threats, 412 00:15:34,486 --> 00:15:37,574 they should subscribe to blogs like wired and podcast 413 00:15:37,574 --> 00:15:39,457 like the Tech janek's Extreme it 414 00:15:39,457 --> 00:15:40,843 that covers these issues 415 00:15:40,843 --> 00:15:43,213 as well as join professional associations, 416 00:15:43,213 --> 00:15:44,317 so they can benefit 417 00:15:44,317 --> 00:15:47,300 from breaking news feeds conferences and webinars. 418 00:15:47,300 --> 00:15:49,716 You should also perform regular threat assessment 419 00:15:49,716 --> 00:15:52,426 to determine the best approaches to protecting a system 420 00:15:52,426 --> 00:15:54,749 against the specific threat along with assessing 421 00:15:54,749 --> 00:15:57,800 different types of thread in addition penetration, 422 00:15:57,800 --> 00:16:00,400 testing involves modeling real-world threats in order 423 00:16:00,400 --> 00:16:03,500 to discover vulnerabilities next on the List, 424 00:16:03,500 --> 00:16:04,318 we have risk. 425 00:16:04,318 --> 00:16:07,449 So risk refers to the potential for loss or damage 426 00:16:07,449 --> 00:16:10,378 when a threat exploits a vulnerability examples 427 00:16:10,378 --> 00:16:13,196 of risks include Financial losses as a result 428 00:16:13,196 --> 00:16:14,871 of business disruption loss 429 00:16:14,871 --> 00:16:17,800 of privacy reputational damage legal implications 430 00:16:17,800 --> 00:16:19,344 and can even include loss 431 00:16:19,344 --> 00:16:21,922 of life risk can also be defined as follows, 432 00:16:21,922 --> 00:16:24,800 which is basically threat X the vulnerability you 433 00:16:24,800 --> 00:16:27,305 can reduce the potential for Risk by creating 434 00:16:27,305 --> 00:16:29,600 and implementing a risk management plan. 435 00:16:29,600 --> 00:16:32,700 And here are the key aspects to consider When developing 436 00:16:32,700 --> 00:16:35,682 your Management strategy firstly we need to assess risk 437 00:16:35,682 --> 00:16:36,800 and determine needs 438 00:16:36,800 --> 00:16:38,065 when it comes to designing 439 00:16:38,065 --> 00:16:40,333 and implementing a risk assessment framework. 440 00:16:40,333 --> 00:16:43,260 It is critical to prioritize the most important breaches 441 00:16:43,260 --> 00:16:46,082 that need to be addressed all the frequency May differ 442 00:16:46,082 --> 00:16:47,200 in each organization. 443 00:16:47,200 --> 00:16:49,000 This level of assessment must be done 444 00:16:49,000 --> 00:16:50,700 on a regular recurring basis. 445 00:16:51,000 --> 00:16:51,500 Next. 446 00:16:51,500 --> 00:16:52,883 We also have to include 447 00:16:52,883 --> 00:16:55,927 a total stakeholder perspective stakeholders include 448 00:16:55,927 --> 00:16:58,809 the business owners as well as employees customers 449 00:16:58,809 --> 00:17:00,820 and even vendors all of these players 450 00:17:00,820 --> 00:17:02,924 have the potential to negatively impact. 451 00:17:02,924 --> 00:17:03,964 Actor organization, 452 00:17:03,964 --> 00:17:06,200 but at the same time they can be Assets 453 00:17:06,200 --> 00:17:08,066 in helping to mitigate risk. 454 00:17:08,066 --> 00:17:11,800 So as we see risk management is the key to cybersecurity. 455 00:17:11,800 --> 00:17:12,800 So now let's go 456 00:17:12,800 --> 00:17:14,800 through a scenario to actually understand 457 00:17:14,800 --> 00:17:16,390 how cybersecurity actually 458 00:17:16,390 --> 00:17:20,000 defend an organization against very manipulative cybercrime. 459 00:17:20,000 --> 00:17:21,000 So cyber crime 460 00:17:21,000 --> 00:17:22,800 as we all know is a global problem 461 00:17:22,800 --> 00:17:24,600 that's been dominating the new cycle. 462 00:17:24,800 --> 00:17:27,000 It poses a threat to individual security 463 00:17:27,000 --> 00:17:30,100 and an even bigger threat to large International companies 464 00:17:30,100 --> 00:17:33,000 Banks and government today's organized cybercrime. 465 00:17:33,000 --> 00:17:35,100 Part of Shadows loan hackers of Fast 466 00:17:35,100 --> 00:17:38,234 and Now large organized crime Rings function like startups 467 00:17:38,234 --> 00:17:40,500 and often employ highly trained developers 468 00:17:40,500 --> 00:17:42,703 were constantly innovating new online adapt 469 00:17:42,703 --> 00:17:43,706 most companies have 470 00:17:43,706 --> 00:17:46,926 preventative security software to stop these types of attacks, 471 00:17:46,926 --> 00:17:50,400 but no matter how secure we are cyber crime is going to happen. 472 00:17:50,500 --> 00:17:51,300 So meet Bob, 473 00:17:51,300 --> 00:17:53,842 he's a chief security officer for a company 474 00:17:53,842 --> 00:17:56,754 that makes a mobile app to help customers track 475 00:17:56,754 --> 00:17:58,374 and manage their finances. 476 00:17:58,374 --> 00:18:00,202 So security is a top priority. 477 00:18:00,202 --> 00:18:02,700 So Bob's company has an activity response. 478 00:18:02,700 --> 00:18:06,600 Platform in place that automates the entire cybersecurity process 479 00:18:06,600 --> 00:18:09,266 the ARP software integrates all the security 480 00:18:09,266 --> 00:18:12,161 and ID software needed to keep a large company 481 00:18:12,161 --> 00:18:14,680 like Bob's secured into a single dashboard 482 00:18:14,680 --> 00:18:15,783 and acts as a hub 483 00:18:15,783 --> 00:18:17,281 for the people processes 484 00:18:17,281 --> 00:18:20,900 and Technology needed to respond to and contain cyber doll. 485 00:18:20,900 --> 00:18:23,200 Let's see how this platform works in the case 486 00:18:23,200 --> 00:18:24,533 of a security breach 487 00:18:24,533 --> 00:18:25,600 while Bob is out 488 00:18:25,600 --> 00:18:28,179 on a business trip irregular activity occurs 489 00:18:28,179 --> 00:18:29,200 on his account as 490 00:18:29,200 --> 00:18:32,900 a user Behavior analytic engine that monitors account activity. 491 00:18:32,900 --> 00:18:36,468 Recognize a suspicious Behavior involving late-night logins 492 00:18:36,468 --> 00:18:39,100 and unusual amounts of data being downloaded. 493 00:18:39,100 --> 00:18:41,400 This piece of software is the first signal 494 00:18:41,400 --> 00:18:42,900 that something is wrong 495 00:18:42,900 --> 00:18:45,900 and alert is sent to the next piece of software in the chain, 496 00:18:45,900 --> 00:18:47,600 which is the security information 497 00:18:47,600 --> 00:18:49,300 and event management system. 498 00:18:49,300 --> 00:18:52,500 Now the ARP can orchestrate a chain of events 499 00:18:52,500 --> 00:18:55,617 that ultimately prevents the company from encountering 500 00:18:55,617 --> 00:18:58,632 a serious security disaster the ARP connects 501 00:18:58,632 --> 00:19:00,288 to a user directory software 502 00:19:00,288 --> 00:19:01,544 that Bob's company uses. 503 00:19:01,544 --> 00:19:04,217 Which immediately Cognizes the user accounts belong 504 00:19:04,217 --> 00:19:05,100 to an executive 505 00:19:05,100 --> 00:19:06,800 who is out on a business trip 506 00:19:06,800 --> 00:19:09,000 and then proceeds to lock his account. 507 00:19:09,200 --> 00:19:10,767 The ARP sends the incident 508 00:19:10,767 --> 00:19:13,179 IP address to threat intelligence software 509 00:19:13,179 --> 00:19:14,900 which identifies the dress 510 00:19:14,900 --> 00:19:17,800 as a suspected malware civil as each piece 511 00:19:17,800 --> 00:19:19,438 of security software runs. 512 00:19:19,438 --> 00:19:22,400 The findings are recorded in the ARP s incident, 513 00:19:22,400 --> 00:19:25,100 which is already busy creating a set of instructions 514 00:19:25,100 --> 00:19:26,100 called A playbook 515 00:19:26,100 --> 00:19:29,400 for a security analyst to follow The analyst 516 00:19:29,400 --> 00:19:33,300 and locks Bob's a bounce and changes his passwords this time. 517 00:19:33,300 --> 00:19:36,100 The software has determined the attempted attack came 518 00:19:36,100 --> 00:19:38,300 from a well-known cyber crime organization 519 00:19:38,300 --> 00:19:39,827 using stolen credentials. 520 00:19:39,827 --> 00:19:41,600 Bob's credentials were stolen 521 00:19:41,600 --> 00:19:44,717 when the hacker found a vulnerability in his company's 522 00:19:44,717 --> 00:19:48,200 firewall software and use it to upload a malware infected file. 523 00:19:48,200 --> 00:19:49,105 Now that we know 524 00:19:49,105 --> 00:19:51,600 how the attack happened the analyst uses 525 00:19:51,600 --> 00:19:53,009 the ARP and identifies 526 00:19:53,009 --> 00:19:56,300 and patches all the things the ARP uses information 527 00:19:56,300 --> 00:19:58,200 from endpoint tool to determine 528 00:19:58,200 --> 00:20:00,694 Which machines need to be patched recommends 529 00:20:00,694 --> 00:20:04,400 how to pass them and then allows the analyst to push the batches 530 00:20:04,400 --> 00:20:07,366 to all the computers and mobile devices instantly. 531 00:20:07,366 --> 00:20:10,227 Meanwhile Bob has to allow the legal Departments 532 00:20:10,227 --> 00:20:10,995 of the breach 533 00:20:10,995 --> 00:20:13,921 and the ARP instantly notifies the correct version 534 00:20:13,921 --> 00:20:16,668 of the situation and the status of the incident 535 00:20:16,668 --> 00:20:18,400 after the attack is contained 536 00:20:18,400 --> 00:20:20,800 and Bob's account is secured the analyst 537 00:20:20,800 --> 00:20:24,400 and communicates which data may have been stolen or compromised 538 00:20:24,400 --> 00:20:25,600 during the incident. 539 00:20:25,600 --> 00:20:28,321 He identifies which geography is jurisdiction. 540 00:20:28,321 --> 00:20:30,075 And Regulatory Agencies cover 541 00:20:30,075 --> 00:20:33,100 the users and informations affected by the adapter. 542 00:20:33,100 --> 00:20:35,700 Then the ARB creates a series of tasks. 543 00:20:35,700 --> 00:20:39,088 So the organization can notify the affected parties and follow 544 00:20:39,088 --> 00:20:40,500 all relevant compliances 545 00:20:40,500 --> 00:20:44,192 and liability procedures in the past a security breach. 546 00:20:44,192 --> 00:20:46,545 This large would have required Bob's company 547 00:20:46,545 --> 00:20:48,135 to involve several agencies 548 00:20:48,135 --> 00:20:50,900 and third parties to solve the problem a process 549 00:20:50,900 --> 00:20:52,800 that could have taken months or longer. 550 00:20:53,100 --> 00:20:56,376 But in a matter of hours the incident response platform 551 00:20:56,376 --> 00:20:58,500 organized all of the people processes. 552 00:20:58,500 --> 00:21:02,147 Has and Technology to identify and contain the problem find 553 00:21:02,147 --> 00:21:05,000 the source of the attack fix the vulnerability 554 00:21:05,000 --> 00:21:07,000 and notify all affected parties 555 00:21:07,000 --> 00:21:10,292 and in the future Bob and his team will be able to turn 556 00:21:10,292 --> 00:21:12,000 to cognitive security tools. 557 00:21:12,000 --> 00:21:15,121 These tools will read and learn from tens of thousands 558 00:21:15,121 --> 00:21:18,709 of trusted publication blogs and other sources of information. 559 00:21:18,709 --> 00:21:21,542 This knowledge will uncover new insights and patterns 560 00:21:21,542 --> 00:21:24,015 and dissipate an isolate and minimize attacks 561 00:21:24,015 --> 00:21:26,423 as they happen and immediately recommend actions 562 00:21:26,423 --> 00:21:29,423 for Security Professionals to take Keeping data safe 563 00:21:29,423 --> 00:21:31,900 and companies like pops out of the headlines. 564 00:21:36,500 --> 00:21:39,397 Cryptography is essentially important because it allows 565 00:21:39,397 --> 00:21:40,900 you to securely protect data 566 00:21:40,900 --> 00:21:43,905 that you don't want anyone else to have access to it is used 567 00:21:43,905 --> 00:21:47,000 to protect corporate Secrets secure classified information 568 00:21:47,000 --> 00:21:48,700 and to protect personal information 569 00:21:48,700 --> 00:21:51,100 to guard against things like identity theft 570 00:21:51,100 --> 00:21:53,249 and today's video is basically going to be 571 00:21:53,249 --> 00:21:54,366 about cryptography now 572 00:21:54,366 --> 00:21:56,300 before we actually jump into the session. 573 00:21:56,300 --> 00:21:58,153 Let me give you guys a brief on the topics 574 00:21:58,153 --> 00:21:59,588 that we're going to cover today. 575 00:21:59,588 --> 00:22:00,307 So first of all, 576 00:22:00,307 --> 00:22:01,900 we're going to cover what is cryptography 577 00:22:01,900 --> 00:22:04,200 through the help of a very simplistic scenario, 578 00:22:04,200 --> 00:22:07,300 then we are going to go through the classifications of Rafi and 579 00:22:07,300 --> 00:22:10,544 how the different classification algorithm works in the end. 580 00:22:10,544 --> 00:22:12,800 I'm going to show you guys a Nifty demo on 581 00:22:12,800 --> 00:22:16,000 how a popular algorithm called RSA actually works. 582 00:22:16,142 --> 00:22:17,757 So let's get started. 583 00:22:17,900 --> 00:22:18,200 Now. 584 00:22:18,200 --> 00:22:20,987 I'm going to take the help of an example or a scenario 585 00:22:20,987 --> 00:22:22,164 to actually explain. 586 00:22:22,164 --> 00:22:23,400 What is cryptography. 587 00:22:23,470 --> 00:22:24,300 All right. 588 00:22:24,300 --> 00:22:27,500 So let's say we have a person and let's call him Andy 589 00:22:27,500 --> 00:22:30,700 now suppose Andy sends a message to his friend Sam who's 590 00:22:30,700 --> 00:22:32,700 on the other side of the world now, 591 00:22:32,700 --> 00:22:35,200 obviously he wants this message to be private 592 00:22:35,200 --> 00:22:38,200 and nobody else should Have access to the message now. 593 00:22:38,200 --> 00:22:39,473 He uses a public forum. 594 00:22:39,473 --> 00:22:42,208 For example the internet for sending this message. 595 00:22:42,208 --> 00:22:44,937 The goal is to actually secure this communication. 596 00:22:44,937 --> 00:22:48,000 And of course we have to be secured against someone now, 597 00:22:48,000 --> 00:22:50,200 let's say there is a smart guy called Eve 598 00:22:50,200 --> 00:22:53,117 who is secretly got access to your Communication channel 599 00:22:53,117 --> 00:22:55,605 since this guy has access to your communication. 600 00:22:55,605 --> 00:22:57,900 He can do much more than just eavesdrop. 601 00:22:57,900 --> 00:23:01,100 For example, you can try to change the message in itself. 602 00:23:01,100 --> 00:23:03,100 Now this is just a small example. 603 00:23:03,123 --> 00:23:06,123 What if Eve actually gets access to your private information. 604 00:23:06,400 --> 00:23:09,500 Well that could actually result in a big catastrophe. 605 00:23:09,500 --> 00:23:11,100 So, how can an D be sure 606 00:23:11,100 --> 00:23:14,400 that nobody in the middle could access the message center sound. 607 00:23:14,500 --> 00:23:17,481 The goal here is to make communication secure and that's 608 00:23:17,481 --> 00:23:19,000 where cryptography comes in. 609 00:23:19,000 --> 00:23:21,200 So what exactly is cryptography? 610 00:23:21,200 --> 00:23:23,082 Well cryptography is the practice 611 00:23:23,082 --> 00:23:26,200 and the study of techniques for securing communication 612 00:23:26,200 --> 00:23:28,500 and data in the presence of adversaries. 613 00:23:28,600 --> 00:23:30,300 So, let me take a moment to explain 614 00:23:30,300 --> 00:23:31,600 how that actually happens. 615 00:23:31,900 --> 00:23:34,200 Well, first of all, we have a message. 616 00:23:34,200 --> 00:23:37,313 This message is firstly converted into a Eric form 617 00:23:37,313 --> 00:23:40,292 and then this numeric form is applied with a key 618 00:23:40,292 --> 00:23:41,800 called an encryption key 619 00:23:41,800 --> 00:23:45,100 and this encryption key is used in encryption algorithm. 620 00:23:45,100 --> 00:23:46,688 So once the numeric message 621 00:23:46,688 --> 00:23:48,958 and the encryption key has been applied 622 00:23:48,958 --> 00:23:50,500 in an encryption algorithm. 623 00:23:50,500 --> 00:23:52,600 What we get is called a cipher text. 624 00:23:52,600 --> 00:23:55,209 Now this Cipher text is sent over the network 625 00:23:55,209 --> 00:23:57,000 to the other side of the world 626 00:23:57,000 --> 00:23:59,900 where the other person whose message is intended 627 00:23:59,900 --> 00:24:02,870 for will actually use a decryption key and use 628 00:24:02,870 --> 00:24:06,384 the ciphertext as a parameter of a decryption algorithm. 629 00:24:06,384 --> 00:24:07,500 And then he'll get 630 00:24:07,500 --> 00:24:09,719 what we actually send as a message and 631 00:24:09,719 --> 00:24:12,900 if some error had actually occurred he'd get an arrow. 632 00:24:13,000 --> 00:24:13,659 So let's see 633 00:24:13,659 --> 00:24:16,900 how cryptography can help secure the connection between Andy 634 00:24:16,900 --> 00:24:19,100 and sound so the protect his message 635 00:24:19,100 --> 00:24:21,700 and the first converts his readable message 636 00:24:21,700 --> 00:24:23,431 to an unreadable form here. 637 00:24:23,431 --> 00:24:26,056 He converts a message to some random numbers 638 00:24:26,056 --> 00:24:27,400 and after that he uses 639 00:24:27,400 --> 00:24:30,630 a key to encrypt his message after applying this key 640 00:24:30,630 --> 00:24:32,700 to the numerical form of his message. 641 00:24:32,700 --> 00:24:35,000 He gets a new value in cryptography. 642 00:24:35,000 --> 00:24:36,600 We call this ciphertext. 643 00:24:36,700 --> 00:24:38,700 So now if Andy sends the ciphertext 644 00:24:38,700 --> 00:24:41,100 or encrypted message over Communication channel, 645 00:24:41,100 --> 00:24:42,212 he won't have to worry 646 00:24:42,212 --> 00:24:45,363 about somebody in the middle of discovering the private message. 647 00:24:45,363 --> 00:24:47,763 Even if somebody manages to discover the message, 648 00:24:47,763 --> 00:24:49,800 he won't be able to decrypt the message 649 00:24:49,800 --> 00:24:52,500 without having a proper key to unlock this message. 650 00:24:52,500 --> 00:24:54,800 So suppose Eve here discovers the message 651 00:24:54,800 --> 00:24:57,500 and he somehow manages to tamper with the message 652 00:24:57,500 --> 00:25:00,619 and message finally reaches some Sam would need a key 653 00:25:00,619 --> 00:25:03,931 to decrypt the message to recover the original plaintext. 654 00:25:03,931 --> 00:25:06,402 So using the key he would convert a cipher. 655 00:25:06,402 --> 00:25:08,284 X2 numerical value corresponding 656 00:25:08,284 --> 00:25:11,351 to the plain text now after using the key for decryption, 657 00:25:11,351 --> 00:25:14,200 what will come out is the original plain text message 658 00:25:14,200 --> 00:25:16,900 or an adult now this error is very important. 659 00:25:16,900 --> 00:25:18,252 It is the way Sam knows 660 00:25:18,252 --> 00:25:21,344 that message sent by Andy is not the same as a message 661 00:25:21,344 --> 00:25:22,258 that you receive. 662 00:25:22,258 --> 00:25:23,964 So the error in a sense tells us 663 00:25:23,964 --> 00:25:26,200 that Eve has tampered with the message. 664 00:25:26,200 --> 00:25:28,200 Now, the important thing to note here is 665 00:25:28,200 --> 00:25:30,257 that in modern cryptography the security 666 00:25:30,257 --> 00:25:33,000 of the system purely relies on keeping the encryption 667 00:25:33,000 --> 00:25:35,295 and decryption key secret based on the type 668 00:25:35,295 --> 00:25:36,497 of keys and encryption. 669 00:25:36,497 --> 00:25:37,711 Algorithms cryptography 670 00:25:37,711 --> 00:25:40,300 is classified under the following categories. 671 00:25:40,300 --> 00:25:42,635 Now cryptography is broadly classified 672 00:25:42,635 --> 00:25:44,300 under two categories namely 673 00:25:44,300 --> 00:25:47,900 symmetric key cryptography and a symmetric key cryptography 674 00:25:47,900 --> 00:25:50,700 popularly also known as public key cryptography. 675 00:25:50,700 --> 00:25:52,669 Now symmetric key cryptography 676 00:25:52,669 --> 00:25:55,789 is further classified as classical cryptography 677 00:25:55,789 --> 00:25:57,300 and modern cryptography 678 00:25:57,600 --> 00:26:01,400 further drilling down classical cryptography is divided into two 679 00:26:01,400 --> 00:26:03,107 which is transposition cipher 680 00:26:03,107 --> 00:26:06,700 and substitution Cipher on the other hand modern cryptography. 681 00:26:06,700 --> 00:26:08,620 He is divided into stream Cipher 682 00:26:08,620 --> 00:26:11,300 and block Cipher in the upcoming slides 683 00:26:11,300 --> 00:26:14,300 are broadly explain all these types of cryptography. 684 00:26:14,300 --> 00:26:17,200 So let's start with symmetric key cryptography first. 685 00:26:17,200 --> 00:26:20,800 So symmetric key algorithms are algorithms for cryptography 686 00:26:20,800 --> 00:26:24,240 that use the same cryptographic keys for broad encryption 687 00:26:24,240 --> 00:26:25,900 of plaintext and decryption 688 00:26:25,900 --> 00:26:28,600 of ciphertext the keys may be identical 689 00:26:28,600 --> 00:26:31,400 or there may be some simple transformation to go 690 00:26:31,400 --> 00:26:33,322 between the two keys the keys 691 00:26:33,322 --> 00:26:35,709 in practice represent a shared secret 692 00:26:35,709 --> 00:26:37,300 between two or more parties 693 00:26:37,300 --> 00:26:38,700 that can be used to maintain 694 00:26:38,700 --> 00:26:41,300 a private information link this requirement 695 00:26:41,300 --> 00:26:43,050 that both parties have access 696 00:26:43,050 --> 00:26:45,642 to the secret key is not the main drawbacks 697 00:26:45,642 --> 00:26:48,200 of symmetric key encryption in comparison 698 00:26:48,200 --> 00:26:50,039 to public key encryption also 699 00:26:50,039 --> 00:26:52,422 known as a symmetric key encryption now 700 00:26:52,422 --> 00:26:54,052 symmetric key cryptography 701 00:26:54,052 --> 00:26:57,000 is sometimes also called secret key cryptography 702 00:26:57,000 --> 00:26:59,356 and the most popular symmetric key system is 703 00:26:59,356 --> 00:27:01,000 the data encryption standards, 704 00:27:01,000 --> 00:27:03,900 which also stands for D EAS next up. 705 00:27:03,900 --> 00:27:06,400 We're going to discuss transposition Cipher. 706 00:27:06,400 --> 00:27:07,600 So in cryptography 707 00:27:07,600 --> 00:27:10,600 a transposition cipher is a method of encryption 708 00:27:10,600 --> 00:27:13,600 by which the positions held by units of plain text, 709 00:27:13,600 --> 00:27:15,710 which are commonly characters are groups 710 00:27:15,710 --> 00:27:18,655 of characters are shifted according to a regular system 711 00:27:18,655 --> 00:27:21,419 so that the ciphertext constitutes a permutation 712 00:27:21,419 --> 00:27:22,400 of the plain text. 713 00:27:22,400 --> 00:27:25,011 That is the order of units is changed. 714 00:27:25,011 --> 00:27:27,200 The plaintext is reordered now, 715 00:27:27,200 --> 00:27:30,100 mathematically speaking a bijective function is used 716 00:27:30,100 --> 00:27:31,500 on the characters position 717 00:27:31,500 --> 00:27:34,016 to encrypt and an inverse function to decrypt. 718 00:27:34,016 --> 00:27:34,988 So as you can see 719 00:27:34,988 --> 00:27:37,500 that there is an example All on the slide. 720 00:27:37,500 --> 00:27:40,088 So on the plain text side, we have a message, 721 00:27:40,088 --> 00:27:42,096 which says meet me after the party. 722 00:27:42,096 --> 00:27:42,339 Now. 723 00:27:42,339 --> 00:27:45,800 This has been carefully arranged in the encryption Matrix, 724 00:27:45,800 --> 00:27:49,500 which has been divided into six rows and the columns. 725 00:27:49,500 --> 00:27:51,200 So next we have a key 726 00:27:51,200 --> 00:27:54,100 which is basically for to 165 and then 727 00:27:54,100 --> 00:27:57,200 we rearranged by looking at the plain text Matrix 728 00:27:57,200 --> 00:27:59,023 and then we get the cipher text 729 00:27:59,023 --> 00:28:01,572 which basically is some unreadable gibberish 730 00:28:01,572 --> 00:28:02,454 at this moment. 731 00:28:02,454 --> 00:28:04,500 So that's how this whole algorithm works 732 00:28:04,500 --> 00:28:05,400 on the other hand 733 00:28:05,400 --> 00:28:08,100 when the ciphertext Being converted into the plain text 734 00:28:08,100 --> 00:28:10,500 The plaintext Matrix is going to be referred 735 00:28:10,500 --> 00:28:13,100 and it can be done very easily moving on. 736 00:28:13,100 --> 00:28:15,500 We are going to discuss substitution Cipher. 737 00:28:15,700 --> 00:28:19,182 So substitution of single letter separately simple substitution 738 00:28:19,182 --> 00:28:20,361 can be demonstrated 739 00:28:20,361 --> 00:28:22,100 by writing out the alphabets 740 00:28:22,100 --> 00:28:24,800 in some order to represent the substitution. 741 00:28:24,800 --> 00:28:27,800 This is termed a substitution alphabet the cipher 742 00:28:27,800 --> 00:28:29,568 the alphabet may be shifted 743 00:28:29,568 --> 00:28:31,600 or reversed creating the Caesar 744 00:28:31,600 --> 00:28:34,700 and upstage Cipher respectively or scrambled 745 00:28:34,700 --> 00:28:36,000 in a more complex fashion. 746 00:28:36,200 --> 00:28:38,657 In which case it is called a mixed Alpha bit 747 00:28:38,657 --> 00:28:39,800 or deranged alphabet 748 00:28:39,800 --> 00:28:43,030 traditionally mixed alphabets may be created by first writing 749 00:28:43,030 --> 00:28:45,435 out keyword removing repeated letters in it. 750 00:28:45,435 --> 00:28:48,400 Then writing all the remaining letters in the alphabet 751 00:28:48,400 --> 00:28:51,315 in the usual order now consider this example shown 752 00:28:51,315 --> 00:28:53,100 on the slide using the system. 753 00:28:53,100 --> 00:28:55,150 We just discussed the keyword zebras gives 754 00:28:55,150 --> 00:28:58,100 us the following alphabets from the plain text alphabet, 755 00:28:58,100 --> 00:28:59,100 which is a to z. 756 00:28:59,300 --> 00:29:00,600 So the ciphertext alphabet 757 00:29:00,600 --> 00:29:03,617 is basically zebras Then followed by all the alphabets. 758 00:29:03,617 --> 00:29:05,700 We have missed out in the zebra word. 759 00:29:05,700 --> 00:29:06,600 So as you guys, 760 00:29:06,600 --> 00:29:09,495 Can see it's zebras followed by s c d e f g h 761 00:29:09,495 --> 00:29:12,128 and so on now suppose we were to actually 762 00:29:12,128 --> 00:29:14,200 encrypt a message using this code. 763 00:29:14,200 --> 00:29:15,300 So as you guys can see 764 00:29:15,300 --> 00:29:17,200 on the screen, I've shown you an example, 765 00:29:17,200 --> 00:29:18,900 which is a message flee at once. 766 00:29:18,900 --> 00:29:20,600 We are discovered is being actually 767 00:29:20,600 --> 00:29:22,300 encrypted using this code. 768 00:29:22,301 --> 00:29:25,900 So if you guys can see out here the F letter 769 00:29:25,900 --> 00:29:27,900 actually corresponds to S. 770 00:29:28,246 --> 00:29:31,400 And then the L letter actually corresponds 771 00:29:31,400 --> 00:29:36,600 to I out here then we actually get the cipher text which is Si 772 00:29:36,600 --> 00:29:38,700 a a is that you using the code 773 00:29:38,700 --> 00:29:41,935 and the process that I just discussed now traditionally, 774 00:29:41,935 --> 00:29:44,100 the cipher text is written out in blocks 775 00:29:44,100 --> 00:29:46,900 of fixed length omitting punctuations and spaces. 776 00:29:46,900 --> 00:29:49,804 This is done to help avoid transmission errors to disguise 777 00:29:49,804 --> 00:29:52,098 the word boundaries from the plain text. 778 00:29:52,098 --> 00:29:53,800 Now these blocks are called groups 779 00:29:53,800 --> 00:29:55,217 and sometimes a group count. 780 00:29:55,217 --> 00:29:57,900 That is the number of groups is given as an additional 781 00:29:57,900 --> 00:30:00,400 check now five-letter groups are traditional 782 00:30:00,400 --> 00:30:01,400 as you guys can see 783 00:30:01,400 --> 00:30:04,400 that we have also divided our ciphertext into groups 784 00:30:04,400 --> 00:30:06,200 of five and this dates back. 785 00:30:06,200 --> 00:30:08,539 Back to when messages were actually used 786 00:30:08,539 --> 00:30:10,300 to be transmitted by Telegraph. 787 00:30:10,300 --> 00:30:11,300 Now if the length 788 00:30:11,300 --> 00:30:14,080 of the message happens not to be divisible by 5. 789 00:30:14,080 --> 00:30:16,300 It may be padded at the end with nulls 790 00:30:16,300 --> 00:30:18,237 and these can be any characters 791 00:30:18,237 --> 00:30:20,860 that can be decrypted to obvious nonsense. 792 00:30:20,860 --> 00:30:23,100 So the receiver can easily spot them 793 00:30:23,100 --> 00:30:26,700 and discard them next on our list is stream Cipher. 794 00:30:27,300 --> 00:30:29,300 So a stream Cipher is a method 795 00:30:29,300 --> 00:30:31,778 of encrypting text to produce Cipher text 796 00:30:31,778 --> 00:30:33,589 in which a cryptographic key 797 00:30:33,589 --> 00:30:36,500 and algorithm are applied to each binary digit 798 00:30:36,500 --> 00:30:38,660 in a data stream one bit at a time. 799 00:30:38,660 --> 00:30:41,900 This method is not much used in modern cryptography. 800 00:30:41,900 --> 00:30:44,944 The main alternative method is block Cipher in which a key 801 00:30:44,944 --> 00:30:46,405 and algorithm are applied 802 00:30:46,405 --> 00:30:49,521 to block of data rather than individual bits in a stream. 803 00:30:49,521 --> 00:30:49,800 Okay. 804 00:30:49,800 --> 00:30:52,249 So now that we've spoken about block Cipher let's go 805 00:30:52,249 --> 00:30:53,800 and actually explain what block 806 00:30:53,800 --> 00:30:57,111 Cipher does a block Cipher is an encryption method that 807 00:30:57,111 --> 00:30:58,582 A deterministic algorithm 808 00:30:58,582 --> 00:31:01,081 for the symmetric key to encrypt a block 809 00:31:01,081 --> 00:31:03,900 of text rather than encrypting one bit at a time as 810 00:31:03,900 --> 00:31:05,000 in stream ciphers. 811 00:31:05,000 --> 00:31:08,300 For example, a common block Cipher AES encryption 812 00:31:08,300 --> 00:31:11,500 128-bit blocks with a key of predetermined length. 813 00:31:11,500 --> 00:31:14,900 That is either 128 192 or 256 bits in length. 814 00:31:15,000 --> 00:31:16,100 Now block ciphers 815 00:31:16,100 --> 00:31:18,235 are pseudo-random permutation families 816 00:31:18,235 --> 00:31:21,000 that operate on the fixed size of block of bits. 817 00:31:21,000 --> 00:31:22,500 These prps our function 818 00:31:22,500 --> 00:31:25,000 that cannot be differentiated from completely 819 00:31:25,000 --> 00:31:26,158 random permutation 820 00:31:26,158 --> 00:31:29,800 and thus are A reliable and been proven to be unreliable 821 00:31:29,800 --> 00:31:30,686 by some Source. 822 00:31:30,686 --> 00:31:30,980 Okay. 823 00:31:30,980 --> 00:31:31,900 So now it's time 824 00:31:31,900 --> 00:31:34,200 that we discussed some asymmetric cryptography. 825 00:31:34,400 --> 00:31:36,500 So asymmetric cryptography also 826 00:31:36,500 --> 00:31:40,006 known as public key cryptography is any cryptography system 827 00:31:40,006 --> 00:31:41,400 that uses pair of keys, 828 00:31:41,400 --> 00:31:44,517 which is a public key which may be disseminated widely 829 00:31:44,517 --> 00:31:45,458 and private Keys 830 00:31:45,458 --> 00:31:47,300 which are known only to the owner. 831 00:31:47,300 --> 00:31:50,100 This accomplishes two functions authentication 832 00:31:50,100 --> 00:31:51,600 where the public key verify is 833 00:31:51,600 --> 00:31:54,350 that a holder of the paired private key send the message 834 00:31:54,350 --> 00:31:57,265 and encryption where only the paired private key holder. 835 00:31:57,265 --> 00:31:58,823 Decrypt the message encrypted 836 00:31:58,823 --> 00:32:02,000 with the public key and a public key encryption system. 837 00:32:02,000 --> 00:32:05,327 Any person can encrypt a message using the receivers public key 838 00:32:05,327 --> 00:32:07,636 that encrypted message can only be decrypted 839 00:32:07,636 --> 00:32:09,300 with the receivers private key. 840 00:32:09,300 --> 00:32:10,211 So to be practical 841 00:32:10,211 --> 00:32:12,800 the generation of public and private key pair 842 00:32:12,800 --> 00:32:15,276 must be computationally economical the strength 843 00:32:15,276 --> 00:32:17,451 of a public key cryptography system relies 844 00:32:17,451 --> 00:32:20,629 on computational efforts required to find the private key 845 00:32:20,629 --> 00:32:22,099 from its paid public key. 846 00:32:22,100 --> 00:32:23,307 So effective security 847 00:32:23,307 --> 00:32:25,896 only requires keeping the private key private 848 00:32:25,992 --> 00:32:28,300 and the public key can be a openly distributed 849 00:32:28,300 --> 00:32:29,800 without compromising security. 850 00:32:29,800 --> 00:32:30,100 Okay. 851 00:32:30,100 --> 00:32:31,800 So now that I've actually shown you guys 852 00:32:31,800 --> 00:32:33,700 how cryptography actually works and how 853 00:32:33,700 --> 00:32:36,423 the different classifications are actually applied. 854 00:32:36,423 --> 00:32:38,600 Let's go and do something interesting. 855 00:32:38,700 --> 00:32:41,800 So you guys are actually watching this video 856 00:32:41,800 --> 00:32:43,319 on YouTube right now. 857 00:32:43,319 --> 00:32:45,128 So if you guys actually go 858 00:32:45,128 --> 00:32:48,400 and click on the secure part besides the URL you 859 00:32:48,400 --> 00:32:50,920 can actually go and view the digital certificates 860 00:32:50,920 --> 00:32:52,600 that are actually used out here. 861 00:32:52,676 --> 00:32:54,523 So click on certificates 862 00:32:54,600 --> 00:32:57,400 and you'll see the details in the details. 863 00:32:57,400 --> 00:32:57,700 Up. 864 00:32:57,700 --> 00:33:00,905 Now as you guys can see the signature algorithm 865 00:33:00,905 --> 00:33:01,818 that is used 866 00:33:01,818 --> 00:33:06,000 for actually securing YouTube is being shot 256 with RSA 867 00:33:06,000 --> 00:33:09,100 and RC is a very very common encryption algorithm 868 00:33:09,100 --> 00:33:09,700 that is used 869 00:33:09,700 --> 00:33:12,600 throughout the internet then the signature hash algorithm 870 00:33:12,600 --> 00:33:15,000 that is being used is sha-256. 871 00:33:15,000 --> 00:33:18,100 And the issue is Googling internet Authority 872 00:33:18,100 --> 00:33:20,525 and you can get a lot of information 873 00:33:20,525 --> 00:33:23,894 about sites and all their Authority Key identifiers 874 00:33:23,894 --> 00:33:27,600 or certificate policies the key usage and a lot of thing 875 00:33:27,600 --> 00:33:31,218 about security just from this small little button audio. 876 00:33:31,218 --> 00:33:32,600 Also, let me show you 877 00:33:32,600 --> 00:33:35,800 a little how public key encryption actually works. 878 00:33:35,900 --> 00:33:37,053 So on the side, 879 00:33:37,053 --> 00:33:40,800 which is basically cobwebs dot CSV or UGA dot edu. 880 00:33:40,800 --> 00:33:44,105 You can actually demo out public key encryption. 881 00:33:44,105 --> 00:33:47,904 So suppose we had to send a message first we would need 882 00:33:47,904 --> 00:33:49,067 to generate keys. 883 00:33:49,067 --> 00:33:50,300 So as you can see, 884 00:33:50,300 --> 00:33:53,000 I just click generate keys and it got me two keys, 885 00:33:53,000 --> 00:33:54,696 which is one is the public key, 886 00:33:54,696 --> 00:33:57,164 which I will distribute for the network and one. 887 00:33:57,164 --> 00:34:00,400 Private key which I will actually keep secret to myself. 888 00:34:00,400 --> 00:34:01,200 Now. 889 00:34:01,200 --> 00:34:04,300 I want to send a message saying hi there. 890 00:34:04,500 --> 00:34:07,600 When is the exam tomorrow? 891 00:34:07,900 --> 00:34:11,800 So now we are going to encrypt it using the public key 892 00:34:11,800 --> 00:34:14,400 because that's exactly what's distributed. 893 00:34:14,400 --> 00:34:17,833 So now as you can see we have got our ciphertext saw 894 00:34:17,833 --> 00:34:20,643 this huge thing right out here is ciphertext 895 00:34:20,643 --> 00:34:24,500 and absolutely makes no sense whatsoever now suppose we were 896 00:34:24,500 --> 00:34:25,348 to actually then 897 00:34:25,348 --> 00:34:28,196 decrypt the message we would Would use the private key 898 00:34:28,196 --> 00:34:31,726 that goes along with our account and we would decode the message 899 00:34:31,726 --> 00:34:34,473 and as you guys can see voila we have hi there 900 00:34:34,474 --> 00:34:35,800 when the exam tomorrow. 901 00:34:35,899 --> 00:34:37,500 So we are actually sent a message 902 00:34:37,500 --> 00:34:40,500 on the internet in a very secure fashion above that. 903 00:34:40,500 --> 00:34:43,400 There's also our essay that needs some explaining 904 00:34:43,400 --> 00:34:46,164 because I had promised that to now RSA is a very 905 00:34:46,164 --> 00:34:47,800 very commonly used algorithm 906 00:34:47,800 --> 00:34:49,688 that is used throughout the internet 907 00:34:49,688 --> 00:34:51,900 and you just saw it being used by YouTube. 908 00:34:51,900 --> 00:34:53,400 So it has to be common. 909 00:34:53,400 --> 00:34:57,100 So RSA has a very unique way of applying this algorithm. 910 00:34:57,300 --> 00:34:58,900 There are many actual parameters 911 00:34:58,900 --> 00:35:00,600 that you actually need to study. 912 00:35:00,600 --> 00:35:00,900 Okay. 913 00:35:00,900 --> 00:35:03,500 So now we're actually going to discuss Odyssey, 914 00:35:03,500 --> 00:35:05,763 which is a very popular algorithm that is used 915 00:35:05,763 --> 00:35:06,752 for of the internet. 916 00:35:06,752 --> 00:35:07,523 And you also saw 917 00:35:07,523 --> 00:35:09,600 that it's being used by YouTube right now. 918 00:35:09,600 --> 00:35:12,300 So this cryptosystem is one of the initial system. 919 00:35:12,300 --> 00:35:15,007 It remains most employed cryptosystem even today 920 00:35:15,007 --> 00:35:17,600 and the system was invented by three Scholars, 921 00:35:17,600 --> 00:35:21,123 which is Ron rivest ADI Shamir and Len adleman 922 00:35:21,700 --> 00:35:25,500 hence the name RSA and we will see the two aspects 923 00:35:25,500 --> 00:35:27,000 of the RSA cryptosystem. 924 00:35:27,000 --> 00:35:28,860 Firstly generation of key pair 925 00:35:28,860 --> 00:35:31,520 and secondly encryption decryption algorithms. 926 00:35:31,520 --> 00:35:33,000 So each person or a party 927 00:35:33,000 --> 00:35:34,334 who desires to participate 928 00:35:34,334 --> 00:35:36,900 in communication using encryption needs to generate 929 00:35:36,900 --> 00:35:39,700 a pair of keys namely public key and private key. 930 00:35:39,700 --> 00:35:42,600 So the process followed in the generation of keys is 931 00:35:42,600 --> 00:35:43,634 as follows first, 932 00:35:43,634 --> 00:35:45,400 we have to actually calculate 933 00:35:45,400 --> 00:35:48,900 n now n is actually given by multiplying p and Q 934 00:35:48,900 --> 00:35:50,700 as you guys can see out here. 935 00:35:50,700 --> 00:35:54,792 So p and Q are supposed to be very large prime numbers so 936 00:35:54,792 --> 00:35:56,400 out here P will be 35, 937 00:35:56,400 --> 00:35:58,600 but Are some very strong encryption we 938 00:35:58,600 --> 00:36:01,000 are going to choose very large prime numbers. 939 00:36:01,000 --> 00:36:04,430 Then we actually have to calculate Phi L Phi is you 940 00:36:04,430 --> 00:36:06,900 can see the formula goes is p minus 1 941 00:36:06,900 --> 00:36:09,900 into Q minus 1 and this helps us determine 942 00:36:09,900 --> 00:36:11,734 for the encryption algorithm. 943 00:36:11,734 --> 00:36:13,577 Now, then we have to actually 944 00:36:13,577 --> 00:36:15,989 calculate e now he must be greater than 1 945 00:36:15,989 --> 00:36:17,063 and less than Phi 946 00:36:17,063 --> 00:36:18,248 which is p minus 1 947 00:36:18,248 --> 00:36:21,985 into Q minus 1 and there must be no common factors for e + 948 00:36:21,985 --> 00:36:23,100 5 except for one. 949 00:36:23,100 --> 00:36:24,118 So in other words, 950 00:36:24,118 --> 00:36:26,100 they must be co-prime to each other. 951 00:36:26,400 --> 00:36:29,500 Now to form the public key the pair of numbers 952 00:36:29,500 --> 00:36:32,423 n and E from the RSA public Key System. 953 00:36:32,600 --> 00:36:35,029 This is actually made public and is distributed 954 00:36:35,029 --> 00:36:37,800 throughout the network interestingly though, 955 00:36:37,800 --> 00:36:40,664 N is a part of the public key and the difficulty 956 00:36:40,664 --> 00:36:43,000 in factorizing a large prime number ensures 957 00:36:43,000 --> 00:36:45,200 that the attacker cannot find in finite time. 958 00:36:45,200 --> 00:36:47,109 The two primes that is p and Q 959 00:36:47,109 --> 00:36:50,800 that is used to obtain n this actually ensures the strength 960 00:36:50,800 --> 00:36:54,509 of RSA now in the generation of the private key. 961 00:36:54,700 --> 00:36:59,900 The private key D is It from p q and E for given n and E. 962 00:36:59,900 --> 00:37:02,200 There is a unique number D. Now. 963 00:37:02,200 --> 00:37:05,300 The number D is the inverse of B modulo 5. 964 00:37:05,300 --> 00:37:08,809 This means that D is a number less than five such that 965 00:37:08,809 --> 00:37:10,200 when multiplied by E. 966 00:37:10,200 --> 00:37:11,200 It gives one. 967 00:37:11,400 --> 00:37:14,500 So let's go and actually fill up these numbers. 968 00:37:14,500 --> 00:37:17,900 So n should be 35 out Hill 969 00:37:17,900 --> 00:37:21,100 and if we generate them we get the value of V, 970 00:37:21,100 --> 00:37:21,999 which is 24, 971 00:37:21,999 --> 00:37:24,100 which is basically 4 into 6, 972 00:37:24,100 --> 00:37:28,154 and then we should also get It's now he should be co-prime. 973 00:37:28,154 --> 00:37:32,400 So we are going to give it 11 as 11 is co-prime to both. 974 00:37:32,700 --> 00:37:36,779 So now for the actual encryption part we have to put in p 975 00:37:36,779 --> 00:37:37,800 and N out here 976 00:37:38,000 --> 00:37:40,600 so he out here for us is 11 977 00:37:40,600 --> 00:37:45,200 and N is 35 and then we are going to pick a letter 978 00:37:45,200 --> 00:37:46,584 to actually Cipher 979 00:37:46,584 --> 00:37:50,892 which is a and then we're going to encode it as a number. 980 00:37:50,900 --> 00:37:53,400 So as you guys can see we've encoded as 981 00:37:53,400 --> 00:37:56,200 one and out here now. 982 00:37:56,200 --> 00:37:59,000 After we've given the message it's numerical form. 983 00:37:59,000 --> 00:38:00,400 We click on encryption 984 00:38:00,400 --> 00:38:03,600 and we get it now to actually decrypt the message. 985 00:38:03,600 --> 00:38:07,300 We are going to need d and n now D for us was 5 986 00:38:07,900 --> 00:38:11,900 and N was 35 so 5 and 35 987 00:38:12,300 --> 00:38:15,000 and then we're going to take encrypted message 988 00:38:15,000 --> 00:38:18,100 from above and we're going to decrypt this message. 989 00:38:18,100 --> 00:38:20,200 So after you decrypt it, 990 00:38:20,200 --> 00:38:22,800 we have the numerical form of the plaintext 991 00:38:22,800 --> 00:38:26,118 and then decode the messages click here decode messages. 992 00:38:26,118 --> 00:38:29,800 And as you guys can see we have decoded the message using RSA. 993 00:38:29,980 --> 00:38:32,519 So guys that's how I receive Oaks. 994 00:38:32,700 --> 00:38:34,700 I explained all the factors 995 00:38:34,700 --> 00:38:38,814 that we actually use in our essay from n25 to e to D. 996 00:38:39,000 --> 00:38:41,500 And I hope you understood a part of it 997 00:38:41,700 --> 00:38:42,709 if y'all are still 998 00:38:42,709 --> 00:38:45,400 more interested y'all can actually research a lot 999 00:38:45,400 --> 00:38:48,900 on our say it's a very in-depth cryptography system p 1000 00:38:48,900 --> 00:38:56,200 and N now D for us was 5 and N was 35 so 5 and 35. 1001 00:38:56,700 --> 00:38:59,300 And then we're going to take encrypted message 1002 00:38:59,300 --> 00:39:02,400 from above and we're going to decrypt this message. 1003 00:39:02,400 --> 00:39:05,900 So after you decrypted we have the numerical form 1004 00:39:05,900 --> 00:39:07,000 of the plaintext 1005 00:39:07,000 --> 00:39:10,333 and then decode the messages click here decode message. 1006 00:39:10,333 --> 00:39:14,100 And as you guys can see we have decoded the message using RSA. 1007 00:39:14,200 --> 00:39:16,892 So guys, that's how I receive books. 1008 00:39:17,000 --> 00:39:19,000 I explained all the factors 1009 00:39:19,000 --> 00:39:23,114 that we actually use in our essay from n25 to e to D. 1010 00:39:23,200 --> 00:39:25,800 And I hope you understood a part of it. 1011 00:39:26,100 --> 00:39:27,158 If y'all are still 1012 00:39:27,158 --> 00:39:29,700 more interested y'all can actually research a lot 1013 00:39:29,700 --> 00:39:38,000 on our say it's a very in-depth cryptography system just 1014 00:39:38,000 --> 00:39:41,300 as pollution was a side effect of the Industrial Revolution. 1015 00:39:41,300 --> 00:39:43,451 So are the many security vulnerabilities 1016 00:39:43,451 --> 00:39:46,100 that come with the increase internet connectivity 1017 00:39:46,100 --> 00:39:47,900 cyber attacks are exploitations 1018 00:39:47,900 --> 00:39:51,254 of those vulnerabilities for the most part individuals 1019 00:39:51,254 --> 00:39:54,576 and businesses have found ways to counter cyber attacks using 1020 00:39:54,576 --> 00:39:56,400 a variety of security measures. 1021 00:39:56,400 --> 00:39:58,400 And just Good Old Common Sense. 1022 00:39:58,400 --> 00:39:59,700 We are going to examine eight 1023 00:39:59,700 --> 00:40:01,700 of the most common cyber security threats 1024 00:40:01,700 --> 00:40:04,800 that your business could face and the ways to avoid them. 1025 00:40:04,800 --> 00:40:07,065 So before we actually jump into the session, 1026 00:40:07,065 --> 00:40:09,641 let me give you how the session will actually work. 1027 00:40:09,641 --> 00:40:12,521 We are going to discuss the most 8 common cyber threats. 1028 00:40:12,521 --> 00:40:15,085 We're going to discuss in particular what they are 1029 00:40:15,085 --> 00:40:17,700 how the threat works and how to protect yourself. 1030 00:40:17,700 --> 00:40:18,026 Okay. 1031 00:40:18,026 --> 00:40:19,108 So now let's jump 1032 00:40:19,108 --> 00:40:22,293 in now cyber attacks are taking place all the time. 1033 00:40:22,293 --> 00:40:26,266 Even as we speak the security of some organization big or small. 1034 00:40:26,266 --> 00:40:27,843 All is being compromised. 1035 00:40:27,843 --> 00:40:28,600 For example, 1036 00:40:28,600 --> 00:40:31,200 if you visit this site out here that is threat Cloud. 1037 00:40:31,300 --> 00:40:34,000 You can actually view all the cyber attacks 1038 00:40:34,000 --> 00:40:35,896 that are actually happening right now. 1039 00:40:35,896 --> 00:40:38,200 Let me just give you a quick demonstration of 1040 00:40:38,200 --> 00:40:39,200 how that looks like. 1041 00:40:39,400 --> 00:40:41,600 Okay, so as you guys can see out here, 1042 00:40:41,600 --> 00:40:44,800 these are all the places that are being compromised right now. 1043 00:40:44,800 --> 00:40:47,369 The red Parts actually show us the part 1044 00:40:47,369 --> 00:40:50,116 that is being compromised and the yellow places 1045 00:40:50,116 --> 00:40:53,400 actually show us from where it's being compromised from. 1046 00:40:53,500 --> 00:40:55,200 Okay, as you guys can see now 1047 00:40:55,200 --> 00:40:58,729 that someone from Madeline's is actually attacking this place 1048 00:40:58,729 --> 00:41:01,100 and someone from USA was attacking Mexico. 1049 00:41:01,100 --> 00:41:02,431 It's a pretty interesting site 1050 00:41:02,431 --> 00:41:05,191 and actually gives you a scale of how many cyber attacks 1051 00:41:05,191 --> 00:41:07,600 are actually happening all the time in the world. 1052 00:41:07,600 --> 00:41:10,731 Okay now getting back I think looking at all these types 1053 00:41:10,731 --> 00:41:11,700 of cyber attacks. 1054 00:41:11,700 --> 00:41:12,600 It's only necessary 1055 00:41:12,600 --> 00:41:14,800 that we educate ourselves about all the types 1056 00:41:14,800 --> 00:41:16,500 of cyber threats that we have. 1057 00:41:16,500 --> 00:41:18,500 So these are the eight cyber threats 1058 00:41:18,500 --> 00:41:20,750 that we're going to be discussing today firstly. 1059 00:41:20,750 --> 00:41:22,600 We're going to start off with malware. 1060 00:41:22,900 --> 00:41:26,000 So malware is an all-encompassing term. 1061 00:41:26,100 --> 00:41:29,792 Or a variety of cyber attacks including Trojans viruses 1062 00:41:29,792 --> 00:41:32,533 and worms malware is simply defined as code 1063 00:41:32,533 --> 00:41:33,900 with malicious intent 1064 00:41:33,900 --> 00:41:35,577 that typically steals data 1065 00:41:35,577 --> 00:41:37,900 or destroy something on the computer. 1066 00:41:38,300 --> 00:41:41,276 The way malware goes about doing its damage can be helpful 1067 00:41:41,276 --> 00:41:44,200 in categorizing what kind of malware you're dealing with. 1068 00:41:44,200 --> 00:41:45,700 So let's discuss it. 1069 00:41:45,700 --> 00:41:49,400 So first of all viruses like the biological namesakes viruses 1070 00:41:49,400 --> 00:41:51,000 attach themselves to clean files 1071 00:41:51,000 --> 00:41:53,500 and infect other clean files and they can spread 1072 00:41:53,500 --> 00:41:56,400 uncontrollably damaging a systems core functionality. 1073 00:41:56,400 --> 00:41:58,100 I'm deleting or corrupting files. 1074 00:41:58,100 --> 00:42:00,100 They usually appear as executable files 1075 00:42:00,100 --> 00:42:02,400 that you might have downloaded from the internet. 1076 00:42:02,400 --> 00:42:03,835 Then there are also Trojans. 1077 00:42:03,835 --> 00:42:04,600 Now this kind 1078 00:42:04,600 --> 00:42:07,400 of malware disguises itself as legitimate software 1079 00:42:07,400 --> 00:42:10,400 or is included in legitimate software that can be tampered 1080 00:42:10,400 --> 00:42:13,800 with it tends to act discreetly and creates back doors 1081 00:42:13,800 --> 00:42:16,300 in your security to let other malware sin. 1082 00:42:16,300 --> 00:42:17,815 Then we have worms worms. 1083 00:42:17,815 --> 00:42:20,604 In fact entire networks of devices either local 1084 00:42:20,604 --> 00:42:23,898 or across the Internet by using the Network's interfaces. 1085 00:42:23,898 --> 00:42:26,310 It uses each consecutive infected machine. 1086 00:42:26,310 --> 00:42:28,900 To infect more and then we have botnets and such 1087 00:42:28,900 --> 00:42:31,600 where botnets are networks of infected computers 1088 00:42:31,600 --> 00:42:33,100 that are made to work together 1089 00:42:33,200 --> 00:42:35,319 under the controller of an attacker. 1090 00:42:35,319 --> 00:42:37,497 So basically you can encounter malware 1091 00:42:37,497 --> 00:42:39,674 if you have some OS vulnerabilities or 1092 00:42:39,674 --> 00:42:42,640 if you download some legitimate software from somewhere 1093 00:42:42,640 --> 00:42:44,725 or you have some other email attachment 1094 00:42:44,725 --> 00:42:46,100 that was compromised with 1095 00:42:46,600 --> 00:42:46,949 Okay. 1096 00:42:46,949 --> 00:42:49,400 So how exactly do you remove malware 1097 00:42:49,400 --> 00:42:51,800 or how exactly do you fight against it? 1098 00:42:51,800 --> 00:42:54,996 Well, each form of malware has its own way of infecting 1099 00:42:54,996 --> 00:42:56,290 and damaging computers 1100 00:42:56,290 --> 00:42:57,600 and data and so each one 1101 00:42:57,600 --> 00:42:59,807 requires a different malware removal method. 1102 00:42:59,807 --> 00:43:02,826 The best way to prevent malware is to avoid clicking on links 1103 00:43:02,826 --> 00:43:05,248 or downloading attachments from unknown senders. 1104 00:43:05,248 --> 00:43:06,594 And this is sometimes done 1105 00:43:06,594 --> 00:43:08,766 by deploying a robust and updated firewall 1106 00:43:08,766 --> 00:43:11,271 which prevents the transfer of large data files 1107 00:43:11,271 --> 00:43:13,806 over the network in a hope to be doubt attachments 1108 00:43:13,806 --> 00:43:15,100 that may contain malware. 1109 00:43:15,100 --> 00:43:17,000 It's also important oughtn't to make sure 1110 00:43:17,000 --> 00:43:18,600 your computer's operating system 1111 00:43:18,600 --> 00:43:21,518 whether it be Windows Mac OS Linux uses the most 1112 00:43:21,518 --> 00:43:23,177 up-to-date security updates 1113 00:43:23,177 --> 00:43:26,131 and software programmers update programs frequently 1114 00:43:26,131 --> 00:43:28,200 to address any holes or weak points, 1115 00:43:28,200 --> 00:43:30,882 and it's important to install all these updates as 1116 00:43:30,882 --> 00:43:33,400 well as to decrease your own system weaknesses. 1117 00:43:33,400 --> 00:43:36,900 So next up on our list of cyber threats we have fishing. 1118 00:43:36,900 --> 00:43:38,900 So what exactly is fishing 1119 00:43:38,900 --> 00:43:41,500 well often posing as a request for data 1120 00:43:41,500 --> 00:43:44,284 from a trusted third party phishing attacks 1121 00:43:44,284 --> 00:43:45,406 are sent via email 1122 00:43:45,406 --> 00:43:47,403 and ask Those to click on a link 1123 00:43:47,403 --> 00:43:50,797 and enter their personal data phishing emails have gotten 1124 00:43:50,797 --> 00:43:53,100 much more sophisticated in recent years 1125 00:43:53,100 --> 00:43:54,400 and making it difficult 1126 00:43:54,400 --> 00:43:56,900 for some people to discern a legitimate request 1127 00:43:56,900 --> 00:43:58,100 for an information 1128 00:43:58,100 --> 00:44:00,906 from a false one now phishing emails often fall 1129 00:44:00,906 --> 00:44:04,200 into the same category as spam but are way more harmful 1130 00:44:04,200 --> 00:44:05,600 than just a simple ad 1131 00:44:05,600 --> 00:44:08,200 so how exactly does fishing work. 1132 00:44:08,600 --> 00:44:12,200 Well most people associate fishing with email message 1133 00:44:12,200 --> 00:44:15,369 that spoof or mimic Bank credit card companies 1134 00:44:15,369 --> 00:44:17,500 or other Genesis like Amazon eBay 1135 00:44:17,500 --> 00:44:20,900 and Facebook these messages look at entik and attempt 1136 00:44:20,900 --> 00:44:23,800 to get victims to reveal their personal information. 1137 00:44:23,800 --> 00:44:25,300 But email messages are 1138 00:44:25,300 --> 00:44:27,200 only one small piece of a phishing scam 1139 00:44:27,400 --> 00:44:30,500 from beginning to end the process involves five steps. 1140 00:44:30,500 --> 00:44:32,600 The first step is planning the Fisher 1141 00:44:32,600 --> 00:44:35,400 must decide which business to Target and determine 1142 00:44:35,400 --> 00:44:36,913 how to get email addresses 1143 00:44:36,913 --> 00:44:38,888 for the customers of that business. 1144 00:44:38,888 --> 00:44:41,300 Then they must go through the setup phase. 1145 00:44:41,300 --> 00:44:44,500 Once they know which business to spoof and who their victims 1146 00:44:44,500 --> 00:44:47,441 are fissures create methods for Living the messages 1147 00:44:47,441 --> 00:44:50,515 and collecting the data then they have to execute the attack. 1148 00:44:50,515 --> 00:44:51,620 And this is the step. 1149 00:44:51,620 --> 00:44:54,198 Most people are familiar with that is the fishes 1150 00:44:54,198 --> 00:44:55,350 and the phony message 1151 00:44:55,350 --> 00:44:57,600 that appears to be from a reputable Source 1152 00:44:57,600 --> 00:44:59,200 after that the Fisher records 1153 00:44:59,200 --> 00:45:01,700 the information the victims enter into the web page 1154 00:45:01,700 --> 00:45:04,135 or pop-up windows and in the last step, 1155 00:45:04,135 --> 00:45:07,200 which is basically identity theft and fraud the Fisher's use 1156 00:45:07,200 --> 00:45:10,300 the information they've gathered to make illegal purchases 1157 00:45:10,300 --> 00:45:11,721 or otherwise commit fraud 1158 00:45:11,721 --> 00:45:14,839 and as many as 1/4 of the victims never fully recover. 1159 00:45:14,839 --> 00:45:18,322 So how exactly can Can you be actually preventing yourself 1160 00:45:18,322 --> 00:45:19,563 from getting fished? 1161 00:45:19,563 --> 00:45:22,607 Well, the only thing that you can do is being aware 1162 00:45:22,607 --> 00:45:24,887 of how phishing emails actually work. 1163 00:45:24,887 --> 00:45:25,900 So first of all, 1164 00:45:25,900 --> 00:45:29,100 a phishing email has some very specific properties. 1165 00:45:29,100 --> 00:45:31,041 So firstly you will have something 1166 00:45:31,041 --> 00:45:32,800 like a very generalized way 1167 00:45:32,800 --> 00:45:36,700 of addressing someone liked your client then your message 1168 00:45:36,700 --> 00:45:40,354 will not be actually from a very reputable source so out here 1169 00:45:40,354 --> 00:45:43,400 as you can see it's written as Amazon on the label, 1170 00:45:43,400 --> 00:45:46,500 but if you actually inspect the email address that Came 1171 00:45:46,500 --> 00:45:49,276 from its from management at Maison Canada dot C A 1172 00:45:49,276 --> 00:45:52,100 which is not exactly a legitimate Amazon address. 1173 00:45:52,100 --> 00:45:52,500 Third. 1174 00:45:52,500 --> 00:45:55,900 You can actually hover over the redirect links and see 1175 00:45:55,900 --> 00:45:59,500 where they actually redirect you to now this redirects me 1176 00:45:59,500 --> 00:46:01,880 to www.facebook.com zone.com 1177 00:46:01,900 --> 00:46:03,100 as you can see out here. 1178 00:46:03,200 --> 00:46:04,599 So basically, you know, 1179 00:46:04,599 --> 00:46:07,605 this is actually a phishing email and you should actually 1180 00:46:07,605 --> 00:46:09,734 report this email to your administrators 1181 00:46:09,734 --> 00:46:10,616 or anybody else 1182 00:46:10,616 --> 00:46:13,886 that you think is supposed to be concerned with this also. 1183 00:46:13,886 --> 00:46:16,300 Let me give you guys a quick demonstration. 1184 00:46:16,300 --> 00:46:19,600 Chinon how fishing actually works from the perspective 1185 00:46:19,600 --> 00:46:20,904 of an attacker. 1186 00:46:21,100 --> 00:46:22,500 So first of all, 1187 00:46:22,700 --> 00:46:26,600 I have actually created a phishing website for 1188 00:46:26,600 --> 00:46:28,900 harvesting Facebook credentials. 1189 00:46:29,000 --> 00:46:31,600 I simply just took the source code 1190 00:46:31,600 --> 00:46:33,600 of the Facebook login page 1191 00:46:33,600 --> 00:46:37,400 and paste it and then made a back-end code in PHP 1192 00:46:37,400 --> 00:46:40,812 which makes a log file of all the Facebook passwords 1193 00:46:40,812 --> 00:46:44,225 that get actually entered onto the fishing page now. 1194 00:46:44,225 --> 00:46:46,300 I've also sent myself an email. 1195 00:46:46,300 --> 00:46:48,606 As to make sure this looks legitimate, 1196 00:46:48,606 --> 00:46:51,100 but this is only for spreading awareness. 1197 00:46:51,100 --> 00:46:53,600 So please don't use this method for actually 1198 00:46:53,600 --> 00:46:55,007 harvesting credentials. 1199 00:46:55,007 --> 00:46:57,500 That's actually a very legal thing to do. 1200 00:46:57,500 --> 00:46:58,945 So, let's get started. 1201 00:46:58,945 --> 00:46:59,600 First of all, 1202 00:46:59,600 --> 00:47:01,200 you will go to your email and see 1203 00:47:01,200 --> 00:47:04,900 that you'll get some emails saying your Facebook credentials 1204 00:47:04,900 --> 00:47:06,274 have been compromised. 1205 00:47:06,274 --> 00:47:09,000 So when you open it, it looks pretty legit. 1206 00:47:09,000 --> 00:47:11,410 Well, I haven't made it look all that legit. 1207 00:47:11,410 --> 00:47:12,515 It should look legit. 1208 00:47:12,515 --> 00:47:15,165 But the point out here is to actually make you aware 1209 00:47:15,165 --> 00:47:16,100 of how this works. 1210 00:47:16,100 --> 00:47:18,550 So as you guys can see it says Dear client we have 1211 00:47:18,550 --> 00:47:19,800 strong reasons to believe 1212 00:47:19,800 --> 00:47:21,900 that your credentials may have been compromised 1213 00:47:21,900 --> 00:47:23,900 and might have been used by someone else. 1214 00:47:23,900 --> 00:47:25,900 We have locked your Facebook account. 1215 00:47:25,900 --> 00:47:28,419 Please click here to unlock sincerely 1216 00:47:28,419 --> 00:47:30,100 Facebook associate Dean. 1217 00:47:30,283 --> 00:47:32,600 So if we actually click here, 1218 00:47:32,600 --> 00:47:36,518 we are actually redirected to a nice-looking Facebook page, 1219 00:47:36,518 --> 00:47:37,600 which is exactly 1220 00:47:37,600 --> 00:47:41,079 how Facebook looks like when you're logging in now suppose. 1221 00:47:41,079 --> 00:47:43,900 I were to actually log into my Facebook account, 1222 00:47:43,900 --> 00:47:46,300 which I won't I'll just use some brand my 1223 00:47:46,300 --> 00:47:52,000 Like this is an email addres gmail.com and let's put 1224 00:47:52,000 --> 00:47:54,600 password as admin 1 2 3 1225 00:47:54,900 --> 00:47:56,800 and we click login now 1226 00:47:56,800 --> 00:48:00,373 since my Facebook is actually already logged in it will just 1227 00:48:00,373 --> 00:48:01,855 redirect to facebook.com 1228 00:48:01,855 --> 00:48:05,500 and you might just see me logged in but on a normal computer 1229 00:48:05,500 --> 00:48:08,115 is just redirect you to www.facebook.com, 1230 00:48:08,115 --> 00:48:10,600 which should just show this site again. 1231 00:48:10,715 --> 00:48:11,100 Okay. 1232 00:48:11,100 --> 00:48:13,300 So once I click login out here all 1233 00:48:13,300 --> 00:48:16,300 that the backend code that I've written in PHP. 1234 00:48:16,300 --> 00:48:18,000 PHP out here will do is 1235 00:48:18,000 --> 00:48:20,800 that it's going to take all the parameters 1236 00:48:20,800 --> 00:48:22,876 that have entered into this website. 1237 00:48:22,876 --> 00:48:24,300 That is my email address 1238 00:48:24,300 --> 00:48:27,000 and the password and just generate a log file about it. 1239 00:48:27,100 --> 00:48:29,854 So let's just hit login and see what happens. 1240 00:48:29,854 --> 00:48:32,600 So as you guys can see I've been redirected 1241 00:48:32,600 --> 00:48:34,500 to the original Facebook page 1242 00:48:34,500 --> 00:48:38,700 that is not meant for fishing and on my system audio. 1243 00:48:39,100 --> 00:48:41,100 I have a log file 1244 00:48:41,100 --> 00:48:43,400 and this log file will show exactly 1245 00:48:43,400 --> 00:48:46,197 as you can see are fished out the email address. 1246 00:48:46,197 --> 00:48:47,500 This is an email addres 1247 00:48:47,500 --> 00:48:50,043 gmail.com and it's also showed the password. 1248 00:48:50,043 --> 00:48:51,700 That is admin one two three. 1249 00:48:51,700 --> 00:48:56,000 So this is how exactly fishing works you enter an email address 1250 00:48:56,000 --> 00:48:58,125 and you're entering the email address 1251 00:48:58,125 --> 00:48:59,300 on a phishing website. 1252 00:48:59,300 --> 00:49:02,010 And then it just redirects you to the original site. 1253 00:49:02,010 --> 00:49:05,200 But by this time you've already compromised your credentials. 1254 00:49:05,200 --> 00:49:08,100 So always be careful when dealing with such emails. 1255 00:49:08,400 --> 00:49:09,403 So now jumping back 1256 00:49:09,403 --> 00:49:11,781 to our session the next type of cyber attacks. 1257 00:49:11,781 --> 00:49:14,100 We're going to discuss is password adducts. 1258 00:49:14,300 --> 00:49:15,900 So an attempt to obtain 1259 00:49:15,900 --> 00:49:17,773 or decrypt a user's password 1260 00:49:17,773 --> 00:49:21,086 for illegal use is exactly what a password attack is 1261 00:49:21,086 --> 00:49:24,400 Hackers can use cracking programs dictionary attacks 1262 00:49:24,400 --> 00:49:25,511 and passwords Nippers 1263 00:49:25,511 --> 00:49:28,100 and password attacks password cracking refers 1264 00:49:28,100 --> 00:49:31,082 to various measures used to discover computer passwords. 1265 00:49:31,082 --> 00:49:34,000 This is usually accomplished by recovering passwords 1266 00:49:34,000 --> 00:49:35,942 from data stored in or transported 1267 00:49:35,942 --> 00:49:38,700 from a computer system password cracking is done by 1268 00:49:38,700 --> 00:49:41,200 either repeatedly guessing the password usually 1269 00:49:41,200 --> 00:49:43,399 through a computer algorithm in which the computer 1270 00:49:43,399 --> 00:49:44,800 tries numerous combinations. 1271 00:49:44,800 --> 00:49:47,700 Nations under the password is successfully discovered now 1272 00:49:47,700 --> 00:49:50,100 password attacks can be done for several reasons, 1273 00:49:50,100 --> 00:49:51,700 but the most malicious reason is 1274 00:49:51,700 --> 00:49:53,600 in order to gain unauthorized access 1275 00:49:53,600 --> 00:49:54,414 to a computer 1276 00:49:54,414 --> 00:49:57,700 with the computers owners awareness not being in place. 1277 00:49:57,700 --> 00:49:58,620 Now this results 1278 00:49:58,620 --> 00:50:01,835 in cyber crime such as stealing passwords for the purpose 1279 00:50:01,835 --> 00:50:03,600 of accessing Bank information. 1280 00:50:03,600 --> 00:50:05,600 Now today, there are three common methods 1281 00:50:05,600 --> 00:50:08,000 used to break into a password-protected system. 1282 00:50:08,000 --> 00:50:10,498 The first is a Brute Force attack a hacker 1283 00:50:10,498 --> 00:50:11,900 uses a computer program 1284 00:50:11,900 --> 00:50:14,300 or script to try to login with possible. 1285 00:50:14,300 --> 00:50:16,900 Odd combinations usually starting with the easiest 1286 00:50:16,900 --> 00:50:17,900 to guess password. 1287 00:50:17,900 --> 00:50:20,881 So just think if a hacker has a company list he or she 1288 00:50:20,881 --> 00:50:22,200 can easily guess usernames. 1289 00:50:22,200 --> 00:50:24,600 If even one of the users has a password one, two, 1290 00:50:24,600 --> 00:50:25,946 three, he will quickly 1291 00:50:25,946 --> 00:50:28,904 be able to get in the next our dictionary attacks. 1292 00:50:28,904 --> 00:50:30,534 Now a hacker uses a program 1293 00:50:30,534 --> 00:50:31,500 or script to try 1294 00:50:31,500 --> 00:50:33,600 to login bicycling through the combinations 1295 00:50:33,600 --> 00:50:36,570 of common words in contrast with Brute Force attacks 1296 00:50:36,570 --> 00:50:40,099 where a large proportion key space is searched systematically 1297 00:50:40,100 --> 00:50:42,900 a dictionary attack tries only those possibilities 1298 00:50:42,900 --> 00:50:44,700 which are most likely to succeed. 1299 00:50:44,900 --> 00:50:46,842 Typically derived from a list of words, 1300 00:50:46,842 --> 00:50:50,000 for example a dictionary generally dictionary attacks 1301 00:50:50,000 --> 00:50:53,703 succeed because most people have a tendency to choose passwords 1302 00:50:53,703 --> 00:50:54,400 which are short 1303 00:50:54,400 --> 00:50:56,800 or such as single words found in the dictionaries 1304 00:50:56,800 --> 00:50:59,200 or simple easy predicted variations on words 1305 00:50:59,200 --> 00:51:01,200 such as a pending a digit or so. 1306 00:51:01,200 --> 00:51:02,300 Now the last kind 1307 00:51:02,300 --> 00:51:05,923 of password attacks are used by keylogger tax hacker uses 1308 00:51:05,923 --> 00:51:08,900 a program to track all of the users keystrokes. 1309 00:51:08,900 --> 00:51:11,550 So at the end of the day everything the user has typed 1310 00:51:11,550 --> 00:51:14,350 including the login IDs and passwords have been recorded. 1311 00:51:14,350 --> 00:51:17,100 Added a keylogger attack is different than a brute force 1312 00:51:17,100 --> 00:51:19,800 or dictionary attack in many ways not the least 1313 00:51:19,800 --> 00:51:22,682 of which the key logging program used as a malware 1314 00:51:22,682 --> 00:51:25,329 that must first make it onto the user's device 1315 00:51:25,329 --> 00:51:27,700 and the keylogger attacks are also different 1316 00:51:27,700 --> 00:51:28,999 because stronger passwords 1317 00:51:28,999 --> 00:51:31,100 don't provide much protection against them, 1318 00:51:31,100 --> 00:51:32,100 which is one reason 1319 00:51:32,100 --> 00:51:35,200 that multi-factor authentication is becoming a must-have 1320 00:51:35,200 --> 00:51:37,500 for all businesses and organizations. 1321 00:51:37,500 --> 00:51:40,500 Now, the only way to stop yourself from getting killed 1322 00:51:40,500 --> 00:51:42,700 in the whole password attack conundrum is 1323 00:51:42,700 --> 00:51:45,100 by actually practicing the Best practices 1324 00:51:45,100 --> 00:51:48,600 that are being discussed in the whole industry about passwords. 1325 00:51:48,600 --> 00:51:50,800 So basically you should update your password. 1326 00:51:50,800 --> 00:51:51,400 Regularly. 1327 00:51:51,800 --> 00:51:53,200 You should use alphanumerics 1328 00:51:53,200 --> 00:51:55,414 in your password and you should never use words 1329 00:51:55,414 --> 00:51:57,100 that are actually in the dictionary. 1330 00:51:57,100 --> 00:51:59,511 It's always advisable to use garbage words 1331 00:51:59,511 --> 00:52:00,600 that makes no sense 1332 00:52:00,600 --> 00:52:03,400 for passwords as a just increase your security. 1333 00:52:03,900 --> 00:52:07,500 So moving on we're going to discuss DDOS attacks. 1334 00:52:08,000 --> 00:52:12,000 So what exactly is a DDOS or a Dos attack? 1335 00:52:12,200 --> 00:52:13,300 Well, first of all, 1336 00:52:13,300 --> 00:52:16,770 it stands for distributed denial of service and a Dos attack 1337 00:52:16,770 --> 00:52:19,400 focuses on disrupting the service to a network 1338 00:52:19,400 --> 00:52:21,164 as the name suggests attackers 1339 00:52:21,164 --> 00:52:24,038 and high volume of data of traffic through the network 1340 00:52:24,038 --> 00:52:25,879 until the network becomes overloaded 1341 00:52:25,879 --> 00:52:27,300 and can no longer function. 1342 00:52:27,300 --> 00:52:29,450 So there are a few different ways attackers 1343 00:52:29,450 --> 00:52:30,681 can achieve dos attack, 1344 00:52:30,681 --> 00:52:31,651 but the most common 1345 00:52:31,651 --> 00:52:33,851 is the distributed denial-of-service attack. 1346 00:52:33,851 --> 00:52:36,411 This involves the attacker using multiple computers 1347 00:52:36,411 --> 00:52:38,023 to send the traffic or data 1348 00:52:38,023 --> 00:52:41,588 that will overload the system in many instances a person 1349 00:52:41,588 --> 00:52:42,691 may not even realize 1350 00:52:42,691 --> 00:52:44,949 that his or her computer has been hijacked 1351 00:52:44,949 --> 00:52:45,943 and is contributing 1352 00:52:45,943 --> 00:52:48,426 to the Dos attack now disrupting Services 1353 00:52:48,426 --> 00:52:51,100 can have serious consequences relating to security 1354 00:52:51,100 --> 00:52:53,100 and online access many instances 1355 00:52:53,100 --> 00:52:56,041 of large-scale Dos attacks have been implemented as 1356 00:52:56,041 --> 00:52:58,263 a single sign of protest towards governments 1357 00:52:58,263 --> 00:52:59,794 or individuals and have led 1358 00:52:59,794 --> 00:53:02,500 to severe punishment including major jail time. 1359 00:53:02,500 --> 00:53:05,800 So, how can you Prevent dos attacks against yourself. 1360 00:53:05,800 --> 00:53:08,100 Well, firstly unless your company is huge. 1361 00:53:08,100 --> 00:53:11,380 It's rare that you would be even targeted by an outside group 1362 00:53:11,380 --> 00:53:13,473 or attackers for a Dos attack your site 1363 00:53:13,473 --> 00:53:15,739 or network could still fall victim to one. 1364 00:53:15,739 --> 00:53:19,242 However, if another organization on your network is targeted now 1365 00:53:19,242 --> 00:53:21,871 the best way to prevent an additional breach 1366 00:53:21,871 --> 00:53:24,600 is to keep your system as secure as possible with 1367 00:53:24,600 --> 00:53:27,653 regular software updates online security monitoring 1368 00:53:27,653 --> 00:53:30,900 and monitoring of your data flow to identify any unusual 1369 00:53:30,900 --> 00:53:32,500 or threatening spikes in traffic 1370 00:53:32,500 --> 00:53:34,000 before they become a problem. 1371 00:53:34,100 --> 00:53:36,400 Dos attacks can also be perpetrated by 1372 00:53:36,400 --> 00:53:38,700 simply cutting a table or dislodging a plug 1373 00:53:38,700 --> 00:53:41,523 that connects your website server to the Internet 1374 00:53:41,523 --> 00:53:43,663 so due diligence in physically monitoring. 1375 00:53:43,663 --> 00:53:45,700 Your connections is recommended as well. 1376 00:53:46,100 --> 00:53:46,500 Okay. 1377 00:53:46,500 --> 00:53:50,200 So next up on our list is man-in-the-middle attacks. 1378 00:53:50,600 --> 00:53:52,400 So by impersonating 1379 00:53:52,400 --> 00:53:56,700 the endpoints in an online information exchange the man 1380 00:53:56,700 --> 00:53:59,700 in the middle attack can obtain information from the end user 1381 00:53:59,700 --> 00:54:00,900 and the entity he 1382 00:54:00,900 --> 00:54:03,700 or she is communicating with for example So 1383 00:54:03,700 --> 00:54:05,300 if you are Banking online 1384 00:54:05,300 --> 00:54:07,866 the man in the middle would communicate with you 1385 00:54:07,866 --> 00:54:09,224 by impersonating your bank 1386 00:54:09,224 --> 00:54:12,200 and communicate with the bank by impersonating you the man 1387 00:54:12,200 --> 00:54:14,900 in the middle would then receive all of the information 1388 00:54:14,900 --> 00:54:16,518 transferred between both parties 1389 00:54:16,518 --> 00:54:19,300 which could include sensitive data such as bank accounts 1390 00:54:19,300 --> 00:54:20,700 and personal information. 1391 00:54:20,800 --> 00:54:24,003 So how does it exactly work normally an MI t-- 1392 00:54:24,003 --> 00:54:25,000 M gains access 1393 00:54:25,000 --> 00:54:27,945 through an unencrypted wireless access point 1394 00:54:27,945 --> 00:54:29,400 which is basically one 1395 00:54:29,400 --> 00:54:33,500 that doesn't use WEP WPA or any of the other security measures. 1396 00:54:33,500 --> 00:54:36,300 Then they would have to access all the information 1397 00:54:36,300 --> 00:54:37,300 being transferred 1398 00:54:37,300 --> 00:54:39,500 between both parties by actually 1399 00:54:39,500 --> 00:54:42,300 spoofing something called address resolution protocol. 1400 00:54:42,300 --> 00:54:43,340 That is the protocol 1401 00:54:43,340 --> 00:54:45,743 that is used when you are actually connecting 1402 00:54:45,743 --> 00:54:47,600 to your gateway from your computer. 1403 00:54:47,600 --> 00:54:51,300 So how can you exactly prevent MIT am attacks from happening 1404 00:54:51,300 --> 00:54:55,000 against you firstly you have to use an encrypted W AP 1405 00:54:55,000 --> 00:54:58,400 that is an encrypted wireless access point next. 1406 00:54:58,400 --> 00:55:00,300 You should always check the security 1407 00:55:00,300 --> 00:55:01,800 of your connection because 1408 00:55:01,800 --> 00:55:05,200 when somebody is actually trying to To compromise your security. 1409 00:55:05,200 --> 00:55:09,000 He will try to actually strip down the HTTP or hsts 1410 00:55:09,000 --> 00:55:10,988 that is being injected in the website, 1411 00:55:10,988 --> 00:55:13,399 which is basically the security protocols. 1412 00:55:13,400 --> 00:55:14,275 So if something 1413 00:55:14,275 --> 00:55:16,964 like this HTTP is not appearing in your website, 1414 00:55:16,964 --> 00:55:19,964 you're on an insecure website where your credentials 1415 00:55:19,964 --> 00:55:22,000 or your information can be compromised 1416 00:55:22,000 --> 00:55:23,800 and the last and final measure 1417 00:55:23,800 --> 00:55:26,211 that you can actually use is by investing 1418 00:55:26,211 --> 00:55:27,900 in a virtual private Network 1419 00:55:27,900 --> 00:55:29,641 which spoofs your entire IP 1420 00:55:29,641 --> 00:55:31,900 and you can just browse the internet 1421 00:55:31,900 --> 00:55:33,400 with perfect comfort. 1422 00:55:33,700 --> 00:55:36,800 Next up on our list is drive-by downloads. 1423 00:55:36,800 --> 00:55:37,800 So Gone are the days 1424 00:55:37,800 --> 00:55:39,900 where you had to click to accept a download 1425 00:55:39,900 --> 00:55:41,400 or install the software update 1426 00:55:41,400 --> 00:55:43,231 in order to become infected 1427 00:55:43,231 --> 00:55:45,673 now just opening a compromise webpage 1428 00:55:45,673 --> 00:55:49,300 could allow dangerous code to install on your device. 1429 00:55:49,300 --> 00:55:53,410 You just need to visit or drive by a web page without stopping 1430 00:55:53,410 --> 00:55:55,500 or to click accept any software 1431 00:55:55,500 --> 00:55:57,241 at the malicious code can download 1432 00:55:57,241 --> 00:56:00,592 in the background to your device a drive-by download refers 1433 00:56:00,592 --> 00:56:03,407 to the unintentional download of a virus or malicious. 1434 00:56:03,407 --> 00:56:04,995 Software onto your computer 1435 00:56:04,995 --> 00:56:07,200 or mobile device a drive-by download 1436 00:56:07,200 --> 00:56:08,800 will usually take advantage 1437 00:56:08,800 --> 00:56:11,623 or exploit a browser or app or operating system 1438 00:56:11,623 --> 00:56:14,200 that is out of date and has security flaws. 1439 00:56:14,200 --> 00:56:15,200 This initial code 1440 00:56:15,200 --> 00:56:17,900 that is downloaded is often very small and 1441 00:56:17,900 --> 00:56:21,000 since its job is often simply to contact another computer 1442 00:56:21,000 --> 00:56:23,100 where it can pull down the rest of the code 1443 00:56:23,100 --> 00:56:24,500 onto your smartphone tablet 1444 00:56:24,500 --> 00:56:27,100 or other computers often a web page will contain 1445 00:56:27,100 --> 00:56:29,600 several different types of malicious code in hopes 1446 00:56:29,600 --> 00:56:32,400 that one of them will match a weakness on your computer. 1447 00:56:32,800 --> 00:56:36,900 So What is this exactly what But first you visit the site 1448 00:56:36,900 --> 00:56:39,741 and during the three-way handshake connection 1449 00:56:39,741 --> 00:56:43,100 of the TCP IP protocol a back in script is triggered. 1450 00:56:43,100 --> 00:56:46,537 As soon as a connection is made by Al the last ack packet 1451 00:56:46,537 --> 00:56:48,607 is sent a download is also triggered 1452 00:56:48,607 --> 00:56:51,800 and the malware is basically injected into your system. 1453 00:56:51,800 --> 00:56:54,309 Now the best advice I can share about overriding 1454 00:56:54,309 --> 00:56:56,954 drive-by downloads is to avoid visiting websites 1455 00:56:56,954 --> 00:56:59,600 that could be considered dangerous or malicious. 1456 00:56:59,600 --> 00:57:02,870 This includes adult content file sharing websites, 1457 00:57:02,870 --> 00:57:06,204 or Anything that offers you a free trip to the Bahamas 1458 00:57:06,204 --> 00:57:07,400 Now some other tips 1459 00:57:07,400 --> 00:57:09,968 to stay protected include keep your internet browser 1460 00:57:09,968 --> 00:57:13,220 and operating system up-to-date use a saved search protocol 1461 00:57:13,220 --> 00:57:14,800 that once you went to navigate 1462 00:57:14,800 --> 00:57:18,300 to a malicious site and use comprehensive security software 1463 00:57:18,300 --> 00:57:20,800 on all your devices like McAfee all access 1464 00:57:20,800 --> 00:57:22,100 and keeping it up to date. 1465 00:57:22,700 --> 00:57:25,700 Okay, so that was it about drive-by downloads. 1466 00:57:25,700 --> 00:57:28,900 Next up is Mal advertising or malvert izing. 1467 00:57:28,900 --> 00:57:32,200 So malvit sizing is the name we in the security industry 1468 00:57:32,200 --> 00:57:34,700 give to criminally Android advertisements 1469 00:57:34,700 --> 00:57:35,899 which intentionally, 1470 00:57:35,899 --> 00:57:37,700 in fact people and businesses. 1471 00:57:37,700 --> 00:57:39,035 These can be any ad 1472 00:57:39,035 --> 00:57:42,200 on any site often ones which you use as a part 1473 00:57:42,200 --> 00:57:46,000 of your everyday internet usage and it is a growing problem 1474 00:57:46,000 --> 00:57:48,668 as is evident by a recent US Senate report 1475 00:57:48,668 --> 00:57:50,612 and the establishment of bodies 1476 00:57:50,612 --> 00:57:54,085 like trust and ads now whilst the technology being used 1477 00:57:54,085 --> 00:57:57,296 in the background is very Advanced the way presents 1478 00:57:57,296 --> 00:58:00,700 to the person beings infected is simple to all intents 1479 00:58:00,700 --> 00:58:03,361 and purposes the advertisement looks the same. 1480 00:58:03,361 --> 00:58:06,300 Same as any other but has been placed by criminal 1481 00:58:06,300 --> 00:58:08,395 like you can see the mint at out here. 1482 00:58:08,395 --> 00:58:09,865 It's really out of place. 1483 00:58:09,865 --> 00:58:12,436 So you could say it's been made by a criminal now 1484 00:58:12,436 --> 00:58:15,913 without your knowledge a tiny piece of code hidden deep 1485 00:58:15,913 --> 00:58:18,618 in the advertisement is making your computer go 1486 00:58:18,618 --> 00:58:21,500 to the criminal servers these and catalog details 1487 00:58:21,500 --> 00:58:22,472 about your computer 1488 00:58:22,472 --> 00:58:23,291 and its location 1489 00:58:23,291 --> 00:58:25,800 before choosing which piece of malware to send you 1490 00:58:25,800 --> 00:58:27,998 and this doesn't need a new browser window 1491 00:58:27,998 --> 00:58:29,500 and you won't know about it. 1492 00:58:29,500 --> 00:58:33,200 So basically you're redirected to some criminal server. 1493 00:58:33,200 --> 00:58:36,914 Neither injections takes place and voila you're infected. 1494 00:58:36,914 --> 00:58:39,300 It's a pretty dangerous thing to be in. 1495 00:58:39,300 --> 00:58:41,900 So how exactly can you stop ma advertising. 1496 00:58:41,900 --> 00:58:43,127 Well, first of all, 1497 00:58:43,127 --> 00:58:45,000 you need to use an ad blocker, 1498 00:58:45,000 --> 00:58:48,600 which is a very must in this day and age you 1499 00:58:48,600 --> 00:58:51,411 can have ad blocker extensions installed on your browser 1500 00:58:51,411 --> 00:58:53,051 whether it be Chrome Safari 1501 00:58:53,051 --> 00:58:56,400 or Mozilla also regular software updates of your browser 1502 00:58:56,400 --> 00:58:57,556 and other softwares 1503 00:58:57,556 --> 00:59:00,600 that work very fertile to your browser always helps 1504 00:59:00,600 --> 00:59:02,800 and next is some common sense. 1505 00:59:02,800 --> 00:59:05,121 And yeah, Advertisement that is about a lottery 1506 00:59:05,121 --> 00:59:08,200 that's offering you free money is probably going to scam you 1507 00:59:08,200 --> 00:59:09,600 and inject malware to 1508 00:59:09,600 --> 00:59:11,400 so now we click on those ads. 1509 00:59:11,800 --> 00:59:14,100 So the last kind of cyber attacks. 1510 00:59:14,100 --> 00:59:16,500 We are going to discover today and discuss 1511 00:59:16,500 --> 00:59:18,100 about is Rogue software. 1512 00:59:18,100 --> 00:59:21,600 So Rogue security software is a form of malicious software 1513 00:59:21,600 --> 00:59:24,719 and internet fraud that misleads users into believing 1514 00:59:24,719 --> 00:59:27,056 that there is a virus on their computer 1515 00:59:27,056 --> 00:59:29,332 and manipulates them into paying money 1516 00:59:29,332 --> 00:59:31,300 for a fake malware removal tool. 1517 00:59:31,400 --> 00:59:33,500 It is a form of scare where that money. 1518 00:59:33,500 --> 00:59:34,915 Lets users through fear 1519 00:59:34,915 --> 00:59:38,300 and a form of ransomware rock security software has been 1520 00:59:38,300 --> 00:59:41,800 a serious security thread in desktop Computing since 2008. 1521 00:59:41,800 --> 00:59:44,536 So now how does a rogue security software work 1522 00:59:44,536 --> 00:59:46,300 these cams manipulating users 1523 00:59:46,300 --> 00:59:49,200 in to download the program through a variety of techniques. 1524 00:59:49,200 --> 00:59:51,543 Some of these methods include ads offering 1525 00:59:51,543 --> 00:59:52,887 free or trial versions 1526 00:59:52,887 --> 00:59:55,391 of Security Programs often pricey upgrades 1527 00:59:55,391 --> 00:59:58,200 or encouraging the purchase of deluxe versions, 1528 00:59:58,207 --> 00:59:59,900 then also pops warning 1529 00:59:59,900 --> 01:00:01,999 that your computer is infected with the virus 1530 01:00:01,999 --> 01:00:03,500 which encourages you to clean. 1531 01:00:03,500 --> 01:00:05,100 It by clicking on the program 1532 01:00:05,100 --> 01:00:07,700 and then manipulated SEO rankings that put 1533 01:00:07,700 --> 01:00:09,500 infected website as the top hits 1534 01:00:09,500 --> 01:00:12,858 when you search these links then redirect you to a landing page 1535 01:00:12,858 --> 01:00:14,700 that seems your machine is infected 1536 01:00:14,700 --> 01:00:18,300 and encourages you a free trial of the Rogue security program. 1537 01:00:18,300 --> 01:00:19,700 Now once the scareware 1538 01:00:19,700 --> 01:00:22,776 is installed it can steal all your information slow 1539 01:00:22,776 --> 01:00:25,661 your computer corrupt your files disable updates 1540 01:00:25,661 --> 01:00:27,532 for Less timet antivirus softwares 1541 01:00:27,532 --> 01:00:28,564 or even prevent you 1542 01:00:28,564 --> 01:00:31,800 from visiting legitimate security software vendor sites. 1543 01:00:32,000 --> 01:00:33,764 Well talking about prevention. 1544 01:00:33,764 --> 01:00:35,764 The best defense is a good offense. 1545 01:00:35,764 --> 01:00:38,531 And in this case and updated firewall makes sure 1546 01:00:38,531 --> 01:00:40,708 that you have a working one in your office 1547 01:00:40,708 --> 01:00:41,611 that protects you 1548 01:00:41,611 --> 01:00:44,000 and your employees from these type of attacks. 1549 01:00:44,000 --> 01:00:47,200 It is also a good idea to install a trusted antivirus 1550 01:00:47,200 --> 01:00:49,169 or anti-spyware software program 1551 01:00:49,169 --> 01:00:51,100 that can detect threats like these 1552 01:00:51,100 --> 01:00:54,100 and also a general level of distrust on the internet 1553 01:00:54,100 --> 01:00:56,600 and not actually believing anything right off. 1554 01:00:56,600 --> 01:00:58,882 The bat is the way to go teen is infected 1555 01:00:58,882 --> 01:01:02,000 and encourages you a free trial of the Rogue security. 1556 01:01:02,000 --> 01:01:05,658 Program now once the scareware is installed it can steal all 1557 01:01:05,658 --> 01:01:08,143 your information slow your computer corrupt 1558 01:01:08,143 --> 01:01:09,800 your files to siebel updates 1559 01:01:09,800 --> 01:01:12,864 for Less timet antivirus softwares or even prevent you 1560 01:01:12,864 --> 01:01:16,100 from visiting legitimate security software vendor sites. 1561 01:01:16,400 --> 01:01:17,900 Well talking about prevention. 1562 01:01:17,900 --> 01:01:19,788 The best defense is a good offense. 1563 01:01:19,788 --> 01:01:22,600 And in this case and updated firewall makes sure 1564 01:01:22,600 --> 01:01:25,920 that you have a working one in your office that protects you 1565 01:01:25,920 --> 01:01:28,300 and your employees from these type of attacks. 1566 01:01:28,300 --> 01:01:31,527 It is also a good idea to install a trusted antivirus 1567 01:01:31,527 --> 01:01:33,403 or These fiber software program 1568 01:01:33,403 --> 01:01:35,400 that can detect threats like these 1569 01:01:35,400 --> 01:01:38,252 and also a general level of distrust on the internet 1570 01:01:38,252 --> 01:01:40,900 and not actually believing anything right off. 1571 01:01:40,900 --> 01:01:48,000 The bat is the way to go the key word 1572 01:01:48,000 --> 01:01:51,300 of this video is ethical hacking course, 1573 01:01:51,500 --> 01:01:52,800 but in reality, 1574 01:01:52,800 --> 01:01:56,233 it's just an expansive video on the fundamentals 1575 01:01:56,233 --> 01:01:57,500 of ethical hacking. 1576 01:01:57,500 --> 01:01:59,100 There is no such thing 1577 01:01:59,100 --> 01:02:01,356 as an ethical hacking course to be honest 1578 01:02:01,356 --> 01:02:02,429 because snow course 1579 01:02:02,429 --> 01:02:05,974 can teach you a discipline like ethical hacking all the best 1580 01:02:05,974 --> 01:02:06,868 that you can do 1581 01:02:06,868 --> 01:02:09,370 and creating content for ethical hacking is 1582 01:02:09,370 --> 01:02:10,800 that you can tell people 1583 01:02:10,800 --> 01:02:13,500 about the fundamentals are followed in this discipline. 1584 01:02:13,615 --> 01:02:14,000 Okay. 1585 01:02:14,000 --> 01:02:16,600 Now before we start let me just give you 1586 01:02:16,600 --> 01:02:18,661 a general idea of the topics 1587 01:02:18,661 --> 01:02:21,820 that I intend to cover throughout this video. 1588 01:02:21,820 --> 01:02:23,400 Okay now to be honest, 1589 01:02:23,400 --> 01:02:26,100 we're going to cover a pretty broad range of material. 1590 01:02:26,100 --> 01:02:28,100 We are first we're going to be going over 1591 01:02:28,100 --> 01:02:31,600 footprinting and recognitions where you get an idea. 1592 01:02:31,700 --> 01:02:34,500 What's involved in the ethical hacking engagement 1593 01:02:34,500 --> 01:02:35,600 that you're working 1594 01:02:35,600 --> 01:02:37,000 on and information 1595 01:02:37,000 --> 01:02:39,382 about the Target that you're engaged with? 1596 01:02:39,382 --> 01:02:42,500 Then we're going to talk about networking fundamentals 1597 01:02:42,500 --> 01:02:45,600 and here we're going to get our hands dirty with buckets 1598 01:02:45,600 --> 01:02:46,900 and the understanding 1599 01:02:46,900 --> 01:02:50,000 of dcpip at a deeper level and also understanding 1600 01:02:50,000 --> 01:02:53,600 how the different protocols work and why they work that way now. 1601 01:02:53,600 --> 01:02:56,000 We are also going to be talking about cryptography 1602 01:02:56,000 --> 01:02:58,700 where we talk about different cryptography key ciphers. 1603 01:02:58,700 --> 01:03:01,580 We're going to deal with web encryption to SSL 1604 01:03:01,580 --> 01:03:05,100 and And TLS we are also going to talk about certificates 1605 01:03:05,100 --> 01:03:06,982 and the creation of certificates 1606 01:03:06,982 --> 01:03:08,191 and how they actually 1607 01:03:08,191 --> 01:03:11,300 operate we will also talk about public key cryptography 1608 01:03:11,300 --> 01:03:14,700 and we are also scanning an enumeration so nmap 1609 01:03:14,700 --> 01:03:16,846 and dealing with Windows servers 1610 01:03:16,846 --> 01:03:20,200 and using SNMP and ldap and all that sort of stuff. 1611 01:03:20,200 --> 01:03:22,500 Then we're going to be talking about penetration 1612 01:03:22,500 --> 01:03:24,277 where we deal with different ways 1613 01:03:24,277 --> 01:03:27,600 of getting into systems and also go over using Metasploit, 1614 01:03:27,600 --> 01:03:29,500 which is an exploit framework, 1615 01:03:29,500 --> 01:03:33,000 and we're going to talk about how to Use Metasploit 1616 01:03:33,000 --> 01:03:34,700 and you actually get in the systems 1617 01:03:34,700 --> 01:03:36,300 and make use of the exploits 1618 01:03:36,300 --> 01:03:39,947 that they have then we're going to talk about malware's viruses 1619 01:03:39,947 --> 01:03:43,000 and worms and rootkits and all of that sort of stuff. 1620 01:03:43,000 --> 01:03:45,300 We're going to take a look at the different pieces 1621 01:03:45,300 --> 01:03:47,900 of malware and how you would pull that apart 1622 01:03:47,900 --> 01:03:49,218 in order to understand 1623 01:03:49,218 --> 01:03:50,811 what is doing and potentially 1624 01:03:50,811 --> 01:03:54,400 make use of that malware during an ethical hacking engagement. 1625 01:03:54,400 --> 01:03:56,800 Then we're going to talk about different types of denial 1626 01:03:56,800 --> 01:03:58,800 of service attacks or dos attacks 1627 01:03:58,800 --> 01:04:01,100 and the difference between a denial-of-service 1628 01:04:01,100 --> 01:04:03,617 attack and Distributed denial-of-service attack, 1629 01:04:03,617 --> 01:04:05,500 and there is a difference there. 1630 01:04:05,500 --> 01:04:08,000 So we're going to go over this docks now. 1631 01:04:08,000 --> 01:04:10,600 We're also going to go over web application hacking 1632 01:04:10,600 --> 01:04:11,700 and the types of tools 1633 01:04:11,700 --> 01:04:12,996 that you would use during 1634 01:04:12,996 --> 01:04:15,900 web application hacking and the different vulnerabilities 1635 01:04:15,900 --> 01:04:17,500 that web applications have 1636 01:04:17,500 --> 01:04:19,300 and how to make use of these exploits 1637 01:04:19,300 --> 01:04:20,600 and those vulnerabilities. 1638 01:04:20,600 --> 01:04:22,800 We're going to talk about Wireless networking 1639 01:04:23,000 --> 01:04:24,800 how to probe wireless networks 1640 01:04:25,000 --> 01:04:26,600 what wireless networks are doing 1641 01:04:26,600 --> 01:04:28,600 and how to secure wireless networks. 1642 01:04:28,600 --> 01:04:29,855 We're also going to talk 1643 01:04:29,855 --> 01:04:31,963 about a little bit about detection vation. 1644 01:04:31,963 --> 01:04:33,303 And to be honest with you, 1645 01:04:33,303 --> 01:04:35,716 the direction of Asian kind of comes up in a lot 1646 01:04:35,716 --> 01:04:38,329 of different areas through the many of the topics 1647 01:04:38,329 --> 01:04:39,100 that were also 1648 01:04:39,100 --> 01:04:41,860 going to talk about programming programming tax 1649 01:04:41,860 --> 01:04:45,100 and how to protect oneself against programming attacks. 1650 01:04:45,200 --> 01:04:45,800 Okay. 1651 01:04:45,800 --> 01:04:48,100 So that was the number of topics 1652 01:04:48,100 --> 01:04:51,000 that we are actually going to cover through this video. 1653 01:04:51,000 --> 01:04:51,900 Now the approach 1654 01:04:51,900 --> 01:04:54,700 that I'm going to be taking in the series of videos 1655 01:04:54,700 --> 01:04:55,971 is whenever possible. 1656 01:04:55,971 --> 01:04:59,000 We're going to be going to use a Hands-On approach. 1657 01:04:59,000 --> 01:05:02,500 So we're going to show you the actual All tools I'm going 1658 01:05:02,500 --> 01:05:06,293 to make use of and the tools to do some sort of demonstration 1659 01:05:06,293 --> 01:05:08,000 and how they actually work. 1660 01:05:08,000 --> 01:05:09,353 I am a big believer 1661 01:05:09,353 --> 01:05:13,700 in getting your hands dirty as the best way to learn anything. 1662 01:05:13,800 --> 01:05:16,400 So as we go through the series of videos, 1663 01:05:16,400 --> 01:05:19,063 I strongly encourage you to get access to the tools 1664 01:05:19,063 --> 01:05:21,300 that I'm going to be demonstrating wherever 1665 01:05:21,300 --> 01:05:24,334 possible and dig in and get your hands dirty along with me 1666 01:05:24,334 --> 01:05:25,414 and there are places 1667 01:05:25,414 --> 01:05:28,600 where we're going to be going over some theoretical material 1668 01:05:28,600 --> 01:05:30,900 and I'm not a big fan of PowerPoint slides, 1669 01:05:30,900 --> 01:05:33,000 but That are necessary evil 1670 01:05:33,000 --> 01:05:35,640 and order to convey certain types of information. 1671 01:05:35,640 --> 01:05:38,500 So wherever possible I'm going to minimize their use, 1672 01:05:38,500 --> 01:05:40,129 but you will run across places 1673 01:05:40,129 --> 01:05:43,938 where they're just a necessity and we're going to have to go 1674 01:05:43,938 --> 01:05:45,100 through some slides 1675 01:05:45,100 --> 01:05:47,500 where in order to get some particular points 1676 01:05:47,500 --> 01:05:50,300 across they are primarily of a theoretical nature. 1677 01:05:50,300 --> 01:05:52,300 So that's the process that we will be taking 1678 01:05:52,300 --> 01:05:54,911 through this video and I hope you have fun 1679 01:05:54,911 --> 01:05:56,200 as you go along the way. 1680 01:05:56,300 --> 01:05:57,100 Okay. 1681 01:05:57,100 --> 01:05:59,525 So let's begin now the first topic 1682 01:05:59,525 --> 01:06:03,300 that we're going to tackle is what What is hacking? 1683 01:06:03,300 --> 01:06:06,800 Okay, so let us take a trip 1684 01:06:06,800 --> 01:06:09,200 to the early days of hacking the start 1685 01:06:09,200 --> 01:06:12,100 with now the internet engineering task force 1686 01:06:12,100 --> 01:06:15,943 is responsible for maintaining documentation about protocols 1687 01:06:15,943 --> 01:06:19,300 and very specification and processes and procedures 1688 01:06:19,300 --> 01:06:21,000 regarding anything on the internet. 1689 01:06:21,000 --> 01:06:24,800 They have a series of documents called the request for comments 1690 01:06:24,800 --> 01:06:28,164 or the rfc's and according to RFC one three eight nine. 1691 01:06:28,164 --> 01:06:29,983 It says a hacker is a person 1692 01:06:29,983 --> 01:06:33,100 who Delights in having and Intimate understanding 1693 01:06:33,100 --> 01:06:36,400 of the internal workings of a system computers 1694 01:06:36,400 --> 01:06:37,758 and computer networks 1695 01:06:37,758 --> 01:06:40,411 in particular while the expression hackers 1696 01:06:40,411 --> 01:06:41,900 may go back a long time 1697 01:06:41,900 --> 01:06:45,400 and have many different connotations are definitions. 1698 01:06:45,400 --> 01:06:46,400 As far as computers. 1699 01:06:46,400 --> 01:06:46,700 Go. 1700 01:06:46,700 --> 01:06:48,900 Some of the earliest hackers were members 1701 01:06:48,900 --> 01:06:50,743 of the tech Model Railroad Club 1702 01:06:50,743 --> 01:06:53,300 at the Massachusetts Institute of Technology 1703 01:06:53,300 --> 01:06:56,145 and what those people did and the various things 1704 01:06:56,145 --> 01:06:59,900 that they did and were involved in a detailed and Steven Levy's 1705 01:06:59,900 --> 01:07:02,800 book called hackers for Our purposes now 1706 01:07:02,800 --> 01:07:04,500 for our purposes would be talking 1707 01:07:04,500 --> 01:07:06,284 about other types of hackers. 1708 01:07:06,284 --> 01:07:08,848 Although the spirit of what we do goes back 1709 01:07:08,848 --> 01:07:10,148 to those early days. 1710 01:07:10,148 --> 01:07:12,100 Now, the definition of hacking 1711 01:07:12,100 --> 01:07:15,457 or hackers has changed particularly in the 1980s 1712 01:07:15,457 --> 01:07:18,600 and in part as a result of a couple of people 1713 01:07:18,600 --> 01:07:21,600 namely Robert T Morris who was a Cornell graduate 1714 01:07:21,600 --> 01:07:23,200 who Unleashed a piece of software 1715 01:07:23,200 --> 01:07:26,418 that was called a worm on what was an early version 1716 01:07:26,418 --> 01:07:29,800 of the internet Forum went on to cause a lot of damage 1717 01:07:29,800 --> 01:07:33,300 and create a lot of downtime on Systems across the country 1718 01:07:33,300 --> 01:07:34,602 and across the world. 1719 01:07:34,602 --> 01:07:38,200 Now the Morris worm did end up resulting in something good. 1720 01:07:38,200 --> 01:07:41,300 However, that is computer Emergency Response Team 1721 01:07:41,300 --> 01:07:43,900 at Carnegie Mellon was created primarily 1722 01:07:43,900 --> 01:07:45,400 in response to the mall swarm. 1723 01:07:45,700 --> 01:07:48,700 Now, there's also Kevin mitnick was another well-known hacker 1724 01:07:48,700 --> 01:07:50,881 who was responsible for various acts 1725 01:07:50,881 --> 01:07:53,500 of computer crime over a couple of decades. 1726 01:07:53,500 --> 01:07:56,100 He was the first convicted in 1988. 1727 01:07:56,100 --> 01:07:59,400 So the definition of hacker or hacking move from something 1728 01:07:59,400 --> 01:08:01,900 benign to something far more sinister. 1729 01:08:01,900 --> 01:08:03,567 In popular culture now, 1730 01:08:03,567 --> 01:08:07,700 we see hacking or hackers in all sorts of popular culture. 1731 01:08:07,700 --> 01:08:10,533 We've seen them in hacker movies 1732 01:08:10,533 --> 01:08:13,533 called War Games also the movie hackers. 1733 01:08:13,533 --> 01:08:14,180 Of course. 1734 01:08:14,180 --> 01:08:17,301 You also see in The Matrix movies where you can see 1735 01:08:17,301 --> 01:08:19,007 if you look really closely 1736 01:08:19,008 --> 01:08:21,500 that they are using a tool called nmap, 1737 01:08:21,500 --> 01:08:25,600 which we will get into the use of in great detail later on 1738 01:08:25,600 --> 01:08:26,800 as we go on now. 1739 01:08:26,800 --> 01:08:29,866 It's the movie sneakers and the movie SWAT fish 1740 01:08:29,866 --> 01:08:31,051 and on television 1741 01:08:31,051 --> 01:08:34,294 in other Into other places you can see the agents 1742 01:08:34,295 --> 01:08:37,200 at NCIS regularly doing things like cracking 1743 01:08:37,200 --> 01:08:41,100 complex cryptography in just a matter of seconds or minutes. 1744 01:08:41,100 --> 01:08:43,000 So what is hacking really 1745 01:08:43,000 --> 01:08:45,667 well hacking is about a deep understanding 1746 01:08:45,667 --> 01:08:47,226 of something particularly 1747 01:08:47,227 --> 01:08:49,700 with relation to computers and Computing. 1748 01:08:49,700 --> 01:08:53,200 It's also about exploring and the joy of learning new things 1749 01:08:53,200 --> 01:08:55,200 and understanding them very clearly 1750 01:08:55,200 --> 01:08:57,718 and being able to manipulate those things in ways 1751 01:08:57,718 --> 01:09:00,252 that maybe other people haven't before it's all 1752 01:09:00,252 --> 01:09:01,899 about digging into problems. 1753 01:09:01,899 --> 01:09:05,016 To find out Solutions in creative and interesting ways 1754 01:09:05,017 --> 01:09:06,817 and sometimes finding problems 1755 01:09:06,817 --> 01:09:09,098 where there weren't problems previously 1756 01:09:09,098 --> 01:09:11,800 and that's a little bit about what is hacking. 1757 01:09:11,814 --> 01:09:12,199 Okay. 1758 01:09:12,200 --> 01:09:15,716 So now that we have talked about what exactly is hacking 1759 01:09:15,716 --> 01:09:16,928 and how the meaning 1760 01:09:16,928 --> 01:09:20,091 and conditions of that word has changed over time 1761 01:09:20,091 --> 01:09:22,899 how it came into existence how it was coined. 1762 01:09:22,899 --> 01:09:26,699 Let's go over the reasons that people normally hack. 1763 01:09:26,700 --> 01:09:28,859 Now you may want to hack just for fun 1764 01:09:28,859 --> 01:09:31,762 as discussed previously hacking is a tradition. 1765 01:09:31,763 --> 01:09:33,538 It goes back several decades 1766 01:09:33,538 --> 01:09:36,899 at MIT even preceding the computer too late definition 1767 01:09:36,899 --> 01:09:41,599 of hacking now MIT has a long and storied history of hacking 1768 01:09:41,600 --> 01:09:43,955 and sometimes have a computer to lated nature 1769 01:09:43,955 --> 01:09:46,073 which in this case happens to be true 1770 01:09:46,073 --> 01:09:47,100 and sometimes a fan 1771 01:09:47,100 --> 01:09:49,198 on computer-related nature instance. 1772 01:09:49,198 --> 01:09:50,399 Now here you can see 1773 01:09:50,399 --> 01:09:53,185 that MIT is home page has been hacked 1774 01:09:53,185 --> 01:09:56,124 or you might even say the faced indicate 1775 01:09:56,124 --> 01:09:58,376 that Disney is buying a mighty. 1776 01:09:58,376 --> 01:10:01,500 This was an April Fool's Day prank and 1998. 1777 01:10:01,500 --> 01:10:01,900 Eight. 1778 01:10:01,900 --> 01:10:04,370 And again, this is just the kind of hacking 1779 01:10:04,370 --> 01:10:05,800 that it would do for fun. 1780 01:10:05,800 --> 01:10:06,300 Rather. 1781 01:10:06,300 --> 01:10:06,500 Now. 1782 01:10:06,500 --> 01:10:09,743 Sometimes you might want to hack just to prove 1783 01:10:09,743 --> 01:10:13,996 a political point or any point for that matter in this case. 1784 01:10:13,996 --> 01:10:17,600 Again, Bill Gates had donated some money to the MIT 1785 01:10:17,600 --> 01:10:19,600 which allowed them to have a new building 1786 01:10:19,700 --> 01:10:22,118 and he was coming to MIT to visit 1787 01:10:22,118 --> 01:10:24,920 and give a talk about Microsoft Windows 1788 01:10:24,920 --> 01:10:26,100 and its systems. 1789 01:10:26,100 --> 01:10:30,100 And as you can see the the Windows systems are installed 1790 01:10:30,100 --> 01:10:31,800 in the entryway at the 1791 01:10:31,900 --> 01:10:35,800 Or hacked to be running Linux instead and you can see here. 1792 01:10:35,800 --> 01:10:36,507 That ducks. 1793 01:10:36,507 --> 01:10:38,339 The penguin is saying welcome 1794 01:10:38,339 --> 01:10:41,000 to the William Edge Gates Building again that 1795 01:10:41,000 --> 01:10:42,500 some students who decided 1796 01:10:42,500 --> 01:10:45,612 that they wanted to make a point about Linux and Microsoft 1797 01:10:45,612 --> 01:10:47,121 and windows to Bill Gates 1798 01:10:47,121 --> 01:10:50,500 and they thought hacking was the best way to go about it. 1799 01:10:50,500 --> 01:10:53,500 Sometimes you have just for the challenge. 1800 01:10:53,500 --> 01:10:55,600 Here's an example again at MIT 1801 01:10:55,600 --> 01:10:58,700 where some students turned the facade of a building 1802 01:10:58,700 --> 01:11:00,400 into a Tetris game board. 1803 01:11:00,400 --> 01:11:03,300 Now, this was a reasonably difficult hack 1804 01:11:03,300 --> 01:11:04,700 and the students went 1805 01:11:04,700 --> 01:11:08,259 after it just for the challenge of completing it and it just 1806 01:11:08,259 --> 01:11:10,700 so they could have some pride of ownership 1807 01:11:10,700 --> 01:11:11,879 and to be able to say 1808 01:11:11,879 --> 01:11:13,899 that they were able to pull this off, 1809 01:11:13,899 --> 01:11:16,782 you know, the things that teenagers do to show off 1810 01:11:16,782 --> 01:11:17,900 to other teenagers. 1811 01:11:17,900 --> 01:11:19,664 It just increases with increase 1812 01:11:19,664 --> 01:11:22,027 in scale now in spite of its difficulties 1813 01:11:22,027 --> 01:11:25,086 and its challenges and all the obstacles and planning 1814 01:11:25,086 --> 01:11:26,526 that have to go into it. 1815 01:11:26,526 --> 01:11:28,263 They were able to pull it off 1816 01:11:28,263 --> 01:11:30,600 and now they have those bragging rights. 1817 01:11:30,600 --> 01:11:33,481 So that was one Them and one of the instances 1818 01:11:33,481 --> 01:11:35,446 where somebody would hack just 1819 01:11:35,446 --> 01:11:38,000 for the challenge and for the fun of it. 1820 01:11:38,000 --> 01:11:41,400 Now, sometimes you want to hack to prevent theft 1821 01:11:41,400 --> 01:11:42,924 and this is where we get 1822 01:11:42,924 --> 01:11:46,100 more specifically in the computer-related hackings. 1823 01:11:46,100 --> 01:11:49,134 You see a lot of Articles and stories in the news 1824 01:11:49,134 --> 01:11:51,600 over the last few years about cybercrime 1825 01:11:51,600 --> 01:11:54,600 and here is an example of data theft compromised 1826 01:11:54,800 --> 01:11:57,086 and a few than one-and-a-half million cards 1827 01:11:57,086 --> 01:11:58,311 for Global claimants. 1828 01:11:58,311 --> 01:11:59,899 So there are some attackers 1829 01:11:59,899 --> 01:12:02,000 who got into this company global payment 1830 01:12:02,000 --> 01:12:04,800 and they were able to pull out about a million and a half 1831 01:12:04,800 --> 01:12:07,339 credit card numbers during the intrusion there. 1832 01:12:07,339 --> 01:12:10,100 So what you may want to do is you may want to learn 1833 01:12:10,100 --> 01:12:13,000 how to hack in order to find these holes 1834 01:12:13,000 --> 01:12:16,900 in your systems or applications or employer systems 1835 01:12:16,900 --> 01:12:19,900 so that you can fix these holes and prevent these compromises 1836 01:12:19,900 --> 01:12:22,332 from happening because of the reputation of hit 1837 01:12:22,332 --> 01:12:23,588 that your company takes 1838 01:12:23,588 --> 01:12:25,500 where were things like these happen. 1839 01:12:25,500 --> 01:12:28,800 You have the risk of completely running out of business. 1840 01:12:28,800 --> 01:12:32,139 So just to protect our job to protect Company 1841 01:12:32,139 --> 01:12:35,100 and protect your own desire of business. 1842 01:12:35,100 --> 01:12:36,835 You may just want to learn to hack 1843 01:12:36,835 --> 01:12:38,600 and that's a very good reason. 1844 01:12:38,600 --> 01:12:41,305 Now, you may also want to find all the problems 1845 01:12:41,305 --> 01:12:42,664 that exist in your system 1846 01:12:42,664 --> 01:12:44,728 for putting them out and deploying them 1847 01:12:44,728 --> 01:12:47,500 so that you can keep these attackers from getting in 1848 01:12:47,500 --> 01:12:50,297 and stealing critical or sensitive information. 1849 01:12:50,297 --> 01:12:53,979 Sometimes you may want to hack to get there before the bad guys 1850 01:12:53,979 --> 01:12:56,429 and the same sort of idea is the last one 1851 01:12:56,429 --> 01:12:59,576 where we're just going to talk about and it exactly is 1852 01:12:59,576 --> 01:13:00,700 ethical hacking now. 1853 01:13:00,700 --> 01:13:03,225 We were just talking Talking about how sometimes 1854 01:13:03,225 --> 01:13:04,300 you may want to hack 1855 01:13:04,300 --> 01:13:05,300 into your own system 1856 01:13:05,300 --> 01:13:07,200 before publishing it out to the public. 1857 01:13:07,200 --> 01:13:09,000 Let's take Internet Explorer. 1858 01:13:09,000 --> 01:13:09,818 For example. 1859 01:13:09,818 --> 01:13:13,515 Now Internet Explorer was actually published the public 1860 01:13:13,515 --> 01:13:15,966 with some critical error in the code. 1861 01:13:15,966 --> 01:13:19,099 And these flaws were heavily exploited by people 1862 01:13:19,099 --> 01:13:20,700 who actually found them. 1863 01:13:20,700 --> 01:13:23,300 Now a number of people in the world go out looking 1864 01:13:23,300 --> 01:13:24,215 for these flaws 1865 01:13:24,215 --> 01:13:26,900 and they call themselves security researchers 1866 01:13:26,900 --> 01:13:28,900 and they get in touch with the vendors 1867 01:13:28,900 --> 01:13:31,572 after they found a flaw or a bug and work. 1868 01:13:31,572 --> 01:13:33,300 The vendors to get it fixed 1869 01:13:33,300 --> 01:13:36,000 what they end up with is a bit of reputation. 1870 01:13:36,000 --> 01:13:37,623 They get a name for themselves 1871 01:13:37,623 --> 01:13:41,000 and that name recognition may end up getting them a job 1872 01:13:41,000 --> 01:13:43,800 or some speaking engagements or book deal 1873 01:13:43,800 --> 01:13:46,400 or any number of ways that you could cash in 1874 01:13:46,400 --> 01:13:50,096 on some name recognition from finding the sort of bugs 1875 01:13:50,096 --> 01:13:51,700 and getting them fixed. 1876 01:13:51,700 --> 01:13:54,288 If you want to get there before the bad guys. 1877 01:13:54,288 --> 01:13:56,652 You may think you're helping out a vendor. 1878 01:13:56,652 --> 01:13:59,300 You may want to just make a name for yourself. 1879 01:13:59,300 --> 01:14:01,100 If you want to find these sort of bugs 1880 01:14:01,100 --> 01:14:02,200 before the bad guys do 1881 01:14:02,200 --> 01:14:04,092 because think about the bad guys 1882 01:14:04,092 --> 01:14:06,506 finding then is they don't announce them 1883 01:14:06,506 --> 01:14:08,300 and they don't get them fixed 1884 01:14:08,300 --> 01:14:11,100 and that makes everybody a little less secure. 1885 01:14:11,100 --> 01:14:13,369 Finally may want to protect yourself 1886 01:14:13,369 --> 01:14:17,000 from hacked computer companies and fight cyber criminals, 1887 01:14:17,000 --> 01:14:19,800 and this is new headline from June 18 2012, 1888 01:14:19,800 --> 01:14:21,686 and we're starting to see these sort 1889 01:14:21,686 --> 01:14:22,992 of news headlines show up 1890 01:14:22,992 --> 01:14:25,980 as companies are starting to retaliate against attackers 1891 01:14:25,980 --> 01:14:28,100 in order to retaliate against attackers. 1892 01:14:28,100 --> 01:14:30,465 Now in order to retaliate against Dockers, 1893 01:14:30,465 --> 01:14:32,441 you need to be able to The same sort 1894 01:14:32,441 --> 01:14:35,900 of skills and techniques and knowledge and experience 1895 01:14:35,900 --> 01:14:37,478 that those attackers have 1896 01:14:37,478 --> 01:14:40,700 and where your company may want you to learn to hack 1897 01:14:40,700 --> 01:14:43,169 or the company may want to bring in people 1898 01:14:43,169 --> 01:14:45,700 who are skilled at these sort of activities 1899 01:14:45,700 --> 01:14:47,871 so that they can attack the Dockers 1900 01:14:47,871 --> 01:14:51,000 and hopefully you end up with more Steely exterior 1901 01:14:51,000 --> 01:14:53,600 and you get a reputation for not being a company 1902 01:14:53,600 --> 01:14:57,071 that people wanted to go after those are several reasons. 1903 01:14:57,071 --> 01:14:58,071 And there you go. 1904 01:14:58,071 --> 01:14:59,542 I gave you around a bunch 1905 01:14:59,542 --> 01:15:01,800 of reasons as to why you may want to hack. 1906 01:15:01,800 --> 01:15:06,239 Back for fun prove a point take yourself to protect the company 1907 01:15:06,239 --> 01:15:08,100 to not run out of business 1908 01:15:08,100 --> 01:15:10,900 and along with another bunch of reasons. 1909 01:15:10,900 --> 01:15:11,243 Okay. 1910 01:15:11,243 --> 01:15:15,300 So now that we have talked about why you would want to hack. 1911 01:15:15,300 --> 01:15:18,100 Let's move on to the types of hackers that exist. 1912 01:15:18,100 --> 01:15:20,544 Now we're going to be talking about the different types 1913 01:15:20,544 --> 01:15:22,494 of hacking and the first step of Hawking 1914 01:15:22,494 --> 01:15:24,562 that I want to discuss is ethical hacking 1915 01:15:24,562 --> 01:15:25,562 and ethical hackers, 1916 01:15:25,562 --> 01:15:26,300 which is really 1917 01:15:26,300 --> 01:15:28,500 what we're going to be talking about for the rest 1918 01:15:28,500 --> 01:15:31,800 of these lessons now an ethical hacker is Buddy 1919 01:15:31,800 --> 01:15:34,000 who thinks like a black hat hacker 1920 01:15:34,000 --> 01:15:35,474 or things like somebody 1921 01:15:35,474 --> 01:15:38,100 who is intent on breaking into your systems 1922 01:15:38,100 --> 01:15:39,780 but follows a moral compass 1923 01:15:39,780 --> 01:15:42,580 that's more in line with probably the majority 1924 01:15:42,580 --> 01:15:43,700 of the population. 1925 01:15:43,700 --> 01:15:47,200 So their intent isn't to do bad things their intent 1926 01:15:47,200 --> 01:15:49,700 is look for bad things and get them fixed. 1927 01:15:49,700 --> 01:15:53,352 So that bad things don't happen ethical hackers aren't out 1928 01:15:53,352 --> 01:15:55,588 to destroy anything and they're not out 1929 01:15:55,588 --> 01:15:56,600 the break anything 1930 01:15:56,600 --> 01:15:59,240 unless it's deemed to be acceptable as a part 1931 01:15:59,240 --> 01:16:01,400 of the engagement and also necessary. 1932 01:16:01,400 --> 01:16:04,400 And in order to demonstrate a particular vulnerability 1933 01:16:04,400 --> 01:16:07,300 to the organization that they're working with so 1934 01:16:07,300 --> 01:16:08,500 that's an ethical hacker 1935 01:16:08,500 --> 01:16:10,128 and there's a certification 1936 01:16:10,128 --> 01:16:12,300 that's available from the ec-council. 1937 01:16:12,300 --> 01:16:14,800 It's a certified ethical hacker and you know, 1938 01:16:14,800 --> 01:16:16,800 if you find certifications valuable 1939 01:16:16,900 --> 01:16:19,300 and this sort of thing is what do you want to do? 1940 01:16:19,300 --> 01:16:21,700 We're seeing a set of certified ethical hacker 1941 01:16:21,700 --> 01:16:24,603 may be something you might want to look into now. 1942 01:16:24,603 --> 01:16:26,588 Let's talk about black hat hacker. 1943 01:16:26,588 --> 01:16:29,315 There's a plenty of cases of black hat hackers 1944 01:16:29,315 --> 01:16:31,739 through yours and let's talk about a guy. 1945 01:16:31,739 --> 01:16:33,800 In particular called Kevin mitnick. 1946 01:16:33,800 --> 01:16:36,114 This guy right here is a particularly 1947 01:16:36,114 --> 01:16:37,492 good example probably 1948 01:16:37,492 --> 01:16:40,985 because he was a black hat hacker for a lot of us years. 1949 01:16:40,985 --> 01:16:43,400 His goal was to cause mischief to steal 1950 01:16:43,400 --> 01:16:46,400 where necessary and just to be engaged in the lifestyle 1951 01:16:46,400 --> 01:16:47,400 of being a hacker 1952 01:16:47,400 --> 01:16:49,000 and doing whatever was necessary 1953 01:16:49,000 --> 01:16:51,515 to continue doing whatever it craw doing 1954 01:16:51,515 --> 01:16:54,346 whatever he was doing it cross moral boundaries 1955 01:16:54,346 --> 01:16:55,700 or ethical boundaries. 1956 01:16:55,700 --> 01:16:59,363 And so Kevin mitnick here was involved for well over a decade 1957 01:16:59,363 --> 01:17:00,462 and computer crime 1958 01:17:00,462 --> 01:17:02,600 and was finally picked up by the FBI 1959 01:17:02,600 --> 01:17:03,500 and he was charged 1960 01:17:03,500 --> 01:17:06,123 and prosecuted and he was eventually convicted 1961 01:17:06,123 --> 01:17:09,300 of some of the activities that he was involved with now 1962 01:17:09,300 --> 01:17:12,900 you may be able to argue that Kevin is a gray hat hacker 1963 01:17:12,900 --> 01:17:16,100 and as well and a gray hat hacker is somebody 1964 01:17:16,100 --> 01:17:17,140 who kind of skirts 1965 01:17:17,140 --> 01:17:19,700 the line between black and white hat Hawking 1966 01:17:19,700 --> 01:17:21,673 and white had Hawking is really what 1967 01:17:21,673 --> 01:17:25,154 an ethical hacker is so instead of saying ethical hacker. 1968 01:17:25,154 --> 01:17:26,990 You could say white hat hacker. 1969 01:17:26,990 --> 01:17:28,111 It's the same idea 1970 01:17:28,111 --> 01:17:31,100 of white hat hacker is somebody who acts for good 1971 01:17:31,100 --> 01:17:33,200 if you Think of it like that 1972 01:17:33,200 --> 01:17:36,000 if you want to think of it as a good versus evil 1973 01:17:36,000 --> 01:17:38,500 and what they're really doing is they're in it 1974 01:17:38,500 --> 01:17:39,900 for the technical challenge. 1975 01:17:39,900 --> 01:17:42,600 They're looking to make things better make things 1976 01:17:42,600 --> 01:17:45,900 more efficient improve them in some way on the other hand. 1977 01:17:45,900 --> 01:17:49,500 The black hat hacker is out for the money for the thrill. 1978 01:17:49,500 --> 01:17:51,205 It's really criminal activity 1979 01:17:51,205 --> 01:17:53,935 and a gray hat hacker is somebody who may employ 1980 01:17:53,935 --> 01:17:56,700 the tactics and technique of a black hat hacker, 1981 01:17:56,700 --> 01:17:58,700 but have sort of a white hat 1982 01:17:58,700 --> 01:18:01,900 focus in other words they're going to do Do things 1983 01:18:01,900 --> 01:18:04,600 that may be malicious and destructive in nature, 1984 01:18:04,600 --> 01:18:06,800 but the reason they're doing it is to improve 1985 01:18:06,800 --> 01:18:08,831 the security posture of an organization 1986 01:18:08,831 --> 01:18:09,900 that they're working 1987 01:18:09,900 --> 01:18:11,200 with so you can see 1988 01:18:11,200 --> 01:18:14,083 there's actually a book called gray hat hacking. 1989 01:18:14,083 --> 01:18:16,840 It's a pretty good book and it details a lot 1990 01:18:16,840 --> 01:18:18,700 of the tactics and strategies 1991 01:18:18,700 --> 01:18:22,352 and techniques will be going over in subsequent lessons 1992 01:18:22,352 --> 01:18:23,300 in this video. 1993 01:18:23,300 --> 01:18:25,095 Now one other type of hacking 1994 01:18:25,095 --> 01:18:28,400 that I want to talk about is a thing called hacktivism 1995 01:18:28,400 --> 01:18:31,200 and you'll find hacktivism all over the place 1996 01:18:31,200 --> 01:18:33,151 and Example in the last year 1997 01:18:33,151 --> 01:18:37,400 or so and certainly in recent memory is called loves security. 1998 01:18:37,400 --> 01:18:38,795 Yeah, you heard that right? 1999 01:18:38,795 --> 01:18:41,342 It's called loves security and you can argue 2000 01:18:41,342 --> 01:18:43,911 that lulls is actually a response to another type 2001 01:18:43,911 --> 01:18:46,500 of activism and organization called Anonymous 2002 01:18:46,500 --> 01:18:48,000 started hacking companies 2003 01:18:48,000 --> 01:18:51,000 like Sony to protest their involvement in a lawsuit 2004 01:18:51,000 --> 01:18:54,112 regarding a PlayStation 3 hacker now allow security 2005 01:18:54,112 --> 01:18:57,092 was supposedly testing the treatment of anonymous 2006 01:18:57,092 --> 01:19:00,000 or was hacking in support of this group Anonymous, 2007 01:19:00,000 --> 01:19:01,300 so they hacked number. 2008 01:19:01,300 --> 01:19:04,600 Of companies and the things like pulled information usernames 2009 01:19:04,600 --> 01:19:08,000 and passwords from the databases at these companies and they said 2010 01:19:08,000 --> 01:19:10,500 that the reason was to shine a light on the security 2011 01:19:10,500 --> 01:19:11,400 of these companies 2012 01:19:11,400 --> 01:19:14,311 and also theoretically embarrassed the companies 2013 01:19:14,311 --> 01:19:16,700 with their weak or poor security postures 2014 01:19:16,700 --> 01:19:18,147 and the problem with that 2015 01:19:18,147 --> 01:19:21,500 that they were doing this through were posting information 2016 01:19:21,500 --> 01:19:22,899 that they had found online 2017 01:19:22,900 --> 01:19:25,156 and that information often included details 2018 01:19:25,156 --> 01:19:27,704 about customers for these particular corporations. 2019 01:19:27,704 --> 01:19:30,040 And for an ethical hacker a white hat hacker 2020 01:19:30,040 --> 01:19:31,600 that would cross the boundary. 2021 01:19:31,600 --> 01:19:32,400 Of causing harm. 2022 01:19:32,500 --> 01:19:33,701 So there's no reason 2023 01:19:33,701 --> 01:19:36,407 for me as an ethical hacker to post information 2024 01:19:36,407 --> 01:19:38,325 in a public forum about somebody 2025 01:19:38,325 --> 01:19:40,619 because I could be doing damage to them. 2026 01:19:40,619 --> 01:19:44,000 But in this case law security and Anonymous specifically lot 2027 01:19:44,000 --> 01:19:46,500 of security were engaged in the form of hacktivism 2028 01:19:46,500 --> 01:19:48,870 and what they were doing was not only damaging 2029 01:19:48,870 --> 01:19:49,823 to the corporation 2030 01:19:49,823 --> 01:19:51,588 that certainly was detrimental 2031 01:19:51,588 --> 01:19:54,176 to those people so different types of hackers 2032 01:19:54,176 --> 01:19:56,400 and different types of hacking we've got 2033 01:19:56,400 --> 01:19:58,100 ethical or white hat hacking. 2034 01:19:58,100 --> 01:20:01,800 You've got black hat gray hat and then we finally got Mmm, 2035 01:20:01,800 --> 01:20:02,800 it's really the goal 2036 01:20:02,800 --> 01:20:05,500 and the means that vary from one to the other. 2037 01:20:05,500 --> 01:20:05,802 Okay. 2038 01:20:05,802 --> 01:20:08,700 So now that we've discussed the types of hackers. 2039 01:20:08,700 --> 01:20:11,508 Let's also discuss the skills necessary to become one. 2040 01:20:11,508 --> 01:20:13,023 So what we're going to discuss 2041 01:20:13,023 --> 01:20:14,833 in this part are the different skills 2042 01:20:14,833 --> 01:20:15,688 that are required 2043 01:20:15,688 --> 01:20:17,862 or will be learned as a part of this video. 2044 01:20:17,862 --> 01:20:18,862 So initially just 2045 01:20:18,862 --> 01:20:21,496 for basic Computing you need a basic understanding 2046 01:20:21,496 --> 01:20:23,700 of operating systems and how to work them. 2047 01:20:23,700 --> 01:20:26,300 There are going to be several fundamental types of tasks 2048 01:20:26,300 --> 01:20:28,829 that I won't be going into any detail at all 2049 01:20:28,829 --> 01:20:31,329 or and you need to know how to run programs. 2050 01:20:31,329 --> 01:20:33,800 And do things like open up a command prompt 2051 01:20:33,800 --> 01:20:36,557 without me walking you through and how to do that. 2052 01:20:36,557 --> 01:20:37,600 So I am going to assume 2053 01:20:37,600 --> 01:20:40,100 that you have some basic understanding of how to do 2054 01:20:40,100 --> 01:20:41,202 these sorts of tasks. 2055 01:20:41,202 --> 01:20:44,340 Also, you need an understanding of the basic system software 2056 01:20:44,340 --> 01:20:47,000 and you'll need a basic understanding of how to use 2057 01:20:47,000 --> 01:20:48,300 command line utilities. 2058 01:20:48,300 --> 01:20:50,200 There are a number of tools and programs 2059 01:20:50,200 --> 01:20:52,500 that we're going to be going through this video 2060 01:20:52,500 --> 01:20:54,637 and many of them use the command line now 2061 01:20:54,637 --> 01:20:55,990 whether it's on Windows 2062 01:20:55,990 --> 01:20:58,380 or Linux still need to be familiar with typing 2063 01:20:58,380 --> 01:21:01,093 and being able to run programs from the command line 2064 01:21:01,093 --> 01:21:03,894 and the various command line switches and parameters 2065 01:21:03,894 --> 01:21:05,604 that those programs are types 2066 01:21:05,604 --> 01:21:09,251 of programs are going to use now from a networking perspective. 2067 01:21:09,251 --> 01:21:11,000 You need a basic understanding 2068 01:21:11,000 --> 01:21:13,000 of some simple networking Concepts. 2069 01:21:13,000 --> 01:21:15,400 You need to know what cables are and switches 2070 01:21:15,400 --> 01:21:17,900 and hubs and how systems are networked together. 2071 01:21:17,900 --> 01:21:20,450 You don't really need a deep level of understanding. 2072 01:21:20,450 --> 01:21:22,100 I'll be going through some protocols 2073 01:21:22,100 --> 01:21:23,368 as reasonably deep level 2074 01:21:23,368 --> 01:21:25,090 because I think it's important as 2075 01:21:25,090 --> 01:21:26,900 an ethical hacker to understand 2076 01:21:26,900 --> 01:21:29,000 what's going on at the protocol level 2077 01:21:29,000 --> 01:21:31,600 so that you can know better what you are. 2078 01:21:31,600 --> 01:21:34,225 Going and how to achieve the goals and tasks 2079 01:21:34,225 --> 01:21:37,272 that you have before you so we're going to be going 2080 01:21:37,272 --> 01:21:38,305 over some protocols. 2081 01:21:38,305 --> 01:21:40,600 So just understanding what protocols are 2082 01:21:40,600 --> 01:21:42,000 and how they go together. 2083 01:21:42,000 --> 01:21:43,900 They all sort of things are necessary 2084 01:21:43,900 --> 01:21:45,481 from a networking perspective. 2085 01:21:45,481 --> 01:21:48,668 Now, we're going to also be learning a bunch of life skills. 2086 01:21:48,668 --> 01:21:51,800 Yes, there are some life skills that it's important to have. 2087 01:21:51,800 --> 01:21:54,970 I think the most important one is the ability to accept failure 2088 01:21:54,970 --> 01:21:56,300 and persevere and by that. 2089 01:21:56,300 --> 01:21:59,250 I mean you're going to be just running across several things 2090 01:21:59,250 --> 01:22:01,349 that just don't work the first time around 2091 01:22:01,349 --> 01:22:03,500 and it's going to take a little bit of time 2092 01:22:03,500 --> 01:22:06,645 and stick-to-itiveness to plug away and keep going 2093 01:22:06,645 --> 01:22:08,700 until you get something to work. 2094 01:22:08,700 --> 01:22:11,500 And the way that you get things to work is having 2095 01:22:11,500 --> 01:22:13,300 an ability to problem solve 2096 01:22:13,300 --> 01:22:15,926 and sometimes solving problems requires being 2097 01:22:15,926 --> 01:22:17,000 a little creative. 2098 01:22:17,000 --> 01:22:18,982 Sometimes you need thing out of the box 2099 01:22:18,982 --> 01:22:20,090 and come out a problem 2100 01:22:20,090 --> 01:22:23,040 from a different perspective in order to find a solution 2101 01:22:23,040 --> 01:22:24,700 throughout the course of this video. 2102 01:22:24,700 --> 01:22:27,200 You're going to run across a lot of sticky problems 2103 01:22:27,200 --> 01:22:30,300 through the course of learning about being an ethical hacker 2104 01:22:30,300 --> 01:22:31,600 and just doing the work. 2105 01:22:31,600 --> 01:22:33,228 Because it's not a simple. 2106 01:22:33,228 --> 01:22:37,000 So here's a little recipe for how to do this now go follow 2107 01:22:37,000 --> 01:22:39,976 this recipe every time and you're going to be successful. 2108 01:22:39,976 --> 01:22:41,459 Every situation is different. 2109 01:22:41,459 --> 01:22:42,789 Every system is different. 2110 01:22:42,789 --> 01:22:45,500 You're going to run across some pretty sticky problems 2111 01:22:45,500 --> 01:22:49,000 and you're going to have to just wait and get your hands dirty 2112 01:22:49,000 --> 01:22:51,826 and keep failing and failing and failing and failing 2113 01:22:51,826 --> 01:22:53,533 until you find a way to succeed. 2114 01:22:53,533 --> 01:22:56,200 So I think those skills are very necessary to learn 2115 01:22:56,200 --> 01:22:58,900 how to be an ethical hacker digging through some 2116 01:22:58,900 --> 01:23:01,325 of the material that will be going over in this. 2117 01:23:01,325 --> 01:23:03,700 Yo, as far as what you are going to be learning 2118 01:23:03,700 --> 01:23:06,650 you're going to be learning about how to use a lot of tools. 2119 01:23:06,650 --> 01:23:08,632 You're going to learn networking and by that. 2120 01:23:08,632 --> 01:23:11,200 I mean we're going to be talking about different Protocols 2121 01:23:11,200 --> 01:23:14,100 are evolved involved in networking systems together, 2122 01:23:14,100 --> 01:23:16,641 you're going to learn about security and security 2123 01:23:16,641 --> 01:23:19,729 postures security is the heart and soul of ethical hacking. 2124 01:23:19,729 --> 01:23:21,493 It's why we do ethical hacking 2125 01:23:21,493 --> 01:23:24,100 in order to make systems and networks more secure 2126 01:23:24,100 --> 01:23:25,400 than they were previously. 2127 01:23:25,400 --> 01:23:27,746 That's the goal from a networking perspective. 2128 01:23:27,746 --> 01:23:30,400 We're going to be talking about how to read packets 2129 01:23:30,400 --> 01:23:31,600 from Network captures. 2130 01:23:31,600 --> 01:23:34,800 You're going to be going into TCP IP related protocols 2131 01:23:34,800 --> 01:23:36,330 and fairly significant amount 2132 01:23:36,330 --> 01:23:38,481 of detail and they're going to understand 2133 01:23:38,481 --> 01:23:40,588 how protocols interact with one another. 2134 01:23:40,588 --> 01:23:41,800 So we're going to do all 2135 01:23:41,800 --> 01:23:45,400 that and the reading packets is going to be really important 2136 01:23:45,400 --> 01:23:47,500 and we're going to do a fair amount of that 2137 01:23:47,500 --> 01:23:50,500 in addition to just fundamental approach to learning 2138 01:23:50,500 --> 01:23:52,700 how to read packets in several lessons. 2139 01:23:52,700 --> 01:23:55,300 We're going to read packets as a way of understanding 2140 01:23:55,300 --> 01:23:56,200 the different tools 2141 01:23:56,200 --> 01:23:57,121 that were using 2142 01:23:57,121 --> 01:24:00,560 and how they're going to learn tactics and methodologies 2143 01:24:00,560 --> 01:24:03,100 and you get to learn Learn to use the information 2144 01:24:03,100 --> 01:24:06,000 you've gathered in order to get more information 2145 01:24:06,000 --> 01:24:09,244 and information is really what is this all about? 2146 01:24:09,244 --> 01:24:12,378 You can't do much anything without information 2147 01:24:12,378 --> 01:24:15,923 and sometimes it takes a fair bit of digging in order 2148 01:24:15,923 --> 01:24:17,500 to find that information 2149 01:24:17,500 --> 01:24:20,700 and what you're going to learn is the entry points 2150 01:24:20,700 --> 01:24:23,347 and the Stepping Stones to get the information 2151 01:24:23,347 --> 01:24:24,206 that you need. 2152 01:24:24,206 --> 01:24:26,600 And then once you have that information, 2153 01:24:26,600 --> 01:24:29,472 you're going to be learning about ways to exploit it 2154 01:24:29,472 --> 01:24:31,500 in order to get deeper into the dark. 2155 01:24:31,900 --> 01:24:34,360 You're going to learn security awareness. 2156 01:24:34,360 --> 01:24:37,500 We're going to talk about risk and understanding risks 2157 01:24:37,500 --> 01:24:40,800 and vulnerabilities primarily recognize the difference 2158 01:24:40,800 --> 01:24:42,100 between a vulnerability 2159 01:24:42,100 --> 01:24:44,988 and an exploit and there's a significant difference. 2160 01:24:44,988 --> 01:24:48,525 There is so security awareness and understanding what a risk is 2161 01:24:48,525 --> 01:24:50,300 and how that impacts your Target 2162 01:24:50,300 --> 01:24:51,449 and it's going to be key 2163 01:24:51,449 --> 01:24:53,400 to a lot of things that we talked about. 2164 01:24:53,400 --> 01:24:56,000 So it sounds like a lot we're going to cover a fair bit 2165 01:24:56,000 --> 01:24:58,311 of ground not all of it at a deep level. 2166 01:24:58,311 --> 01:25:00,723 Sometimes we are going to skim the surface 2167 01:25:00,723 --> 01:25:03,400 but there's an an awful lot of material to be cover. 2168 01:25:03,400 --> 01:25:04,400 So let's get started 2169 01:25:04,400 --> 01:25:07,400 into talking about the different skills are required 2170 01:25:07,400 --> 01:25:10,307 or will be learned as a part of the series of video. 2171 01:25:10,307 --> 01:25:12,660 So initially just for basic Computing you 2172 01:25:12,660 --> 01:25:15,400 need a basic understanding of operating systems. 2173 01:25:15,400 --> 01:25:17,200 So it sounds like a lot weird 2174 01:25:17,200 --> 01:25:20,506 that we're going to cover and fair bit of a is going to be 2175 01:25:20,506 --> 01:25:21,682 at a very deep level 2176 01:25:21,682 --> 01:25:24,300 and sometimes we're just going to skip the surface 2177 01:25:24,300 --> 01:25:26,742 but there's an awful lot of material to cover 2178 01:25:26,742 --> 01:25:27,831 so let's get started. 2179 01:25:27,831 --> 01:25:30,008 Okay, so that was all about the skills 2180 01:25:30,008 --> 01:25:31,600 that we are going to develop. 2181 01:25:31,600 --> 01:25:34,644 Throughout this video and that might be necessary 2182 01:25:34,644 --> 01:25:36,800 for you to become an ethical hackl. 2183 01:25:37,000 --> 01:25:37,200 Now. 2184 01:25:37,200 --> 01:25:39,100 Let's talk about the types of attacks 2185 01:25:39,100 --> 01:25:42,600 that you might be dealing with ethical hacker yourself. 2186 01:25:42,600 --> 01:25:46,072 So now we're going to be talking about the types of attacks. 2187 01:25:46,072 --> 01:25:47,366 Now one type of attack 2188 01:25:47,366 --> 01:25:49,742 that you'll find common particularly in cases 2189 01:25:49,742 --> 01:25:51,330 of hacktivism, for example, 2190 01:25:51,330 --> 01:25:54,400 or cases where people are trying to make a particular point 2191 01:25:54,400 --> 01:25:56,200 or just be a general pain is 2192 01:25:56,200 --> 01:26:00,350 this idea of defacing defacing goes back for quite a while. 2193 01:26:00,350 --> 01:26:01,289 It's the idea. 2194 01:26:01,289 --> 01:26:03,300 In of sort of digital graffiti 2195 01:26:03,300 --> 01:26:06,100 where you've left your mark or your imprint behind 2196 01:26:06,100 --> 01:26:09,600 so that everybody knows you were there primarily a website thing 2197 01:26:09,600 --> 01:26:12,500 and it's really just making alterations to something 2198 01:26:12,500 --> 01:26:15,100 that used to be pretty common a long time ago. 2199 01:26:15,100 --> 01:26:18,300 Now it's very particular for businesses or people 2200 01:26:18,300 --> 01:26:20,594 or just organizations in general to have 2201 01:26:20,594 --> 01:26:23,561 their homepage has been replaced by this other thing 2202 01:26:23,561 --> 01:26:26,035 that was along the lines of hey, I was here 2203 01:26:26,035 --> 01:26:27,800 and I took over your web page. 2204 01:26:27,800 --> 01:26:29,400 We also have a pretty common one 2205 01:26:29,400 --> 01:26:31,500 for certainly has been common over the years. 2206 01:26:31,500 --> 01:26:34,100 And it's a pretty good part towards quality exploits 2207 01:26:34,100 --> 01:26:35,800 in high-profile vulnerabilities. 2208 01:26:35,800 --> 01:26:37,790 And that's buffer overflow. 2209 01:26:37,790 --> 01:26:41,500 Now a buffer overflow is a result of the way programs 2210 01:26:41,500 --> 01:26:42,900 are stored in memory 2211 01:26:42,900 --> 01:26:45,700 when programs are running they make use of a chunk 2212 01:26:45,700 --> 01:26:47,100 of memory called a star 2213 01:26:47,100 --> 01:26:49,123 and it's just like a stack of plates 2214 01:26:49,123 --> 01:26:50,300 when you put a bunch 2215 01:26:50,300 --> 01:26:52,900 of plates down when you pull a plate off you're going 2216 01:26:52,900 --> 01:26:55,335 to pull the top plate you're going to pull the old 2217 01:26:55,335 --> 01:26:57,800 displayed you're going to pull the one that was on top. 2218 01:26:57,800 --> 01:26:59,781 So the same thing with the stack here, 2219 01:26:59,781 --> 01:27:00,911 we're accessing memory 2220 01:27:00,911 --> 01:27:04,700 and This has to do with the way functions are called in memory 2221 01:27:04,700 --> 01:27:07,973 when you call the function a chunk of memory gets thrown 2222 01:27:07,973 --> 01:27:10,800 on top of the stack and that's the chunk of memory 2223 01:27:10,800 --> 01:27:12,000 that gets accessed 2224 01:27:12,000 --> 01:27:14,602 and you've got a piece of data in memory, 2225 01:27:14,602 --> 01:27:17,400 but in that stack and that's called a buffer 2226 01:27:17,400 --> 01:27:20,700 and when too much data is sent and try to put 2227 01:27:20,700 --> 01:27:23,600 into the buffer it can overflow now the bounds 2228 01:27:23,600 --> 01:27:26,089 of the configured area for that particular buffer. 2229 01:27:26,089 --> 01:27:27,479 It can overflow the bounds 2230 01:27:27,479 --> 01:27:30,200 of the configured area for that particular buffer. 2231 01:27:30,200 --> 01:27:32,900 Now the way stack Are put together we end up 2232 01:27:32,900 --> 01:27:34,433 with the part of the stock 2233 01:27:34,433 --> 01:27:37,500 where the return address from the function is stored. 2234 01:27:37,500 --> 01:27:39,500 So when you overflow the buffer you have 2235 01:27:39,500 --> 01:27:42,100 the ability to potentially override that return 2236 01:27:42,100 --> 01:27:44,000 at which point you can control the flow 2237 01:27:44,000 --> 01:27:45,339 of execution of programs. 2238 01:27:45,339 --> 01:27:48,556 And if you can control the flow of execution of the program, 2239 01:27:48,556 --> 01:27:49,617 you can insert code 2240 01:27:49,617 --> 01:27:52,500 into that memory that could be executed and that's 2241 01:27:52,500 --> 01:27:55,606 where we get buffer overflow that turns into exploits 2242 01:27:55,606 --> 01:27:58,430 that creates the ability to get like a command shell 2243 01:27:58,430 --> 01:28:00,800 or some other useful thing from the system 2244 01:28:00,800 --> 01:28:02,900 where the The buffer overflow is running. 2245 01:28:02,900 --> 01:28:04,811 So that's a buffer overflow in short. 2246 01:28:04,811 --> 01:28:05,400 Sometimes. 2247 01:28:05,400 --> 01:28:07,382 We also have format string attacks. 2248 01:28:07,382 --> 01:28:09,500 And sometimes these can be precursors 2249 01:28:09,500 --> 01:28:11,100 to buffer overflow formats. 2250 01:28:11,100 --> 01:28:12,872 Now format strings come about 2251 01:28:12,872 --> 01:28:15,500 because the C programming language makes use 2252 01:28:15,500 --> 01:28:16,764 of these format strings 2253 01:28:16,764 --> 01:28:20,000 that determines how data is going to be input or output. 2254 01:28:20,000 --> 01:28:22,100 So you have a string of characters that define 2255 01:28:22,100 --> 01:28:23,500 whether the subsequent input 2256 01:28:23,500 --> 01:28:26,000 or output is going to be an integer or 2257 01:28:26,000 --> 01:28:27,800 whether it's going to be a character 2258 01:28:27,800 --> 01:28:29,478 or whether it's going to be a string 2259 01:28:29,478 --> 01:28:31,400 or a floating-point that sort of thing. 2260 01:28:31,400 --> 01:28:33,090 So you have a format string 2261 01:28:33,090 --> 01:28:35,505 that defines the input or the output now 2262 01:28:35,505 --> 01:28:37,917 for programmer leaves of the format string 2263 01:28:37,917 --> 01:28:40,600 and just gets lazy and provides only the variable 2264 01:28:40,600 --> 01:28:41,900 that's going to be output. 2265 01:28:41,900 --> 01:28:44,382 For example, you have the ability to provide 2266 01:28:44,382 --> 01:28:45,500 that format string. 2267 01:28:45,500 --> 01:28:47,200 If you provide that format string 2268 01:28:47,300 --> 01:28:49,600 what then happens is the program starts picking 2269 01:28:49,600 --> 01:28:50,700 the next piece of data 2270 01:28:50,700 --> 01:28:52,300 of the stack displays them 2271 01:28:52,300 --> 01:28:54,791 because that way we can start looking at data 2272 01:28:54,791 --> 01:28:55,909 that's on the stack 2273 01:28:55,909 --> 01:28:58,900 of the running program just by providing a format string 2274 01:28:58,900 --> 01:29:02,438 if I can look at the data I may be able to Find information 2275 01:29:02,438 --> 01:29:03,598 like return address 2276 01:29:03,598 --> 01:29:06,100 or some other use of piece of information. 2277 01:29:06,300 --> 01:29:08,500 There is also a possibility 2278 01:29:08,500 --> 01:29:11,139 of being able to inject data into the stock. 2279 01:29:11,139 --> 01:29:13,316 I may be able to find some information 2280 01:29:13,316 --> 01:29:14,500 like a return address 2281 01:29:14,500 --> 01:29:16,763 or some other useful piece of information. 2282 01:29:16,763 --> 01:29:19,800 There is also a possibility of being able to inject data 2283 01:29:19,800 --> 01:29:20,682 into the stack. 2284 01:29:20,682 --> 01:29:22,632 I may be able to find some information 2285 01:29:22,632 --> 01:29:23,739 like a return address 2286 01:29:23,739 --> 01:29:25,900 or some other useful piece of information. 2287 01:29:25,900 --> 01:29:29,135 There is also a possibility of being able to inject data 2288 01:29:29,135 --> 01:29:31,500 into the stock using this particular type. 2289 01:29:31,700 --> 01:29:34,871 Now moving on to our next type of attack is a denial 2290 01:29:34,871 --> 01:29:36,800 of service a denial of service. 2291 01:29:36,800 --> 01:29:38,388 This is a pretty common one 2292 01:29:38,388 --> 01:29:40,100 and you'll hear about this a lot. 2293 01:29:40,100 --> 01:29:43,100 This is not to be confused with the one that I'll be talking 2294 01:29:43,100 --> 01:29:46,411 about after this and that is a distributed denial of service. 2295 01:29:46,411 --> 01:29:48,000 So this one that you see is 2296 01:29:48,000 --> 01:29:49,900 that this is a denial of service attack 2297 01:29:50,100 --> 01:29:52,805 and a denial of service is any attack or action 2298 01:29:52,805 --> 01:29:55,300 that prevents a service from being available 2299 01:29:55,300 --> 01:29:57,900 to its legitimate or authorized users. 2300 01:29:57,900 --> 01:30:01,100 So you hear about a ping flood or a syn flood? 2301 01:30:01,100 --> 01:30:02,957 That is basically a syn packet 2302 01:30:02,957 --> 01:30:06,300 being sent to your machine constantly or a Smurf attack 2303 01:30:06,300 --> 01:30:08,200 and Smurf attack has to do something 2304 01:30:08,200 --> 01:30:09,720 with icmp Echo requests 2305 01:30:09,720 --> 01:30:12,300 and responses using broadcast addresses. 2306 01:30:12,300 --> 01:30:14,100 That one's been pretty well shot down 2307 01:30:14,100 --> 01:30:15,600 over the last several years. 2308 01:30:15,600 --> 01:30:17,900 You can also get a denial of service simply 2309 01:30:17,900 --> 01:30:19,958 from a malformed packet or piece of data 2310 01:30:19,958 --> 01:30:21,900 where a piece of data is malformed 2311 01:30:21,900 --> 01:30:23,300 and sent into a program. 2312 01:30:23,300 --> 01:30:25,811 Now if the program doesn't handle it correctly 2313 01:30:25,811 --> 01:30:28,401 if it crashes suddenly you're not able to use 2314 01:30:28,401 --> 01:30:29,637 that program anymore. 2315 01:30:29,637 --> 01:30:31,147 So therefore you are denied. 2316 01:30:31,147 --> 01:30:34,500 The service of the program and thus the denial of service. 2317 01:30:34,500 --> 01:30:37,945 Now, as I said a denial of service is not to be confused 2318 01:30:37,945 --> 01:30:40,200 with a distributed denial of service. 2319 01:30:40,200 --> 01:30:43,000 And I know it's pretty trendy particularly 2320 01:30:43,000 --> 01:30:46,500 in the media to call it any denial-of-service DDOS 2321 01:30:46,500 --> 01:30:49,100 or any denial-of-service DDOS. 2322 01:30:49,100 --> 01:30:51,600 Now it's important to note 2323 01:30:51,600 --> 01:30:55,600 that any denial of service is not a DDOS a DDOS or 2324 01:30:55,600 --> 01:30:57,835 as you might know a distributed denial 2325 01:30:57,835 --> 01:31:01,130 of service is a very specific thing distributed denial 2326 01:31:01,130 --> 01:31:04,799 of the service is a coordinated denial-of-service making use 2327 01:31:04,799 --> 01:31:07,100 of several hosts in several locations. 2328 01:31:07,100 --> 01:31:10,900 So if you think about a botnet as an example a botnet 2329 01:31:10,900 --> 01:31:14,300 could be used to trigger a distributed denial of service, 2330 01:31:14,300 --> 01:31:15,752 but I've got a lot of bots 2331 01:31:15,752 --> 01:31:18,100 that I'm controlling from a remote location 2332 01:31:18,100 --> 01:31:20,388 and I'm using all these boards to do something 2333 01:31:20,388 --> 01:31:22,764 like sending a lot of data to particular server 2334 01:31:22,764 --> 01:31:26,000 when I've got a lot of system sending even small amounts 2335 01:31:26,000 --> 01:31:28,800 of data all of that data can overwhelm the server 2336 01:31:28,800 --> 01:31:29,900 that I'm sending it to 2337 01:31:30,000 --> 01:31:33,759 so the Behind a distributed denial-of-service attack is 2338 01:31:33,759 --> 01:31:35,500 too overwhelmed resources 2339 01:31:35,500 --> 01:31:36,930 on a particular server 2340 01:31:36,930 --> 01:31:40,667 in order to cause that server not to be able to respond. 2341 01:31:40,667 --> 01:31:43,546 Now the first known DDOS attack use the tool 2342 01:31:43,546 --> 01:31:44,985 called stock Old Rod, 2343 01:31:44,985 --> 01:31:48,970 which is German for barbed wire the stock Old Rod came 2344 01:31:48,970 --> 01:31:52,100 out of some work that a guy by the name of mr. 2345 01:31:52,100 --> 01:31:53,500 Was doing in 1999. 2346 01:31:53,600 --> 01:31:55,500 He wrote a proof of concept piece 2347 01:31:55,500 --> 01:31:56,900 of code called tfn, 2348 01:31:56,900 --> 01:31:58,733 which was the tribe flood Network. 2349 01:31:58,733 --> 01:32:00,400 Let me just show that for you. 2350 01:32:01,700 --> 01:32:02,711 So you can see 2351 01:32:02,711 --> 01:32:05,795 on the Wikipedia page the try flat Network 2352 01:32:05,795 --> 01:32:08,200 or tfn is a set of computer programs 2353 01:32:08,200 --> 01:32:12,000 that is used to conduct various DDOS attacks such as icmp 2354 01:32:12,000 --> 01:32:15,100 flood syn floods UDP flowers and small for tax. 2355 01:32:15,100 --> 01:32:15,600 Now. 2356 01:32:15,600 --> 01:32:18,100 I know many people don't really consider 2357 01:32:18,100 --> 01:32:22,000 Wikipedia really good source of any sort of knowledge, 2358 01:32:22,000 --> 01:32:23,802 but it's a good place to start off. 2359 01:32:23,802 --> 01:32:26,011 So if you want to read about all these types 2360 01:32:26,011 --> 01:32:27,576 of attacks like icmp floods 2361 01:32:27,576 --> 01:32:30,400 and what exactly is a syn flood you can always do 2362 01:32:30,400 --> 01:32:33,200 that from It's not that bad place. 2363 01:32:33,400 --> 01:32:36,600 Of course, you should use Wikipedia as your final 2364 01:32:36,600 --> 01:32:38,200 Rosetta Stone moving on. 2365 01:32:38,200 --> 01:32:40,335 So this program called Old Rod, 2366 01:32:40,335 --> 01:32:44,400 which was it was used to attack servers like eBay and Yahoo! 2367 01:32:44,400 --> 01:32:46,072 Back in February of 2000 2368 01:32:46,072 --> 01:32:49,000 so that tack in February of 2000 was really 2369 01:32:49,000 --> 01:32:51,666 the first known distributed denial-of-service attack, 2370 01:32:51,666 --> 01:32:52,783 which is not to say 2371 01:32:52,783 --> 01:32:55,970 that there weren't denial of service attacks previously So 2372 01:32:55,970 --> 01:32:58,500 to that there were certainly plenty of them, 2373 01:32:58,500 --> 01:33:00,419 but they were not distributed now 2374 01:33:00,419 --> 01:33:02,949 this means If there weren't a lot of systems 2375 01:33:02,949 --> 01:33:03,983 used to coordinate 2376 01:33:03,983 --> 01:33:07,101 and create a denial-of-service condition and therefore 2377 01:33:07,101 --> 01:33:09,600 we get distributed denial-of-service attack. 2378 01:33:09,600 --> 01:33:11,600 So that's a handful of type of tax 2379 01:33:11,600 --> 01:33:13,100 and some pretty common attacks 2380 01:33:13,100 --> 01:33:15,500 that you're going to see as an ethical hacker 2381 01:33:15,500 --> 01:33:16,905 when you become an ethical hacker 2382 01:33:16,905 --> 01:33:19,050 or if you're trying to become an ethical hacker, 2383 01:33:19,050 --> 01:33:21,600 you should always know about these types of attacks. 2384 01:33:21,800 --> 01:33:22,300 Okay. 2385 01:33:22,300 --> 01:33:23,099 So in this lesson, 2386 01:33:23,099 --> 01:33:25,600 we're going to be talking about penetration testing 2387 01:33:25,600 --> 01:33:28,000 and some of the details around how it works 2388 01:33:28,000 --> 01:33:31,731 and Logistics and specifically things like scope so, 2389 01:33:31,731 --> 01:33:33,944 Exactly is penetration testing. 2390 01:33:33,944 --> 01:33:35,800 So well, not surprisingly. 2391 01:33:35,800 --> 01:33:38,700 It's testing to see if you can penetrate something 2392 01:33:38,700 --> 01:33:40,789 which means you're going to check to see 2393 01:33:40,789 --> 01:33:43,200 whether you can break into a particular thing. 2394 01:33:43,200 --> 01:33:46,400 Whether it's a server or in applications depending 2395 01:33:46,400 --> 01:33:47,929 on the type of Engagement. 2396 01:33:47,929 --> 01:33:50,600 You've got you may have the ability to try to break 2397 01:33:50,600 --> 01:33:52,038 in physically to a location 2398 01:33:52,038 --> 01:33:54,200 but primarily but you're going to be doing 2399 01:33:54,200 --> 01:33:55,300 with penetration testing 2400 01:33:55,300 --> 01:33:57,500 is you're going to be trying to break into systems 2401 01:33:57,500 --> 01:33:59,528 and networks and applications. 2402 01:33:59,528 --> 01:34:02,300 And that's the kind of what It's all about 2403 01:34:02,300 --> 01:34:05,800 and this may actually involve social engineering attacks. 2404 01:34:05,800 --> 01:34:08,700 So it may require you to make a phone call 2405 01:34:08,700 --> 01:34:12,200 to somebody and get them to give you their username 2406 01:34:12,200 --> 01:34:16,300 and password or some other type of social engineering attack 2407 01:34:16,300 --> 01:34:20,300 where maybe you send a URL via a crafted email. 2408 01:34:20,300 --> 01:34:23,800 Sometimes it's just strictly a technical approach. 2409 01:34:23,800 --> 01:34:25,100 We're running scans 2410 01:34:25,100 --> 01:34:28,185 and you're running Metasploit and you're gaining 2411 01:34:28,185 --> 01:34:31,500 access that way or maybe some other type of Technology. 2412 01:34:31,500 --> 01:34:33,323 Application sort of connection, 2413 01:34:33,323 --> 01:34:36,051 sometimes it's physical access that you need. 2414 01:34:36,051 --> 01:34:38,916 So in order to get access to a particular system, 2415 01:34:38,916 --> 01:34:42,200 if you can get physical access then maybe you can get in 2416 01:34:42,200 --> 01:34:43,500 so that was all about 2417 01:34:43,500 --> 01:34:45,970 that's what exactly penetration testing is. 2418 01:34:45,970 --> 01:34:48,600 It's checking whether you can get into a system 2419 01:34:48,600 --> 01:34:50,999 whether it be physically or on a network. 2420 01:34:50,999 --> 01:34:52,300 So what are the goals 2421 01:34:52,300 --> 01:34:55,840 of penetration testing the goals would be to assess weakness 2422 01:34:55,840 --> 01:34:58,000 in an organization security postures. 2423 01:34:58,000 --> 01:34:59,900 We want to figure out what they're vulnerable 2424 01:34:59,900 --> 01:35:03,235 so that they can go and fix It's these problems you want 2425 01:35:03,235 --> 01:35:05,900 to help them understand their risk positions better 2426 01:35:05,900 --> 01:35:06,972 and what they can 2427 01:35:06,972 --> 01:35:09,592 or may be able to do to mitigate those risks 2428 01:35:09,592 --> 01:35:12,700 and ultimately you want to be able to access systems 2429 01:35:12,700 --> 01:35:15,000 in a particular way to find weaknesses. 2430 01:35:15,000 --> 01:35:17,256 So those are really sort of the goals 2431 01:35:17,256 --> 01:35:20,341 of penetration testing now from a result standpoint 2432 01:35:20,341 --> 01:35:23,700 when you're done you're testing what you are going to do. 2433 01:35:23,700 --> 01:35:27,300 Well, you're probably going to generate a report and by that, 2434 01:35:27,300 --> 01:35:29,878 I don't mean you're going to run some automated tool 2435 01:35:29,878 --> 01:35:31,778 and you're going to get it to generate. 2436 01:35:31,778 --> 01:35:32,600 The report for you, 2437 01:35:32,600 --> 01:35:34,500 you're actually going to give that to the client. 2438 01:35:34,500 --> 01:35:36,630 You're actually going to give you a report to the client 2439 01:35:36,630 --> 01:35:38,800 and then they're going to write you a really large check. 2440 01:35:38,800 --> 01:35:40,508 So that's not really how it works. 2441 01:35:40,508 --> 01:35:43,200 You're going to write a report detailing the findings 2442 01:35:43,200 --> 01:35:44,400 in a detailed way 2443 01:35:44,400 --> 01:35:47,700 so that it includes what did you do to find out 2444 01:35:47,700 --> 01:35:49,300 what you actually found out 2445 01:35:49,300 --> 01:35:52,200 and how you can actually mitigate that particular risk. 2446 01:35:52,200 --> 01:35:55,359 So you should really include remediation activities in order 2447 01:35:55,359 --> 01:35:56,812 to fix this vulnerabilities 2448 01:35:56,812 --> 01:35:58,958 that you find and it's pretty easy to walk 2449 01:35:58,958 --> 01:35:59,900 around saying hey, 2450 01:35:59,900 --> 01:36:01,589 that's a problem and that's problematic. 2451 01:36:01,589 --> 01:36:02,600 And that's a problem. 2452 01:36:02,600 --> 01:36:04,300 That's really not a lot of value 2453 01:36:04,300 --> 01:36:06,915 in that where there's a value is that hey, 2454 01:36:06,915 --> 01:36:08,000 that's a problem. 2455 01:36:08,000 --> 01:36:10,232 And here's how you can go about fixing it. 2456 01:36:10,232 --> 01:36:13,200 So let's talk about the scope of penetration testing. 2457 01:36:13,200 --> 01:36:15,500 So firstly you want to actually realize 2458 01:36:15,500 --> 01:36:18,900 how big is the breadbox and how specifically what is it 2459 01:36:18,900 --> 01:36:21,600 that the you two of the two of you have agreed 2460 01:36:21,600 --> 01:36:23,200 that being you the ethical hacker 2461 01:36:23,200 --> 01:36:25,900 and the other guy being the authorized person to give 2462 01:36:25,900 --> 01:36:29,300 you permission to ethically hack specifically agree 2463 01:36:29,300 --> 01:36:31,700 that you can do penetration testing. 2464 01:36:31,800 --> 01:36:35,177 And you can Target them as an organization or decline 2465 01:36:35,177 --> 01:36:38,100 and what you have agreed to our any exclusions 2466 01:36:38,100 --> 01:36:39,238 or any sort of areas 2467 01:36:39,238 --> 01:36:42,474 that they say you're not allowed to touch so anything so 2468 01:36:42,474 --> 01:36:44,600 like if they've got a database server, 2469 01:36:44,600 --> 01:36:47,678 maybe there's a lot of really sensitive data on it 2470 01:36:47,678 --> 01:36:49,500 and there's a little hesitant 2471 01:36:49,500 --> 01:36:53,500 and they may put don't touch this thing clause in the school. 2472 01:36:53,500 --> 01:36:55,300 So there are a lot of different reasons 2473 01:36:55,300 --> 01:36:57,411 why they may exclude areas from the scope 2474 01:36:57,411 --> 01:37:00,141 and if they exclude them then trust their reason 2475 01:37:00,141 --> 01:37:01,199 and listen to them 2476 01:37:01,200 --> 01:37:03,438 what They have to say in terms of this is 2477 01:37:03,438 --> 01:37:05,103 what we want you to accomplish. 2478 01:37:05,103 --> 01:37:07,786 So along those lines you really need to get sign off 2479 01:37:07,786 --> 01:37:09,312 from the target organization. 2480 01:37:09,312 --> 01:37:11,182 Now, we've talked about this before 2481 01:37:11,182 --> 01:37:14,241 and this is certainly all about the ethics then trust 2482 01:37:14,300 --> 01:37:15,700 and it's also about legality 2483 01:37:15,700 --> 01:37:17,200 because if you do something 2484 01:37:17,200 --> 01:37:19,200 that you don't have permissions to do you 2485 01:37:19,200 --> 01:37:20,900 could be prosecuted for that. 2486 01:37:20,900 --> 01:37:23,541 So definitely get the scope very clear in writing 2487 01:37:23,541 --> 01:37:26,600 and with signatures attached to it as to what you can 2488 01:37:26,600 --> 01:37:27,775 and what you can't do 2489 01:37:27,775 --> 01:37:30,207 and always get approval from the right people 2490 01:37:30,207 --> 01:37:31,711 and make sure you get Buddy 2491 01:37:31,711 --> 01:37:33,064 who has the right level 2492 01:37:33,064 --> 01:37:35,900 of permissions and is the right level of management 2493 01:37:35,900 --> 01:37:38,659 so that they can sign off on its understanding 2494 01:37:38,659 --> 01:37:39,778 and accept the risk 2495 01:37:39,778 --> 01:37:42,263 that is associated with a penetration test. 2496 01:37:42,263 --> 01:37:45,200 So let me talk a little bit about security assessments 2497 01:37:45,200 --> 01:37:47,300 and how they differ from penetration tests. 2498 01:37:47,300 --> 01:37:49,300 The security assessment is a hand 2499 01:37:49,300 --> 01:37:51,092 in hand approach with clients. 2500 01:37:51,092 --> 01:37:53,900 So you would walk in doing a collaborative thing 2501 01:37:53,900 --> 01:37:57,417 where you're a trusted partner and you are live with them 2502 01:37:57,417 --> 01:37:59,612 and your goal isn't to penetrate them 2503 01:37:59,612 --> 01:38:01,372 and point out all the things. 2504 01:38:01,372 --> 01:38:02,548 That are really bad, 2505 01:38:02,548 --> 01:38:04,891 but it's to get a full assessment of the risk 2506 01:38:04,891 --> 01:38:06,547 that the organization is exposed 2507 01:38:06,547 --> 01:38:09,949 to and you would probably provide more details about fixes 2508 01:38:09,949 --> 01:38:12,426 that maybe you would in a penetration test. 2509 01:38:12,426 --> 01:38:15,434 Now what we're going to do is we're going to walk in 2510 01:38:15,434 --> 01:38:16,229 and make sure 2511 01:38:16,229 --> 01:38:17,269 that the policies 2512 01:38:17,269 --> 01:38:20,000 and procedures they have in place are really 2513 01:38:20,000 --> 01:38:21,700 what they need for the organization 2514 01:38:21,900 --> 01:38:23,025 and the risk appetite 2515 01:38:23,025 --> 01:38:25,417 that they've got and we're going to make sure 2516 01:38:25,417 --> 01:38:28,015 that the policies and procedures have controlled 2517 01:38:28,015 --> 01:38:28,898 that can tell us 2518 01:38:28,898 --> 01:38:31,542 whether they are being actually adhere to or not. 2519 01:38:31,542 --> 01:38:33,801 Procedures and policies are being followed 2520 01:38:33,801 --> 01:38:36,141 a security assessment is probably a little bit 2521 01:38:36,141 --> 01:38:37,132 more comprehensive 2522 01:38:37,132 --> 01:38:38,400 than a penetration test 2523 01:38:38,400 --> 01:38:40,600 and you would look at more factors to assess 2524 01:38:40,600 --> 01:38:42,600 the security postures of the organization 2525 01:38:42,600 --> 01:38:44,100 in their overall risk 2526 01:38:44,100 --> 01:38:47,600 and you would tailor the output based on the risk appetite 2527 01:38:47,600 --> 01:38:50,769 and what they're most interested in and that's not to say 2528 01:38:50,769 --> 01:38:53,600 that I'm going to tell them what they want to hear. 2529 01:38:53,600 --> 01:38:56,600 But if there's something that they know and I know 2530 01:38:56,600 --> 01:38:58,200 that they're just not going to do 2531 01:38:58,200 --> 01:39:00,400 I'm not going to be making a big deal out of it 2532 01:39:00,400 --> 01:39:02,499 because they're already Eddie aware of it 2533 01:39:02,499 --> 01:39:04,400 and I'll make a note of it in the report just 2534 01:39:04,400 --> 01:39:05,600 for a complete the sick, 2535 01:39:05,600 --> 01:39:07,700 but I'm not going to go out in a lot of details. 2536 01:39:07,700 --> 01:39:08,800 So it's really kind of 2537 01:39:08,800 --> 01:39:11,200 a hand hand collaborative approach where again, 2538 01:39:11,200 --> 01:39:12,178 you're not just saying 2539 01:39:12,178 --> 01:39:15,078 that they want us to say we're providing some real security 2540 01:39:15,078 --> 01:39:17,200 and risk guidance towards her activities 2541 01:39:17,200 --> 01:39:18,141 and other things 2542 01:39:18,141 --> 01:39:20,093 so it may provide an unrealistic view. 2543 01:39:20,093 --> 01:39:21,213 So you've got a week. 2544 01:39:21,213 --> 01:39:23,114 Let's say to do this penetration test 2545 01:39:23,114 --> 01:39:24,192 against your target. 2546 01:39:24,192 --> 01:39:26,600 Now, you're going to have to go in you're going 2547 01:39:26,600 --> 01:39:27,700 to have to get setup. 2548 01:39:27,700 --> 01:39:30,000 You're also going to have to start doing a bunch 2549 01:39:30,000 --> 01:39:31,170 of scans and make sure 2550 01:39:31,170 --> 01:39:32,700 that Gathering information 2551 01:39:32,700 --> 01:39:35,000 and screenshots and data for your reports 2552 01:39:35,000 --> 01:39:37,500 you're going to have to do all sorts of activities. 2553 01:39:37,500 --> 01:39:39,100 Also during the course of that week. 2554 01:39:39,100 --> 01:39:41,100 You're going to be engaged in probably beginning 2555 01:39:41,100 --> 01:39:42,200 to write your report 2556 01:39:42,200 --> 01:39:44,802 and getting a sense of what is going to say 2557 01:39:44,802 --> 01:39:46,600 and what's going to be in it. 2558 01:39:46,600 --> 01:39:48,900 If you don't actually get any major penetration 2559 01:39:48,900 --> 01:39:51,700 during the course of that week the organization may feel 2560 01:39:51,700 --> 01:39:53,500 like their code and code secure. 2561 01:39:53,500 --> 01:39:55,900 That's one of the reasons why penetration testing 2562 01:39:55,900 --> 01:39:59,200 while really sexy and show is nice and all 2563 01:39:59,200 --> 01:40:02,199 but if an organization walks out of it it believing 2564 01:40:02,199 --> 01:40:03,095 that in a week, 2565 01:40:03,095 --> 01:40:06,330 you didn't manage to get no get the Keys of the Kingdom. 2566 01:40:06,330 --> 01:40:09,066 They might must be secure that's really misguided view 2567 01:40:09,066 --> 01:40:11,700 because I'm dedicated skilled and motivated attacker 2568 01:40:11,700 --> 01:40:14,500 isn't going to just take a week or some portion of that fee. 2569 01:40:14,500 --> 01:40:16,700 They're after something they're going to dedicate 2570 01:40:16,700 --> 01:40:19,200 themselves to do it and really go after it. 2571 01:40:19,200 --> 01:40:22,784 So just because you didn't find a penetration in some subset 2572 01:40:22,784 --> 01:40:24,000 of week doesn't mean 2573 01:40:24,000 --> 01:40:28,500 that they're secure and Illman and in vulnerable to attacks. 2574 01:40:28,500 --> 01:40:30,400 It just means that during the course 2575 01:40:30,400 --> 01:40:33,000 of that particular week and The circumstances 2576 01:40:33,000 --> 01:40:35,562 that were in place you can get a penetration 2577 01:40:35,562 --> 01:40:37,699 that was really significant or major. 2578 01:40:37,699 --> 01:40:38,877 That's all it means. 2579 01:40:38,877 --> 01:40:41,000 It doesn't mean anything beyond that and 2580 01:40:41,000 --> 01:40:42,800 if an organization walks away feeling 2581 01:40:42,800 --> 01:40:44,269 like the secure they're going 2582 01:40:44,269 --> 01:40:46,500 to end up not fixing the real vulnerabilities 2583 01:40:46,500 --> 01:40:47,547 that may be in place 2584 01:40:47,547 --> 01:40:49,800 that could expose them to significant risks. 2585 01:40:49,800 --> 01:40:53,100 So that's penetration testing its corpse its goals 2586 01:40:53,100 --> 01:40:55,880 and how it differs to security assessments now, 2587 01:40:55,880 --> 01:40:57,909 it's time to go over foot reading. 2588 01:40:57,909 --> 01:41:01,600 So what is footprinting well for printing is getting an idea. 2589 01:41:01,600 --> 01:41:04,074 Via of the entire scope of your target. 2590 01:41:04,074 --> 01:41:05,939 That means not just the scope 2591 01:41:05,939 --> 01:41:07,177 that you were given 2592 01:41:07,177 --> 01:41:10,701 which may be an address block or it may be a domain name 2593 01:41:10,701 --> 01:41:13,200 that even maybe a set of a truss blocks. 2594 01:41:13,200 --> 01:41:15,913 Now, what you want to do is you want to figure 2595 01:41:15,913 --> 01:41:17,300 out all the information 2596 01:41:17,300 --> 01:41:20,500 that's associated with that in great detail 2597 01:41:20,500 --> 01:41:24,700 as you can possibly get so you want the list of domain names 2598 01:41:24,700 --> 01:41:26,641 as you're going to go through this 2599 01:41:26,641 --> 01:41:28,100 you probably want some sort 2600 01:41:28,100 --> 01:41:31,500 of database or Excel spreadsheet or something. 2601 01:41:31,500 --> 01:41:32,900 Track of all the information 2602 01:41:32,900 --> 01:41:35,300 because you're going to have a lot of it at the end. 2603 01:41:35,300 --> 01:41:37,800 You want to be able to find information quickly. 2604 01:41:37,800 --> 01:41:40,500 So having some sort of in a notepad going 2605 01:41:40,500 --> 01:41:41,692 with your notes or 2606 01:41:41,692 --> 01:41:43,898 as I said spreadsheet or a database. 2607 01:41:43,898 --> 01:41:45,600 So if you can get organized 2608 01:41:45,600 --> 01:41:49,000 in that way you want to keep all those sorts of things down. 2609 01:41:49,000 --> 01:41:50,000 So in this case, 2610 01:41:50,000 --> 01:41:52,300 I want to do some search on suppose. 2611 01:41:52,300 --> 01:41:54,064 Let's say Eddie record dot go now. 2612 01:41:54,064 --> 01:41:55,300 I need Network block. 2613 01:41:55,300 --> 01:41:58,300 So so far we found out that just made up IP addresses 2614 01:41:58,300 --> 01:42:00,400 because I'm just putting information down, 2615 01:42:00,400 --> 01:42:01,700 but I need never be Block, 2616 01:42:01,700 --> 01:42:05,200 so you may have one IP address that you can find externally 2617 01:42:05,200 --> 01:42:06,900 or you're going to want to hold 2618 01:42:06,900 --> 01:42:10,336 range of internal clocks and you can do a little bit of digging. 2619 01:42:10,336 --> 01:42:13,500 If you aren't provided those you want specific IP addresses 2620 01:42:13,500 --> 01:42:16,900 for critical systems web servers email servers databases. 2621 01:42:16,900 --> 01:42:18,900 If you can find any of these things 2622 01:42:18,900 --> 01:42:21,800 of those sorts and you want system architectures 2623 01:42:21,800 --> 01:42:24,650 and what kind of stuff are they running are they running Intel 2624 01:42:24,650 --> 01:42:25,900 are they running windows? 2625 01:42:25,900 --> 01:42:27,600 Are they running some Unix systems? 2626 01:42:27,600 --> 01:42:28,618 What are they running? 2627 01:42:28,618 --> 01:42:30,768 What kind of Access Control lists they have. 2628 01:42:30,768 --> 01:42:33,400 These are going to be To get but you may be able to guess 2629 01:42:33,400 --> 01:42:35,932 them and you can guess these by doing Port 2630 01:42:35,932 --> 01:42:39,700 can so what sort of responses you get back from the port scans 2631 01:42:39,700 --> 01:42:42,806 with the filters and are what you don't get back. 2632 01:42:42,806 --> 01:42:45,190 We'll tell you about if there's an IDs 2633 01:42:45,190 --> 01:42:48,300 around or some you want to do a system numeration, 2634 01:42:48,300 --> 01:42:49,619 or you can get access 2635 01:42:49,619 --> 01:42:53,200 to a system somehow you want to know usernames group name. 2636 01:42:53,200 --> 01:42:55,400 So on so the basic idea 2637 01:42:55,400 --> 01:42:58,600 of footprinting is gathering information now 2638 01:42:58,600 --> 01:43:01,600 if you can get access to system somehow you want to no use 2639 01:43:01,600 --> 01:43:05,186 Names group names so you want system banners routing tables 2640 01:43:05,186 --> 01:43:08,022 SNMP information if you can get it DNS host names 2641 01:43:08,022 --> 01:43:09,500 if you can get those now, 2642 01:43:09,500 --> 01:43:12,200 this is for both internal and external on the side. 2643 01:43:12,200 --> 01:43:14,379 If you're doing an internal penetration test 2644 01:43:14,379 --> 01:43:15,900 or ethical hacking engagement. 2645 01:43:15,900 --> 01:43:18,500 You want to know the networking protocols that are out there. 2646 01:43:18,500 --> 01:43:19,900 Are they using TCP IP, 2647 01:43:19,900 --> 01:43:21,700 or are they using some UDP 2648 01:43:21,700 --> 01:43:25,600 or are they on ipx or SPX the using decnet 2649 01:43:25,600 --> 01:43:28,982 or appletalk or are they using some sort of split DNS? 2650 01:43:28,982 --> 01:43:29,940 In other words? 2651 01:43:29,940 --> 01:43:31,600 Do they have internal DNS? 2652 01:43:31,800 --> 01:43:33,700 So was that give different foam 2653 01:43:33,700 --> 01:43:36,501 for the external and will it give different information? 2654 01:43:36,501 --> 01:43:39,552 If you want to check for remote access possibilities now 2655 01:43:39,552 --> 01:43:41,300 in the foot printing process 2656 01:43:41,300 --> 01:43:44,600 you want to be very exhaustive you might want to try 2657 01:43:44,600 --> 01:43:48,857 and take out email addresses server domain name Services. 2658 01:43:48,857 --> 01:43:51,900 I mean IP addresses or even contact numbers 2659 01:43:51,900 --> 01:43:54,500 and you want to be very exhausted with your approach. 2660 01:43:54,500 --> 01:43:56,686 You don't want to miss anything out because 2661 01:43:56,686 --> 01:43:57,480 if you do that, 2662 01:43:57,480 --> 01:43:58,309 you can continue 2663 01:43:58,309 --> 01:44:01,222 and also provide some some launching points for additional. 2664 01:44:01,222 --> 01:44:03,529 Tax or test that you may be able to do but this 2665 01:44:03,529 --> 01:44:06,461 is definitely a starting point of the types of information 2666 01:44:06,461 --> 01:44:07,576 that you need to have 2667 01:44:07,576 --> 01:44:09,700 as you go about footprinting your target. 2668 01:44:09,700 --> 01:44:10,700 Now next thing 2669 01:44:10,700 --> 01:44:13,301 that we are going to see is very interesting. 2670 01:44:13,301 --> 01:44:15,323 This is one of the many common tools 2671 01:44:15,323 --> 01:44:17,500 that are out there on the internet and 2672 01:44:17,500 --> 01:44:21,700 that is the Wayback machine or also known as archive.org now 2673 01:44:21,700 --> 01:44:24,477 while it might not give you all the information that you need 2674 01:44:24,477 --> 01:44:26,700 but it gives certainly gives you a starting point 2675 01:44:26,700 --> 01:44:29,400 and what we're talking about here is the Wayback machine 2676 01:44:29,400 --> 01:44:32,600 or archive.org so Just give you a quick look 2677 01:44:32,600 --> 01:44:34,600 at what archive.org looks like. 2678 01:44:34,600 --> 01:44:34,900 Okay. 2679 01:44:34,900 --> 01:44:36,700 I already have it open out here. 2680 01:44:36,700 --> 01:44:39,100 So audio what you can see is 2681 01:44:39,100 --> 01:44:42,249 how a website look like around some time ago. 2682 01:44:42,249 --> 01:44:43,322 So for example, 2683 01:44:43,322 --> 01:44:46,600 if you want to look at with Google look like 2684 01:44:46,600 --> 01:44:50,600 so you just have to search for Google out here and wait 2685 01:44:50,600 --> 01:44:52,100 for results to come back. 2686 01:44:52,515 --> 01:44:52,900 Okay. 2687 01:44:52,900 --> 01:44:56,100 So we see that Google goes way back to 1998. 2688 01:44:56,100 --> 01:44:59,535 So that was the last capture or the first capture other. 2689 01:44:59,535 --> 01:45:02,000 It was the first capture by the Way back machine 2690 01:45:02,000 --> 01:45:02,700 and we can see 2691 01:45:02,700 --> 01:45:05,500 that it has a screenshot of November 11th 2692 01:45:05,500 --> 01:45:07,382 and how Google looked so, 2693 01:45:07,382 --> 01:45:11,600 let's see what Google look like in November 11th of 1988. 2694 01:45:11,600 --> 01:45:13,052 So this is what Google look 2695 01:45:13,052 --> 01:45:15,418 like it was there was actually nothing to it. 2696 01:45:15,418 --> 01:45:18,700 It just said welcome to Google Google search engine prototypes 2697 01:45:19,100 --> 01:45:21,200 and it hasn't link. 2698 01:45:21,200 --> 01:45:24,288 So yeah, this is what the Google search engine look like. 2699 01:45:24,288 --> 01:45:25,700 It had a Stanford surge. 2700 01:45:25,700 --> 01:45:26,930 It had a Linux urge 2701 01:45:26,930 --> 01:45:29,149 and you could do all sorts of stuff. 2702 01:45:29,149 --> 01:45:31,369 You could just put the results now. 2703 01:45:31,369 --> 01:45:34,865 I'm trying to tell y'all is you can see the evolution 2704 01:45:34,865 --> 01:45:38,000 of the website should time to the Wayback machine 2705 01:45:38,000 --> 01:45:41,378 and this gives you rather in informated look 2706 01:45:41,378 --> 01:45:44,200 into how website has actually evolved. 2707 01:45:44,400 --> 01:45:44,800 Okay. 2708 01:45:44,800 --> 01:45:46,659 Now that we know what for printing is 2709 01:45:46,659 --> 01:45:49,600 and how it falls into the hole recognition process. 2710 01:45:49,600 --> 01:45:52,505 So let's go over a couple of websites to do a little bit 2711 01:45:52,505 --> 01:45:55,200 of historical thinking about companies and the types 2712 01:45:55,200 --> 01:45:56,137 of infrastructure 2713 01:45:56,137 --> 01:45:57,330 that they may be using 2714 01:45:57,330 --> 01:45:59,342 and this information of course is useful 2715 01:45:59,342 --> 01:46:01,200 so that we can narrow down our Focus. 2716 01:46:01,200 --> 01:46:03,650 Us in terms of what we want to Target against them 2717 01:46:03,650 --> 01:46:06,300 for attacks now over time we've improved our awareness 2718 01:46:06,300 --> 01:46:07,200 about what sorts 2719 01:46:07,200 --> 01:46:10,500 of information we may want to divulge so several years ago 2720 01:46:10,500 --> 01:46:13,100 you may have gone to a company's website and discover 2721 01:46:13,100 --> 01:46:15,200 that you could get email addresses and names 2722 01:46:15,200 --> 01:46:16,345 of people in positions 2723 01:46:16,345 --> 01:46:17,701 that you may find relevant 2724 01:46:17,701 --> 01:46:20,100 and there were all sorts of bits of information 2725 01:46:20,100 --> 01:46:22,073 that could be used against the company 2726 01:46:22,073 --> 01:46:23,700 and over time we have discovered 2727 01:46:23,700 --> 01:46:24,788 that those are pieces 2728 01:46:24,788 --> 01:46:27,359 of information probably don't belong in a website 2729 01:46:27,359 --> 01:46:29,464 where they can be used against the company 2730 01:46:29,464 --> 01:46:32,288 and so they've been pulled off now The used to be also 2731 01:46:32,288 --> 01:46:34,900 that Google had the ability to pull up information 2732 01:46:34,900 --> 01:46:36,746 that it had cash so far. 2733 01:46:36,746 --> 01:46:37,469 For example, 2734 01:46:37,469 --> 01:46:39,700 if a website is no longer available or 2735 01:46:39,700 --> 01:46:41,900 if it was temporarily down and offline. 2736 01:46:41,900 --> 01:46:44,300 There was a little cash button that you can click 2737 01:46:44,300 --> 01:46:46,400 when you did and the Google search 2738 01:46:46,400 --> 01:46:48,571 and you could pull up that cast information. 2739 01:46:48,571 --> 01:46:51,400 So even though the website wasn't available you can still 2740 01:46:51,400 --> 01:46:54,716 get information from Google's servers now Google's remove 2741 01:46:54,716 --> 01:46:57,400 that so we don't have that ability any longer. 2742 01:46:57,400 --> 01:46:59,700 However, there is an internet archive 2743 01:46:59,700 --> 01:47:03,700 that we can Use so this thing is called the Wayback machine 2744 01:47:03,700 --> 01:47:05,600 and I have it open out here. 2745 01:47:05,600 --> 01:47:07,500 So it's archive.org / web. 2746 01:47:07,500 --> 01:47:09,400 So archive.org is a website 2747 01:47:09,400 --> 01:47:11,900 that gives us information about other websites 2748 01:47:11,900 --> 01:47:13,900 and how they look like in years ago 2749 01:47:13,900 --> 01:47:16,600 and by so I'm going to go to the Wayback machine 2750 01:47:16,600 --> 01:47:19,032 which you can see is at the archive.org 2751 01:47:19,032 --> 01:47:23,000 and I'm going to go and try and search for Eddie record dot go. 2752 01:47:23,000 --> 01:47:25,293 So now we're going to take a historical look 2753 01:47:25,293 --> 01:47:27,004 at Eddie record dot goes website 2754 01:47:27,004 --> 01:47:29,800 and you can see we've got some years and they've got 2755 01:47:29,800 --> 01:47:31,300 information going back up 2756 01:47:31,300 --> 01:47:32,600 to Thousand thirteen, 2757 01:47:32,600 --> 01:47:35,405 so let's look at what this website looked 2758 01:47:35,405 --> 01:47:37,300 like when it was just 2013. 2759 01:47:37,300 --> 01:47:40,833 Okay, there doesn't seem to be any snapshots out here. 2760 01:47:40,833 --> 01:47:42,500 I wonder what's going on. 2761 01:47:42,500 --> 01:47:42,900 Okay. 2762 01:47:42,900 --> 01:47:47,600 So let's go 2014 and the first snapshot seems to be 2763 01:47:47,700 --> 01:47:50,300 on the September 12th of 2014. 2764 01:47:50,300 --> 01:47:50,990 Actually. 2765 01:47:50,990 --> 01:47:53,600 It's on May 17 to so let's see what 2766 01:47:53,600 --> 01:47:54,830 that looks like. 2767 01:47:55,600 --> 01:47:55,957 Okay. 2768 01:47:55,957 --> 01:47:59,600 So this is what Eddie regular look like back in 2013 2769 01:47:59,600 --> 01:48:03,360 or other 2014 September 12 2014 to be actually exact 2770 01:48:03,360 --> 01:48:04,408 now you can see 2771 01:48:04,408 --> 01:48:06,700 that the we have some live classes 2772 01:48:06,700 --> 01:48:08,400 and all this pictures there 2773 01:48:08,400 --> 01:48:11,033 and they've got this weird picture of the sky 2774 01:48:11,033 --> 01:48:14,322 and here I don't know why that was a thing back in 2014. 2775 01:48:14,322 --> 01:48:16,851 Now we can browse more advanced screen shots 2776 01:48:16,851 --> 01:48:19,988 or rather the screen shots that were taken later on and see 2777 01:48:19,988 --> 01:48:22,800 how this company has evolved with this infrastructure 2778 01:48:22,800 --> 01:48:25,388 and the way it actually lays out its content. 2779 01:48:25,388 --> 01:48:27,300 Okay, so it still hasn't evolved 2780 01:48:27,300 --> 01:48:30,100 but I can go a couple of years ahead and see 2781 01:48:30,100 --> 01:48:32,602 what this has actually evolved into so 2782 01:48:32,602 --> 01:48:34,700 if I would go to December 2016, 2783 01:48:36,400 --> 01:48:39,963 so this is what it looked like in 2016 and we can see 2784 01:48:39,963 --> 01:48:42,683 that they've added this weird box out here 2785 01:48:42,683 --> 01:48:46,000 about brides and courses they have other search bar 2786 01:48:46,000 --> 01:48:47,298 that kind of looks weird, 2787 01:48:47,298 --> 01:48:49,478 but it's mostly because my Internet is slow 2788 01:48:49,478 --> 01:48:51,328 and it's not loading all the elements. 2789 01:48:51,328 --> 01:48:52,444 They've also changed 2790 01:48:52,444 --> 01:48:55,400 how they've actually laid out the courses we can also. 2791 01:48:55,400 --> 01:48:57,800 Oh see a change in the prices, I guess. 2792 01:48:57,800 --> 01:48:59,300 So, yeah, this tells us 2793 01:48:59,300 --> 01:49:02,800 about how it evolves as complete website. 2794 01:49:02,900 --> 01:49:06,282 Now this other website I want to talk about is called net crap. 2795 01:49:06,282 --> 01:49:07,400 Now next craft does 2796 01:49:07,400 --> 01:49:10,201 internet research including the types of web servers 2797 01:49:10,201 --> 01:49:13,018 that companies run and they have a web server service. 2798 01:49:13,018 --> 01:49:16,100 You can see here as we scroll the Apache server service has 2799 01:49:16,100 --> 01:49:18,800 sixty four point three percent of the internet Market, 2800 01:49:18,800 --> 01:49:19,300 of course, 2801 01:49:19,300 --> 01:49:20,700 and that's followed by Microsoft 2802 01:49:20,700 --> 01:49:23,453 with 13% interesting information may be useful information, 2803 01:49:23,453 --> 01:49:25,400 but even more useful than that is looking. 2804 01:49:25,400 --> 01:49:27,887 But different companies Run for the websites 2805 01:49:27,887 --> 01:49:29,005 and you can see here. 2806 01:49:29,005 --> 01:49:29,300 Okay. 2807 01:49:29,300 --> 01:49:32,300 So let's try and search for Eddie Rekha dot code here. 2808 01:49:32,300 --> 01:49:34,900 So let's just put in the website URL 2809 01:49:34,900 --> 01:49:37,984 and that net craft generate the site report. 2810 01:49:37,984 --> 01:49:39,141 So as you can see 2811 01:49:39,141 --> 01:49:41,340 that some stuff is not available. 2812 01:49:41,340 --> 01:49:43,782 You know that the net block owner is 2813 01:49:43,782 --> 01:49:47,900 by Amazon Technologies name server is this thing right here? 2814 01:49:47,900 --> 01:49:51,300 DNS admin is AWS DNS host Master. 2815 01:49:51,300 --> 01:49:55,033 We also have the IP address we can go for a wire look up. 2816 01:49:55,033 --> 01:49:57,611 Up the IP on virustotal you can do that. 2817 01:49:57,611 --> 01:49:59,272 There is no IPv6 present. 2818 01:49:59,272 --> 01:50:01,000 So that's some information 2819 01:50:01,000 --> 01:50:04,600 that we can see so we can obviously opt-out not 2820 01:50:04,600 --> 01:50:06,400 Target IPv6 ranges. 2821 01:50:06,469 --> 01:50:08,700 Then there's also reverse DNS 2822 01:50:08,700 --> 01:50:11,400 then we also have a bunch of Hosting history. 2823 01:50:11,400 --> 01:50:14,059 So this is a history of it and we know 2824 01:50:14,059 --> 01:50:18,300 that it's hosted on a Linux system with an Apache web server 2825 01:50:18,300 --> 01:50:19,500 and it was last seen 2826 01:50:19,500 --> 01:50:21,552 and this was when it was last updated. 2827 01:50:21,552 --> 01:50:23,835 So this is some very useful information. 2828 01:50:23,835 --> 01:50:26,600 You can also get information on If like Netflix, 2829 01:50:26,600 --> 01:50:28,600 so if you just type, okay 2830 01:50:28,600 --> 01:50:30,500 I said I just spelled that wrong. 2831 01:50:30,500 --> 01:50:33,200 So let me just change from the URL out here. 2832 01:50:33,200 --> 01:50:36,700 So if you go and die for netflix.com and you'll see 2833 01:50:36,700 --> 01:50:39,100 that it will show you all sorts of information. 2834 01:50:39,100 --> 01:50:42,500 So as you see that it's on an e WS server. 2835 01:50:42,500 --> 01:50:44,223 It's Amazon data services, 2836 01:50:44,223 --> 01:50:47,000 Ireland and this is all the hosting history 2837 01:50:47,000 --> 01:50:48,099 that it goes along 2838 01:50:48,099 --> 01:50:51,556 with it has some send the policy Frameworks domain-based 2839 01:50:51,556 --> 01:50:52,939 message authentication 2840 01:50:52,939 --> 01:50:54,700 and Reporting confirmations. 2841 01:50:55,100 --> 01:50:56,049 And there's all sorts 2842 01:50:56,049 --> 01:50:58,300 of information that you can get about websites 2843 01:50:58,300 --> 01:51:00,054 and web servers from net craft. 2844 01:51:00,054 --> 01:51:01,300 So the Wayback machine 2845 01:51:01,300 --> 01:51:04,020 long with net craft make up for some interesting tools 2846 01:51:04,020 --> 01:51:06,279 that are available on the internet from which 2847 01:51:06,279 --> 01:51:09,000 you can do a little bit of your reconnaissance recess. 2848 01:51:09,000 --> 01:51:09,301 Okay. 2849 01:51:09,301 --> 01:51:11,425 Now that we have gone over net craft 2850 01:51:11,425 --> 01:51:13,078 and the Wayback machine now, 2851 01:51:13,078 --> 01:51:14,313 it's time to actually 2852 01:51:14,313 --> 01:51:16,800 get to know how to use the little information 2853 01:51:16,800 --> 01:51:18,682 that the side actually provides. 2854 01:51:18,682 --> 01:51:20,027 So what the next topic 2855 01:51:20,027 --> 01:51:22,900 that we are going to go over is using DNS to get 2856 01:51:22,900 --> 01:51:27,100 more information now we're going to be Going over to land. 2857 01:51:27,100 --> 01:51:29,500 This is called who is and the utility 2858 01:51:29,500 --> 01:51:31,900 that is used to query the various Regional internet 2859 01:51:31,900 --> 01:51:34,669 registries the store information about domain names 2860 01:51:34,669 --> 01:51:37,270 and IP addresses and let me just show it to you 2861 01:51:37,270 --> 01:51:39,800 about all the internet registries are there. 2862 01:51:39,800 --> 01:51:41,500 So I have Aaron dotnet open 2863 01:51:41,500 --> 01:51:43,795 out here and these are the internet registries 2864 01:51:43,795 --> 01:51:44,900 that provides the isps 2865 01:51:44,900 --> 01:51:47,200 and looks over the Internet control as a whole. 2866 01:51:47,200 --> 01:51:51,600 So here we have afrinic we have up next we have Aaron 2867 01:51:51,600 --> 01:51:54,100 we have lacnic and we have ripe NCC 2868 01:51:54,100 --> 01:51:57,732 so These are all the regions and all the different types 2869 01:51:57,732 --> 01:52:01,300 of stuff that they support all the different countries. 2870 01:52:01,300 --> 01:52:03,400 You can look at the map 2871 01:52:03,400 --> 01:52:06,550 that it is pouring out here by just hovering 2872 01:52:06,550 --> 01:52:07,912 over the providers. 2873 01:52:07,912 --> 01:52:10,638 So as you can see all these Brown region 2874 01:52:10,638 --> 01:52:11,941 out here is Africa 2875 01:52:11,941 --> 01:52:16,500 after Nick then we have up next which is black or grayish thing, 2876 01:52:16,500 --> 01:52:18,600 which is India and Australia 2877 01:52:18,600 --> 01:52:21,676 and quite a lot of issue then we have iron 2878 01:52:21,676 --> 01:52:25,400 which is a lot of North America in the United States me. 2879 01:52:25,500 --> 01:52:27,943 Then this lacnic which is mostly the Latino side, 2880 01:52:27,943 --> 01:52:29,550 which is a South American part. 2881 01:52:29,550 --> 01:52:31,300 Then we have the rest of Europe 2882 01:52:31,300 --> 01:52:33,600 which is ripe NCC and this is the part 2883 01:52:33,600 --> 01:52:36,300 that ripe NCC is providing internet to okay. 2884 01:52:36,300 --> 01:52:38,400 So that was all about the internet registries. 2885 01:52:38,400 --> 01:52:40,000 Now, let's get back to the topic 2886 01:52:40,000 --> 01:52:42,723 and that is using DNS to get more information. 2887 01:52:42,723 --> 01:52:46,342 Now for this we are going to be using a Linux based system. 2888 01:52:46,342 --> 01:52:49,400 So I have a bunch of running on my virtual machine 2889 01:52:49,400 --> 01:52:51,700 out here and let me just log into it. 2890 01:52:51,700 --> 01:52:54,900 So firstly we are going to be using this Square. 2891 01:52:54,900 --> 01:52:56,500 I recalled who is that looks up 2892 01:52:56,500 --> 01:52:58,900 these internet registries that I just showed you. 2893 01:52:58,900 --> 01:53:00,500 Let me just quickly remove this. 2894 01:53:00,799 --> 01:53:01,300 Okay. 2895 01:53:01,800 --> 01:53:03,500 So for acquiring information 2896 01:53:03,500 --> 01:53:06,099 from the regional internet registries that I just talked 2897 01:53:06,099 --> 01:53:06,992 about you can use 2898 01:53:06,992 --> 01:53:08,308 who is to get information 2899 01:53:08,308 --> 01:53:10,500 about who owns a particular IP address. 2900 01:53:10,500 --> 01:53:11,400 So for example, 2901 01:53:11,400 --> 01:53:14,900 I could do who is and let's see I could do 2902 01:53:14,900 --> 01:53:20,676 who is Google or rather netflix.com and we can get 2903 01:53:20,676 --> 01:53:24,599 all sorts of information about Netflix so we can see 2904 01:53:24,599 --> 01:53:28,200 that we Of the visit markmonitor then let's see. 2905 01:53:28,200 --> 01:53:31,400 Let's go up and look for all sorts of information 2906 01:53:31,400 --> 01:53:34,300 that has been given to us by this who is query. 2907 01:53:34,300 --> 01:53:37,594 So as you guys can see I just went a little bit too much. 2908 01:53:37,594 --> 01:53:37,871 Okay. 2909 01:53:37,871 --> 01:53:39,200 So registry domain ID, 2910 01:53:39,200 --> 01:53:42,000 we have the domain ID where it is registered as 2911 01:53:42,000 --> 01:53:44,100 a registered URL is markmonitor. 2912 01:53:44,100 --> 01:53:44,434 Okay. 2913 01:53:44,434 --> 01:53:48,720 So this is for marking actually now the creation date is 1997. 2914 01:53:48,720 --> 01:53:52,700 So you haven't realized Netflix been around for a long time 2915 01:53:52,700 --> 01:53:54,900 and it's been updated on 2015. 2916 01:53:54,900 --> 01:53:56,432 And registry expiry date 2917 01:53:56,432 --> 01:54:00,200 as we see is 2019 that's going to actually go off this here. 2918 01:54:00,200 --> 01:54:02,700 Then this is all useful information 2919 01:54:02,700 --> 01:54:05,400 so we can see all sorts of domain status 2920 01:54:05,400 --> 01:54:09,800 the name server URL the DNS SEC that it says unsigned. 2921 01:54:09,800 --> 01:54:11,800 This is very useful information 2922 01:54:11,800 --> 01:54:14,423 that is being provided by very simple query. 2923 01:54:14,423 --> 01:54:17,900 Now, if you want to know who owns a particular IP address, 2924 01:54:17,900 --> 01:54:21,600 so let's see if we get back the IP address out there. 2925 01:54:21,600 --> 01:54:23,557 We should have got back the IP address, 2926 01:54:23,557 --> 01:54:25,000 but it's kind of lost on me. 2927 01:54:25,000 --> 01:54:28,335 So To get back the IP address also for a domain name service. 2928 01:54:28,335 --> 01:54:29,100 So, you know, 2929 01:54:29,100 --> 01:54:31,100 so you could use this command called dick. 2930 01:54:31,100 --> 01:54:33,023 So your dick netflix.com. 2931 01:54:34,100 --> 01:54:36,000 Now as you guys can see 2932 01:54:36,100 --> 01:54:40,800 that it has returned a bunch of multiple IP addresses 2933 01:54:40,800 --> 01:54:42,400 at these are all the IP addresses 2934 01:54:42,400 --> 01:54:45,500 that Netflix's so I could do something like 2935 01:54:45,500 --> 01:54:47,147 if I was trying to check out 2936 01:54:47,147 --> 01:54:49,852 who all the certain IP address and for example, 2937 01:54:49,852 --> 01:54:51,709 I have got one of these IP addresses, 2938 01:54:51,709 --> 01:54:53,800 but let's just assume I don't know 2939 01:54:53,800 --> 01:54:55,400 that actually belongs to Netflix 2940 01:54:55,400 --> 01:55:01,200 so I can go who is 50 4.77 dot hundred and eight to 2941 01:55:01,400 --> 01:55:03,500 and it'll give me some information 2942 01:55:03,500 --> 01:55:07,200 so As you guys can see it is giving us a bunch 2943 01:55:07,200 --> 01:55:12,800 of information as to who this is and how it is happening. 2944 01:55:12,906 --> 01:55:14,500 So we see that it is 2945 01:55:14,500 --> 01:55:18,550 from Aaron dotnet and so we can very smartly assume 2946 01:55:18,550 --> 01:55:21,700 that it's from the North American part know 2947 01:55:21,700 --> 01:55:24,465 we can also see that it's in Seattle. 2948 01:55:24,465 --> 01:55:27,000 So our guess was completely right. 2949 01:55:27,100 --> 01:55:29,200 So it also gives us a range. 2950 01:55:29,200 --> 01:55:31,489 So this is something very useful. 2951 01:55:31,489 --> 01:55:34,981 So if you see we now have the rain age of the IPS 2952 01:55:34,981 --> 01:55:37,600 that might be being used by this guy. 2953 01:55:37,600 --> 01:55:42,500 So we indeed have 54 and it says it goes up to the 54. 2954 01:55:42,500 --> 01:55:43,958 There's also 34 lat now. 2955 01:55:43,958 --> 01:55:47,300 Let's check that out and see what information we get set 2956 01:55:47,300 --> 01:55:49,607 who is and let's check it out. 2957 01:55:49,607 --> 01:55:50,761 What was the IP 2958 01:55:50,761 --> 01:55:56,600 that we were just seeing is 34.2 49.1 25.1 67. 2959 01:55:57,000 --> 01:56:04,900 So 34.2 49.1 65 I don't know. 2960 01:56:05,000 --> 01:56:06,000 Let's see. 2961 01:56:06,000 --> 01:56:07,950 You can also put in a random IP address. 2962 01:56:07,950 --> 01:56:08,955 It don't really matter 2963 01:56:08,955 --> 01:56:10,600 and they'll give you the information. 2964 01:56:10,600 --> 01:56:12,104 So let's see is this 2965 01:56:12,104 --> 01:56:15,737 and some IP address even this seems to be an error 2966 01:56:15,737 --> 01:56:19,000 and IP address and it's also based in Seattle 2967 01:56:19,000 --> 01:56:20,703 and we got a bunch of information. 2968 01:56:20,703 --> 01:56:22,200 So that's how you can use the 2969 01:56:22,200 --> 01:56:22,957 who is query 2970 01:56:22,957 --> 01:56:26,300 and the query do actually get all sorts of information 2971 01:56:26,300 --> 01:56:29,769 about the domain name service and get information 2972 01:56:29,769 --> 01:56:31,200 from a DNS basically. 2973 01:56:31,200 --> 01:56:33,500 So now let's go over some theoretical part 2974 01:56:33,500 --> 01:56:34,700 that Is for DNS. 2975 01:56:34,700 --> 01:56:37,700 So using DNS to get information so firstly 2976 01:56:37,700 --> 01:56:39,900 what is the domain name service? 2977 01:56:39,900 --> 01:56:41,040 And why do we need? 2978 01:56:41,040 --> 01:56:44,400 So a domain name service is a name given to an IP address 2979 01:56:44,400 --> 01:56:46,352 so that it's easy to remember. 2980 01:56:46,352 --> 01:56:48,955 Of course you it's easy to remember names 2981 01:56:48,955 --> 01:56:52,593 and demonics rather than a bunch of random weird numbers. 2982 01:56:52,593 --> 01:56:53,838 Now, this was mainly 2983 01:56:53,838 --> 01:56:57,200 so that we can map names to IP addresses and we can get 2984 01:56:57,200 --> 01:57:00,600 the a bunch of information from the host name resolution. 2985 01:57:00,600 --> 01:57:03,266 So that's the purpose of IP addresses now 2986 01:57:03,266 --> 01:57:06,300 we Also be looking at how to find network ranges. 2987 01:57:06,300 --> 01:57:06,600 Okay. 2988 01:57:06,600 --> 01:57:08,952 Now before we get onto actually moving on 2989 01:57:08,952 --> 01:57:10,897 to how to find out the network ranges, 2990 01:57:10,897 --> 01:57:13,000 let me just show you how you can also use 2991 01:57:13,000 --> 01:57:15,628 who is so who is suppose you want to know the domains 2992 01:57:15,628 --> 01:57:16,900 with the word feu in it. 2993 01:57:16,900 --> 01:57:17,800 So you could go 2994 01:57:17,800 --> 01:57:21,600 who is fool and this will give you a whole bunch 2995 01:57:21,600 --> 01:57:25,500 of things but hafu exist and all the sorts of foods 2996 01:57:25,500 --> 01:57:27,677 that there is on the internet. 2997 01:57:27,677 --> 01:57:30,017 So that was one interesting flag, 2998 01:57:30,017 --> 01:57:31,700 and if you want to know 2999 01:57:31,700 --> 01:57:36,400 how to use more about Who is you could just go - - hell? 3000 01:57:36,400 --> 01:57:37,300 Yes. 3001 01:57:37,300 --> 01:57:37,610 Yeah. 3002 01:57:37,610 --> 01:57:39,600 So this is all the types of stuff 3003 01:57:39,600 --> 01:57:41,000 that we can do with who is 3004 01:57:41,000 --> 01:57:43,555 so you can set the host we can set the board 3005 01:57:43,555 --> 01:57:47,300 that we want to search for then we can set with the elf laughing 3006 01:57:47,300 --> 01:57:49,800 and find one level less specific match 3007 01:57:49,800 --> 01:57:52,664 and we can do an exact match to an inverse 3008 01:57:52,664 --> 01:57:54,900 look up for specified attributes. 3009 01:57:54,900 --> 01:57:59,700 Then we can also set the source we can set verbose type 3010 01:57:59,843 --> 01:58:01,200 and we can choose 3011 01:58:01,200 --> 01:58:03,915 for request template with this bunch of stuff. 3012 01:58:03,915 --> 01:58:06,300 Can do so you could suppose say 3013 01:58:06,300 --> 01:58:10,193 who is verbose and suppose any record dot coal 3014 01:58:10,200 --> 01:58:12,234 and I'll give you a verbose version 3015 01:58:12,234 --> 01:58:14,727 of the right database query service objects 3016 01:58:14,727 --> 01:58:17,727 aren't RPS out format the right database objectives. 3017 01:58:17,727 --> 01:58:18,527 So, okay. 3018 01:58:18,527 --> 01:58:21,900 Let's try something else like who is netflix.com? 3019 01:58:23,300 --> 01:58:24,600 Okay, I'm sorry. 3020 01:58:24,600 --> 01:58:28,400 I was supposed to be were both and I kept doing Edge silly me. 3021 01:58:28,400 --> 01:58:30,400 So you do V and that will give 3022 01:58:30,400 --> 01:58:33,600 you a much more like this is the right database again. 3023 01:58:33,600 --> 01:58:35,400 And I think I'm doing something wrong. 3024 01:58:35,400 --> 01:58:36,900 Okay, just for that thing. 3025 01:58:36,900 --> 01:58:38,600 OK V and tight okay, 3026 01:58:38,700 --> 01:58:40,593 or let's just see that's let me just show you 3027 01:58:40,593 --> 01:58:42,600 how to use video primary keys are returned. 3028 01:58:42,600 --> 01:58:43,500 Only primary Keys. 3029 01:58:43,500 --> 01:58:43,700 Okay. 3030 01:58:43,700 --> 01:58:44,200 Let's see. 3031 01:58:44,219 --> 01:58:45,680 Let's try that out. 3032 01:58:45,700 --> 01:58:47,400 Okay, so it seems to be 3033 01:58:47,400 --> 01:58:50,003 that this is a ripe database query service 3034 01:58:50,003 --> 01:58:52,100 and objects are in our PSL format. 3035 01:58:52,100 --> 01:58:54,100 So it won't really work for that thing. 3036 01:58:54,100 --> 01:58:55,001 And it also says 3037 01:58:55,001 --> 01:58:57,200 that no entries found because this error 3038 01:58:57,200 --> 01:58:59,450 so this is for some layer lessons. 3039 01:58:59,450 --> 01:59:00,200 So for now, 3040 01:59:00,200 --> 01:59:03,200 I hope I gave you a good idea of how to use Hue is 3041 01:59:03,200 --> 01:59:05,353 like you could Just go ho is 3042 01:59:05,353 --> 01:59:11,700 then some IP address 192.168.1.1 or some Gabriel just like that 3043 01:59:11,700 --> 01:59:14,300 or you could just go for a domain name service 3044 01:59:14,300 --> 01:59:18,700 like Facebook and get all sorts of information about Facebook 3045 01:59:18,700 --> 01:59:21,600 when the query actually returns you something. 3046 01:59:21,600 --> 01:59:21,894 Okay. 3047 01:59:21,894 --> 01:59:22,804 So let's move on 3048 01:59:22,804 --> 01:59:25,921 to network range is now now in this part of the video. 3049 01:59:25,921 --> 01:59:29,098 We are going to be going over the utility called who is 3050 01:59:29,098 --> 01:59:31,800 which is used for getting information from the DNS. 3051 01:59:31,800 --> 01:59:33,646 Now, let me just show you a website. 3052 01:59:33,646 --> 01:59:34,299 Get out here. 3053 01:59:34,299 --> 01:59:36,449 So this is the regional internet registries. 3054 01:59:36,449 --> 01:59:39,100 So the internet registries are used to store information 3055 01:59:39,100 --> 01:59:40,000 about domain names 3056 01:59:40,000 --> 01:59:41,200 and IP addresses and there are 3057 01:59:41,200 --> 01:59:44,100 five Regional internet registries first is iron, 3058 01:59:44,100 --> 01:59:46,000 which is responsible for North America. 3059 01:59:46,000 --> 01:59:49,390 So that would be the US and Canada then we have laugh make 3060 01:59:49,390 --> 01:59:51,294 which is responsible for Latin America 3061 01:59:51,294 --> 01:59:53,000 and portions of the Caribbean 3062 01:59:53,000 --> 01:59:54,000 then there's ripe 3063 01:59:54,000 --> 01:59:56,322 that's responsible for Europe and Middle East 3064 01:59:56,322 --> 01:59:57,211 and Central Asia. 3065 01:59:57,211 --> 01:59:59,561 There's afrinic which is responsible for Africa. 3066 01:59:59,561 --> 02:00:01,007 And finally we have up next 3067 02:00:01,007 --> 02:00:03,201 which is responsible for Asia Pacific Rim. 3068 02:00:03,201 --> 02:00:06,098 So, that's the Regional internet registries and as I said 3069 02:00:06,098 --> 02:00:08,378 who is responsible for acquiring information 3070 02:00:08,378 --> 02:00:10,723 from the various Regional internet registries 3071 02:00:10,723 --> 02:00:13,961 as you can use who is to get information about who owns 3072 02:00:13,961 --> 02:00:15,372 a particular IP address, 3073 02:00:15,372 --> 02:00:18,255 for example, let me just open up my Ubuntu system. 3074 02:00:18,255 --> 02:00:19,900 Let me clear this out first. 3075 02:00:19,900 --> 02:00:21,400 So as I was just saying, 3076 02:00:21,400 --> 02:00:24,861 for example, you could go who is facebook.com. 3077 02:00:26,900 --> 02:00:27,200 Okay. 3078 02:00:27,200 --> 02:00:29,000 So as you guys can see we could find out 3079 02:00:29,000 --> 02:00:31,572 pretty quickly about who owns a particular IP address. 3080 02:00:31,572 --> 02:00:32,300 So for example, 3081 02:00:32,300 --> 02:00:34,691 I could do who is in just go facebook.com 3082 02:00:34,691 --> 02:00:37,800 and tells me about who it belongs to a also gives you 3083 02:00:37,800 --> 02:00:39,682 who owns a particular IP address 3084 02:00:39,682 --> 02:00:42,400 and who's responsible for them from the information. 3085 02:00:42,400 --> 02:00:43,847 You can get email addresses. 3086 02:00:43,847 --> 02:00:45,605 I belong to a particular company. 3087 02:00:45,605 --> 02:00:47,200 This one has an email address 3088 02:00:47,200 --> 02:00:49,969 for Tech contact of Ip reg address it 3089 02:00:49,969 --> 02:00:53,200 so you can get all sorts of email addresses 3090 02:00:53,200 --> 02:00:56,278 attack contacts and all sorts of stuff out there 3091 02:00:56,278 --> 02:00:58,900 the Database contains only.com and dotnet 3092 02:00:58,900 --> 02:01:00,605 and all sorts of information. 3093 02:01:00,605 --> 02:01:01,400 Now. 3094 02:01:01,400 --> 02:01:03,100 I want to query a different IP address 3095 02:01:03,100 --> 02:01:04,122 and different information 3096 02:01:04,122 --> 02:01:06,300 belongs in the different Regional internet registries, 3097 02:01:06,300 --> 02:01:06,750 of course, 3098 02:01:06,750 --> 02:01:08,900 so if I want to go to a particular database, 3099 02:01:08,900 --> 02:01:10,647 I will have to use the minus H flag 3100 02:01:10,647 --> 02:01:14,000 so I could do who is Aaron net and remember the IP address 3101 02:01:14,000 --> 02:01:15,650 and I'm going to query that again. 3102 02:01:15,650 --> 02:01:17,953 And of course I get the same information back 3103 02:01:17,953 --> 02:01:19,000 because I went there 3104 02:01:19,000 --> 02:01:20,600 so you could just go 3105 02:01:20,600 --> 02:01:24,200 who is Edge and then follow it with an IP address. 3106 02:01:24,200 --> 02:01:26,490 So something like 30 4.25 3107 02:01:26,490 --> 02:01:30,600 the 176 the 98 so that's just some random IP address. 3108 02:01:30,600 --> 02:01:34,100 I just made up and it says that who is option? 3109 02:01:34,100 --> 02:01:34,800 Okay. 3110 02:01:34,800 --> 02:01:37,000 So it's a it's a capital H. 3111 02:01:37,200 --> 02:01:37,700 Okay. 3112 02:01:37,700 --> 02:01:38,491 So let's see 3113 02:01:38,491 --> 02:01:42,000 that and we get all sorts of information back from that. 3114 02:01:42,000 --> 02:01:43,900 So area a Darren and all sorts 3115 02:01:43,900 --> 02:01:45,880 of stuff now I can get information 3116 02:01:45,880 --> 02:01:47,190 about domains as well. 3117 02:01:47,190 --> 02:01:49,840 So if I can query something like netflix.com 3118 02:01:49,840 --> 02:01:51,500 and I can find out that this is 3119 02:01:51,500 --> 02:01:52,600 that actually Netflix 3120 02:01:52,600 --> 02:01:54,300 and there's an administrative contact 3121 02:01:54,300 --> 02:01:56,900 and the technical content that I need to see the difference. 3122 02:01:56,900 --> 02:01:58,000 Main server so service 3123 02:01:58,000 --> 02:01:59,716 that foot have authority of information 3124 02:01:59,716 --> 02:02:01,899 about the DNS entries for that particular domain. 3125 02:02:01,899 --> 02:02:03,800 You can also see other information like 3126 02:02:03,800 --> 02:02:05,700 when the record was created 3127 02:02:05,800 --> 02:02:08,700 and whole bunch of different phone numbers 3128 02:02:08,700 --> 02:02:11,500 that you contact an additional storing information 3129 02:02:11,500 --> 02:02:13,200 about IP addresses and domain name. 3130 02:02:13,200 --> 02:02:14,745 Sometimes it will store information 3131 02:02:14,745 --> 02:02:15,963 about particular host names 3132 02:02:15,963 --> 02:02:18,690 and there may be other reasons why you would store a hostname 3133 02:02:18,690 --> 02:02:20,000 or particular information 3134 02:02:20,000 --> 02:02:22,100 about hosting on the system where the one 3135 02:02:22,100 --> 02:02:23,400 of the rare rirs now 3136 02:02:23,400 --> 02:02:26,761 if I want to wanted to look up something specifically So 3137 02:02:26,761 --> 02:02:27,800 once I have found 3138 02:02:27,800 --> 02:02:29,900 that I could know do a look up 3139 02:02:29,900 --> 02:02:34,000 on who is supposed say something like who is full. 3140 02:02:34,000 --> 02:02:36,100 So let's say who is fool. 3141 02:02:36,100 --> 02:02:37,923 Now if you already don't have 3142 02:02:37,923 --> 02:02:40,500 who is installed you can easily install it 3143 02:02:40,500 --> 02:02:42,576 by just going up to install 3144 02:02:42,600 --> 02:02:46,700 who is on your Unix system and that should do the trick 3145 02:02:46,700 --> 02:02:49,900 and then you can start use this really Nifty tool. 3146 02:02:49,900 --> 02:02:51,515 Okay, so that was all 3147 02:02:51,515 --> 02:02:56,100 about using who is now let's get on to actually using 3148 02:02:56,300 --> 02:02:59,000 how to Network ranges for a domain. 3149 02:02:59,100 --> 02:02:59,419 Okay. 3150 02:02:59,419 --> 02:03:03,000 So now let's talk about how we are going to be going over 3151 02:03:03,000 --> 02:03:04,800 and fighting next ranges. 3152 02:03:04,800 --> 02:03:07,058 So suppose you bought it at engagement and you only 3153 02:03:07,058 --> 02:03:07,941 know the domain name 3154 02:03:07,941 --> 02:03:08,945 and you don't know much 3155 02:03:08,945 --> 02:03:10,937 beyond that and you're expected to figure out 3156 02:03:10,937 --> 02:03:12,850 where everything is and what everything is. 3157 02:03:12,850 --> 02:03:14,500 So how do you go about doing that? 3158 02:03:14,500 --> 02:03:17,000 Well use some of the tools that we either have been talking 3159 02:03:17,000 --> 02:03:19,500 about or will soon be talking about in more detail. 3160 02:03:19,500 --> 02:03:21,600 And the first thing I'm going to do is I'm going 3161 02:03:21,600 --> 02:03:23,600 to use a domain name that you record.com 3162 02:03:23,600 --> 02:03:26,400 and I'm going to look up at you like a DOT go and see 3163 02:03:26,400 --> 02:03:28,500 if I get get an IP address back. 3164 02:03:28,500 --> 02:03:33,122 So let's just head over there and go poo is Eddie record 3165 02:03:33,122 --> 02:03:34,043 or not cool, 3166 02:03:34,043 --> 02:03:36,500 or we could use the host keyword. 3167 02:03:37,100 --> 02:03:39,633 So as you see we get an IP address back 3168 02:03:39,633 --> 02:03:41,500 and that is 34 the to dander 3169 02:03:41,500 --> 02:03:45,800 to 30 the 35 and that is the IP address and you see 3170 02:03:45,800 --> 02:03:47,400 that I've got back an IP address. 3171 02:03:47,400 --> 02:03:49,000 So here's just an IP address 3172 02:03:49,000 --> 02:03:51,300 and I don't know what that IP address belongs to 3173 02:03:51,300 --> 02:03:53,600 and I also don't know how big the network range 3174 02:03:53,600 --> 02:03:54,800 or network block is 3175 02:03:54,800 --> 02:03:56,862 that's associated with so what I'm 3176 02:03:56,862 --> 02:04:00,063 Do is a who is and I'm going to look up with Aaron 3177 02:04:00,063 --> 02:04:01,500 who owns it IP address 3178 02:04:01,500 --> 02:04:08,200 so you can basically go who is 34.2 10.2 3935. 3179 02:04:10,200 --> 02:04:11,588 So as you guys can see 3180 02:04:11,588 --> 02:04:13,972 that gives us a bunch of information and 3181 02:04:13,972 --> 02:04:17,754 who is now this doesn't seem to have a very big Network range, 3182 02:04:17,754 --> 02:04:19,800 but unlike something like Netflix. 3183 02:04:19,800 --> 02:04:21,200 So suppose we were 3184 02:04:21,200 --> 02:04:27,238 to do something like host netflix.com and see See now. 3185 02:04:27,238 --> 02:04:29,700 We have a bunch of IP addresses. 3186 02:04:29,700 --> 02:04:33,300 So suppose we will do who is let's see 3187 02:04:33,700 --> 02:04:40,900 who is 52.99 the $40 147 3188 02:04:40,900 --> 02:04:44,900 now I'm expecting Netflix to be a much larger company 3189 02:04:44,900 --> 02:04:46,800 and have a better. 3190 02:04:46,800 --> 02:04:48,600 Yeah now see we get net range. 3191 02:04:48,600 --> 02:04:51,100 So this is the network range that we're talking about. 3192 02:04:51,100 --> 02:04:53,014 So we had a random IP address 3193 02:04:53,014 --> 02:04:55,608 and now we have found the network range. 3194 02:04:55,608 --> 02:04:57,937 So that's how Find network ranges 3195 02:04:57,937 --> 02:04:59,800 and this can be very useful. 3196 02:04:59,800 --> 02:05:01,330 So this gives me evidence 3197 02:05:01,330 --> 02:05:04,600 that netflix.com has a presence on different addresses. 3198 02:05:04,600 --> 02:05:05,620 The one I have also 3199 02:05:05,620 --> 02:05:08,160 located by looking up that particular host name. 3200 02:05:08,160 --> 02:05:10,700 So I've got one address here that I can look at. 3201 02:05:10,700 --> 02:05:12,300 Let's take a look at the website 3202 02:05:12,300 --> 02:05:14,100 because let me different address. 3203 02:05:14,100 --> 02:05:16,500 Now if I didn't have that I could also go 3204 02:05:16,500 --> 02:05:19,000 and do something like an MX flag. 3205 02:05:19,100 --> 02:05:22,200 So let's see I could go dig 3206 02:05:22,500 --> 02:05:26,600 and this will give us all the male's so dig MX. 3207 02:05:27,500 --> 02:05:28,800 And let's see. 3208 02:05:28,800 --> 02:05:32,600 Let's see what MX does actually you go help 3209 02:05:32,600 --> 02:05:36,200 so we could do dig - Edge for a list of options. 3210 02:05:36,200 --> 02:05:42,200 So these are all the options that we have and the one 3211 02:05:42,200 --> 02:05:44,800 that we're going to use is something like this. 3212 02:05:44,800 --> 02:05:49,600 Do you think MX and we say something like netflix.com. 3213 02:05:51,200 --> 02:05:55,000 So these are all mailings and mx's 3214 02:05:55,000 --> 02:06:00,500 that we have gotten from Netflix and this is information 3215 02:06:00,500 --> 02:06:03,172 regarding it's still producing information. 3216 02:06:03,172 --> 02:06:04,905 That's a big thing to produce. 3217 02:06:04,905 --> 02:06:05,200 Okay. 3218 02:06:05,200 --> 02:06:07,200 So as I was just saying you can use 3219 02:06:07,200 --> 02:06:10,900 the MX flag I could get back all the mail handlers in this case 3220 02:06:10,900 --> 02:06:14,600 and their mail is being handled by Google and let's see wait, 3221 02:06:14,600 --> 02:06:17,400 let's go until then it's going to tell me 3222 02:06:17,400 --> 02:06:20,300 that Google is not particularly surprising and other things 3223 02:06:20,300 --> 02:06:22,600 that you can do is check for different host names 3224 02:06:22,600 --> 02:06:25,000 since I'm assuming DNS probably doesn't allow 3225 02:06:25,000 --> 02:06:26,607 Zone transfers since most DNA. 3226 02:06:26,607 --> 02:06:28,001 Has servers don't anymore, 3227 02:06:28,001 --> 02:06:30,736 although they used to you may have to start guessing 3228 02:06:30,736 --> 02:06:33,900 so I could do something like Web Mail said we find out here. 3229 02:06:34,500 --> 02:06:38,000 So it's showed us a dump of all the ascending memory stuff. 3230 02:06:38,000 --> 02:06:39,211 Okay, so that was all 3231 02:06:39,211 --> 02:06:41,639 about finding Network ranges now moving on 3232 02:06:41,639 --> 02:06:44,600 to our next topic is using Google for recognizance. 3233 02:06:44,600 --> 02:06:48,200 Now some people also call this Google hacking now, 3234 02:06:48,200 --> 02:06:50,031 if you know how to use Google 3235 02:06:50,031 --> 02:06:53,301 to exactly Target and find what you are looking for. 3236 02:06:53,301 --> 02:06:56,500 Google is an excellent tool for recognitions purposes. 3237 02:06:56,500 --> 02:06:57,300 And today. 3238 02:06:57,300 --> 02:07:00,700 I'm going to show you how you could use Google exactly 3239 02:07:00,700 --> 02:07:02,100 for your searches. 3240 02:07:02,100 --> 02:07:03,300 So first of all, 3241 02:07:03,300 --> 02:07:06,800 let's go Open a tab of Google so open up here. 3242 02:07:06,900 --> 02:07:08,900 So let's go to google.com. 3243 02:07:09,200 --> 02:07:09,600 Ok. 3244 02:07:09,600 --> 02:07:11,200 So now we're going to be talking 3245 02:07:11,200 --> 02:07:14,961 about how we can use Google to actually gain some information 3246 02:07:14,961 --> 02:07:16,700 or some targeted information. 3247 02:07:16,700 --> 02:07:19,400 So this is in general called Google hacked now 3248 02:07:19,400 --> 02:07:21,300 when I say Google hacking I'm not meaning 3249 02:07:21,300 --> 02:07:23,500 by breaking into Google to steal information. 3250 02:07:23,500 --> 02:07:25,800 I'm talking about making use of specific keywords 3251 02:07:25,800 --> 02:07:28,199 that Google uses to get the most out of the queries 3252 02:07:28,199 --> 02:07:29,077 that you submit. 3253 02:07:29,077 --> 02:07:29,900 So for example, 3254 02:07:29,900 --> 02:07:33,134 a pretty basic one is the use of quotations you go things 3255 02:07:33,134 --> 02:07:34,717 in order to use Civic phrases. 3256 02:07:34,717 --> 02:07:36,600 Otherwise Google will find pages 3257 02:07:36,600 --> 02:07:37,800 that have instances 3258 02:07:37,900 --> 02:07:40,800 of all those words rather than the word specifically together 3259 02:07:40,800 --> 02:07:41,800 in particular order. 3260 02:07:41,800 --> 02:07:45,300 So I'm going to pull this query up and this shows a list 3261 02:07:45,300 --> 02:07:47,100 of let me just show it to you. 3262 02:07:47,100 --> 02:07:50,800 So you go index off now. 3263 02:07:50,800 --> 02:07:54,500 This is showing us an index of all the films now. 3264 02:07:54,500 --> 02:07:57,200 This is basically all those index of size 3265 02:07:57,200 --> 02:07:58,411 that you want. 3266 02:07:58,500 --> 02:08:02,000 So as you guys can see the show this index of all sorts of films 3267 02:08:02,000 --> 02:08:05,800 that are there now you can Use index of and you see 3268 02:08:05,800 --> 02:08:07,000 that we have also 3269 02:08:07,000 --> 02:08:09,200 an index of downloads or something like that. 3270 02:08:09,200 --> 02:08:11,500 -.com such download 3271 02:08:11,600 --> 02:08:14,199 and it is an index of all sorts of stuff. 3272 02:08:14,199 --> 02:08:17,824 Now you can go into some folder and check them out G Jones. 3273 02:08:17,824 --> 02:08:19,200 You weren't EG Perico. 3274 02:08:19,200 --> 02:08:21,396 I don't know what these are but some sort of self. 3275 02:08:21,396 --> 02:08:23,100 And this is how you can use Google Now. 3276 02:08:23,100 --> 02:08:24,700 Let me just show you some more tricks. 3277 02:08:24,700 --> 02:08:28,500 So you can use this suppose you're using Google 3278 02:08:28,500 --> 02:08:31,700 to find for something like a presentation 3279 02:08:31,700 --> 02:08:34,100 so you could use something like file type. 3280 02:08:34,100 --> 02:08:38,500 DP DX and it'll search for every type of file there. 3281 02:08:38,500 --> 02:08:39,800 That is Peabody. 3282 02:08:40,000 --> 02:08:40,500 Okay. 3283 02:08:41,000 --> 02:08:44,900 Let's try some other side PVD so config. 3284 02:08:45,215 --> 02:08:45,600 Okay. 3285 02:08:45,600 --> 02:08:48,400 So this brings up all the types of files 3286 02:08:48,400 --> 02:08:50,500 that have some configs in them. 3287 02:08:50,500 --> 02:08:52,499 So some gaming configuration 3288 02:08:52,499 --> 02:08:56,000 as we see this initial configuration of Liverpool. 3289 02:08:56,000 --> 02:09:00,838 Now, you could also use something like the sing and URL 3290 02:09:00,838 --> 02:09:03,300 and you can use some other route. 3291 02:09:03,700 --> 02:09:06,039 And this will give you all the things 3292 02:09:06,039 --> 02:09:07,600 that route in their URL. 3293 02:09:07,600 --> 02:09:10,700 So King rude and Digital Trends 3294 02:09:10,700 --> 02:09:14,100 and how to root Android so fasten the root 3295 02:09:14,100 --> 02:09:18,000 and suppose you want to say something like all 3296 02:09:18,000 --> 02:09:20,300 in file type or suppose. 3297 02:09:20,300 --> 02:09:25,400 You want some extension so so dot P BTW the pptx. 3298 02:09:25,400 --> 02:09:26,600 Does that work? 3299 02:09:26,600 --> 02:09:28,800 Let's search for JavaScript files. 3300 02:09:28,900 --> 02:09:29,400 Okay. 3301 02:09:29,500 --> 02:09:31,500 I think it's JS. 3302 02:09:31,800 --> 02:09:34,100 Okay, that doesn't seem to work either. 3303 02:09:34,700 --> 02:09:38,214 This shows us all the things that she estimate. 3304 02:09:38,214 --> 02:09:40,198 No, it's just external JS. 3305 02:09:40,198 --> 02:09:41,800 I'm doing this wrong. 3306 02:09:44,600 --> 02:09:46,200 So you could use file type. 3307 02:09:46,200 --> 02:09:50,000 So let's see file type and we go see doc. 3308 02:09:50,800 --> 02:09:52,175 So these are all the documents 3309 02:09:52,175 --> 02:09:54,100 that you could find at the file type thing. 3310 02:09:54,100 --> 02:09:57,300 And you could also do GS, I guess. 3311 02:09:57,500 --> 02:09:58,000 Yeah. 3312 02:09:58,000 --> 02:10:00,700 This is give you all the JavaScript files are there. 3313 02:10:00,700 --> 02:10:03,800 So this is how you can use Google to actually narrow 3314 02:10:03,800 --> 02:10:04,900 down your searches 3315 02:10:04,900 --> 02:10:07,000 to suppose you want a particular set of keywords, 3316 02:10:07,000 --> 02:10:09,800 and we want to make sure we get the password file from Google. 3317 02:10:09,800 --> 02:10:10,049 Okay. 3318 02:10:10,049 --> 02:10:10,800 So now let's go 3319 02:10:10,800 --> 02:10:12,900 into more details about the various things. 3320 02:10:12,900 --> 02:10:14,800 You can find using Google hacking. 3321 02:10:14,900 --> 02:10:17,900 Now while Google hacking techniques are really useful 3322 02:10:17,900 --> 02:10:19,700 for just general searching in Google. 3323 02:10:19,700 --> 02:10:21,982 They're also useful for penetration testers 3324 02:10:21,982 --> 02:10:23,100 or ethical hackers. 3325 02:10:23,100 --> 02:10:24,806 You can narrow down information 3326 02:10:24,806 --> 02:10:28,000 that you get from Google you get a specific list of systems 3327 02:10:28,000 --> 02:10:29,294 that may be vulnerable 3328 02:10:29,294 --> 02:10:31,610 so we can do things like look for are pages 3329 02:10:31,610 --> 02:10:33,118 that do in the title error. 3330 02:10:33,118 --> 02:10:35,800 So I'm going to get a whole bunch of information. 3331 02:10:35,800 --> 02:10:42,200 So suppose like we go in title and we say error So 3332 02:10:42,200 --> 02:10:44,300 as that we get all sorts of stuff 3333 02:10:44,300 --> 02:10:46,479 and we can do the mines Google part. 3334 02:10:46,479 --> 02:10:49,717 So if you don't mind is Google not show you the stuff 3335 02:10:49,717 --> 02:10:50,900 that's from Google. 3336 02:10:51,200 --> 02:10:52,901 So we get a variance documentation pages 3337 02:10:52,901 --> 02:10:54,649 about different vendors and the errors 3338 02:10:54,649 --> 02:10:55,500 that they support. 3339 02:10:55,500 --> 02:10:58,200 So here's one doc about Oracle about Java error, 3340 02:10:58,200 --> 02:11:01,100 but you know something more specific we may be able to get 3341 02:11:01,100 --> 02:11:03,100 errors about all sorts of other stuff. 3342 02:11:03,100 --> 02:11:06,200 So this is how you could use the Google hacking technique 3343 02:11:06,200 --> 02:11:09,200 to your own advantage of your penetration tester. 3344 02:11:09,200 --> 02:11:11,900 Now, let's also show You something called 3345 02:11:11,900 --> 02:11:14,179 the Google hacking database now. 3346 02:11:14,179 --> 02:11:17,100 This is very useful for an ethical hacker. 3347 02:11:17,100 --> 02:11:19,678 Now on the Google hacking database was created 3348 02:11:19,678 --> 02:11:22,200 several years ago by a guy called Johnny Long 3349 02:11:22,200 --> 02:11:24,524 who put this Google hacking database together to begin 3350 02:11:24,524 --> 02:11:25,950 to compile a list of searches 3351 02:11:25,950 --> 02:11:27,999 that would bring up interesting information. 3352 02:11:27,999 --> 02:11:30,900 Now Johnny has written a couple of books on Google hacking. 3353 02:11:30,900 --> 02:11:33,600 So we're at the Google hacking database website here 3354 02:11:33,600 --> 02:11:34,600 and you can see them talk 3355 02:11:34,600 --> 02:11:36,600 about Google Docs and all sorts of stuff. 3356 02:11:36,600 --> 02:11:37,608 Now you can see 3357 02:11:37,608 --> 02:11:40,700 that we can do all sorts of search like and you 3358 02:11:40,700 --> 02:11:45,800 are Elsa BC B SP this brings up some portal Pages now out here. 3359 02:11:45,800 --> 02:11:49,600 You can bring up some password APS password and URL. 3360 02:11:49,600 --> 02:11:52,200 Now this will give you all sorts of stuff 3361 02:11:52,200 --> 02:11:59,200 on Google suppose you go and URL like a PS password. 3362 02:11:59,500 --> 02:12:01,186 Now, you can get all sorts 3363 02:12:01,186 --> 02:12:04,200 of stuff like which have passwords in their URL. 3364 02:12:04,200 --> 02:12:07,600 So maybe you can just guess a password from there to now 3365 02:12:07,600 --> 02:12:08,900 that was Google hacking 3366 02:12:08,900 --> 02:12:10,900 so Google hacking entries and they also, 3367 02:12:10,900 --> 02:12:11,900 Number of categories 3368 02:12:11,900 --> 02:12:14,600 and that you can look through to find some specific things. 3369 02:12:14,600 --> 02:12:16,400 So you may be interested in of course 3370 02:12:16,400 --> 02:12:18,824 and you will search specific information that you 3371 02:12:18,824 --> 02:12:21,400 may be looking for with regards to specific product. 3372 02:12:21,400 --> 02:12:24,900 For example, let me just show you XY database. 3373 02:12:24,900 --> 02:12:26,800 These are all the certain types of stuff. 3374 02:12:26,800 --> 02:12:28,200 You can go through out here. 3375 02:12:28,300 --> 02:12:30,688 And as you see we have all sorts 3376 02:12:30,688 --> 02:12:33,600 of sound like is an SQL injection thing. 3377 02:12:33,761 --> 02:12:37,300 This is something regarding Pier archived ours. 3378 02:12:37,300 --> 02:12:40,600 So these let you get a foothold in the some password cracking. 3379 02:12:40,600 --> 02:12:42,800 Alms and you can do some Brute Force checking 3380 02:12:42,800 --> 02:12:43,825 and you can see here 3381 02:12:43,825 --> 02:12:46,800 if it talks about the type of searches and what it reveals. 3382 02:12:46,800 --> 02:12:48,912 You can just click here on Google search engine 3383 02:12:48,912 --> 02:12:51,300 will actually bring up Google fit a list of responses 3384 02:12:51,300 --> 02:12:52,400 that Google generates. 3385 02:12:52,400 --> 02:12:54,500 So let's look at this one here. 3386 02:12:54,500 --> 02:12:56,600 This type is a log. 3387 02:12:56,600 --> 02:12:59,400 So this is something about cross-site scripting logs 3388 02:12:59,400 --> 02:13:02,800 and we can also see some party logs 3389 02:13:02,800 --> 02:13:04,600 if I was not wrong 3390 02:13:04,600 --> 02:13:09,000 so some denial-of-service POC and we can see a bunch of stuff 3391 02:13:09,000 --> 02:13:11,000 and if you continue to scroll down there, 3392 02:13:11,000 --> 02:13:12,300 Our interesting information 3393 02:13:12,300 --> 02:13:14,800 in here so somehow somebody's got a party log 3394 02:13:14,800 --> 02:13:16,690 that has a lot of information. 3395 02:13:16,690 --> 02:13:19,400 They've got it up on a website and basically 3396 02:13:19,400 --> 02:13:20,663 bunch of information 3397 02:13:20,663 --> 02:13:24,200 that you can see you can also get some surveillance video 3398 02:13:24,200 --> 02:13:28,200 sometimes and you can look into them and this basically 3399 02:13:28,200 --> 02:13:29,900 how you could use Google. 3400 02:13:29,900 --> 02:13:32,935 So it's basically a list of queries that you can go through 3401 02:13:32,935 --> 02:13:34,700 and this is a very useful site 3402 02:13:34,700 --> 02:13:37,678 if you are a penetration tester and looking for some help 3403 02:13:37,678 --> 02:13:39,700 with your Google hacking terminologies, 3404 02:13:39,700 --> 02:13:40,600 so that's it for 3405 02:13:40,600 --> 02:13:41,800 Or Google hacking now. 3406 02:13:41,800 --> 02:13:42,625 Let's move on. 3407 02:13:42,625 --> 02:13:42,915 Okay. 3408 02:13:42,915 --> 02:13:45,700 So now it's time for some networking fundamentals 3409 02:13:45,700 --> 02:13:48,500 and what better place to begin with dcpip. 3410 02:13:48,500 --> 02:13:51,200 Now we're going to be talking about the history of dcpip 3411 02:13:51,200 --> 02:13:51,863 and the network 3412 02:13:51,863 --> 02:13:53,500 that eventually morphed into the thing 3413 02:13:53,500 --> 02:13:55,000 that we now call the internet. 3414 02:13:55,000 --> 02:13:57,291 So this thing began in 1969 and it spun 3415 02:13:57,291 --> 02:14:00,100 out of this government organization called arpa 3416 02:14:00,100 --> 02:14:02,897 which Advanced research projects agency and they 3417 02:14:02,897 --> 02:14:05,246 had an idea to create a computer network 3418 02:14:05,246 --> 02:14:07,484 that was resilient to a certain type 3419 02:14:07,484 --> 02:14:08,700 of military attacks 3420 02:14:08,700 --> 02:14:11,400 and the idea was to have This network 3421 02:14:11,400 --> 02:14:15,300 that could survive certain types of war and warlike conditions. 3422 02:14:15,300 --> 02:14:18,900 So our percent out this request for proposals to BBN, 3423 02:14:18,900 --> 02:14:22,021 which is Bolt beranek and Newman and they were previously 3424 02:14:22,021 --> 02:14:24,668 and acoustical consulting company and they won 3425 02:14:24,668 --> 02:14:25,900 the contract to build 3426 02:14:25,900 --> 02:14:27,700 what was called the arpanet. 3427 02:14:27,700 --> 02:14:30,200 The first connection was in 1969. 3428 02:14:30,200 --> 02:14:32,170 So that's where we get the idea 3429 02:14:32,170 --> 02:14:35,300 that the internet began in 1969 and the internet 3430 02:14:35,300 --> 02:14:38,534 as we call it now Then Shall We Begin but arpanet it 3431 02:14:38,534 --> 02:14:40,500 and often it has a long history 3432 02:14:40,500 --> 02:14:42,731 that goes goes through NSF net 3433 02:14:42,731 --> 02:14:46,600 in 1980s and after arpanet was sort of decommissioned 3434 02:14:46,600 --> 02:14:49,423 and a lot of other networks were folded into this 3435 02:14:49,423 --> 02:14:50,800 this thing called nsfnet 3436 02:14:50,800 --> 02:14:53,400 that then turned into what we now call the internet 3437 02:14:53,400 --> 02:14:55,700 and once a lot of other networks were connected 3438 02:14:55,700 --> 02:14:57,800 into its first protocol on the arpanet 3439 02:14:57,800 --> 02:15:00,122 initially there were 18 to 22 protocols, 3440 02:15:00,122 --> 02:15:03,100 which is very first protocol defining communication 3441 02:15:03,100 --> 02:15:05,905 on arpanet and it was called 1822 protocol 3442 02:15:05,905 --> 02:15:08,401 because BBN report 1822 which describes 3443 02:15:08,401 --> 02:15:10,800 how it works shortly and after that. 3444 02:15:10,800 --> 02:15:13,800 It was just think all the network control program 3445 02:15:13,800 --> 02:15:16,400 and the network control program consisted 3446 02:15:16,400 --> 02:15:20,500 of arpanet host-to-host protocol and an initial control protocol. 3447 02:15:20,500 --> 02:15:23,330 Now, they're certainly not a direct correlation 3448 02:15:23,330 --> 02:15:24,500 or an analogy here. 3449 02:15:24,500 --> 02:15:25,804 But if you want to think 3450 02:15:25,804 --> 02:15:28,098 about it in particular where you can say 3451 02:15:28,098 --> 02:15:31,400 that the arpanet host-to-host protocol is kind of like UDP 3452 02:15:31,400 --> 02:15:34,100 and initial connection protocol or ICP. 3453 02:15:34,100 --> 02:15:35,200 It's kind of like TCP. 3454 02:15:35,200 --> 02:15:37,200 So the host-to-host protocol provided 3455 02:15:37,200 --> 02:15:40,600 a unidirectional flow control steam stream between hosts. 3456 02:15:40,600 --> 02:15:42,900 Which sounded a little bit like UDP and ICP 3457 02:15:42,900 --> 02:15:46,100 provided a bi-directional pair of streams between Two Hosts. 3458 02:15:46,100 --> 02:15:48,300 And again, these aren't perfect knowledge. 3459 02:15:48,300 --> 02:15:51,500 He's but the host-to-host protocol is a little I bit 3460 02:15:51,500 --> 02:15:53,633 like UDP and ICP is a little bit 3461 02:15:53,633 --> 02:15:56,500 like TCP now now the first router was called 3462 02:15:56,500 --> 02:15:59,869 an interface message processor and that was developed by BBN. 3463 02:15:59,869 --> 02:16:02,500 It was actually a ruggedized Honeywell computer 3464 02:16:02,500 --> 02:16:04,800 that had special interfaces and software. 3465 02:16:04,800 --> 02:16:08,500 So the first router wasn't Roundup built piece of Hardware, 3466 02:16:08,500 --> 02:16:10,900 but it was actually an existing piece of hardware. 3467 02:16:10,900 --> 02:16:13,800 Especially published for this particular application. 3468 02:16:13,800 --> 02:16:17,700 So Honeywell had this computer that they made out and BBN took 3469 02:16:17,700 --> 02:16:20,186 that and made some specific hardware and faces 3470 02:16:20,186 --> 02:16:21,900 and build some special software 3471 02:16:21,900 --> 02:16:23,252 that allowed it to turn 3472 02:16:23,252 --> 02:16:25,300 into this interface message processor, 3473 02:16:25,300 --> 02:16:28,600 which passed messages over arpanet from one location 3474 02:16:28,600 --> 02:16:29,800 to another so 3475 02:16:29,900 --> 02:16:33,000 where did I become hint here in 1973? 3476 02:16:33,000 --> 02:16:35,600 So I became in here as well in 1973 3477 02:16:35,600 --> 02:16:38,299 as I just said and a guy but name of Vint Cerf 3478 02:16:38,299 --> 02:16:40,899 and another guy by the name of Robert Kahn took. 3479 02:16:40,900 --> 02:16:44,100 The ideas of NCP and what the arpanet was doing 3480 02:16:44,100 --> 02:16:46,049 and they tried to come up with some Concepts 3481 02:16:46,049 --> 02:16:47,499 that would work for the needs 3482 02:16:47,500 --> 02:16:49,600 that the arpanet had and so by 1974. 3483 02:16:49,600 --> 02:16:52,799 They had published a paper that was published by the IEEE 3484 02:16:52,799 --> 02:16:54,899 and they propose some new protocols. 3485 02:16:54,900 --> 02:16:58,200 They originally proposed the central protocol called TCP 3486 02:16:58,200 --> 02:17:00,400 later on TCP was broken into TCP 3487 02:17:00,400 --> 02:17:03,183 and IP to get away from the monolithic concept 3488 02:17:03,183 --> 02:17:05,713 that TCP was originally so they broke it 3489 02:17:05,714 --> 02:17:09,000 into more modular protocols and thus you get TCP and IP. 3490 02:17:09,000 --> 02:17:10,900 So how do we get to our version? 3491 02:17:10,900 --> 02:17:12,100 Or which is ipv4 3492 02:17:12,100 --> 02:17:13,245 since that's the kind 3493 02:17:13,245 --> 02:17:16,308 of Internet that we're using right now version 6 is coming 3494 02:17:16,308 --> 02:17:18,641 and has been coming for many many years now, 3495 02:17:18,641 --> 02:17:20,700 but you're still kind of version for 3496 02:17:20,700 --> 02:17:24,300 so how did we get here between 1977 and 79 3497 02:17:24,400 --> 02:17:28,500 and we went through version 0 to 3 By 1979 and 1980. 3498 02:17:28,500 --> 02:17:30,499 We started using version 4 and 3499 02:17:30,499 --> 02:17:33,477 that's eventually became the de facto protocol 3500 02:17:33,477 --> 02:17:35,000 on the internet in 1983 3501 02:17:35,000 --> 02:17:38,376 when NCP was finally shut down because of all the hosts 3502 02:17:38,376 --> 02:17:39,367 on the arpanet, 3503 02:17:39,367 --> 02:17:40,885 but we're using TCP IP. 3504 02:17:40,885 --> 02:17:42,912 By that point in 1992 work began 3505 02:17:42,912 --> 02:17:45,700 on an IP Next Generation and for a long time, 3506 02:17:45,700 --> 02:17:47,400 although the specifications 3507 02:17:47,400 --> 02:17:50,400 in the rfc's talked about P&G eventually 3508 02:17:50,400 --> 02:17:53,700 and I PNG became known as IPv6. 3509 02:17:53,700 --> 02:17:56,200 You may be wondering where ipv5 went. 3510 02:17:56,200 --> 02:17:58,282 Well, it was especially purpose protocol 3511 02:17:58,282 --> 02:17:59,693 that had to do something 3512 02:17:59,693 --> 02:18:02,499 with streaming and certainly not a widespread thing. 3513 02:18:02,500 --> 02:18:04,600 One of the differences between ipv4. 3514 02:18:04,600 --> 02:18:05,424 And IPv6 is 3515 02:18:05,424 --> 02:18:09,799 that IPv6 has a 128-bit address which gives us the ability 3516 02:18:09,799 --> 02:18:13,199 to have some Recklessly large numbers of devices 3517 02:18:13,200 --> 02:18:17,228 that have their own unique IP address IP V4 by comparison 3518 02:18:17,228 --> 02:18:19,099 has only 32-bit addresses. 3519 02:18:19,100 --> 02:18:20,951 And as you probably heard we're well 3520 02:18:20,951 --> 02:18:23,551 on our way to exhausting the number of IP addresses 3521 02:18:23,552 --> 02:18:25,468 that are available and we've done a lot 3522 02:18:25,468 --> 02:18:27,940 of things over the years to conserve address space 3523 02:18:27,940 --> 02:18:29,100 and reuse address space 3524 02:18:29,100 --> 02:18:31,500 so we can continue to extending to the point till 3525 02:18:31,500 --> 02:18:33,700 where we completely run a 5p V4 addresses. 3526 02:18:33,700 --> 02:18:36,151 Another thing about IPv6 is it attempts to fix 3527 02:18:36,151 --> 02:18:37,732 on the inherent issues and IP 3528 02:18:37,732 --> 02:18:40,258 and some of those has to do with security concerns 3529 02:18:40,258 --> 02:18:43,200 and there are certainly a number of flaws and ipv4. 3530 02:18:43,200 --> 02:18:46,299 I'm going to start working on IP Next Generation or IPv6. 3531 02:18:46,299 --> 02:18:48,999 They try to address some of those concerns in some 3532 02:18:49,000 --> 02:18:51,700 of those issues and they may not have done it perfectly 3533 02:18:51,700 --> 02:18:53,609 but it was certainly an attempt 3534 02:18:53,609 --> 02:18:56,200 and IPv6 attempt to fix some of the issues 3535 02:18:56,200 --> 02:18:58,000 that were inherently in IP. 3536 02:18:58,000 --> 02:19:02,900 And so that's the history of TCP IP still very reach today. 3537 02:19:03,500 --> 02:19:04,000 Okay. 3538 02:19:04,000 --> 02:19:07,419 So now that we've discussed a brief history on TCP IP 3539 02:19:07,419 --> 02:19:10,100 and how it came about to the TCP IP version 3540 02:19:10,100 --> 02:19:12,300 4 Cisco's the model itself. 3541 02:19:12,400 --> 02:19:14,700 Now we're going to be discussing two models. 3542 02:19:14,700 --> 02:19:17,700 And those are the OSI model and the TCP IP model. 3543 02:19:17,700 --> 02:19:21,307 Now as I said will be talking about the OSI and TCP models 3544 02:19:21,307 --> 02:19:24,209 for Network protocols and the network Stacks OSI. 3545 02:19:24,209 --> 02:19:25,600 First of all is the one 3546 02:19:25,600 --> 02:19:28,799 that you see out here is the one on the left hand side 3547 02:19:28,799 --> 02:19:32,699 of the screen and OSI stands for open systems interconnection. 3548 02:19:32,700 --> 02:19:34,100 And in the late 1970s, 3549 02:19:34,100 --> 02:19:37,258 they start working on a model for how a network stack 3550 02:19:37,258 --> 02:19:40,302 and network protocols would look originally the intent was 3551 02:19:40,302 --> 02:19:42,941 to develop the model and then developed protocols 3552 02:19:42,941 --> 02:19:44,030 that went with it. 3553 02:19:44,030 --> 02:19:45,906 But what ended up happening was 3554 02:19:45,906 --> 02:19:49,600 after they develop the models TCP IP started really taking off 3555 02:19:49,600 --> 02:19:51,303 and the TCP IP model was 3556 02:19:51,303 --> 02:19:54,000 what went along with it and much better 3557 02:19:54,000 --> 02:19:56,300 what was going on with TCP IP, 3558 02:19:56,300 --> 02:19:59,766 which became the predominant protocol and as a result 3559 02:19:59,766 --> 02:20:02,796 The OSI protocols never actually got developed. 3560 02:20:02,796 --> 02:20:04,950 However, we still use the OSI model 3561 02:20:04,950 --> 02:20:07,800 for teaching tool as well as way of describing 3562 02:20:07,800 --> 02:20:10,071 what's going on with the network stack 3563 02:20:10,071 --> 02:20:11,300 and the Applications 3564 02:20:11,300 --> 02:20:14,200 you'll often hear people talking about different layers. 3565 02:20:14,200 --> 02:20:16,100 Like that's a little too problem 3566 02:20:16,100 --> 02:20:18,545 or render layer 3 space now continuing 3567 02:20:18,545 --> 02:20:20,000 through these lessons. 3568 02:20:20,000 --> 02:20:22,447 I'll refer occasionally to the different layers. 3569 02:20:22,447 --> 02:20:25,052 And when I do that, I'm referring to the OSI model. 3570 02:20:25,052 --> 02:20:27,658 So let's take a look at the OSI model starting 3571 02:20:27,658 --> 02:20:28,641 from the bottom. 3572 02:20:28,641 --> 02:20:30,249 We have the physical layer, 3573 02:20:30,249 --> 02:20:34,033 which is where all the physical stuff lives the wires and cables 3574 02:20:34,033 --> 02:20:35,355 and network interfaces 3575 02:20:35,355 --> 02:20:38,400 and hubs repeaters switches and all that sort of stuff. 3576 02:20:38,400 --> 02:20:40,900 So all that's all physical stuff is sitting Sitting 3577 02:20:40,900 --> 02:20:42,186 in the physical layer now 3578 02:20:42,186 --> 02:20:44,401 sitting Above This is the data link layer. 3579 02:20:44,401 --> 02:20:46,400 And that's where the ethernet protocol 3580 02:20:46,400 --> 02:20:48,200 ATM protocol frame relay. 3581 02:20:48,200 --> 02:20:49,636 Those are things live. 3582 02:20:49,636 --> 02:20:49,872 Now. 3583 02:20:49,872 --> 02:20:51,059 I mentioned the switch 3584 02:20:51,059 --> 02:20:53,599 below the physical the switch lives at layer 1, 3585 02:20:53,599 --> 02:20:55,187 but it operates at layer 2. 3586 02:20:55,187 --> 02:20:57,267 And the reason it operates at layer 2 is 3587 02:20:57,267 --> 02:20:59,400 because it looks at the data link address 3588 02:20:59,400 --> 02:21:01,239 and the layer to our physical address 3589 02:21:01,239 --> 02:21:04,100 and that's not to be confused with in the physical layer. 3590 02:21:04,100 --> 02:21:06,176 It does get a little mixed up sometimes 3591 02:21:06,176 --> 02:21:08,000 and we refer to the MAC address 3592 02:21:08,000 --> 02:21:10,800 now the MAC address is not the physical address. 3593 02:21:10,900 --> 02:21:11,900 I'm talking about it 3594 02:21:11,900 --> 02:21:14,400 is the message authentication code dress 3595 02:21:14,400 --> 02:21:17,100 on the system as so the MAC address 3596 02:21:17,100 --> 02:21:18,779 on system as a physical address 3597 02:21:18,779 --> 02:21:21,000 because it lives on the physical interface 3598 02:21:21,000 --> 02:21:22,400 and bound physically. 3599 02:21:22,400 --> 02:21:24,000 However that Mac address 3600 02:21:24,000 --> 02:21:26,800 or media Access Control address lives at layer 3601 02:21:26,800 --> 02:21:29,700 2 at the data link layer the network layer, 3602 02:21:29,700 --> 02:21:31,700 which is right above at layer 3. 3603 02:21:31,700 --> 02:21:35,500 That's why the IP lives as well as icmp ipx 3604 02:21:35,500 --> 02:21:36,800 and from ipx SPX 3605 02:21:36,800 --> 02:21:40,400 to the protocols from novel routers operate at layer 3. 3606 02:21:40,400 --> 02:21:44,000 Three and at layer 4 above that is the transport layer. 3607 02:21:44,000 --> 02:21:48,000 That's the TCP UDP and SPX again from the ipx SPX suit 3608 02:21:48,000 --> 02:21:50,900 of protocols number of that is the session layer 3609 02:21:50,900 --> 02:21:52,328 and that's layer 5 and 3610 02:21:52,328 --> 02:21:55,900 that's a plot of SSH as well as several other protocols. 3611 02:21:55,900 --> 02:21:57,326 Then there's a presentation layer 3612 02:21:57,326 --> 02:21:59,600 which is a layer 6 and you'll often see people refer 3613 02:21:59,600 --> 02:22:02,788 to something like jpeg or MPEG as examples of protocols 3614 02:22:02,788 --> 02:22:06,141 that live on that layer then there's a presentation layer, 3615 02:22:06,141 --> 02:22:07,500 which is the final layer 3616 02:22:07,500 --> 02:22:09,950 which is layer 6 and you'll often see people refer 3617 02:22:09,950 --> 02:22:11,300 to something like Jpeg, 3618 02:22:11,300 --> 02:22:14,496 or MPEG as example the protocol that live at that layer 3619 02:22:14,496 --> 02:22:18,202 and then the live at that layer which is the presentation layer. 3620 02:22:18,202 --> 02:22:18,900 Finally. 3621 02:22:18,900 --> 02:22:19,851 We have Leo 7, 3622 02:22:19,851 --> 02:22:24,300 which is the application layer and that's actually TP FTP SMTP 3623 02:22:24,300 --> 02:22:27,529 and similar application protocols whose responsibility 3624 02:22:27,529 --> 02:22:29,982 is to deliver and use the functionality. 3625 02:22:29,982 --> 02:22:32,199 So that's basically the OSI model and 3626 02:22:32,199 --> 02:22:34,600 that's the seven layers of the OSI model 3627 02:22:34,600 --> 02:22:36,700 and there's some important thing to note here. 3628 02:22:36,700 --> 02:22:38,400 That is when we are putting packets 3629 02:22:38,400 --> 02:22:40,618 onto the wire the packets get built from Top. 3630 02:22:40,618 --> 02:22:41,716 Top of the Stack Down 3631 02:22:41,716 --> 02:22:44,544 by from the top of the stack to the bottom of the stack 3632 02:22:44,544 --> 02:22:46,894 which is why it's called a stack each layer sits 3633 02:22:46,894 --> 02:22:47,872 on top of the other 3634 02:22:47,872 --> 02:22:50,557 and the application layer is responsible for beginning 3635 02:22:50,557 --> 02:22:51,566 the process and then 3636 02:22:51,566 --> 02:22:53,749 that follows through the presentation session 3637 02:22:53,749 --> 02:22:56,600 and transport layer and down through the network data link 3638 02:22:56,600 --> 02:22:59,637 until we finally drop it on the wire at the physical layer 3639 02:22:59,637 --> 02:23:01,504 when it's received from the network. 3640 02:23:01,504 --> 02:23:02,900 It goes from the bottom up 3641 02:23:02,900 --> 02:23:04,500 and we receive it on the physical 3642 02:23:04,500 --> 02:23:06,186 and gets handled by the data link 3643 02:23:06,186 --> 02:23:08,951 and then the network and till the application layer. 3644 02:23:08,951 --> 02:23:11,700 So basically when a packet Coming in it comes in 3645 02:23:11,700 --> 02:23:14,035 from the application goes out from the physical 3646 02:23:14,035 --> 02:23:15,800 and then we're going out also, 3647 02:23:15,800 --> 02:23:18,400 it goes from the physical through the data link, 3648 02:23:18,500 --> 02:23:20,800 then the network transport session presentation 3649 02:23:20,800 --> 02:23:23,400 and application and finally to the Target system. 3650 02:23:23,400 --> 02:23:26,150 Now what we're dealing with is an encapsulation process. 3651 02:23:26,150 --> 02:23:29,200 So at every layer on the way down the different layers 3652 02:23:29,200 --> 02:23:32,181 add bits of information to the datagram all the packet. 3653 02:23:32,181 --> 02:23:33,500 So that's when it gets 3654 02:23:33,500 --> 02:23:35,500 to the other side each layer knows 3655 02:23:35,500 --> 02:23:37,400 where it's demarcation pointers. 3656 02:23:37,400 --> 02:23:39,300 Well, it may seem obvious each layer. 3657 02:23:39,300 --> 02:23:40,500 Talk to the same layer. 3658 02:23:40,600 --> 02:23:41,500 On the other side. 3659 02:23:41,500 --> 02:23:43,300 So when we drop a packet out 3660 02:23:43,300 --> 02:23:46,311 onto the wire the physical layer talks to the physical layer 3661 02:23:46,311 --> 02:23:48,200 and in other words the electrical bits 3662 02:23:48,200 --> 02:23:50,400 that get transmitted by the network interface 3663 02:23:50,400 --> 02:23:51,919 on the first system are received 3664 02:23:51,919 --> 02:23:54,269 on the second system on the second system. 3665 02:23:54,269 --> 02:23:55,400 The layer two headers 3666 02:23:55,400 --> 02:23:57,700 have report by the first system get removed 3667 02:23:57,700 --> 02:23:59,300 and handled as necessary. 3668 02:23:59,300 --> 02:24:00,900 Same thing at the network layer. 3669 02:24:00,900 --> 02:24:03,000 It's a network layer the puts the IP header 3670 02:24:03,000 --> 02:24:04,020 and the network layer 3671 02:24:04,020 --> 02:24:06,800 that removes the IP header and determines what to do 3672 02:24:06,800 --> 02:24:08,900 from there and so on and so on again 3673 02:24:08,900 --> 02:24:10,400 while it may seem obvious 3674 02:24:10,400 --> 02:24:12,511 It's an important distinction to recognize 3675 02:24:12,511 --> 02:24:14,294 that each layer talk to each layer 3676 02:24:14,294 --> 02:24:15,693 while it may seem obvious. 3677 02:24:15,693 --> 02:24:17,900 It's an important distinction to recognize 3678 02:24:17,900 --> 02:24:19,653 that each layer talk to each layer. 3679 02:24:19,653 --> 02:24:21,800 And when you're building a packet you go down 3680 02:24:21,800 --> 02:24:22,600 through the stack 3681 02:24:22,600 --> 02:24:25,100 and when you're receiving you come up to the stack. 3682 02:24:25,100 --> 02:24:26,600 And again, it's called a stack 3683 02:24:26,600 --> 02:24:29,264 because you keep pushing things on top of the packet 3684 02:24:29,264 --> 02:24:31,500 and they get popped off the other side. 3685 02:24:31,500 --> 02:24:33,184 So that was detailed 3686 02:24:33,184 --> 02:24:36,799 and brief working on how the OSI model is set up 3687 02:24:36,799 --> 02:24:39,200 and how the OSI model works now, 3688 02:24:39,200 --> 02:24:41,100 let's move on to the VIP model, 3689 02:24:41,100 --> 02:24:43,350 which is on the right hand side and you'll notice 3690 02:24:43,350 --> 02:24:45,900 that there's a really big difference here that being 3691 02:24:45,900 --> 02:24:48,604 that there are only four layers in the TCP IP model 3692 02:24:48,604 --> 02:24:51,153 as compared to the seven layers of the OSI model. 3693 02:24:51,153 --> 02:24:53,061 Now, we have the network access layer 3694 02:24:53,061 --> 02:24:56,400 the internet layer the transport layer and the application layer 3695 02:24:56,400 --> 02:24:57,510 in the functionality. 3696 02:24:57,510 --> 02:24:59,038 Now, we have the access layer 3697 02:24:59,038 --> 02:25:00,877 the internet layer the transport layer 3698 02:25:00,877 --> 02:25:03,100 and the application layer the functionality 3699 02:25:03,100 --> 02:25:05,800 that the stack provides is the same and in other words, 3700 02:25:05,800 --> 02:25:07,800 you're not going to get less functionality 3701 02:25:07,800 --> 02:25:09,100 out of the TCP IP model. 3702 02:25:09,100 --> 02:25:12,149 It's just that they've changed where And functionality decides 3703 02:25:12,149 --> 02:25:15,300 and where the demarcation point between the different layers are 3704 02:25:15,300 --> 02:25:18,182 so there are only four layers in the TCP IP model, 3705 02:25:18,182 --> 02:25:20,869 which means that a couple of layers that have taken 3706 02:25:20,869 --> 02:25:22,931 in functions from some of the OSI models 3707 02:25:22,931 --> 02:25:25,625 and we can get into that right here the difference 3708 02:25:25,625 --> 02:25:28,100 between the models at the network access layer 3709 02:25:28,100 --> 02:25:29,300 in the TCP IP model 3710 02:25:29,300 --> 02:25:30,750 that consists of the physical 3711 02:25:30,750 --> 02:25:32,916 and the data link layer from The OSI model. 3712 02:25:32,916 --> 02:25:34,000 So on the right here, 3713 02:25:34,000 --> 02:25:35,761 you see the network access layer 3714 02:25:35,761 --> 02:25:38,900 that takes into the account the physical and the data link 3715 02:25:38,900 --> 02:25:40,100 layers from The OSI model 3716 02:25:40,100 --> 02:25:41,700 and the Left hand side similarly 3717 02:25:41,700 --> 02:25:44,170 the application layer from the TCP IP model 3718 02:25:44,170 --> 02:25:46,588 and compresses all the session presentation 3719 02:25:46,588 --> 02:25:48,999 and the application layer of the OSI model 3720 02:25:48,999 --> 02:25:51,500 on the right the very top box the application layer 3721 02:25:51,500 --> 02:25:53,600 and Compass has the session presentation 3722 02:25:53,600 --> 02:25:56,000 and application layer and on the left hand side 3723 02:25:56,100 --> 02:25:58,400 that of course leaves the transport layer to be 3724 02:25:58,400 --> 02:26:00,000 the same and the OSI model. 3725 02:26:00,000 --> 02:26:02,900 They call it the network layer and then dcpip model. 3726 02:26:02,900 --> 02:26:05,318 It's called the internet layer same sort of thing. 3727 02:26:05,318 --> 02:26:07,549 That's where the IP lives and even though it's called 3728 02:26:07,549 --> 02:26:10,200 the internet layer as compared to the network layer. 3729 02:26:10,200 --> 02:26:11,956 It's Same sort of functionality. 3730 02:26:11,956 --> 02:26:14,700 So those are the really big differences between OSI 3731 02:26:14,700 --> 02:26:16,500 and dcpip model anytime. 3732 02:26:16,500 --> 02:26:20,200 I refer to layers through the course of this video 3733 02:26:20,200 --> 02:26:23,100 that I'm going to be referring to the OSI model and in part 3734 02:26:23,100 --> 02:26:25,299 because it makes it easier to differentiate 3735 02:26:25,299 --> 02:26:26,700 the different functionality. 3736 02:26:26,700 --> 02:26:29,670 If I were to say live on function in the TCP IP model, 3737 02:26:29,670 --> 02:26:31,200 you would necessarily know 3738 02:26:31,200 --> 02:26:33,100 if I was talking about a physical thing 3739 02:26:33,100 --> 02:26:34,500 or a data link thing 3740 02:26:34,500 --> 02:26:38,000 since there's more granularity in the OSI model. 3741 02:26:38,000 --> 02:26:40,639 It's better to talk about the functionality in terms. 3742 02:26:40,639 --> 02:26:42,425 Terms of the layers in the OSI model 3743 02:26:42,425 --> 02:26:44,723 and that's the predominant model The OSI model 3744 02:26:44,723 --> 02:26:45,900 and the TCP IP model 3745 02:26:45,900 --> 02:26:49,200 for Network Stacks Network protocols and applications. 3746 02:26:49,300 --> 02:26:50,100 Okay. 3747 02:26:50,100 --> 02:26:52,688 So now that we've discussed the TCP IP model. 3748 02:26:52,688 --> 02:26:55,029 Let's go over some another important protocol 3749 02:26:55,029 --> 02:26:55,970 and that is UDP. 3750 02:26:55,970 --> 02:26:57,441 So what do you see out here 3751 02:26:57,441 --> 02:26:59,452 on your screen right now is Wireshark 3752 02:26:59,452 --> 02:27:02,100 and we'll be going over the users of our shark 3753 02:27:02,100 --> 02:27:06,008 and what it's useful for in the sock upcoming lessons. 3754 02:27:06,008 --> 02:27:09,200 But for now, let me just show you a UDP packet. 3755 02:27:09,200 --> 02:27:10,049 Okay. 3756 02:27:10,049 --> 02:27:11,300 So before we get 3757 02:27:11,300 --> 02:27:15,300 into the analysis of the packet while it's still filtering, 3758 02:27:15,300 --> 02:27:17,200 let me just tell you a little bit about you to be 3759 02:27:17,200 --> 02:27:21,100 so UDP is a protocol and the TCP IP suit of protocols. 3760 02:27:21,100 --> 02:27:22,558 It's in the network layer. 3761 02:27:22,558 --> 02:27:24,395 That's a network layer in the OSI. 3762 02:27:24,395 --> 02:27:27,192 So similar reference model the IP network layer carries 3763 02:27:27,192 --> 02:27:28,000 the IP address 3764 02:27:28,000 --> 02:27:30,699 and that has information about how to get back is 3765 02:27:30,699 --> 02:27:31,600 to his destination 3766 02:27:31,600 --> 02:27:33,794 the transport layer sits on top of the network layer 3767 02:27:33,794 --> 02:27:35,000 and that carries information 3768 02:27:35,000 --> 02:27:37,964 about how to differentiate Network layer applications 3769 02:27:37,964 --> 02:27:41,199 and that information about how those Network application 3770 02:27:41,200 --> 02:27:44,000 gets differentiated is in the form of ports. 3771 02:27:44,000 --> 02:27:46,095 So the transport layer has ports 3772 02:27:46,095 --> 02:27:49,500 and the network layer has in this case an IP address. 3773 02:27:49,500 --> 02:27:53,142 And UDP is a transport layer protocol and UDP stands 3774 02:27:53,142 --> 02:27:55,000 for user datagram protocol 3775 02:27:55,000 --> 02:27:58,685 and often call connectionless or sometimes unreliable. 3776 02:27:58,685 --> 02:28:00,498 Now unreliable doesn't mean 3777 02:28:00,498 --> 02:28:03,700 that you can't really rely on it unreliable means 3778 02:28:03,700 --> 02:28:04,887 that you can't just 3779 02:28:04,887 --> 02:28:07,700 that what you sent is reaching the other side. 3780 02:28:07,700 --> 02:28:09,800 So 1 means actually that there's nothing 3781 02:28:09,800 --> 02:28:12,100 in the protocol that says it's going to guarantee 3782 02:28:12,100 --> 02:28:14,600 that the data Will Graham that you send or the fact 3783 02:28:14,600 --> 02:28:17,900 that you send is going to get where you wanted send it. 3784 02:28:17,900 --> 02:28:21,700 So the Tikal has no sort of safety feature like that. 3785 02:28:21,700 --> 02:28:24,049 So you shouldn't use this protocol that is used to be 3786 02:28:24,049 --> 02:28:25,800 if you want some sort of safety net. 3787 02:28:25,800 --> 02:28:27,900 And if you needed that type of safety net you 3788 02:28:27,900 --> 02:28:30,200 would have to write it into your own application. 3789 02:28:30,200 --> 02:28:33,100 So basically UDP is a fast protocol and that's one 3790 02:28:33,100 --> 02:28:34,500 of the reason why it's good. 3791 02:28:34,700 --> 02:28:36,800 It's also on the reason why it's unreliable 3792 02:28:36,800 --> 02:28:39,200 because in order to get that speed you don't have 3793 02:28:39,200 --> 02:28:41,177 all of the error checking and validation 3794 02:28:41,177 --> 02:28:42,800 that messages are getting there. 3795 02:28:42,800 --> 02:28:44,411 So because it's fast it's good 3796 02:28:44,411 --> 02:28:46,970 for things like games and for real-time voice 3797 02:28:46,970 --> 02:28:49,500 and video anything where speed is important. 3798 02:28:49,500 --> 02:28:50,794 And you would use UDP. 3799 02:28:50,794 --> 02:28:51,643 So right here. 3800 02:28:51,643 --> 02:28:53,100 I have a packet capture. 3801 02:28:53,100 --> 02:28:57,547 So I'm using Wireshark capture some buckets and let's check out 3802 02:28:57,547 --> 02:28:59,747 UDP packet so out here you see 3803 02:28:59,747 --> 02:29:01,779 that there are some freedoms 3804 02:29:01,779 --> 02:29:05,700 that says 167 bites on bio 167 bites have been captured 3805 02:29:05,700 --> 02:29:07,894 but we're not really interested in the frame part. 3806 02:29:07,894 --> 02:29:10,000 You're interested in the user datagram protocol. 3807 02:29:10,000 --> 02:29:11,100 But so here you can see 3808 02:29:11,100 --> 02:29:13,300 that the source board is one eight five three 3809 02:29:13,300 --> 02:29:16,000 and the destination Port is Phi 2 0 8 1 3810 02:29:16,000 --> 02:29:19,400 now it has a length and it has a checksum and Tough. 3811 02:29:19,400 --> 02:29:21,600 So as you guys see out here, well, 3812 02:29:21,600 --> 02:29:23,600 we don't really see a bunch of information 3813 02:29:23,600 --> 02:29:25,700 what you only see is a source port 3814 02:29:25,700 --> 02:29:28,800 and the destination port land and there is also a checksum 3815 02:29:28,800 --> 02:29:31,400 so you to be doesn't come with an awful lot of headers 3816 02:29:31,400 --> 02:29:33,233 because it doesn't need any 3817 02:29:33,233 --> 02:29:36,900 of the things that you see in the other packet headers. 3818 02:29:36,900 --> 02:29:38,900 The only thing it needs is to tell you 3819 02:29:38,900 --> 02:29:41,200 how to get the application on the receiving host. 3820 02:29:41,200 --> 02:29:43,300 And that's where the destination Port comes in 3821 02:29:43,300 --> 02:29:45,000 and wants the message gets to the destination. 3822 02:29:45,000 --> 02:29:46,299 The destination needs to know 3823 02:29:46,299 --> 02:29:48,300 how to communicate back to the originator 3824 02:29:48,300 --> 02:29:50,400 and that would be Through the source port 3825 02:29:50,400 --> 02:29:51,400 or a return message. 3826 02:29:51,400 --> 02:29:53,800 So a return message would convert The Source port 3827 02:29:53,800 --> 02:29:54,787 to a destination port 3828 02:29:54,787 --> 02:29:56,050 and send back to that board 3829 02:29:56,050 --> 02:29:58,200 in order to communicate with the originator. 3830 02:29:58,200 --> 02:30:00,240 So we have a source port and destination port 3831 02:30:00,240 --> 02:30:01,090 and the length is 3832 02:30:01,090 --> 02:30:03,383 a minimal amount of checking and to make sure that 3833 02:30:03,383 --> 02:30:06,169 if the packet that you received as a different from the length 3834 02:30:06,169 --> 02:30:07,650 that specify in the UDP header, 3835 02:30:07,650 --> 02:30:09,600 then there may have been something wrong 3836 02:30:09,600 --> 02:30:11,800 so you won't may want to discard the message to check 3837 02:30:11,800 --> 02:30:12,700 for more messages. 3838 02:30:12,800 --> 02:30:14,300 So the checksum also make sure 3839 02:30:14,300 --> 02:30:17,700 that nothing in the middle was tampered with although it's 3840 02:30:17,700 --> 02:30:19,414 if there's some sort of man in the middle. 3841 02:30:19,414 --> 02:30:20,499 Attack or something like 3842 02:30:20,499 --> 02:30:22,700 that a checksum is pretty easy to manufacture 3843 02:30:22,700 --> 02:30:24,153 after you've altered the packet 3844 02:30:24,153 --> 02:30:25,700 so you can see here in the message 3845 02:30:25,700 --> 02:30:28,300 that there's a number of UDP packets some of them 3846 02:30:28,300 --> 02:30:29,707 just UDP the one look 3847 02:30:29,707 --> 02:30:32,608 and happens to be from some Skype application, 3848 02:30:32,608 --> 02:30:34,800 I guess so talking to Skype servers 3849 02:30:34,800 --> 02:30:37,211 and we've already got the DNS now DNS also 3850 02:30:37,211 --> 02:30:38,800 needs some Fast Response times 3851 02:30:38,800 --> 02:30:41,350 because you don't want to send a lot of time looking 3852 02:30:41,350 --> 02:30:44,100 up information about service that you're going to before 3853 02:30:44,100 --> 02:30:45,900 because just to go to them. 3854 02:30:45,900 --> 02:30:49,062 So DNS server through all throughout their queries 3855 02:30:49,062 --> 02:30:52,000 on to the Using UDP hoping to get fast sponsors. 3856 02:30:52,000 --> 02:30:55,000 They don't want to spend a lot of time setting up connections 3857 02:30:55,000 --> 02:30:56,631 and during all the negotiating 3858 02:30:56,631 --> 02:30:58,700 that comes at the protocol like TCP. 3859 02:30:58,700 --> 02:30:59,500 For example. 3860 02:30:59,500 --> 02:31:02,737 So here you see that the DNS is using UDP and 3861 02:31:02,737 --> 02:31:06,594 what we've got here is another UDP packet for Destination 3862 02:31:06,594 --> 02:31:08,100 and all sorts of stuff 3863 02:31:08,100 --> 02:31:09,700 so you can see it out here 3864 02:31:09,700 --> 02:31:11,400 so you can see the checksum. 3865 02:31:11,400 --> 02:31:13,500 It's unverified checksum status 3866 02:31:13,500 --> 02:31:17,400 so you can check out all sorts of stuff using Wireshark. 3867 02:31:17,400 --> 02:31:21,100 So that was about UDP or The user datagram protocol. 3868 02:31:21,300 --> 02:31:21,600 Okay. 3869 02:31:21,600 --> 02:31:24,551 So now that we're done with the user datagram protocol. 3870 02:31:24,551 --> 02:31:26,300 Let's talk about addressing mode. 3871 02:31:26,300 --> 02:31:27,631 So addressing modes is 3872 02:31:27,631 --> 02:31:30,900 how you address a packet to your different destination. 3873 02:31:30,900 --> 02:31:33,200 So there are three kinds of addressing mode. 3874 02:31:33,200 --> 02:31:35,400 The first kind of addressing mode is unicast. 3875 02:31:35,400 --> 02:31:37,300 This is pretty simple one to understand. 3876 02:31:37,300 --> 02:31:39,700 So there is one destination and one source 3877 02:31:39,700 --> 02:31:42,400 and the source sends the packet to the destination 3878 02:31:42,400 --> 02:31:44,455 and it's it depends on the protocol 3879 02:31:44,455 --> 02:31:46,700 that you're using to actually address. 3880 02:31:46,700 --> 02:31:47,912 So if it's something 3881 02:31:47,912 --> 02:31:50,700 like TCP IP your Using a bi-directional stream. 3882 02:31:50,700 --> 02:31:53,030 So the blue computer can talk to the red computer 3883 02:31:53,030 --> 02:31:55,700 and the red computer can talk back to the blue computer, 3884 02:31:55,700 --> 02:31:58,270 but you can also use a UDP stream which is 3885 02:31:58,270 --> 02:31:59,900 like One Direction stream. 3886 02:31:59,900 --> 02:32:02,802 So it's not sure if I'm using the correct word. 3887 02:32:02,802 --> 02:32:05,219 So it's a stream that in One Direction. 3888 02:32:05,219 --> 02:32:07,700 I guess I'm driving home the point here. 3889 02:32:07,700 --> 02:32:10,037 So if it's UDP only blue is talking 3890 02:32:10,037 --> 02:32:13,200 and when blue stops talking then read can talk, 3891 02:32:13,200 --> 02:32:16,661 but if it's dcpip blue and red him talk simultaneously 3892 02:32:16,661 --> 02:32:19,600 at the same time now moving on there's also so 3893 02:32:19,600 --> 02:32:21,863 broadcast now broadcast means 3894 02:32:21,863 --> 02:32:25,400 that you are sending your bracket to everybody 3895 02:32:25,400 --> 02:32:26,517 on the network. 3896 02:32:26,517 --> 02:32:29,200 So broadcast messages are very common 3897 02:32:29,200 --> 02:32:31,221 from mobile network providers 3898 02:32:31,221 --> 02:32:34,448 so many get those advertisements saying something 3899 02:32:34,448 --> 02:32:36,600 like you have a new postpaid plan 3900 02:32:36,600 --> 02:32:39,300 from Vodafone or as hell or something like that. 3901 02:32:39,300 --> 02:32:40,900 Those are broadcast messages. 3902 02:32:40,900 --> 02:32:43,687 So it's one server that is sending out 3903 02:32:43,687 --> 02:32:47,100 one single message to all the other systems now, 3904 02:32:47,100 --> 02:32:49,196 there's also multicast now. 3905 02:32:49,300 --> 02:32:51,700 The cast is like broadcast 3906 02:32:51,700 --> 02:32:55,000 but selective now multicast is used 3907 02:32:55,000 --> 02:32:58,669 for actually casting yours your screen to multiple people. 3908 02:32:58,669 --> 02:33:00,600 So something like screen share 3909 02:33:00,600 --> 02:33:03,700 and you're doing it with multiple people is multicast 3910 02:33:03,700 --> 02:33:07,169 because you have the option to not show particular computer 3911 02:33:07,169 --> 02:33:09,000 what you are actually sharing. 3912 02:33:09,000 --> 02:33:10,470 So those are three modes 3913 02:33:10,470 --> 02:33:13,303 of addressing unicast broadcast and multicast. 3914 02:33:13,303 --> 02:33:15,948 Okay now moving on let's look into the tool 3915 02:33:15,948 --> 02:33:17,900 that we just used once and UDP. 3916 02:33:17,900 --> 02:33:18,900 That is why sure. 3917 02:33:19,123 --> 02:33:21,276 So what exactly is wash off? 3918 02:33:21,400 --> 02:33:24,548 So this utility called Wireshark is a packet capture. 3919 02:33:24,548 --> 02:33:26,607 Usually meaning that it grabs data. 3920 02:33:26,607 --> 02:33:27,856 That's either going out 3921 02:33:27,856 --> 02:33:30,912 or coming in of a specific Network and there are a number 3922 02:33:30,912 --> 02:33:32,795 of reasons why this may be useful 3923 02:33:32,795 --> 02:33:35,543 or important on the reason why it's really important is 3924 02:33:35,543 --> 02:33:38,124 what's going on in the network is always accurate. 3925 02:33:38,124 --> 02:33:38,914 In other words. 3926 02:33:38,914 --> 02:33:40,597 You can't mess around with things 3927 02:33:40,597 --> 02:33:43,700 once they're on the network or you can't lie about something 3928 02:33:43,700 --> 02:33:46,650 that's actually on the network as compared with applications 3929 02:33:46,650 --> 02:33:47,473 in their logs, 3930 02:33:47,473 --> 02:33:49,357 which can be misleading or inaccurate. 3931 02:33:49,357 --> 02:33:51,700 Or if an attacker gets into an application they 3932 02:33:51,700 --> 02:33:54,769 may be able to alter the logging now several other behaviors 3933 02:33:54,769 --> 02:33:57,361 that make it difficult to see what's really going on 3934 02:33:57,361 --> 02:33:59,058 and the network you can really see 3935 02:33:59,058 --> 02:34:00,000 what's going on. 3936 02:34:00,000 --> 02:34:01,400 Once it hits the wire. 3937 02:34:01,400 --> 02:34:04,498 It's on the wire and you can't change that fact now 3938 02:34:04,498 --> 02:34:05,800 once it hits the wire 3939 02:34:05,800 --> 02:34:08,800 so we're going to do here is a quick packet capture. 3940 02:34:08,800 --> 02:34:11,300 So let me just open up our shop for you guys. 3941 02:34:11,300 --> 02:34:12,634 So as you guys can see 3942 02:34:12,634 --> 02:34:15,000 I have already washed Shock open for us. 3943 02:34:15,000 --> 02:34:17,700 Let me just remove the CDP filter that was there. 3944 02:34:17,700 --> 02:34:19,500 So why shock is Cheering. 3945 02:34:19,500 --> 02:34:22,200 So let's go over the stuff that you can see 3946 02:34:22,200 --> 02:34:25,148 on the screen some important features of our sharks 3947 02:34:25,148 --> 02:34:26,700 so that we can use it later. 3948 02:34:26,700 --> 02:34:27,900 So what I'm doing here 3949 02:34:27,900 --> 02:34:30,349 is a quick packet capture and I'm going to show some 3950 02:34:30,349 --> 02:34:32,200 of the important features of Wireshark 3951 02:34:32,200 --> 02:34:33,850 so that we can use it later on now 3952 02:34:33,850 --> 02:34:36,150 when we're starting to do some more significant work. 3953 02:34:36,150 --> 02:34:38,500 I select the interface that I'm using primarily, 3954 02:34:38,500 --> 02:34:39,600 which is my Wi-Fi, 3955 02:34:39,600 --> 02:34:42,900 and I'm going to be go over here and we'll bring up a Google page 3956 02:34:42,900 --> 02:34:45,300 so that we can see what's happening on the network. 3957 02:34:45,300 --> 02:34:47,600 So let me just quickly open up a Google page 3958 02:34:48,100 --> 02:34:51,200 as you guys can see It's capturing a bunch of data 3959 02:34:51,200 --> 02:34:52,500 that's going on here. 3960 02:34:52,800 --> 02:34:54,700 Let me just open up a Google base 3961 02:34:54,700 --> 02:34:56,900 and that's going to send up some data. 3962 02:34:57,000 --> 02:34:58,100 Let's go back. 3963 02:34:58,100 --> 02:35:00,600 So it's dropping a whole bunch of stuff of the network. 3964 02:35:00,600 --> 02:35:02,902 I'm just going to stop that going to go back 3965 02:35:02,902 --> 02:35:05,900 and go back and take a look at some of the messages here. 3966 02:35:05,900 --> 02:35:07,921 So some of the features of a shock as you can see 3967 02:35:07,921 --> 02:35:09,311 on the top part of the screen. 3968 02:35:09,311 --> 02:35:10,100 It doesn't window 3969 02:35:10,100 --> 02:35:13,147 that says number time Source destination protocol length 3970 02:35:13,147 --> 02:35:15,300 and info and those are all of the packets 3971 02:35:15,300 --> 02:35:18,221 that have been captured in the numbering starting from 1 3972 02:35:18,221 --> 02:35:21,121 and the time I'm has to do with being relative to the point 3973 02:35:21,121 --> 02:35:23,700 that we've started capturing and you'll see the source 3974 02:35:23,700 --> 02:35:25,100 and destination addresses 3975 02:35:25,100 --> 02:35:26,927 and the protocol the length of the packet 3976 02:35:26,927 --> 02:35:28,427 and bytes and some information 3977 02:35:28,427 --> 02:35:30,426 about the packet the bottom of the screen. 3978 02:35:30,426 --> 02:35:32,549 You'll see detailed information about the packet 3979 02:35:32,549 --> 02:35:33,700 that has been selected. 3980 02:35:33,700 --> 02:35:35,500 So suppose I'm sales selecting 3981 02:35:35,500 --> 02:35:38,000 this TCP packet out here so we can go 3982 02:35:38,000 --> 02:35:40,100 through the frames frame also 3983 02:35:40,100 --> 02:35:43,000 has an interface ID is encapsulation type 3984 02:35:43,000 --> 02:35:44,200 and all sorts of information. 3985 02:35:44,200 --> 02:35:46,200 Is there about the frame then we can look 3986 02:35:46,200 --> 02:35:50,000 at the source Port destination Port see Stumble 3987 02:35:50,369 --> 02:35:52,600 the flag said the check sums, 3988 02:35:52,600 --> 02:35:54,948 you can basically check everything about a packet 3989 02:35:54,948 --> 02:35:56,548 because this is a packet analyzer 3990 02:35:56,548 --> 02:35:57,453 and a packet sniffer. 3991 02:35:57,453 --> 02:35:58,100 Now, you'll see 3992 02:35:58,100 --> 02:36:00,144 some detail information about the back of that. 3993 02:36:00,144 --> 02:36:00,900 I'll be selected. 3994 02:36:00,900 --> 02:36:04,300 So I'm going to select so the selected this TCP IP packet. 3995 02:36:04,300 --> 02:36:07,468 We see that in the middle frame and says frame 290. 3996 02:36:07,468 --> 02:36:10,700 It means that it has a 298 lat packet and the packet 3997 02:36:10,700 --> 02:36:15,600 that was capture 66 bites and we grabbed 66 Bisons 528 bit later. 3998 02:36:15,600 --> 02:36:18,200 So you what do you see out here was source 3999 02:36:18,200 --> 02:36:20,500 and the destination In Mac address of the layer 4000 02:36:20,500 --> 02:36:21,200 to layer address 4001 02:36:21,200 --> 02:36:22,900 and then you can see the IP address 4002 02:36:22,900 --> 02:36:24,821 of both source and destination 4003 02:36:24,821 --> 02:36:27,000 and says it's a TCP packet gives us 4004 02:36:27,000 --> 02:36:28,700 a source Port destination port 4005 02:36:28,700 --> 02:36:30,923 and we can start drilling down into different bits 4006 02:36:30,923 --> 02:36:32,373 of the packet and you can see 4007 02:36:32,373 --> 02:36:34,649 when I select a particular section of the packet down 4008 02:36:34,649 --> 02:36:35,999 at the very bottom you can see 4009 02:36:35,999 --> 02:36:37,300 what's actually a hex dump 4010 02:36:37,300 --> 02:36:40,239 of the packet and on the right hand side is the a sky. 4011 02:36:40,239 --> 02:36:41,705 So this is the hex hex dump 4012 02:36:41,705 --> 02:36:43,800 and is the a sky that you're looking at. 4013 02:36:43,800 --> 02:36:45,800 What's really cool about varsha gate is 4014 02:36:45,800 --> 02:36:48,400 it really pulls the packet into it's different layers 4015 02:36:48,400 --> 02:36:49,181 that we have. 4016 02:36:49,181 --> 02:36:51,800 Spoken about the different layers of the OSI 4017 02:36:51,800 --> 02:36:53,338 and the TCP IP model 4018 02:36:53,500 --> 02:36:55,700 and the packets are put into different layers 4019 02:36:55,700 --> 02:36:57,355 and there's a couple of different models 4020 02:36:57,355 --> 02:36:58,720 that we can talk about with that 4021 02:36:58,720 --> 02:37:00,400 but were shocked does really nicely. 4022 02:37:00,400 --> 02:37:02,300 Is it demonstrate those layers for us 4023 02:37:02,300 --> 02:37:03,500 as we can see here. 4024 02:37:03,500 --> 02:37:05,100 It is actually four layers 4025 02:37:05,100 --> 02:37:08,536 and in this particular packet here we can also do something. 4026 02:37:08,536 --> 02:37:10,400 So I've got a Google web request. 4027 02:37:10,400 --> 02:37:14,181 So what I want to do here is I want to filter based on HTTP, 4028 02:37:14,181 --> 02:37:15,400 so I find a filter. 4029 02:37:15,400 --> 02:37:18,300 So let's see if we can do an http. 4030 02:37:19,200 --> 02:37:22,100 And what I see here is says text input 4031 02:37:22,100 --> 02:37:24,022 and it's going to get an image. 4032 02:37:24,022 --> 02:37:25,200 That's a PNG image. 4033 02:37:25,200 --> 02:37:27,335 And this is a request to get the icon 4034 02:37:27,335 --> 02:37:29,835 that's going to be displayed in the address bar. 4035 02:37:29,835 --> 02:37:32,683 So you also see something called our pouch here, 4036 02:37:32,683 --> 02:37:35,007 which I'll be talking about very soon. 4037 02:37:35,007 --> 02:37:38,400 So let's just filtering be done now in the web browser. 4038 02:37:38,400 --> 02:37:41,200 It's a favicon dot Ico that can do here. 4039 02:37:41,200 --> 02:37:43,900 I can select analyze and follow TCP streams. 4040 02:37:43,900 --> 02:37:45,793 You can see all the requests related 4041 02:37:45,793 --> 02:37:47,200 to this particular request 4042 02:37:47,200 --> 02:37:49,100 and it breaks them down very nicely. 4043 02:37:49,100 --> 02:37:51,600 You can see we've sent some requests to Spotify 4044 02:37:51,600 --> 02:37:54,000 because I've been using spotify you actually listen 4045 02:37:54,000 --> 02:37:57,368 to some music then you can see all sorts of stuff. 4046 02:37:57,368 --> 02:38:00,600 Like this was something to some not found place. 4047 02:38:00,700 --> 02:38:03,313 So let's just take the Spotify one and you can see 4048 02:38:03,313 --> 02:38:04,430 that we get a bunch 4049 02:38:04,430 --> 02:38:06,500 of information from the Spotify thing. 4050 02:38:06,500 --> 02:38:09,500 At least you can see the destination The Source, 4051 02:38:09,500 --> 02:38:11,354 it's an Intel core machine. 4052 02:38:11,354 --> 02:38:12,569 So the first part 4053 02:38:12,569 --> 02:38:16,600 of the MAC address the first few digits is lets you tell 4054 02:38:16,600 --> 02:38:21,800 if it's what what is vendor ID so Intel has its own member ID. 4055 02:38:21,800 --> 02:38:26,600 So F 496 probably tells us that it's that's an Intel Core. 4056 02:38:26,600 --> 02:38:29,380 So why shock does this really neat little thing 4057 02:38:29,380 --> 02:38:32,506 that it also tells us from the MAC address what type 4058 02:38:32,506 --> 02:38:34,808 of machine you're sending your packets 4059 02:38:34,808 --> 02:38:36,800 to from the back address itself. 4060 02:38:36,800 --> 02:38:39,080 So it's coming from Sophos foresee 4061 02:38:39,080 --> 02:38:42,600 and going to an Intel Core in the type is ipv4. 4062 02:38:42,600 --> 02:38:44,733 So that was all about Bioshock. 4063 02:38:44,733 --> 02:38:47,900 You can use it extraneously for packet sniffing 4064 02:38:47,900 --> 02:38:49,222 and pack analysis. 4065 02:38:49,222 --> 02:38:51,500 Packet analysis come very handy 4066 02:38:51,500 --> 02:38:54,000 when you're trying to actually figure out 4067 02:38:54,000 --> 02:38:56,100 how to do some stuff like IDs evasion 4068 02:38:56,100 --> 02:38:58,200 where you want to craft your own packets 4069 02:38:58,200 --> 02:39:00,023 and you want to analyze packets 4070 02:39:00,023 --> 02:39:03,200 that are going into the IDS system to see which packets 4071 02:39:03,200 --> 02:39:05,917 are actually getting detected its as some intrusion 4072 02:39:05,917 --> 02:39:08,900 so you can craft your bucket and a relative manner 4073 02:39:08,900 --> 02:39:12,700 so that it doesn't get actually detected by the idea system. 4074 02:39:12,700 --> 02:39:15,500 So this is a very Nifty little tool will be talking about 4075 02:39:15,500 --> 02:39:18,700 how you can craft your own packets just a little while, 4076 02:39:18,700 --> 02:39:21,000 but for now, Now, let's move ahead. 4077 02:39:21,200 --> 02:39:21,900 Okay. 4078 02:39:21,900 --> 02:39:25,294 So now that we're done with our small little introduction 4079 02:39:25,294 --> 02:39:27,696 and a brief views on history of our shop. 4080 02:39:27,696 --> 02:39:30,700 Now, let's move on to our next topic for the video. 4081 02:39:30,700 --> 02:39:31,800 That is DHCP. 4082 02:39:32,000 --> 02:39:32,700 Okay. 4083 02:39:32,700 --> 02:39:35,400 So DHCP is a protocol 4084 02:39:35,400 --> 02:39:38,700 and it stands for dynamic host configuration protocol. 4085 02:39:38,700 --> 02:39:41,301 So DHCP is a network management protocol used 4086 02:39:41,301 --> 02:39:44,183 to dynamically assign an Internet Protocol address 4087 02:39:44,183 --> 02:39:46,000 to any device on the network 4088 02:39:46,000 --> 02:39:49,000 so they can communicate using IP now DHCP. 4089 02:39:49,000 --> 02:39:50,047 Means and centrally 4090 02:39:50,047 --> 02:39:52,927 manages these configurations rather than requiring 4091 02:39:52,927 --> 02:39:56,111 some network administrator to manually assigned IP addresses 4092 02:39:56,111 --> 02:39:57,700 to all the network devices. 4093 02:39:57,700 --> 02:39:59,642 So DHCP can be implemented 4094 02:39:59,642 --> 02:40:04,168 on small or small local networks as well as large Enterprises. 4095 02:40:04,168 --> 02:40:08,100 Now DHCP will assign new IP addresses in each location 4096 02:40:08,100 --> 02:40:10,700 when devices are moved from place to place 4097 02:40:10,700 --> 02:40:13,195 which means Network administrators do not have 4098 02:40:13,195 --> 02:40:15,680 to manually initially configure each device 4099 02:40:15,680 --> 02:40:17,100 with a valid IP address. 4100 02:40:17,200 --> 02:40:21,000 So if device This is a new IP address is moved 4101 02:40:21,000 --> 02:40:23,005 to a new location of the network. 4102 02:40:23,005 --> 02:40:25,696 It doesn't need any sort of reconfiguration. 4103 02:40:25,696 --> 02:40:28,200 So versions of DHCP are available for use 4104 02:40:28,200 --> 02:40:31,200 in Internet Protocol version 4 and Internet Protocol 4105 02:40:31,200 --> 02:40:32,175 version 6 now 4106 02:40:32,175 --> 02:40:36,200 as you see on your screen is a very simplistic diagram 4107 02:40:36,200 --> 02:40:37,500 on how DHCP works. 4108 02:40:37,500 --> 02:40:39,700 So let me just run you down DHCP runs 4109 02:40:39,700 --> 02:40:40,900 at the application layer 4110 02:40:40,900 --> 02:40:42,328 of the TCP IP protocol 4111 02:40:42,328 --> 02:40:45,906 stack to dynamically assign IP addresses to DHCP clients 4112 02:40:45,906 --> 02:40:49,000 and to allocate TCP IP configuration information 4113 02:40:49,000 --> 02:40:50,288 to It's TB clients. 4114 02:40:50,288 --> 02:40:53,774 This includes subnet mask information default gateways 4115 02:40:53,774 --> 02:40:56,800 IP addresses domain name systems and addresses. 4116 02:40:56,800 --> 02:40:59,329 So DHCP is a client-server protocol in which 4117 02:40:59,329 --> 02:41:00,454 servers managed full 4118 02:41:00,454 --> 02:41:01,748 of unique IP addresses 4119 02:41:01,748 --> 02:41:05,000 as well as information about line configuration parameters 4120 02:41:05,000 --> 02:41:08,000 and assign addresses out of those address pools now 4121 02:41:08,000 --> 02:41:11,100 DHCP enabled clients send a request the DHCP server, 4122 02:41:11,100 --> 02:41:13,800 whenever they connect to a network the clients 4123 02:41:13,800 --> 02:41:17,350 configure with DHCP broadcasts a request the DHCP server 4124 02:41:17,350 --> 02:41:18,900 and the request Network. 4125 02:41:18,900 --> 02:41:21,985 In information for local network to which they are attached 4126 02:41:21,985 --> 02:41:23,916 a client typically broadcasts a query 4127 02:41:23,916 --> 02:41:25,800 for this information immediately 4128 02:41:25,800 --> 02:41:28,152 after booting up the DHCP server response 4129 02:41:28,152 --> 02:41:29,460 to the client requests 4130 02:41:29,460 --> 02:41:33,048 by providing IP configuration information previously specified 4131 02:41:33,048 --> 02:41:34,637 by a network administrator. 4132 02:41:34,637 --> 02:41:37,362 Now this includes a specific IP address as well as 4133 02:41:37,362 --> 02:41:38,752 for the time period also 4134 02:41:38,752 --> 02:41:41,400 called Lee's for which the allocation is valid 4135 02:41:41,400 --> 02:41:43,165 when refreshing an assignment 4136 02:41:43,165 --> 02:41:45,600 a DHCP client request the same parameters 4137 02:41:45,600 --> 02:41:48,689 the DHCP server May assign the new IP address based 4138 02:41:48,689 --> 02:41:51,100 on the You said by the administrator now 4139 02:41:51,100 --> 02:41:53,195 a DHCP server manages a record 4140 02:41:53,195 --> 02:41:56,987 of all the IP addresses it allocates to networks nodes. 4141 02:41:56,987 --> 02:42:00,541 If a node is we are located in the network the server 4142 02:42:00,541 --> 02:42:04,300 identifies it using its media Access Control address now 4143 02:42:04,300 --> 02:42:07,676 which prevents accidental configuring multiple devices 4144 02:42:07,676 --> 02:42:11,500 with the same IP address now the sap is not routable protocol 4145 02:42:11,500 --> 02:42:14,300 nor is it a secure one DHCP 4146 02:42:14,300 --> 02:42:16,938 is limited to a specific local area network, 4147 02:42:16,938 --> 02:42:18,830 which means a single DHCP server. 4148 02:42:18,830 --> 02:42:22,200 A pearl an is adequate now larger networks may have a wide 4149 02:42:22,200 --> 02:42:25,559 area network containing multiple individual locations depending 4150 02:42:25,559 --> 02:42:27,726 on the connections between these points 4151 02:42:27,726 --> 02:42:30,057 and the number of clients in each location. 4152 02:42:30,057 --> 02:42:30,557 Multiple. 4153 02:42:30,557 --> 02:42:32,500 DHCP servers can be set up to handle 4154 02:42:32,500 --> 02:42:34,000 the distribution of addresses. 4155 02:42:34,200 --> 02:42:37,100 Now if Network administrators want a DHCP server to provide 4156 02:42:37,100 --> 02:42:40,300 addressing to multiple subnets on and given Network. 4157 02:42:40,300 --> 02:42:43,302 They must configure DHCP relay Services located 4158 02:42:43,302 --> 02:42:45,000 on interconnecting routers 4159 02:42:45,000 --> 02:42:47,200 that DHCP request to have to cross 4160 02:42:47,200 --> 02:42:49,166 these agents relay messages. 4161 02:42:49,166 --> 02:42:50,500 Between DHCP client 4162 02:42:50,500 --> 02:42:55,400 and servers dscp also lacks any built-in mechanism 4163 02:42:55,400 --> 02:42:57,800 that would allow clients and servers to authenticate 4164 02:42:57,800 --> 02:43:01,100 each other both are vulnerable to deception and to attack 4165 02:43:01,100 --> 02:43:04,100 where row clients can exhaust a DHCP servers pool. 4166 02:43:04,100 --> 02:43:04,457 Okay. 4167 02:43:04,457 --> 02:43:06,700 So let's move on to our next topic 4168 02:43:06,700 --> 02:43:08,400 and that is why use DHCP. 4169 02:43:08,400 --> 02:43:09,600 So I just told you 4170 02:43:09,600 --> 02:43:13,174 that DHCP don't really have any sort of authentication 4171 02:43:13,174 --> 02:43:15,344 so it can be folded really easily. 4172 02:43:15,344 --> 02:43:18,200 So what are the advantages of using DHCP 4173 02:43:18,200 --> 02:43:20,900 so The sap offers quite a lot of advantages 4174 02:43:20,900 --> 02:43:23,900 firstly is IP address management a primary advantage 4175 02:43:23,900 --> 02:43:27,633 of dscp is easier management of IP addresses in a network 4176 02:43:27,633 --> 02:43:28,509 with the DHCP. 4177 02:43:28,509 --> 02:43:30,700 You must manually assign IP address, 4178 02:43:30,700 --> 02:43:33,368 you must be careful to assign unique IP addresses 4179 02:43:33,368 --> 02:43:34,089 to each client 4180 02:43:34,089 --> 02:43:36,247 and the configure each client individually 4181 02:43:36,247 --> 02:43:38,300 the client moves to a different network. 4182 02:43:38,300 --> 02:43:41,200 You must make model modifications for that client. 4183 02:43:41,200 --> 02:43:42,684 Now when DHCP is enabled 4184 02:43:42,684 --> 02:43:45,900 the DHCP server manages the assigning of IP addresses 4185 02:43:45,900 --> 02:43:49,057 without the administrators intervention clients. 4186 02:43:49,057 --> 02:43:50,200 And move to other 4187 02:43:50,200 --> 02:43:52,670 subnets without panel country configuration 4188 02:43:52,670 --> 02:43:53,900 because they obtained 4189 02:43:53,900 --> 02:43:56,600 from a DHCP server new client information 4190 02:43:56,600 --> 02:44:00,730 appropriate for the new network now apart from that you can say 4191 02:44:00,730 --> 02:44:01,773 that the hcp also 4192 02:44:01,773 --> 02:44:04,900 provides a centralized Network client configuration. 4193 02:44:04,900 --> 02:44:07,700 It has support for boot TP clients. 4194 02:44:07,700 --> 02:44:10,600 It supports of local clients and remote clients. 4195 02:44:10,600 --> 02:44:12,387 It supports Network booting 4196 02:44:12,387 --> 02:44:15,300 and also it has a support for a large Network 4197 02:44:15,300 --> 02:44:18,200 and not only for sure like small-scale networks, 4198 02:44:18,200 --> 02:44:20,000 but for larger Works as well. 4199 02:44:20,000 --> 02:44:24,100 So that way you see DHCP has a wide array of advantages even 4200 02:44:24,100 --> 02:44:27,000 though it doesn't really have some authentication. 4201 02:44:27,000 --> 02:44:30,300 So because of these advantages DHCP finds widespread use 4202 02:44:30,300 --> 02:44:32,100 in a lot of organizations. 4203 02:44:32,200 --> 02:44:34,700 Okay, so that winds up DHCP for us. 4204 02:44:34,700 --> 02:44:38,100 So let us go into the history of cryptography now. 4205 02:44:38,200 --> 02:44:39,905 So let me give you a brief history 4206 02:44:39,905 --> 02:44:41,631 of cryptography now cryptography 4207 02:44:41,631 --> 02:44:44,600 actually goes back several thousand years before shortly 4208 02:44:44,600 --> 02:44:48,300 after people began to find ways to communicate there are some 4209 02:44:48,300 --> 02:44:51,182 of Who were finding ways to make the understanding 4210 02:44:51,182 --> 02:44:52,800 of that communication difficult 4211 02:44:52,800 --> 02:44:55,100 so that other people couldn't understand 4212 02:44:55,100 --> 02:44:56,000 what was going on. 4213 02:44:56,100 --> 02:44:59,300 And this led to the development of Caesar Cipher 4214 02:44:59,300 --> 02:45:01,238 that was developed by Julius Caesar 4215 02:45:01,238 --> 02:45:03,886 and it's a simple rotation Cipher and by that, 4216 02:45:03,886 --> 02:45:05,700 I mean that you rotate a portion 4217 02:45:05,700 --> 02:45:08,600 of the key in order to generate the algorithm. 4218 02:45:08,600 --> 02:45:10,066 So here's an example. 4219 02:45:10,066 --> 02:45:12,300 We've got two rows of letters and 4220 02:45:12,300 --> 02:45:13,800 that are alphabetical in order 4221 02:45:13,800 --> 02:45:16,785 and means we basically wrecking the alphabets down 4222 02:45:16,785 --> 02:45:19,100 and the second row is shifted by three. 4223 02:45:19,100 --> 02:45:21,400 Letters so Abby is a z actually 4224 02:45:21,400 --> 02:45:24,635 because if you move that way B is a z from the first row 4225 02:45:24,635 --> 02:45:26,700 gets shifted back the second row 4226 02:45:26,700 --> 02:45:29,400 and then the letter D becomes letter C 4227 02:45:29,400 --> 02:45:32,600 the there's that's an example of how encryption works. 4228 02:45:32,600 --> 02:45:35,500 So if you try to encrypt a word like hello, 4229 02:45:35,500 --> 02:45:38,541 it would look completely gibberish after it came 4230 02:45:38,541 --> 02:45:39,900 out of the algorithm. 4231 02:45:39,900 --> 02:45:43,951 So if you count the Letters Out you can see that letter H 4232 02:45:43,951 --> 02:45:46,700 can be translated to little a letter L. 4233 02:45:46,700 --> 02:45:48,000 So that's a Caesar Cipher. 4234 02:45:48,200 --> 02:45:51,229 Now you must Little things like rot13 which means 4235 02:45:51,229 --> 02:45:54,887 that you rotate the 13 letters instead of three letters. 4236 02:45:54,887 --> 02:45:56,900 That's what we can do here again, 4237 02:45:56,900 --> 02:45:59,200 and this is just a simple rotation Cipher 4238 02:45:59,200 --> 02:46:00,824 ourseives the cipher that's 4239 02:46:00,824 --> 02:46:04,190 what of course the rod stands for its rotate or rotation. 4240 02:46:04,190 --> 02:46:06,543 Now coming forward couple thousand years. 4241 02:46:06,543 --> 02:46:08,200 We have the Enigma Cipher now, 4242 02:46:08,200 --> 02:46:11,000 it's important to note that the Enigma is not the word 4243 02:46:11,000 --> 02:46:13,950 given to this particular Cipher by the people who developed it. 4244 02:46:13,950 --> 02:46:16,300 It's actually the word given to it by the people 4245 02:46:16,300 --> 02:46:18,634 who were trying to crack it the Enigma Cipher 4246 02:46:18,634 --> 02:46:19,642 is a German Cipher, 4247 02:46:19,642 --> 02:46:21,300 they develop this Cipher and machine 4248 02:46:21,300 --> 02:46:24,000 that was capable of encrypting and decrypting messages. 4249 02:46:24,000 --> 02:46:25,100 So they could messages 4250 02:46:25,100 --> 02:46:28,000 to and from different battlefields and waterfronts, 4251 02:46:28,000 --> 02:46:29,800 which is similar to the Caesar Cipher 4252 02:46:29,800 --> 02:46:32,678 sees a use it to communicate with his Butterfield generals 4253 02:46:32,678 --> 02:46:33,633 and the same thing. 4254 02:46:33,633 --> 02:46:34,607 We're with the Germans. 4255 02:46:34,607 --> 02:46:36,600 You've got to get messages from headquarter down 4256 02:46:36,600 --> 02:46:38,600 to where the people are actually fighting 4257 02:46:38,600 --> 02:46:40,500 and you don't want it to get intercepted 4258 02:46:40,500 --> 02:46:41,800 in between by the enemy. 4259 02:46:41,800 --> 02:46:43,443 So therefore you use encryption 4260 02:46:43,443 --> 02:46:45,618 and lots of energy was spent by the allies 4261 02:46:45,618 --> 02:46:49,000 and in particular the British trying to decrypt the messages. 4262 02:46:49,000 --> 02:46:50,582 One of the first instances 4263 02:46:50,582 --> 02:46:51,800 that we are aware of 4264 02:46:51,800 --> 02:46:54,732 where machine was used to do the actual encryption 4265 02:46:54,732 --> 02:46:58,320 and we're going to come ahead a few decades now into the 1970s 4266 02:46:58,320 --> 02:46:59,320 where it was felt 4267 02:46:59,320 --> 02:47:02,200 that there was a need for a digital encryption standard. 4268 02:47:02,200 --> 02:47:04,300 Now the National Institute of Standards 4269 02:47:04,300 --> 02:47:07,300 and technology is responsible for that sort of thing. 4270 02:47:07,300 --> 02:47:11,000 So they put out a proposal for this digital encryption standard 4271 02:47:11,000 --> 02:47:12,564 and an encryption algorithm. 4272 02:47:12,564 --> 02:47:14,800 What ended up happening was IBM came up 4273 02:47:14,800 --> 02:47:16,415 with this encryption algorithm 4274 02:47:16,415 --> 02:47:18,358 that was based on the Lucifer Cipher 4275 02:47:18,358 --> 02:47:21,800 that it was one of their people had been working on on a couple 4276 02:47:21,800 --> 02:47:24,500 of years previously in 1974 4277 02:47:24,800 --> 02:47:26,500 and they put this proposal together 4278 02:47:26,500 --> 02:47:28,100 based on the Lucifer Cipher 4279 02:47:28,100 --> 02:47:29,700 and in 1977 that proposal 4280 02:47:29,700 --> 02:47:31,935 for an encryption algorithm was the one 4281 02:47:31,935 --> 02:47:34,866 that was chosen to be the digital encryption standard. 4282 02:47:34,866 --> 02:47:37,300 And so that came to be known as Des over time 4283 02:47:37,300 --> 02:47:38,588 and it became apparent 4284 02:47:38,588 --> 02:47:40,000 that there was a problem 4285 02:47:40,000 --> 02:47:43,563 with this and that was it only had a 56 bit key size 4286 02:47:43,563 --> 02:47:45,100 and while in the 1970s 4287 02:47:45,100 --> 02:47:46,800 that was considered adequate to defend 4288 02:47:46,800 --> 02:47:49,100 against brute forcing and breaking of course. 4289 02:47:49,100 --> 02:47:49,900 By 1990s. 4290 02:47:49,900 --> 02:47:52,700 It was no longer considered adequate and there was a need 4291 02:47:52,700 --> 02:47:55,600 for something more and it took time to develop something 4292 02:47:55,600 --> 02:47:58,423 that would last long for some long period of time 4293 02:47:58,423 --> 02:48:00,900 and so in the meantime a stopgap has developed 4294 02:48:00,900 --> 02:48:02,000 and this stopgap is 4295 02:48:02,000 --> 02:48:03,400 what we call the triple Des. 4296 02:48:03,400 --> 02:48:05,554 The reason it's called triple Des is 4297 02:48:05,554 --> 02:48:09,051 you apply the Des algorithm three times in different ways 4298 02:48:09,051 --> 02:48:12,300 and you use three different keys in order to do that. 4299 02:48:12,300 --> 02:48:16,411 So here's how triple Des Works your first 56 bit key is used 4300 02:48:16,411 --> 02:48:18,200 to encrypt the plain text just 4301 02:48:18,200 --> 02:48:19,200 like you would do 4302 02:48:19,200 --> 02:48:21,458 with the standard digital encryption standard 4303 02:48:21,458 --> 02:48:24,700 algorithm but changes and you take that Cipher text 4304 02:48:24,700 --> 02:48:27,185 that's returned from the first round of encryption 4305 02:48:27,185 --> 02:48:30,078 and you apply the decryption algorithm to the cipher text. 4306 02:48:30,078 --> 02:48:31,723 However, the key thing to note is 4307 02:48:31,723 --> 02:48:34,900 that you don't use the key that you use to encrypt you. 4308 02:48:34,900 --> 02:48:36,700 Don't use the first key to decrypt 4309 02:48:36,700 --> 02:48:39,100 because otherwise you'll get the plain text back. 4310 02:48:39,100 --> 02:48:40,950 So what you do is you use a second key 4311 02:48:40,950 --> 02:48:42,249 with the decryption algorithm 4312 02:48:42,249 --> 02:48:44,249 against the cipher text from the first round. 4313 02:48:44,249 --> 02:48:45,900 So now you've got some Cipher text 4314 02:48:45,900 --> 02:48:48,582 that has been encrypted with one key and decrypt it 4315 02:48:48,582 --> 02:48:51,396 with Second key and we take the cipher text from that 4316 02:48:51,396 --> 02:48:54,001 and we apply a turkey using the encryption portion 4317 02:48:54,001 --> 02:48:56,578 of the algorithm to that Cipher encryption portion 4318 02:48:56,578 --> 02:48:58,962 of the algorithm to that ciphertext to receive 4319 02:48:58,962 --> 02:49:02,223 a whole new set of ciphertext obviously to do the decryption. 4320 02:49:02,223 --> 02:49:03,400 You do the third key 4321 02:49:03,400 --> 02:49:06,400 and decrypt it with the second key you encrypt it. 4322 02:49:06,400 --> 02:49:08,687 And then with the first key you decrypt it. 4323 02:49:08,687 --> 02:49:10,275 And so you do reverse order 4324 02:49:10,275 --> 02:49:13,600 and the reverse algorithm at each step to apply triple Des. 4325 02:49:13,600 --> 02:49:17,400 So we get an effective key size of about one sixty eight bits, 4326 02:49:17,400 --> 02:49:20,300 but it's still only X bits at a time. 4327 02:49:20,300 --> 02:49:22,300 Now I said triple Des was only a stopgap. 4328 02:49:22,300 --> 02:49:23,700 What we were really looking 4329 02:49:23,700 --> 02:49:26,600 for was Advanced encryption standard once again 4330 02:49:26,800 --> 02:49:29,100 and niste requested proposals 4331 02:49:29,100 --> 02:49:32,100 so that they could replace the digital encryption standard 4332 02:49:32,100 --> 02:49:35,650 in 2001 after several thousands of looking for algorithms 4333 02:49:35,650 --> 02:49:38,287 and looking them over getting them evaluated 4334 02:49:38,287 --> 02:49:41,600 and getting them looked into this selected an algorithm 4335 02:49:41,600 --> 02:49:44,358 and it was put together by a couple of mathematicians. 4336 02:49:44,358 --> 02:49:45,770 The algorithm was called 4337 02:49:45,770 --> 02:49:49,100 rijndael and that became the advanced encryption standard. 4338 02:49:49,100 --> 02:49:51,618 Or AES, it's one of the most advantages 4339 02:49:51,618 --> 02:49:54,855 of AES is it supports multiple key lens currently 4340 02:49:54,855 --> 02:49:56,793 what you'll typically see is 4341 02:49:56,793 --> 02:49:58,825 as we are using 128-bit keys. 4342 02:49:58,825 --> 02:50:01,430 However, AES supports up to 256 bit key. 4343 02:50:01,430 --> 02:50:02,908 So if we get the point 4344 02:50:02,908 --> 02:50:06,486 where 128-bit isn't enough we can move all the way up 4345 02:50:06,486 --> 02:50:08,500 to 256 bits of keying material. 4346 02:50:08,500 --> 02:50:10,800 So cryptography has a really long history. 4347 02:50:10,800 --> 02:50:11,370 Currently. 4348 02:50:11,370 --> 02:50:12,900 We are in a state where we 4349 02:50:12,900 --> 02:50:16,058 have a reasonably stable encryption standard and AES, 4350 02:50:16,058 --> 02:50:18,176 but the history of cryptography shows 4351 02:50:18,176 --> 02:50:19,308 that with Every set 4352 02:50:19,308 --> 02:50:22,500 of encryption eventually people find a way to crack it. 4353 02:50:22,500 --> 02:50:22,874 Okay. 4354 02:50:22,874 --> 02:50:26,100 So that was a brief history of cryptography. 4355 02:50:26,100 --> 02:50:26,600 Now. 4356 02:50:26,600 --> 02:50:29,300 What I want to do is let's go over 4357 02:50:29,300 --> 02:50:33,000 and talk about a yes triple des and Des in themselves 4358 02:50:33,000 --> 02:50:36,000 because they are some really key cryptography 4359 02:50:36,000 --> 02:50:37,500 key moments in history 4360 02:50:37,500 --> 02:50:40,030 because there's some really key historic moments 4361 02:50:40,030 --> 02:50:41,700 in the history of cryptography. 4362 02:50:41,700 --> 02:50:42,678 Now, we're going to talk 4363 02:50:42,678 --> 02:50:44,921 about the different types of cryptography key ciphers 4364 02:50:44,921 --> 02:50:46,000 and primarily we're going 4365 02:50:46,000 --> 02:50:48,700 to be talking about this triple des and AES now. 4366 02:50:48,700 --> 02:50:50,900 This is the digital encryption standard. 4367 02:50:50,900 --> 02:50:53,200 It was developed by IBM in the 1970s. 4368 02:50:53,200 --> 02:50:55,700 And originally it was cryptography Cipher 4369 02:50:55,700 --> 02:50:56,700 named Lucifer 4370 02:50:56,700 --> 02:50:59,500 and after some modifications IBM proposed it as 4371 02:50:59,500 --> 02:51:01,124 digital encryption standard 4372 02:51:01,124 --> 02:51:04,241 and it was selected by the digital encryption standard 4373 02:51:04,241 --> 02:51:06,423 ever since then it's been known as dis. 4374 02:51:06,423 --> 02:51:07,187 Now one thing 4375 02:51:07,187 --> 02:51:09,335 that cost a little bit of controversy was 4376 02:51:09,335 --> 02:51:11,061 during the process of selection 4377 02:51:11,061 --> 02:51:13,900 and it's a requested some changes and it hasn't been 4378 02:51:13,900 --> 02:51:17,100 particularly clear but changes were requested by the NSA. 4379 02:51:17,100 --> 02:51:19,300 There has been some speculation that wondered 4380 02:51:19,300 --> 02:51:20,800 if the NSA was requesting 4381 02:51:20,800 --> 02:51:23,600 a back door into this digital encryption standard 4382 02:51:23,600 --> 02:51:25,100 which would allow them to look 4383 02:51:25,100 --> 02:51:26,800 at encrypted messages in the clear. 4384 02:51:26,800 --> 02:51:29,200 So basically it would always give the NSA 4385 02:51:29,200 --> 02:51:31,900 the ability to decrypt DS encrypted messages. 4386 02:51:31,900 --> 02:51:34,600 It remained the encryption standard for the next couple 4387 02:51:34,600 --> 02:51:35,847 of decades or so. 4388 02:51:35,847 --> 02:51:38,493 So what is this and how does it work? 4389 02:51:38,500 --> 02:51:39,000 Basically? 4390 02:51:39,000 --> 02:51:42,200 It uses 56-bit Keys rather than the stream Cipher. 4391 02:51:42,200 --> 02:51:46,700 It's a block Cipher and it uses a 64-bit blocks and a 1998 - 4392 02:51:46,700 --> 02:51:48,727 was effectively broken when a desk 4393 02:51:48,727 --> 02:51:50,182 If the message was cracked 4394 02:51:50,182 --> 02:51:52,145 and three days a year later a network 4395 02:51:52,145 --> 02:51:53,400 of ten thousand systems 4396 02:51:53,400 --> 02:51:55,700 around the world crack the best encrypted message 4397 02:51:55,700 --> 02:51:56,600 in less than a day 4398 02:51:56,600 --> 02:51:57,900 and it's just gotten worse 4399 02:51:57,900 --> 02:52:01,300 since then with modern computing power being what it is 4400 02:52:01,300 --> 02:52:03,300 since this was actually created 4401 02:52:03,300 --> 02:52:05,535 we already have come to the realization 4402 02:52:05,535 --> 02:52:07,500 that we needed something else. 4403 02:52:07,500 --> 02:52:10,000 So Along Came triple Des 4404 02:52:10,000 --> 02:52:13,050 now triple DES isn't three times the strength 4405 02:52:13,050 --> 02:52:15,172 of desk necessarily it applies. 4406 02:52:15,172 --> 02:52:18,800 There's just three times and what I mean by that is is 4407 02:52:18,800 --> 02:52:21,952 what we do is we take a plain text message then let's call 4408 02:52:21,952 --> 02:52:25,600 that P and we are going to use a key called K 1 and we're going 4409 02:52:25,600 --> 02:52:28,350 to use that key to encrypt a message and use a key 4410 02:52:28,350 --> 02:52:29,800 that will be will call K1 4411 02:52:29,800 --> 02:52:32,446 and we're going to use that to encrypt the message 4412 02:52:32,446 --> 02:52:34,745 and that's going to result in the ciphertext 4413 02:52:34,745 --> 02:52:36,400 and we will call the c 1 so c 1 4414 02:52:36,400 --> 02:52:38,500 the output of the first round of encryption. 4415 02:52:38,500 --> 02:52:40,700 We're going to apply a second key and we'll call 4416 02:52:40,700 --> 02:52:42,300 that K2 with that second key 4417 02:52:42,300 --> 02:52:44,900 and we're going to go through a decryption process 4418 02:52:44,900 --> 02:52:45,600 on see one 4419 02:52:45,600 --> 02:52:46,850 since it's the wrong key. 4420 02:52:46,850 --> 02:52:48,850 We're not going to get plain text out on the 4421 02:52:48,850 --> 02:52:51,700 And what we're going to get is another round of ciphertext 4422 02:52:51,700 --> 02:52:54,533 and we will call this c 2 what we do with c 2. 4423 02:52:54,533 --> 02:52:57,800 We are going to apply a third key and we will call this K 3 4424 02:52:57,800 --> 02:53:00,100 and we're going to encrypt ciphertext c 2 4425 02:53:00,100 --> 02:53:03,000 and that's going to result in another round the ciphertext 4426 02:53:03,000 --> 02:53:04,409 and we will call that c 3. 4427 02:53:04,409 --> 02:53:07,500 So we have 3 different Keys applied in two different ways. 4428 02:53:07,500 --> 02:53:10,900 So with Chi 1 and Chi 3 we do a round of encryption 4429 02:53:10,900 --> 02:53:13,450 and with key to we do a round of decryption. 4430 02:53:13,450 --> 02:53:15,800 So it's an encrypted Crypt and crypt process 4431 02:53:15,800 --> 02:53:18,800 with separate keys while that doesn't really healed. 4432 02:53:18,800 --> 02:53:21,917 A full 168 bit key size the three rounds of encryption 4433 02:53:21,917 --> 02:53:25,400 yields an effective key size of a hundred and sixty eight bits 4434 02:53:25,400 --> 02:53:28,300 because you have to find 356 bit keys. 4435 02:53:28,300 --> 02:53:31,541 So speaking of that technical detail for triple Des. 4436 02:53:31,541 --> 02:53:35,100 We're still using the test block Cipher with 56-bit keys. 4437 02:53:35,100 --> 02:53:37,300 But since we've got three different Keys, 4438 02:53:37,300 --> 02:53:39,800 we get an effective length of around 160 8. 4439 02:53:39,800 --> 02:53:42,900 Bits triple Des was really just a stopgap measure. 4440 02:53:42,900 --> 02:53:45,886 We knew that if test could be broken triple desk 4441 02:53:45,886 --> 02:53:49,000 surely we broke in with just some more time again. 4442 02:53:49,000 --> 02:53:52,451 And so the nest was trying to request a standard 4443 02:53:52,451 --> 02:53:53,759 that was in 1999. 4444 02:53:53,759 --> 02:53:56,900 And in 2001 this published an algorithm 4445 02:53:56,900 --> 02:53:59,256 that was called a s so this algorithm 4446 02:53:59,256 --> 02:54:00,482 that was originally 4447 02:54:00,482 --> 02:54:03,000 called rijndael was published by nist as 4448 02:54:03,000 --> 02:54:06,300 advanced encryption standard some technical specifications 4449 02:54:06,300 --> 02:54:07,600 about a s is 4450 02:54:07,600 --> 02:54:09,800 that the original drained all album specified 4451 02:54:09,800 --> 02:54:11,700 variable block sizes and key lengths 4452 02:54:11,700 --> 02:54:13,723 and as long as those lock sizes 4453 02:54:13,723 --> 02:54:16,400 and key lengths were multiples of 32 bits. 4454 02:54:16,400 --> 02:54:18,100 So 32 64 96, 4455 02:54:18,100 --> 02:54:21,915 and so On you could use those block sizes and key lens 4456 02:54:21,915 --> 02:54:23,500 when a s was published 4457 02:54:23,500 --> 02:54:26,200 a specified a fixed 128-bit block size 4458 02:54:26,200 --> 02:54:26,900 and key length 4459 02:54:26,900 --> 02:54:31,000 of 128 192 and 256 a yes with three different key lengths 4460 02:54:31,000 --> 02:54:32,328 but one block size and 4461 02:54:32,328 --> 02:54:36,000 that's a little bit of detail about desk triple des and AES. 4462 02:54:36,000 --> 02:54:37,600 So when a s was published 4463 02:54:37,600 --> 02:54:40,300 a specified fixed 128-bit block size 4464 02:54:40,400 --> 02:54:44,300 and a key length of 128 192 and 256 bits. 4465 02:54:44,400 --> 02:54:47,338 So we've got with a S3 different key lens, 4466 02:54:47,338 --> 02:54:48,700 but one block size. 4467 02:54:48,700 --> 02:54:50,200 And that was a little bit 4468 02:54:50,200 --> 02:54:54,363 of detail about this triple des and AES will use some of these 4469 02:54:54,363 --> 02:54:57,842 and doing some Hands-On work and the subsequent part 4470 02:54:57,842 --> 02:54:58,700 of this video. 4471 02:54:58,700 --> 02:54:59,000 Okay. 4472 02:54:59,000 --> 02:55:01,232 So now that I've given you a brief history 4473 02:55:01,232 --> 02:55:03,900 of how we have reached to the encryption standards 4474 02:55:03,900 --> 02:55:05,350 that we're following today. 4475 02:55:05,350 --> 02:55:07,500 That is the advanced encryption standard. 4476 02:55:07,500 --> 02:55:08,441 Let's go ahead 4477 02:55:08,441 --> 02:55:12,397 and talk a little bit more about this triple des and AES. 4478 02:55:12,397 --> 02:55:15,065 So this is a digital encryption standard. 4479 02:55:15,065 --> 02:55:18,600 It was developed by IBM in the 1970s and originally it 4480 02:55:18,600 --> 02:55:21,000 it was a cryptographer xi4 named Lucifer 4481 02:55:21,000 --> 02:55:23,771 and after some modifications IBM proposed it as 4482 02:55:23,771 --> 02:55:25,500 the digital encryption standard. 4483 02:55:25,500 --> 02:55:28,100 It was selected to be the digital encryption standard 4484 02:55:28,100 --> 02:55:31,106 and ever since then it's been known as Tes 4485 02:55:31,106 --> 02:55:32,500 or deaths one thing 4486 02:55:32,500 --> 02:55:34,763 that caused a little bit of controversy was 4487 02:55:34,763 --> 02:55:38,182 during the process of selection the NSA requested some changes 4488 02:55:38,182 --> 02:55:40,206 and it hasn't been particularly clear 4489 02:55:40,206 --> 02:55:42,441 what changes were requested by the NSA. 4490 02:55:42,441 --> 02:55:45,500 There has been some sort of speculation that wondered 4491 02:55:45,500 --> 02:55:48,600 if the NSA was requesting a back door into this. 4492 02:55:48,600 --> 02:55:49,900 It'll encryption standard 4493 02:55:49,900 --> 02:55:52,597 which would allow them to look at encrypted messages 4494 02:55:52,597 --> 02:55:53,361 in the clear. 4495 02:55:53,361 --> 02:55:55,600 So basically it would always give the NSA 4496 02:55:55,600 --> 02:55:58,200 the ability to decrypt this encrypted messages. 4497 02:55:58,200 --> 02:56:00,900 It Remains the encryption standard for the next couple 4498 02:56:00,900 --> 02:56:02,300 of decades or so. 4499 02:56:02,400 --> 02:56:05,204 And what is this and how does it work now 4500 02:56:05,204 --> 02:56:08,500 tests Remain the digital standard for encryption 4501 02:56:08,500 --> 02:56:10,448 for the next couple of decades. 4502 02:56:10,448 --> 02:56:12,900 So what does it do and how does it work? 4503 02:56:12,900 --> 02:56:14,366 So basically it uses 4504 02:56:14,366 --> 02:56:17,225 a 56 bit key rather than a stream Cipher. 4505 02:56:17,225 --> 02:56:21,300 It's a block Cipher and it uses 64-bit blocks and in 1998, 4506 02:56:21,300 --> 02:56:23,465 if you know there's was effectively broken 4507 02:56:23,465 --> 02:56:26,159 when a des encrypted message was cracked in three days 4508 02:56:26,159 --> 02:56:28,605 and then a year later a network of 10,000 systems 4509 02:56:28,605 --> 02:56:31,000 around the world crack the Des encrypted message 4510 02:56:31,000 --> 02:56:32,000 unless and a day 4511 02:56:32,000 --> 02:56:33,464 and it's just gotten worse 4512 02:56:33,464 --> 02:56:36,700 since then with modern Computing being what it is today. 4513 02:56:36,700 --> 02:56:39,117 Now since this was created 4514 02:56:39,117 --> 02:56:41,964 and broken we knew we needed something 4515 02:56:42,000 --> 02:56:45,778 and what came in between Advanced encryption standards 4516 02:56:45,778 --> 02:56:48,000 and this is triple Des now triple 4517 02:56:48,000 --> 02:56:51,647 Des is Three times the strength of this necessarily it's really 4518 02:56:51,647 --> 02:56:53,263 there's applied three times 4519 02:56:53,263 --> 02:56:56,600 and what I mean by that is we take a plain text message, 4520 02:56:56,600 --> 02:56:57,376 then let's call 4521 02:56:57,376 --> 02:56:59,688 that P and we are going to use a key called K 4522 02:56:59,688 --> 02:57:02,613 1 and we're going to use that key to encrypt the message 4523 02:57:02,613 --> 02:57:05,059 and that's going to result in the ciphertext one. 4524 02:57:05,059 --> 02:57:07,400 So we'll call that C1 now c 1 is the output 4525 02:57:07,400 --> 02:57:08,858 of the first round of encryption 4526 02:57:08,858 --> 02:57:11,000 and we're going to apply a second key called key 4527 02:57:11,000 --> 02:57:13,093 to and with that second piggy. 4528 02:57:13,093 --> 02:57:17,000 We are going to go through a decryption process on C1 now 4529 02:57:17,000 --> 02:57:18,600 since it's the wrong key we are. 4530 02:57:18,600 --> 02:57:21,332 Not going to get the plain text out of the decryption process 4531 02:57:21,332 --> 02:57:22,240 on the other end. 4532 02:57:22,240 --> 02:57:24,595 We are going to get another round of ciphertext 4533 02:57:24,595 --> 02:57:26,900 and we're going to call that c 2 now with c 2. 4534 02:57:26,900 --> 02:57:29,100 We are going to apply a third key and we are going 4535 02:57:29,100 --> 02:57:32,177 to call that K 3 and we're going to encrypt ciphertext c 2 4536 02:57:32,177 --> 02:57:34,509 and that's going to result in ciphertext C 3 4537 02:57:34,509 --> 02:57:37,600 so we have 3 different Keys applied in two different ways. 4538 02:57:37,600 --> 02:57:41,926 So what Chi 1 Chi 3 we do around of encryption with key to we do 4539 02:57:41,926 --> 02:57:43,300 around a decryption. 4540 02:57:43,300 --> 02:57:46,845 So it's basically an unencrypted decrypt encrypted process 4541 02:57:46,845 --> 02:57:48,400 with three separate keys, 4542 02:57:48,400 --> 02:57:51,861 but It does really is it doesn't really healed 4543 02:57:51,861 --> 02:57:53,353 a 168 bit key size 4544 02:57:53,353 --> 02:57:57,200 because ineffectiveness it's basically 256-bit keys 4545 02:57:57,200 --> 02:57:59,200 that are being used to race it 4546 02:57:59,200 --> 02:58:01,300 whether it be three different keys. 4547 02:58:01,300 --> 02:58:02,600 So ineffectiveness, 4548 02:58:02,600 --> 02:58:05,270 you could say that it's the 168 bit key, 4549 02:58:05,270 --> 02:58:09,000 but it is not the same strength because people realize 4550 02:58:09,000 --> 02:58:11,058 that triple Des can be easily broken 4551 02:58:11,058 --> 02:58:12,475 because if this is broken, 4552 02:58:12,475 --> 02:58:15,200 you can do the same thing with three different ways 4553 02:58:15,200 --> 02:58:17,084 whether whatever key that you use 4554 02:58:17,084 --> 02:58:18,790 so it just takes longer time. 4555 02:58:18,790 --> 02:58:20,600 To decrypt if you don't know the tree 4556 02:58:20,600 --> 02:58:22,900 and if you are just using a Brute Force attack, 4557 02:58:22,900 --> 02:58:25,000 you know that triple Des can be broken 4558 02:58:25,000 --> 02:58:26,500 if this can be broken. 4559 02:58:26,500 --> 02:58:30,800 So triple Des was literally a stop gap between Des and AES 4560 02:58:30,800 --> 02:58:32,000 because people knew 4561 02:58:32,000 --> 02:58:35,200 that we needed something more than triple des and for 4562 02:58:35,200 --> 02:58:36,100 this the NISD 4563 02:58:36,100 --> 02:58:38,100 or the National Institute of Standards 4564 02:58:38,100 --> 02:58:40,100 and technology in 2001. 4565 02:58:40,100 --> 02:58:43,100 They chose a s as the algorithm 4566 02:58:43,100 --> 02:58:46,100 that is now called Advanced encryption algorithm. 4567 02:58:46,100 --> 02:58:48,600 So it was originally called the rijndael algorithm. 4568 02:58:49,100 --> 02:58:52,200 And the main thing about the rijndael algorithm 4569 02:58:52,200 --> 02:58:54,500 and advanced encryption standard algorithm. 4570 02:58:54,500 --> 02:58:55,712 Is that the rijndael 4571 02:58:55,712 --> 02:58:58,300 algorithm specifically States in its papers 4572 02:58:58,300 --> 02:59:00,317 that it has available block size 4573 02:59:00,317 --> 02:59:03,070 and available key size as long as they are 4574 02:59:03,070 --> 02:59:04,300 in multiples of 32. 4575 02:59:04,300 --> 02:59:07,200 So 32 6496 like that. 4576 02:59:07,200 --> 02:59:09,500 But what AES does differently is 4577 02:59:09,500 --> 02:59:11,100 that it gives you one block size 4578 02:59:11,100 --> 02:59:14,900 that is 128 bits and gives you three different key sizes 4579 02:59:14,900 --> 02:59:17,900 that is 128 192 and 256. 4580 02:59:17,900 --> 02:59:20,321 So with AES three different key lens, 4581 02:59:20,321 --> 02:59:21,600 but one block size. 4582 02:59:21,600 --> 02:59:26,441 Okay, so that was a little bit more information on a yes this 4583 02:59:26,441 --> 02:59:27,517 and triple des 4584 02:59:27,600 --> 02:59:29,900 and we are going to be using this information 4585 02:59:29,900 --> 02:59:32,800 in some subsequent lessons Okay now moving on. 4586 02:59:32,800 --> 02:59:33,137 Okay. 4587 02:59:33,137 --> 02:59:36,487 So now that we've discussed the different history of 4588 02:59:36,487 --> 02:59:40,100 cryptography and more important cryptography algorithms. 4589 02:59:40,100 --> 02:59:42,400 Let's discuss the different types of cryptography. 4590 02:59:42,400 --> 02:59:44,500 Now, the first type of cryptography I'm going to talk 4591 02:59:44,500 --> 02:59:48,000 about is symmetric cryptography and by symmetric cryptography, 4592 02:59:48,000 --> 02:59:51,000 I mean Key is the same for encrypting or decrypting. 4593 02:59:51,000 --> 02:59:52,400 So I use the same key 4594 02:59:52,400 --> 02:59:55,800 whether I am encrypting the data or decrypting data. 4595 02:59:55,800 --> 02:59:58,508 Well things about symmetric key cryptography is 4596 02:59:58,508 --> 03:00:00,500 that the use a shorter key length then 4597 03:00:00,500 --> 03:00:02,004 for asymmetric cryptography, 4598 03:00:02,004 --> 03:00:04,100 which I'll get into a couple of minutes. 4599 03:00:04,100 --> 03:00:06,276 It's also faster than a symmetric 4600 03:00:06,276 --> 03:00:09,200 and you can use algorithms like d EAS or a s 4601 03:00:09,200 --> 03:00:12,500 as those are both symmetric key cryptography algorithms 4602 03:00:12,500 --> 03:00:15,100 and you can use a utility like a a script. 4603 03:00:15,100 --> 03:00:16,344 Let me just demonstrate 4604 03:00:16,344 --> 03:00:18,400 how a symmetric key cryptography works. 4605 03:00:18,400 --> 03:00:21,600 So for this we can use a tool called a a script. 4606 03:00:21,600 --> 03:00:24,992 So in a a script is actually available for Linux 4607 03:00:24,992 --> 03:00:27,400 and Windows and Mac all the systems. 4608 03:00:27,400 --> 03:00:28,400 So I'm using it 4609 03:00:28,400 --> 03:00:31,100 on the Windows one and I'm using the console version. 4610 03:00:31,100 --> 03:00:32,700 So first of all, 4611 03:00:32,700 --> 03:00:35,600 I have a text file called text or txt. 4612 03:00:35,600 --> 03:00:37,200 So let me just show that to you. 4613 03:00:37,200 --> 03:00:38,700 So we as you guys can see 4614 03:00:38,700 --> 03:00:42,600 I have this thing called text up txt now to do text or txt. 4615 03:00:42,600 --> 03:00:45,900 All I let me just show what x dot txt contains. 4616 03:00:45,900 --> 03:00:48,600 So as you guys can see it has a sentence. 4617 03:00:48,600 --> 03:00:50,562 The quick brown fox jumped over the lazy dog. 4618 03:00:50,562 --> 03:00:51,450 So that's the sentence 4619 03:00:51,450 --> 03:00:54,300 that has all the alphabets in the English language rather. 4620 03:00:54,300 --> 03:00:56,810 So now we are going to try and encrypt it 4621 03:00:56,810 --> 03:00:58,982 so we can use something like a SIDS 4622 03:00:58,982 --> 03:01:00,259 because both of them 4623 03:01:00,259 --> 03:01:03,900 are symmetric key ciphers symmetric key algorithms rather. 4624 03:01:03,900 --> 03:01:06,561 So we are using AES in this case. 4625 03:01:06,561 --> 03:01:09,638 So what we're going to do is say s script 4626 03:01:09,700 --> 03:01:10,887 I'm going to encrypt it 4627 03:01:10,887 --> 03:01:12,900 and we're going to give you the password 4628 03:01:12,900 --> 03:01:15,400 of let's say Pokemon. 4629 03:01:15,400 --> 03:01:18,000 We're going to call it Pokémon and regarding 4630 03:01:18,300 --> 03:01:20,500 do Do text Dot txt. 4631 03:01:20,500 --> 03:01:22,281 We're gonna encrypt that file. 4632 03:01:22,281 --> 03:01:24,300 So now we have encrypted that file. 4633 03:01:24,300 --> 03:01:26,982 Let's go see we must be having a new file. 4634 03:01:26,982 --> 03:01:29,600 So this is called text or txt that a yes. 4635 03:01:29,600 --> 03:01:31,100 So that is our encrypted file. 4636 03:01:31,100 --> 03:01:34,405 And this is what we would generally send over the network 4637 03:01:34,405 --> 03:01:36,300 if we are sending it to anybody. 4638 03:01:36,300 --> 03:01:38,739 So let's assume the person who's received. 4639 03:01:38,739 --> 03:01:41,300 It also knows our encryption algorithm. 4640 03:01:41,300 --> 03:01:43,535 I mean encryption algorithm and the key 4641 03:01:43,535 --> 03:01:44,803 that goes along with it. 4642 03:01:44,803 --> 03:01:47,563 So let's try to decrypt it now now before I decrypted, 4643 03:01:47,563 --> 03:01:50,373 let me just show you What an encrypted message looks 4644 03:01:50,373 --> 03:01:51,200 like so this is 4645 03:01:51,200 --> 03:01:56,600 what the ciphertext look like a snow text Dot txt. 4646 03:01:56,600 --> 03:01:57,900 The AES. 4647 03:01:57,900 --> 03:01:58,700 So yeah, 4648 03:01:58,700 --> 03:02:01,299 as you guys can see the windows control control 4649 03:02:01,299 --> 03:02:02,300 you she'd everything 4650 03:02:02,300 --> 03:02:06,400 but if I were to go here I will just go into the file 4651 03:02:06,500 --> 03:02:11,600 and just ever notepad plus plus you'll see 4652 03:02:11,600 --> 03:02:13,900 that it's a bunch of crap. 4653 03:02:13,900 --> 03:02:17,616 You really can't make out anything what is being made? 4654 03:02:17,616 --> 03:02:18,557 Here we come. 4655 03:02:18,557 --> 03:02:20,007 Really decipher much. 4656 03:02:20,007 --> 03:02:22,800 So that's the point of using encryption. 4657 03:02:22,800 --> 03:02:24,600 Now if you were to decrypted, 4658 03:02:24,600 --> 03:02:27,800 all you have to do is a script we turned the crib. 4659 03:02:27,800 --> 03:02:30,723 We're trying to give the password is going to be 4660 03:02:30,723 --> 03:02:32,900 what was the password Pokémon I'll K 4661 03:02:32,900 --> 03:02:37,700 so and we're going to try and create text txt. 4662 03:02:37,700 --> 03:02:39,100 The AES. 4663 03:02:39,500 --> 03:02:41,300 Let's dir that again. 4664 03:02:41,800 --> 03:02:44,705 Okay, so that just the crypts are message for us. 4665 03:02:44,705 --> 03:02:45,310 So this is 4666 03:02:45,310 --> 03:02:48,700 how you would use a script for encryption and decryption. 4667 03:02:48,700 --> 03:02:50,400 So that just description and that's 4668 03:02:50,400 --> 03:02:53,000 how you would use symmetric key encryption to encrypt a file 4669 03:02:53,000 --> 03:02:54,653 for this example symmetric key 4670 03:02:54,653 --> 03:02:57,300 uses the either a stream Cipher or a block Cipher 4671 03:02:57,300 --> 03:02:59,957 and the differences between stream or block ciphers. 4672 03:02:59,957 --> 03:03:02,288 Is that block takes a block of bits at a time 4673 03:03:02,288 --> 03:03:03,700 and it's a fixed length. 4674 03:03:03,700 --> 03:03:04,879 For example 64 bits 4675 03:03:04,879 --> 03:03:07,527 if I were to use a block Cipher with 64 bits, 4676 03:03:07,527 --> 03:03:09,440 I would need to take him 64 bits 4677 03:03:09,440 --> 03:03:11,300 before I could start encrypting now 4678 03:03:11,300 --> 03:03:12,637 if I didn't have 64 bits 4679 03:03:12,637 --> 03:03:15,200 to encrypt I would have to fill it with padding 4680 03:03:15,200 --> 03:03:18,013 in order to get up to 64 bits a stream Cipher 4681 03:03:18,013 --> 03:03:19,100 on the Other hand 4682 03:03:19,100 --> 03:03:20,800 it will encrypt a bit at a time. 4683 03:03:20,800 --> 03:03:22,886 So it doesn't matter how many bits you've got. 4684 03:03:22,886 --> 03:03:24,680 You don't need to have some multiple 4685 03:03:24,680 --> 03:03:27,500 of the block length in order to encrypt without padding. 4686 03:03:27,500 --> 03:03:30,667 And another type of cryptography is a symmetric now asymmetric 4687 03:03:30,667 --> 03:03:32,900 as you would expect users to different keys. 4688 03:03:32,900 --> 03:03:35,400 And that's where we have public key and private key 4689 03:03:35,500 --> 03:03:38,500 a symmetric key cryptography uses a longer Keelan 4690 03:03:38,500 --> 03:03:40,208 and also has more computation 4691 03:03:40,208 --> 03:03:42,267 and the encryption process is slower 4692 03:03:42,267 --> 03:03:43,970 with a symmetric key encryption 4693 03:03:43,970 --> 03:03:45,400 and the encryption process 4694 03:03:45,400 --> 03:03:48,047 is slower than with a symmetric key encryption 4695 03:03:48,047 --> 03:03:50,855 while the For symmetric key is for signing documents 4696 03:03:50,855 --> 03:03:52,066 or emails for example, 4697 03:03:52,066 --> 03:03:54,600 but I would have the private key sign something 4698 03:03:54,600 --> 03:03:57,800 and the public key would be used to verify a signature 4699 03:03:57,800 --> 03:03:58,784 and another reason 4700 03:03:58,784 --> 03:04:01,317 for using a symmetric key encryption is to ensure 4701 03:04:01,317 --> 03:04:03,400 that you got it from who actually sent it 4702 03:04:03,400 --> 03:04:04,771 since you've got two keys. 4703 03:04:04,771 --> 03:04:07,511 You always knew who the other end of the equation is 4704 03:04:07,511 --> 03:04:10,100 where it's symmetric key senses just one key. 4705 03:04:10,100 --> 03:04:12,343 If you can intercept the key you can decrypt 4706 03:04:12,343 --> 03:04:13,700 and also encrypt messages. 4707 03:04:13,700 --> 03:04:16,477 And so if somebody can figure out the key you can break 4708 03:04:16,477 --> 03:04:18,689 into a communication stream using symmetric. 4709 03:04:18,689 --> 03:04:20,929 Turkey and scription so asymmetric gives you 4710 03:04:20,929 --> 03:04:22,434 the advantage of ensuring 4711 03:04:22,434 --> 03:04:25,788 that the other end is who the other end says and they are 4712 03:04:25,788 --> 03:04:29,199 since they're the only ones who should have the private key 4713 03:04:29,199 --> 03:04:31,900 and in this particular instance in practice. 4714 03:04:31,900 --> 03:04:34,900 However, however hybrid encryption models tend 4715 03:04:34,900 --> 03:04:36,300 to be used and that's 4716 03:04:36,300 --> 03:04:37,400 where you would use 4717 03:04:37,400 --> 03:04:40,700 a symmetric encryption to encrypt asymmetric session keys. 4718 03:04:40,700 --> 03:04:43,297 So basically you encrypt the message 4719 03:04:43,297 --> 03:04:47,113 that you are sending using symmetric key encryption 4720 03:04:47,113 --> 03:04:47,908 and then you 4721 03:04:47,908 --> 03:04:49,300 when Changing the key 4722 03:04:49,300 --> 03:04:52,700 with somebody else you use a symmetric key encryption. 4723 03:04:52,700 --> 03:04:54,599 So this is going to be a slower process. 4724 03:04:54,599 --> 03:04:57,220 You probably won't want to use it for a smaller files 4725 03:04:57,220 --> 03:04:58,227 in order to do that. 4726 03:04:58,227 --> 03:05:01,100 Fortunately the file example that I have is a smaller one. 4727 03:05:01,100 --> 03:05:04,236 So I'm going to try and generate a key right now. 4728 03:05:04,236 --> 03:05:07,700 So for this we have to head over to our Ubuntu system. 4729 03:05:07,900 --> 03:05:09,100 So let's see. 4730 03:05:09,200 --> 03:05:12,500 Let me show you how public key encryption actually works 4731 03:05:12,600 --> 03:05:15,184 and we are going to first create a key. 4732 03:05:15,184 --> 03:05:17,700 So let me just clear this out for you. 4733 03:05:17,700 --> 03:05:18,680 First of all. 4734 03:05:18,680 --> 03:05:22,600 Let's create a file and let's call that text Dot txt. 4735 03:05:22,821 --> 03:05:23,621 Now. 4736 03:05:23,621 --> 03:05:28,382 If you see we are going to edit text or txt to have some file. 4737 03:05:28,382 --> 03:05:30,215 So have some text in it. 4738 03:05:30,215 --> 03:05:33,500 So there seems to be a warning with the GDK. 4739 03:05:33,600 --> 03:05:36,100 I'll just use Echo instead. 4740 03:05:38,200 --> 03:05:41,400 So now let's see if that is in our file. 4741 03:05:42,100 --> 03:05:42,400 Okay. 4742 03:05:42,400 --> 03:05:45,392 So let me just show you how a symmetric key encryption 4743 03:05:45,392 --> 03:05:47,200 or public key cryptography works. 4744 03:05:47,200 --> 03:05:49,200 So first of all, we need a text file. 4745 03:05:49,200 --> 03:05:51,600 So let me see do we have a text file? 4746 03:05:51,600 --> 03:05:54,059 So there seems to be a text Dot txt. 4747 03:05:54,059 --> 03:05:56,800 So let's see what this text Dot txt says 4748 03:05:56,800 --> 03:05:59,641 so it says that this is a random text file. 4749 03:05:59,641 --> 03:06:01,356 Now, what we want to do is 4750 03:06:01,356 --> 03:06:03,822 we want to create a public key first, 4751 03:06:03,822 --> 03:06:06,700 so I'm going to use openssl for doing this. 4752 03:06:06,700 --> 03:06:08,200 This so we go openssl 4753 03:06:08,200 --> 03:06:09,861 and we are going to use it 4754 03:06:09,861 --> 03:06:12,800 with our say so we're trying to generate a key. 4755 03:06:12,800 --> 03:06:16,800 So generous e and we're going to use this tree to use this 4756 03:06:16,800 --> 03:06:20,720 and we're going to Output it into file called private key. 4757 03:06:20,720 --> 03:06:23,869 So we are also going to be using a 4 0 9 6 bit. 4758 03:06:23,869 --> 03:06:26,513 So this is going to be our private key. 4759 03:06:26,513 --> 03:06:30,200 So this will create a private key using RSA algorithm. 4760 03:06:30,200 --> 03:06:32,200 So let it work its way out. 4761 03:06:32,200 --> 03:06:33,400 So first of all, 4762 03:06:33,400 --> 03:06:35,674 it's asking me for the past three days now, 4763 03:06:35,674 --> 03:06:38,517 so since You can protect your keys with the passphrase. 4764 03:06:38,517 --> 03:06:40,400 So I'm just going to use my name. 4765 03:06:40,400 --> 03:06:41,000 Okay. 4766 03:06:41,000 --> 03:06:42,300 So now we see 4767 03:06:42,300 --> 03:06:46,100 if we LS and we have a private key, I guess. 4768 03:06:46,100 --> 03:06:46,876 Yep. 4769 03:06:46,876 --> 03:06:48,300 So we have this private key. 4770 03:06:48,300 --> 03:06:48,800 Now. 4771 03:06:48,800 --> 03:06:50,500 We're using this private key. 4772 03:06:50,500 --> 03:06:53,010 We are going to generate a public key. 4773 03:06:53,010 --> 03:06:56,200 So for this I'm again going to be using open SSL 4774 03:06:56,300 --> 03:06:58,400 and open SSL is unix-based. 4775 03:06:58,400 --> 03:07:00,600 So you will need a Unix system. 4776 03:07:00,600 --> 03:07:02,300 So you go are say utl. 4777 03:07:02,300 --> 03:07:03,632 That's RC utility. 4778 03:07:03,632 --> 03:07:06,000 And what we want to do is encrypt 4779 03:07:06,500 --> 03:07:08,500 and we want the public key 4780 03:07:08,500 --> 03:07:12,230 in and key and we want to use the public key 4781 03:07:12,230 --> 03:07:14,000 that we just generated. 4782 03:07:14,000 --> 03:07:14,900 I'm sorry guys. 4783 03:07:14,900 --> 03:07:17,500 So we are going to be using Odyssey. 4784 03:07:17,500 --> 03:07:18,592 So first of all, 4785 03:07:18,592 --> 03:07:20,800 we need to generate a public key. 4786 03:07:20,800 --> 03:07:23,300 So for that we use the private key. 4787 03:07:23,300 --> 03:07:26,700 So we will give the private key as an argument 4788 03:07:26,700 --> 03:07:27,870 after the in flag. 4789 03:07:27,870 --> 03:07:31,566 So private key and we are trying to get out a public key. 4790 03:07:31,566 --> 03:07:34,800 So pop out and we're going to call public dot key. 4791 03:07:34,800 --> 03:07:39,500 Okay, so there seems to be Okay. 4792 03:07:39,900 --> 03:07:43,700 I messed it up a little I forgot to give the output 4793 03:07:43,873 --> 03:07:47,026 so you go out and then you use public key. 4794 03:07:47,580 --> 03:07:50,119 So it's asking me for a passphrase 4795 03:07:50,600 --> 03:07:52,800 and now it's writing the are sticky and 4796 03:07:52,800 --> 03:07:54,434 since the password was correct. 4797 03:07:54,434 --> 03:07:55,963 We have a public key to so 4798 03:07:55,963 --> 03:07:58,800 if you see now we have a public key and a private key. 4799 03:07:58,800 --> 03:08:03,285 So we are going to encrypt our file using the public key. 4800 03:08:03,400 --> 03:08:08,300 So we go openssl and we go RS a utl. 4801 03:08:08,700 --> 03:08:13,800 And we go and crypt and we can do pump in. 4802 03:08:14,600 --> 03:08:17,300 So we are going to use the public key 4803 03:08:18,000 --> 03:08:20,946 and we want to put the text at the XT 4804 03:08:20,946 --> 03:08:23,100 as the file to be encrypted. 4805 03:08:23,100 --> 03:08:24,500 So text Dot txt. 4806 03:08:24,600 --> 03:08:28,100 And what we want to Output is an encrypted file. 4807 03:08:28,100 --> 03:08:29,900 So encrypted Dot txt. 4808 03:08:33,100 --> 03:08:38,000 Okay, I call it open SL L need to go and edit that out. 4809 03:08:38,600 --> 03:08:41,300 Yeah, so that makes it a correct command 4810 03:08:41,300 --> 03:08:43,900 and now we have an encrypted file. 4811 03:08:43,900 --> 03:08:47,646 So let's see Alice and yep encrypted dot txt. 4812 03:08:47,646 --> 03:08:49,800 So if you just cut that out, 4813 03:08:50,000 --> 03:08:51,600 so we see it's a bunch of garbage 4814 03:08:51,600 --> 03:08:53,400 and we really can't read it 4815 03:08:53,400 --> 03:08:57,076 unless we decrypt it so or decrypting the key. 4816 03:08:57,076 --> 03:09:00,000 All we have to do is again use openssl. 4817 03:09:00,000 --> 03:09:02,846 Let's clear this out first so openssl. 4818 03:09:03,200 --> 03:09:06,700 And we are going to be using the RC utility again. 4819 03:09:06,700 --> 03:09:07,700 So RSA utl. 4820 03:09:07,700 --> 03:09:09,200 We're going to decrypt this time. 4821 03:09:09,200 --> 03:09:11,200 So we go with the decrypt flag 4822 03:09:11,200 --> 03:09:14,200 and then we are going to be giving the inky 4823 03:09:14,200 --> 03:09:16,100 and that is going to be the private key 4824 03:09:16,600 --> 03:09:22,200 and what we want to decrypt is encrypted the txt. 4825 03:09:22,900 --> 03:09:29,700 And what we want output it is as let's say plain text txt. 4826 03:09:30,200 --> 03:09:32,200 So it's going to ask me for my past rays, 4827 03:09:32,200 --> 03:09:32,961 which is mine. 4828 03:09:32,961 --> 03:09:35,300 Name and I've entered the passphrase and now 4829 03:09:35,300 --> 03:09:37,000 we have a plain text Dot txt. 4830 03:09:37,100 --> 03:09:37,600 Now. 4831 03:09:37,800 --> 03:09:40,500 If we are to go and LS we see 4832 03:09:40,500 --> 03:09:43,100 that we have a plain text txt out here just 4833 03:09:43,100 --> 03:09:44,765 with light info dot txt. 4834 03:09:44,765 --> 03:09:46,500 Let me just cut that out. 4835 03:09:46,500 --> 03:09:49,600 So plain text D XD. 4836 03:09:50,000 --> 03:09:51,500 So this is a random text file. 4837 03:09:51,500 --> 03:09:53,100 And if you go up we see 4838 03:09:53,100 --> 03:09:55,900 that it was a bunch of garbage and before that. 4839 03:09:55,900 --> 03:09:57,672 It was a random text file. 4840 03:09:57,672 --> 03:10:00,400 Now, you can also run this command called 4841 03:10:00,400 --> 03:10:05,600 if plain text Dot Txt text txt. 4842 03:10:05,600 --> 03:10:08,100 So this give you a difference in the text rings. 4843 03:10:08,100 --> 03:10:10,600 So it's zero so it gives you that's the difference. 4844 03:10:10,900 --> 03:10:12,500 So both files are the same 4845 03:10:12,500 --> 03:10:15,100 and that's how public key cryptography works 4846 03:10:15,100 --> 03:10:17,900 and how symmetric key cryptography works. 4847 03:10:18,000 --> 03:10:18,328 Okay. 4848 03:10:18,328 --> 03:10:20,368 Now moving ahead of cryptography. 4849 03:10:20,368 --> 03:10:22,200 Let's talk about certificates. 4850 03:10:22,200 --> 03:10:22,400 Okay. 4851 03:10:22,400 --> 03:10:24,400 So now that we're done with cryptography. 4852 03:10:24,400 --> 03:10:26,400 Let's talk about digital certificates. 4853 03:10:26,400 --> 03:10:28,400 So what is a digital certificate? 4854 03:10:28,400 --> 03:10:31,300 Well, a digital certificate is an electronic password 4855 03:10:31,300 --> 03:10:33,974 that allows a person or can ization to exchange 4856 03:10:33,974 --> 03:10:37,500 data securely over the internet using public key infrastructure. 4857 03:10:37,500 --> 03:10:38,794 So digital certificate 4858 03:10:38,794 --> 03:10:41,149 is also known as a public key certificate 4859 03:10:41,149 --> 03:10:44,796 or an identity certificate now digital certificates are a means 4860 03:10:44,796 --> 03:10:45,800 by which consumers 4861 03:10:45,800 --> 03:10:48,700 and businesses can utilize the Security application 4862 03:10:48,700 --> 03:10:50,400 of public key infrastructure public 4863 03:10:50,400 --> 03:10:53,500 key infrastructure comprises of the technology to enable 4864 03:10:53,500 --> 03:10:56,880 and secure e-commerce and internet based communication. 4865 03:10:56,880 --> 03:11:00,700 So what kind of security does a certificate provide so firstly 4866 03:11:00,700 --> 03:11:02,100 it provides identification 4867 03:11:02,100 --> 03:11:04,400 and Authentication Asian the person or entities 4868 03:11:04,400 --> 03:11:07,562 with whom we are communicating I really who they say they are 4869 03:11:07,562 --> 03:11:09,400 so that is proved by certificates. 4870 03:11:09,400 --> 03:11:13,047 So then we have confidentiality of information within a message 4871 03:11:13,047 --> 03:11:15,000 or transaction is kept confidential. 4872 03:11:15,000 --> 03:11:16,034 It may only be read 4873 03:11:16,034 --> 03:11:17,959 and understood by the intended sender. 4874 03:11:17,959 --> 03:11:20,300 Then there's Integrity there's non-repudiation 4875 03:11:20,300 --> 03:11:22,400 the center cannot deny sending the message 4876 03:11:22,400 --> 03:11:25,769 or transaction the receiver really get to non-repudiation 4877 03:11:25,769 --> 03:11:26,727 and I'll explain 4878 03:11:26,727 --> 03:11:29,800 how non-repudiation comes into digital certificates. 4879 03:11:29,800 --> 03:11:32,319 So digital certificates are actually issued 4880 03:11:32,319 --> 03:11:34,300 by By authorities who are business 4881 03:11:34,300 --> 03:11:37,476 who make it their business to actually certify certify people 4882 03:11:37,476 --> 03:11:40,300 and their organization with digital certificates. 4883 03:11:40,300 --> 03:11:43,000 Now, you can see these on Google Chrome now, 4884 03:11:43,000 --> 03:11:44,900 let me just open Chrome for you guys 4885 03:11:44,900 --> 03:11:46,300 and you can see it out here. 4886 03:11:46,300 --> 03:11:47,800 You can see certificates 4887 03:11:47,800 --> 03:11:50,848 and you can go into the issue of statements and you can go 4888 03:11:50,848 --> 03:11:52,142 and all sorts of stuff 4889 03:11:52,142 --> 03:11:54,836 so you can see it's issued by encrypt Authority X3. 4890 03:11:54,836 --> 03:11:57,800 So that's an issuing authority for digital certificates. 4891 03:11:57,800 --> 03:12:00,400 Now that was all about the theory of certificates. 4892 03:12:00,400 --> 03:12:02,800 Let's go and see how you can create one. 4893 03:12:02,800 --> 03:12:05,100 Go to create a digital certificate. 4894 03:12:05,100 --> 03:12:08,715 We are going to be using the openssl tool again. 4895 03:12:09,800 --> 03:12:10,785 So first of all, 4896 03:12:10,785 --> 03:12:13,434 let me show you how to create a certificate. 4897 03:12:13,434 --> 03:12:16,700 So we are going to be using the openssl tool for that. 4898 03:12:16,700 --> 03:12:19,000 So first of all, let me clear the screen out. 4899 03:12:19,000 --> 03:12:21,200 So in this case, I'm going to generate a certificate 4900 03:12:21,200 --> 03:12:22,300 Authority certificate. 4901 03:12:22,300 --> 03:12:24,400 So I'm doing an artistic key here to use 4902 03:12:24,400 --> 03:12:25,700 inside the certificate. 4903 03:12:25,700 --> 03:12:26,659 So first of all, 4904 03:12:26,659 --> 03:12:28,688 I need to generate a private key. 4905 03:12:28,688 --> 03:12:30,400 So to do that as I had just 4906 03:12:30,400 --> 03:12:34,500 showed you guys we can use the openssl tool ego openssl 4907 03:12:34,600 --> 03:12:37,400 and Jen are say and we're going 4908 03:12:37,400 --> 03:12:42,600 to use test three then Ouches and let's call it c 4909 03:12:42,600 --> 03:12:45,292 a DOT key and we're going to use 4 0 4910 03:12:45,292 --> 03:12:48,600 9 6 this so I'm doing an RSA key here to use 4911 03:12:48,600 --> 03:12:51,050 inside the certificate some generating private key and 4912 03:12:51,050 --> 03:12:53,600 the private key is used as a part of the certificate 4913 03:12:53,600 --> 03:12:56,200 and there's a public key associated with the certificate. 4914 03:12:56,200 --> 03:12:57,600 So you've got public and private 4915 03:12:57,600 --> 03:12:59,900 key and data gets encrypted with the public key 4916 03:12:59,900 --> 03:13:02,343 and then gets decrypted with the private key. 4917 03:13:02,343 --> 03:13:04,948 So they are mathematically linked that the public 4918 03:13:04,948 --> 03:13:05,719 and private key 4919 03:13:05,719 --> 03:13:08,600 because you need one for the end of the communication the 4920 03:13:08,600 --> 03:13:11,400 and the other for the the other end of the communication 4921 03:13:11,400 --> 03:13:13,663 and they have to be linked so that the data 4922 03:13:13,663 --> 03:13:14,781 that gets encrypted 4923 03:13:14,781 --> 03:13:17,700 with one key catch to be decrypted with other key. 4924 03:13:17,700 --> 03:13:19,700 So this is asking for a passphrase 4925 03:13:19,700 --> 03:13:22,000 and so I'm going to be giving 4926 03:13:22,000 --> 03:13:26,599 my name as a passphrase so that has generated the key for us. 4927 03:13:26,600 --> 03:13:29,600 So now I'm going to generate the certificate itself. 4928 03:13:29,600 --> 03:13:32,600 So I'm going to be using the openssl utility. 4929 03:13:32,600 --> 03:13:37,100 So first of all, you say openssl nice a request, 4930 03:13:37,100 --> 03:13:38,900 so it will be a new request 4931 03:13:38,900 --> 03:13:42,500 and it's going to be An x.509 request it's going 4932 03:13:42,500 --> 03:13:44,700 to be valid for 365 days. 4933 03:13:45,500 --> 03:13:49,500 And let's see the key is going to be see a DOT key 4934 03:13:49,907 --> 03:13:52,600 and we're going to Output it into CA 4935 03:13:52,600 --> 03:13:55,300 or let's call it at Eureka dot 4936 03:13:55,300 --> 03:13:59,600 c r t so this is certificate that I'm producing in the name 4937 03:13:59,600 --> 03:14:01,475 of the company that I'm working for. 4938 03:14:01,475 --> 03:14:02,600 So that is at Eureka. 4939 03:14:02,600 --> 03:14:05,494 So it says it's unable to load the private key. 4940 03:14:05,494 --> 03:14:08,400 Let me just see as the private key existing. 4941 03:14:08,600 --> 03:14:09,500 I had a previous. 4942 03:14:09,500 --> 03:14:10,154 Private key. 4943 03:14:10,154 --> 03:14:11,300 So let me just remove 4944 03:14:11,300 --> 03:14:14,014 that doesn't have a see a DOT key seems 4945 03:14:14,014 --> 03:14:16,300 like I put the name differently. 4946 03:14:16,600 --> 03:14:19,900 So let me just try that again openssl 4947 03:14:20,600 --> 03:14:23,287 and we do request 4948 03:14:23,287 --> 03:14:24,825 so we are requesting 4949 03:14:25,200 --> 03:14:29,000 new certificate and it's going to be x509 4950 03:14:30,700 --> 03:14:41,200 and it's going to be there for 365 days and key is He 4951 03:14:41,200 --> 03:14:43,300 apparently that's where it's cold out here. 4952 03:14:43,300 --> 03:14:48,600 So and it's going to be out into Eddie record CRT. 4953 03:14:48,700 --> 03:14:51,700 That's another so let's enter the past three. 4954 03:14:51,700 --> 03:14:53,107 So it's my name. 4955 03:14:53,200 --> 03:14:55,500 So now it's going to ask me a bunch of information 4956 03:14:55,500 --> 03:14:57,400 that's going to be inside the certificate. 4957 03:14:57,400 --> 03:14:59,766 So let's say it's asking the country name 4958 03:14:59,766 --> 03:15:01,600 against let's put in the state. 4959 03:15:02,200 --> 03:15:02,700 Okay. 4960 03:15:02,700 --> 03:15:05,700 So iin State Province named some states. 4961 03:15:05,700 --> 03:15:08,500 So Bangalore look ality. 4962 03:15:08,500 --> 03:15:12,400 Let's say white Field organization name is Eddie. 4963 03:15:12,400 --> 03:15:16,400 Rekha unit name brain Force common name. 4964 03:15:16,400 --> 03:15:18,560 Let's leave that out email address. 4965 03:15:18,560 --> 03:15:22,200 Let's leave that out too, and we have a certificate. 4966 03:15:22,200 --> 03:15:24,824 So if you go and list all your files, 4967 03:15:24,824 --> 03:15:28,915 you'll see that there is a certificate called any record 4968 03:15:28,915 --> 03:15:30,052 or CRT out here, 4969 03:15:30,052 --> 03:15:31,400 which is highlighted. 4970 03:15:31,400 --> 03:15:32,100 Okay. 4971 03:15:32,100 --> 03:15:34,800 So now if you want to view this file, 4972 03:15:34,800 --> 03:15:39,700 you could always use the openssl you can always use the openssl. 4973 03:15:39,700 --> 03:15:43,800 Utility, so you say you want to read an extra five nine request 4974 03:15:43,800 --> 03:15:45,300 and you wanted to text 4975 03:15:45,400 --> 03:15:49,600 and what you want to see is at Eureka CRT. 4976 03:15:50,300 --> 03:15:52,761 Okay, so that is the certificate. 4977 03:15:52,761 --> 03:15:53,800 So you see 4978 03:15:53,800 --> 03:15:57,279 that it has all the signature it has signature algorithm. 4979 03:15:57,279 --> 03:16:00,200 It has all the information about the certificate 4980 03:16:00,300 --> 03:16:04,500 and it says signature issuer is cin and state Bangalore 4981 03:16:04,500 --> 03:16:06,227 and location right field. 4982 03:16:06,227 --> 03:16:08,300 I wreck up reinforce velocity. 4983 03:16:08,300 --> 03:16:09,900 It has all sorts of information. 4984 03:16:09,900 --> 03:16:11,000 Nation so that was all 4985 03:16:11,000 --> 03:16:14,600 about digital certificates how who issues digital certificates? 4986 03:16:14,600 --> 03:16:15,906 Where are they useful? 4987 03:16:15,906 --> 03:16:18,100 So this is basically non-repudiation. 4988 03:16:18,100 --> 03:16:20,900 So nobody can say with this certificate that 4989 03:16:20,900 --> 03:16:24,881 if this certificate is included in some sort of website 4990 03:16:24,881 --> 03:16:28,300 and that website tends to be samples malicious 4991 03:16:28,300 --> 03:16:30,600 and there's a complaint now the website can go 4992 03:16:30,600 --> 03:16:33,200 to a court of law and say they didn't know about this 4993 03:16:33,200 --> 03:16:34,369 because the certificate 4994 03:16:34,369 --> 03:16:36,523 that was included had their private key and 4995 03:16:36,523 --> 03:16:39,378 private key was only supposed to be known to the company 4996 03:16:39,378 --> 03:16:41,605 so that Non-repudiation you just don't deny 4997 03:16:41,605 --> 03:16:42,900 that you didn't do it. 4998 03:16:42,900 --> 03:16:46,200 Okay, so that was all about certificate not moving on. 4999 03:16:46,200 --> 03:16:46,500 Okay. 5000 03:16:46,500 --> 03:16:48,465 So moving on we're going to be talking 5001 03:16:48,465 --> 03:16:49,900 about cryptography caching. 5002 03:16:50,000 --> 03:16:52,269 And while the word cryptography is in 5003 03:16:52,269 --> 03:16:55,800 the term cryptography caching and it does lead to believe 5004 03:16:55,800 --> 03:16:57,250 that there is encryption Vault. 5005 03:16:57,250 --> 03:17:00,000 There is no encryption involved in a cryptographic hash. 5006 03:17:00,000 --> 03:17:02,200 There is a significant difference between hashing 5007 03:17:02,200 --> 03:17:04,500 and any sort of encryption and that is primarily 5008 03:17:04,500 --> 03:17:06,558 that encryption is a two-way process 5009 03:17:06,558 --> 03:17:09,591 when I encrypt a piece of data or a file or anything else. 5010 03:17:09,591 --> 03:17:11,885 So what I'm doing is putting it into a state 5011 03:17:11,885 --> 03:17:14,776 where I expect it to be able to get it back out again, 5012 03:17:14,776 --> 03:17:15,600 in other words 5013 03:17:15,600 --> 03:17:18,057 when I interrupt a file expect it to be able 5014 03:17:18,057 --> 03:17:19,524 to decrypt the file and get 5015 03:17:19,524 --> 03:17:21,100 the original contents hashing 5016 03:17:21,100 --> 03:17:23,100 is a one-way function on the other hand. 5017 03:17:23,100 --> 03:17:26,382 Once I've hashed piece of data or file there is no expectation 5018 03:17:26,382 --> 03:17:28,500 and ability to get the original piece 5019 03:17:28,500 --> 03:17:31,700 of data back hashing generates a fixed length value 5020 03:17:31,700 --> 03:17:32,600 and different types 5021 03:17:32,600 --> 03:17:35,000 of hashing will generate different length values. 5022 03:17:35,000 --> 03:17:38,294 For example, md5 will generate a different length value 5023 03:17:38,294 --> 03:17:41,100 than sha-1 And they're both hashing algorithms, 5024 03:17:41,100 --> 03:17:43,256 but they generate different length values 5025 03:17:43,256 --> 03:17:45,573 and the resulting value from a hash function 5026 03:17:45,573 --> 03:17:48,700 should be no relation at all to the original piece of data. 5027 03:17:48,700 --> 03:17:49,700 As a matter of fact, 5028 03:17:49,900 --> 03:17:51,800 if two inputs generate the same hash value 5029 03:17:51,800 --> 03:17:54,300 it's called the collision and if you can generate collisions, 5030 03:17:54,300 --> 03:17:55,800 you may be able to get a point 5031 03:17:55,800 --> 03:17:57,650 where you can generate a piece of data 5032 03:17:57,650 --> 03:17:59,700 that are going to generate the same hash values 5033 03:17:59,700 --> 03:18:02,250 and that leads you to the potential ability to break 5034 03:18:02,250 --> 03:18:03,700 the particular hashing algorithm 5035 03:18:03,700 --> 03:18:04,800 that you're using. 5036 03:18:04,800 --> 03:18:06,391 So what we can use hash is 5037 03:18:06,391 --> 03:18:09,553 for well one thing we can use hashes for file in text. 5038 03:18:09,553 --> 03:18:10,647 T we can run a hash 5039 03:18:10,647 --> 03:18:13,000 on a file and get a value back and later. 5040 03:18:13,000 --> 03:18:13,600 We can check 5041 03:18:13,600 --> 03:18:15,657 that the value make sure if it's the same 5042 03:18:15,657 --> 03:18:17,200 if it's the same I can be sure 5043 03:18:17,200 --> 03:18:19,815 that the same file was hashed in both instances. 5044 03:18:19,815 --> 03:18:22,932 So let me just show you an example of what I just said 5045 03:18:22,932 --> 03:18:24,800 that if we Hash a file we will get 5046 03:18:24,800 --> 03:18:27,862 the same hash every time so remember the certificate 5047 03:18:27,862 --> 03:18:29,112 that we just created. 5048 03:18:29,112 --> 03:18:30,600 Let me just log in again. 5049 03:18:30,600 --> 03:18:31,700 So we are going 5050 03:18:31,700 --> 03:18:35,735 to Hash this certificate and it will create a certain hash 5051 03:18:35,735 --> 03:18:37,281 and we are going to see 5052 03:18:37,281 --> 03:18:39,514 that every time we hash it we are. 5053 03:18:39,514 --> 03:18:40,800 Being the same hash 5054 03:18:40,800 --> 03:18:44,793 so we can use this command called md5sum and we can do 5055 03:18:44,793 --> 03:18:46,300 Eddie record or CRT. 5056 03:18:46,300 --> 03:18:48,200 So this is the harsh produced 5057 03:18:48,200 --> 03:18:51,100 after you've hatched at your record or CRT. 5058 03:18:51,100 --> 03:18:53,800 So if I do an md5 again, 5059 03:18:53,900 --> 03:18:55,886 so md5 is a hashing algorithm 5060 03:18:55,886 --> 03:18:58,900 that you should move so at your record or CRT 5061 03:18:58,900 --> 03:19:00,111 and it will produce 5062 03:19:00,111 --> 03:19:03,300 very similar has let's see a sha-1 works like this. 5063 03:19:03,300 --> 03:19:05,700 So sha-1 and you record or CRT? 5064 03:19:05,800 --> 03:19:06,765 Okay, Xiao Chuan 5065 03:19:06,765 --> 03:19:09,600 is sha the shuffle in the shower you tools back? 5066 03:19:09,600 --> 03:19:10,000 Courage. 5067 03:19:10,000 --> 03:19:12,600 Okay, so I proved my point that but md5 5068 03:19:12,600 --> 03:19:14,900 if it is cryptography hashing algorithm. 5069 03:19:14,900 --> 03:19:16,668 We are getting the same hash back. 5070 03:19:16,668 --> 03:19:19,058 So if you are able to produce the same hash 5071 03:19:19,058 --> 03:19:22,000 that means you have broken the algorithm in itself. 5072 03:19:22,000 --> 03:19:23,900 So if you run md5 on the knocks, 5073 03:19:23,900 --> 03:19:27,000 you can get a version of md5 and md5 summation program 5074 03:19:27,000 --> 03:19:28,300 on Windows and Mac OS 5075 03:19:28,300 --> 03:19:31,300 where with the utility md5 is does the same thing. 5076 03:19:31,300 --> 03:19:34,300 So I just showed you the file and I hashed it 5077 03:19:34,300 --> 03:19:37,980 and another reason we use hashing is we are storing 5078 03:19:37,980 --> 03:19:39,600 passwords so password. 5079 03:19:39,600 --> 03:19:41,923 Stored after hashing, we hashed passwords. 5080 03:19:41,923 --> 03:19:44,100 And the reason for hashing password is 5081 03:19:44,100 --> 03:19:46,700 so you're not storing the password in clear text 5082 03:19:46,700 --> 03:19:48,220 which would be easily seen in 5083 03:19:48,220 --> 03:19:50,285 if you got it protected with low emissions 5084 03:19:50,285 --> 03:19:52,900 if I hashed password every time I hash the password, 5085 03:19:52,900 --> 03:19:55,900 I'm going to get the same value back from the same algorithm. 5086 03:19:55,900 --> 03:19:57,813 So what I do is store the hash and some sort 5087 03:19:57,813 --> 03:20:00,413 of password database since it's a one-way function. 5088 03:20:00,413 --> 03:20:02,957 You can't get the password back directly from the hash. 5089 03:20:02,957 --> 03:20:04,700 Now what you can do with most password 5090 03:20:04,700 --> 03:20:06,958 cracking programs do some variation of this 5091 03:20:06,958 --> 03:20:09,672 and you just generate hashes against list of words. 5092 03:20:09,672 --> 03:20:11,260 If you look at a hash value 5093 03:20:11,260 --> 03:20:13,035 that matches the one in the password 5094 03:20:13,035 --> 03:20:14,100 once you get the hash 5095 03:20:14,100 --> 03:20:16,400 that matches the one in the password, you know, 5096 03:20:16,400 --> 03:20:17,500 what password is there 5097 03:20:17,500 --> 03:20:20,000 and here and we come back to the idea of collisions 5098 03:20:20,000 --> 03:20:21,700 if I can take two different strings 5099 03:20:21,700 --> 03:20:23,615 of characters and get the same values back 5100 03:20:23,615 --> 03:20:25,258 and it's easier to crack the password 5101 03:20:25,258 --> 03:20:27,987 because I mean not necessarily get the password with the hash 5102 03:20:27,987 --> 03:20:30,588 that I get back from particular string of data is the same 5103 03:20:30,588 --> 03:20:32,588 as that I get from the original password, 5104 03:20:32,588 --> 03:20:34,721 then it doesn't matter whether I know the password 5105 03:20:34,721 --> 03:20:35,750 because the string of data 5106 03:20:35,750 --> 03:20:38,400 that I put in is going to generate the same hash value 5107 03:20:38,400 --> 03:20:41,300 that you're going to compare when Login and this hash value 5108 03:20:41,300 --> 03:20:42,374 will just give you 5109 03:20:42,374 --> 03:20:44,968 that as valid and you will be able to login. 5110 03:20:44,968 --> 03:20:47,200 So suppose the password that you chose 5111 03:20:47,200 --> 03:20:49,200 while making your account is dog 5112 03:20:49,200 --> 03:20:52,300 and the dog word produces this hash value 5113 03:20:52,400 --> 03:20:56,100 and if I were to like hash cat 5114 03:20:56,100 --> 03:20:58,308 with the same algorithm and if the other 5115 03:20:58,308 --> 03:20:59,900 than was prone to collisions, 5116 03:20:59,900 --> 03:21:02,278 it might produce the same hash value as dog. 5117 03:21:02,278 --> 03:21:05,319 So with the password cat I could open up your password. 5118 03:21:05,319 --> 03:21:07,300 I mean I could open up your account. 5119 03:21:07,300 --> 03:21:09,798 So that was all about hashing and hashing. 5120 03:21:09,798 --> 03:21:11,200 Rhythms, let's move on. 5121 03:21:11,200 --> 03:21:11,500 Okay. 5122 03:21:11,500 --> 03:21:12,900 So in this part of the video, 5123 03:21:12,900 --> 03:21:15,700 we are going to go over SSL and TLS 5124 03:21:16,000 --> 03:21:18,400 or SSL and TLS are ways of doing encryption 5125 03:21:18,400 --> 03:21:21,100 and they were developed in order to do encryption 5126 03:21:21,100 --> 03:21:24,400 between websites web servers and clients or browsers. 5127 03:21:24,400 --> 03:21:27,600 SSL was originally developed by a company called Netscape and 5128 03:21:27,600 --> 03:21:29,850 if you don't remember Netscape eventually spun 5129 03:21:29,850 --> 03:21:32,200 off their source code and became Mozilla project 5130 03:21:32,200 --> 03:21:33,560 where we get Firefox 5131 03:21:33,560 --> 03:21:37,300 from so back in 1995 Netscape released version 2 of SSL, 5132 03:21:37,300 --> 03:21:40,396 and there was a version one, but nothing was Done with it. 5133 03:21:40,396 --> 03:21:43,729 So we got the version 2 of SSL and that was used for encryption 5134 03:21:43,729 --> 03:21:45,724 of web transmission between the server 5135 03:21:45,724 --> 03:21:47,883 and the browser to do a whole number 5136 03:21:47,883 --> 03:21:49,585 of flaws between the server 5137 03:21:49,585 --> 03:21:52,774 and the browser now SSL version 2 had a whole number 5138 03:21:52,774 --> 03:21:55,400 of flaws and SSL to has the type of flowers 5139 03:21:55,400 --> 03:21:58,000 that can lead to decryption of messages without actually 5140 03:21:58,000 --> 03:21:59,300 having the correct keys 5141 03:21:59,300 --> 03:22:01,500 and not being the right endpoints 5142 03:22:01,500 --> 03:22:05,100 and so Netscape released SSL version 3 in 1996. 5143 03:22:05,100 --> 03:22:07,700 And so we get SSL 3.0 which is better 5144 03:22:07,700 --> 03:22:09,681 than 2.0 but it still hurts. 5145 03:22:09,681 --> 03:22:12,300 Some issues and so in 1999 we ended up 5146 03:22:12,300 --> 03:22:14,200 with TLS now SSL is secure 5147 03:22:14,200 --> 03:22:17,300 socket layer and TLS is transport layer security. 5148 03:22:17,300 --> 03:22:19,200 They both accomplished the same sort of thing 5149 03:22:19,200 --> 03:22:21,300 and they're designed for primarily doing encryption 5150 03:22:21,300 --> 03:22:23,018 between web server and web browsers 5151 03:22:23,018 --> 03:22:25,707 because we want to be able to encrypt the type of traffic. 5152 03:22:25,707 --> 03:22:28,207 So let me show you what kind of traffic looks like. 5153 03:22:28,207 --> 03:22:29,100 So first of all, 5154 03:22:29,100 --> 03:22:31,300 let me open bar shop and out here. 5155 03:22:31,300 --> 03:22:34,082 I already have a TLS scan ready for you guys 5156 03:22:34,082 --> 03:22:36,991 that you can see we have all sorts of TLS data 5157 03:22:36,991 --> 03:22:37,941 so you can see 5158 03:22:37,941 --> 03:22:41,200 that here's my source and it's 32 and destination 5159 03:22:41,200 --> 03:22:42,700 is sound 6 1 2. 5160 03:22:42,700 --> 03:22:45,500 4050 9.46 doing a client key exchange 5161 03:22:45,500 --> 03:22:48,600 and the chain Cipher suspect and Krypton handshake message 5162 03:22:48,600 --> 03:22:50,700 and then we start getting application data. 5163 03:22:50,700 --> 03:22:52,800 So there are some other steps involved here 5164 03:22:52,800 --> 03:22:54,100 and you're not seeing all of it 5165 03:22:54,100 --> 03:22:55,900 with this particular Wireshark capture 5166 03:22:55,900 --> 03:22:57,229 because again, you know, 5167 03:22:57,229 --> 03:22:58,700 we get fragmented packets 5168 03:22:58,700 --> 03:23:00,900 and at some point it starts getting encrypted 5169 03:23:00,900 --> 03:23:02,344 and you can see it anyways 5170 03:23:02,344 --> 03:23:03,200 because wash out 5171 03:23:03,200 --> 03:23:05,808 without having the key can decrypt those messages 5172 03:23:05,808 --> 03:23:07,150 but one ends up happening 5173 03:23:07,150 --> 03:23:08,600 is the client sends a hello 5174 03:23:08,600 --> 03:23:10,350 and the silver is Ponce with a Hello 5175 03:23:10,350 --> 03:23:12,800 and they end up exchanging information as part 5176 03:23:12,800 --> 03:23:15,300 of that now including version numbers supported 5177 03:23:15,300 --> 03:23:16,771 and you get random number 5178 03:23:16,771 --> 03:23:19,851 and the clients going to send out a number of surface suits 5179 03:23:19,851 --> 03:23:23,300 that may want support and order and it can support the server 5180 03:23:23,300 --> 03:23:25,800 and it's going to pick from those sweet of ciphers. 5181 03:23:25,800 --> 03:23:28,880 Now, then we start doing the key exchange and then 5182 03:23:28,880 --> 03:23:32,400 do the change Cipher spect and from the client and server 5183 03:23:32,400 --> 03:23:35,123 and eventually the server just sends a finished message 5184 03:23:35,123 --> 03:23:35,923 and at the point 5185 03:23:35,923 --> 03:23:38,108 we've got this encrypted communication going on, 5186 03:23:38,108 --> 03:23:39,249 but there's this handshake 5187 03:23:39,249 --> 03:23:41,900 that Zone between the two systems and there's a number 5188 03:23:41,900 --> 03:23:43,577 of different types of handshakes depending 5189 03:23:43,577 --> 03:23:44,600 on the type of end points 5190 03:23:44,600 --> 03:23:45,300 that you've got. 5191 03:23:45,300 --> 03:23:47,774 But that's the type of communication that goes on 5192 03:23:47,774 --> 03:23:50,300 between servers and the client one important thing 5193 03:23:50,300 --> 03:23:51,800 about using SSL and TLS is 5194 03:23:51,800 --> 03:23:54,300 as I mentioned some of the earlier versions had 5195 03:23:54,300 --> 03:23:56,272 vulnerabilities in them and you want to make sure 5196 03:23:56,272 --> 03:23:58,299 that the server's aren't actually running those. 5197 03:23:58,299 --> 03:24:00,500 So you want to run some scans to figure out the type 5198 03:24:00,500 --> 03:24:03,000 of calls and ciphers that different systems you 5199 03:24:03,000 --> 03:24:05,800 so for this we can use something called SSL scan. 5200 03:24:05,800 --> 03:24:08,100 So this is available for Unix. 5201 03:24:08,100 --> 03:24:09,330 Not really sure. 5202 03:24:09,600 --> 03:24:11,300 If there is something 5203 03:24:11,300 --> 03:24:13,849 that is similar for Windows or Mac, 5204 03:24:13,849 --> 03:24:18,200 but on Unix based system that is Linux we can use SSL scan. 5205 03:24:18,200 --> 03:24:19,900 So let me just show you how to use 5206 03:24:19,900 --> 03:24:21,900 that clear as far out. 5207 03:24:22,300 --> 03:24:25,838 So what we can do is run SSL scan again suppose 5208 03:24:25,838 --> 03:24:28,600 www dot Ed u-- record dotco. 5209 03:24:30,600 --> 03:24:31,900 So we're doing Isis can hear 5210 03:24:31,900 --> 03:24:34,037 against the website and you can see it's going out 5211 03:24:34,037 --> 03:24:36,000 and probing all the different types of ciphers 5212 03:24:36,000 --> 03:24:39,100 after you know on this system start with SSL V3 5213 03:24:39,100 --> 03:24:40,409 and are going to TLS 5214 03:24:40,409 --> 03:24:43,500 version 1 and we could force as a substantive try 5215 03:24:43,500 --> 03:24:44,585 to do an SSL V2. 5216 03:24:44,585 --> 03:24:47,500 If I scroll back up here I get the surface I 5217 03:24:47,500 --> 03:24:51,200 Firs which is SSL version 3 it's using RSA 5218 03:24:51,300 --> 03:24:53,400 and it's using RSA for the asymmetric. 5219 03:24:53,400 --> 03:24:55,300 Now in order to do the key exchange and 5220 03:24:55,300 --> 03:24:57,800 once we get the session key up we're going to do use AES 5221 03:24:57,800 --> 03:24:59,200 256 and then we're going 5222 03:24:59,200 --> 03:25:02,400 to use the secure hash algorithm to do the message authentication 5223 03:25:02,400 --> 03:25:03,200 or the Mac. 5224 03:25:03,200 --> 03:25:04,905 It's something calls the hmac 5225 03:25:04,905 --> 03:25:07,380 for the hashed message authentication code and 5226 03:25:07,380 --> 03:25:09,800 what it does is simply hashes the MAC address 5227 03:25:09,800 --> 03:25:12,527 that you would check one side against the other to make sure 5228 03:25:12,527 --> 03:25:14,100 that the message hasn't been fitted 5229 03:25:14,100 --> 03:25:15,200 with in transmission. 5230 03:25:15,200 --> 03:25:16,900 You can see here all the different types 5231 03:25:16,900 --> 03:25:19,864 of Cipher suits that are available peers TLS running rc4 5232 03:25:19,864 --> 03:25:21,100 at 40 bits using md5. 5233 03:25:21,100 --> 03:25:22,700 So that would be a pretty vulnerable type 5234 03:25:22,700 --> 03:25:24,900 of communication to use and between the server 5235 03:25:24,900 --> 03:25:27,000 and the client 40-bit Cipher using rc4 is 5236 03:25:27,000 --> 03:25:29,750 a low strength Cipher and we would definitely Recommend 5237 03:25:29,750 --> 03:25:32,400 that clients remove those from the support of ciphers 5238 03:25:32,400 --> 03:25:33,850 that they have on their server. 5239 03:25:33,850 --> 03:25:35,600 All that configuration would be done 5240 03:25:35,600 --> 03:25:37,247 at the web server as well as 5241 03:25:37,247 --> 03:25:40,500 when you generated your key and your certificates normally 5242 03:25:40,500 --> 03:25:43,300 certificates would be handled by a certificate Authority. 5243 03:25:43,400 --> 03:25:45,450 Now, you can also self-signed certificates 5244 03:25:45,450 --> 03:25:47,550 and have those installed in your web server 5245 03:25:47,550 --> 03:25:49,600 in order to Communications with your clients 5246 03:25:49,600 --> 03:25:53,100 that the challenge with that is browsers today warned when they 5247 03:25:53,100 --> 03:25:55,776 see a certificate against the certificate Authority 5248 03:25:55,776 --> 03:25:58,805 that is entrusted of it and it doesn't have any certificate. 5249 03:25:58,805 --> 03:26:00,500 Aditi tall so you'll get a warning 5250 03:26:00,500 --> 03:26:01,580 in your browser indicating. 5251 03:26:01,580 --> 03:26:03,349 There may be a problem with your certificate 5252 03:26:03,349 --> 03:26:04,878 if your clients are Savvy enough and 5253 03:26:04,878 --> 03:26:06,800 if the users are Savvy enough you may be able 5254 03:26:06,800 --> 03:26:09,658 to make use of these self fine self-signed certificates 5255 03:26:09,658 --> 03:26:11,108 and save yourself some money, 5256 03:26:11,108 --> 03:26:12,960 but generally it's not recommended simply 5257 03:26:12,960 --> 03:26:15,600 because clients are starting to get these bad certificates 5258 03:26:15,600 --> 03:26:16,900 and when they run across one 5259 03:26:16,900 --> 03:26:19,146 that's really a problem a real Rogue certificate. 5260 03:26:19,146 --> 03:26:21,300 They're going to ignore the certificate message 5261 03:26:21,300 --> 03:26:23,321 in the browser and just go to the sites 5262 03:26:23,321 --> 03:26:26,300 that could have malicious purposes in mind and may end up 5263 03:26:26,300 --> 03:26:29,174 compromising the clients or customers or users. 5264 03:26:29,174 --> 03:26:30,300 That's SSL and TLS 5265 03:26:30,300 --> 03:26:33,900 and how they work and negotiate between servers and end points. 5266 03:26:34,300 --> 03:26:34,700 Okay. 5267 03:26:34,700 --> 03:26:37,500 So now that we've talked about TLS and SSL. 5268 03:26:37,500 --> 03:26:39,300 Let's talk about disk encryption. 5269 03:26:39,300 --> 03:26:41,365 Now this encryption is actually something 5270 03:26:41,365 --> 03:26:44,618 that was not really difficult to do but sort of out of the reach 5271 03:26:44,618 --> 03:26:47,200 of normal desktop computers for a really long time. 5272 03:26:47,200 --> 03:26:50,116 Although there have long been ways to encryption of files 5273 03:26:50,116 --> 03:26:52,200 and to a lesser degree maybe entire disks 5274 03:26:52,200 --> 03:26:54,579 as we get faster processor certainly encrypting 5275 03:26:54,579 --> 03:26:55,416 the entire disks 5276 03:26:55,416 --> 03:26:56,887 and being able to encrypt 5277 03:26:56,887 --> 03:26:59,030 and decrypt on the fly without affecting. 5278 03:26:59,030 --> 03:27:00,358 Performance is something 5279 03:27:00,358 --> 03:27:02,465 that certainly comes with Within Reach 5280 03:27:02,465 --> 03:27:03,562 and it's a feature 5281 03:27:03,562 --> 03:27:07,124 that shows up in most modern operating systems to one degree 5282 03:27:07,124 --> 03:27:09,816 or another now these days we are going to look 5283 03:27:09,816 --> 03:27:12,740 at a couple of ways here of doing disk encryption. 5284 03:27:12,740 --> 03:27:15,152 I want to tell you about one of them first 5285 03:27:15,152 --> 03:27:16,300 and it's not the one I 5286 03:27:16,300 --> 03:27:18,750 can show I can't really show the other one either. 5287 03:27:18,750 --> 03:27:19,533 So with Microsoft 5288 03:27:19,533 --> 03:27:22,300 their Windows system have this program called BitLocker 5289 03:27:22,300 --> 03:27:24,609 and BitLocker requires either Windows Ultimate 5290 03:27:24,609 --> 03:27:25,600 or Windows and price. 5291 03:27:25,600 --> 03:27:26,700 I don't happen to have 5292 03:27:26,700 --> 03:27:28,905 either version so I can't really show it. 5293 03:27:28,905 --> 03:27:30,200 You but I can tell you 5294 03:27:30,200 --> 03:27:33,200 that BitLocker has ability to entire disk encryption 5295 03:27:33,200 --> 03:27:34,000 and they use a s 5296 03:27:34,000 --> 03:27:36,950 for the encryption Cipher and the thing about BitLocker is 5297 03:27:36,950 --> 03:27:38,100 that they use a feature 5298 03:27:38,100 --> 03:27:41,200 that comes with most modern systems particularly laptops. 5299 03:27:41,200 --> 03:27:42,360 Lll strip in them 5300 03:27:42,360 --> 03:27:45,658 that's called The Trusted platform module or TPM. 5301 03:27:45,658 --> 03:27:46,957 The TPM chip is part 5302 03:27:46,957 --> 03:27:49,100 what it does is it stores the keys 5303 03:27:49,100 --> 03:27:50,509 that allows operating system 5304 03:27:50,509 --> 03:27:53,228 to be able to access the disk through this encryption 5305 03:27:53,228 --> 03:27:56,294 and decryption process and they use a pretty strong encryption 5306 03:27:56,294 --> 03:27:57,400 Cipher which is a yes, 5307 03:27:57,400 --> 03:27:59,226 but you have to have one of the cup Well 5308 03:27:59,226 --> 03:28:01,063 of different versions of Windows in order 5309 03:28:01,063 --> 03:28:02,302 to be able to use BitLocker 5310 03:28:02,302 --> 03:28:04,799 and it's one of those things you would normally run 5311 03:28:04,799 --> 03:28:05,799 in an Enterprise. 5312 03:28:05,799 --> 03:28:09,189 And so that's why they included in on its Enterprise version. 5313 03:28:09,189 --> 03:28:10,432 Now on the Mac OS side 5314 03:28:10,432 --> 03:28:13,282 they have this thing called file Vault and you see 5315 03:28:13,282 --> 03:28:16,500 in the system preferences on the security and privacy. 5316 03:28:16,500 --> 03:28:20,000 If you go to filevault you can turn on filevault now I 5317 03:28:20,000 --> 03:28:21,200 if you have the little button 5318 03:28:21,200 --> 03:28:23,000 that they're says Stone on file wall, 5319 03:28:23,000 --> 03:28:24,917 then you can turn on the file wall 5320 03:28:24,917 --> 03:28:27,300 and it would ask you about setting up keys 5321 03:28:27,300 --> 03:28:30,300 and it works similar to Those BitLocker now 5322 03:28:30,300 --> 03:28:33,659 pgp happens to have the ability to do disk encryption 5323 03:28:33,659 --> 03:28:34,620 and you can see 5324 03:28:34,620 --> 03:28:37,504 that in the case of this you burned the system. 5325 03:28:37,504 --> 03:28:40,700 They've got a package called gde Crypt which is a GUI 5326 03:28:40,700 --> 03:28:44,200 that allows you to map and mount a created encrypted volume 5327 03:28:44,200 --> 03:28:47,600 so I could run G decrypt and put help me set up the process 5328 03:28:47,600 --> 03:28:50,500 of encrypting the volumes have got on my system. 5329 03:28:50,500 --> 03:28:53,100 Now this conscription is a really good idea 5330 03:28:53,100 --> 03:28:54,831 because when you are working 5331 03:28:54,831 --> 03:28:57,799 with clients the data is normally very sensitive. 5332 03:28:57,799 --> 03:28:58,804 So as I mentioned 5333 03:28:58,804 --> 03:29:02,294 And you can always use things like BitLocker and windows fault 5334 03:29:02,294 --> 03:29:04,830 or other search software's for disk encryption. 5335 03:29:04,830 --> 03:29:07,830 So what I mentioned before is now not only possible. 5336 03:29:07,830 --> 03:29:11,100 It's very much a reality with current operating systems. 5337 03:29:11,100 --> 03:29:12,061 Now, let's talk 5338 03:29:12,061 --> 03:29:15,169 about scanning now scanning is refers to the use 5339 03:29:15,169 --> 03:29:17,880 of computer networks to gather information 5340 03:29:17,880 --> 03:29:19,600 regarding computer systems 5341 03:29:19,600 --> 03:29:20,600 and networks canning 5342 03:29:20,600 --> 03:29:23,400 is mainly used to security assessment system maintenance 5343 03:29:23,400 --> 03:29:25,700 and also for performing attacks by hackers. 5344 03:29:25,700 --> 03:29:28,200 The purpose of network scanning is as follows, 5345 03:29:28,200 --> 03:29:30,280 it allows you to Nice available UDP 5346 03:29:30,280 --> 03:29:33,400 and TCP Network Services running on a targeted host. 5347 03:29:33,400 --> 03:29:35,654 It allows you to recognize filtering systems 5348 03:29:35,654 --> 03:29:37,716 between the users and the targeted host. 5349 03:29:37,716 --> 03:29:40,200 It allows you to determine the operating systems 5350 03:29:40,200 --> 03:29:42,700 and used by assessing the IP responses. 5351 03:29:42,700 --> 03:29:44,100 Then it also allows you 5352 03:29:44,100 --> 03:29:46,800 to evaluate the target host TCP sequence numbers 5353 03:29:46,800 --> 03:29:49,900 and predictability to determine the sequence prediction attacks 5354 03:29:49,900 --> 03:29:52,350 and the TCP spoofing now Network scanning consists 5355 03:29:52,350 --> 03:29:53,700 of Network Port scanning as 5356 03:29:53,700 --> 03:29:56,569 well as vulnerability scanning Network Port scanning refers 5357 03:29:56,569 --> 03:29:59,100 to the method of sending data packets via the network. 5358 03:29:59,100 --> 03:30:01,350 Through computer system specified Service Port 5359 03:30:01,350 --> 03:30:03,800 this is to identify the available Network Services 5360 03:30:03,800 --> 03:30:05,117 on that particular system. 5361 03:30:05,117 --> 03:30:08,215 This procedure is effective for troubleshooting systems issues 5362 03:30:08,215 --> 03:30:11,320 or for tightening the system security vulnerability scanning 5363 03:30:11,320 --> 03:30:13,900 is a method used to discover known vulnerabilities 5364 03:30:13,900 --> 03:30:16,131 of computing systems available on network. 5365 03:30:16,131 --> 03:30:18,200 It helps to detect a specific weak spot 5366 03:30:18,200 --> 03:30:20,913 in an application software or the operating system, 5367 03:30:20,913 --> 03:30:22,880 which could be used to crash the system 5368 03:30:22,880 --> 03:30:24,900 or compromise it for undesired purposes. 5369 03:30:24,900 --> 03:30:27,800 Now Network Port scanning as well as vulnerability scanning 5370 03:30:27,800 --> 03:30:29,000 is an information. 5371 03:30:29,000 --> 03:30:29,800 Rings technique, 5372 03:30:29,800 --> 03:30:32,149 but when carried out by Anonymous individuals 5373 03:30:32,149 --> 03:30:35,290 are viewed as a pollutant attack Network scanning process 5374 03:30:35,290 --> 03:30:36,300 is like Port scans 5375 03:30:36,300 --> 03:30:37,332 and pink stripes 5376 03:30:37,332 --> 03:30:38,437 and return details 5377 03:30:38,437 --> 03:30:41,200 about which IP address map to active life hose 5378 03:30:41,200 --> 03:30:43,034 and the type of service they provide 5379 03:30:43,034 --> 03:30:46,370 another Network scanning method known as inverse mapping gathers 5380 03:30:46,370 --> 03:30:47,900 details about IP addresses 5381 03:30:47,900 --> 03:30:49,500 that do not map to Live host 5382 03:30:49,500 --> 03:30:50,856 which helps an attacker to focus 5383 03:30:50,856 --> 03:30:53,017 on feasible addresses Network scanning is one 5384 03:30:53,017 --> 03:30:55,200 of the three important methods used by an attacker 5385 03:30:55,200 --> 03:30:57,712 to gather information during the footprint stage 5386 03:30:57,712 --> 03:30:59,211 and the attacker makes a File 5387 03:30:59,211 --> 03:31:01,949 of the target organization this includes data 5388 03:31:01,949 --> 03:31:04,500 such as organization's domain name systems 5389 03:31:04,500 --> 03:31:07,900 and email servers in additions to its IP address range 5390 03:31:07,900 --> 03:31:10,950 and during the scanning stays the attacker discovers details 5391 03:31:10,950 --> 03:31:12,450 about the specified IP addresses 5392 03:31:12,450 --> 03:31:15,250 that could be accessed online their system architecture 5393 03:31:15,250 --> 03:31:16,437 their operating systems 5394 03:31:16,437 --> 03:31:18,673 and services running on every computer now 5395 03:31:18,673 --> 03:31:20,200 during the enumeration stays 5396 03:31:20,200 --> 03:31:23,782 at a collects data including routing tables Network user 5397 03:31:23,782 --> 03:31:27,299 and group names simple Network management protocol data 5398 03:31:27,299 --> 03:31:27,876 and so on. 5399 03:31:27,876 --> 03:31:30,876 So now let's talk About intrusion detection evasion. 5400 03:31:30,876 --> 03:31:32,830 So before we get into IDs Salvation, 5401 03:31:32,830 --> 03:31:35,180 let's talk about what exactly is an IDs now 5402 03:31:35,180 --> 03:31:37,623 an intrusion detection system or IDs is a system 5403 03:31:37,623 --> 03:31:40,800 that honor does Network traffic for suspicious activity 5404 03:31:40,800 --> 03:31:43,700 and issues alerts when such activities discovered 5405 03:31:43,700 --> 03:31:46,900 while anomaly detection and Reporting is primary function 5406 03:31:46,900 --> 03:31:50,055 some intrusion detection systems are capable of taking actions 5407 03:31:50,055 --> 03:31:52,900 when malicious activity or anomalous traffic is detected 5408 03:31:52,900 --> 03:31:55,900 including blocking traffic sent from suspicious IP addresses, 5409 03:31:56,000 --> 03:31:58,600 although intrusion detection systems monitor Network 5410 03:31:58,600 --> 03:32:01,867 for Ali malicious activity they are also prone to false alarms 5411 03:32:01,867 --> 03:32:02,815 or false positives 5412 03:32:02,815 --> 03:32:05,900 consequently organizations need to fine-tune their IDs product 5413 03:32:05,900 --> 03:32:07,300 when they first install them 5414 03:32:07,300 --> 03:32:09,900 that means properly configuring their intrusion detection 5415 03:32:09,900 --> 03:32:11,900 system to recognize what normal traffic 5416 03:32:11,900 --> 03:32:12,900 on the network looks 5417 03:32:12,900 --> 03:32:15,300 like compared to potentially malicious activity 5418 03:32:15,300 --> 03:32:17,700 and intrusion prevention system also monitors 5419 03:32:17,700 --> 03:32:20,500 Network packets for potentially damaging Network traffic, 5420 03:32:20,500 --> 03:32:22,621 but we're an intrusion detection system responds 5421 03:32:22,621 --> 03:32:25,049 to potentially malicious traffic by logging the traffic 5422 03:32:25,049 --> 03:32:25,950 and issuing warning 5423 03:32:25,950 --> 03:32:28,400 notification intrusion prevention systems response 5424 03:32:28,400 --> 03:32:31,678 to such By rejecting the potentially malicious packets. 5425 03:32:31,678 --> 03:32:35,200 So there are different types of intrusion detection system. 5426 03:32:35,200 --> 03:32:38,000 So intrusion detection system come in different flavors 5427 03:32:38,000 --> 03:32:40,921 and detect suspicious activities using different methods. 5428 03:32:40,921 --> 03:32:42,434 So kind of intrusion detection 5429 03:32:42,434 --> 03:32:44,400 is a network intrusion detection systems 5430 03:32:44,400 --> 03:32:46,845 that is nids is it deployed at a strategic point 5431 03:32:46,845 --> 03:32:48,305 or points within the network 5432 03:32:48,305 --> 03:32:50,882 where it can monitor inbound and outbound traffic 5433 03:32:50,882 --> 03:32:53,200 to and from all the devices on the network. 5434 03:32:53,200 --> 03:32:55,700 Then there is host intrusion detection system 5435 03:32:55,700 --> 03:32:56,500 that is at IDs 5436 03:32:56,500 --> 03:32:58,863 which runs on all computers or devices in the network. 5437 03:32:58,863 --> 03:33:00,600 With direct access to both the internet 5438 03:33:00,600 --> 03:33:03,300 and the Enterprise internal Network SIDS have an advantage 5439 03:33:03,300 --> 03:33:04,212 over any ideas in 5440 03:33:04,212 --> 03:33:07,498 that they have may be able to detect anomalous Network packets 5441 03:33:07,498 --> 03:33:09,926 that originated from inside the organization's 5442 03:33:09,926 --> 03:33:11,106 or malicious traffic 5443 03:33:11,106 --> 03:33:12,282 that nids has failed 5444 03:33:12,282 --> 03:33:15,700 to detect hid s may also be able to identify malicious traffic 5445 03:33:15,700 --> 03:33:17,800 that originates from the host itself as 5446 03:33:17,800 --> 03:33:19,950 when the host has been infected with malware 5447 03:33:19,950 --> 03:33:21,073 and is attempting spread 5448 03:33:21,073 --> 03:33:23,787 to other systems signature based intrusion detection system 5449 03:33:23,787 --> 03:33:25,600 monitors all packaged traversing the network 5450 03:33:25,600 --> 03:33:26,400 and compare them 5451 03:33:26,400 --> 03:33:28,800 against database of signatures or attributes. 5452 03:33:29,000 --> 03:33:32,000 I've known malicious threats much like antivirus softwares. 5453 03:33:32,300 --> 03:33:35,700 So now let's talk about into IDs evasion. 5454 03:33:35,900 --> 03:33:36,203 Okay. 5455 03:33:36,203 --> 03:33:38,300 So now let's talk about IDs evasion. 5456 03:33:38,300 --> 03:33:40,500 Now IDs is an intrusion detection system 5457 03:33:40,500 --> 03:33:43,098 as we just spoke about and instead it detect exactly 5458 03:33:43,098 --> 03:33:45,900 the types of activities that we are engaged in sometimes 5459 03:33:45,900 --> 03:33:49,500 and sometimes you may be in called in to work on a Target 5460 03:33:49,500 --> 03:33:51,100 where activities are known 5461 03:33:51,100 --> 03:33:53,200 and should be known by The Operators 5462 03:33:53,200 --> 03:33:55,618 or the operations people involved in monitoring 5463 03:33:55,618 --> 03:33:58,300 and managing the network and the idea being not only 5464 03:33:58,300 --> 03:34:00,360 do they want to assess the technical controls 5465 03:34:00,360 --> 03:34:01,137 that are in place, 5466 03:34:01,137 --> 03:34:03,025 but they also want to assess the operational 5467 03:34:03,025 --> 03:34:03,932 procedures and ensure 5468 03:34:03,932 --> 03:34:06,034 that the systems and processes are working the way 5469 03:34:06,034 --> 03:34:07,506 that they are supposed to be working. 5470 03:34:07,506 --> 03:34:09,100 Now when you are engaged with the Target 5471 03:34:09,100 --> 03:34:10,700 that you are in full cooperation 5472 03:34:10,700 --> 03:34:13,562 with you don't need to do these types of vision tactics. 5473 03:34:13,562 --> 03:34:15,745 All these techniques may be actually avoided 5474 03:34:15,745 --> 03:34:17,945 but if you are asked to perform an assessment 5475 03:34:17,945 --> 03:34:19,345 or a penetration on a Target 5476 03:34:19,345 --> 03:34:21,700 where they are not supposed to see your activities, 5477 03:34:21,700 --> 03:34:22,935 then you need to know 5478 03:34:22,935 --> 03:34:25,981 some different techniques to evade detection from an IDs. 5479 03:34:25,981 --> 03:34:29,000 So we're going to talk about a couple of different things. 5480 03:34:29,200 --> 03:34:30,000 That you can do. 5481 03:34:30,000 --> 03:34:33,299 So one thing that you can do is manipulate packaged to look 5482 03:34:33,299 --> 03:34:34,300 a particular way. 5483 03:34:34,300 --> 03:34:37,400 Now for this there is a tool called packets. 5484 03:34:37,400 --> 03:34:41,300 So packet is a really good way to actually manipulate traffic 5485 03:34:41,300 --> 03:34:44,358 and by actually manipulating the contents of a packet 5486 03:34:44,358 --> 03:34:47,000 like you can specify the destination and source. 5487 03:34:47,000 --> 03:34:48,647 So it's a really useful tool 5488 03:34:48,647 --> 03:34:50,753 to set up a package look a particular way. 5489 03:34:50,753 --> 03:34:53,599 One thing it can do is allow you to spoof IP addresses 5490 03:34:53,599 --> 03:34:55,848 so I could set the source IP address here. 5491 03:34:55,848 --> 03:34:58,699 That was something completely different from mine now 5492 03:34:58,699 --> 03:34:59,813 from Using TCP or UDP? 5493 03:34:59,813 --> 03:35:01,713 I'm not going to see the response back. 5494 03:35:01,713 --> 03:35:02,632 And in this case TCP. 5495 03:35:02,632 --> 03:35:05,000 I'm not even going to get the three weeks connection me 5496 03:35:05,000 --> 03:35:07,458 because responses are going to go back to the source IP. 5497 03:35:07,458 --> 03:35:08,349 But what you can do 5498 03:35:08,349 --> 03:35:11,021 is an additional two spoofing you can set a particular ways 5499 03:35:11,021 --> 03:35:12,049 that a packet may look 5500 03:35:12,049 --> 03:35:14,400 like changing the type of service or by changing 5501 03:35:14,400 --> 03:35:17,326 the fragmentation of set or by different flags settings 5502 03:35:17,326 --> 03:35:20,566 at me allow you through an IDs without maybe getting flagged 5503 03:35:20,566 --> 03:35:22,864 and it may also allow you to a firewall now 5504 03:35:22,864 --> 03:35:25,381 it's a slim possibility but it's a possibility. 5505 03:35:25,381 --> 03:35:25,600 Now. 5506 03:35:25,600 --> 03:35:27,500 Another thing you can do is use packets 5507 03:35:27,500 --> 03:35:29,879 to generate a A lot of really bogus data 5508 03:35:29,879 --> 03:35:33,600 and what you might do is hide in the noise generated by packet 5509 03:35:33,600 --> 03:35:36,000 so you can could create some really bogus packets 5510 03:35:36,000 --> 03:35:37,510 that are sure to set of ideas alarms 5511 03:35:37,510 --> 03:35:39,855 and then you can run some legitimate scans underneath 5512 03:35:39,855 --> 03:35:42,200 and hopefully be able to get some responses different 5513 03:35:42,200 --> 03:35:43,799 from mine now from using TCP or UDP. 5514 03:35:43,799 --> 03:35:45,700 I'm not going to see the response back. 5515 03:35:45,700 --> 03:35:46,800 And in this case DCP, 5516 03:35:46,800 --> 03:35:49,162 I'm not even going to get the three weeks connection me 5517 03:35:49,162 --> 03:35:51,600 because responses are going to go back to the source IP. 5518 03:35:51,600 --> 03:35:52,550 But what you can do 5519 03:35:52,550 --> 03:35:55,295 is an additional two spoofing you can set up a particular ways 5520 03:35:55,295 --> 03:35:56,395 that a packet may look 5521 03:35:56,395 --> 03:35:58,600 like changing the type of service or by changing 5522 03:35:58,600 --> 03:36:01,512 the augmentation offset or by different flag settings 5523 03:36:01,512 --> 03:36:04,983 at me allow you through an IDs without maybe getting flagged 5524 03:36:04,983 --> 03:36:07,186 and it may also allow you to a firewall now 5525 03:36:07,186 --> 03:36:09,774 it's a slim possibility but it's a possibility. 5526 03:36:09,774 --> 03:36:10,000 Now. 5527 03:36:10,000 --> 03:36:13,356 Another thing you can do is use packet to generate a lot 5528 03:36:13,356 --> 03:36:14,511 of really bogus data 5529 03:36:14,511 --> 03:36:18,100 and what you might do is hide in the noise generated by packet 5530 03:36:18,100 --> 03:36:20,200 so you can could create some really bogus packets 5531 03:36:20,200 --> 03:36:21,817 that are sure to set of ideas alarms 5532 03:36:21,817 --> 03:36:24,150 and then you can run some legitimate scans underneath 5533 03:36:24,150 --> 03:36:26,300 and hopefully be able to get some responses. 5534 03:36:30,900 --> 03:36:34,483 Kali Linux is the industry's leading Linux distribution 5535 03:36:34,483 --> 03:36:35,972 and penetration testing 5536 03:36:35,972 --> 03:36:38,328 and ethical hacking it offers tons 5537 03:36:38,328 --> 03:36:40,800 and tons of hacking and penetration tools 5538 03:36:40,800 --> 03:36:43,346 and different kind of software's by default. 5539 03:36:43,346 --> 03:36:46,488 It is widely recognized in all parts of the world even 5540 03:36:46,488 --> 03:36:48,900 among window users who may not even know 5541 03:36:48,900 --> 03:36:52,000 what Linux has well to be precise Kali Linux 5542 03:36:52,000 --> 03:36:55,225 was developed by offensive security as the rewrite 5543 03:36:55,225 --> 03:36:58,693 of backtrack backtrack just like Kali Linux was a lie. 5544 03:36:58,693 --> 03:36:59,871 Linux distribution 5545 03:36:59,871 --> 03:37:03,540 that focused on security it was used for digital forensics 5546 03:37:03,540 --> 03:37:05,600 and penetration testing purpose. 5547 03:37:05,600 --> 03:37:08,894 But the question here is why should you choose Kali Linux 5548 03:37:08,894 --> 03:37:12,500 when you have other choices like parrot security operating system 5549 03:37:12,500 --> 03:37:15,500 back box black art and many more out there. 5550 03:37:15,500 --> 03:37:17,545 Let me list are few reasons as 5551 03:37:17,545 --> 03:37:20,300 to why Kali Linux is the best choice first 5552 03:37:20,300 --> 03:37:24,300 and foremost it offers more than 600 penetration testing tools 5553 03:37:24,300 --> 03:37:26,700 from different kind of security fields 5554 03:37:26,700 --> 03:37:28,700 and four and six secondly. 5555 03:37:29,123 --> 03:37:31,200 Kali Linux is customizable. 5556 03:37:31,200 --> 03:37:34,311 So if you're not comfortable with current Kali Linux tools 5557 03:37:34,311 --> 03:37:36,813 or features or graphical user interface, 5558 03:37:36,813 --> 03:37:39,700 you can customize Kali Linux the way you want. 5559 03:37:39,700 --> 03:37:42,100 It is built on a secure platform. 5560 03:37:42,100 --> 03:37:44,366 The Kali Linux team is actually made up 5561 03:37:44,366 --> 03:37:46,144 of small group of individuals. 5562 03:37:46,144 --> 03:37:48,780 Those are the only ones who can commit packages 5563 03:37:48,780 --> 03:37:50,617 and interact with repositories. 5564 03:37:50,617 --> 03:37:53,700 All of which is done using multiple secure protocols. 5565 03:37:53,700 --> 03:37:57,000 So color Linux is definitely a secure platform, 5566 03:37:57,100 --> 03:37:58,900 although penetration tools tend to be 5567 03:37:58,900 --> 03:38:03,200 In an English colony includes multilingual support this way 5568 03:38:03,200 --> 03:38:05,623 more users can operate in the native language 5569 03:38:05,623 --> 03:38:06,800 and locate the tools 5570 03:38:06,800 --> 03:38:08,279 that they need for the job 5571 03:38:08,279 --> 03:38:10,100 that they are doing on Kali Linux 5572 03:38:10,100 --> 03:38:11,914 and lastly Kali Linux just 5573 03:38:11,914 --> 03:38:15,308 like back truck is completely free of charge on top 5574 03:38:15,308 --> 03:38:16,640 of all this benefits 5575 03:38:16,640 --> 03:38:20,436 Kali Linux offers different installation options one way 5576 03:38:20,436 --> 03:38:22,277 of installing Kali Linux is 5577 03:38:22,277 --> 03:38:24,800 by making a collie bootable USB drive. 5578 03:38:24,800 --> 03:38:26,164 This is the fastest way 5579 03:38:26,164 --> 03:38:29,599 of installing Kali Linux and the most favorable as Well, 5580 03:38:29,600 --> 03:38:31,400 we will discuss why in a while. 5581 03:38:31,400 --> 03:38:33,742 You can also install Kali Linux using 5582 03:38:33,742 --> 03:38:35,726 hard-disk installing Kali Linux 5583 03:38:35,726 --> 03:38:39,500 on your computer using the hard disk is a very easy process, 5584 03:38:39,500 --> 03:38:40,700 but you should make sure 5585 03:38:40,700 --> 03:38:43,200 that your computer has compatible Hardware. 5586 03:38:43,200 --> 03:38:47,100 You can also install Kali Linux alongside your operating system. 5587 03:38:47,100 --> 03:38:48,800 It could be Windows or Mac, 5588 03:38:48,800 --> 03:38:51,800 but you should exercise caution during setup process 5589 03:38:51,800 --> 03:38:53,464 because it might mess up 5590 03:38:53,464 --> 03:38:56,100 with your default bios settings lastly. 5591 03:38:56,100 --> 03:38:59,200 You can use different kind of virtualization software. 5592 03:38:59,200 --> 03:39:00,415 Just VMware or watch 5593 03:39:00,415 --> 03:39:04,200 a box to install Kali Linux on your preferred operating system. 5594 03:39:04,200 --> 03:39:07,600 Well apart from all this you can also set up Cal Linux 5595 03:39:07,600 --> 03:39:09,300 on Advanced risc machines 5596 03:39:09,300 --> 03:39:13,100 or a RM like Raspberry Pi trim slice cube truck 5597 03:39:13,100 --> 03:39:13,800 and many more. 5598 03:39:13,900 --> 03:39:15,400 So there you go guys. 5599 03:39:15,400 --> 03:39:18,148 Now if you know what color Linux is and why it 5600 03:39:18,148 --> 03:39:20,886 is a leading Linux distro for ethical hacking 5601 03:39:20,886 --> 03:39:23,800 and penetration testing in today's session. 5602 03:39:23,800 --> 03:39:27,200 We will explore different ways to install Kali Linux. 5603 03:39:27,200 --> 03:39:29,697 Let's get started then all Your I said 5604 03:39:29,697 --> 03:39:31,250 that the fastest method 5605 03:39:31,250 --> 03:39:35,300 for setting up Kali Linux is to run it live from a USB drive. 5606 03:39:35,300 --> 03:39:38,400 But why first of all, it's non-destructive, 5607 03:39:38,400 --> 03:39:41,411 it makes no changes to the host systems hard drive 5608 03:39:41,411 --> 03:39:44,325 or the operating system that it is installed on. 5609 03:39:44,325 --> 03:39:47,664 So once you remove USB your operating system will return 5610 03:39:47,664 --> 03:39:49,100 to its original state. 5611 03:39:49,100 --> 03:39:49,765 Secondly. 5612 03:39:49,765 --> 03:39:50,800 It's portable. 5613 03:39:50,800 --> 03:39:53,157 You can carry color index in your pocket 5614 03:39:53,157 --> 03:39:56,300 and can run it whenever you want just in few minutes. 5615 03:39:56,307 --> 03:39:57,692 It's customizable. 5616 03:39:57,700 --> 03:39:58,900 You can create your own. 5617 03:39:58,900 --> 03:40:01,146 Kali Linux ISO image and put it 5618 03:40:01,146 --> 03:40:03,900 into USB drive using a simple procedure 5619 03:40:03,900 --> 03:40:06,433 which we will discuss later and lastly. 5620 03:40:06,433 --> 03:40:08,309 It's potentially persistent. 5621 03:40:08,309 --> 03:40:09,406 You can configure 5622 03:40:09,406 --> 03:40:13,000 your Kali Linux live USB drive to have persistent storage 5623 03:40:13,000 --> 03:40:15,554 so that the data you can collect is saved 5624 03:40:15,554 --> 03:40:18,300 and you can use it across different reboots. 5625 03:40:18,300 --> 03:40:18,597 Now. 5626 03:40:18,597 --> 03:40:21,800 Let's see how to create a bootable USB drive 5627 03:40:21,800 --> 03:40:23,200 on Windows guys. 5628 03:40:23,200 --> 03:40:25,321 Actually the process is very simple. 5629 03:40:25,321 --> 03:40:27,200 It's just a three step process. 5630 03:40:27,200 --> 03:40:29,200 First of all, you need to plug your USB. 5631 03:40:29,200 --> 03:40:32,700 USB drive into an available USB port on your Windows PC 5632 03:40:32,700 --> 03:40:35,600 next you need to note down the destination drive. 5633 03:40:35,600 --> 03:40:37,133 It uses one set mounts. 5634 03:40:37,133 --> 03:40:40,000 For example, it could be F drive after that. 5635 03:40:40,000 --> 03:40:42,727 You will have to download and launch a software 5636 03:40:42,727 --> 03:40:45,600 called win32 disk imager on the software. 5637 03:40:45,600 --> 03:40:47,899 You'll have to choose color Linux ISO file 5638 03:40:47,899 --> 03:40:49,900 that needs to be matched and verify 5639 03:40:49,900 --> 03:40:51,039 that the USB drive 5640 03:40:51,039 --> 03:40:53,643 to be overwritten is the correct one lastly. 5641 03:40:53,643 --> 03:40:55,462 Once the Imaging is complete. 5642 03:40:55,462 --> 03:40:57,783 You need to safely eject the USB drive 5643 03:40:57,783 --> 03:40:59,100 from Windows machine. 5644 03:40:59,100 --> 03:41:01,700 So, like I said, it's very simple, right? 5645 03:41:01,700 --> 03:41:04,200 Well, I'm not going to show you a demo on this one 5646 03:41:04,200 --> 03:41:05,220 because like I said, 5647 03:41:05,220 --> 03:41:07,900 it's very easy, and I'm sure you guys can pull it off. 5648 03:41:07,900 --> 03:41:08,955 If you have any doubts. 5649 03:41:08,955 --> 03:41:10,790 You can post them in the comment session. 5650 03:41:10,790 --> 03:41:11,800 We'll get back to you. 5651 03:41:11,800 --> 03:41:15,097 And as for the demo part will be doing for installations here. 5652 03:41:15,097 --> 03:41:15,800 First of all, 5653 03:41:15,800 --> 03:41:18,682 we'll see how to install Kali Linux using VMware 5654 03:41:18,682 --> 03:41:20,300 on Windows operating system. 5655 03:41:20,300 --> 03:41:21,000 Then we'll see 5656 03:41:21,000 --> 03:41:24,500 how to install Kali Linux on Mac using virtualbox moving on. 5657 03:41:24,500 --> 03:41:25,815 We'll see how to install 5658 03:41:25,815 --> 03:41:28,499 Kali Linux tools on different Linux distributions. 5659 03:41:28,499 --> 03:41:30,800 I'll A showing how to install it on Ubuntu. 5660 03:41:30,800 --> 03:41:33,928 Well, the procedure is same for every other Linux distribution. 5661 03:41:33,928 --> 03:41:36,200 So you can go ahead and use the same procedure 5662 03:41:36,200 --> 03:41:37,450 for the Linux distribution 5663 03:41:37,450 --> 03:41:39,900 that you're using and lastly we will see 5664 03:41:39,900 --> 03:41:41,400 how to install Kali Linux 5665 03:41:41,400 --> 03:41:44,300 on Windows 10 using Windows subsystem for Linux. 5666 03:41:44,700 --> 03:41:45,900 So, I hope it's clear 5667 03:41:45,900 --> 03:41:48,100 that what we'll be learning in the session. 5668 03:41:48,300 --> 03:41:51,800 Let's get started with the first demo in this demo. 5669 03:41:51,800 --> 03:41:55,400 We'll see how to launch Kali Linux using VMware. 5670 03:41:55,900 --> 03:41:58,194 So guys you can install Kali Linux using 5671 03:41:58,194 --> 03:41:59,894 any virtualization software. 5672 03:41:59,894 --> 03:42:02,700 It could be VMware or virtualbox in this demo. 5673 03:42:02,700 --> 03:42:05,200 I'll show you how to install it using VMware. 5674 03:42:05,200 --> 03:42:06,100 So first of all, 5675 03:42:06,100 --> 03:42:08,451 obviously we'll have to install VMware light. 5676 03:42:08,451 --> 03:42:11,859 So just type of VMware and it's the first link 5677 03:42:11,859 --> 03:42:14,200 that you find you can go ahead and download 5678 03:42:14,200 --> 03:42:16,051 VMware Workstation Pro 5679 03:42:16,200 --> 03:42:18,100 you have it in the downloads. 5680 03:42:18,600 --> 03:42:21,300 Here you can download workstation player as well 5681 03:42:21,300 --> 03:42:24,430 or you can download VMware Workstation Pro now. 5682 03:42:24,430 --> 03:42:25,835 Once that is downloaded. 5683 03:42:25,835 --> 03:42:28,600 You will have to download a curl Linux ISO image 5684 03:42:28,600 --> 03:42:32,000 so that you will have to go for official Kali Linux website 5685 03:42:32,000 --> 03:42:33,567 just type for Kali Linux 5686 03:42:33,567 --> 03:42:36,900 and it's the first link you can see downloads option 5687 03:42:36,900 --> 03:42:38,500 here click on download 5688 03:42:38,600 --> 03:42:39,094 and yeah, 5689 03:42:39,094 --> 03:42:41,800 you can see different download options here you 5690 03:42:41,800 --> 03:42:44,987 have color Linux light for 64-bit as well as 32 bit. 5691 03:42:44,987 --> 03:42:47,800 And then there is Kali Linux 64-bit and 32-bit 5692 03:42:47,800 --> 03:42:50,800 and you have Great images for VMware and Wachtel boxes. 5693 03:42:50,800 --> 03:42:53,900 Well suppose you want to skip the entire lengthy procedure 5694 03:42:53,900 --> 03:42:56,450 of installing it and you want to just use the image, 5695 03:42:56,450 --> 03:42:58,700 then you can go ahead and use this color Linux 5696 03:42:58,700 --> 03:42:59,783 64-bit for VMware 5697 03:42:59,783 --> 03:43:02,692 or virtual box same goes for the 32-bit as well. 5698 03:43:02,692 --> 03:43:05,700 But since we are focusing on installing right now, 5699 03:43:05,700 --> 03:43:08,017 let's just go ahead and download ISO file 5700 03:43:08,017 --> 03:43:10,900 and install it from the beginning until last step. 5701 03:43:10,900 --> 03:43:12,464 I have already downloaded it. 5702 03:43:12,464 --> 03:43:15,000 So I have an ISO file downloaded on my computer. 5703 03:43:15,000 --> 03:43:17,500 So all you have to do is just click on the torrent link. 5704 03:43:17,500 --> 03:43:18,600 It will be downloaded. 5705 03:43:18,600 --> 03:43:21,700 Let's open VMware then so as you can see, 5706 03:43:21,700 --> 03:43:24,300 I have the embed workstation Pro installed here. 5707 03:43:24,300 --> 03:43:27,806 So I already have two about to Virtual Machine installed 5708 03:43:27,806 --> 03:43:29,400 on my VMware Workstation. 5709 03:43:29,400 --> 03:43:31,900 As you can see on the home page three different options. 5710 03:43:31,900 --> 03:43:33,650 It says create a new virtual machine 5711 03:43:33,650 --> 03:43:36,350 or open a virtual machine and connect to remote server. 5712 03:43:36,350 --> 03:43:37,818 So if you want to create a color index 5713 03:43:37,818 --> 03:43:39,800 or any other washing machine from step one, 5714 03:43:39,800 --> 03:43:42,434 you can use this create a new virtual machine option. 5715 03:43:42,434 --> 03:43:45,489 Well, if you have an image of and watch the machine already, 5716 03:43:45,489 --> 03:43:47,439 and if you want to just use it and avoid 5717 03:43:47,439 --> 03:43:48,500 installation procedure. 5718 03:43:48,500 --> 03:43:50,400 Then you can go ahead and use this open 5719 03:43:50,400 --> 03:43:51,600 a virtual machine option 5720 03:43:51,600 --> 03:43:54,400 while just click on this create a new virtual machine 5721 03:43:54,400 --> 03:43:57,100 and click on next as you can see here. 5722 03:43:57,100 --> 03:44:00,000 You have an option which says installer disc image file. 5723 03:44:00,000 --> 03:44:01,100 ISO file. 5724 03:44:01,100 --> 03:44:03,400 You'll have to attach your so click on browse. 5725 03:44:03,400 --> 03:44:05,897 Let's see where I've stored my color Linux as you can see. 5726 03:44:05,897 --> 03:44:08,500 I already have it here and there's one file here. 5727 03:44:08,500 --> 03:44:10,900 Let me click on that and open 5728 03:44:11,500 --> 03:44:13,333 so I don't bother about this at all. 5729 03:44:13,333 --> 03:44:15,900 It usually shows that and then click on next year. 5730 03:44:16,000 --> 03:44:17,000 So it's asking 5731 03:44:17,000 --> 03:44:18,950 which operating system will Be installed 5732 03:44:18,950 --> 03:44:20,176 on this virtual machine. 5733 03:44:20,176 --> 03:44:21,300 I wanted to be Line-X. 5734 03:44:21,300 --> 03:44:26,100 So make sure you select Linux 64-bit and click 5735 03:44:26,100 --> 03:44:29,500 on next you have an option to name your virtual machine. 5736 03:44:29,500 --> 03:44:31,700 Let's say Kali Linux. 5737 03:44:32,500 --> 03:44:34,400 And where do I want to store it 5738 03:44:34,400 --> 03:44:37,600 in my documents under watching machines color next sure 5739 03:44:37,600 --> 03:44:38,800 and click on next. 5740 03:44:39,000 --> 03:44:41,000 It says it already exists. 5741 03:44:41,000 --> 03:44:43,200 Let me try this one. 5742 03:44:43,200 --> 03:44:47,600 Then let's take our Linux one and next Yeah, 5743 03:44:47,800 --> 03:44:51,100 so basically Your Kali Linux will need about a 20 GB. 5744 03:44:51,100 --> 03:44:55,200 Let's assign some 40 GB are that's the maximum this size 5745 03:44:55,200 --> 03:44:56,040 that you can a lot 5746 03:44:56,040 --> 03:44:58,000 while you can a lot more than that as well. 5747 03:44:58,000 --> 03:45:01,215 But minimum it needs about 20 GB and you have an option 5748 03:45:01,215 --> 03:45:04,500 with Stay Store virtual disk as a single file or multiple files. 5749 03:45:04,500 --> 03:45:07,565 Let's just select store virtual disk as a single file 5750 03:45:07,565 --> 03:45:10,100 toward complications and click on next here. 5751 03:45:10,200 --> 03:45:10,950 So as you can see, 5752 03:45:10,950 --> 03:45:13,499 you can review your virtual machine settings here. 5753 03:45:13,499 --> 03:45:16,000 You have an option to make changes to the settings. 5754 03:45:16,000 --> 03:45:18,554 You can make changes right now, or you can do it later. 5755 03:45:18,554 --> 03:45:19,099 It as well. 5756 03:45:19,099 --> 03:45:21,100 Let's just go ahead and make changes now. 5757 03:45:21,100 --> 03:45:23,500 Click on the customize Hardware option here. 5758 03:45:23,600 --> 03:45:26,300 Well as for the memory for this virtual machine, 5759 03:45:26,300 --> 03:45:27,300 it totally depends 5760 03:45:27,300 --> 03:45:29,400 on what you're using virtual machine for 5761 03:45:29,400 --> 03:45:31,300 if you're not using it for heavy works. 5762 03:45:31,300 --> 03:45:33,300 Then you can assign least amount of memory. 5763 03:45:33,365 --> 03:45:36,134 Let's say I want to assign about 2GB. 5764 03:45:36,400 --> 03:45:37,200 There we go. 5765 03:45:37,200 --> 03:45:39,214 And as for the processors number 5766 03:45:39,214 --> 03:45:42,300 of processors 1 and the number of core processors, 5767 03:45:42,300 --> 03:45:43,900 you can choose as many as you want. 5768 03:45:43,900 --> 03:45:46,342 Let's say to this will increase the performance 5769 03:45:46,342 --> 03:45:47,754 of your virtual machine, 5770 03:45:47,754 --> 03:45:48,600 so and again, 5771 03:45:48,600 --> 03:45:52,368 Totally depends on whatever you want to choose and yeah, 5772 03:45:52,368 --> 03:45:55,900 we have already attached the image network adapter you 5773 03:45:55,900 --> 03:45:58,900 can set for not USB controller and sound card. 5774 03:45:58,900 --> 03:46:01,100 You can retain the default settings. 5775 03:46:01,100 --> 03:46:04,783 And as for the display click on accelerated 3D Graphics sense 5776 03:46:04,783 --> 03:46:07,600 what color Linux has a graphical user interface 5777 03:46:07,600 --> 03:46:10,658 and it says 768mb is the recommended amount of memory 5778 03:46:10,658 --> 03:46:12,320 that you can use for graphics. 5779 03:46:12,320 --> 03:46:15,200 So let's go ahead and select that and click on close. 5780 03:46:15,200 --> 03:46:17,230 Well, you can actually make all the settings 5781 03:46:17,230 --> 03:46:18,600 after installing color index. 5782 03:46:18,600 --> 03:46:19,800 As well no problem there. 5783 03:46:19,800 --> 03:46:21,900 Once you've done that click on finish here, 5784 03:46:22,300 --> 03:46:24,550 as you can see, my color Linux image is ready. 5785 03:46:24,550 --> 03:46:25,400 For installation. 5786 03:46:25,400 --> 03:46:26,733 You have two options to power up 5787 03:46:26,733 --> 03:46:28,400 as you can see you have this option here. 5788 03:46:28,400 --> 03:46:30,500 You can click on that to power on this virtual machine, 5789 03:46:30,500 --> 03:46:32,000 or you can go ahead and click on this. 5790 03:46:32,000 --> 03:46:33,500 Let me click on this. 5791 03:46:35,700 --> 03:46:37,000 So once you click on that, 5792 03:46:37,000 --> 03:46:39,399 you should be greeted with this Kali boot screen 5793 03:46:39,399 --> 03:46:41,800 as you can see, there are a lot of options here. 5794 03:46:41,800 --> 03:46:44,221 We did discuss live option earlier, right? 5795 03:46:44,221 --> 03:46:45,336 So if you don't want 5796 03:46:45,336 --> 03:46:48,001 any trace of Kali Linux on your operating system, 5797 03:46:48,001 --> 03:46:50,316 you can go ahead and use live option here. 5798 03:46:50,316 --> 03:46:51,082 You have live 5799 03:46:51,082 --> 03:46:54,258 USB persistence mode and live USB encrypted persistence 5800 03:46:54,258 --> 03:46:55,093 as well suppose. 5801 03:46:55,093 --> 03:46:57,549 You want to store some data and save it for later 5802 03:46:57,549 --> 03:47:00,004 the boots you can use live persistent option here 5803 03:47:00,004 --> 03:47:02,000 and most of the time people get confused 5804 03:47:02,000 --> 03:47:03,900 with this installing graphical install. 5805 03:47:04,000 --> 03:47:05,700 Just don't go ahead and click on it. 5806 03:47:05,700 --> 03:47:06,900 Style option do it only 5807 03:47:06,900 --> 03:47:09,500 if you are well versed with command line interface. 5808 03:47:09,500 --> 03:47:12,600 So basically that install option is for command line interface. 5809 03:47:12,600 --> 03:47:15,500 So you will be greeted with Kali Linux command line interface 5810 03:47:15,500 --> 03:47:17,100 since if you're doing it 5811 03:47:17,100 --> 03:47:19,600 if you're using Kali Linux for the first time go ahead 5812 03:47:19,600 --> 03:47:22,342 with graphical installed select the graphical install 5813 03:47:22,342 --> 03:47:23,200 and click enter. 5814 03:47:26,000 --> 03:47:26,900 So as you can see, 5815 03:47:26,900 --> 03:47:29,542 it will start mounting storage devices 5816 03:47:29,542 --> 03:47:33,400 whole installation process might take about 10 minutes. 5817 03:47:33,500 --> 03:47:34,730 So it's prompting you 5818 03:47:34,730 --> 03:47:37,906 to select a language so select your preferred language, 5819 03:47:37,906 --> 03:47:39,301 then you control location. 5820 03:47:39,301 --> 03:47:40,301 Let's say English 5821 03:47:40,301 --> 03:47:42,983 and click on enter and it's asking you 5822 03:47:42,983 --> 03:47:45,500 for the country location just give United States 5823 03:47:45,500 --> 03:47:48,881 and enter and I want the keyboard to be configured 5824 03:47:48,881 --> 03:47:50,300 with American English. 5825 03:47:50,300 --> 03:47:52,000 You can choose any native language. 5826 03:47:52,000 --> 03:47:53,958 Like I said earlier it supports 5827 03:47:53,958 --> 03:47:56,800 multilingual or it supports Get the languages. 5828 03:47:56,800 --> 03:47:58,200 So go ahead and choose it, 5829 03:47:58,200 --> 03:48:01,200 but it might complicate the way you use Khalil mix later. 5830 03:48:01,200 --> 03:48:04,300 So you can always go ahead and stick out with English only. 5831 03:48:04,400 --> 03:48:05,800 Well, it doesn't matter. 5832 03:48:06,200 --> 03:48:08,900 So as you can see it's configuring the network. 5833 03:48:09,200 --> 03:48:12,800 So it will detect the ISO file and load installation component 5834 03:48:12,800 --> 03:48:15,800 and then prompt you to enter the hostname for your system 5835 03:48:15,800 --> 03:48:17,446 while in this installation. 5836 03:48:17,446 --> 03:48:20,007 Let's just enter Kali and click on and off. 5837 03:48:20,007 --> 03:48:23,200 You can give the name you want and next it's asking you 5838 03:48:23,200 --> 03:48:24,600 for the domain name suppose. 5839 03:48:24,600 --> 03:48:25,985 You have set up virtual machines. 5840 03:48:25,985 --> 03:48:28,200 Jeans, and if you want to give all of them a domain name, 5841 03:48:28,200 --> 03:48:30,000 you can assign a domain name as well, 5842 03:48:30,000 --> 03:48:31,000 but it's optional. 5843 03:48:31,000 --> 03:48:33,700 Let's not give any domain name here and click on enter. 5844 03:48:33,700 --> 03:48:36,600 The next thing it does is it will prompt you for the password 5845 03:48:36,600 --> 03:48:39,600 that you'll have to enter every time you launch your Kali Linux. 5846 03:48:39,600 --> 03:48:42,100 So just give some password of your choice. 5847 03:48:43,103 --> 03:48:44,796 And click on continue. 5848 03:48:46,000 --> 03:48:48,800 The best thing about callanetics is you can set up date 5849 03:48:48,800 --> 03:48:49,700 and time as well. 5850 03:48:49,700 --> 03:48:51,150 You can make it later as well, 5851 03:48:51,150 --> 03:48:52,568 but you can choose it here. 5852 03:48:52,568 --> 03:48:55,300 So just click on Eastern of whichever choice you like 5853 03:48:55,300 --> 03:48:56,300 and click on enter. 5854 03:48:59,000 --> 03:49:00,618 So the installer will now prob 5855 03:49:00,618 --> 03:49:03,127 your disk and offer you four different choices, 5856 03:49:03,127 --> 03:49:04,039 as you can see, 5857 03:49:04,039 --> 03:49:07,200 it says guided use entire disk guided use entire disk 5858 03:49:07,200 --> 03:49:08,095 and setup lvm, 5859 03:49:08,095 --> 03:49:10,722 which is logical volume manager same thing, 5860 03:49:10,722 --> 03:49:12,500 which is encrypted and manual. 5861 03:49:12,500 --> 03:49:13,900 So if you are an expert, 5862 03:49:13,900 --> 03:49:15,600 if you already use this color index 5863 03:49:15,600 --> 03:49:16,795 before you can go ahead 5864 03:49:16,795 --> 03:49:19,500 and select any of this three options from the bottom. 5865 03:49:19,500 --> 03:49:21,900 That's he'll be a more manual or encrypted lvm. 5866 03:49:21,900 --> 03:49:23,187 Otherwise, you can always 5867 03:49:23,187 --> 03:49:25,918 go ahead and choose guided use entire disk option here 5868 03:49:25,918 --> 03:49:27,000 if you are a beginner 5869 03:49:27,000 --> 03:49:30,017 and click on enter so This is the disk partition. 5870 03:49:30,017 --> 03:49:33,500 Where'd all the data will be stored and click on continue. 5871 03:49:33,500 --> 03:49:35,600 It's asking if you want to stores all files 5872 03:49:35,600 --> 03:49:36,449 in one partition, 5873 03:49:36,449 --> 03:49:38,100 or if you want to make partitions. 5874 03:49:38,100 --> 03:49:39,168 So depending on your needs, 5875 03:49:39,168 --> 03:49:41,200 you can go ahead and choose to keep all your files 5876 03:49:41,200 --> 03:49:42,100 in single partition, 5877 03:49:42,100 --> 03:49:44,600 which is default or you have separate partition 5878 03:49:44,600 --> 03:49:47,110 for one or more of the top-level directories. 5879 03:49:47,110 --> 03:49:48,944 Let's just choose the first option 5880 03:49:48,944 --> 03:49:50,000 and click on enter. 5881 03:49:50,100 --> 03:49:51,800 So once you've done that you'll have 5882 03:49:51,800 --> 03:49:54,200 one last chance to review our disk configuration. 5883 03:49:54,200 --> 03:49:55,000 Once you're sure 5884 03:49:55,000 --> 03:49:57,500 that you've given correct details click on enter here. 5885 03:49:57,600 --> 03:50:00,582 It's asking if the changes that you make to Kali Linux 5886 03:50:00,582 --> 03:50:02,700 should be written to the disk or not. 5887 03:50:02,700 --> 03:50:03,600 So say yes. 5888 03:50:04,700 --> 03:50:08,100 So we did start partition and install the washing machine. 5889 03:50:09,400 --> 03:50:10,552 It took a while but 5890 03:50:10,552 --> 03:50:13,100 as you can see installation is almost done. 5891 03:50:13,100 --> 03:50:16,100 It's asking me to configure the package manager. 5892 03:50:16,100 --> 03:50:17,950 Well, if you select no in the session, 5893 03:50:17,950 --> 03:50:19,700 you will not be able to install packages 5894 03:50:19,700 --> 03:50:23,000 from Cali repositories later and click on continue. 5895 03:50:23,400 --> 03:50:26,300 So suppose if you want to install other repositories 5896 03:50:26,300 --> 03:50:28,900 or updates later on you can always go and click on yes. 5897 03:50:28,900 --> 03:50:31,900 Otherwise, it's always otherwise you can go for know as well. 5898 03:50:32,000 --> 03:50:34,100 Now it's going to configure the package manager 5899 03:50:34,400 --> 03:50:35,700 will install package manager 5900 03:50:35,700 --> 03:50:38,400 and configure it then it will install GRUB boot loader. 5901 03:50:39,900 --> 03:50:40,692 And it's asking 5902 03:50:40,692 --> 03:50:43,966 if you want to install GRUB boot loader to master boot record. 5903 03:50:43,966 --> 03:50:44,576 Definitely. 5904 03:50:44,576 --> 03:50:45,459 Yes so select. 5905 03:50:45,459 --> 03:50:47,100 Yes and click on continue. 5906 03:50:47,100 --> 03:50:50,000 So it's asking to select the device manually. 5907 03:50:50,000 --> 03:50:52,600 You can click the select the device. 5908 03:50:53,200 --> 03:50:55,000 So yeah, guys we're done here. 5909 03:50:55,000 --> 03:50:56,000 So you can finally click 5910 03:50:56,000 --> 03:50:58,900 on continue option to reboot your new color installation. 5911 03:50:58,900 --> 03:50:59,900 So as you can see 5912 03:50:59,900 --> 03:51:02,600 the entire process took about 10 to 11 minutes. 5913 03:51:02,900 --> 03:51:05,500 So yeah, let's go ahead and click on continue here. 5914 03:51:05,500 --> 03:51:07,400 It's gonna finish the installation. 5915 03:51:08,200 --> 03:51:10,685 So guys as you can see the installation process 5916 03:51:10,685 --> 03:51:12,900 from the step where we select the language 5917 03:51:12,900 --> 03:51:14,300 till the last step is same. 5918 03:51:14,300 --> 03:51:17,300 It's just the medium on which you are installing is different 5919 03:51:17,300 --> 03:51:18,500 for example, right now. 5920 03:51:18,500 --> 03:51:20,006 We use VMware later on. 5921 03:51:20,006 --> 03:51:22,259 I'll show you how to use virtualbox. 5922 03:51:22,259 --> 03:51:25,800 But once you color Linux image is ready to boot the rest 5923 03:51:25,800 --> 03:51:28,400 of the installation process is similar to this. 5924 03:51:29,300 --> 03:51:31,300 So it's finished installing. 5925 03:51:31,700 --> 03:51:33,600 It's loading the image. 5926 03:51:36,000 --> 03:51:36,796 So if you have done 5927 03:51:36,796 --> 03:51:38,875 everything right during the installation process 5928 03:51:38,875 --> 03:51:40,600 and according to your needs your land up 5929 03:51:40,600 --> 03:51:42,300 in this page use a name. 5930 03:51:42,338 --> 03:51:45,261 So we've given at this Scully right kli 5931 03:51:45,584 --> 03:51:49,200 and password as you can see it showing an error. 5932 03:51:49,200 --> 03:51:50,400 It says the didn't work. 5933 03:51:50,400 --> 03:51:51,500 Please try again. 5934 03:51:51,500 --> 03:51:53,703 This is mostly because if first time 5935 03:51:53,703 --> 03:51:54,877 when you log in you 5936 03:51:54,877 --> 03:51:57,600 should use word root as your default username. 5937 03:51:57,600 --> 03:51:58,200 But later on 5938 03:51:58,200 --> 03:52:00,700 once you have already logged in you can change the username 5939 03:52:00,700 --> 03:52:02,500 according to your need so root 5940 03:52:02,500 --> 03:52:04,600 and password you can use the same password 5941 03:52:04,600 --> 03:52:06,100 which you set during installation. 5942 03:52:06,100 --> 03:52:09,800 In process so as you can see login is successful 5943 03:52:10,300 --> 03:52:13,200 and here I go my Kali Linux is up and running 5944 03:52:13,200 --> 03:52:16,144 so I can start using cullinan X according to my needs. 5945 03:52:16,144 --> 03:52:17,165 So once you've done 5946 03:52:17,165 --> 03:52:19,539 that you can go ahead and install VMware tools 5947 03:52:19,539 --> 03:52:22,600 so that you can maximize it full screen and all that stuff. 5948 03:52:22,600 --> 03:52:24,300 You can also go ahead and change the date 5949 03:52:24,300 --> 03:52:25,200 and time settings. 5950 03:52:25,200 --> 03:52:27,900 As you can see here can go for the settings option here 5951 03:52:27,900 --> 03:52:28,908 and do the settings 5952 03:52:28,908 --> 03:52:30,157 and you can start using 5953 03:52:30,157 --> 03:52:33,200 Color Linux for hacking and penetration testing purposes. 5954 03:52:33,200 --> 03:52:35,000 So it's as easy as that guys. 5955 03:52:35,100 --> 03:52:37,400 So please Please go ahead and try installing it. 5956 03:52:37,400 --> 03:52:40,200 Well, if you find any errors during installation process, 5957 03:52:40,200 --> 03:52:41,696 let us know in the comment session. 5958 03:52:41,696 --> 03:52:43,500 We'll get back to you as soon as possible. 5959 03:52:43,500 --> 03:52:43,732 Now. 5960 03:52:43,732 --> 03:52:45,500 Let's move on to our second demo. 5961 03:52:45,700 --> 03:52:45,935 Now. 5962 03:52:45,935 --> 03:52:47,817 We'll see how to launch Cullen X 5963 03:52:47,817 --> 03:52:51,200 on Mac operating system using virtualbox in the previous demo. 5964 03:52:51,200 --> 03:52:53,815 We use VMware and now we'll be using virtualbox. 5965 03:52:53,815 --> 03:52:56,200 But actually I'm not using any Mac system here 5966 03:52:56,200 --> 03:52:57,200 operating system, 5967 03:52:57,200 --> 03:53:00,082 but I'll show you how to install using virtualbox. 5968 03:53:00,082 --> 03:53:01,800 The procedure is very similar. 5969 03:53:01,800 --> 03:53:04,600 So all you have to do is on your Mac operating system. 5970 03:53:04,600 --> 03:53:08,100 Go ahead and click a for Should box download. 5971 03:53:08,700 --> 03:53:10,700 So this is the virtualbox official page. 5972 03:53:10,700 --> 03:53:12,900 You can go ahead and click on downloads here. 5973 03:53:12,900 --> 03:53:15,300 As you can see you have different options here. 5974 03:53:15,300 --> 03:53:16,272 It says windows 5975 03:53:16,272 --> 03:53:20,100 for Windows operating system OS X host line X and solar host 5976 03:53:20,100 --> 03:53:22,020 since if you're using Windows then go ahead 5977 03:53:22,020 --> 03:53:23,049 and select Windows host. 5978 03:53:23,049 --> 03:53:25,200 But as for Mark, you'll have to select this. 5979 03:53:25,200 --> 03:53:26,600 It's mostly a DOT exe file. 5980 03:53:26,600 --> 03:53:29,000 Once you've done that you can install virtualbox. 5981 03:53:29,000 --> 03:53:30,600 It's just click on next next next 5982 03:53:30,600 --> 03:53:31,679 and it will walk out 5983 03:53:31,679 --> 03:53:33,965 and provide settings according to your need. 5984 03:53:33,965 --> 03:53:35,812 I already have installed virtualbox. 5985 03:53:35,812 --> 03:53:37,869 It's the next thing you do is similar as 5986 03:53:37,869 --> 03:53:39,400 what you've done with VMware. 5987 03:53:39,400 --> 03:53:42,100 Go ahead and download official Kali Linux image. 5988 03:53:42,100 --> 03:53:44,600 Make sure you don't download any duplicate versions 5989 03:53:44,600 --> 03:53:46,422 of ISO file from other websites. 5990 03:53:46,422 --> 03:53:49,100 Make sure you download it from original website. 5991 03:53:49,100 --> 03:53:51,092 If you want to do it from the beginning 5992 03:53:51,092 --> 03:53:53,288 go ahead and install ISO file your torrent 5993 03:53:53,288 --> 03:53:54,700 or you can just go ahead 5994 03:53:54,700 --> 03:53:58,100 and download just the image for Wii virtual box here 5995 03:53:58,100 --> 03:54:00,982 for 64 bit and you have option for 32-bit as well. 5996 03:54:00,982 --> 03:54:02,400 I've already done that. 5997 03:54:02,400 --> 03:54:04,500 So let me open my Virtual box. 5998 03:54:05,000 --> 03:54:08,400 Yeah artists the procedure for VMware and watch 5999 03:54:08,400 --> 03:54:11,000 the box is almost seen just slight difference. 6000 03:54:11,000 --> 03:54:13,000 Let me maximize the screen for you guys 6001 03:54:13,000 --> 03:54:14,480 as you can see I already have 6002 03:54:14,480 --> 03:54:16,530 and watching machine launched up here. 6003 03:54:16,530 --> 03:54:17,817 I haven't powered it up yet. 6004 03:54:17,817 --> 03:54:19,950 Anyway, I'll show you how to install new one. 6005 03:54:19,950 --> 03:54:21,500 Just click on new' option here. 6006 03:54:21,600 --> 03:54:24,600 This is your virtualbox homepage guys. 6007 03:54:24,700 --> 03:54:27,100 So click on New Year and just give a name. 6008 03:54:27,100 --> 03:54:28,100 We've already given 6009 03:54:28,100 --> 03:54:30,349 color Linux all you're right for the virtual machine. 6010 03:54:30,349 --> 03:54:32,000 So let's give it some of the name. 6011 03:54:32,000 --> 03:54:34,492 Let's say capital K L line. 6012 03:54:34,492 --> 03:54:37,800 Unix and choose the type of operating system 6013 03:54:37,800 --> 03:54:40,300 that's line X and here 64-bit - 6014 03:54:40,300 --> 03:54:42,800 64-bit according to your operating system needs you 6015 03:54:42,800 --> 03:54:44,300 can go ahead and choose it 32 6016 03:54:44,300 --> 03:54:46,900 but as well click on next and again, 6017 03:54:46,900 --> 03:54:47,900 like I said earlier 6018 03:54:47,900 --> 03:54:50,700 depending on what you're doing on color Linux operating system 6019 03:54:50,700 --> 03:54:53,300 or virtual machine you go ahead and design the memory 6020 03:54:53,400 --> 03:54:54,617 since I'm just showing you 6021 03:54:54,617 --> 03:54:57,100 how to install I'm not assigning much memory you have. 6022 03:54:57,100 --> 03:55:00,000 So let's just retain the default ones it to 4mb. 6023 03:55:00,000 --> 03:55:02,100 That's 1 GB and click on next 6024 03:55:02,100 --> 03:55:04,700 and it's asking you have a three options here. 6025 03:55:04,700 --> 03:55:07,900 Of not to add virtual artists create virtual orders now 6026 03:55:07,900 --> 03:55:10,400 and you can go ahead and add a virtual hard disk, 6027 03:55:10,400 --> 03:55:12,200 you use an external virtual hard disk. 6028 03:55:12,200 --> 03:55:14,300 Go ahead and select the second option click 6029 03:55:14,300 --> 03:55:16,900 on create and use virtualbox image. 6030 03:55:16,900 --> 03:55:19,400 Like I said earlier we downloaded ISO image, 6031 03:55:19,400 --> 03:55:22,700 right and it's an ISO file with extension dot 6032 03:55:22,700 --> 03:55:26,800 is oh, so basically it's nothing but image so click on next 6033 03:55:26,800 --> 03:55:28,900 and I want to the storage 6034 03:55:28,900 --> 03:55:31,792 on physical hard disk to be assigned dynamically 6035 03:55:31,792 --> 03:55:32,900 and click on next. 6036 03:55:32,900 --> 03:55:35,000 So this is the name of the virtual machine 6037 03:55:35,000 --> 03:55:37,800 which we just gave all your it's asking you to choose 6038 03:55:37,800 --> 03:55:40,300 the path wherever you want to store your virtual machine. 6039 03:55:40,300 --> 03:55:42,500 Let's say documents 6040 03:55:43,046 --> 03:55:46,353 and watching machines click on open and save 6041 03:55:46,900 --> 03:55:48,300 so that's the part of setup. 6042 03:55:48,600 --> 03:55:50,100 And as for the memory call 6043 03:55:50,100 --> 03:55:52,900 you always needs you to assign at least 20 GB. 6044 03:55:53,000 --> 03:55:54,000 So let's go ahead 6045 03:55:54,000 --> 03:55:56,600 and give 20 GB you can always assign more than that 6046 03:55:57,002 --> 03:55:58,540 and click on create. 6047 03:55:59,900 --> 03:56:02,000 So this is the one we just created right? 6048 03:56:02,000 --> 03:56:02,860 It's ready. 6049 03:56:02,900 --> 03:56:05,000 Just click on settings before you power up. 6050 03:56:05,000 --> 03:56:06,600 You'll have to make certain settings. 6051 03:56:06,800 --> 03:56:08,311 So if you want to change name 6052 03:56:08,311 --> 03:56:10,500 or type and version you can always go ahead 6053 03:56:10,500 --> 03:56:11,400 and do that here. 6054 03:56:11,400 --> 03:56:14,164 We don't have anything in advance is just the folder 6055 03:56:14,164 --> 03:56:17,203 where your virtual machine with this Toad go for systems. 6056 03:56:17,203 --> 03:56:19,700 We won't be using any floppy disk are so right. 6057 03:56:19,700 --> 03:56:22,500 So on ticket or uncheck it and 6058 03:56:22,500 --> 03:56:23,500 yeah, this is memory 6059 03:56:23,500 --> 03:56:25,758 if you want to go ahead and change or assign more memory 6060 03:56:25,758 --> 03:56:26,908 because the performance 6061 03:56:26,908 --> 03:56:28,600 of your virtual machine is not that great. 6062 03:56:28,600 --> 03:56:31,100 It you can go ahead and do that for the process 6063 03:56:31,100 --> 03:56:33,400 of make sure you enable this extended features. 6064 03:56:33,400 --> 03:56:35,400 So basically if you want to increase the performance 6065 03:56:35,400 --> 03:56:37,000 of your virtual machine the number 6066 03:56:37,000 --> 03:56:39,800 of processors you assign should increase Well for now 6067 03:56:39,800 --> 03:56:40,850 since I'm to show you 6068 03:56:40,850 --> 03:56:43,400 how to install and just going to assign one you have option 6069 03:56:43,400 --> 03:56:45,400 to increase to say to like that. 6070 03:56:45,400 --> 03:56:47,000 And as for the display, 6071 03:56:47,000 --> 03:56:50,700 you can enable 3D acceleration display storage settings. 6072 03:56:50,700 --> 03:56:52,800 This is the most important one right now. 6073 03:56:52,800 --> 03:56:55,900 We don't have any image attached to your so click on this empty 6074 03:56:55,900 --> 03:56:57,171 and click on the CD image 6075 03:56:57,171 --> 03:56:58,900 that you see here and choose watch. 6076 03:56:59,500 --> 03:57:01,600 And attach the image or die. 6077 03:57:01,600 --> 03:57:03,130 So Fire torrent file, 6078 03:57:03,130 --> 03:57:06,718 which you just downloaded click on open and audio 6079 03:57:06,718 --> 03:57:09,500 no settings default Network by default. 6080 03:57:09,500 --> 03:57:11,200 You can always set it for Nat 6081 03:57:11,200 --> 03:57:13,800 since we're using only one watching machine ha but 6082 03:57:13,800 --> 03:57:16,900 if you want to use a cuddle in X with any other motion machine 6083 03:57:16,900 --> 03:57:20,800 like Metasploit able to you can go ahead and use this host-only 6084 03:57:20,800 --> 03:57:23,422 adapter option here because when you use Nat 6085 03:57:23,422 --> 03:57:25,200 and when you have two virtual machines, 6086 03:57:25,200 --> 03:57:27,395 both of them will be assigned with same IP address, 6087 03:57:27,395 --> 03:57:28,896 which will definitely a problem. 6088 03:57:28,896 --> 03:57:29,696 L'm because both 6089 03:57:29,696 --> 03:57:31,973 of these virtual machines need to interact right? 6090 03:57:31,973 --> 03:57:32,400 So, yeah. 6091 03:57:32,400 --> 03:57:34,400 Well, I'm just saying all this video information 6092 03:57:34,400 --> 03:57:36,482 so you can go ahead and click on host-only adapter 6093 03:57:36,482 --> 03:57:37,887 if you using 2 virtual machines 6094 03:57:37,887 --> 03:57:39,700 and you want them to interact as for now, 6095 03:57:39,700 --> 03:57:41,753 I'm just retaining it Nat and rest 6096 03:57:41,753 --> 03:57:45,300 you can you don't have to make any changes and click on OK 6097 03:57:45,400 --> 03:57:47,300 once you've made all the settings click 6098 03:57:47,300 --> 03:57:50,100 on this or you can go ahead and click on start option. 6099 03:57:50,100 --> 03:57:55,700 Are you can light click on it and start Again, 6100 03:57:55,700 --> 03:57:56,300 like I said, 6101 03:57:56,300 --> 03:57:59,900 the installation process from Step One is very similar to that 6102 03:57:59,900 --> 03:58:01,000 whether using VMware. 6103 03:58:01,000 --> 03:58:03,800 So again, you'll be greeted with Kali boot screen and you 6104 03:58:03,800 --> 03:58:05,300 have multiple options again. 6105 03:58:05,300 --> 03:58:07,100 I'm not repeating the entire thing here. 6106 03:58:07,100 --> 03:58:09,000 So go ahead and click on graphical install. 6107 03:58:09,000 --> 03:58:10,889 And if you're a pro and using command line, 6108 03:58:10,889 --> 03:58:12,437 you can always go for install option. 6109 03:58:12,437 --> 03:58:15,000 And if you want to just use it for one time purpose, 6110 03:58:15,000 --> 03:58:16,900 you can always go for live option here. 6111 03:58:17,000 --> 03:58:17,800 That's all guys. 6112 03:58:17,800 --> 03:58:19,700 I'm sure you can catch it from here, right? 6113 03:58:19,700 --> 03:58:22,964 Because it's almost similar to the ones we did using VMware 6114 03:58:22,964 --> 03:58:26,200 if you have Here are just go back and take a look at it. 6115 03:58:26,200 --> 03:58:27,751 Yeah, well, like I said, 6116 03:58:27,751 --> 03:58:31,600 I showed you on how to use virtualbox to install Kali Linux 6117 03:58:31,600 --> 03:58:33,000 on Windows operating system. 6118 03:58:33,000 --> 03:58:34,800 Well, let's aim for the Mac as well. 6119 03:58:34,800 --> 03:58:38,000 You just have to download your stuff there instead of Windows. 6120 03:58:38,000 --> 03:58:40,400 You have another option with this operating system. 6121 03:58:40,400 --> 03:58:42,200 You can dual boot your color Linux 6122 03:58:42,200 --> 03:58:43,800 with Windows or Mac. 6123 03:58:43,800 --> 03:58:46,583 It's not as easy as these installation process 6124 03:58:46,583 --> 03:58:49,907 because it will involve you setting the BIOS to changes 6125 03:58:49,907 --> 03:58:51,076 that you get to see 6126 03:58:51,076 --> 03:58:53,600 when you power up your computer initially. 6127 03:58:53,700 --> 03:58:56,800 Make sure you refer to color Linux official documentation 6128 03:58:56,800 --> 03:58:59,300 and make sure you've done the installation properly 6129 03:58:59,300 --> 03:59:01,600 so that you won't mess up your default settings. 6130 03:59:02,200 --> 03:59:04,000 So guys we are done with two ways 6131 03:59:04,000 --> 03:59:07,201 of installing Kali Linux one on Windows and one on Mac. 6132 03:59:07,201 --> 03:59:10,700 We saw how to install it using VMware as well as virtual box 6133 03:59:11,100 --> 03:59:13,000 in the third part will see 6134 03:59:13,000 --> 03:59:16,000 how to install Kali tools on any Linux distribution. 6135 03:59:16,000 --> 03:59:19,109 It could be Ubuntu Fedora peppermint operating system 6136 03:59:19,109 --> 03:59:21,800 or any other version or distribution of Linux. 6137 03:59:21,800 --> 03:59:22,813 The procedure is 6138 03:59:22,813 --> 03:59:25,600 actually similar in every Linux distribution. 6139 03:59:25,600 --> 03:59:27,876 So if you follow up on one Linux distribution, 6140 03:59:27,876 --> 03:59:29,176 you can go ahead and do it 6141 03:59:29,176 --> 03:59:31,700 on the Linux distribution of your choice or the one 6142 03:59:31,700 --> 03:59:34,000 that you use One thing you should remember is 6143 03:59:34,000 --> 03:59:37,400 that Kali Linux is not for the Dai Li line X purposes. 6144 03:59:37,500 --> 03:59:39,500 Well, it's only for ethical hacking 6145 03:59:39,500 --> 03:59:43,100 or web application penetration testing for these purposes. 6146 03:59:43,196 --> 03:59:46,503 So guys will be using a tool called Catalan. 6147 03:59:46,900 --> 03:59:48,500 Let me spell it for you guys. 6148 03:59:48,500 --> 03:59:50,600 It's Ka T WL iron. 6149 03:59:51,196 --> 03:59:53,503 So let's just search for that. 6150 03:59:54,500 --> 03:59:55,500 There we go. 6151 03:59:55,500 --> 03:59:58,500 It's a script that helps you to install Kali Linux tools 6152 03:59:58,500 --> 04:00:00,700 on your Linux distribution of your choice. 6153 04:00:00,700 --> 04:00:02,417 So it's usually the GitHub script. 6154 04:00:02,417 --> 04:00:04,500 So click on the first link that you find. 6155 04:00:04,500 --> 04:00:05,617 So for those of you 6156 04:00:05,617 --> 04:00:08,400 who like to use penetration testing tools provided by 6157 04:00:08,400 --> 04:00:09,932 Kali Linux development team. 6158 04:00:09,932 --> 04:00:11,226 You can effectively do 6159 04:00:11,226 --> 04:00:14,400 that on your preferred Linux distribution using this tool 6160 04:00:14,400 --> 04:00:17,300 which is Catalan or Ka t oo a lion. 6161 04:00:17,500 --> 04:00:20,290 So as you can see once you've installed Catalan properly 6162 04:00:20,290 --> 04:00:21,400 on your operating system, 6163 04:00:21,400 --> 04:00:23,200 you should be greeted with this page. 6164 04:00:23,200 --> 04:00:24,700 I'll show you how to do that. 6165 04:00:24,700 --> 04:00:25,500 What about it? 6166 04:00:25,500 --> 04:00:27,500 So the purpose of asking you 6167 04:00:27,500 --> 04:00:31,100 to see this page is to take a look at prerequisite hours. 6168 04:00:31,100 --> 04:00:34,381 So first thing you need to have a python of version 6169 04:00:34,381 --> 04:00:37,400 2.7 or above installed in your operating system 6170 04:00:37,400 --> 04:00:39,610 and you need a line exists efficient system. 6171 04:00:39,610 --> 04:00:41,811 It could be Ubuntu or it could be Fedora 6172 04:00:41,811 --> 04:00:44,500 or peppermint any other planets distribution. 6173 04:00:44,500 --> 04:00:45,785 I have a bun to here. 6174 04:00:45,785 --> 04:00:47,925 I'll be using VMware Workstation Pro. 6175 04:00:47,925 --> 04:00:50,362 It's already open but let me just go back. 6176 04:00:50,362 --> 04:00:52,800 All you have to do is search for one, too. 6177 04:00:53,073 --> 04:00:55,226 And click on the first link. 6178 04:00:55,900 --> 04:00:58,500 So as you can see there are a lot of options yet 6179 04:00:58,500 --> 04:01:01,202 for to install a bin to just click on this 6180 04:01:01,202 --> 04:01:04,300 and you'll be able to download a file ISO image. 6181 04:01:04,300 --> 04:01:05,400 I've already done that. 6182 04:01:05,400 --> 04:01:06,400 I'm not doing it again. 6183 04:01:06,400 --> 04:01:08,134 Let's go back to VMware Workstation 6184 04:01:08,134 --> 04:01:08,900 as you can see. 6185 04:01:08,900 --> 04:01:11,700 I already have my Ubuntu operating system installed 6186 04:01:11,700 --> 04:01:14,400 installing a window is it's very straightforward. 6187 04:01:14,400 --> 04:01:16,400 So just take a look at the instructions 6188 04:01:16,400 --> 04:01:19,150 that you need to know when you're installing Ubuntu once 6189 04:01:19,150 --> 04:01:20,463 you've done the installation, 6190 04:01:20,463 --> 04:01:22,205 which should look something like this. 6191 04:01:22,205 --> 04:01:23,100 So let me power up. 6192 04:01:23,100 --> 04:01:24,600 I've been to operating system. 6193 04:01:29,700 --> 04:01:30,600 So as you can see, 6194 04:01:30,600 --> 04:01:33,799 once you install your land up on this page and it's asking 6195 04:01:33,799 --> 04:01:35,800 for the password you set up this username 6196 04:01:35,800 --> 04:01:37,870 and password during the installation process. 6197 04:01:37,870 --> 04:01:39,000 So don't worry about it. 6198 04:01:39,000 --> 04:01:40,200 Click on enter. 6199 04:01:40,400 --> 04:01:43,300 So let's say you are a Unix lover you 6200 04:01:43,300 --> 04:01:45,500 like using your next platform. 6201 04:01:45,600 --> 04:01:46,930 But right now you want to use 6202 04:01:46,930 --> 04:01:49,000 certain tools for performing application penetration, 6203 04:01:49,000 --> 04:01:50,400 testing and ethical hacking. 6204 04:01:50,400 --> 04:01:51,900 You just don't need all the tools. 6205 04:01:51,900 --> 04:01:52,832 You need few Tools 6206 04:01:52,832 --> 04:01:55,224 in that case instead of installing color index 6207 04:01:55,224 --> 04:01:57,814 on your operating system installing only certain 6208 04:01:57,814 --> 04:02:00,929 color Linux tools will be The best option right for that. 6209 04:02:00,929 --> 04:02:03,400 Like I said earlier will be using cut Olin. 6210 04:02:03,400 --> 04:02:05,900 I have a set of four five commands 6211 04:02:05,900 --> 04:02:08,300 that you need to use to install Catalan Festival. 6212 04:02:08,300 --> 04:02:11,100 You need to have get on your operating system. 6213 04:02:11,100 --> 04:02:13,100 Let me check if I have it or not. 6214 04:02:13,100 --> 04:02:15,700 Anyway, I have these five or four set of commands 6215 04:02:15,700 --> 04:02:17,867 which will be using I'm going to attach them 6216 04:02:17,867 --> 04:02:19,050 in the description below. 6217 04:02:19,050 --> 04:02:20,600 So if you want you can use them 6218 04:02:20,600 --> 04:02:23,500 as you can see install get First Command. 6219 04:02:24,500 --> 04:02:26,510 It says unable to use it 6220 04:02:26,510 --> 04:02:29,279 because have to login as a root user. 6221 04:02:29,296 --> 04:02:32,603 So let me just it's asking for the password. 6222 04:02:33,400 --> 04:02:35,400 Yeah now I'm a root user. 6223 04:02:35,400 --> 04:02:37,300 So let me try the command again. 6224 04:02:37,500 --> 04:02:41,600 That's apt-get install Kit. 6225 04:02:42,400 --> 04:02:46,700 Yeah installing get it's just going to take few minutes. 6226 04:02:46,900 --> 04:02:48,684 But while this is happening, 6227 04:02:48,684 --> 04:02:50,892 let's go ahead and explore cartoon 6228 04:02:50,892 --> 04:02:52,900 to let me go for Firefox here. 6229 04:02:52,900 --> 04:02:54,913 Let's search for Carter: 6230 04:02:55,000 --> 04:02:58,100 so it's the first link guys like I said earlier, 6231 04:02:58,100 --> 04:02:59,600 so let me scroll down 6232 04:02:59,600 --> 04:03:02,100 as we saw the should be the home page 6233 04:03:02,100 --> 04:03:04,700 and we did take a look at the requirements. 6234 04:03:05,900 --> 04:03:08,000 So let's just go back and see if it's done. 6235 04:03:08,000 --> 04:03:09,400 It's still happening. 6236 04:03:09,700 --> 04:03:12,564 So one thing is make sure you have a python 6237 04:03:12,564 --> 04:03:14,200 or version 2.7 or above. 6238 04:03:14,200 --> 04:03:17,200 Otherwise the entire thing won't work at all. 6239 04:03:17,900 --> 04:03:18,900 Yeah guys it's done. 6240 04:03:19,200 --> 04:03:19,999 Now. 6241 04:03:20,000 --> 04:03:21,549 We are done with the first step. 6242 04:03:21,549 --> 04:03:24,400 We need to install a we need to clone the cartel in right? 6243 04:03:24,400 --> 04:03:25,400 So what you do? 6244 04:03:25,400 --> 04:03:26,293 Like I said, 6245 04:03:26,293 --> 04:03:29,233 I have a command right here just copy this 6246 04:03:29,233 --> 04:03:31,600 and place it over there control C. 6247 04:03:31,600 --> 04:03:34,900 Let's go back to terminal and it makes your skin for you guys. 6248 04:03:34,900 --> 04:03:35,300 Yeah. 6249 04:03:35,800 --> 04:03:39,200 And based so basically I'm cloning it here 6250 04:03:39,300 --> 04:03:42,650 and the next command is I'm copying the python file 6251 04:03:42,650 --> 04:03:44,600 to this directory and click on 6252 04:03:44,600 --> 04:03:45,700 until it's done. 6253 04:03:45,700 --> 04:03:49,500 It's just quick process now, we'll have to change permissions 6254 04:03:49,500 --> 04:03:52,500 so that we have access to use Catalan for that. 6255 04:03:52,500 --> 04:03:53,000 Basically. 6256 04:03:53,000 --> 04:03:54,900 We are giving execute permission. 6257 04:03:54,900 --> 04:03:59,100 So chmod plus X. Make sure you take a look at that + 6258 04:03:59,100 --> 04:04:02,584 x + enter we are audio is now our cut line 6259 04:04:02,584 --> 04:04:04,430 is installed say a lion, 6260 04:04:04,600 --> 04:04:05,800 so as you can see It's 6261 04:04:05,800 --> 04:04:08,100 already the first thing that you should do is 6262 04:04:08,100 --> 04:04:09,950 before you upgrade your system essays. 6263 04:04:09,950 --> 04:04:12,400 Please remove all the color like repositories to avoid 6264 04:04:12,400 --> 04:04:13,591 any kind of problems. 6265 04:04:13,591 --> 04:04:16,600 So as you can see it shows you like five options here. 6266 04:04:16,600 --> 04:04:18,866 First one is Azad Kali repositories 6267 04:04:18,866 --> 04:04:21,000 and update next view categories. 6268 04:04:21,000 --> 04:04:21,748 Like I said, 6269 04:04:21,748 --> 04:04:23,838 Kali Linux is 600 plus tools, right? 6270 04:04:23,838 --> 04:04:26,107 So you have different tools categorized 6271 04:04:26,107 --> 04:04:27,415 under different headings. 6272 04:04:27,415 --> 04:04:29,313 Then you have classic menu indicator. 6273 04:04:29,313 --> 04:04:31,000 It's nothing here as you can see. 6274 04:04:31,000 --> 04:04:32,500 I have a small icon here. 6275 04:04:32,500 --> 04:04:33,662 If you click on that, 6276 04:04:33,662 --> 04:04:35,600 it'll just show you different menus. 6277 04:04:35,600 --> 04:04:38,004 That's all and if you want to install color menu 6278 04:04:38,004 --> 04:04:40,000 for easy access you can do that as well. 6279 04:04:40,000 --> 04:04:43,500 So let me just click one under one that says add 6280 04:04:43,500 --> 04:04:47,293 color Linux repositories update remove and view all kundan's. 6281 04:04:47,293 --> 04:04:49,000 So let's try removing them. 6282 04:04:49,000 --> 04:04:51,400 Let's drive with adding repositories. 6283 04:04:52,000 --> 04:04:55,026 It is there are certain duplicate signatures removed 6284 04:04:55,026 --> 04:04:55,800 and all that. 6285 04:04:55,800 --> 04:04:57,588 So let's just try to remove 6286 04:04:57,588 --> 04:05:01,800 like they suggested earlier have been deleted now one. 6287 04:05:03,900 --> 04:05:05,256 So if you guys want to go ahead 6288 04:05:05,256 --> 04:05:07,578 and update the repositories already existing ones, 6289 04:05:07,578 --> 04:05:08,883 you can go ahead and do that. 6290 04:05:08,883 --> 04:05:09,600 I'm not doing it now 6291 04:05:09,600 --> 04:05:11,300 because it's going to take a while. 6292 04:05:11,300 --> 04:05:14,100 So if you want to go back just click back. 6293 04:05:14,100 --> 04:05:15,400 It's as easy as that. 6294 04:05:15,400 --> 04:05:17,217 Now, let's say I want to view categories 6295 04:05:17,217 --> 04:05:19,467 and install one to love it as you can see. 6296 04:05:19,467 --> 04:05:21,300 There are like number of fusion number 6297 04:05:21,300 --> 04:05:22,400 of categories here. 6298 04:05:22,400 --> 04:05:25,200 So I have web application penetration tools your 6299 04:05:25,200 --> 04:05:26,800 have password attacks. 6300 04:05:26,800 --> 04:05:28,500 I have exploitation tools. 6301 04:05:28,500 --> 04:05:29,900 Well, if you are interested, 6302 04:05:29,900 --> 04:05:32,633 there's an introduction video of what is Kali Linux 6303 04:05:32,633 --> 04:05:33,999 by director in the south. 6304 04:05:33,999 --> 04:05:34,900 Security playlist. 6305 04:05:34,900 --> 04:05:36,600 So go ahead and take a look at that. 6306 04:05:36,600 --> 04:05:37,600 We have explained 6307 04:05:37,600 --> 04:05:40,100 like about five to six popular tools in Kali Linux. 6308 04:05:40,200 --> 04:05:42,300 Anyway getting back to today's session. 6309 04:05:42,300 --> 04:05:44,300 Let me just say for 6310 04:05:44,300 --> 04:05:47,900 as you can see it lists all the web application tools. 6311 04:05:47,900 --> 04:05:50,961 So if I want to install all those there's an option 6312 04:05:50,961 --> 04:05:53,900 that's zero, but let's just say I want an install 6313 04:05:53,900 --> 04:05:55,300 a tool called SQL map. 6314 04:05:55,300 --> 04:05:57,600 I'm sure you might have heard SQL map. 6315 04:05:57,600 --> 04:05:58,500 If not, it's okay. 6316 04:05:58,500 --> 04:06:00,754 It's a tool which you use for checking out 6317 04:06:00,754 --> 04:06:03,927 vulnerabilities at a present an application database system. 6318 04:06:03,927 --> 04:06:06,555 So anyway, it asks inside the number of the tool 6319 04:06:06,555 --> 04:06:07,900 that you want to install. 6320 04:06:07,900 --> 04:06:08,900 Let's say 27. 6321 04:06:09,200 --> 04:06:11,200 So as you can see it's installing. 6322 04:06:14,600 --> 04:06:18,155 So it's as if you said guys so once you just done installing, 6323 04:06:18,155 --> 04:06:19,400 I'll get back to you. 6324 04:06:20,600 --> 04:06:22,834 Any tool I just showed you how to use 6325 04:06:22,834 --> 04:06:24,200 how to install SQL map 6326 04:06:24,200 --> 04:06:26,275 which is there in web application tools. 6327 04:06:26,275 --> 04:06:27,500 You can go ahead and do 6328 04:06:27,500 --> 04:06:30,100 that for other different types of tools as well suppose. 6329 04:06:30,100 --> 04:06:31,800 You want to install all the tools. 6330 04:06:31,800 --> 04:06:34,600 You can go forward 0 as in click on zero option. 6331 04:06:36,000 --> 04:06:37,000 So there you go guys. 6332 04:06:37,000 --> 04:06:38,869 I just showed you how to install one tool 6333 04:06:38,869 --> 04:06:41,300 so you can go ahead and do that for any kind of stool 6334 04:06:41,300 --> 04:06:42,427 under any category. 6335 04:06:42,427 --> 04:06:44,800 So if you just want to go back click pack 6336 04:06:44,800 --> 04:06:46,523 and go for other types of tools, 6337 04:06:46,523 --> 04:06:49,700 let's say eight there you can see so whatever different time 6338 04:06:49,700 --> 04:06:51,900 of exploration tools you want you can go ahead 6339 04:06:51,900 --> 04:06:53,033 and install them. 6340 04:06:53,033 --> 04:06:54,500 Let me just click back 6341 04:06:54,500 --> 04:06:58,800 and the back sometimes when you try to install all the tools, 6342 04:06:58,800 --> 04:07:00,400 you might get an error saying 6343 04:07:00,400 --> 04:07:03,200 that's the file doesn't exist or depository doesn't exist. 6344 04:07:03,200 --> 04:07:05,700 All you have to do is go for one First Option here. 6345 04:07:05,800 --> 04:07:07,746 As you can see here you have option two 6346 04:07:07,746 --> 04:07:08,568 which is update. 6347 04:07:08,568 --> 04:07:10,101 So update your repositories. 6348 04:07:10,101 --> 04:07:11,656 Make sure the Kali Linux mirror 6349 04:07:11,656 --> 04:07:14,100 which is present for the updation as the right one. 6350 04:07:14,100 --> 04:07:16,100 Once I've done that you won't get any errors. 6351 04:07:16,100 --> 04:07:18,100 All the tools will be installed properly. 6352 04:07:18,200 --> 04:07:20,600 So suppose you want to get back from these cattle 6353 04:07:20,600 --> 04:07:22,800 and easy just press control C. 6354 04:07:22,800 --> 04:07:24,900 And yeah as you can see it says goodbye. 6355 04:07:24,900 --> 04:07:28,500 So that's as easy as it is to use colonics tools on any kind 6356 04:07:28,500 --> 04:07:29,700 of Linux distribution 6357 04:07:29,700 --> 04:07:32,580 while I've showed you on a bun to the procedure is same 6358 04:07:32,580 --> 04:07:34,500 on any other Linux distribution guys. 6359 04:07:34,800 --> 04:07:35,800 So there we go guys. 6360 04:07:35,800 --> 04:07:37,832 I've done with three things first. 6361 04:07:37,832 --> 04:07:39,927 We did on Windows using VMware then 6362 04:07:39,927 --> 04:07:42,900 on Mac using virtualbox and third I showed you 6363 04:07:42,900 --> 04:07:45,000 how to install Kali Linux tools on any kind 6364 04:07:45,000 --> 04:07:46,334 of Linux distribution. 6365 04:07:46,334 --> 04:07:48,700 And finally, there's one last demo here. 6366 04:07:48,700 --> 04:07:50,800 We'll see how to install Kali Linux 6367 04:07:50,800 --> 04:07:53,900 or Windows operating system using Windows subsystem 6368 04:07:53,900 --> 04:07:55,040 for Linux feature. 6369 04:07:55,040 --> 04:07:57,700 So, let me get back to my operating system. 6370 04:07:57,700 --> 04:08:00,500 We won't be needing VMware Workstation anymore. 6371 04:08:00,900 --> 04:08:03,500 So guys will be using a feature called 6372 04:08:03,500 --> 04:08:05,207 windows subsystem for Linux, 6373 04:08:05,207 --> 04:08:08,500 which is By default present in all the current versions 6374 04:08:08,500 --> 04:08:09,500 of Windows 10. 6375 04:08:09,500 --> 04:08:10,800 This is actually for those 6376 04:08:10,800 --> 04:08:13,700 who prefer using Color Linux command line interface. 6377 04:08:13,700 --> 04:08:16,000 So make sure to listen to me properly. 6378 04:08:16,000 --> 04:08:17,200 Oh use this option only 6379 04:08:17,200 --> 04:08:19,438 if you are a pro in using command line interface 6380 04:08:19,438 --> 04:08:22,200 or if you have any experience using command line interface. 6381 04:08:22,200 --> 04:08:24,968 Otherwise just go ahead and use VMware watch the box 6382 04:08:24,968 --> 04:08:27,900 and install Kali Linux graphical user interface option. 6383 04:08:27,900 --> 04:08:29,852 So yeah, this windows subsystem 6384 04:08:29,852 --> 04:08:33,649 for line X allows you to run Linux distributions as subsystem 6385 04:08:33,649 --> 04:08:35,927 on your Windows operating system this 6386 04:08:35,927 --> 04:08:37,700 Her is really a new feature. 6387 04:08:37,700 --> 04:08:39,800 It exists only in Windows 10. 6388 04:08:39,800 --> 04:08:42,400 So you need to use latest version of Windows 6389 04:08:42,400 --> 04:08:45,000 10 to perform this demo or use this option. 6390 04:08:45,000 --> 04:08:46,285 And in addition to that. 6391 04:08:46,285 --> 04:08:48,000 We also have other prerequisites, 6392 04:08:48,000 --> 04:08:50,100 especially we need to have git installed 6393 04:08:50,100 --> 04:08:52,222 or you can go ahead and zip the file 6394 04:08:52,222 --> 04:08:55,164 which is Windows subsystem for Linux files normally 6395 04:08:55,164 --> 04:08:56,925 but having it is also a nice day. 6396 04:08:56,925 --> 04:08:58,687 Secondly, you need to have python 6397 04:08:58,687 --> 04:09:02,100 of version 3 or above make sure you've installed Python and set 6398 04:09:02,100 --> 04:09:03,100 up the path to check 6399 04:09:03,100 --> 04:09:05,700 if your python is installed properly or not just sake. 6400 04:09:06,000 --> 04:09:09,700 Go via command prompt and just type a python version. 6401 04:09:10,500 --> 04:09:11,300 It should show 6402 04:09:11,300 --> 04:09:13,446 you wasn't properly only then you can be sure 6403 04:09:13,446 --> 04:09:15,149 that your python is properly installed. 6404 04:09:15,149 --> 04:09:17,900 As you can see for made showing three point six point seven, 6405 04:09:17,900 --> 04:09:19,800 which is definitely above three, 6406 04:09:19,800 --> 04:09:22,100 and it's properly installed in the path is set. 6407 04:09:22,100 --> 04:09:24,900 The first thing you need to do is enable WSL 6408 04:09:24,900 --> 04:09:26,895 or Windows subsystem for Linux. 6409 04:09:26,895 --> 04:09:30,888 Just go for the control panel and there click on programs 6410 04:09:30,888 --> 04:09:32,471 and turn Windows features 6411 04:09:32,471 --> 04:09:35,700 on or off make sure not to touch any other features. 6412 04:09:35,700 --> 04:09:37,824 It might mess up your operating system. 6413 04:09:37,824 --> 04:09:38,706 So scroll down. 6414 04:09:38,706 --> 04:09:40,200 It's usually at the bottom. 6415 04:09:40,200 --> 04:09:40,400 Bye. 6416 04:09:40,400 --> 04:09:41,900 For let's never nibbled a few 6417 04:09:41,900 --> 04:09:44,300 using it for the first time you need to enable it. 6418 04:09:44,300 --> 04:09:45,799 So first thing you do is enable it 6419 04:09:45,799 --> 04:09:46,800 as you can see here. 6420 04:09:46,800 --> 04:09:48,908 It says windows subsystem for Linux. 6421 04:09:48,908 --> 04:09:52,100 Make sure you enable it check mark it and click on OK. 6422 04:09:52,100 --> 04:09:55,284 Once you have done that run your command prompt 6423 04:09:55,284 --> 04:09:57,500 or terminal as an administrator. 6424 04:09:57,500 --> 04:09:59,700 All you have to do is right-click on it and click 6425 04:09:59,700 --> 04:10:00,900 on run as administrator. 6426 04:10:01,100 --> 04:10:04,200 And yes now will be enabling based distribution. 6427 04:10:04,200 --> 04:10:07,607 That is like I said windows subsystem for Linux allows 6428 04:10:07,607 --> 04:10:10,300 you to run a line X distribution as subsystem. 6429 04:10:10,300 --> 04:10:12,100 Right, but for that we need to enable 6430 04:10:12,100 --> 04:10:13,800 this base distribution for that. 6431 04:10:13,800 --> 04:10:15,749 You need to install the base distribution 6432 04:10:15,749 --> 04:10:18,100 or any kind of Linux distribution that you need. 6433 04:10:18,300 --> 04:10:22,200 So just use LX run and install. 6434 04:10:22,900 --> 04:10:24,100 So once you type 6435 04:10:24,100 --> 04:10:26,400 that this is the output which you get it says, 6436 04:10:26,400 --> 04:10:29,500 it's the Legacy Windows system for Linux distribution. 6437 04:10:29,500 --> 04:10:32,456 So you can go ahead and install other Linux distribution 6438 04:10:32,456 --> 04:10:34,500 which are available in Microsoft store. 6439 04:10:34,500 --> 04:10:37,000 But unfortunately Kali Linux is not available, 6440 04:10:37,000 --> 04:10:38,400 but it doesn't matter right. 6441 04:10:38,400 --> 04:10:40,600 We're anyway installing it using the procedure. 6442 04:10:41,030 --> 04:10:43,569 Just click on why here saying yes, 6443 04:10:43,800 --> 04:10:44,984 I've already installed. 6444 04:10:44,984 --> 04:10:46,959 So it's showing Legacy Windows system 6445 04:10:46,959 --> 04:10:49,138 for Linux distribution is already installed 6446 04:10:49,138 --> 04:10:50,202 on my system for you. 6447 04:10:50,202 --> 04:10:52,157 It might take a while after installing. 6448 04:10:52,157 --> 04:10:54,070 The most important thing is it lasts 6449 04:10:54,070 --> 04:10:55,600 for you to set up a password 6450 04:10:55,600 --> 04:10:58,100 and username don't skip that step wait for a while 6451 04:10:58,100 --> 04:11:00,300 and make sure you set up the password and use 6452 04:11:00,300 --> 04:11:03,300 an improperly only then entire thing will work out 6453 04:11:03,300 --> 04:11:05,688 once you've done that we are done here. 6454 04:11:05,688 --> 04:11:07,700 You can close the command prompt. 6455 04:11:07,700 --> 04:11:10,200 The next thing you need to do is install git 6456 04:11:10,200 --> 04:11:11,600 I already have it installed. 6457 04:11:11,600 --> 04:11:14,058 It's very easy install dot exe file and click 6458 04:11:14,058 --> 04:11:15,400 on installation process. 6459 04:11:15,400 --> 04:11:18,364 It's very straightforward and open git bash. 6460 04:11:18,364 --> 04:11:19,457 Yeah before that. 6461 04:11:19,457 --> 04:11:22,800 Let me go ahead and create a folder called text here. 6462 04:11:23,000 --> 04:11:26,300 And as you can see it stored on my desktop right now, 6463 04:11:26,300 --> 04:11:27,100 it's empty. 6464 04:11:27,185 --> 04:11:33,300 Anyway, let me go back to get here and CD desktop 6465 04:11:33,800 --> 04:11:38,000 TST all your Venable windows subsystem for Linux. 6466 04:11:38,000 --> 04:11:40,600 But now we have to download the script right for that. 6467 04:11:41,080 --> 04:11:44,619 Search for Windows subsystem for Linux Witcher. 6468 04:11:45,000 --> 04:11:48,700 And the first link is the GitHub link click on that. 6469 04:11:49,200 --> 04:11:50,400 There you go guys. 6470 04:11:50,400 --> 04:11:53,573 It says windows subsystem for Linux distributions, 6471 04:11:53,573 --> 04:11:57,200 which are it is the purpose is to let you easily download 6472 04:11:57,200 --> 04:11:59,080 and install Linux distribution 6473 04:11:59,080 --> 04:12:01,900 as subsystem on your Windows operating system. 6474 04:12:01,900 --> 04:12:04,500 So as you can see you have different options here 6475 04:12:04,500 --> 04:12:06,400 for the base operating systems. 6476 04:12:06,700 --> 04:12:10,700 So yeah copy this link here control see see 6477 04:12:11,000 --> 04:12:14,600 and go back to git git clone 6478 04:12:15,200 --> 04:12:18,700 and paste the link which you just download it paste it. 6479 04:12:18,900 --> 04:12:20,600 It shouldn't take very long. 6480 04:12:21,323 --> 04:12:22,476 It's done guys. 6481 04:12:22,715 --> 04:12:25,584 So now if your check your test folder 6482 04:12:25,600 --> 04:12:28,600 Windows subsystem for Linux will be downloaded properly. 6483 04:12:28,600 --> 04:12:32,500 Let's just go back and check that here is our test folder 6484 04:12:32,500 --> 04:12:35,700 as you can see windows subsystem for Linux is already there 6485 04:12:35,700 --> 04:12:37,700 now open your command prompt. 6486 04:12:38,496 --> 04:12:40,803 CD let's go for the text file. 6487 04:12:41,500 --> 04:12:42,549 And if you search 6488 04:12:42,549 --> 04:12:45,700 for the directories under that you can see WSL here. 6489 04:12:45,700 --> 04:12:47,600 Now, let's go for that as well. 6490 04:12:47,700 --> 04:12:50,700 You can just press stop directories under that 6491 04:12:50,900 --> 04:12:54,400 so as you can see the two things the most important things is 6492 04:12:54,400 --> 04:12:56,500 this get pre-built dot p y 6493 04:12:56,500 --> 04:12:57,900 and install py 6494 04:12:58,400 --> 04:13:02,900 this KET pre-build py will fetch Kali Linux Docker files 6495 04:13:03,000 --> 04:13:06,300 and installed our py will install Kali Linux for you. 6496 04:13:06,300 --> 04:13:07,855 I already have it installed. 6497 04:13:07,855 --> 04:13:09,800 But I'll just show you how to do it. 6498 04:13:09,900 --> 04:13:13,900 So go back to the browser and type talk a file. 6499 04:13:14,200 --> 04:13:15,807 Click on the second link. 6500 04:13:15,807 --> 04:13:16,900 I just wanted few 6501 04:13:16,900 --> 04:13:20,336 to copy the command easily so that you won't make mistakes. 6502 04:13:20,336 --> 04:13:21,200 This is the one 6503 04:13:21,200 --> 04:13:23,700 which you'll have to copy to fetch 6504 04:13:23,700 --> 04:13:25,600 the color index dog of files. 6505 04:13:25,600 --> 04:13:29,300 So you can just copy this part and go for command prompt. 6506 04:13:29,300 --> 04:13:32,400 Let me maximize this for you here you can say so 6507 04:13:32,400 --> 04:13:34,700 if you remember I said python is masked. 6508 04:13:34,700 --> 04:13:36,000 So make sure you install 6509 04:13:36,000 --> 04:13:37,900 it properly and set up the path White. 6510 04:13:37,900 --> 04:13:39,700 And get pre-built. 6511 04:13:39,776 --> 04:13:42,623 Let me just people dot pi and copy it. 6512 04:13:43,700 --> 04:13:45,400 As you can see it's installing. 6513 04:13:45,400 --> 04:13:48,000 It's going to take probably like 2 minutes. 6514 04:13:57,800 --> 04:13:59,500 So it says it's done 6515 04:13:59,500 --> 04:14:03,000 at says it's safe to this file in the text folder. 6516 04:14:03,000 --> 04:14:05,700 Let's go back and check if that's happened. 6517 04:14:06,000 --> 04:14:09,684 Here's a test folder under WSL you have python 6518 04:14:09,684 --> 04:14:12,530 as you can see you have python folder. 6519 04:14:12,700 --> 04:14:15,200 Is it folder of Kali Linux installed 6520 04:14:15,200 --> 04:14:17,500 or fetched you'll have to install it now, 6521 04:14:17,500 --> 04:14:18,000 right? 6522 04:14:18,400 --> 04:14:21,100 So let me now just type python. 6523 04:14:22,500 --> 04:14:24,200 This is the command that you want to use 6524 04:14:24,200 --> 04:14:27,300 that's installed on pie and stalled out pie 6525 04:14:27,800 --> 04:14:32,700 and copy this or just type and enter tab lutefisk stabbed 6526 04:14:32,934 --> 04:14:34,165 and click enter. 6527 04:14:42,100 --> 04:14:44,145 So as you can see it took a while 6528 04:14:44,145 --> 04:14:46,046 but it did install right now. 6529 04:14:46,046 --> 04:14:48,900 All you have to do is it's installed so you 6530 04:14:48,900 --> 04:14:53,500 can close the CMD and open your command prompt and run it 6531 04:14:53,500 --> 04:14:55,612 as an administrator click. 6532 04:14:55,612 --> 04:14:56,600 Yes. 6533 04:14:56,600 --> 04:14:59,600 Let me maximize the screen you'll have to set 6534 04:14:59,600 --> 04:15:02,800 the root password are the default user as brute so 6535 04:15:02,800 --> 04:15:05,500 set default the command 6536 04:15:05,500 --> 04:15:09,400 that you need to use hit default user as root. 6537 04:15:10,226 --> 04:15:14,073 As you can see it's now set to root and click Bash. 6538 04:15:15,300 --> 04:15:17,000 Done guys, right now. 6539 04:15:17,000 --> 04:15:17,800 We are running 6540 04:15:17,800 --> 04:15:20,700 on Callie operating system on command line interface 6541 04:15:20,800 --> 04:15:21,800 if want to make sure 6542 04:15:21,800 --> 04:15:24,200 if you're actually running on Curry just type 6543 04:15:24,200 --> 04:15:26,100 Cat ATC and issue. 6544 04:15:26,600 --> 04:15:29,300 It shows that Kali Linux rolling. 6545 04:15:29,500 --> 04:15:30,600 So as you can see we 6546 04:15:30,600 --> 04:15:33,600 have successfully installed Kali Linux command line interface 6547 04:15:33,600 --> 04:15:36,388 or how to use command line interface on Windows using 6548 04:15:36,388 --> 04:15:40,299 Windows subsystem for Linux and I'm telling it to you again 6549 04:15:40,299 --> 04:15:41,635 just use it if you know 6550 04:15:41,635 --> 04:15:44,400 how to use command line interface very properly. 6551 04:15:44,400 --> 04:15:45,700 Otherwise Might be 6552 04:15:45,700 --> 04:15:49,044 a little overwhelming subpoenas the fault. 6553 04:15:49,100 --> 04:15:53,300 It's the command that you need to use hit default user as 6554 04:15:53,300 --> 04:15:55,069 root as you can see. 6555 04:15:55,069 --> 04:15:58,261 It's now set to root and click Bash. 6556 04:15:59,600 --> 04:16:01,300 Done guys, right now. 6557 04:16:01,300 --> 04:16:02,100 We are running 6558 04:16:02,100 --> 04:16:05,000 on Callie operating system on command line interface 6559 04:16:05,200 --> 04:16:06,200 if want to make sure 6560 04:16:06,200 --> 04:16:09,700 if you're actually running on Curry just type Cat ATC 6561 04:16:09,700 --> 04:16:13,600 and issue its shows that Kali Linux rolling. 6562 04:16:13,800 --> 04:16:14,900 So as you can see we 6563 04:16:14,900 --> 04:16:17,900 have successfully installed Kali Linux command line interface 6564 04:16:17,900 --> 04:16:20,588 or how to use command line interface on Windows using 6565 04:16:20,588 --> 04:16:24,599 Windows subsystem for Linux and I'm telling it to you again 6566 04:16:24,599 --> 04:16:26,030 just use it if you know 6567 04:16:26,030 --> 04:16:28,547 how to use command line interface very properly. 6568 04:16:28,547 --> 04:16:32,000 Otherwise It might be a little overwhelming for beginners. 6569 04:16:36,800 --> 04:16:37,688 So now it's time 6570 04:16:37,688 --> 04:16:40,100 that we go through the command line basics 6571 04:16:40,100 --> 04:16:41,471 of any Linux terminal. 6572 04:16:41,471 --> 04:16:44,400 Now, the Linux terminal is a very powerful tool. 6573 04:16:44,400 --> 04:16:47,600 It allows you to move around the whole operating system 6574 04:16:47,600 --> 04:16:49,100 through the files and folders. 6575 04:16:49,100 --> 04:16:50,949 It allows you to create files. 6576 04:16:50,949 --> 04:16:52,800 She's their permissions change 6577 04:16:52,800 --> 04:16:53,840 how they behave 6578 04:16:53,840 --> 04:16:58,000 and a bunch of other things you can do filtering you can grab 6579 04:16:58,000 --> 04:17:00,700 stuff the specific stuff from a specific file 6580 04:17:00,700 --> 04:17:02,794 and there's a bunch of interesting thing 6581 04:17:02,794 --> 04:17:03,600 that you can do 6582 04:17:03,600 --> 04:17:06,200 and as an ethical hacker you will be working 6583 04:17:06,200 --> 04:17:08,541 with Knox distribution most of the time 6584 04:17:08,541 --> 04:17:10,220 whether it may be Kali Linux 6585 04:17:10,220 --> 04:17:12,200 or some other thing like Peridot s 6586 04:17:12,200 --> 04:17:14,796 but you will be working on enough most of the time 6587 04:17:14,796 --> 04:17:17,498 because it's a powerful tool for networking analysis 6588 04:17:17,498 --> 04:17:19,337 and scanning and all sorts of stuff 6589 04:17:19,337 --> 04:17:21,500 that you want to do as an ethical hacker. 6590 04:17:21,500 --> 04:17:24,205 So the First Essential step is to actually know 6591 04:17:24,205 --> 04:17:25,336 how to use the tool 6592 04:17:25,336 --> 04:17:28,212 that is available to you and that is out here, 6593 04:17:28,212 --> 04:17:29,700 which is the terminal now 6594 04:17:29,700 --> 04:17:31,700 as I'm running this on a virtual machine, 6595 04:17:31,700 --> 04:17:32,700 you might find it 6596 04:17:32,700 --> 04:17:35,733 that my execution times a much slower and that is 6597 04:17:35,733 --> 04:17:38,200 because I I have a very very slow laptop 6598 04:17:38,200 --> 04:17:41,200 because my virtual machine is actually eating up a lot 6599 04:17:41,200 --> 04:17:43,800 of my Ram and I have a bunch of other processes 6600 04:17:43,800 --> 04:17:45,100 that are also rendering 6601 04:17:45,100 --> 04:17:46,400 I do this on my free time. 6602 04:17:46,400 --> 04:17:49,784 So let's go ahead and go through the commands 6603 04:17:49,784 --> 04:17:53,589 that we are going to actually go through now. 6604 04:17:53,600 --> 04:17:56,000 Let me actually make a list of commands 6605 04:17:56,000 --> 04:17:57,800 that I want to teach you guys. 6606 04:17:57,800 --> 04:17:58,845 So let me see 6607 04:17:58,845 --> 04:18:01,900 if leafpad is available firstly leafpad is 6608 04:18:01,900 --> 04:18:03,300 basically a text editor. 6609 04:18:03,300 --> 04:18:04,300 So the first come on 6610 04:18:04,300 --> 04:18:06,600 that we're going to start off with is CD. 6611 04:18:06,900 --> 04:18:10,100 CD stands for change directory now at this moment. 6612 04:18:10,100 --> 04:18:11,500 We are in the root directory 6613 04:18:11,500 --> 04:18:15,192 as you guys can see we can print the current working directory 6614 04:18:15,192 --> 04:18:18,664 with the single PWD and that is a current working directory 6615 04:18:18,664 --> 04:18:20,311 as you see it's called route 6616 04:18:20,311 --> 04:18:23,600 and suppose we want to change directory to the home directory. 6617 04:18:23,600 --> 04:18:25,600 So all you have to do is CD which stands 6618 04:18:25,600 --> 04:18:26,600 for change directory 6619 04:18:26,600 --> 04:18:29,300 as I just said and specify the part. 6620 04:18:29,300 --> 04:18:30,500 No CD / home. 6621 04:18:30,500 --> 04:18:31,105 Okay. 6622 04:18:31,105 --> 04:18:32,400 So once we're in home, 6623 04:18:32,400 --> 04:18:34,000 I want to make a list of commands 6624 04:18:34,000 --> 04:18:36,900 that are used on the CLI that I want to teach you guys. 6625 04:18:36,900 --> 04:18:39,832 Guys, so what would I do I would firstly see 6626 04:18:39,832 --> 04:18:42,600 if any files are available that I can edit. 6627 04:18:42,600 --> 04:18:43,600 Okay, so these files 6628 04:18:43,600 --> 04:18:46,700 are available, but let's create a new file for ourselves. 6629 04:18:46,700 --> 04:18:51,000 So firstly let's do Nano list dot txt. 6630 04:18:51,200 --> 04:18:51,900 Now. 6631 04:18:51,900 --> 04:18:54,600 What Nano does is now we'll open up 6632 04:18:54,600 --> 04:18:56,482 a small command line text editor 6633 04:18:56,482 --> 04:18:58,100 now come online text editors 6634 04:18:58,100 --> 04:18:59,900 are very much used by ethical hackers 6635 04:18:59,900 --> 04:19:01,500 because they save a bunch of time 6636 04:19:01,500 --> 04:19:03,828 if there's always switching between GUI and command-line 6637 04:19:03,828 --> 04:19:06,400 because you'll be doing a bunch of stuff on the command line 6638 04:19:06,400 --> 04:19:08,600 and Will you want to write something you're always 6639 04:19:08,600 --> 04:19:09,600 switching to gooey? 6640 04:19:09,600 --> 04:19:12,000 It's a waste of time and you want to see 6641 04:19:12,000 --> 04:19:13,400 if I'm as an ethical hacker. 6642 04:19:13,400 --> 04:19:16,187 So you can use this thing called a command line editor 6643 04:19:16,187 --> 04:19:19,500 and it can basically do most of the stuff a GUI editor would do. 6644 04:19:19,700 --> 04:19:21,800 Now you say Nano and the name of this file. 6645 04:19:21,900 --> 04:19:24,500 So now basically has created this file now 6646 04:19:24,700 --> 04:19:27,535 and it has opened up this new fresh window, 6647 04:19:27,535 --> 04:19:29,611 which overrides the command line 6648 04:19:29,611 --> 04:19:32,700 that we were in The Bash and this is a place 6649 04:19:32,700 --> 04:19:34,288 where you can actually edit 6650 04:19:34,288 --> 04:19:36,500 what goes in the file now, let's see. 6651 04:19:36,500 --> 04:19:38,700 See the list of commands that I'm going to teach you. 6652 04:19:38,700 --> 04:19:42,600 I'm going to teach you LS LS will be the list of files. 6653 04:19:42,600 --> 04:19:43,400 We did CD. 6654 04:19:43,800 --> 04:19:45,100 We saw a PWD. 6655 04:19:45,100 --> 04:19:48,342 So that was a print working directory will be looking at 6656 04:19:48,342 --> 04:19:50,700 how you can copy stuff at the CP command. 6657 04:19:50,700 --> 04:19:52,656 Then we will be looking at MV 6658 04:19:52,656 --> 04:19:56,300 which is basically move then we will be looking at cap. 6659 04:19:56,300 --> 04:19:58,093 And that's an interesting one 6660 04:19:58,093 --> 04:20:01,000 and also less which is another interesting thing 6661 04:20:01,000 --> 04:20:02,400 and we'll be looking at grep 6662 04:20:02,400 --> 04:20:04,563 which is actually used for graphing 6663 04:20:04,563 --> 04:20:06,319 or grabbing things from files 6664 04:20:06,319 --> 04:20:08,500 that You might want to see you'll see 6665 04:20:08,500 --> 04:20:09,900 what I mean and a short 6666 04:20:09,900 --> 04:20:13,389 while we will see echo which probably does what you think. 6667 04:20:13,389 --> 04:20:15,900 If you have any experience with the Linux, 6668 04:20:15,900 --> 04:20:17,685 then we'll be doing touch 6669 04:20:17,685 --> 04:20:21,400 and we'll be doing make their which is make directory 6670 04:20:21,400 --> 04:20:25,100 and then we'll do in ch own chmod 6671 04:20:25,100 --> 04:20:28,330 then all the most dangerous commands has RM 6672 04:20:28,330 --> 04:20:30,400 and then you can do man. 6673 04:20:30,600 --> 04:20:31,500 Let's help. 6674 04:20:31,700 --> 04:20:32,200 Okay. 6675 04:20:32,542 --> 04:20:34,442 So these are the list of commands 6676 04:20:34,442 --> 04:20:36,052 that we are going to go through 6677 04:20:36,052 --> 04:20:39,811 in this As part of the video so suppose I was making this video 6678 04:20:39,811 --> 04:20:41,700 and I want to save the somewhere. 6679 04:20:41,700 --> 04:20:43,000 So you see down here. 6680 04:20:43,000 --> 04:20:45,500 There are a bunch of options that are sure to you. 6681 04:20:45,500 --> 04:20:49,016 Now this cat it sign might be not really thinking 6682 04:20:49,016 --> 04:20:51,800 that the shift 6 1 it's not shift 6:00. 6683 04:20:51,800 --> 04:20:54,941 It's actually a controlled so cat it is controlled 6684 04:20:54,941 --> 04:20:56,800 and then G of course means G. 6685 04:20:56,800 --> 04:20:59,900 So if you go Control G, it will actually get help. 6686 04:20:59,900 --> 04:21:00,148 Now. 6687 04:21:00,148 --> 04:21:02,384 What we want to do is save the file 6688 04:21:02,384 --> 04:21:03,700 and that is control. 6689 04:21:03,700 --> 04:21:05,800 Oh and that is right out. 6690 04:21:05,800 --> 04:21:08,600 So what we want to Who is a control? 6691 04:21:08,600 --> 04:21:10,700 Oh, and now it's going to say 6692 04:21:10,700 --> 04:21:13,600 if we want to name the file list at the XD 6693 04:21:13,600 --> 04:21:16,057 and we want to name the file and it says 6694 04:21:16,057 --> 04:21:18,200 that we have written down 15 lines. 6695 04:21:18,200 --> 04:21:19,974 So that's how you save a file. 6696 04:21:19,974 --> 04:21:20,211 Now. 6697 04:21:20,211 --> 04:21:22,400 All you want to do is exit out of you. 6698 04:21:22,400 --> 04:21:22,900 Okay. 6699 04:21:23,200 --> 04:21:27,800 So first let's go LS and let's go through whatever there is. 6700 04:21:27,800 --> 04:21:31,198 So LS showed us the list of files that are there 6701 04:21:31,198 --> 04:21:32,484 in that directory. 6702 04:21:32,484 --> 04:21:34,985 Now Alice can also show you the list 6703 04:21:34,985 --> 04:21:36,700 of files in a directory. 6704 04:21:36,700 --> 04:21:37,700 Curry with the paths 6705 04:21:37,700 --> 04:21:40,300 that you specify likewise ALS VAR. 6706 04:21:40,300 --> 04:21:42,800 It'll show me everything that is involved. 6707 04:21:42,800 --> 04:21:45,300 Okay, there are a lot of interesting things like bar. 6708 04:21:45,300 --> 04:21:49,300 So let's head over twice CD / bar and you hit enter 6709 04:21:49,400 --> 04:21:51,700 and now we are in the folder bar. 6710 04:21:51,700 --> 04:21:54,100 So now to actually demonstrate 6711 04:21:54,100 --> 04:21:57,900 how powerful analysis we have a few Flags now to see the flags 6712 04:21:57,900 --> 04:22:00,207 of any command you can just do - - 6713 04:22:00,207 --> 04:22:04,100 help universally throughout the Unix one line so out here 6714 04:22:04,100 --> 04:22:05,681 you see some information 6715 04:22:05,681 --> 04:22:08,449 that is Stuff to read but if you go on top 6716 04:22:08,449 --> 04:22:09,800 and scroll out here, 6717 04:22:09,800 --> 04:22:11,800 you'll see all the flags 6718 04:22:11,800 --> 04:22:14,116 that you can use with the command. 6719 04:22:14,116 --> 04:22:16,300 That is LS and how you can use them 6720 04:22:16,300 --> 04:22:17,200 so you can see 6721 04:22:17,200 --> 04:22:19,800 what you use and you can read a little bit about it. 6722 04:22:19,800 --> 04:22:24,200 So if you use all it ignores entries starting with DOT, 6723 04:22:24,600 --> 04:22:26,800 so suppose we were to do LS 6724 04:22:26,800 --> 04:22:30,500 in why let's see so it shows us like this now 6725 04:22:31,000 --> 04:22:32,200 if you do LSL, 6726 04:22:32,800 --> 04:22:35,500 it'll show a long list with more information. 6727 04:22:35,500 --> 04:22:38,200 So these are the permissions Options that you see out here 6728 04:22:38,200 --> 04:22:39,200 we will be seeing 6729 04:22:39,200 --> 04:22:40,200 how we can change 6730 04:22:40,200 --> 04:22:43,313 the permissions of a file soon enough and this is 6731 04:22:43,313 --> 04:22:45,029 who owns the file the user 6732 04:22:45,029 --> 04:22:47,407 and the user group is the file number. 6733 04:22:47,407 --> 04:22:47,901 I guess. 6734 04:22:47,901 --> 04:22:49,149 I'm not sure which is 6735 04:22:49,149 --> 04:22:52,000 when the created the name of the file is the time 6736 04:22:52,000 --> 04:22:54,000 when the file was created, I guess. 6737 04:22:54,000 --> 04:22:54,343 Okay. 6738 04:22:54,343 --> 04:22:57,403 So that's how you get very detailed information 6739 04:22:57,403 --> 04:22:59,000 about all the files now. 6740 04:22:59,000 --> 04:23:01,500 That's another thing you might want to use with ALS 6741 04:23:01,500 --> 04:23:04,200 and that is the 8X so you can go LS 6742 04:23:04,200 --> 04:23:06,500 a and it will show you all. 6743 04:23:06,500 --> 04:23:08,066 Of the hidden files also. 6744 04:23:08,066 --> 04:23:11,700 So now you see some two files that were not shown out here. 6745 04:23:11,700 --> 04:23:13,700 Our file is begins from backup. 6746 04:23:13,700 --> 04:23:16,400 But when we do LS, / I mean - 6747 04:23:16,400 --> 04:23:20,370 La we see two more files at this Dot and Dot so let's see 6748 04:23:20,370 --> 04:23:25,465 if we can move into that CD dot so we can't even move into that. 6749 04:23:25,465 --> 04:23:27,000 So that's interesting. 6750 04:23:27,000 --> 04:23:28,800 So these are hidden files. 6751 04:23:28,800 --> 04:23:31,612 So these are not seen two random users 6752 04:23:31,612 --> 04:23:34,700 and we can actually do stuff with them. 6753 04:23:34,700 --> 04:23:36,417 We will see how we can use hidden. 6754 04:23:36,417 --> 04:23:37,300 Hours later on. 6755 04:23:37,300 --> 04:23:39,800 So if you want to show hidden files through LSU, 6756 04:23:39,800 --> 04:23:43,666 all you have to do is LS and - La so that was all about LS. 6757 04:23:43,666 --> 04:23:47,400 So let's move back to /home where our list of commands 6758 04:23:47,400 --> 04:23:50,115 that I want to show you always so silly home. 6759 04:23:50,115 --> 04:23:52,400 Let's Alas and see what was it called, 6760 04:23:52,400 --> 04:23:54,500 its called list and suppose. 6761 04:23:54,500 --> 04:23:57,800 I want to see the condensed of list or txt. 6762 04:23:57,800 --> 04:24:01,600 All I have to do is say list dot txt. 6763 04:24:01,600 --> 04:24:01,858 Now. 6764 04:24:01,858 --> 04:24:04,700 It shows us whatever this file is containing. 6765 04:24:04,700 --> 04:24:06,500 It will read it out for you. 6766 04:24:06,700 --> 04:24:08,400 Done CD we've done LS 6767 04:24:08,400 --> 04:24:09,800 and its various forms 6768 04:24:09,800 --> 04:24:13,600 we've done PWD now it's time to do CP CP is basically used 6769 04:24:13,600 --> 04:24:16,926 for copying files from one place to another so suppose. 6770 04:24:16,926 --> 04:24:18,705 I want to copy this address file 6771 04:24:18,705 --> 04:24:21,200 that is there into some other directory. 6772 04:24:21,200 --> 04:24:25,600 Let's save our so all I would have to do is CP name Dot txt. 6773 04:24:25,600 --> 04:24:28,300 And then you specify which location you want 6774 04:24:28,300 --> 04:24:31,700 to actually copy it to so CD / VAR. 6775 04:24:31,800 --> 04:24:35,805 So this is where I want to copy my file to and you hit enter 6776 04:24:35,805 --> 04:24:39,200 and it's Copied but that was a very small file now. 6777 04:24:39,200 --> 04:24:41,395 We can actually check if it was copied 6778 04:24:41,395 --> 04:24:44,600 before I move on and pour some more knowledge into you. 6779 04:24:44,700 --> 04:24:46,400 So let's go into VAR. 6780 04:24:46,400 --> 04:24:50,869 So CD / VAR hit enter and you're involved again 6781 04:24:50,869 --> 04:24:54,100 and you CLS and now you see a name dot txt. 6782 04:24:54,100 --> 04:24:56,800 So let's remove name dot exe from here 6783 04:24:56,800 --> 04:24:59,700 because I want to copy it again and show y'all 6784 04:24:59,700 --> 04:25:03,400 a difference between a flag that I'm going to use right now. 6785 04:25:03,400 --> 04:25:04,200 So the - 6786 04:25:04,200 --> 04:25:06,726 and letters that you use are called flag. 6787 04:25:06,726 --> 04:25:09,000 Technically in the Linux terminal RG. 6788 04:25:09,000 --> 04:25:12,550 So let's go back to home now instead of the name of the file 6789 04:25:12,550 --> 04:25:13,786 and moving back home. 6790 04:25:13,786 --> 04:25:15,300 Just like I did you can type 6791 04:25:15,300 --> 04:25:17,500 out the complete name of the file out here. 6792 04:25:17,500 --> 04:25:20,465 So you could have gone CD slash home slash name 6793 04:25:20,465 --> 04:25:22,400 Dot txt and copy to slash bar. 6794 04:25:22,400 --> 04:25:23,202 But this time 6795 04:25:23,202 --> 04:25:26,600 what we're going to do is we're going to use a hyphen V, 6796 04:25:26,600 --> 04:25:28,116 which is basically used 6797 04:25:28,116 --> 04:25:31,081 for a verbose output of whatever you're doing. 6798 04:25:31,081 --> 04:25:32,671 So most of the commands 6799 04:25:32,671 --> 04:25:35,300 that we're going to using will have a - 6800 04:25:35,300 --> 04:25:36,400 V with them. 6801 04:25:36,500 --> 04:25:39,800 So, let's see how this actually affects the output. 6802 04:25:39,800 --> 04:25:43,400 So what we're going to do is we want to copy so sleepy 6803 04:25:43,400 --> 04:25:47,461 and verbose and we want to copy the file name Dot txt. 6804 04:25:47,461 --> 04:25:51,600 And we want to copy it to the folder called VAR, right? 6805 04:25:51,600 --> 04:25:52,819 So now you'll see 6806 04:25:52,819 --> 04:25:56,302 that it will give us what is being moved rather 6807 04:25:56,302 --> 04:25:57,817 that is named Dot txt. 6808 04:25:57,817 --> 04:26:01,559 And where it is being moved to so this is a very good way 6809 04:26:01,559 --> 04:26:04,500 of knowing what is actually happening because 6810 04:26:04,500 --> 04:26:08,422 if you do it without the verbose And suppose name not the XD was 6811 04:26:08,422 --> 04:26:10,857 just 20 GB file and you just don't know 6812 04:26:10,857 --> 04:26:12,386 if it has finished or not. 6813 04:26:12,386 --> 04:26:13,711 So if it's a 20 GB file 6814 04:26:13,711 --> 04:26:17,300 that is continuously update you on where what is being copied. 6815 04:26:17,300 --> 04:26:20,000 So basically all you have to do is type - 6816 04:26:20,000 --> 04:26:21,307 V if you want to know 6817 04:26:21,307 --> 04:26:24,259 where your files being copied and the exact part. 6818 04:26:24,259 --> 04:26:27,006 Okay, so that was about how you can copy files 6819 04:26:27,006 --> 04:26:28,400 from here and there now, 6820 04:26:28,400 --> 04:26:31,300 what was the next command that we want to see so cat. 6821 04:26:31,300 --> 04:26:33,900 So, let me just go and see the next command 6822 04:26:33,900 --> 04:26:36,100 that is there so list at the XT 6823 04:26:36,100 --> 04:26:38,700 so after God I want to show less Okay. 6824 04:26:38,700 --> 04:26:41,300 So we've done CP we also have to do MV. 6825 04:26:41,300 --> 04:26:42,700 Now as you guys can see 6826 04:26:42,700 --> 04:26:45,100 that CP is basically a copy copy is 6827 04:26:45,100 --> 04:26:48,002 as you would expect it leaves a copy of the file that 6828 04:26:48,002 --> 04:26:49,249 in the original directory 6829 04:26:49,249 --> 04:26:51,542 while also maintaining a copy in the directory 6830 04:26:51,542 --> 04:26:52,659 that you specified. 6831 04:26:52,659 --> 04:26:54,900 But if you want to move the file completely, 6832 04:26:54,900 --> 04:26:57,614 all you would have to do is use the command MV. 6833 04:26:57,614 --> 04:26:59,500 So MV is for moving the file now, 6834 04:26:59,500 --> 04:27:01,400 let's see what all goes with MV 6835 04:27:01,400 --> 04:27:03,000 so you can type help 6836 04:27:03,000 --> 04:27:06,400 and as I said you get the verbose option 6837 04:27:06,700 --> 04:27:09,800 And you get suffixes you can force things 6838 04:27:09,800 --> 04:27:11,300 to happen to suppose. 6839 04:27:11,300 --> 04:27:14,400 You don't have the permission do not problem before overwriting. 6840 04:27:14,400 --> 04:27:16,805 So it'll give you a prompt and you can completely 6841 04:27:16,805 --> 04:27:19,100 overlooked the problem with the F thing. 6842 04:27:19,100 --> 04:27:21,100 Let me just show you how that looks like. 6843 04:27:21,100 --> 04:27:22,300 We'll be doing a verbose 6844 04:27:22,300 --> 04:27:27,400 and we will be coughing the address dot txt file and okay. 6845 04:27:27,400 --> 04:27:29,918 So every time I've been actually typing 6846 04:27:29,918 --> 04:27:33,100 so you can do address or txt by just pressing Tab 6847 04:27:33,100 --> 04:27:36,922 and it will auto complete so address or txt to / - 6848 04:27:36,922 --> 04:27:38,900 bar now, it will show you 6849 04:27:38,900 --> 04:27:42,438 that it is actually renamed addressed at the XD 6850 04:27:42,438 --> 04:27:44,800 to VAR dress dot txt. 6851 04:27:45,600 --> 04:27:45,800 Now. 6852 04:27:45,800 --> 04:27:48,700 If you go and do LS out here you will see 6853 04:27:48,700 --> 04:27:52,100 that address dot txt is not actually he go 6854 04:27:52,100 --> 04:27:54,300 but if we were to move to VAR, 6855 04:27:54,300 --> 04:27:55,800 so CD / far, okay. 6856 04:27:55,800 --> 04:27:57,454 I've also been typing out commands 6857 04:27:57,454 --> 04:27:58,950 that have been previously using 6858 04:27:58,950 --> 04:28:01,600 and you can simply toggle through all the commands 6859 04:28:01,600 --> 04:28:04,100 that you've used by the up and down keys. 6860 04:28:04,100 --> 04:28:08,500 So LS MV MV V help I did CD home 6861 04:28:08,500 --> 04:28:11,333 and I have to go through all this just to prove a point. 6862 04:28:11,333 --> 04:28:12,187 It's a seedy bar. 6863 04:28:12,187 --> 04:28:13,591 We want to change that now. 6864 04:28:13,591 --> 04:28:15,100 We're in the variable folder. 6865 04:28:15,100 --> 04:28:18,400 And we also want to see what we have out here. 6866 04:28:18,400 --> 04:28:21,100 So address should be out here and Alas and 6867 04:28:21,100 --> 04:28:23,700 as you guys can see addressed at the XT is the first file 6868 04:28:23,700 --> 04:28:26,319 that has come up and it is basically the same file 6869 04:28:26,319 --> 04:28:29,100 and it can prove that to you by just getting the file 6870 04:28:29,100 --> 04:28:31,200 and as address txt. 6871 04:28:31,600 --> 04:28:32,258 And you see 6872 04:28:32,258 --> 04:28:35,200 that is some random address for some random person. 6873 04:28:35,200 --> 04:28:39,000 Okay now, Let's quickly clear out a file or window. 6874 04:28:39,000 --> 04:28:41,147 You can do that with the control l 6875 04:28:41,147 --> 04:28:43,000 or you can just type or clear. 6876 04:28:43,000 --> 04:28:43,705 Now. 6877 04:28:43,705 --> 04:28:46,000 What we want to do is move back to home. 6878 04:28:46,000 --> 04:28:46,999 So yeah 6879 04:28:46,999 --> 04:28:47,800 City home. 6880 04:28:48,100 --> 04:28:48,400 Okay. 6881 04:28:48,400 --> 04:28:50,400 So now that we're back at home again. 6882 04:28:50,400 --> 04:28:52,584 Let's get out our next file. 6883 04:28:52,584 --> 04:28:54,200 So let's start the XT 6884 04:28:54,200 --> 04:28:57,500 and after move I wanted to go through cap now cat 6885 04:28:57,500 --> 04:29:01,100 as you guys can see is printing out the contents of a file 6886 04:29:01,100 --> 04:29:02,388 and there's also less 6887 04:29:02,388 --> 04:29:04,843 which does something very similar to cat. 6888 04:29:04,843 --> 04:29:06,500 So, let's see what it does. 6889 04:29:06,500 --> 04:29:07,807 So if you go less 6890 04:29:07,807 --> 04:29:13,500 and you list.txt you actually see the contents of the file 6891 04:29:13,600 --> 04:29:15,500 in a completely new window, 6892 04:29:15,500 --> 04:29:18,300 which overlays on the previous window 6893 04:29:18,300 --> 04:29:21,050 and this is a very neat way to actually see the contents 6894 04:29:21,050 --> 04:29:22,500 of a file which is true less. 6895 04:29:22,500 --> 04:29:25,500 If you want to keep your main command line interface 6896 04:29:25,500 --> 04:29:28,700 not so cluttered which cat clatters it completely. 6897 04:29:28,800 --> 04:29:33,000 So if you want to get out of this place this less place 6898 04:29:33,000 --> 04:29:35,385 and all you have to do is press q 6899 04:29:35,385 --> 04:29:37,100 and Q gets you back and 6900 04:29:37,100 --> 04:29:39,900 as you see nothing was printed out on our main interface. 6901 04:29:39,900 --> 04:29:42,039 So this is a very cool way to actually keep 6902 04:29:42,039 --> 04:29:45,300 your command line interface neat and tidy when you're doing work. 6903 04:29:45,400 --> 04:29:46,938 Okay, so crap, 6904 04:29:46,938 --> 04:29:51,500 so grab is used for actually filtering out stuff from file. 6905 04:29:51,500 --> 04:29:53,600 So suppose we want to see 6906 04:29:53,700 --> 04:29:57,066 whether a command has some verbose option 6907 04:29:57,066 --> 04:29:58,066 to it or not. 6908 04:29:58,100 --> 04:29:59,200 So now I know 6909 04:29:59,200 --> 04:30:01,900 that MV has a purpose command but suppose I didn't know 6910 04:30:01,900 --> 04:30:05,400 that so MV - - helped then you use the pipe sign. 6911 04:30:05,400 --> 04:30:06,805 So what the pipes Means 6912 04:30:06,805 --> 04:30:09,800 is you have to take this command the First Command 6913 04:30:09,800 --> 04:30:12,400 and then you five nine and two the second come on 6914 04:30:12,400 --> 04:30:14,476 and you want to see graph - 6915 04:30:14,476 --> 04:30:16,100 V if that exists. 6916 04:30:16,569 --> 04:30:19,030 Okay, so let's see grab for both. 6917 04:30:19,600 --> 04:30:19,800 Yep. 6918 04:30:19,800 --> 04:30:21,955 So a verbose exists and that is - 6919 04:30:21,955 --> 04:30:23,100 be and that's - - 6920 04:30:23,100 --> 04:30:25,663 verbose so explaining what is being done. 6921 04:30:25,663 --> 04:30:28,100 So what happened out here is basically 6922 04:30:28,100 --> 04:30:29,900 we took this first command 6923 04:30:29,900 --> 04:30:31,400 and then we filter it 6924 04:30:31,400 --> 04:30:33,857 and filtering is done through the piping. 6925 04:30:33,857 --> 04:30:36,500 So basically think about you taking some Ian 6926 04:30:36,500 --> 04:30:38,920 and pipelining it through something else 6927 04:30:38,920 --> 04:30:41,093 which funnels it out of this command 6928 04:30:41,093 --> 04:30:41,900 which is grip 6929 04:30:41,900 --> 04:30:43,600 so you can use MV / 6930 04:30:43,600 --> 04:30:47,400 help in conjunction with a bunch of other commands just 6931 04:30:47,400 --> 04:30:50,100 on correct and I'll leave the creativity up to you. 6932 04:30:50,100 --> 04:30:52,400 So grab is basically used for getting 6933 04:30:52,400 --> 04:30:54,002 what you want from a file 6934 04:30:54,002 --> 04:30:57,400 and graph is used very very much throughout the source 6935 04:30:57,400 --> 04:30:59,400 of this video through this Kali Linux tutorial 6936 04:30:59,400 --> 04:31:01,000 that you're going to be watching. 6937 04:31:01,000 --> 04:31:03,387 So that is a very easy way to see 6938 04:31:03,387 --> 04:31:05,700 if you have a particular option 6939 04:31:05,700 --> 04:31:09,000 or let me do Against also so CD / VAR now, 6940 04:31:09,000 --> 04:31:10,800 we're in the bar folder. 6941 04:31:10,800 --> 04:31:11,798 And let's LS. 6942 04:31:11,798 --> 04:31:14,100 We actually have name dot txt. 6943 04:31:14,200 --> 04:31:14,800 Now. 6944 04:31:14,800 --> 04:31:19,000 Let's also go into backups OCD be and tapped and 6945 04:31:19,000 --> 04:31:20,730 that brings us back up folder 6946 04:31:20,730 --> 04:31:23,664 and we're now in the backup folder Let's do an LS out here. 6947 04:31:23,664 --> 04:31:25,690 Okay, so we have a bunch of files. 6948 04:31:25,690 --> 04:31:25,997 Okay. 6949 04:31:25,997 --> 04:31:27,900 We have some password dot back. 6950 04:31:27,900 --> 04:31:33,300 No see if you have cat and you go password got back. 6951 04:31:33,300 --> 04:31:35,500 You can see the entire thing. 6952 04:31:35,500 --> 04:31:36,300 Now what? 6953 04:31:36,300 --> 04:31:39,139 What if you didn't want this entirety of it or 6954 04:31:39,139 --> 04:31:40,483 if you want something 6955 04:31:40,483 --> 04:31:42,844 in particular you want to be very neat 6956 04:31:42,844 --> 04:31:44,876 so you can do that same command. 6957 04:31:44,876 --> 04:31:46,082 You can pipeline it 6958 04:31:46,082 --> 04:31:49,600 and you can see grab and you want everything with no login 6959 04:31:49,600 --> 04:31:50,400 so we can see 6960 04:31:50,400 --> 04:31:51,900 that there's a bunch of things 6961 04:31:51,900 --> 04:31:52,800 that say no login 6962 04:31:52,800 --> 04:31:56,100 and we only want those and these are all the things 6963 04:31:56,100 --> 04:31:58,337 that say no login in them and 6964 04:31:58,337 --> 04:32:02,100 it's a much less a list and it gives us a very 6965 04:32:02,100 --> 04:32:03,900 particular list that you are looking for. 6966 04:32:03,900 --> 04:32:05,300 So that is how you use crap. 6967 04:32:05,300 --> 04:32:06,652 So now let's head back. 6968 04:32:06,652 --> 04:32:07,300 To home. 6969 04:32:07,400 --> 04:32:09,092 Okay, I've done wrong. 6970 04:32:09,300 --> 04:32:11,500 And again, let's see 6971 04:32:11,500 --> 04:32:15,100 what the next Monday's so now let's start the XD. 6972 04:32:15,100 --> 04:32:16,561 So we've done crap. 6973 04:32:16,561 --> 04:32:18,600 We now have to do Echo Echo 6974 04:32:18,600 --> 04:32:21,900 and then touch OK let's go back a few we press q 6975 04:32:21,900 --> 04:32:23,400 and we get out of there. 6976 04:32:23,400 --> 04:32:25,700 So what did I have to teach again? 6977 04:32:25,700 --> 04:32:27,300 I'm such a dummy we have do Echo. 6978 04:32:27,300 --> 04:32:27,600 Okay. 6979 04:32:27,600 --> 04:32:31,000 So what does it Echo used for so suppose you will say Echo 6980 04:32:31,000 --> 04:32:32,959 and open code hello world. 6981 04:32:32,959 --> 04:32:36,300 It would basically do what the man says that is. 6982 04:32:36,300 --> 04:32:37,929 Echo whatever you say now, 6983 04:32:37,929 --> 04:32:41,000 it'll say Echo hello world and that will basically 6984 04:32:41,000 --> 04:32:43,732 Echo whatever you typed out in the conditions. 6985 04:32:43,732 --> 04:32:46,119 That is Hello World spelled very wrong. 6986 04:32:46,119 --> 04:32:49,700 Okay now suppose you want to actually put this into a file 6987 04:32:49,700 --> 04:32:52,100 so you could do Echo hello world. 6988 04:32:52,100 --> 04:32:54,700 Let's spell it properly this time and you want 6989 04:32:54,700 --> 04:32:56,000 to answer in the file. 6990 04:32:56,000 --> 04:32:59,100 We had a phone number I guess for number dot exe. 6991 04:32:59,100 --> 04:33:01,700 Yep, and we can Echo it at that thing. 6992 04:33:01,700 --> 04:33:03,300 Now that was done now. 6993 04:33:03,300 --> 04:33:03,800 Let's see. 6994 04:33:03,800 --> 04:33:06,646 What is it phone number DOT txt phone. 6995 04:33:06,646 --> 04:33:09,599 Dot txt and it says hello world 6996 04:33:09,599 --> 04:33:13,499 so you can basically input text it to a certain file 6997 04:33:13,500 --> 04:33:16,800 with the echo command and that's how you do it. 6998 04:33:16,800 --> 04:33:17,184 Okay. 6999 04:33:17,200 --> 04:33:18,700 Now let's also see 7000 04:33:18,700 --> 04:33:22,200 how you can make directories and that is with the make directory. 7001 04:33:22,200 --> 04:33:23,000 Come on. 7002 04:33:23,099 --> 04:33:23,899 So, okay. 7003 04:33:23,900 --> 04:33:26,017 We also have to do touch before that. 7004 04:33:26,017 --> 04:33:29,605 I forgot now Dodge is used for quickly creating files so touch 7005 04:33:29,605 --> 04:33:32,000 for you could save touch and then the file name 7006 04:33:32,000 --> 04:33:34,700 so we can create a name file again 7007 04:33:34,700 --> 04:33:38,599 name dot exe or or that will create a name dot txt. 7008 04:33:38,599 --> 04:33:40,899 Let me just show it to you and I sell 7009 04:33:40,900 --> 04:33:42,900 and we have a name dot txt. 7010 04:33:42,900 --> 04:33:46,099 We can also create multiple files with touch 7011 04:33:46,099 --> 04:33:48,699 and you could say file1 file2 7012 04:33:48,900 --> 04:33:51,700 and file 3 so like this 7013 04:33:51,700 --> 04:33:54,541 you can create multiple files and let me just LS 7014 04:33:54,541 --> 04:33:56,900 that out and show it to you and let cell 7015 04:33:57,000 --> 04:33:59,900 and we have five on file to open files three now. 7016 04:33:59,900 --> 04:34:01,880 We can also create a directory. 7017 04:34:01,880 --> 04:34:04,500 So make dir and the name of the directory. 7018 04:34:04,500 --> 04:34:08,300 So suppose you wanted to say All your movies in One Directory, 7019 04:34:08,300 --> 04:34:09,900 they make directory movie 7020 04:34:09,900 --> 04:34:12,000 and now you have directory called movies 7021 04:34:12,000 --> 04:34:13,700 and you can also move into movies. 7022 04:34:13,700 --> 04:34:14,700 So CD movie. 7023 04:34:14,700 --> 04:34:17,599 Okay, so that's how you create directories 7024 04:34:17,599 --> 04:34:21,099 and you can move into them with the change directory folder. 7025 04:34:21,099 --> 04:34:23,699 Now, let's see what the next command was. 7026 04:34:23,700 --> 04:34:27,099 So CD and dot dot so fit CD dot dot you can move back 7027 04:34:27,099 --> 04:34:29,299 to the previous folder if I'm already know told you 7028 04:34:29,300 --> 04:34:32,700 that and since we're in movies we can just go back to home 7029 04:34:32,700 --> 04:34:34,599 with CD dot dot after now. 7030 04:34:34,599 --> 04:34:38,599 Let's see what else is there, so Cat list Dot txt. 7031 04:34:39,099 --> 04:34:41,199 And okay now CH own 7032 04:34:41,200 --> 04:34:45,000 chmod now CH own will be a little tough to show 7033 04:34:45,000 --> 04:34:49,099 because we don't have any sort of a user or here. 7034 04:34:49,099 --> 04:34:50,993 The root user is the only user 7035 04:34:50,993 --> 04:34:53,899 that we have on this virtual box and set up but 7036 04:34:53,900 --> 04:34:56,200 if you want to change the ownership of a file, 7037 04:34:56,200 --> 04:34:56,800 so let's see 7038 04:34:56,900 --> 04:35:01,008 so you can see the ownership of a file through the LSL. 7039 04:35:01,008 --> 04:35:03,900 Come on and you see that root and root. 7040 04:35:03,900 --> 04:35:06,300 So this is owner name. 7041 04:35:06,300 --> 04:35:09,500 And this is the owner group and they're mostly the same thing. 7042 04:35:09,599 --> 04:35:11,199 So our next command app 7043 04:35:11,200 --> 04:35:13,631 you're going to actually see is called CH own. 7044 04:35:13,631 --> 04:35:16,311 So let's see how CH own is actually used CSU own 7045 04:35:16,311 --> 04:35:18,894 is used for changing the ownership of a file. 7046 04:35:18,894 --> 04:35:21,599 So a actually don't remember how to use CH own. 7047 04:35:21,599 --> 04:35:24,399 So if you actually don't remember or you're getting stuck 7048 04:35:24,400 --> 04:35:26,099 somewhere just use the help function. 7049 04:35:26,099 --> 04:35:28,199 So if a command line argument symbolic, 7050 04:35:28,200 --> 04:35:29,900 so let me just go through this one. 7051 04:35:29,900 --> 04:35:32,966 So this is how you use it owner and then call them group. 7052 04:35:32,966 --> 04:35:34,500 Okay, and then the file name 7053 04:35:34,500 --> 04:35:35,700 so you go CH own 7054 04:35:35,700 --> 04:35:38,116 and then you want to say the name of the owner 7055 04:35:38,116 --> 04:35:40,999 and the group you wanted to belong to that is root 7056 04:35:41,000 --> 04:35:43,500 and rude and then you specify the name of the file. 7057 04:35:43,500 --> 04:35:45,200 So suppose I won't change file one 7058 04:35:45,200 --> 04:35:46,749 that already belongs to root and root 7059 04:35:46,749 --> 04:35:48,099 so it doesn't really matter 7060 04:35:48,099 --> 04:35:49,299 because I don't have 7061 04:35:49,300 --> 04:35:53,599 any other username to actually change the ownership to 7062 04:35:53,599 --> 04:35:56,341 so this is how you would normally change ownership. 7063 04:35:56,342 --> 04:35:57,700 So let me just show you 7064 04:35:57,700 --> 04:36:00,599 where you can see the ownership and that is LS - 7065 04:36:00,599 --> 04:36:04,199 L and I'll share the root and root you see on file 7066 04:36:04,200 --> 04:36:06,300 one is basically this is the owner. 7067 04:36:06,300 --> 04:36:07,500 This is the owner group. 7068 04:36:07,500 --> 04:36:09,900 They're normally the same thing and the same name, 7069 04:36:09,900 --> 04:36:11,599 but if you had some different owner 7070 04:36:11,599 --> 04:36:14,599 like a guest you could change it 7071 04:36:14,599 --> 04:36:16,499 by actually using the CH 7072 04:36:16,500 --> 04:36:19,900 own method the command methods are different things. 7073 04:36:19,900 --> 04:36:22,500 I always get confused because of the programming. 7074 04:36:22,500 --> 04:36:22,839 Okay. 7075 04:36:22,839 --> 04:36:24,200 Now the next command 7076 04:36:24,200 --> 04:36:27,800 that is left is called chmod to actually show you 7077 04:36:27,800 --> 04:36:29,000 how chmod works. 7078 04:36:29,000 --> 04:36:31,099 Let me show you an interesting file. 7079 04:36:31,099 --> 04:36:32,099 So suppose. 7080 04:36:32,099 --> 04:36:34,225 Let me just do this once okay 7081 04:36:34,225 --> 04:36:36,499 now Echo what you want to Echo? 7082 04:36:36,500 --> 04:36:38,200 Oh is let's Echo. 7083 04:36:38,200 --> 04:36:42,599 Hello world and let's put that in quotation. 7084 04:36:42,599 --> 04:36:45,599 And we want to put this in test now 7085 04:36:45,599 --> 04:36:46,899 once we've done that lets 7086 04:36:46,900 --> 04:36:47,889 Alas and we see 7087 04:36:47,889 --> 04:36:50,000 that we have a test file out here 7088 04:36:50,000 --> 04:36:52,599 and we want to move test to test 7089 04:36:52,599 --> 04:36:56,137 our sh so tested sh is the executable file 7090 04:36:56,137 --> 04:36:58,522 that is used in bash scripting. 7091 04:36:58,599 --> 04:37:02,337 So we move test to test out sh the way you 7092 04:37:02,338 --> 04:37:06,800 actually execute batch files on your command line is with . 7093 04:37:06,800 --> 04:37:10,400 + / she say dot slash and if I press T, 7094 04:37:10,400 --> 04:37:11,383 and I press tab. 7095 04:37:11,383 --> 04:37:14,399 You see that there is no options that's coming up. 7096 04:37:14,400 --> 04:37:18,500 That is because they're start sh is not an executable file 7097 04:37:18,500 --> 04:37:21,800 to test out sh is don't have the executable permission. 7098 04:37:21,800 --> 04:37:25,000 So let me just show that to you LS and you see test 7099 04:37:25,000 --> 04:37:27,313 or sh it doesn't have the executable. 7100 04:37:27,313 --> 04:37:29,599 Now you see movie it is executable. 7101 04:37:29,599 --> 04:37:31,497 I don't know why it is a directory. 7102 04:37:31,498 --> 04:37:33,900 So it is an executable you can move into it. 7103 04:37:33,900 --> 04:37:35,145 So it's blue and color. 7104 04:37:35,145 --> 04:37:36,500 So the way you I actually 7105 04:37:36,500 --> 04:37:39,700 can make this an executable is by changing his permission. 7106 04:37:39,700 --> 04:37:40,700 So the way you do 7107 04:37:40,700 --> 04:37:45,400 that is chmod and basically you change it to an executable. 7108 04:37:45,400 --> 04:37:48,500 So plus X that is making an executable. 7109 04:37:48,500 --> 04:37:50,346 If you do plus RL make it readable. 7110 04:37:50,346 --> 04:37:52,900 And if you do plus W will make it writable also, 7111 04:37:52,900 --> 04:37:55,823 so if you do plus X and do tests or SSH 7112 04:37:56,000 --> 04:37:58,300 and now you go and do LSL, 7113 04:37:58,500 --> 04:38:00,499 you'll see that SSH has become green 7114 04:38:00,499 --> 04:38:04,099 because it is an executable file now and now if you do dot slash 7115 04:38:04,099 --> 04:38:05,599 and you press T, 7116 04:38:05,599 --> 04:38:06,786 you get that Sh, 7117 04:38:06,787 --> 04:38:07,900 if I press tab, 7118 04:38:07,900 --> 04:38:10,026 so now it is an executable file. 7119 04:38:10,026 --> 04:38:11,399 And if I executed it 7120 04:38:11,400 --> 04:38:14,000 presses out hello world under the my screen. 7121 04:38:14,000 --> 04:38:16,700 So that's how you can use the chmod 7122 04:38:16,700 --> 04:38:20,000 or which is basically the change of emissions of files 7123 04:38:20,000 --> 04:38:22,500 and we'll be changing permissions of files 7124 04:38:22,500 --> 04:38:25,099 throughout the course of this video will be very useful 7125 04:38:25,099 --> 04:38:26,229 for us and you'll see 7126 04:38:26,230 --> 04:38:27,849 as we go along with this video. 7127 04:38:27,849 --> 04:38:28,086 Okay. 7128 04:38:28,087 --> 04:38:28,961 So the next thing 7129 04:38:28,961 --> 04:38:30,988 that I want to show you only to our left 7130 04:38:30,988 --> 04:38:32,400 and I remember those now 7131 04:38:32,400 --> 04:38:36,176 and it is RM + RM is used for actually removing. 7132 04:38:36,176 --> 04:38:38,919 A files so you should be very careful 7133 04:38:38,919 --> 04:38:40,900 while using RM or any sort 7134 04:38:40,900 --> 04:38:43,400 of removing command on a Linux system 7135 04:38:43,400 --> 04:38:45,300 because once you remove something it is 7136 04:38:45,300 --> 04:38:47,900 very difficult to get it back in as almost The Impossible. 7137 04:38:47,900 --> 04:38:49,674 It's not like Windows where it's basically 7138 04:38:49,674 --> 04:38:51,350 just disappeared in front of your eyes, 7139 04:38:51,350 --> 04:38:53,776 but it's still there in the memory cluttering it all up. 7140 04:38:53,776 --> 04:38:55,535 That's why Linux always Trump's Windows. 7141 04:38:55,536 --> 04:38:56,800 That's one of the reasons 7142 04:38:56,800 --> 04:38:58,500 and make a video on that later on. 7143 04:38:58,500 --> 04:39:00,285 But for now, let's focus on our M. 7144 04:39:00,285 --> 04:39:01,000 Now. 7145 04:39:01,000 --> 04:39:02,807 We can remove file one. 7146 04:39:02,807 --> 04:39:06,500 So, let's see so file one is going to be removed. 7147 04:39:06,700 --> 04:39:08,500 So if he LS no, 7148 04:39:09,000 --> 04:39:12,700 you see 506 this but let me show you our M. 7149 04:39:12,996 --> 04:39:14,303 And if I do movie 7150 04:39:14,400 --> 04:39:17,710 it'll say cannot remove movie is a directory. 7151 04:39:17,710 --> 04:39:22,500 But if you go into the help menu I bet there will be an option 7152 04:39:22,500 --> 04:39:25,500 that you can just forcefully should move it. 7153 04:39:25,500 --> 04:39:30,000 So our M force will just remove so our n /r 7154 04:39:30,430 --> 04:39:31,969 and you can do movie 7155 04:39:32,099 --> 04:39:35,891 and it will recursively remove everything and if you go Hill 7156 04:39:35,892 --> 04:39:37,500 and do The LSL you'll see 7157 04:39:37,500 --> 04:39:38,777 that there is no movie. 7158 04:39:38,777 --> 04:39:39,872 He directory anymore. 7159 04:39:39,872 --> 04:39:41,800 And that is how you can remove movies. 7160 04:39:41,800 --> 04:39:42,503 Now that problem 7161 04:39:42,503 --> 04:39:44,700 that you see out there is actually a safety measure 7162 04:39:44,700 --> 04:39:46,400 because once you remove a directory 7163 04:39:46,400 --> 04:39:47,800 and it's not retrievable, 7164 04:39:47,800 --> 04:39:49,000 that's a very sad scenario 7165 04:39:49,000 --> 04:39:51,600 and you don't want to get yourself in such a scenario 7166 04:39:51,600 --> 04:39:53,200 in whatsoever possibility. 7167 04:39:53,200 --> 04:39:55,430 Okay moving on so on so forth 7168 04:39:55,430 --> 04:39:59,200 that was all about the RM folder now you can do RM 7169 04:39:59,200 --> 04:40:01,200 and address of anything. 7170 04:40:01,200 --> 04:40:05,000 So RM, I know we moved in address that the x 7171 04:40:05,000 --> 04:40:09,200 t so in The VAR folder we can go our M VAR 7172 04:40:09,200 --> 04:40:11,600 and dress Dot txt. 7173 04:40:12,000 --> 04:40:15,800 And that will remove address out the XD from the folder 7174 04:40:15,800 --> 04:40:18,700 of our let me just show you that work. 7175 04:40:19,000 --> 04:40:21,600 So CD bar and LS and you see 7176 04:40:21,600 --> 04:40:24,277 that there is no address or txt out here. 7177 04:40:24,277 --> 04:40:27,263 Okay, another way to get help for any command 7178 04:40:27,263 --> 04:40:30,264 that you want is man and suppose you want 7179 04:40:30,264 --> 04:40:33,257 to see what RM will show everything about our M 7180 04:40:33,257 --> 04:40:35,600 that is there to show to you show you 7181 04:40:35,600 --> 04:40:39,300 how to use use it'll give you a description schnapps has named 7182 04:40:39,300 --> 04:40:41,100 remove files and directories. 7183 04:40:41,100 --> 04:40:45,115 It's a very useful way so out here you see is the manual page. 7184 04:40:45,115 --> 04:40:46,739 So that is where means man 7185 04:40:46,739 --> 04:40:48,800 and you can press line one nature. 7186 04:40:48,800 --> 04:40:50,300 You can press Q to quit. 7187 04:40:50,300 --> 04:40:51,929 So that's very much helpful. 7188 04:40:51,929 --> 04:40:52,400 OK guys. 7189 04:40:52,400 --> 04:40:55,000 So that was all about the command line interface 7190 04:40:55,000 --> 04:40:58,305 and how we can use it to go about the operating system 7191 04:40:58,305 --> 04:41:01,300 and change file permissions copy fires move files 7192 04:41:01,300 --> 04:41:04,400 and a bunch of other stuff now it's time to get on 7193 04:41:04,400 --> 04:41:05,700 with the interesting stuff 7194 04:41:05,700 --> 04:41:08,600 and that Is firstly we're going to be learning how you 7195 04:41:08,600 --> 04:41:12,400 can actually see Anonymous with proxy James OK guys. 7196 04:41:12,400 --> 04:41:15,000 So now that we are done with the command line Basics. 7197 04:41:15,000 --> 04:41:17,378 It's time that we move forward with proxy James. 7198 04:41:17,378 --> 04:41:19,845 So before we move forward with proxy chains, 7199 04:41:19,845 --> 04:41:23,000 let us head back to PowerPoint presentation and see what 7200 04:41:23,000 --> 04:41:24,700 exactly proxy chains are. 7201 04:41:24,800 --> 04:41:25,200 Okay. 7202 04:41:25,700 --> 04:41:27,800 So proxy chains now 7203 04:41:27,800 --> 04:41:30,966 as the name suggests proxy chains are basically 7204 04:41:30,966 --> 04:41:32,500 a chain of proxies now, 7205 04:41:32,500 --> 04:41:33,800 where is the proxy used 7206 04:41:33,800 --> 04:41:36,397 a proxy is used whenever you want to anonymize? 7207 04:41:36,397 --> 04:41:38,600 Has yourself on the wire or the network? 7208 04:41:38,600 --> 04:41:42,100 You do not want to know or you do not want to others know 7209 04:41:42,100 --> 04:41:46,400 what the source IP address was for your client system 7210 04:41:46,400 --> 04:41:47,400 and to do this. 7211 04:41:47,400 --> 04:41:50,800 All you have to do is send your package through a bunch 7212 04:41:50,800 --> 04:41:52,300 of intermediaries systems 7213 04:41:52,300 --> 04:41:54,900 and these intermediaries systems carry the bucket out 7214 04:41:54,900 --> 04:41:57,300 and they transmit it to the Target system. 7215 04:41:57,300 --> 04:41:59,858 And this is much slower and let's see 7216 04:41:59,858 --> 04:42:02,526 how we can use this in Kali Linux. 7217 04:42:02,526 --> 04:42:06,100 No in combination with tour to in order to anonymize. 7218 04:42:06,100 --> 04:42:08,552 Pick not only on web browsing traffic, 7219 04:42:08,552 --> 04:42:11,720 but rather instead on all networks related traffic 7220 04:42:11,720 --> 04:42:14,500 generated by pretty much older applications, 7221 04:42:14,500 --> 04:42:17,100 but you can also change this in the settings. 7222 04:42:17,100 --> 04:42:19,318 Now, what we're going to do is we're going 7223 04:42:19,318 --> 04:42:21,700 to open up the proxy chain configuration file 7224 04:42:21,700 --> 04:42:23,900 and we're going to understand all its options 7225 04:42:23,900 --> 04:42:25,000 that are available. 7226 04:42:25,000 --> 04:42:25,967 So to do that. 7227 04:42:25,967 --> 04:42:30,000 All you have to do is say no you go into the ETC folder 7228 04:42:30,000 --> 04:42:33,100 and then you go for the proxy chain 7229 04:42:33,176 --> 04:42:36,099 that conf and what do you see out here? 7230 04:42:36,100 --> 04:42:37,500 Is in a new editor 7231 04:42:37,500 --> 04:42:39,900 and we had spoken about Nano editor 7232 04:42:39,900 --> 04:42:42,017 when we were discussing the CLI part. 7233 04:42:42,017 --> 04:42:43,900 I hope you haven't skip that now 7234 04:42:43,900 --> 04:42:45,900 what do you see out here is a bunch 7235 04:42:45,900 --> 04:42:47,700 of instructions and options. 7236 04:42:47,700 --> 04:42:51,110 So let me just zoom in into the Squall line interface 7237 04:42:51,110 --> 04:42:53,800 and now you can read everything much well, 7238 04:42:53,800 --> 04:42:55,900 so what proxy jeans is well, 7239 04:42:55,900 --> 04:42:58,600 it gives you the ability rather to draw out your traffic 7240 04:42:58,600 --> 04:43:00,482 through a series of proxy servers 7241 04:43:00,482 --> 04:43:03,000 and stay Anonymous in such a fashion by hiding 7242 04:43:03,000 --> 04:43:05,500 behind them or by having them forward your request. 7243 04:43:05,500 --> 04:43:07,249 So it looks like On the other side 7244 04:43:07,249 --> 04:43:09,700 that your requests are coming from them as opposed 7245 04:43:09,700 --> 04:43:11,400 to you now surprisingly enough. 7246 04:43:11,400 --> 04:43:14,100 There are large amount of these proxy servers out there 7247 04:43:14,100 --> 04:43:16,800 that you can use but they're not very stable, you know, 7248 04:43:16,800 --> 04:43:17,889 they go up and down 7249 04:43:17,889 --> 04:43:20,700 and they're not very fast so far specific targets, 7250 04:43:20,700 --> 04:43:23,700 they can be useful but not for brute forcing 7251 04:43:23,700 --> 04:43:26,500 and not for any sort of computing attack. 7252 04:43:26,500 --> 04:43:28,787 So suppose you're doing something to certain Target 7253 04:43:28,787 --> 04:43:30,987 for trying to log in or you're already logged 7254 04:43:30,987 --> 04:43:33,100 in you can definitely do it through proxy chains, 7255 04:43:33,100 --> 04:43:36,158 and it will be reasonably fast and reasonably stable. 7256 04:43:36,158 --> 04:43:36,800 As well, but 7257 04:43:36,800 --> 04:43:38,877 if you're doing some sort of mass scanning 7258 04:43:38,877 --> 04:43:40,500 or your brute forcing a password 7259 04:43:40,500 --> 04:43:43,000 or something of a kind of a proxy chain with a list 7260 04:43:43,000 --> 04:43:44,976 of proxies selected from the internet, 7261 04:43:44,976 --> 04:43:46,407 especially the free proxies. 7262 04:43:46,407 --> 04:43:47,584 It's not going to work. 7263 04:43:47,584 --> 04:43:50,900 I mean it's going to work out eventually in a technical sense, 7264 04:43:50,900 --> 04:43:54,429 but it will consume more time than you can spare and by that. 7265 04:43:54,429 --> 04:43:56,400 I mean it can be very very long time. 7266 04:43:56,400 --> 04:43:59,100 It can take about months or two to do a simple scan. 7267 04:43:59,100 --> 04:44:01,900 So that's not an option and there are other ways of doing 7268 04:44:01,900 --> 04:44:04,300 that but for the time being I just want you to know 7269 04:44:04,300 --> 04:44:05,952 how you can use proxy jeans 7270 04:44:05,952 --> 04:44:08,400 and How you can configure it and actually 7271 04:44:08,400 --> 04:44:09,700 because it's really useful 7272 04:44:09,700 --> 04:44:12,100 and I use it fairly often a lot of people do 7273 04:44:12,100 --> 04:44:14,100 and it's a fantastic piece of software. 7274 04:44:14,100 --> 04:44:16,400 So first off we have the types of proxies. 7275 04:44:16,400 --> 04:44:20,000 So you see yes EDP socks for and socks5 now, 7276 04:44:20,000 --> 04:44:23,050 they are fundamental differences between these protocols 7277 04:44:23,050 --> 04:44:25,776 and you always want to find yourself a socks5 proxy 7278 04:44:25,776 --> 04:44:27,594 as that's the best possible one 7279 04:44:27,594 --> 04:44:30,300 and that has the ability to anonymize all sorts 7280 04:44:30,300 --> 04:44:31,600 of traffic scdp. 7281 04:44:31,600 --> 04:44:35,400 Well as a name it says it's for HTTP traffic 7282 04:44:35,500 --> 04:44:37,100 and socks for Or is very similar 7283 04:44:37,100 --> 04:44:40,242 to Socks by but it does not support IPv6 protocol 7284 04:44:40,242 --> 04:44:42,556 and it does not support UDP protocol. 7285 04:44:42,556 --> 04:44:44,100 So this can be sucks for 7286 04:44:44,100 --> 04:44:47,200 and can be rather problematic and you always want to make sure 7287 04:44:47,200 --> 04:44:50,571 that you're using socks5 wherever and however any way 7288 04:44:50,571 --> 04:44:53,100 down below you have these other options, 7289 04:44:53,100 --> 04:44:54,394 which we will go over. 7290 04:44:54,394 --> 04:44:56,800 So basically how you enable these options is 7291 04:44:56,800 --> 04:44:59,487 that you don't need to type some complex lines of code 7292 04:44:59,487 --> 04:45:00,680 or anything of any kind 7293 04:45:00,680 --> 04:45:04,000 basically you all you have to do is just leave the hash out here. 7294 04:45:04,000 --> 04:45:06,104 I'll show you so suppose we want 7295 04:45:06,104 --> 04:45:08,800 Do actually activate Dynamic jeans option. 7296 04:45:08,800 --> 04:45:11,100 So all we have to do is delete the hash. 7297 04:45:11,100 --> 04:45:13,100 But let's put in the harsh right now. 7298 04:45:13,100 --> 04:45:14,550 So after you delete the harsh, 7299 04:45:14,550 --> 04:45:17,000 all you have to do is save the file and the option 7300 04:45:17,000 --> 04:45:20,859 is enabled this hash presents a commented out line meaning 7301 04:45:20,859 --> 04:45:23,500 that the system reading this will ignore 7302 04:45:23,500 --> 04:45:24,748 if there is Harsh and 7303 04:45:24,748 --> 04:45:27,866 if there isn't hash it will take it into consideration 7304 04:45:27,866 --> 04:45:29,633 and interpret it according you. 7305 04:45:29,633 --> 04:45:31,800 Anyway what we have here are statements 7306 04:45:31,800 --> 04:45:33,431 which allow us to specify 7307 04:45:33,431 --> 04:45:36,416 how we want our traffic to be routed the First 7308 04:45:36,416 --> 04:45:39,600 off we have Dynamic chain Dynamic chain is a some 7309 04:45:39,600 --> 04:45:40,700 and is an option 7310 04:45:40,700 --> 04:45:43,425 which you will find people using the most it 7311 04:45:43,425 --> 04:45:45,200 is most commonly used option 7312 04:45:45,200 --> 04:45:47,400 and a preferable want to at that and honestly, 7313 04:45:47,400 --> 04:45:49,600 I think it's the best one out there primarily 7314 04:45:49,600 --> 04:45:51,200 because it's the most stable one 7315 04:45:51,200 --> 04:45:54,600 and here's why now suppose you have a b c d proxies. 7316 04:45:54,600 --> 04:45:57,206 So those are some servers with IP addresses 7317 04:45:57,206 --> 04:45:58,200 with open ports. 7318 04:45:58,200 --> 04:45:59,884 And if you have a strict chain policy, 7319 04:45:59,884 --> 04:46:01,800 which is enabled on this computer right now 7320 04:46:01,800 --> 04:46:04,000 as you see if you have a strict chain policy, 7321 04:46:04,000 --> 04:46:06,100 we can only be able to access any site 7322 04:46:06,100 --> 04:46:08,700 on Internet in general by going through ABCD. 7323 04:46:08,700 --> 04:46:10,500 So you have to go through all of them 7324 04:46:10,500 --> 04:46:13,300 and you have to go through them in that specific order. 7325 04:46:13,300 --> 04:46:16,209 That is ABCD and that's not always a good thing. 7326 04:46:16,209 --> 04:46:18,300 I mean if you're paying for 5 proxies, 7327 04:46:18,300 --> 04:46:19,300 that's not a problem 7328 04:46:19,300 --> 04:46:21,675 because they will always be operational 7329 04:46:21,675 --> 04:46:23,300 and they will always be up 7330 04:46:23,300 --> 04:46:26,074 and why not that's not a bad idea or an option 7331 04:46:26,074 --> 04:46:27,800 but there are however people 7332 04:46:27,800 --> 04:46:31,000 who use proxies for free and they don't tend to pay for them. 7333 04:46:31,000 --> 04:46:33,700 Why would you pay for like five proxies for simple scan 7334 04:46:33,700 --> 04:46:35,200 or something of that kind? 7335 04:46:35,300 --> 04:46:38,100 They're not free and the a cost money and they're 7336 04:46:38,200 --> 04:46:39,300 rather expensive also, 7337 04:46:39,300 --> 04:46:42,400 but still, I mean the act of paying itself identifies you 7338 04:46:42,400 --> 04:46:45,000 and kind of diminishes the amount of anonymity you have 7339 04:46:45,000 --> 04:46:45,800 on the internet. 7340 04:46:45,800 --> 04:46:47,600 So some complex payment methods 7341 04:46:47,600 --> 04:46:50,300 can still be used to actually anonymize yourself, 7342 04:46:50,300 --> 04:46:53,241 but it's fairly simple to just use a dynamic chain. 7343 04:46:53,241 --> 04:46:56,192 So firstly we're going to go ahead and uncomment 7344 04:46:56,192 --> 04:46:57,700 the dynamic chain option 7345 04:46:57,700 --> 04:47:00,400 and we're going to comment out the strict chain option. 7346 04:47:00,400 --> 04:47:02,490 So strict chain will no longer be used and I 7347 04:47:02,490 --> 04:47:03,900 will be using Dynamic chains. 7348 04:47:03,900 --> 04:47:05,271 And one more thing to note here. 7349 04:47:05,271 --> 04:47:06,900 Is that if you want to use Rocky chains 7350 04:47:06,900 --> 04:47:08,100 in combination with door 7351 04:47:08,300 --> 04:47:09,900 if you want to Route all your traffic 7352 04:47:09,900 --> 04:47:12,100 through the Tor Network not just web traffic. 7353 04:47:12,100 --> 04:47:14,500 You must be enabling Dynamic chains. 7354 04:47:14,500 --> 04:47:15,720 I mean, there's a chance 7355 04:47:15,720 --> 04:47:17,500 that it will work with strict genes. 7356 04:47:17,500 --> 04:47:19,825 But give the instant instability of door nodes. 7357 04:47:19,825 --> 04:47:20,900 It is highly unlikely. 7358 04:47:20,900 --> 04:47:23,800 You will need Dynamic jeans and that is why I'm using them. 7359 04:47:23,800 --> 04:47:26,329 Anyway, if you're using Dynamic changes just 7360 04:47:26,329 --> 04:47:27,873 give you the ability to go 7361 04:47:27,873 --> 04:47:30,973 from ABCD to your desired destination by not having 7362 04:47:30,973 --> 04:47:32,400 to adhere to any order. 7363 04:47:32,400 --> 04:47:35,518 So let's say C is down and you would go a b d 7364 04:47:35,518 --> 04:47:38,000 and it Woodworking with no problems, 7365 04:47:38,000 --> 04:47:40,300 even if P was down you would go to a d 7366 04:47:40,300 --> 04:47:42,900 and you would go and still reach the destination. 7367 04:47:42,900 --> 04:47:46,144 So as long as one single proxy is functional it's going to work 7368 04:47:46,144 --> 04:47:48,500 and you don't require any specific order to do 7369 04:47:48,500 --> 04:47:49,842 it down below now down 7370 04:47:49,842 --> 04:47:52,606 below you have some other options to so first is 7371 04:47:52,606 --> 04:47:54,400 random chains now random chains 7372 04:47:54,400 --> 04:47:55,607 in effect are basically 7373 04:47:55,607 --> 04:47:57,781 the same thing as resetting your service. 7374 04:47:57,781 --> 04:47:59,767 I mean if you're resetting your door, 7375 04:47:59,767 --> 04:48:02,428 you will be now assigned new IP address in Taurus 7376 04:48:02,428 --> 04:48:04,814 is your new IP address every 10 minutes or so. 7377 04:48:04,814 --> 04:48:06,052 Anyway with the random. 7378 04:48:06,052 --> 04:48:07,347 You can specify a list 7379 04:48:07,347 --> 04:48:09,578 of ips and then you can tell your computer. 7380 04:48:09,578 --> 04:48:10,800 Okay, I want you to try 7381 04:48:10,800 --> 04:48:12,709 and I want you to connect to this point and 7382 04:48:12,709 --> 04:48:15,300 every time you connect every time you transmit the packet, 7383 04:48:15,300 --> 04:48:17,000 I want you to use a different proxy 7384 04:48:17,000 --> 04:48:18,588 and we can do that as well. 7385 04:48:18,588 --> 04:48:21,700 And that's one of the options definitely and you can see okay. 7386 04:48:21,700 --> 04:48:23,400 Use this is phone five times 7387 04:48:23,400 --> 04:48:26,300 and then change to another one or some kind of like that. 7388 04:48:26,300 --> 04:48:28,575 There are a lot of options to specify their family 7389 04:48:28,575 --> 04:48:30,300 the chain length any way down below. 7390 04:48:30,300 --> 04:48:31,500 There's quite mode. 7391 04:48:31,500 --> 04:48:33,700 You don't really need that then that's proxy. 7392 04:48:33,700 --> 04:48:34,900 DNS requests. 7393 04:48:34,900 --> 04:48:36,000 No leak from DNA. 7394 04:48:36,100 --> 04:48:37,600 Stata, this is very important. 7395 04:48:37,600 --> 04:48:40,800 You cannot have any DNA sleek and let me explain to you what 7396 04:48:40,800 --> 04:48:42,100 DNS leaks are and even 7397 04:48:42,100 --> 04:48:44,994 though somebody cannot get your particular IP address. 7398 04:48:44,994 --> 04:48:47,398 They can get the IP address of the DNS server 7399 04:48:47,398 --> 04:48:48,670 that you are using and 7400 04:48:48,670 --> 04:48:52,200 that DNS servers do is resolved main domain to the IP address 7401 04:48:52,200 --> 04:48:53,200 and vice versa. 7402 04:48:53,200 --> 04:48:54,082 So for example, 7403 04:48:54,082 --> 04:48:55,674 if you type in youtube.com, 7404 04:48:55,674 --> 04:48:58,792 the DNS server of your local ISP provider will resolve 7405 04:48:58,792 --> 04:49:01,694 that into some sort of IP address that YouTube has 7406 04:49:01,694 --> 04:49:03,293 and it will make a request. 7407 04:49:03,293 --> 04:49:05,900 No problem and you do not want that happening 7408 04:49:05,900 --> 04:49:08,934 because Is your local DNS server will be discovered 7409 04:49:08,934 --> 04:49:10,395 and that is information 7410 04:49:10,395 --> 04:49:11,407 that can be used 7411 04:49:11,407 --> 04:49:14,377 in order to figure out your personal IP address. 7412 04:49:14,377 --> 04:49:17,094 And when that is done your physical location 7413 04:49:17,094 --> 04:49:18,800 is pretty much compromised. 7414 04:49:18,800 --> 04:49:20,100 And that's an oval 7415 04:49:20,100 --> 04:49:22,300 and you definitely need proxy DNS here. 7416 04:49:22,300 --> 04:49:23,700 It might slow you down a bit, 7417 04:49:23,700 --> 04:49:26,100 but without that you're practically not Anonymous 7418 04:49:26,100 --> 04:49:29,800 and it's just a matter of time before somebody finds you now, 7419 04:49:29,800 --> 04:49:32,600 if you go down below we have some other options here, 7420 04:49:32,600 --> 04:49:35,000 but we're not really interested in them at the moment. 7421 04:49:35,000 --> 04:49:36,600 What we here are for the formats 7422 04:49:36,600 --> 04:49:39,600 for entering proxies and I'm going to leave it at that. 7423 04:49:39,600 --> 04:49:42,908 So what do you see out here is first the type of the proxy 7424 04:49:42,908 --> 04:49:46,100 that is sucks 5 then the IP address then the port number 7425 04:49:46,200 --> 04:49:47,500 and then two words 7426 04:49:47,500 --> 04:49:50,700 that Islam has secret and then juice to Hidden. 7427 04:49:50,700 --> 04:49:51,000 Okay. 7428 04:49:51,000 --> 04:49:53,900 So now what you see out here as I just said is 7429 04:49:53,900 --> 04:49:56,700 how you would actually write down your proxy chains. 7430 04:49:56,700 --> 04:49:59,246 And now as I had already also said you always want 7431 04:49:59,246 --> 04:50:02,033 to be using socks5 and you don't want to be using HTTP 7432 04:50:02,033 --> 04:50:03,400 because they're not really 7433 04:50:03,400 --> 04:50:06,800 that safe and socks5 doesn't support a lot of Anyway, 7434 04:50:06,800 --> 04:50:09,200 and this is the IP address of the proxy server 7435 04:50:09,200 --> 04:50:12,300 that we will enter a few of them manually later on 7436 04:50:12,300 --> 04:50:14,383 and this here is the port number 7437 04:50:14,383 --> 04:50:17,682 that you see on which the proxy server is listening 7438 04:50:17,682 --> 04:50:20,784 and that port is open over here these two words. 7439 04:50:20,784 --> 04:50:22,300 Now what some proxy server 7440 04:50:22,300 --> 04:50:25,300 especially paid ones will always have a username and password 7441 04:50:25,300 --> 04:50:27,716 so you can just type them here in plain text 7442 04:50:27,716 --> 04:50:29,422 and fortunately it is assumed 7443 04:50:29,422 --> 04:50:32,600 that only you and you alone have access to this computer 7444 04:50:32,600 --> 04:50:35,035 besides this file and besides this file 7445 04:50:35,035 --> 04:50:35,900 is you not know. 7446 04:50:35,900 --> 04:50:37,504 Everybody can read this file anyway, 7447 04:50:37,504 --> 04:50:39,654 so if you can just type in the username here 7448 04:50:39,654 --> 04:50:40,500 and password here, 7449 04:50:40,500 --> 04:50:42,479 you will gain access to a certain proxy 7450 04:50:42,479 --> 04:50:44,797 that you have chosen or that you have paid for. 7451 04:50:44,797 --> 04:50:46,593 Anyway, these are just some examples 7452 04:50:46,593 --> 04:50:48,800 and we won't actually be using these proxies 7453 04:50:48,800 --> 04:50:50,391 or anything of the kind. 7454 04:50:50,391 --> 04:50:53,100 We need to go down below here here you see 7455 04:50:53,100 --> 04:50:54,700 and at the end of the file. 7456 04:50:54,700 --> 04:50:56,500 So if I just press enter a couple of times, 7457 04:50:56,500 --> 04:50:57,100 there we go. 7458 04:50:57,100 --> 04:51:01,510 So here is only one proxy active at the moment and says socks 7459 04:51:01,510 --> 04:51:05,700 for and all traffic is routed here through Tor by default. 7460 04:51:05,700 --> 04:51:10,000 So That to tour now and tardy for listens on the sport. 7461 04:51:10,000 --> 04:51:14,600 So this 9:05 is report is white or listens on now, 7462 04:51:14,600 --> 04:51:18,800 what we want to do is we want to add socks5 proxy address. 7463 04:51:18,800 --> 04:51:21,700 So what you want to do is just type in socks5 7464 04:51:21,946 --> 04:51:24,253 and the same IP address socks5 7465 04:51:24,800 --> 04:51:28,500 and you want to be keeping the spacing correct just use tab. 7466 04:51:28,500 --> 04:51:34,300 So 127 dot 0 dot 0 dot one and then you want to specify 7467 04:51:34,300 --> 04:51:37,800 the port number the also so now 0 5 0 so 7468 04:51:37,800 --> 04:51:41,000 what you see out here the 127. 0.021. 7469 04:51:41,000 --> 04:51:43,100 This is the loopback address of your computer. 7470 04:51:43,100 --> 04:51:45,100 So this is for any device communication and 7471 04:51:45,100 --> 04:51:46,700 if you're paying this address and 7472 04:51:46,700 --> 04:51:48,800 if you're paying yourself basically and usually 7473 04:51:48,800 --> 04:51:51,000 people think this address in order to make sure 7474 04:51:51,000 --> 04:51:53,600 that the IP protocol is set up correctly, 7475 04:51:53,600 --> 04:51:56,086 even though they don't have internet connectivity. 7476 04:51:56,086 --> 04:51:57,000 So let's just type 7477 04:51:57,000 --> 04:52:02,600 in 1.27 dot 0 dot 0 dot one and the same port number and 9:05. 7478 04:52:02,800 --> 04:52:07,100 So now we have to press Ctrl o to save our You can save 7479 04:52:07,100 --> 04:52:08,097 on the same name 7480 04:52:08,097 --> 04:52:11,400 and we're o 65 lines of course down and that's written 7481 04:52:11,400 --> 04:52:14,700 and now you have to press Ctrl X and you exit out. 7482 04:52:14,700 --> 04:52:18,400 So let's press Ctrl L and clear our screen now, 7483 04:52:18,400 --> 04:52:21,300 we just edited our proxy change configuration 7484 04:52:21,300 --> 04:52:23,088 in a very neat environment. 7485 04:52:23,088 --> 04:52:26,400 So to go ahead and type in our service door status. 7486 04:52:26,400 --> 04:52:29,700 So we want to check status of our daughter. 7487 04:52:29,700 --> 04:52:35,900 So service tour still this so torturous could not be found. 7488 04:52:35,996 --> 04:52:39,303 Sound so do we have the torturers installed? 7489 04:52:39,600 --> 04:52:40,247 Okay sewed. 7490 04:52:40,247 --> 04:52:41,831 Our service is not installed. 7491 04:52:41,831 --> 04:52:44,700 Just give me a little moment quickly install it. 7492 04:52:45,115 --> 04:52:45,500 Okay. 7493 04:52:45,500 --> 04:52:47,000 So now that we have set 7494 04:52:47,000 --> 04:52:49,559 up our broccoli jeans configuration file 7495 04:52:49,559 --> 04:52:51,200 and we have put in a sock 7496 04:52:51,200 --> 04:52:54,100 5 proxy chain giving it the torch service. 7497 04:52:54,100 --> 04:52:57,534 Now, what we need to do first is start up our tour service 7498 04:52:57,534 --> 04:52:58,800 now to actually check 7499 04:52:58,800 --> 04:53:00,431 if the car is running or not or 7500 04:53:00,431 --> 04:53:02,411 if the door service is running or not. 7501 04:53:02,411 --> 04:53:04,000 Let me just clear that out. 7502 04:53:04,000 --> 04:53:06,200 We need to go service to our star. 7503 04:53:06,800 --> 04:53:09,000 And you see it says it's inactive. 7504 04:53:09,000 --> 04:53:12,900 So what do you have to do is say service to our star 7505 04:53:12,900 --> 04:53:15,400 and that will start the tour service. 7506 04:53:15,400 --> 04:53:17,764 It might take some time depending on the system 7507 04:53:17,764 --> 04:53:20,900 that you're using and what are their it has started it for me. 7508 04:53:20,900 --> 04:53:24,400 Now what you have to do to actually use proxy chains 7509 04:53:24,400 --> 04:53:26,766 before you go to any website. 7510 04:53:26,766 --> 04:53:29,766 So all I have to do is say proxy chains, 7511 04:53:29,800 --> 04:53:32,303 then you specify the browser that you're using. 7512 04:53:32,303 --> 04:53:34,100 So we're going to be using Firefox 7513 04:53:34,100 --> 04:53:38,200 and you could say something like www dot Duck duck duck 7514 04:53:38,200 --> 04:53:41,000 on so now here you will see 7515 04:53:41,200 --> 04:53:44,346 how your ping is being transmitted to. 7516 04:53:44,346 --> 04:53:46,500 Dr. Go.com when I say thing, 7517 04:53:46,500 --> 04:53:48,600 I mean your packets and your requests, 7518 04:53:48,600 --> 04:53:50,200 I'm sorry for my vocabulary. 7519 04:53:50,200 --> 04:53:52,894 So now your packets are going to be directed 7520 04:53:52,894 --> 04:53:54,900 through a bunch of IP addresses, 7521 04:53:54,900 --> 04:53:57,200 but we haven't actually put a bunch of you just 7522 04:53:57,200 --> 04:53:59,600 have put the loop back for the Tor Network. 7523 04:53:59,600 --> 04:54:02,800 So we will let our do the rest of the things for us. 7524 04:54:02,800 --> 04:54:04,100 Okay, so depending 7525 04:54:04,100 --> 04:54:06,702 on your system this might take a little bit. 7526 04:54:06,702 --> 04:54:08,487 Of time to actually open up. 7527 04:54:08,487 --> 04:54:08,802 Okay. 7528 04:54:08,802 --> 04:54:10,416 So let's go ahead and see 7529 04:54:10,416 --> 04:54:12,998 what's actually happening on the terminal 7530 04:54:12,998 --> 04:54:15,000 while this thing is loading up. 7531 04:54:15,100 --> 04:54:17,500 Okay, as you can see it's going through a bunch 7532 04:54:17,500 --> 04:54:18,613 of proxies out of here 7533 04:54:18,613 --> 04:54:21,263 and some are denying it and some are saying it's okay. 7534 04:54:21,263 --> 04:54:24,329 So as you guys can see most of the time you might give tonight 7535 04:54:24,329 --> 04:54:26,388 and it will be a less number of occasions 7536 04:54:26,388 --> 04:54:28,500 and that is exactly what we're looking for 7537 04:54:28,500 --> 04:54:32,236 because primarily we have gone a great extent for the anonymity 7538 04:54:32,236 --> 04:54:34,986 and what do you want to do is stay like that. 7539 04:54:34,986 --> 04:54:37,800 So this is basically how you Use proxy chains. 7540 04:54:37,800 --> 04:54:40,700 Now if this computer just decides to open 7541 04:54:40,700 --> 04:54:43,100 up talk go.com on Mozilla. 7542 04:54:43,100 --> 04:54:45,800 I could actually show you some interesting stuff 7543 04:54:45,800 --> 04:54:48,500 but it seems my computer has kind of given up 7544 04:54:48,500 --> 04:54:52,000 on actually opening duck Taco it still waiting for dr. 7545 04:54:52,000 --> 04:54:55,200 Goes actually confirmation, but that's about it. 7546 04:54:55,200 --> 04:54:58,900 So this is how you can actually configure proxy chains. 7547 04:54:58,900 --> 04:54:59,700 I'm really sorry 7548 04:54:59,700 --> 04:55:01,758 that my computer isn't working right now, 7549 04:55:01,758 --> 04:55:04,747 so well and nothing is actually opening on Mozilla. 7550 04:55:04,747 --> 04:55:06,608 It's mostly because my Ram is over. 7551 04:55:06,608 --> 04:55:07,000 Loaded. 7552 04:55:07,000 --> 04:55:09,400 I think I should go ahead and get myself a new Ram. 7553 04:55:09,400 --> 04:55:11,200 But for now, let me just also say 7554 04:55:11,200 --> 04:55:13,593 that we can put some custom proxy lists 7555 04:55:13,593 --> 04:55:16,307 and instead of just saying let me just go ahead 7556 04:55:16,307 --> 04:55:17,900 and open up that file again 7557 04:55:17,900 --> 04:55:19,398 as you guys and see out here. 7558 04:55:19,398 --> 04:55:21,000 I'm going to end this right now 7559 04:55:21,000 --> 04:55:24,800 because my computer can't really take all this pressure. 7560 04:55:24,953 --> 04:55:26,646 See it's like so hard. 7561 04:55:26,646 --> 04:55:26,940 Okay. 7562 04:55:26,940 --> 04:55:30,100 Let me just quit out of that and let me just open up a new one. 7563 04:55:30,100 --> 04:55:31,318 Now as I had said 7564 04:55:31,318 --> 04:55:34,400 that you can put up some custom proxy lists, 7565 04:55:34,400 --> 04:55:35,530 not really gonna do that. 7566 04:55:35,530 --> 04:55:36,780 But let me just show you. 7567 04:55:36,780 --> 04:55:37,900 You can do that you go. 7568 04:55:37,900 --> 04:55:41,400 No and you go cetera and proxy 7569 04:55:41,800 --> 04:55:45,100 so you basically have to go into the proxy chain. 7570 04:55:45,400 --> 04:55:48,900 Okay, so I think I should put this can yeah 7571 04:55:48,900 --> 04:55:51,500 now if you just go in and edit out here, 7572 04:55:51,500 --> 04:55:53,900 all you have to do is setup Dynamic jeans 7573 04:55:53,900 --> 04:55:55,900 and you can go online and search 7574 04:55:55,900 --> 04:55:59,000 for free proxy list and that will give you everything 7575 04:55:59,000 --> 04:56:02,100 that the port number to the IP address. 7576 04:56:02,200 --> 04:56:06,400 Let me just show it to you free proxy server. 7577 04:56:06,400 --> 04:56:07,200 Our list. 7578 04:56:07,200 --> 04:56:10,700 So all you have to do is search for free proxy server list 7579 04:56:10,700 --> 04:56:13,910 and you can see out here the proxy Davis scbs 7580 04:56:13,910 --> 04:56:16,100 and you basically want to find 7581 04:56:16,100 --> 04:56:19,200 a soft fire proxy to find self a proxy just add 7582 04:56:19,200 --> 04:56:20,435 that into your keyword. 7583 04:56:20,435 --> 04:56:22,621 And once you find those proxy addresses, 7584 04:56:22,621 --> 04:56:25,200 all you have to do is take down this IP address 7585 04:56:25,200 --> 04:56:27,200 and followed by the port number 7586 04:56:27,200 --> 04:56:28,412 and you go ahead 7587 04:56:28,412 --> 04:56:31,900 and just put it down in this configuration file 7588 04:56:31,900 --> 04:56:33,700 and then you hit control. 7589 04:56:33,700 --> 04:56:37,700 Oh and you just save it and And you just go back. 7590 04:56:37,700 --> 04:56:39,876 So that was all about proxy chains and 7591 04:56:39,876 --> 04:56:42,600 how you can set up Roxy change to set make yourself. 7592 04:56:42,600 --> 04:56:43,370 Very Anonymous. 7593 04:56:43,370 --> 04:56:44,899 I'm sorry hold muscle, uh, 7594 04:56:44,899 --> 04:56:47,800 pardon work that's still sad state of my computer 7595 04:56:47,800 --> 04:56:51,300 but moving on let's go ahead and study about Max changes. 7596 04:56:51,300 --> 04:56:51,800 OK guys. 7597 04:56:51,800 --> 04:56:53,800 So that was all about proxy chains. 7598 04:56:53,800 --> 04:56:55,500 Let's move ahead to match changer. 7599 04:56:55,500 --> 04:56:55,900 Okay. 7600 04:56:55,900 --> 04:56:58,300 Now before we go into the tool called Mac changer, 7601 04:56:58,300 --> 04:56:58,974 let's just see 7602 04:56:58,974 --> 04:57:01,603 what a Mac addresses now Mac address actually stands 7603 04:57:01,603 --> 04:57:03,700 for media Access Control address of the device 7604 04:57:03,700 --> 04:57:06,600 and is a unique identifier assigned to a network interface. 7605 04:57:06,600 --> 04:57:09,300 Stroller for communication purposes now a Mac addresses 7606 04:57:09,300 --> 04:57:10,700 are used as a network address 7607 04:57:10,700 --> 04:57:12,900 for most IEEE a certain ethnic Technologies, 7608 04:57:12,900 --> 04:57:14,872 including ethernet Wi-Fi and Bluetooth. 7609 04:57:14,872 --> 04:57:17,000 Now in this context Mac addresses are used 7610 04:57:17,000 --> 04:57:19,300 in the medium Access Control protocol sub layer 7611 04:57:19,300 --> 04:57:20,900 and as typically represented 7612 04:57:20,900 --> 04:57:23,677 as Mac addresses are not recognizable as six groups 7613 04:57:23,677 --> 04:57:25,501 of two hexadecimal digits each. 7614 04:57:25,501 --> 04:57:26,900 Now, these are separated 7615 04:57:26,900 --> 04:57:29,766 by a colon and the first three hexadecimals are 7616 04:57:29,766 --> 04:57:32,750 actually the organizationally unique identifier. 7617 04:57:32,750 --> 04:57:35,041 So they actually represent your vendor 7618 04:57:35,041 --> 04:57:36,924 and the next three Hexadecimal 7619 04:57:36,924 --> 04:57:39,712 is actually represent your network card unique. 7620 04:57:39,712 --> 04:57:42,518 Okay, so when you are actually on a network you 7621 04:57:42,518 --> 04:57:45,283 are recognized on something called an ARP table. 7622 04:57:45,283 --> 04:57:47,324 Let me just show you the ARP table 7623 04:57:47,324 --> 04:57:48,483 how you can see it. 7624 04:57:48,483 --> 04:57:49,203 Let's go in. 7625 04:57:49,203 --> 04:57:51,893 So the password is root still an ARP table is 7626 04:57:51,893 --> 04:57:54,599 basically an address resolution protocol table. 7627 04:57:54,599 --> 04:57:56,480 And well, this is a virtual machine 7628 04:57:56,480 --> 04:57:58,774 and it doesn't really know many machines 7629 04:57:58,774 --> 04:58:00,000 on the local network. 7630 04:58:00,000 --> 04:58:01,200 But if I were to go 7631 04:58:01,200 --> 04:58:04,800 on my Windows system and show you my ARP table, let's see. 7632 04:58:05,100 --> 04:58:07,000 Okay, so if I show you the ARP table 7633 04:58:07,000 --> 04:58:09,013 of my Windows machine and on any machine 7634 04:58:09,013 --> 04:58:11,271 that has a TCP IP protocol suit installed you 7635 04:58:11,271 --> 04:58:12,400 will have this command 7636 04:58:12,400 --> 04:58:14,967 as working called are and you gave the - 7637 04:58:14,967 --> 04:58:16,000 A and now you see 7638 04:58:16,000 --> 04:58:18,600 that your IP address or somebody else's 7639 04:58:18,600 --> 04:58:21,400 IP address is actually map to physical address. 7640 04:58:21,400 --> 04:58:21,600 Now. 7641 04:58:21,600 --> 04:58:23,300 The MAC address is very commonly used 7642 04:58:23,300 --> 04:58:24,912 in the our protocol and this is 7643 04:58:24,912 --> 04:58:27,206 how you are actually identified on a network. 7644 04:58:27,206 --> 04:58:28,597 Now sometimes what you want 7645 04:58:28,597 --> 04:58:30,400 to do is be unknown on this network. 7646 04:58:30,400 --> 04:58:32,702 There are various reasons why you want to do that. 7647 04:58:32,702 --> 04:58:35,281 Let me just give you an example of a very malicious. 7648 04:58:35,281 --> 04:58:37,000 Reason that was done in my college. 7649 04:58:37,000 --> 04:58:40,300 So we asked students would actually change the MAC address 7650 04:58:40,300 --> 04:58:42,744 of our own computer to the professor's computer. 7651 04:58:42,744 --> 04:58:45,500 So we would somehow look up the professor's IP address 7652 04:58:45,500 --> 04:58:47,600 and then come to know about his Mac address 7653 04:58:47,600 --> 04:58:50,409 and then we would spoof our Mac to be his Mac address 7654 04:58:50,409 --> 04:58:52,300 and then we would do some tripe sort 7655 04:58:52,300 --> 04:58:54,900 of malicious activity on the college internet 7656 04:58:54,900 --> 04:58:56,600 and then internet administrators 7657 04:58:56,600 --> 04:58:58,050 of our college would come to know 7658 04:58:58,050 --> 04:59:00,000 that that Mac address is doing some sort 7659 04:59:00,000 --> 04:59:01,275 of malicious activity and 7660 04:59:01,275 --> 04:59:03,576 that Mac address would get permanently banned 7661 04:59:03,576 --> 04:59:05,035 for that session on the call. 7662 04:59:05,035 --> 04:59:06,304 Dish Network so basically 7663 04:59:06,304 --> 04:59:09,300 our professor would not be able to use a wireless projectors 7664 04:59:09,300 --> 04:59:12,200 that he would use to actually show us as presentations 7665 04:59:12,200 --> 04:59:14,257 and we end up getting a free class. 7666 04:59:14,257 --> 04:59:14,500 Now. 7667 04:59:14,500 --> 04:59:16,437 I am not actually promoting any sort 7668 04:59:16,437 --> 04:59:17,830 of bad activity like this. 7669 04:59:17,830 --> 04:59:20,930 I have just experienced this in my own college life. 7670 04:59:20,930 --> 04:59:23,700 So that was something but there are many other reasons 7671 04:59:23,700 --> 04:59:26,600 that you might want to spoof your Mac now Mac changer 7672 04:59:26,600 --> 04:59:29,403 is an amazing tool for actually spoofing your back. 7673 04:59:29,403 --> 04:59:30,300 So first of all, 7674 04:59:30,300 --> 04:59:32,200 how do you come to know your Mac address? 7675 04:59:32,200 --> 04:59:34,700 So let's see you go ifconfig. 7676 04:59:35,100 --> 04:59:37,557 This will give us our Mac address. 7677 04:59:37,557 --> 04:59:38,600 Now this dress 7678 04:59:38,600 --> 04:59:42,586 that you see out here is the MAC address of this machine. 7679 04:59:42,586 --> 04:59:45,304 So you can also check out the MAC address 7680 04:59:45,304 --> 04:59:46,800 by going Mark changer, 7681 04:59:46,800 --> 04:59:48,858 then let's type in the help options. 7682 04:59:48,858 --> 04:59:51,800 And this will show us how to get the MAC address. 7683 04:59:51,800 --> 04:59:54,300 So if you see there's a show flag 7684 04:59:54,600 --> 04:59:56,700 so we can go Mac changer 7685 04:59:56,800 --> 05:00:00,600 and you can put the S and then you put the interface now 7686 05:00:00,600 --> 05:00:02,900 the interface is where it's working. 7687 05:00:02,900 --> 05:00:04,800 So at 0 is where we are. 7688 05:00:04,800 --> 05:00:07,400 Actually getting we don't want the loopback one. 7689 05:00:07,400 --> 05:00:10,700 So at 0 and this will give us the MAC address. 7690 05:00:10,700 --> 05:00:14,500 So I can't Mac address is zero eight zero zero two seven. 7691 05:00:14,500 --> 05:00:16,584 Let's see if that was the same one shown. 7692 05:00:16,584 --> 05:00:17,819 Where is that matter? 7693 05:00:17,819 --> 05:00:18,400 It's okay. 7694 05:00:18,400 --> 05:00:20,600 So if a 0 a 0 0 to 7, so, I'm sorry. 7695 05:00:20,600 --> 05:00:21,850 This was the MAC address. 7696 05:00:21,850 --> 05:00:23,400 I selected the wrong thing. 7697 05:00:23,400 --> 05:00:26,863 What I was showing you is the IPv6 address and you can see 7698 05:00:26,863 --> 05:00:28,199 that's very very long. 7699 05:00:28,199 --> 05:00:29,900 So, this is our Mac address. 7700 05:00:29,900 --> 05:00:33,372 Now what you might want to do to change your Mac address. 7701 05:00:33,372 --> 05:00:36,100 Well, let's see with V we can get the version 7702 05:00:36,100 --> 05:00:38,600 with s you can show we can do the E. 7703 05:00:38,600 --> 05:00:39,900 And as I said, 7704 05:00:39,900 --> 05:00:44,000 if you remember that the first three bits is about the vendors 7705 05:00:44,000 --> 05:00:47,700 so you can also get the vendor list by going - L. 7706 05:00:47,700 --> 05:00:48,800 So you go - 7707 05:00:48,800 --> 05:00:52,500 L and this will give you a list of Mac addresses 7708 05:00:52,500 --> 05:00:55,500 and which rendered the belong to so sometimes 7709 05:00:55,500 --> 05:00:57,300 if you don't know the vendors 7710 05:00:57,300 --> 05:00:59,694 that are actually being used on the network 7711 05:00:59,694 --> 05:01:01,400 of your college, for example, 7712 05:01:01,400 --> 05:01:03,502 and you want to just stay Anonymous 7713 05:01:03,502 --> 05:01:04,986 and not raise any Flags. 7714 05:01:04,986 --> 05:01:06,100 Lakhs of Suspicion 7715 05:01:06,100 --> 05:01:08,900 so you could hide yourself as a Cisco router. 7716 05:01:08,900 --> 05:01:11,100 So suppose your college was using all sorts 7717 05:01:11,100 --> 05:01:14,200 of Cisco routers and you decided that today. 7718 05:01:14,200 --> 05:01:15,900 I'm going to put myself as a Cisco router 7719 05:01:15,900 --> 05:01:18,200 and I'm going to screw around with the network. 7720 05:01:18,200 --> 05:01:19,964 So it would not raise any Flags 7721 05:01:19,964 --> 05:01:23,200 before you actually decide to do some malicious activity 7722 05:01:23,200 --> 05:01:24,500 in some deeper inspection 7723 05:01:24,500 --> 05:01:26,900 of your Mac address people would actually realize 7724 05:01:26,900 --> 05:01:28,959 that you are actually spoofing the dress 7725 05:01:28,959 --> 05:01:31,971 and after some investigation they put Andy take some time 7726 05:01:31,971 --> 05:01:34,500 to actually reach to you and how you spoofed it, 7727 05:01:34,500 --> 05:01:37,731 but the And of Ginger Mac is not raising any flags 7728 05:01:37,731 --> 05:01:40,700 and that is exactly what you should try to do. 7729 05:01:40,800 --> 05:01:45,500 So Mac changer is also very useful for getting the list 7730 05:01:45,500 --> 05:01:49,000 of all the Mac addresses and the vendor IDs. 7731 05:01:49,000 --> 05:01:51,700 Now, let me just clear the screen out quickly. 7732 05:01:51,700 --> 05:01:55,100 So we go clear and let's bring back the help. 7733 05:01:56,100 --> 05:01:58,900 So we go matching injure and - help. 7734 05:01:58,900 --> 05:02:02,600 Now, what we want to do is give ourself a random Mac address 7735 05:02:02,600 --> 05:02:04,200 now Mac changer, 7736 05:02:04,400 --> 05:02:06,000 so that is Done with the our flag 7737 05:02:06,000 --> 05:02:07,758 and we want to do it on F 0. 7738 05:02:07,758 --> 05:02:08,751 So once you run 7739 05:02:08,751 --> 05:02:11,400 that you will be given a new Mac address. 7740 05:02:11,400 --> 05:02:14,200 So our new Mac address is f6c 649 7741 05:02:14,300 --> 05:02:17,500 now you can verify that by running ifconfig. 7742 05:02:17,500 --> 05:02:19,901 Now we could just do ifconfig 7743 05:02:20,100 --> 05:02:23,844 and you see our new maxi dress is an ether 7744 05:02:23,844 --> 05:02:27,460 so we could also do something like this ifconfig 7745 05:02:27,680 --> 05:02:30,000 and you could grab eater. 7746 05:02:30,200 --> 05:02:32,800 So that's just telling you the MAC address 7747 05:02:32,800 --> 05:02:35,200 and this is completely new also. 7748 05:02:35,200 --> 05:02:38,900 You can show it to the Mac changer tool itself. 7749 05:02:39,000 --> 05:02:41,615 Okay, so we need to give it the e0. 7750 05:02:41,615 --> 05:02:43,000 I've got that now. 7751 05:02:43,000 --> 05:02:45,300 You see that this is our current MAC address 7752 05:02:45,300 --> 05:02:47,930 and this is a permanent Mac address and their two 7753 05:02:47,930 --> 05:02:49,300 are completely different. 7754 05:02:49,300 --> 05:02:52,673 Sometimes you also might want to actually change your Mac 7755 05:02:52,673 --> 05:02:55,500 when your laptop is or your system is booting up 7756 05:02:55,500 --> 05:02:58,617 because you might want to stay Anonymous all the time. 7757 05:02:58,617 --> 05:03:00,715 Who knows and sometimes you might think 7758 05:03:00,715 --> 05:03:03,200 I'll actually change it when I want change it, 7759 05:03:03,200 --> 05:03:04,800 but let's face it we 7760 05:03:04,800 --> 05:03:08,329 We are forgetful as human beings and we tend to forget things 7761 05:03:08,329 --> 05:03:09,900 that we are supposed to do. 7762 05:03:09,900 --> 05:03:11,500 So what else is better 7763 05:03:11,500 --> 05:03:13,699 than to actually automate the whole process yourself 7764 05:03:13,699 --> 05:03:16,900 and forget about remembering all these stupid nitty-gritty stuff. 7765 05:03:16,900 --> 05:03:18,800 So you can tell Linux 7766 05:03:18,800 --> 05:03:21,000 or cardigan enough to actually change. 7767 05:03:21,000 --> 05:03:24,500 Your Mac address on boot-up is use this tool called crontab 7768 05:03:24,500 --> 05:03:28,300 now crontab is actually used for scheduling tasks on Linux. 7769 05:03:28,300 --> 05:03:30,700 So let me show you how to do that firstly. 7770 05:03:30,700 --> 05:03:33,200 Let's clear our screen and go crontab 7771 05:03:33,200 --> 05:03:34,800 and go Health now. 7772 05:03:34,800 --> 05:03:36,790 You see it's a pretty small and menu. 7773 05:03:36,790 --> 05:03:39,320 So first we start with it you flag that user 7774 05:03:39,320 --> 05:03:42,190 this file is going to work for then we got the E flag, 7775 05:03:42,190 --> 05:03:45,484 which is for editing crontab users the users crontab list 7776 05:03:45,484 --> 05:03:48,400 and you can see the list of users crontab and let's see. 7777 05:03:48,400 --> 05:03:50,200 So do we have any crunch all this? 7778 05:03:50,200 --> 05:03:53,141 So there is no crontab at this moment so we can set 7779 05:03:53,141 --> 05:03:55,316 up one for ourselves by going to the E. 7780 05:03:55,316 --> 05:03:56,300 Then there's the r 7781 05:03:56,300 --> 05:03:59,338 which is delete users crontab and I want to tell you all be 7782 05:03:59,338 --> 05:04:01,800 very careful when treating anything of that sort 7783 05:04:01,800 --> 05:04:03,788 because once you delete something from The Knocks 7784 05:04:03,788 --> 05:04:04,700 that I've already said 7785 05:04:04,700 --> 05:04:05,590 that it It is very 7786 05:04:05,590 --> 05:04:07,808 very difficult to actually retrieve it back. 7787 05:04:07,808 --> 05:04:11,100 You might get fragmented pieces of what you had actually deleted 7788 05:04:11,100 --> 05:04:14,100 and that will only leave you with sadness and Devastation. 7789 05:04:14,100 --> 05:04:18,000 Now, what you want to do is go through crontab and press e 7790 05:04:18,000 --> 05:04:21,700 and this will bring us to select an Editor to change later 7791 05:04:21,700 --> 05:04:22,700 on select editor. 7792 05:04:22,760 --> 05:04:24,298 So we'll do it Nano. 7793 05:04:24,300 --> 05:04:26,599 So what do you have out here is the readme file 7794 05:04:26,599 --> 05:04:29,400 of crontab and if you read this entire thing you will get 7795 05:04:29,400 --> 05:04:31,066 how to use crontab completely. 7796 05:04:31,066 --> 05:04:32,400 But if you have any sort 7797 05:04:32,400 --> 05:04:35,150 of doubts even after reading it you can leave them down. 7798 05:04:35,150 --> 05:04:36,600 The comment section below now. 7799 05:04:36,600 --> 05:04:39,655 What do you want to do is actually set up a crontab 7800 05:04:39,655 --> 05:04:41,000 so that you can change 7801 05:04:41,000 --> 05:04:44,089 your Mac address whenever you reboot your computer. 7802 05:04:44,089 --> 05:04:46,375 So all you have to do is say at reboot 7803 05:04:46,375 --> 05:04:48,600 what you want to done is Mac changer, 7804 05:04:48,600 --> 05:04:51,200 and if you remember we want to run the MAC address 7805 05:04:51,200 --> 05:04:53,019 and we want it on eat zero. 7806 05:04:53,019 --> 05:04:53,900 So that's done. 7807 05:04:53,900 --> 05:04:54,103 Now. 7808 05:04:54,103 --> 05:04:56,041 All you have to do is save this thing. 7809 05:04:56,041 --> 05:04:57,100 So you go control. 7810 05:04:57,100 --> 05:04:59,725 Oh and that will write it out you crontab 7811 05:04:59,725 --> 05:05:00,817 and you press enter 7812 05:05:00,817 --> 05:05:02,796 and you have ridden on one line. 7813 05:05:02,796 --> 05:05:05,800 Now you go control X you have X is it out? 7814 05:05:05,800 --> 05:05:08,900 So now let us clear the screen by pressing Ctrl L 7815 05:05:08,900 --> 05:05:12,900 and enter and let's go ahead and get our Mac address. 7816 05:05:13,000 --> 05:05:14,900 So if we go ahead and run 7817 05:05:14,900 --> 05:05:18,100 that are Mac address is set to f6c 649. 7818 05:05:18,200 --> 05:05:22,600 So just remember the first few letters have 66 and 49 now. 7819 05:05:22,600 --> 05:05:25,700 Let me just reboot my computer and you will see 7820 05:05:25,700 --> 05:05:29,415 after I reboot and run ifconfig again with gravity table. 7821 05:05:29,415 --> 05:05:32,600 We will see a different Mac address now rebooting 7822 05:05:32,600 --> 05:05:33,472 my take some time 7823 05:05:33,472 --> 05:05:35,732 because I'm actually using Of washing machine 7824 05:05:35,732 --> 05:05:38,300 but still now it's given problems with the Firefox. 7825 05:05:38,300 --> 05:05:40,300 But let's hope this won't take much time. 7826 05:05:40,700 --> 05:05:41,000 Okay. 7827 05:05:41,000 --> 05:05:43,200 So now that our computer has booted up 7828 05:05:43,200 --> 05:05:46,200 and we have actually opened up a terminal let's go 7829 05:05:46,200 --> 05:05:49,700 in and type ifconfig and let's get in our ether 7830 05:05:49,700 --> 05:05:51,200 that is the MAC address. 7831 05:05:51,200 --> 05:05:52,924 So if you remember the MAC address now, 7832 05:05:52,924 --> 05:05:55,150 you see that it has completely changed and that's 7833 05:05:55,150 --> 05:05:56,800 how you can spoof your Mac address 7834 05:05:56,800 --> 05:05:58,100 on our local network. 7835 05:05:58,100 --> 05:06:00,273 And this will basically help you 7836 05:06:00,273 --> 05:06:03,600 in staying Anonymous on our protocols and anything 7837 05:06:03,600 --> 05:06:06,705 that actually laughs your IP address to the MAC address. 7838 05:06:06,705 --> 05:06:07,000 Okay. 7839 05:06:07,000 --> 05:06:09,388 So that was all about math Changers meet you 7840 05:06:09,388 --> 05:06:10,500 in the next section. 7841 05:06:10,700 --> 05:06:12,600 So in this section, we will be talking 7842 05:06:12,600 --> 05:06:15,700 about wireless encryption protocol cracking. 7843 05:06:15,700 --> 05:06:19,200 So that is basically Wi-Fi cracking now Wi-Fi 7844 05:06:19,200 --> 05:06:22,184 in today's day and age uses pins 7845 05:06:22,184 --> 05:06:25,800 or passwords to normally encrypt the data usage. 7846 05:06:25,800 --> 05:06:29,900 Basically, if you want to access the wireless access point, 7847 05:06:29,900 --> 05:06:31,187 you need a password 7848 05:06:31,187 --> 05:06:34,077 or a PIN to actually gain authorization now 7849 05:06:34,077 --> 05:06:38,100 this authorization Chicken is done using a for a handshake 7850 05:06:38,100 --> 05:06:42,300 which we will try to capture using a tool called aircrack-ng 7851 05:06:42,400 --> 05:06:45,000 and then we will try to crack into the password 7852 05:06:45,000 --> 05:06:47,500 using a wordless generator called crunch. 7853 05:06:47,500 --> 05:06:51,700 Now, you can use aircrack-ng to crack WPA and WPA2. 7854 05:06:51,700 --> 05:06:54,800 There's also another protocol called WEP or WEP 7855 05:06:54,800 --> 05:06:57,400 and that is not normally used these days. 7856 05:06:57,400 --> 05:06:58,958 If you find anybody using 7857 05:06:58,958 --> 05:07:02,700 that you should always advise them to actually upgrade to WPA 7858 05:07:02,700 --> 05:07:04,700 or WPA2 because Wei. 7859 05:07:04,700 --> 05:07:07,846 EP is actually very easily cracking these days 7860 05:07:07,846 --> 05:07:11,062 and people are generally punished for using WEP 7861 05:07:11,062 --> 05:07:13,300 by hackers all around the world. 7862 05:07:13,300 --> 05:07:13,660 Okay. 7863 05:07:13,660 --> 05:07:17,454 So now you can actually go ahead and go into a terminal 7864 05:07:17,454 --> 05:07:21,600 and type ifconfig to actually look at your network card name 7865 05:07:21,600 --> 05:07:23,200 as you guys can see out here. 7866 05:07:23,200 --> 05:07:24,659 It's called wlo one. 7867 05:07:24,659 --> 05:07:25,900 So the first step 7868 05:07:25,900 --> 05:07:28,900 that we need to do to actually go into the process 7869 05:07:28,900 --> 05:07:32,800 of Wi-Fi cracking is set up our network access card 7870 05:07:32,800 --> 05:07:34,700 or our access point. 7871 05:07:34,946 --> 05:07:36,100 Monitor mode so 7872 05:07:36,100 --> 05:07:38,600 as you guys can see out here after typing ifconfig. 7873 05:07:38,600 --> 05:07:39,700 It shows me 7874 05:07:39,700 --> 05:07:43,300 that my Wi-Fi access God is wl1 interface. 7875 05:07:43,400 --> 05:07:47,200 Now our process of cracking passwords is pretty simple. 7876 05:07:47,200 --> 05:07:49,700 What we want to do is actually monitor 7877 05:07:49,700 --> 05:07:52,670 for all sorts of access points that are nearby to us. 7878 05:07:52,670 --> 05:07:55,200 Once we have chosen the access point that we 7879 05:07:55,200 --> 05:07:58,801 want to actually penetrate into and find the password. 7880 05:07:58,801 --> 05:08:02,200 What you want to do is run a narrow dumps can on it 7881 05:08:02,200 --> 05:08:05,082 and then we will try and D authenticate any device 7882 05:08:05,082 --> 05:08:07,500 that is connected to the access point now 7883 05:08:07,500 --> 05:08:08,963 one assumption out here 7884 05:08:08,963 --> 05:08:11,700 is that the password is saved in that device 7885 05:08:11,700 --> 05:08:14,200 and it will automatically try to re-authenticate 7886 05:08:14,300 --> 05:08:16,100 itself with the access point 7887 05:08:16,100 --> 05:08:19,796 and we want to catch and log this re-authentication process 7888 05:08:19,796 --> 05:08:22,600 which will actually have a four-way handshake 7889 05:08:22,600 --> 05:08:25,319 between your device and the access point. 7890 05:08:25,319 --> 05:08:26,600 So this is basically 7891 05:08:26,600 --> 05:08:30,054 the procedure we are going to follow now another thing 7892 05:08:30,054 --> 05:08:32,689 that you need to know before actually using 7893 05:08:32,689 --> 05:08:35,228 this process to gain any access to any Is 7894 05:08:35,228 --> 05:08:39,100 that you need to know a little bit about what the password is? 7895 05:08:39,100 --> 05:08:43,000 Maybe it could be length or it could be something 7896 05:08:43,000 --> 05:08:46,000 like a specific character at a specific place. 7897 05:08:46,000 --> 05:08:48,200 Maybe you know a series of characters. 7898 05:08:48,200 --> 05:08:51,887 So you just can't really guess the password out of thin air. 7899 05:08:51,887 --> 05:08:53,849 That is not how cracking Works 7900 05:08:53,849 --> 05:08:56,384 unless you have some unlimited potential 7901 05:08:56,384 --> 05:08:58,809 of processing power in that case. 7902 05:08:58,809 --> 05:09:02,741 You can very well brute force it and just find the password, 7903 05:09:02,741 --> 05:09:06,700 but if you are not somebody who Has unlimited processing power 7904 05:09:06,700 --> 05:09:08,500 and you're trying to use aircrack-ng. 7905 05:09:08,500 --> 05:09:11,000 You need to know a little bit about the password. 7906 05:09:11,000 --> 05:09:12,400 Also before we proceed 7907 05:09:12,400 --> 05:09:15,400 with this wireless encryption protocol cracking. 7908 05:09:15,400 --> 05:09:17,700 What I want to say is if you want to get 7909 05:09:17,700 --> 05:09:20,800 into somebody's Wi-Fi network, 7910 05:09:20,800 --> 05:09:23,800 or you want to actually test for vulnerabilities. 7911 05:09:23,800 --> 05:09:26,900 It's better that you test for router vulnerabilities. 7912 05:09:26,900 --> 05:09:29,135 Then actually cracking a Wi-Fi password 7913 05:09:29,135 --> 05:09:30,655 because you're more likely 7914 05:09:30,655 --> 05:09:33,078 than not to find more router vulnerabilities 7915 05:09:33,078 --> 05:09:35,900 than actually successfully Like a Wi-Fi password 7916 05:09:35,900 --> 05:09:37,700 if you don't know anything about it, 7917 05:09:37,700 --> 05:09:39,800 if you don't know anything about the password 7918 05:09:39,800 --> 05:09:42,226 just go ahead and run some vulnerability tests 7919 05:09:42,226 --> 05:09:45,300 on the router itself and more often than not you will just 7920 05:09:45,300 --> 05:09:47,161 find something you can abuse. 7921 05:09:47,161 --> 05:09:47,479 Okay. 7922 05:09:47,479 --> 05:09:49,580 Now let's talk about the two tools 7923 05:09:49,580 --> 05:09:51,300 that I'm going to be using. 7924 05:09:51,300 --> 05:09:52,663 Now these two tools. 7925 05:09:52,663 --> 05:09:55,800 One of them is already installed on Kali Linux, 7926 05:09:55,800 --> 05:09:58,472 but if you are not using this on Carly, 7927 05:09:58,472 --> 05:10:01,800 you can also use this on any Linux based system. 7928 05:10:01,800 --> 05:10:04,228 So what you have to do is download 7929 05:10:04,228 --> 05:10:05,700 and All aircrack-ng, 7930 05:10:05,700 --> 05:10:07,318 which is easily installed 7931 05:10:07,318 --> 05:10:10,116 with the command apt-get install aircrack-ng 7932 05:10:10,116 --> 05:10:13,500 and you also have to install this word list generator 7933 05:10:13,500 --> 05:10:16,804 called crunch now crunch is easily downloadable 7934 05:10:16,804 --> 05:10:18,600 by just Googling the name 7935 05:10:18,600 --> 05:10:21,197 and the first link will be a sourceforge link 7936 05:10:21,197 --> 05:10:23,500 and all you have to do is go inside that 7937 05:10:23,500 --> 05:10:25,911 and install it and once you've figured out 7938 05:10:25,911 --> 05:10:28,300 how to install crunch you can make sure 7939 05:10:28,300 --> 05:10:29,500 that its installed. 7940 05:10:39,700 --> 05:10:44,200 Now once you have installed both the software's you can check out 7941 05:10:44,200 --> 05:10:46,500 if the manual pages are opening up. 7942 05:10:46,500 --> 05:10:50,014 Let me just open the manual page of aircrack-ng and show you 7943 05:10:50,014 --> 05:10:52,100 that it has been properly installed. 7944 05:10:55,400 --> 05:10:57,300 Now as you guys can see the manual page 7945 05:10:57,300 --> 05:10:58,832 of aircrack-ng opened up 7946 05:10:58,832 --> 05:11:01,900 and the manual page of crunch is also opening up. 7947 05:11:01,900 --> 05:11:04,406 So that means both of our software's 7948 05:11:04,406 --> 05:11:07,700 have been successfully installed on our system. 7949 05:11:07,700 --> 05:11:09,086 Now before we go ahead. 7950 05:11:09,086 --> 05:11:11,800 Let me just show you how crunch actually works 7951 05:11:11,800 --> 05:11:14,800 so crunch is basically a wordless generator. 7952 05:11:14,800 --> 05:11:16,800 What you would do is you try 7953 05:11:16,800 --> 05:11:19,857 and generate a word list with given characters. 7954 05:11:19,857 --> 05:11:23,578 So what you can see out here is I've typed in crunch 3/5, 7955 05:11:23,578 --> 05:11:27,500 so Means the minimum length is 3 and the maximum length is 5 7956 05:11:27,500 --> 05:11:29,980 and I've given it a series of numbers. 7957 05:11:29,980 --> 05:11:33,498 So it will use these numbers and generate all the words 7958 05:11:33,498 --> 05:11:36,300 that are possible from length 3 to length 5. 7959 05:11:36,300 --> 05:11:39,420 So the way we are going to use crunch in conjunction 7960 05:11:39,420 --> 05:11:40,400 with aircrack is 7961 05:11:40,400 --> 05:11:43,400 that we are going to use crunch to generate the word list. 7962 05:11:43,400 --> 05:11:45,500 And then we are going to pipe the word list 7963 05:11:45,500 --> 05:11:46,941 through aircrack-ng 7964 05:11:46,941 --> 05:11:50,407 when we are actually trying to capture and crack 7965 05:11:50,407 --> 05:11:53,800 what we will capture in a certain log file now. 7966 05:11:53,800 --> 05:11:56,426 What you want to do first is actually put 7967 05:11:56,426 --> 05:11:59,500 your network interface card on a monitor mode. 7968 05:11:59,500 --> 05:12:00,500 Now you can do 7969 05:12:00,500 --> 05:12:04,500 that by typing in ifconfig and then the interface name 7970 05:12:04,500 --> 05:12:08,400 which happens to be wl1 and first you have to put it down. 7971 05:12:08,400 --> 05:12:13,015 So I've config wl1 down now to put your interface card 7972 05:12:13,015 --> 05:12:14,400 into monitor mode. 7973 05:12:14,400 --> 05:12:17,100 You have to type in IW config 7974 05:12:17,300 --> 05:12:19,358 and you go the name of the interface 7975 05:12:19,358 --> 05:12:20,900 and then you go mode monitor. 7976 05:12:20,900 --> 05:12:22,700 Okay, it seems I've spelled it wrong. 7977 05:12:22,700 --> 05:12:24,200 So let me just do it once again. 7978 05:12:24,200 --> 05:12:27,298 So that has put our network interface card 7979 05:12:27,298 --> 05:12:28,500 into monitor mode 7980 05:12:28,500 --> 05:12:31,809 and what we need to do after that is we need to start 7981 05:12:31,809 --> 05:12:33,400 up our network interface. 7982 05:12:33,400 --> 05:12:38,500 So all we have to do is type in ifconfig wl1 up now. 7983 05:12:38,500 --> 05:12:42,423 Once it is up and running you can check by typing in ifconfig 7984 05:12:42,423 --> 05:12:45,300 that indeed your network interface card is up 7985 05:12:45,300 --> 05:12:47,802 and running don't worry is running in monitor mode 7986 05:12:47,802 --> 05:12:49,300 if it's up and running 7987 05:12:49,500 --> 05:12:51,600 what we want to do next is pretty important 7988 05:12:51,600 --> 05:12:52,716 to the whole process. 7989 05:12:52,716 --> 05:12:53,959 So what we want to do now. 7990 05:12:53,959 --> 05:12:55,556 Now is check for some services 7991 05:12:55,556 --> 05:12:57,900 that might still be running in the background 7992 05:12:57,900 --> 05:13:00,800 that might hamper with our whole scanning process. 7993 05:13:00,800 --> 05:13:05,100 So we do this by actually typing in the command Area 1 and G 7994 05:13:05,100 --> 05:13:07,489 check and then the name of the interface. 7995 05:13:07,489 --> 05:13:11,117 So as you guys can see nothing is exactly running right now. 7996 05:13:11,117 --> 05:13:14,500 But if there were any process running you would only add 7997 05:13:14,500 --> 05:13:16,072 a command airmon-ng check 7998 05:13:16,072 --> 05:13:18,650 and instead of writing the interface name. 7999 05:13:18,650 --> 05:13:20,600 All you have to do is say kill. 8000 05:13:20,700 --> 05:13:23,100 It will kill any processes now 8001 05:13:23,100 --> 05:13:26,217 if you see Any process named the network administrator 8002 05:13:26,217 --> 05:13:28,900 you want to kill that process first separately 8003 05:13:28,900 --> 05:13:31,266 and then kill any other child processes. 8004 05:13:31,266 --> 05:13:34,300 You may need to actually run this command few times 8005 05:13:34,300 --> 05:13:35,623 before all the processes 8006 05:13:35,623 --> 05:13:37,730 are killed and then you're good to go. 8007 05:13:37,730 --> 05:13:38,042 Okay. 8008 05:13:38,042 --> 05:13:41,600 So now that we have finished killing all the subprocesses. 8009 05:13:41,600 --> 05:13:43,500 What we want to do is run 8010 05:13:43,500 --> 05:13:46,800 and error dumps can on the network card. 8011 05:13:46,800 --> 05:13:48,100 So that is WL 1. 8012 05:13:48,100 --> 05:13:50,500 So for this we go Aero dump - 8013 05:13:50,500 --> 05:13:53,700 Angie and then we put in the name of the interface. 8014 05:13:53,700 --> 05:13:55,400 And this will start the scan 8015 05:13:55,400 --> 05:13:57,300 that will look something like this. 8016 05:13:59,100 --> 05:14:01,584 So after you run the aerodrome scan 8017 05:14:01,584 --> 05:14:02,900 on your interface, 8018 05:14:02,900 --> 05:14:06,400 what do you see out here is a result of all the access point 8019 05:14:06,400 --> 05:14:08,700 that is found out to the monitoring mode. 8020 05:14:08,700 --> 05:14:11,700 Now if you see we have a bunch of columns out your first 8021 05:14:11,700 --> 05:14:13,833 of all we have the bssid column. 8022 05:14:13,833 --> 05:14:17,100 Now, the bssid column is basically the MAC address 8023 05:14:17,100 --> 05:14:19,300 of all the routers that are found. 8024 05:14:19,300 --> 05:14:21,900 No, every router obviously has a MAC address. 8025 05:14:21,900 --> 05:14:23,440 So those are the MAC address 8026 05:14:23,440 --> 05:14:25,200 that is tied to the router names, 8027 05:14:25,200 --> 05:14:28,909 which is shown by the SSID then we How the pwr column we have 8028 05:14:28,909 --> 05:14:31,800 the beacons column we have the data packets column. 8029 05:14:31,800 --> 05:14:34,000 Another important column is a channel column. 8030 05:14:34,000 --> 05:14:35,000 It's important know 8031 05:14:35,000 --> 05:14:37,383 which channel your router is working on. 8032 05:14:37,383 --> 05:14:40,500 Then we can see the cipher column the authentication 8033 05:14:40,500 --> 05:14:43,000 so out here we can see the encryption that is used. 8034 05:14:43,000 --> 05:14:45,300 So most of it is using WPA2. 8035 05:14:45,300 --> 05:14:49,400 So what we will be cracking is basically WPA2 so from this is 8036 05:14:49,400 --> 05:14:53,000 what you need to recognize is basically the Wi-Fi router 8037 05:14:53,000 --> 05:14:55,100 that you want to crack into now, 8038 05:14:55,100 --> 05:14:57,700 I'm performing this particular test at my office. 8039 05:14:57,700 --> 05:15:00,652 Is and I don't really have the permission to actually 8040 05:15:00,652 --> 05:15:03,300 go in and test them for these vulnerabilities. 8041 05:15:03,300 --> 05:15:05,400 I'm not a security analyst off here. 8042 05:15:05,400 --> 05:15:06,278 So I don't really 8043 05:15:06,278 --> 05:15:08,500 have the permissions to penetrate into them. 8044 05:15:08,500 --> 05:15:11,500 So what I have done is I have run a similar test 8045 05:15:11,500 --> 05:15:13,400 at home using my own Wi-Fi 8046 05:15:13,400 --> 05:15:15,752 and I will show you the results for that. 8047 05:15:15,752 --> 05:15:17,306 But for this working example, 8048 05:15:17,306 --> 05:15:20,200 you will see the scans that I'm running in this office. 8049 05:15:20,200 --> 05:15:22,300 So as we intend to stay ethical 8050 05:15:22,300 --> 05:15:25,600 what we are going to do out here is we are going to capture 8051 05:15:25,600 --> 05:15:27,500 whatever we find in our office. 8052 05:15:27,500 --> 05:15:29,100 For on the educational purposes, 8053 05:15:29,100 --> 05:15:31,900 but when we are doing the actual cracking step 8054 05:15:31,900 --> 05:15:34,300 that is the last step of this whole procedure. 8055 05:15:34,300 --> 05:15:37,100 I'll be running it on a file that I had generated at home 8056 05:15:37,100 --> 05:15:37,800 as I just said 8057 05:15:37,800 --> 05:15:40,762 because I have four missions to do whatever I want 8058 05:15:40,762 --> 05:15:42,692 with my own Wi-Fi and passwords. 8059 05:15:42,692 --> 05:15:42,989 Okay. 8060 05:15:42,989 --> 05:15:44,029 So for this example, 8061 05:15:44,029 --> 05:15:47,600 I'm going to pick this wi-fi that is called attract of Wi-Fi 8062 05:15:47,600 --> 05:15:49,700 and it's running on channel number 6. 8063 05:15:49,700 --> 05:15:52,700 So what do you want to pick from here is the bssid 8064 05:15:52,700 --> 05:15:53,800 and the channel number 8065 05:15:53,800 --> 05:15:57,100 we need to remember these two things first the bssid 8066 05:15:57,100 --> 05:15:58,600 and Channel number now. 8067 05:15:58,600 --> 05:16:01,600 What do you want to do after that is open up a new window 8068 05:16:01,600 --> 05:16:04,300 on your terminal and login as root. 8069 05:16:05,300 --> 05:16:09,000 Now what we want to do here is run a separate Arrow dumps can 8070 05:16:09,000 --> 05:16:13,300 on this specific bssid and check for all the devices 8071 05:16:13,300 --> 05:16:16,300 that are actually connected to this access point. 8072 05:16:16,300 --> 05:16:18,000 Now we do this by running 8073 05:16:18,000 --> 05:16:20,968 the command airodump-ng and while we're doing this, 8074 05:16:20,968 --> 05:16:23,627 we also want to capture all the scan outputs 8075 05:16:23,627 --> 05:16:26,100 that we actually get into a certain file. 8076 05:16:26,100 --> 05:16:29,900 So we will be actually storing it in a file called capture 8077 05:16:30,073 --> 05:16:33,226 and then we just have to pass in the bssid 8078 05:16:33,300 --> 05:16:40,700 and the interface We also have to specify the channel. 8079 05:16:40,700 --> 05:16:44,351 So let's see what the channel is 1 so the channel is Channel 6. 8080 05:16:44,351 --> 05:16:46,000 So that's what we want to do 8081 05:16:46,000 --> 05:16:49,500 and we specify the Channel with the - see Flags. 8082 05:16:55,100 --> 05:16:57,900 So after you have identified the MAC address, 8083 05:16:57,900 --> 05:17:00,800 all you need to do is copy it down and place it 8084 05:17:00,800 --> 05:17:02,800 with after the bssid flag. 8085 05:17:02,900 --> 05:17:06,500 Okay, so we're going to run our Command out here 8086 05:17:06,500 --> 05:17:08,800 and we just want to say our file is going to be 8087 05:17:08,800 --> 05:17:09,900 well test out capture. 8088 05:17:09,900 --> 05:17:11,958 Now that our scan is up and running. 8089 05:17:11,958 --> 05:17:13,416 All you want to do is wait 8090 05:17:13,416 --> 05:17:16,411 till someone is actually connected to this access point. 8091 05:17:16,411 --> 05:17:18,000 So I forgot to mention this 8092 05:17:18,000 --> 05:17:20,200 for this process to actually work properly. 8093 05:17:20,200 --> 05:17:22,449 Somebody needs to be connected to that access point 8094 05:17:22,449 --> 05:17:25,200 because what we are going to try and do is disconnect. 8095 05:17:25,200 --> 05:17:27,992 That certain device and let them reconnect 8096 05:17:27,992 --> 05:17:29,700 and capture that log file. 8097 05:17:29,799 --> 05:17:30,800 Okay, so it seems 8098 05:17:30,800 --> 05:17:32,800 like nobody is actually connecting to it. 8099 05:17:32,800 --> 05:17:36,900 So at this time I'm going to do is go back to our Aerodrome scan 8100 05:17:36,900 --> 05:17:37,850 that we had run 8101 05:17:37,850 --> 05:17:41,400 on a network interface and look at some other Mac address 8102 05:17:41,400 --> 05:17:43,500 or other access point to actually penetrate 8103 05:17:43,500 --> 05:17:44,900 into and let's see 8104 05:17:44,900 --> 05:17:47,600 if something has actually connected to that. 8105 05:17:48,300 --> 05:17:49,200 Okay, so 8106 05:17:49,300 --> 05:17:51,900 oh la la now what do you see out here is 8107 05:17:51,900 --> 05:17:54,700 that somebody has actually connected to this access point 8108 05:17:54,700 --> 05:17:57,800 and his Mac address can be seen under the station stab. 8109 05:17:57,800 --> 05:17:58,400 Now. 8110 05:17:58,400 --> 05:17:59,978 What we want to do is run 8111 05:17:59,978 --> 05:18:03,200 the authentication broadcast message on that station 8112 05:18:03,200 --> 05:18:04,700 and the authenticate that guy. 8113 05:18:05,700 --> 05:18:08,400 No to actually run the the authentication process. 8114 05:18:08,400 --> 05:18:10,000 All you have to do is go ahead 8115 05:18:10,000 --> 05:18:12,327 and open up a new terminal window again and let 8116 05:18:12,327 --> 05:18:14,200 this can be running in the background. 8117 05:18:14,200 --> 05:18:16,300 Don't use any scanner this moment. 8118 05:18:16,400 --> 05:18:16,727 Okay. 8119 05:18:16,727 --> 05:18:17,897 So the information 8120 05:18:17,897 --> 05:18:20,267 that they need to remember is the bssid 8121 05:18:20,267 --> 05:18:22,700 or rather the Mac ID of the station now, 8122 05:18:22,700 --> 05:18:25,900 you also want your monitoring to be running on the same channel 8123 05:18:25,900 --> 05:18:29,173 so that your the authentication message is being already 8124 05:18:29,173 --> 05:18:30,900 broadcast on the same channel 8125 05:18:30,900 --> 05:18:34,000 so we can do that easily by going airmon-ng 8126 05:18:34,000 --> 05:18:37,100 and saying WL One and you can say start 8127 05:18:37,200 --> 05:18:38,900 on specify channel. 8128 05:18:38,946 --> 05:18:43,253 So what we want to be doing is running this on Channel 6, 8129 05:18:44,300 --> 05:18:48,000 then we want to go and use the third suit of tools 8130 05:18:48,000 --> 05:18:52,100 that is are replay now are replay is used for broadcasting 8131 05:18:52,100 --> 05:18:54,600 the authentication messages and all sorts of stuff. 8132 05:18:54,600 --> 05:18:57,700 Now you can see all this in The Help menu also 8133 05:18:57,700 --> 05:19:00,014 and you can do that by typing in - - 8134 05:19:00,014 --> 05:19:01,800 help if you go down you see 8135 05:19:01,800 --> 05:19:04,100 that you can send the authentication message 8136 05:19:04,100 --> 05:19:05,400 using the - 0 Flag 8137 05:19:05,400 --> 05:19:07,400 and that's exactly what you're going to do. 8138 05:19:08,100 --> 05:19:09,507 Then we stay zero again 8139 05:19:09,507 --> 05:19:12,336 because we wanted constantly send a broadcast 8140 05:19:12,336 --> 05:19:13,700 of the authentication. 8141 05:19:13,700 --> 05:19:15,801 So it's looping basically and until 8142 05:19:15,801 --> 05:19:17,476 and unless we stop the scan. 8143 05:19:17,476 --> 05:19:20,347 Nobody will actually be able to access the Wi-Fi. 8144 05:19:20,347 --> 05:19:22,800 So it's basically like a small toss attack 8145 05:19:23,376 --> 05:19:26,223 and then we want to specify the bssid. 8146 05:19:27,400 --> 05:19:29,700 Okay, so it seems like I forgot the whole a tag 8147 05:19:29,700 --> 05:19:32,700 before the bssid and that should get it working. 8148 05:19:34,300 --> 05:19:35,603 Okay, so it seems 8149 05:19:35,603 --> 05:19:38,900 like I have copied some wrong bssid I guess. 8150 05:19:39,500 --> 05:19:42,400 So, let me just go ahead and copy that once properly. 8151 05:19:45,200 --> 05:19:45,900 Okay. 8152 05:19:45,900 --> 05:19:48,300 So now that we have the proper bssid 8153 05:19:48,300 --> 05:19:49,560 as you guys can see 8154 05:19:49,560 --> 05:19:52,935 we are running the authentication broadcast message 8155 05:19:52,935 --> 05:19:55,500 on that particular network access card, 8156 05:19:55,500 --> 05:19:59,700 and now you want to run this for around a couple of minutes 8157 05:19:59,700 --> 05:20:01,137 so that you become sure 8158 05:20:01,137 --> 05:20:03,500 that all the devices have disconnected. 8159 05:20:03,500 --> 05:20:05,000 Now while this is happening 8160 05:20:05,000 --> 05:20:07,400 what you're doing is basically sending a Dos attack 8161 05:20:07,400 --> 05:20:11,100 to that small little Wi-Fi and you want to catch the handshake 8162 05:20:11,100 --> 05:20:13,612 that occurs between devices and the router 8163 05:20:13,612 --> 05:20:16,800 that it is connected to while reconnecting themselves 8164 05:20:19,500 --> 05:20:19,800 Okay. 8165 05:20:19,800 --> 05:20:22,700 So now that we've let's can run for a couple of minutes. 8166 05:20:22,700 --> 05:20:24,000 Let us just stop it. 8167 05:20:26,000 --> 05:20:28,800 Let's stop this others can too now. 8168 05:20:28,800 --> 05:20:32,200 If I go and list out the files on my desktop, 8169 05:20:32,200 --> 05:20:32,900 you should see 8170 05:20:32,900 --> 05:20:35,300 that there's something called the test capture. 8171 05:20:35,300 --> 05:20:39,303 Now, the test capsule is given to us in various formats. 8172 05:20:39,303 --> 05:20:43,390 We have the capture format, which is just capture - 0 1. 8173 05:20:43,390 --> 05:20:46,012 Cap and then we have test capture CSV. 8174 05:20:46,012 --> 05:20:47,500 We have a Kismet CSV. 8175 05:20:47,500 --> 05:20:48,900 So it gives you a bunch 8176 05:20:48,900 --> 05:20:51,700 of formats to actually run your cracking on now 8177 05:20:51,700 --> 05:20:53,500 if you remember I had told you all 8178 05:20:53,500 --> 05:20:55,900 that I have already generated a similar. 8179 05:20:56,600 --> 05:20:58,000 At home, basically 8180 05:20:58,200 --> 05:21:00,800 when I was trying to crack into my own home password, 8181 05:21:00,900 --> 05:21:03,366 so I will be running the tests on that file 8182 05:21:03,366 --> 05:21:05,617 or the cracking procedure on that file. 8183 05:21:05,617 --> 05:21:08,500 And that is the last step of this whole procedure. 8184 05:21:08,500 --> 05:21:11,000 So, let me just go ahead and move into that folder. 8185 05:21:11,000 --> 05:21:14,235 So I go see these can now as you guys can see out here 8186 05:21:14,235 --> 05:21:15,700 if I list down the files 8187 05:21:15,700 --> 05:21:18,854 if you can see a Capture One Dot Capture One Dot CSV. 8188 05:21:18,854 --> 05:21:21,207 This is Kismet CSV and this and that XML. 8189 05:21:21,207 --> 05:21:22,900 So I was not lying when I said 8190 05:21:22,900 --> 05:21:24,549 that I have already done this at home. 8191 05:21:24,549 --> 05:21:25,900 So we are going to run out. 8192 05:21:25,900 --> 05:21:28,000 Cracking process on capture with 0 1. 8193 05:21:28,000 --> 05:21:28,800 Cap now. 8194 05:21:28,800 --> 05:21:31,300 Let me just tell you guys the password for my home. 8195 05:21:31,300 --> 05:21:34,200 Wi-Fi is sweet ship 346 so you can say 8196 05:21:34,200 --> 05:21:35,824 that I know the entire password, 8197 05:21:35,824 --> 05:21:37,500 but I'm going to act like somebody 8198 05:21:37,500 --> 05:21:41,400 who only has a general idea of what my password look like. 8199 05:21:41,400 --> 05:21:42,800 So let's say I know 8200 05:21:42,800 --> 05:21:44,686 that my password contains tweet ship 8201 05:21:44,686 --> 05:21:47,706 but I don't really know the last three numbers or letters 8202 05:21:47,706 --> 05:21:49,000 or whatever they may be. 8203 05:21:49,000 --> 05:21:52,187 Okay, so we are going to use crunch once again 8204 05:21:52,187 --> 05:21:54,100 to generate a list of words 8205 05:21:54,100 --> 05:21:58,300 that might include Egypt 346 and let me just open 8206 05:21:58,300 --> 05:22:00,400 the crunch manual for once now 8207 05:22:00,400 --> 05:22:02,500 if you go down in the crunch manual 8208 05:22:02,500 --> 05:22:04,400 what you'll see is the - 8209 05:22:04,400 --> 05:22:07,700 t so as you guys can see there is a pattern 8210 05:22:07,700 --> 05:22:10,405 that is pit specified like after it at the red God 8211 05:22:10,405 --> 05:22:12,700 and Then followed by four other ad rates 8212 05:22:12,700 --> 05:22:13,963 and all the ad rates 8213 05:22:13,963 --> 05:22:16,600 will be replaced by a lowercase character. 8214 05:22:16,600 --> 05:22:19,600 Now you can remove other eight and use a comma 8215 05:22:19,600 --> 05:22:22,500 and be replaced with an uppercase character 8216 05:22:22,500 --> 05:22:23,800 or you can use percentages 8217 05:22:23,800 --> 05:22:25,533 which in case it would be numbers. 8218 05:22:25,533 --> 05:22:27,161 Or you could use the caret sign 8219 05:22:27,161 --> 05:22:29,000 in which case it will insert symbol. 8220 05:22:29,000 --> 05:22:31,100 So when you know the length of the password 8221 05:22:31,100 --> 05:22:33,800 and also a certain degree of few letters, 8222 05:22:33,800 --> 05:22:35,362 you can use the hyphen T flag. 8223 05:22:35,362 --> 05:22:36,300 So that is exactly 8224 05:22:36,300 --> 05:22:38,400 what we are going to use with crunch out here 8225 05:22:38,400 --> 05:22:39,500 for this example. 8226 05:22:39,500 --> 05:22:42,400 So, let me just remind you guys that the password 8227 05:22:42,400 --> 05:22:45,400 for my home Wi-Fi is we chipped 346. 8228 05:22:46,100 --> 05:22:48,518 Now what we can do is we can ask crunch 8229 05:22:48,518 --> 05:22:52,400 to actually generate something that looks like sweet ship 346. 8230 05:22:52,998 --> 05:22:58,269 So what I could do is say crunch So the minimum length is 12. 8231 05:22:58,269 --> 05:22:59,000 I already know 8232 05:22:59,000 --> 05:23:01,800 that and the maximum length is also 12 now. 8233 05:23:01,800 --> 05:23:03,900 Let me just input in the pattern. 8234 05:23:04,015 --> 05:23:06,784 So we put in the pattern after - tea. 8235 05:23:07,800 --> 05:23:10,700 So now I'm going to show you how long it can take. 8236 05:23:10,700 --> 05:23:12,300 So we are just going to say sweet 8237 05:23:12,300 --> 05:23:14,530 and then put in some ad rates 8238 05:23:14,600 --> 05:23:17,600 and then also get a try and guess in the numbers. 8239 05:23:17,700 --> 05:23:19,021 So after you've put 8240 05:23:19,021 --> 05:23:22,500 in the pattern you want to also input which letters 8241 05:23:22,500 --> 05:23:23,885 and numbers it could be 8242 05:23:23,885 --> 05:23:27,200 and I'm just going to input my entire keyboard out here. 8243 05:23:27,200 --> 05:23:31,516 Now, what you want to do is pipe this command through aircrack-ng 8244 05:23:31,516 --> 05:23:33,000 is cracking procedure. 8245 05:23:34,800 --> 05:23:35,146 Okay. 8246 05:23:35,146 --> 05:23:39,300 So now what we want to do is type this command to aircrack-ng 8247 05:23:39,900 --> 05:23:41,507 and we want to write 8248 05:23:41,507 --> 05:23:44,584 from a rather read from the capture file. 8249 05:23:45,300 --> 05:23:48,100 So what we go is - W and then - 8250 05:23:48,100 --> 05:23:50,200 and then the capture file name. 8251 05:23:50,200 --> 05:23:51,500 So capture 0 1. 8252 05:23:51,500 --> 05:23:55,246 Cap and then we also have to specify the essid 8253 05:23:55,246 --> 05:23:59,500 which is given to the E flag and the essid for my home. 8254 05:23:59,500 --> 05:24:03,200 Wi-Fi is Nest away underscore cc105. 8255 05:24:03,200 --> 05:24:05,900 So that's actly what I'm going to type in 8256 05:24:05,900 --> 05:24:10,900 and this will start the cracking process on my Wi-Fi 8257 05:24:10,915 --> 05:24:12,684 from the captured file. 8258 05:24:12,800 --> 05:24:15,541 So as you guys can see this is going to take 8259 05:24:15,541 --> 05:24:17,200 a long long long long time 8260 05:24:17,200 --> 05:24:19,600 and I'm not really actually going to complete it. 8261 05:24:19,600 --> 05:24:20,550 So in this time, 8262 05:24:20,550 --> 05:24:23,700 I'm actually just going to try and explain why this is 8263 05:24:23,700 --> 05:24:27,100 not very feasible on a virtual Network. 8264 05:24:27,100 --> 05:24:28,700 So basically this is not feasible 8265 05:24:28,700 --> 05:24:31,100 because at this moment why computer is using 8266 05:24:31,100 --> 05:24:33,300 all four of its course and all the memory 8267 05:24:33,300 --> 05:24:34,300 that is possible. 8268 05:24:34,400 --> 05:24:37,400 So what this means is on a virtual box. 8269 05:24:37,400 --> 05:24:40,600 This is not really possible your virtualbox don't really 8270 05:24:40,600 --> 05:24:41,900 have that much power. 8271 05:24:41,900 --> 05:24:45,400 If you are using a 4 core processor computer only two 8272 05:24:45,400 --> 05:24:47,864 of its maximum course can be actually allotted 8273 05:24:47,864 --> 05:24:50,100 to your virtual box machine above that. 8274 05:24:50,100 --> 05:24:52,329 You can't really give it the entire memory 8275 05:24:52,329 --> 05:24:54,800 because that will make your computer crash. 8276 05:24:54,800 --> 05:24:57,600 So if you want to do something like this, 8277 05:24:57,600 --> 05:25:01,646 it's better that you install Kali Linux as a dual boot or as 8278 05:25:01,646 --> 05:25:05,200 your own daily driver and then you can do this. 8279 05:25:05,200 --> 05:25:08,800 So this is why I have not done this on a virtual machine 8280 05:25:08,800 --> 05:25:11,184 and instead downest on deep in Linux, 8281 05:25:11,184 --> 05:25:13,900 which is my daily driver operating system. 8282 05:25:13,900 --> 05:25:16,300 Now as you guys can see this constantly trying 8283 05:25:16,300 --> 05:25:17,900 to actually guess the password 8284 05:25:17,900 --> 05:25:20,300 by actually going through all the permutations 8285 05:25:20,300 --> 05:25:21,351 and combinations. 8286 05:25:21,351 --> 05:25:24,700 That is basically it's taking in all the words generated 8287 05:25:24,700 --> 05:25:27,400 from crunch piping it into the current command. 8288 05:25:27,400 --> 05:25:30,600 That is the aircrack-ng command and is comparing everything. 8289 05:25:31,200 --> 05:25:33,700 So what I'm going to do is I'm actually going to end this 8290 05:25:33,700 --> 05:25:36,500 because this will take a very very very long time. 8291 05:25:36,500 --> 05:25:39,100 And what we're going to do is we're going to actually try 8292 05:25:39,100 --> 05:25:42,000 and shorten the command of the or the amount of guessing 8293 05:25:42,000 --> 05:25:43,199 that you're trying to do. 8294 05:25:43,199 --> 05:25:44,800 So, let me just try and do that. 8295 05:25:44,800 --> 05:25:46,836 So as you guys can see out here, 8296 05:25:46,836 --> 05:25:49,080 I have reduced the number of alphabets 8297 05:25:49,080 --> 05:25:50,900 that might be actually tested. 8298 05:25:50,900 --> 05:25:52,081 But even in this case, 8299 05:25:52,081 --> 05:25:53,900 this will take a humongous amount 8300 05:25:53,900 --> 05:25:56,000 of time and let me just show that to you. 8301 05:25:56,100 --> 05:25:59,045 So as you guys can see the test is running running 8302 05:25:59,045 --> 05:26:00,162 running and running 8303 05:26:00,162 --> 05:26:03,200 and and there's not really much you can do you can just 8304 05:26:03,200 --> 05:26:05,100 let this run go out for a cup of coffee 8305 05:26:05,100 --> 05:26:06,200 and then come back 8306 05:26:06,200 --> 05:26:08,047 and you might still see that drawing. 8307 05:26:08,047 --> 05:26:10,100 It really depends on what the password is 8308 05:26:10,100 --> 05:26:12,500 and how much time it takes to crack it 8309 05:26:12,500 --> 05:26:15,600 and how much processing power you have directly affects 8310 05:26:15,600 --> 05:26:19,838 how much time this will take so let me just show you guys 8311 05:26:19,838 --> 05:26:22,300 that this is taking a bunch of time. 8312 05:26:27,100 --> 05:26:27,800 Okay. 8313 05:26:27,800 --> 05:26:30,574 So now that I have fast-forwarded a lot 8314 05:26:30,574 --> 05:26:32,400 into the scan you can see 8315 05:26:32,400 --> 05:26:34,687 that I have tried almost two one two, 8316 05:26:34,687 --> 05:26:36,253 seven six zero eight keys. 8317 05:26:36,253 --> 05:26:38,322 So that's more than a million Keys. 8318 05:26:38,322 --> 05:26:39,600 That's 2 million keys 8319 05:26:39,600 --> 05:26:43,200 that have tried so and it still hasn't reached at 3:46. 8320 05:26:43,200 --> 05:26:46,100 So what we're going to do is just to show you 8321 05:26:46,100 --> 05:26:49,300 for demonstration purposes that this procedure actually works. 8322 05:26:49,300 --> 05:26:52,300 Let me just shorten guessing even more. 8323 05:26:52,300 --> 05:26:54,900 So what we want to do is this time we want 8324 05:26:54,900 --> 05:26:56,500 to just guess the numbers 8325 05:26:56,500 --> 05:26:59,700 so We'll modify our Command accordingly. 8326 05:26:59,900 --> 05:27:01,800 So we just put in 8327 05:27:01,800 --> 05:27:06,200 sweet chip and let the algorithm just guess at 3:46 part. 8328 05:27:06,200 --> 05:27:08,376 So we're going to remove the alphabets 8329 05:27:08,376 --> 05:27:10,087 from the guessing scope also 8330 05:27:10,087 --> 05:27:11,565 and as you guys can see 8331 05:27:11,565 --> 05:27:14,200 the password is almost immediately guessed 8332 05:27:14,200 --> 05:27:16,700 because only 456 keys were tested. 8333 05:27:16,700 --> 05:27:19,895 And as you guys can see it shows that the key was found 8334 05:27:19,895 --> 05:27:22,733 and it's sweet ship 346 now let me also show you 8335 05:27:22,733 --> 05:27:25,438 that it works with the guessing of letters just 8336 05:27:25,438 --> 05:27:27,000 because I don't think of did 8337 05:27:27,000 --> 05:27:29,600 that letters are also guest and not just numbers. 8338 05:27:29,600 --> 05:27:32,800 So let me make it just gets the P part that is sweet. 8339 05:27:32,800 --> 05:27:36,000 She and then it should guess B and then 346. 8340 05:27:36,000 --> 05:27:38,004 So let me just show you that and 8341 05:27:38,004 --> 05:27:41,200 as you guys can see it guesses it almost immediately 8342 05:27:41,200 --> 05:27:43,900 after just going through 15,000 Keys. 8343 05:27:43,900 --> 05:27:46,100 Okay, so that brings us to the end 8344 05:27:46,100 --> 05:27:48,215 of this wi-fi cracking tutorial 8345 05:27:48,215 --> 05:27:50,400 and also to the end of this video 8346 05:27:50,400 --> 05:27:53,000 which was regarding ethical hacking using Kali Linux. 8347 05:27:53,000 --> 05:27:55,100 I hope you guys had a bunch of fun learning 8348 05:27:55,100 --> 05:27:57,000 about Mac changes proxy chain. 8349 05:27:57,000 --> 05:28:00,700 And a bunch of stuff that we did like Wi-Fi password cracking. 8350 05:28:00,700 --> 05:28:03,429 I hope you practice these procedures and methodologies 8351 05:28:03,429 --> 05:28:06,900 that have thought you only for your own educational purposes 8352 05:28:06,900 --> 05:28:10,629 and not use it to harm anybody or do anything harmful with it 8353 05:28:10,629 --> 05:28:13,100 because let me just tell you very seriously 8354 05:28:13,100 --> 05:28:15,302 that you can be prosecuted by the law. 8355 05:28:15,302 --> 05:28:18,100 So let's end this video on a good note by saying 8356 05:28:18,100 --> 05:28:20,758 please practice this for only educational purposes. 8357 05:28:20,758 --> 05:28:22,300 Let me just show you that and 8358 05:28:22,300 --> 05:28:25,500 as you guys can see it guesses it almost immediately 8359 05:28:25,500 --> 05:28:28,100 after just going through 18,000 Keys. 8360 05:28:28,100 --> 05:28:30,368 Okay, so that brings us to the end 8361 05:28:30,368 --> 05:28:32,500 of this wi-fi cracking tutorial 8362 05:28:32,500 --> 05:28:34,700 and also to the end of this video 8363 05:28:34,700 --> 05:28:37,300 which was regarding ethical hacking using Kali Linux. 8364 05:28:37,300 --> 05:28:39,400 I hope you guys had a bunch of fun learning 8365 05:28:39,400 --> 05:28:42,455 about Mac changes proxy chains and a bunch of stuff 8366 05:28:42,455 --> 05:28:44,900 that we did like Wi-Fi password cracking. 8367 05:28:44,900 --> 05:28:47,688 I hope you practice these procedures and methodologies 8368 05:28:47,688 --> 05:28:51,179 that have taught you only for your own educational purposes 8369 05:28:51,179 --> 05:28:54,800 and not use it to harm anybody or do anything harmful with it 8370 05:28:54,800 --> 05:28:57,100 because let me just tell you when he sees this. 8371 05:28:57,100 --> 05:28:59,596 You that you can be prosecuted by the law. 8372 05:28:59,596 --> 05:29:02,456 So let's end this video on a good note by saying 8373 05:29:02,456 --> 05:29:05,500 please practice this for only educational purposes. 8374 05:29:10,107 --> 05:29:13,900 If you are a hacker pentester security researcher 8375 05:29:13,900 --> 05:29:15,000 or just another person 8376 05:29:15,000 --> 05:29:17,600 who picks Google in front of friends to look cool, 8377 05:29:17,700 --> 05:29:18,500 then it's likely 8378 05:29:18,500 --> 05:29:21,687 that you must have already known about some Linux distros, 8379 05:29:21,687 --> 05:29:23,700 which are particularly made for them. 8380 05:29:23,700 --> 05:29:24,068 Today. 8381 05:29:24,068 --> 05:29:27,200 We're going to explore one such Linux distro parrot. 8382 05:29:27,200 --> 05:29:30,600 Security OS one of the leading Linux distribution 8383 05:29:30,600 --> 05:29:33,600 and penetration testing and ethical hacking. 8384 05:29:33,600 --> 05:29:36,608 So let's quickly go through today's agenda first. 8385 05:29:36,608 --> 05:29:38,300 We will Begin by discussing 8386 05:29:38,300 --> 05:29:41,587 how Linux distributions are suitable for ethical hacking 8387 05:29:41,587 --> 05:29:43,631 and different type of Linux distros 8388 05:29:43,631 --> 05:29:45,854 that are available for ethical hacking 8389 05:29:45,854 --> 05:29:47,371 and penetration testing. 8390 05:29:47,371 --> 05:29:49,900 Then we will begin with our today's topic 8391 05:29:49,900 --> 05:29:51,613 which is parrot security OS 8392 05:29:51,613 --> 05:29:54,153 we will discuss its features its history. 8393 05:29:54,153 --> 05:29:57,200 If or not parrot security OS is suitable for you. 8394 05:29:57,200 --> 05:29:58,815 Moving on we will see 8395 05:29:58,815 --> 05:30:02,584 how particular day OS is different from Kali Linux 8396 05:30:02,600 --> 05:30:04,134 and then I'll show you 8397 05:30:04,134 --> 05:30:07,900 how to install parrot security OS using VMware software 8398 05:30:07,900 --> 05:30:10,572 and finally we'll end the session by taking 8399 05:30:10,572 --> 05:30:13,543 a look at few popular parrot security OS tools. 8400 05:30:13,543 --> 05:30:15,944 So I hope agenda was cleared you guys. 8401 05:30:15,944 --> 05:30:17,941 Let's get started then a security 8402 05:30:17,941 --> 05:30:21,080 focused operating system is a hacker's best friend 8403 05:30:21,080 --> 05:30:24,000 as it helps a hacker to detect the weaknesses 8404 05:30:24,000 --> 05:30:26,800 in computer systems or computer networks. 8405 05:30:26,800 --> 05:30:30,211 whether you want to pursue a career in information security 8406 05:30:30,211 --> 05:30:33,270 or you are already working as a security professional 8407 05:30:33,270 --> 05:30:36,200 or if you are just interested in this specific field 8408 05:30:36,200 --> 05:30:38,500 for fun or decent Linux distro, 8409 05:30:38,500 --> 05:30:41,700 that suits your purpose is always a must now 8410 05:30:41,700 --> 05:30:42,900 if you're wondering 8411 05:30:42,900 --> 05:30:46,329 what a line X destroys it is a Linux distribution 8412 05:30:46,329 --> 05:30:50,500 that has been curated to perform security related tasks on most 8413 05:30:50,500 --> 05:30:54,459 of the time a lonex distro will have a line X base of the Ubuntu 8414 05:30:54,459 --> 05:30:58,500 or Debian flavor and the usually Some custom tools pre-installed 8415 05:30:58,500 --> 05:30:59,314 in it as well. 8416 05:30:59,314 --> 05:31:01,700 As you guys know line X is the best choice 8417 05:31:01,700 --> 05:31:04,478 for Security Professionals for obvious reasons. 8418 05:31:04,478 --> 05:31:05,083 And hence. 8419 05:31:05,083 --> 05:31:07,885 Most of the Destroyers are usually built on it 8420 05:31:07,885 --> 05:31:09,662 a line X distro can help you 8421 05:31:09,662 --> 05:31:11,027 in performing analysis 8422 05:31:11,027 --> 05:31:14,600 ethical hacking then iteration testing digital forensic task 8423 05:31:14,600 --> 05:31:16,600 and various other auditing purpose, 8424 05:31:16,600 --> 05:31:18,443 but guys apart from these destroys. 8425 05:31:18,443 --> 05:31:21,100 There are other open source tools as well that you 8426 05:31:21,100 --> 05:31:23,949 can bundle and use as per customer requirements, 8427 05:31:23,949 --> 05:31:26,800 but using these destroys have lot of advantages. 8428 05:31:26,800 --> 05:31:27,750 Like first default, 8429 05:31:27,750 --> 05:31:30,550 they save a lot of time and effort that you need to spend 8430 05:31:30,550 --> 05:31:32,800 when you are dealing with customer requirements. 8431 05:31:32,800 --> 05:31:35,333 Secondly the help beginners to easily start 8432 05:31:35,333 --> 05:31:36,600 with security testing 8433 05:31:36,600 --> 05:31:38,900 without having to get into the nitty gritties 8434 05:31:38,900 --> 05:31:40,100 of operating system. 8435 05:31:40,100 --> 05:31:41,400 And lastly the most 8436 05:31:41,400 --> 05:31:44,205 popular reason is you have great pool of distros 8437 05:31:44,205 --> 05:31:45,817 that you can choose from most 8438 05:31:45,817 --> 05:31:48,725 of the time Kali Linux is the obvious first choice 8439 05:31:48,725 --> 05:31:51,200 of operating system for every new hacker. 8440 05:31:51,200 --> 05:31:53,700 If you ask me why the obvious answer would be 8441 05:31:53,700 --> 05:31:57,200 because Kali Linux is lot of cool things it comes bundled. 8442 05:31:57,200 --> 05:32:00,020 With the curated collection of tools moreover. 8443 05:32:00,020 --> 05:32:03,135 These tools are organized into easy-to-navigate menu 8444 05:32:03,135 --> 05:32:04,492 and a Lifeboat option. 8445 05:32:04,492 --> 05:32:08,200 That's very new be user-friendly as an it's very friendly 8446 05:32:08,200 --> 05:32:09,594 to new ethical hacker, 8447 05:32:09,594 --> 05:32:12,455 but guys cullinane X is in the only distribution 8448 05:32:12,455 --> 05:32:14,465 which is targeted at pentesters. 8449 05:32:14,465 --> 05:32:17,522 There are many exciting Alternatives that may better 8450 05:32:17,522 --> 05:32:18,635 fit your use case. 8451 05:32:18,635 --> 05:32:21,800 Anyway, let's begin our discussion with Kali Linux. 8452 05:32:21,800 --> 05:32:24,900 It was developed by a fancy security as a rewrite 8453 05:32:24,900 --> 05:32:27,100 of backtrack Kali Linux distro. 8454 05:32:27,100 --> 05:32:29,294 Those tops the list of best operating system 8455 05:32:29,294 --> 05:32:31,000 for ethical hacking purposes. 8456 05:32:31,000 --> 05:32:32,906 And then there is parrot security OS 8457 05:32:32,906 --> 05:32:34,651 which is our today's discussion. 8458 05:32:34,651 --> 05:32:37,298 It is a mixture of Frozen box operating system 8459 05:32:37,298 --> 05:32:38,100 and Kali Linux. 8460 05:32:38,100 --> 05:32:41,200 It's the second most popular operating system vertical acting 8461 05:32:41,200 --> 05:32:42,800 and penetration testing is well, 8462 05:32:42,900 --> 05:32:44,841 and then you have back box Linux. 8463 05:32:44,841 --> 05:32:48,300 It's a win to based operating system with its focus mainly 8464 05:32:48,300 --> 05:32:51,232 on security assessment and penetration testing. 8465 05:32:51,232 --> 05:32:53,400 Then you have been to and excellent 8466 05:32:53,400 --> 05:32:55,900 hacking operating system with wide variety of tools 8467 05:32:55,900 --> 05:32:57,900 that you can choose from Apart 8468 05:32:57,900 --> 05:33:02,400 from this you have deaf clinics blackout lining cyborg backtrack 8469 05:33:02,400 --> 05:33:03,449 and many others. 8470 05:33:03,449 --> 05:33:05,220 But as for today's session, 8471 05:33:05,220 --> 05:33:08,500 we will be discussing about parrot operating system 8472 05:33:08,500 --> 05:33:10,561 that it OS is the second most 8473 05:33:10,561 --> 05:33:14,400 popular Linux distro vertical hacking after Kali Linux. 8474 05:33:14,400 --> 05:33:17,400 It is a comprehensive portable security lab 8475 05:33:17,400 --> 05:33:20,900 that you can use for cloud penetration testing computer 8476 05:33:20,900 --> 05:33:24,639 for insects reverse engineering hacking cryptography 8477 05:33:24,639 --> 05:33:26,900 and many other security purposes. 8478 05:33:26,900 --> 05:33:30,600 Now a little bit about his history the first release 8479 05:33:30,600 --> 05:33:34,000 of parrot OS appeared in April 10 2013. 8480 05:33:34,200 --> 05:33:37,500 Originally it was developed as part of Frozen box. 8481 05:33:37,500 --> 05:33:39,894 Now it has grown to include a community 8482 05:33:39,894 --> 05:33:41,532 of Open Source developers 8483 05:33:41,532 --> 05:33:45,400 Professional Security Experts Advocates of digital rights 8484 05:33:45,400 --> 05:33:48,700 and Linux enthusiasts from all over the world. 8485 05:33:48,700 --> 05:33:51,556 Well compared to others para sacar TOS promises 8486 05:33:51,556 --> 05:33:53,496 a lightweight operating system 8487 05:33:53,496 --> 05:33:56,600 and it's highly efficient along with its plethora 8488 05:33:56,600 --> 05:34:00,700 of Recognize tools you also get the opportunity to work 8489 05:34:00,700 --> 05:34:02,391 and surf anonymously 8490 05:34:02,400 --> 05:34:05,210 which is like a granted wish to an ethical hacker 8491 05:34:05,210 --> 05:34:08,617 or any penetration tester will learn about other features 8492 05:34:08,617 --> 05:34:10,500 in the later part of the session. 8493 05:34:10,500 --> 05:34:15,400 So moving on since its release in 2013 parrot has grown rapidly 8494 05:34:15,400 --> 05:34:16,630 and currently offers 8495 05:34:16,630 --> 05:34:20,265 many different flavors targeted towards different use cases. 8496 05:34:20,265 --> 05:34:20,994 For example, 8497 05:34:20,994 --> 05:34:22,909 like I said, we have para security. 8498 05:34:22,909 --> 05:34:24,547 It's the original parrot OS 8499 05:34:24,547 --> 05:34:26,899 and is designed with penetration testing. 8500 05:34:26,900 --> 05:34:28,684 Forensics hacking development 8501 05:34:28,684 --> 05:34:31,644 and privacy in mind then you also have parrot home 8502 05:34:31,644 --> 05:34:34,000 which is targeted towards desktop users. 8503 05:34:34,000 --> 05:34:36,482 It strips out the penetration testing packages 8504 05:34:36,482 --> 05:34:39,600 and presents are nicely configured Debian environment. 8505 05:34:39,600 --> 05:34:41,942 Then you have parrot are it's focused 8506 05:34:41,942 --> 05:34:45,000 on wireless penetration testing borrowed Studio. 8507 05:34:45,000 --> 05:34:47,509 It's designed with multimedia Creation in mind. 8508 05:34:47,509 --> 05:34:49,800 Then you have parrot Cloud the most popular 8509 05:34:49,800 --> 05:34:53,010 it Target server applications giving the user access 8510 05:34:53,010 --> 05:34:56,000 to full suit of penetration testing tools included 8511 05:34:56,000 --> 05:34:57,100 in part security. 8512 05:34:57,200 --> 05:34:59,600 But it doesn't have a graphical front end 8513 05:34:59,600 --> 05:35:02,100 like we do in Paris security moving on. 8514 05:35:02,100 --> 05:35:03,700 We also have parrot iot. 8515 05:35:03,700 --> 05:35:06,600 It's designed for low resources devices such as 8516 05:35:06,600 --> 05:35:08,231 orange Pi Raspberry Pi 8517 05:35:08,231 --> 05:35:10,900 and you have pine 64 and many others. 8518 05:35:10,900 --> 05:35:11,700 So it's true 8519 05:35:11,700 --> 05:35:14,300 that pallet security was doesn't have large community 8520 05:35:14,300 --> 05:35:16,900 of users behind it as Kali Linux dust, 8521 05:35:16,900 --> 05:35:19,094 but the distribution has been gaining a lot 8522 05:35:19,094 --> 05:35:20,400 of momentum recent years. 8523 05:35:20,400 --> 05:35:22,700 So things could be very different just a year 8524 05:35:22,700 --> 05:35:23,500 or two from now. 8525 05:35:23,700 --> 05:35:25,700 So let me convince you more. 8526 05:35:25,700 --> 05:35:28,815 Let's just discuss A features of parasitic rtos. 8527 05:35:28,815 --> 05:35:31,400 Let's start with the system requirement. 8528 05:35:31,400 --> 05:35:33,042 It's based on Debian 9. 8529 05:35:33,042 --> 05:35:34,400 It runs on a custom 8530 05:35:34,400 --> 05:35:38,389 hardened line X 4.5 kernel uses a mate desktop 8531 05:35:38,389 --> 05:35:40,620 and light DM display manager. 8532 05:35:40,900 --> 05:35:44,100 It requires a minimum of 256 MB RAM 8533 05:35:44,100 --> 05:35:48,100 and works with both 32 and 64-bit systems as well as 8534 05:35:48,100 --> 05:35:50,500 a are incompatible version apart 8535 05:35:50,500 --> 05:35:53,894 on this parrot OS can also be installed on cloud 8536 05:35:53,894 --> 05:35:57,100 and updated to perform cloud-based security. 8537 05:35:57,400 --> 05:35:59,861 So basically it runs on Debian 9. 8538 05:36:00,015 --> 05:36:03,784 It is compatible with 32 as well as 64-bit systems 8539 05:36:04,000 --> 05:36:05,900 and a RM systems as well 8540 05:36:06,100 --> 05:36:09,100 and it requires a minimum of 256 MB RAM. 8541 05:36:09,100 --> 05:36:12,324 So those are the system requirements moving on it 8542 05:36:12,324 --> 05:36:13,956 also supports anonymity. 8543 05:36:13,956 --> 05:36:17,964 It offers a tool called and non surf including anonymization 8544 05:36:17,964 --> 05:36:19,800 of entire operating system. 8545 05:36:19,800 --> 05:36:21,100 It comes with custom-built 8546 05:36:21,100 --> 05:36:24,625 anti-foreign sick tools interfaces for gpg and crisp 8547 05:36:24,625 --> 05:36:26,400 that up originally it also 8548 05:36:26,400 --> 05:36:30,488 supports Bose encryption tools such as Elle UK has truecrypt 8549 05:36:30,488 --> 05:36:34,700 and veracrypt and many others moving on it also supports 8550 05:36:34,700 --> 05:36:37,762 forensic boot option to shut put Ottomans 8551 05:36:37,762 --> 05:36:39,600 plus many more it braces 8552 05:36:39,600 --> 05:36:43,500 Falcon programming language multiple compilers debuggers 8553 05:36:43,500 --> 05:36:46,115 and Beyond it also provides full support 8554 05:36:46,115 --> 05:36:49,200 for developing Frameworks for embedding systems 8555 05:36:49,200 --> 05:36:50,800 and many other amazing features. 8556 05:36:51,000 --> 05:36:53,855 So Guys, these are few features of para todos. 8557 05:36:53,855 --> 05:36:56,664 So basically parrot operating system supports 8558 05:36:56,664 --> 05:37:00,145 and Amity it offers different kind of cryptography tools. 8559 05:37:00,145 --> 05:37:04,228 It also supports forensic mode and it also provides opportunity 8560 05:37:04,228 --> 05:37:06,694 to develop Frameworks for embedded systems 8561 05:37:06,694 --> 05:37:09,100 and many other amazing features moving on 8562 05:37:09,100 --> 05:37:11,805 before you go ahead and use parrot OS there are 8563 05:37:11,805 --> 05:37:13,351 some important considerations 8564 05:37:13,351 --> 05:37:15,262 that you need to take a look at first 8565 05:37:15,262 --> 05:37:18,182 of all parrot towards provides general purpose features, 8566 05:37:18,182 --> 05:37:20,177 like any other normal operating system, 8567 05:37:20,177 --> 05:37:23,259 but guys before you go ahead and use para Todo es there are 8568 05:37:23,259 --> 05:37:24,800 some important considerations 8569 05:37:24,800 --> 05:37:26,834 that you need to take a look at first. 8570 05:37:26,834 --> 05:37:29,200 Of all it provides general purpose features, 8571 05:37:29,200 --> 05:37:31,300 like any other normal operating system does 8572 05:37:31,400 --> 05:37:34,424 but at its core it is still tuned for security 8573 05:37:34,424 --> 05:37:35,500 and foreign six. 8574 05:37:35,500 --> 05:37:37,852 Now, let's see how different parrot OS is 8575 05:37:37,852 --> 05:37:39,260 from other distributions. 8576 05:37:39,260 --> 05:37:42,300 Bharat is different from a general-purpose distribution 8577 05:37:42,300 --> 05:37:45,200 because it does not try to hide its features. 8578 05:37:45,200 --> 05:37:48,552 For example, there is a tool called parrot update reminder. 8579 05:37:48,552 --> 05:37:51,600 It's simple yet powerful program using this program. 8580 05:37:51,600 --> 05:37:54,129 You can check for system upgrades once a week, 8581 05:37:54,129 --> 05:37:56,996 but instead of hiding the upgrade process behind it. 8582 05:37:56,996 --> 05:37:59,473 This part like any other operating system. 8583 05:37:59,473 --> 05:38:01,826 It shows the user the full update process 8584 05:38:01,826 --> 05:38:03,056 from the APT output. 8585 05:38:03,056 --> 05:38:05,700 So you can see the upgrade process going on. 8586 05:38:05,700 --> 05:38:07,600 Secondly parrot was designed 8587 05:38:07,600 --> 05:38:11,000 to be a very comfortable environment for Security Experts 8588 05:38:11,000 --> 05:38:11,960 and researchers. 8589 05:38:11,960 --> 05:38:14,600 It includes many basic programs for daily use 8590 05:38:14,600 --> 05:38:17,500 which other penetration testing distributions usually 8591 05:38:17,500 --> 05:38:21,200 exclude part security includes its own sandbox system. 8592 05:38:21,200 --> 05:38:25,066 I mean, it provides a secure distribution user applications 8593 05:38:25,066 --> 05:38:28,600 and parrot are protected to Emmett the damages in case 8594 05:38:28,600 --> 05:38:31,000 if the system is compromised anytime. 8595 05:38:31,000 --> 05:38:33,000 So this way no harm is caused. 8596 05:38:33,000 --> 05:38:36,263 So like we discussed earlier it also supports Digital 8597 05:38:36,263 --> 05:38:39,840 four and six digital forensics experts need an environment 8598 05:38:39,840 --> 05:38:42,100 that does not compromise their proof. 8599 05:38:42,100 --> 05:38:44,525 So pirate comes with Autumn and functions 8600 05:38:44,525 --> 05:38:46,240 which are disabled by default 8601 05:38:46,240 --> 05:38:48,900 to all of four and six Acquisitions to perform 8602 05:38:48,900 --> 05:38:50,200 in a very safe way. 8603 05:38:50,400 --> 05:38:52,200 So before you go ahead 8604 05:38:52,200 --> 05:38:54,600 and choose any of these operating system, 8605 05:38:54,600 --> 05:38:56,700 make sure you check out their features. 8606 05:38:56,700 --> 05:38:58,950 The services they offer and make sure that 8607 05:38:58,950 --> 05:39:00,600 if they are suitable for the task, 8608 05:39:00,600 --> 05:39:03,220 which you want to perform but as for Peridot s 8609 05:39:03,220 --> 05:39:05,465 these are its features we discussed earlier 8610 05:39:05,465 --> 05:39:07,126 and these are the certain points 8611 05:39:07,126 --> 05:39:09,100 that you should take into consideration 8612 05:39:09,100 --> 05:39:10,771 before you go ahead and use it. 8613 05:39:10,771 --> 05:39:12,359 Now if you're wondering who 8614 05:39:12,359 --> 05:39:14,435 the parrot security is made for well, 8615 05:39:14,435 --> 05:39:17,200 it's made for Security Experts digital forensics 8616 05:39:17,200 --> 05:39:20,300 experts engineering and IIT students researchers, 8617 05:39:20,300 --> 05:39:23,016 you have journalists and activists as well in the list 8618 05:39:23,016 --> 05:39:25,751 and you have the new be hackers police officers 8619 05:39:25,751 --> 05:39:26,986 and special security. 8620 05:39:26,986 --> 05:39:27,668 Institutions. 8621 05:39:27,668 --> 05:39:30,422 So basically if you ask me it's suitable for a student 8622 05:39:30,422 --> 05:39:32,614 or the entry level Security Experts as well. 8623 05:39:32,614 --> 05:39:33,800 So first, I'll show you 8624 05:39:33,800 --> 05:39:36,600 how to install para sacar TOS on VMware. 8625 05:39:36,600 --> 05:39:38,700 So basically when it comes to installation, 8626 05:39:38,700 --> 05:39:39,700 you have two options, 8627 05:39:39,700 --> 05:39:41,641 you can install parrot security OS 8628 05:39:41,641 --> 05:39:44,829 alongside your operating system using dual boot option 8629 05:39:44,829 --> 05:39:48,500 or you can install it using any of these virtualization software 8630 05:39:48,500 --> 05:39:50,290 like virtual box or VMware. 8631 05:39:50,290 --> 05:39:51,847 Ask for today's session. 8632 05:39:51,847 --> 05:39:54,700 I'll show you how to install it using VMware. 8633 05:39:54,700 --> 05:39:57,000 So let's get started with our installation. 8634 05:39:57,900 --> 05:40:00,499 So, where is this search for the pirate security West 8635 05:40:00,499 --> 05:40:03,500 and it most probably the first link that you find on the net. 8636 05:40:03,500 --> 05:40:06,100 This is particle TOS official website 8637 05:40:06,100 --> 05:40:06,895 as you can see, 8638 05:40:06,895 --> 05:40:09,000 there's a little bit about its history. 8639 05:40:09,000 --> 05:40:09,764 Its features. 8640 05:40:09,764 --> 05:40:11,470 It says it's based on Debian. 8641 05:40:11,470 --> 05:40:14,600 It's designed for security development and privacy in mind. 8642 05:40:14,600 --> 05:40:16,737 It also includes a laboratory for security 8643 05:40:16,737 --> 05:40:20,287 and digital forensics experts along with that it also focuses 8644 05:40:20,287 --> 05:40:22,400 if you want to develop your own software 8645 05:40:22,400 --> 05:40:23,671 and all that and it's 8646 05:40:23,671 --> 05:40:27,000 project goals mostly a security privacy and development. 8647 05:40:27,000 --> 05:40:30,270 This is the Which you should consider important development 8648 05:40:30,270 --> 05:40:32,799 unlike other operating systems its features. 8649 05:40:32,799 --> 05:40:34,089 It secure lightweight 8650 05:40:34,089 --> 05:40:37,588 when compared to Kali Linux or any other operating systems 8651 05:40:37,588 --> 05:40:39,000 and it's a free source. 8652 05:40:39,000 --> 05:40:40,722 So go ahead and explore it. 8653 05:40:40,722 --> 05:40:42,700 So as for the download options, 8654 05:40:42,700 --> 05:40:44,800 you can go for security addition here 8655 05:40:44,800 --> 05:40:47,800 and the download menu here you can see other options as well. 8656 05:40:47,800 --> 05:40:50,000 It says home edition security 8657 05:40:50,000 --> 05:40:53,352 and other bills we discussed few of the flavors of pirate. 8658 05:40:53,352 --> 05:40:54,100 Orsolya. 8659 05:40:54,100 --> 05:40:56,700 We discussed pirate home part are part student 8660 05:40:56,700 --> 05:40:57,783 when you lose any weight 8661 05:40:57,783 --> 05:41:00,091 If you're concerned with parrot security four point 8662 05:41:00,091 --> 05:41:02,400 five point one is a current version that's running. 8663 05:41:02,400 --> 05:41:04,663 So you have two options here to download. 8664 05:41:04,663 --> 05:41:06,700 First of all take a look at the size. 8665 05:41:06,700 --> 05:41:08,800 It's 3.7 GB and 5.9 GB. 8666 05:41:08,800 --> 05:41:11,150 So make sure whichever you want you downloading it 8667 05:41:11,150 --> 05:41:13,500 depending on your operating system requirements. 8668 05:41:13,500 --> 05:41:16,500 And as you can see, this is a lifeblood installer. 8669 05:41:16,500 --> 05:41:18,600 I so this is a virtual Appliance. 8670 05:41:18,600 --> 05:41:20,200 You can choose any of these 8671 05:41:20,200 --> 05:41:22,000 if download is taking a little longer 8672 05:41:22,000 --> 05:41:23,058 than you expected. 8673 05:41:23,058 --> 05:41:25,200 Maybe you can go for mirrors or a torrent. 8674 05:41:25,200 --> 05:41:26,600 So I've already installed it. 8675 05:41:26,600 --> 05:41:28,408 I'm not doing it I have What is 8676 05:41:28,408 --> 05:41:31,500 a file as well as the Soviet format installed as well? 8677 05:41:31,500 --> 05:41:34,200 Next thing we need to do is install VMware. 8678 05:41:34,200 --> 05:41:37,500 So VMware VMware Workstation Pro. 8679 05:41:38,300 --> 05:41:40,300 So you have a download option here. 8680 05:41:40,300 --> 05:41:42,900 You can go ahead and download it you have 8681 05:41:42,900 --> 05:41:46,100 for the free option yard also have VMware Player. 8682 05:41:46,100 --> 05:41:47,600 I guess fate here. 8683 05:41:47,600 --> 05:41:51,400 I go the Ling sorry about that here in the downloads 8684 05:41:51,400 --> 05:41:53,000 so you can go for a workstation Pro 8685 05:41:53,000 --> 05:41:54,900 or you can also go for workstation play 8686 05:41:54,900 --> 05:41:55,896 or hear any of this 8687 05:41:55,896 --> 05:41:58,400 with civil suits you have he downloaded it. 8688 05:41:58,400 --> 05:41:59,782 It's going to take for a while. 8689 05:41:59,782 --> 05:42:01,700 And then all you have to do is install click 8690 05:42:01,700 --> 05:42:04,000 on next and finish the installation process. 8691 05:42:04,000 --> 05:42:06,000 So before you start your virtual machine, 8692 05:42:06,000 --> 05:42:09,200 make sure you have your parrot OS image ISO file 8693 05:42:09,200 --> 05:42:11,900 or Ruby a format which ever is of your choice. 8694 05:42:11,900 --> 05:42:14,800 And then here we go VMware Workstation homepage. 8695 05:42:14,800 --> 05:42:15,744 Yeah, as you can see 8696 05:42:15,744 --> 05:42:18,200 I already have a pirate OS operating system installed 8697 05:42:18,200 --> 05:42:21,241 your or washing machine install your this is I have install 8698 05:42:21,241 --> 05:42:22,145 it using ISO file. 8699 05:42:22,145 --> 05:42:22,918 It's very easy. 8700 05:42:22,918 --> 05:42:24,268 I'll show you how to do it. 8701 05:42:24,268 --> 05:42:25,600 But if you have ovf format, 8702 05:42:25,600 --> 05:42:28,000 all you have to do is click on this file menu. 8703 05:42:28,000 --> 05:42:29,359 Open and as you can see, 8704 05:42:29,359 --> 05:42:32,332 I have a particle T over here and click and import it. 8705 05:42:32,332 --> 05:42:34,800 That's all click select it and click on open. 8706 05:42:34,800 --> 05:42:37,100 So I'm not going to show you how to do that. 8707 05:42:37,300 --> 05:42:39,100 So it's very straightforward process. 8708 05:42:39,100 --> 05:42:39,700 That's it. 8709 05:42:39,700 --> 05:42:40,700 This is my ISO file. 8710 05:42:40,700 --> 05:42:42,900 Let me show it to you again how to install it. 8711 05:42:42,900 --> 05:42:44,100 Anyway current file 8712 05:42:44,100 --> 05:42:46,700 or you can just go for create a new virtual machine. 8713 05:42:46,700 --> 05:42:51,000 Yah, click on next and attached ISO file browse. 8714 05:42:51,000 --> 05:42:53,400 I have it in my local this T here. 8715 05:42:53,400 --> 05:42:57,638 I have a pair of security and open next it selinux it did. 8716 05:42:57,638 --> 05:43:00,999 Bian latest version which is 64 bit and click 8717 05:43:00,999 --> 05:43:05,200 on next give any suitable name for your virtual machine. 8718 05:43:05,200 --> 05:43:09,300 Let's say parrot secured t Okay, 8719 05:43:09,700 --> 05:43:12,300 Wes and click on next. 8720 05:43:12,500 --> 05:43:15,400 Let's assign about 40 GB it again. 8721 05:43:15,400 --> 05:43:16,766 Depends on what you want to do. 8722 05:43:16,766 --> 05:43:18,000 If you're doing heavy tasks. 8723 05:43:18,000 --> 05:43:19,900 Maybe you can assign more disk. 8724 05:43:19,900 --> 05:43:22,900 So as it a store-bought shall discuss a single file 8725 05:43:22,900 --> 05:43:24,495 or split into multiple files. 8726 05:43:24,495 --> 05:43:27,655 I'm going to choose single file click on next and you 8727 05:43:27,655 --> 05:43:28,700 And always go ahead 8728 05:43:28,700 --> 05:43:31,600 and make this customize Hardware settings earlier or later, 8729 05:43:31,900 --> 05:43:33,749 but you can do it now as well. 8730 05:43:33,749 --> 05:43:35,000 Customize Hardware. 8731 05:43:35,000 --> 05:43:36,600 I have not connection as 8732 05:43:36,600 --> 05:43:39,100 for network adapter memory 5 to well, 8733 05:43:39,200 --> 05:43:43,200 let's just say 2 GB and not 8734 05:43:43,200 --> 05:43:45,046 yeah, we set processors. 8735 05:43:45,046 --> 05:43:48,507 I'm just designing one for now cool and clues. 8736 05:43:48,700 --> 05:43:49,850 You can see the changes 8737 05:43:49,850 --> 05:43:51,600 which are made are displayed here. 8738 05:43:51,600 --> 05:43:52,735 Once you're satisfied 8739 05:43:52,735 --> 05:43:55,600 with your settings with that you made click on finish. 8740 05:43:55,600 --> 05:43:57,500 You're good to go your cigars. 8741 05:43:57,500 --> 05:44:00,147 System is been displaying your so like I said, 8742 05:44:00,147 --> 05:44:02,300 you can always make settings later on. 8743 05:44:02,300 --> 05:44:04,900 You have the set it question machine setting options here. 8744 05:44:04,900 --> 05:44:06,100 Just click on this. 8745 05:44:07,500 --> 05:44:10,200 Let me maximize the screen for you guys. 8746 05:44:10,200 --> 05:44:13,611 So as you can see the parrot security ISO is very flexible. 8747 05:44:13,611 --> 05:44:16,850 There are quite a few options you have live mode. 8748 05:44:16,850 --> 05:44:19,300 You have terminal mode you have Ram mode. 8749 05:44:19,300 --> 05:44:22,895 So basically live mode is just a standard live USB boot option 8750 05:44:22,895 --> 05:44:24,130 just like you can see 8751 05:44:24,130 --> 05:44:26,300 while you're installing Kali Linux suppose. 8752 05:44:26,300 --> 05:44:28,400 If you don't know how to install Kali Linux, 8753 05:44:28,400 --> 05:44:30,800 there's a video on how to install it as well by durocher. 8754 05:44:30,800 --> 05:44:33,300 You can refer to that in the the clacking playlist. 8755 05:44:33,300 --> 05:44:34,587 Okay, so coming back. 8756 05:44:34,587 --> 05:44:37,121 Sorry about that you have Have a persistence 8757 05:44:37,121 --> 05:44:39,600 more encrypted persistence foreign six mode 8758 05:44:39,600 --> 05:44:40,987 and all that terminal mode. 8759 05:44:40,987 --> 05:44:43,300 As you can see is out of the live boot option. 8760 05:44:43,300 --> 05:44:46,304 But without graphical user interface the most popular one 8761 05:44:46,304 --> 05:44:47,285 among new hackers, 8762 05:44:47,285 --> 05:44:49,956 or if you're the first time user is install option 8763 05:44:49,956 --> 05:44:51,700 with a graphical user interface. 8764 05:44:51,700 --> 05:44:54,900 So it's almost familiar with Kali Linux users. 8765 05:44:54,900 --> 05:44:56,900 If you want to get a feel of parrot security 8766 05:44:56,900 --> 05:44:57,800 if analyst features, 8767 05:44:57,800 --> 05:44:59,188 maybe you can give for live mode, 8768 05:44:59,188 --> 05:45:00,538 but if you want to get just 8769 05:45:00,538 --> 05:45:02,600 started then you can always go for install mode. 8770 05:45:02,600 --> 05:45:06,400 I'm going to click on that and click on standard install. 8771 05:45:08,000 --> 05:45:11,700 So it's mounting all the installation tools 8772 05:45:11,700 --> 05:45:12,900 and all that. 8773 05:45:13,000 --> 05:45:16,800 So once the machine is booted up you'll be asked to select 8774 05:45:16,800 --> 05:45:19,488 your preferred language the broad menu select 8775 05:45:19,488 --> 05:45:21,400 the graphical installer options 8776 05:45:21,400 --> 05:45:23,300 and click on let's say English 8777 05:45:23,300 --> 05:45:26,500 and United States American English. 8778 05:45:27,400 --> 05:45:28,300 So then the loader 8779 05:45:28,300 --> 05:45:30,900 will automatically install some additional components 8780 05:45:30,900 --> 05:45:33,200 and configure your network related settings. 8781 05:45:33,603 --> 05:45:35,296 It might take a while. 8782 05:45:36,100 --> 05:45:38,400 So basically then the installer should prompt 8783 05:45:38,400 --> 05:45:40,700 you for a host name and the root password. 8784 05:45:40,800 --> 05:45:43,700 Let's give some root password give the password 8785 05:45:43,700 --> 05:45:48,800 of your choice reenter the password for verification. 8786 05:45:49,600 --> 05:45:51,462 And now it's gonna ask you 8787 05:45:51,462 --> 05:45:54,400 to set up a user apart from the root user. 8788 05:45:54,500 --> 05:45:57,700 So let's just say test user continue. 8789 05:45:58,000 --> 05:46:00,449 I'm going to keep it as tests continue 8790 05:46:00,449 --> 05:46:02,700 and choose a password for the new user 8791 05:46:02,700 --> 05:46:03,600 which is different 8792 05:46:03,600 --> 05:46:06,300 from the root user password that you'll have to remember. 8793 05:46:06,300 --> 05:46:08,400 What so just give this new user 8794 05:46:08,400 --> 05:46:12,300 a passport continue re-enter the password? 8795 05:46:13,300 --> 05:46:13,800 Okay. 8796 05:46:13,800 --> 05:46:17,098 Let me just go back and my mistake. 8797 05:46:17,100 --> 05:46:18,400 Let me try it again. 8798 05:46:19,500 --> 05:46:21,100 Select your time zone. 8799 05:46:21,100 --> 05:46:23,872 So basically after you've set your password, 8800 05:46:23,872 --> 05:46:26,000 it's asking you for the time zone. 8801 05:46:26,000 --> 05:46:28,000 Let's say central eastern. 8802 05:46:29,300 --> 05:46:32,182 So now the installer will provide you four choices 8803 05:46:32,182 --> 05:46:34,000 about the partition of the disk. 8804 05:46:34,000 --> 05:46:35,091 The easiest option 8805 05:46:35,091 --> 05:46:37,788 for you is to use guided use entire disk option 8806 05:46:37,788 --> 05:46:41,223 which the first option here experienced users can always go 8807 05:46:41,223 --> 05:46:43,000 for manual partitioning method 8808 05:46:43,000 --> 05:46:45,600 for more granular configuration options. 8809 05:46:47,110 --> 05:46:48,800 So yeah Gaiden partitioning 8810 05:46:48,800 --> 05:46:51,548 I'm going to select that guide use entire disk. 8811 05:46:51,548 --> 05:46:53,576 This is the disc we're going to store 8812 05:46:53,576 --> 05:46:54,400 so it's asking 8813 05:46:54,400 --> 05:46:57,700 if you want to store all files in one partition or different. 8814 05:46:57,700 --> 05:46:59,500 Let's just say all files in one. 8815 05:46:59,500 --> 05:47:01,653 Mission and hit on continue. 8816 05:47:01,700 --> 05:47:03,900 So now we will have to confirm all the changes 8817 05:47:03,900 --> 05:47:06,635 to be made to the disk on the host machine be aware 8818 05:47:06,635 --> 05:47:09,323 that continuing will erase the data on the disk. 8819 05:47:09,323 --> 05:47:12,499 So after that you can just click on finish partitioning 8820 05:47:12,499 --> 05:47:13,800 and writing disk thing. 8821 05:47:13,800 --> 05:47:15,953 It's asking if you want to write the changes 8822 05:47:15,953 --> 05:47:17,100 to the disk, obviously. 8823 05:47:17,100 --> 05:47:17,300 Yes. 8824 05:47:17,300 --> 05:47:17,800 So click. 8825 05:47:17,800 --> 05:47:18,200 Yes. 8826 05:47:18,500 --> 05:47:21,400 So once aren't confirming the partition changes 8827 05:47:21,400 --> 05:47:23,500 the installer will run through the process 8828 05:47:23,500 --> 05:47:27,338 of installing the files let it install the system automatically 8829 05:47:27,338 --> 05:47:28,700 this may take a while. 8830 05:47:28,700 --> 05:47:31,800 So I'm we'll meet you guys once installation is done. 8831 05:47:38,800 --> 05:47:40,700 So once installation is done It'll ask you 8832 05:47:40,700 --> 05:47:42,800 if you want to install the GRUB boot loader 8833 05:47:42,800 --> 05:47:44,400 on your hardest just say yes 8834 05:47:44,400 --> 05:47:46,000 and click on enter device 8835 05:47:46,000 --> 05:47:48,700 manually or sorry just click the device, 8836 05:47:48,700 --> 05:47:51,000 which is already there go back. 8837 05:47:51,542 --> 05:47:55,157 The installation process is now almost complete. 8838 05:47:57,700 --> 05:47:59,600 So guys the installation is done. 8839 05:47:59,600 --> 05:48:01,194 Once the installation is done. 8840 05:48:01,194 --> 05:48:02,900 You can see the machine boots 8841 05:48:02,900 --> 05:48:05,471 you intimated desktop environment as an if you 8842 05:48:05,471 --> 05:48:08,100 have chosen to install option will be presented 8843 05:48:08,100 --> 05:48:10,200 with a light DM login screen. 8844 05:48:10,200 --> 05:48:12,508 So basically you'll have to enter the password 8845 05:48:12,508 --> 05:48:15,057 and the which is set up for the test use earlier. 8846 05:48:15,057 --> 05:48:16,184 Not the root password. 8847 05:48:16,184 --> 05:48:17,300 Please do remember that. 8848 05:48:17,300 --> 05:48:19,400 I'm sure you remember setting up a password 8849 05:48:19,400 --> 05:48:22,700 for the user right that password and login. 8850 05:48:25,011 --> 05:48:26,088 So here we go. 8851 05:48:26,700 --> 05:48:29,026 So guys here we are as you can see 8852 05:48:29,026 --> 05:48:32,708 the machine boots you into the mate desktop environment. 8853 05:48:32,708 --> 05:48:35,209 Let me pronounce it M80 you can call it 8854 05:48:35,209 --> 05:48:38,500 whatever you want mate or mate desktop environment. 8855 05:48:38,500 --> 05:48:39,587 So as you can see, 8856 05:48:39,587 --> 05:48:41,279 it's very good looking apart 8857 05:48:41,279 --> 05:48:44,300 from that parrot Security will automatically detect 8858 05:48:44,300 --> 05:48:45,600 when updates are available 8859 05:48:45,600 --> 05:48:48,600 and prompt you to update the system as soon as you 8860 05:48:48,600 --> 05:48:49,600 install it here. 8861 05:48:49,600 --> 05:48:52,500 It's not showing it to me because I've already updated it, 8862 05:48:52,500 --> 05:48:55,500 but Otherwise, all you can do is just go to the terminal here. 8863 05:48:55,500 --> 05:48:58,100 You can see terminal option here right go to terminal there 8864 05:48:58,100 --> 05:49:03,400 and just say sudo apt-get update last me for the password. 8865 05:49:06,600 --> 05:49:07,900 How'd it go? 8866 05:49:10,000 --> 05:49:13,300 Might be a matter of updated in another virtual machine. 8867 05:49:13,300 --> 05:49:15,500 Anyway, I installed the other one as well. 8868 05:49:15,500 --> 05:49:18,000 Maybe it's in that anyway, I'll update for you. 8869 05:49:18,000 --> 05:49:20,800 So let me just minimize this while it's updating. 8870 05:49:20,800 --> 05:49:22,800 Let's go ahead and do other things. 8871 05:49:22,800 --> 05:49:24,400 So it's almost done I guess. 8872 05:49:24,400 --> 05:49:26,700 Yeah, as you can see it's almost updated 8873 05:49:26,700 --> 05:49:28,500 and it says 116 packages 8874 05:49:28,500 --> 05:49:32,200 more can be upgraded and if I want to have to run update list, 8875 05:49:32,200 --> 05:49:34,249 if you want to see which of those packets 8876 05:49:34,249 --> 05:49:36,760 are have to just list out those using app command. 8877 05:49:36,760 --> 05:49:38,400 Yo, I'm not showing you two guys. 8878 05:49:38,400 --> 05:49:41,300 So anyway when you're making you First make sure you system 8879 05:49:41,300 --> 05:49:42,900 always stays updated. 8880 05:49:42,900 --> 05:49:46,100 Okay, let's go back to exploring parrot towards so 8881 05:49:46,100 --> 05:49:47,900 as you can see system is laid out 8882 05:49:47,900 --> 05:49:49,500 in a very straightforward manner 8883 05:49:49,500 --> 05:49:52,400 with a collection of tools that you might be familiar with. 8884 05:49:52,400 --> 05:49:53,770 If you're using Kali Linux 8885 05:49:53,770 --> 05:49:56,667 before the menu system is almost similar to Kali Linux 8886 05:49:56,667 --> 05:49:59,400 and it's very easy to navigate the real differences 8887 05:49:59,400 --> 05:50:03,100 that parrot security is meant to be used as a daily driver as 8888 05:50:03,100 --> 05:50:04,633 in your regular operating system 8889 05:50:04,633 --> 05:50:06,680 through the other things as well to prove 8890 05:50:06,680 --> 05:50:09,700 that you can see you have sound and video options here a lot 8891 05:50:09,700 --> 05:50:13,000 of Grabbing languages options as well you have system tools 8892 05:50:13,000 --> 05:50:17,103 and you have Graphics included you have office applications 8893 05:50:17,103 --> 05:50:18,978 of software's you have base. 8894 05:50:18,978 --> 05:50:20,300 You have math writer 8895 05:50:20,300 --> 05:50:23,800 and planner just like any other normal operating system. 8896 05:50:23,800 --> 05:50:26,971 So while you can use color index as a desktop workstation, 8897 05:50:26,971 --> 05:50:30,006 it is really is a penetration testing distribution first. 8898 05:50:30,006 --> 05:50:31,596 I'm talking about Kali Linux. 8899 05:50:31,596 --> 05:50:33,875 So with curly you need to build the system 8900 05:50:33,875 --> 05:50:35,581 towards being a daily use system 8901 05:50:35,581 --> 05:50:38,283 as in you start using Kali Linux you need to modify 8902 05:50:38,283 --> 05:50:39,959 or you need to customize it in. 8903 05:50:39,959 --> 05:50:42,555 Your way that you make it more plausible or easy 8904 05:50:42,555 --> 05:50:44,600 for you to use for the daily purposes, 8905 05:50:44,600 --> 05:50:48,000 but that's not the case with parrot security OS its interface 8906 05:50:48,000 --> 05:50:49,249 and everything is so good. 8907 05:50:49,249 --> 05:50:51,600 It almost appears like a normal operating system 8908 05:50:51,600 --> 05:50:54,100 and it is like a very normal operating system. 8909 05:50:54,100 --> 05:50:56,000 So you have your penetrating distance 8910 05:50:56,000 --> 05:50:58,200 which are there and along with that you have 8911 05:50:58,200 --> 05:51:01,900 your day-to-day applications are also there in this now talking 8912 05:51:01,900 --> 05:51:03,791 about the system requirements 8913 05:51:03,791 --> 05:51:06,400 the default palette Security install uses 8914 05:51:06,400 --> 05:51:08,300 about 300 13 MB of ram. 8915 05:51:08,300 --> 05:51:11,300 So as you can see here you can see The squad little bar. 8916 05:51:11,300 --> 05:51:12,800 It's like a task manager, 8917 05:51:12,800 --> 05:51:15,800 which you can find it in your windows can click on that. 8918 05:51:15,800 --> 05:51:18,200 It will show you all the progress that's going on. 8919 05:51:18,350 --> 05:51:19,350 First of all, 8920 05:51:19,400 --> 05:51:23,400 it says the pirate gnu Linux system in the release 8921 05:51:23,446 --> 05:51:24,600 and the colonel 8922 05:51:24,600 --> 05:51:27,100 all the information about your ISO file 8923 05:51:27,100 --> 05:51:29,511 and you have made desktop environment here 8924 05:51:29,511 --> 05:51:30,323 in the hardware, 8925 05:51:30,323 --> 05:51:33,234 which is this and the presser it's based on available space 8926 05:51:33,234 --> 05:51:35,472 and all that when you click on the processes, 8927 05:51:35,472 --> 05:51:37,761 it shows all the processor which are currently 8928 05:51:37,761 --> 05:51:40,000 running sleeping just like your task manager. 8929 05:51:40,000 --> 05:51:41,900 And your Windows operating system. 8930 05:51:41,900 --> 05:51:43,396 So yeah, like I said, 8931 05:51:43,396 --> 05:51:47,600 it requires about 200 13 MB of ram approximately around that 8932 05:51:47,600 --> 05:51:48,500 but of course, 8933 05:51:48,500 --> 05:51:51,000 this is only system related process running 8934 05:51:51,000 --> 05:51:52,400 when compared to Kali Linux. 8935 05:51:52,400 --> 05:51:55,100 It's very lightweight callanetics install requires 8936 05:51:55,100 --> 05:51:56,500 about 600 4 MB of RAM 8937 05:51:56,500 --> 05:51:59,256 and that too only with system related process running. 8938 05:51:59,256 --> 05:52:01,700 So, like I said, it's a very lightweight system. 8939 05:52:01,700 --> 05:52:02,800 So yeah, the bar is 8940 05:52:02,800 --> 05:52:04,800 a task manager it lists all the processes 8941 05:52:04,800 --> 05:52:07,800 that are running and all that you obviously have a terminal 8942 05:52:07,800 --> 05:52:10,900 which I showed earlier the Cool thing with terminal is 8943 05:52:10,900 --> 05:52:12,800 that it goes with their interface. 8944 05:52:12,800 --> 05:52:13,600 Other than that. 8945 05:52:13,600 --> 05:52:15,800 It's pretty much like any other normal dominant. 8946 05:52:15,800 --> 05:52:18,300 And then there is a pure ends of the interface. 8947 05:52:18,300 --> 05:52:21,779 I mean my first reaction when I saw it was wow, amazing, 8948 05:52:21,779 --> 05:52:24,500 right when compared to the plain Kali Linux. 8949 05:52:24,500 --> 05:52:26,906 So yeah, you get to use cool collection 8950 05:52:26,906 --> 05:52:28,300 of wallpapers as well. 8951 05:52:28,300 --> 05:52:31,200 You have change desktop background here you 8952 05:52:31,200 --> 05:52:34,900 have fonts interface and see you have quite a lot 8953 05:52:34,900 --> 05:52:36,900 of collection of wallpapers 8954 05:52:36,900 --> 05:52:40,000 and you can go ahead and add your Customs as well. 8955 05:52:40,200 --> 05:52:42,400 That's all about the interface. 8956 05:52:42,400 --> 05:52:43,600 And like I said, 8957 05:52:43,600 --> 05:52:45,500 it's like any other normal operating system. 8958 05:52:45,500 --> 05:52:48,100 So it comes with a lot of programming languages 8959 05:52:48,100 --> 05:52:50,400 and a bunch of text editors. 8960 05:52:50,700 --> 05:52:52,900 You also have IDs as well. 8961 05:52:52,923 --> 05:52:56,076 It uses plume as your default text editor. 8962 05:52:56,500 --> 05:52:58,000 So that's it 8963 05:52:58,000 --> 05:53:01,400 when talking about the normal operating system not talk 8964 05:53:01,400 --> 05:53:03,782 about the performance almost all of his know 8965 05:53:03,782 --> 05:53:05,500 that color index is a bit laggy 8966 05:53:05,500 --> 05:53:07,505 and when you run it on a low-end system, 8967 05:53:07,505 --> 05:53:09,100 sometimes it's like a nightmare 8968 05:53:09,100 --> 05:53:11,398 when you have Have Brute Force attack going on 8969 05:53:11,398 --> 05:53:12,457 in the background. 8970 05:53:12,457 --> 05:53:14,000 Are you doing something else? 8971 05:53:14,000 --> 05:53:17,824 It's gonna be worried say stock or it's very slow but imperative 8972 05:53:17,824 --> 05:53:18,900 it's very lightweight 8973 05:53:18,900 --> 05:53:20,700 and doesn't like much as you can see, 8974 05:53:20,700 --> 05:53:23,963 it's smooth now talk about Hardware requirements. 8975 05:53:23,963 --> 05:53:25,800 Pretty much both Kali Linux 8976 05:53:25,800 --> 05:53:28,270 and your parrot required high end Hardware, 8977 05:53:28,270 --> 05:53:31,000 but Pat, it needs low specification Hardware 8978 05:53:31,000 --> 05:53:32,300 as compared to Kali. 8979 05:53:32,300 --> 05:53:33,878 So if I have to conclude 8980 05:53:33,878 --> 05:53:36,734 and one board parrot is a good-looking distro. 8981 05:53:36,734 --> 05:53:39,400 It's very lightweight its resource friendly 8982 05:53:39,400 --> 05:53:40,232 and Want to know 8983 05:53:40,232 --> 05:53:42,000 how much resources consuming and all 8984 05:53:42,000 --> 05:53:44,450 that you can always go at click on the little bar, 8985 05:53:44,450 --> 05:53:45,700 which is available there. 8986 05:53:45,700 --> 05:53:46,896 Click on the resources. 8987 05:53:46,896 --> 05:53:48,041 You can see the CPU is 8988 05:53:48,041 --> 05:53:50,800 tree memory Network history file systems and all that. 8989 05:53:50,900 --> 05:53:52,800 So basically it's a good-looking distro 8990 05:53:52,800 --> 05:53:54,600 lightweight resource friendly. 8991 05:53:54,600 --> 05:53:56,430 All this features apart tight. 8992 05:53:56,430 --> 05:54:00,152 Security Os Os has pretty good collection of features as well, 8993 05:54:00,152 --> 05:54:01,800 which we discussed earlier. 8994 05:54:01,800 --> 05:54:04,500 It comes like what hell lot of tools, 8995 05:54:04,500 --> 05:54:05,900 but if you see the sections, 8996 05:54:05,900 --> 05:54:08,900 there are a lot of other things which are not in Kali Linux. 8997 05:54:08,900 --> 05:54:11,000 So the most A pointed tool here is 8998 05:54:11,000 --> 05:54:14,100 that in Kali Linux is supposed want to say private 8999 05:54:14,100 --> 05:54:16,878 when you're doing hacking or any other stuff. 9000 05:54:16,878 --> 05:54:19,089 You have to install a non serve tour 9001 05:54:19,089 --> 05:54:21,100 and then enable them or proxy chain. 9002 05:54:21,100 --> 05:54:23,900 You also have the option of proxy chains to stay yourself 9003 05:54:23,900 --> 05:54:26,050 Anonymous on the system by you doing hacking 9004 05:54:26,050 --> 05:54:27,400 or pen testing or anything, 9005 05:54:27,400 --> 05:54:30,983 but with parrot OS you already have an answer of pre-installed. 9006 05:54:30,983 --> 05:54:33,700 All you have to do is click on the start button. 9007 05:54:33,700 --> 05:54:35,700 So let me show you how to stay Anonymous. 9008 05:54:35,900 --> 05:54:37,600 So this is one of the best feature 9009 05:54:37,600 --> 05:54:39,936 and Palette security OS it has proxy change. 9010 05:54:39,936 --> 05:54:42,600 As well as an unsafe to make yourself an anonymous 9011 05:54:42,700 --> 05:54:44,600 so you can go for this announcer 9012 05:54:44,600 --> 05:54:47,240 of and click on and on Star talk before that. 9013 05:54:47,240 --> 05:54:49,400 You can check your IP of your system. 9014 05:54:49,600 --> 05:54:53,100 So it says 1.65 1.73 doesn't just remember 9015 05:54:53,100 --> 05:54:55,400 it don't have to note it down anywhere. 9016 05:54:55,400 --> 05:54:57,800 Well, not 651 76 now now 9017 05:54:57,800 --> 05:55:01,600 if I go and enable this first of all L ask you 9018 05:55:01,600 --> 05:55:07,400 for the administration passport give that Okay. 9019 05:55:07,800 --> 05:55:09,800 So basically once you enter the password, 9020 05:55:09,900 --> 05:55:10,500 I'll ask you 9021 05:55:10,500 --> 05:55:13,500 if you want an answer to kill the dangerous process 9022 05:55:13,500 --> 05:55:16,762 which that can be D anonymize you are clear cache files 9023 05:55:16,762 --> 05:55:19,300 or modify your IP table rules and all that. 9024 05:55:19,300 --> 05:55:20,031 It'll ask you 9025 05:55:20,031 --> 05:55:22,000 if you want to do that just say yes. 9026 05:55:22,000 --> 05:55:24,235 So basically as soon as you click on S, 9027 05:55:24,235 --> 05:55:27,380 as you can see the notifications here the tool will attempt 9028 05:55:27,380 --> 05:55:30,200 to kill dangerous processes that can be anonymous you 9029 05:55:30,200 --> 05:55:32,700 anytime it will clear your cache files. 9030 05:55:32,700 --> 05:55:35,600 It will modify your iptables modify your 9031 05:55:35,600 --> 05:55:38,500 Of config file disable your IPv6 9032 05:55:38,800 --> 05:55:41,900 and only allow you the outbound traffic through top 9033 05:55:41,900 --> 05:55:44,800 as you can see it's a store is running started for you. 9034 05:55:44,800 --> 05:55:47,100 Imagine doing all this stuff by yourself. 9035 05:55:47,100 --> 05:55:49,500 If you don't have an answer fly can call it an X. 9036 05:55:49,500 --> 05:55:51,752 This would be quite a bit of effort manually, 9037 05:55:51,752 --> 05:55:53,800 but with the script already present here, 9038 05:55:53,800 --> 05:55:55,257 it's just a click away. 9039 05:55:55,257 --> 05:55:58,199 So parrot security also includes a seminal script 9040 05:55:58,199 --> 05:56:00,114 for i2p as well apart from that 9041 05:56:00,114 --> 05:56:02,500 once you've enabled you can also check 9042 05:56:02,500 --> 05:56:04,500 like I said your IP address now. 9043 05:56:14,100 --> 05:56:18,500 So as you can see it says Global Anonymous proxy activated dance, 9044 05:56:18,500 --> 05:56:21,000 like no one's watching encrypt like everyone is so 9045 05:56:21,000 --> 05:56:23,800 basically it's saying the surf is started out. 9046 05:56:26,100 --> 05:56:28,612 As you can see my IP address has been changed it 9047 05:56:28,612 --> 05:56:30,311 for something of 160 something. 9048 05:56:30,311 --> 05:56:31,570 But right now it's 182. 9049 05:56:31,570 --> 05:56:34,259 So on and on surf has made me Anonymous now, 9050 05:56:34,259 --> 05:56:37,200 I can do whatever you want in an anonymous mode. 9051 05:56:37,207 --> 05:56:42,600 So that's all I wanted to show you here now back to Firefox. 9052 05:56:42,700 --> 05:56:45,400 It has quite a documentation part. 9053 05:56:45,400 --> 05:56:46,414 Well, it's still 9054 05:56:46,414 --> 05:56:49,900 in the creation stage here is you can see documentation. 9055 05:56:49,900 --> 05:56:53,000 It's not all that well prepared or created yet. 9056 05:56:53,000 --> 05:56:55,800 So if you have any minor dot you can go ahead and refer 9057 05:56:55,800 --> 05:56:57,600 to the Documentation party. 9058 05:56:57,600 --> 05:56:59,231 Oh, so here you go. 9059 05:56:59,800 --> 05:57:03,400 Okay, then let's go back to the Destro. 9060 05:57:03,700 --> 05:57:06,400 One thing that you can point out about parity with is 9061 05:57:06,400 --> 05:57:10,000 that it has a lot of cryptography tools such as 9062 05:57:10,000 --> 05:57:13,800 it has Zulu script Zulu mount a graphical utility 9063 05:57:13,800 --> 05:57:16,400 that will help you mount your encrypted volumes. 9064 05:57:16,400 --> 05:57:18,756 Then there is something called Crypt Keeper. 9065 05:57:18,756 --> 05:57:20,400 It's another graphical utility 9066 05:57:20,400 --> 05:57:23,906 that allows you to manage encrypted folders and much more. 9067 05:57:23,906 --> 05:57:25,906 These agilities makes confidential. 9068 05:57:25,906 --> 05:57:29,000 LT easily accessible anyone with the minimal experience. 9069 05:57:29,000 --> 05:57:31,800 I mean if you do not have any idea about cryptography you 9070 05:57:31,800 --> 05:57:34,000 can easily start learning your that's what I meant. 9071 05:57:34,000 --> 05:57:35,352 So it just doesn't stop 9072 05:57:35,352 --> 05:57:38,729 with cryptography or a non surf you have lot of other tools 9073 05:57:38,729 --> 05:57:41,000 which you might not find and color next. 9074 05:57:41,000 --> 05:57:42,931 So let me show you guys that part 9075 05:57:42,931 --> 05:57:46,700 as you can see you have lot of tools you have most used tools, 9076 05:57:46,700 --> 05:57:47,900 which is Armitage. 9077 05:57:47,900 --> 05:57:51,100 You have Wireshark Zen map over a span all 9078 05:57:51,100 --> 05:57:54,200 that then you have wireless testing tools. 9079 05:57:54,396 --> 05:57:55,703 Give me a second. 9080 05:57:56,100 --> 05:57:57,800 Yeah, post exploitation this set 9081 05:57:57,800 --> 05:58:00,300 of tools mostly you can't find them in the Kali Linux. 9082 05:58:00,300 --> 05:58:03,000 You have OS back door towards webpack dough tools. 9083 05:58:03,000 --> 05:58:05,900 You have web Covey bleep and all that 9084 05:58:06,400 --> 05:58:10,400 and you have something called social engineering kit. 9085 05:58:10,400 --> 05:58:11,164 If I'm right. 9086 05:58:11,164 --> 05:58:13,116 It should be in the exploitation tools. 9087 05:58:13,116 --> 05:58:14,454 Whereas exploitation here 9088 05:58:14,454 --> 05:58:17,400 how you can see a social engineering tool kit just click 9089 05:58:17,400 --> 05:58:18,854 on that password. 9090 05:58:19,100 --> 05:58:20,805 So it is started up all that. 9091 05:58:20,805 --> 05:58:22,100 So if I just click one, 9092 05:58:22,100 --> 05:58:24,950 you have a lot of options the update set configuration you 9093 05:58:24,950 --> 05:58:25,877 have Social Links. 9094 05:58:25,877 --> 05:58:28,300 Attacks you have different type of attacks here. 9095 05:58:28,300 --> 05:58:30,200 You have power shell attack vectors. 9096 05:58:30,200 --> 05:58:32,000 You have mass mailer attack 9097 05:58:32,000 --> 05:58:34,500 you have phishing attack vectors and all that. 9098 05:58:34,500 --> 05:58:36,800 So basically you can click on that and enable all 9099 05:58:36,800 --> 05:58:39,650 that acts not going to show you in this demo how to do it. 9100 05:58:39,650 --> 05:58:41,784 This is just the basic introductory video 9101 05:58:41,784 --> 05:58:42,638 about Peridot s. 9102 05:58:42,638 --> 05:58:44,400 So, let me just close the terminal 9103 05:58:44,600 --> 05:58:47,400 while there are common tools like you have nmap. 9104 05:58:47,400 --> 05:58:49,341 I'm sure you know how to use nmap. 9105 05:58:49,341 --> 05:58:50,900 Let me just show you anyway 9106 05:58:51,000 --> 05:58:53,200 and then map is one of the scanning tools. 9107 05:58:53,200 --> 05:58:55,900 You can find it in information guy. 9108 05:58:55,900 --> 05:58:58,500 Drink, I'm short and map is you're here to one 9109 05:58:58,500 --> 05:58:59,573 of the basic tools. 9110 05:58:59,573 --> 05:59:02,400 Okay, let's just explore and map and Demetria here. 9111 05:59:02,400 --> 05:59:03,500 Let me just show you 9112 05:59:03,500 --> 05:59:05,144 how to use nmap first just 9113 05:59:05,144 --> 05:59:08,100 click and map you have all the help or then 9114 05:59:08,100 --> 05:59:10,800 map configuration options are displayed in front of you. 9115 05:59:10,800 --> 05:59:12,992 If you don't have to use just go through them. 9116 05:59:12,992 --> 05:59:14,900 It's pretty easy a simple example. 9117 05:59:14,900 --> 05:59:17,200 I'm already using the one which is already there. 9118 05:59:17,200 --> 05:59:22,100 Just say scan me dot nmap dot orgy. 9119 05:59:22,500 --> 05:59:25,100 Okay your aegyo making spelling mistake again. 9120 05:59:27,700 --> 05:59:29,000 Sorry about that. 9121 05:59:29,000 --> 05:59:30,700 It's gonna take a little while. 9122 05:59:30,700 --> 05:59:32,400 That's all while it's scanning. 9123 05:59:32,400 --> 05:59:34,700 Let me just show you another tool, 9124 05:59:34,700 --> 05:59:36,400 which is Dimitri. 9125 05:59:36,400 --> 05:59:39,000 It's a deep magic information gathering tool. 9126 05:59:39,000 --> 05:59:40,034 It has ability. 9127 05:59:40,034 --> 05:59:41,000 So here it is. 9128 05:59:41,000 --> 05:59:43,156 It should be in the information 9129 05:59:43,156 --> 05:59:45,800 gathering only you have your here goes. 9130 05:59:45,800 --> 05:59:47,116 So basically, like I said, 9131 05:59:47,116 --> 05:59:49,900 it has ability to gather as much information as possible 9132 05:59:49,900 --> 05:59:51,500 about a hose subdomains. 9133 05:59:51,500 --> 05:59:54,275 It's email and formation TCP port scan 9134 05:59:54,275 --> 05:59:56,300 who's look up and all that. 9135 05:59:56,300 --> 05:59:57,700 Let's just check out. 9136 05:59:57,700 --> 05:59:59,700 Then map scanning is done. 9137 05:59:59,900 --> 06:00:01,500 Here is the terminal. 9138 06:00:01,900 --> 06:00:03,500 Yeah, it's gonna take a little while. 9139 06:00:03,500 --> 06:00:04,700 So once the scanning is done, 9140 06:00:04,700 --> 06:00:06,626 it's going to show you how many seconds it took 9141 06:00:06,626 --> 06:00:07,500 what are the pores 9142 06:00:07,500 --> 06:00:09,700 which are open and the close personal 9143 06:00:09,700 --> 06:00:12,600 that now about the material you can enable it 9144 06:00:12,600 --> 06:00:13,800 from your dominant, 9145 06:00:13,800 --> 06:00:17,000 but you can also do it from here information gathering 9146 06:00:17,000 --> 06:00:18,300 and click on the me. 9147 06:00:18,300 --> 06:00:19,700 Try password. 9148 06:00:20,000 --> 06:00:23,800 So let's say Huh? 9149 06:00:24,200 --> 06:00:25,300 Here we go. 9150 06:00:25,300 --> 06:00:26,319 So let me maximize. 9151 06:00:26,319 --> 06:00:29,010 All you have to do is you have lot of options here. 9152 06:00:29,010 --> 06:00:31,124 You have W, which performs a who's look up 9153 06:00:31,124 --> 06:00:33,600 you can do it online as an using Firefox as well. 9154 06:00:33,600 --> 06:00:34,900 You have a lot of websites 9155 06:00:34,900 --> 06:00:36,792 where you can gather all the information 9156 06:00:36,792 --> 06:00:38,200 once you have your IP address 9157 06:00:38,200 --> 06:00:40,550 or and all that and you have retrieved 9158 06:00:40,550 --> 06:00:42,700 and crafts outcome information on host perform search 9159 06:00:42,700 --> 06:00:45,100 for possible subdomains email address and all that. 9160 06:00:45,100 --> 06:00:47,700 So basically you can give all this options in one go. 9161 06:00:47,800 --> 06:00:52,900 Let's say TR y - - 9162 06:00:52,900 --> 06:00:56,000 option taste output your host or text or to 9163 06:00:56,000 --> 06:00:58,407 the file specified by - 9164 06:00:58,407 --> 06:01:02,984 oh, so I just press click 0, let me just gives pseudo. 9165 06:01:04,000 --> 06:01:06,600 Let me just check if I've given any file here. 9166 06:01:07,200 --> 06:01:09,900 I do have a file called test dot txt. 9167 06:01:09,900 --> 06:01:10,800 Okay. 9168 06:01:11,500 --> 06:01:13,700 So like I said in the iPhone option, 9169 06:01:13,700 --> 06:01:16,500 it will save your output to the dot txt file out of the file 9170 06:01:16,500 --> 06:01:18,100 specified by - no option. 9171 06:01:18,100 --> 06:01:19,814 So basically just specify the filename 9172 06:01:19,814 --> 06:01:21,900 where you want to store the all the scan info. 9173 06:01:21,900 --> 06:01:24,504 Whoa, and the website where you want to website 9174 06:01:24,504 --> 06:01:26,600 of whose information you want to scan. 9175 06:01:26,600 --> 06:01:29,300 So let's say the blue dot pinterest.com. 9176 06:01:31,800 --> 06:01:32,600 Here you go. 9177 06:01:32,600 --> 06:01:33,980 It started scanning. 9178 06:01:33,980 --> 06:01:35,500 Let me just scroll up. 9179 06:01:37,200 --> 06:01:40,500 The host name and the host IP addresses showing 9180 06:01:40,500 --> 06:01:41,979 once you have IP addresses, 9181 06:01:41,979 --> 06:01:44,500 you know can gather almost all the information. 9182 06:01:44,500 --> 06:01:48,100 It's also showing the places where it's coordinated. 9183 06:01:48,100 --> 06:01:50,600 It's created lost modified. 9184 06:01:50,800 --> 06:01:53,483 You have sources you have address here 9185 06:01:53,483 --> 06:01:57,200 and then yeah last modified created sores and all that. 9186 06:01:57,200 --> 06:02:00,200 So basically it's showing a lot of information here. 9187 06:02:00,200 --> 06:02:00,800 Similarly. 9188 06:02:00,800 --> 06:02:02,200 You can using Dmitry 9189 06:02:02,200 --> 06:02:05,100 or a deep magic information gathering tool you can actually 9190 06:02:05,100 --> 06:02:07,400 gather information about any other website you want to know. 9191 06:02:07,400 --> 06:02:10,500 Let's just check out if in map is done scanning. 9192 06:02:10,500 --> 06:02:12,961 So see as you can see it's done. 9193 06:02:13,000 --> 06:02:15,900 So I've given a website name here instead of that. 9194 06:02:15,900 --> 06:02:17,700 You can go ahead and give the IP address 9195 06:02:17,700 --> 06:02:18,600 which is this one 9196 06:02:18,600 --> 06:02:20,997 and it will show you the same results as you can see. 9197 06:02:20,997 --> 06:02:23,249 There are a lot of ports usually nmap scan is 9198 06:02:23,249 --> 06:02:25,600 about more than thousand votes as you can see. 9199 06:02:25,600 --> 06:02:28,900 It says 992 of the clothes pose and these are the open ports 9200 06:02:28,900 --> 06:02:31,610 and suppose you want to know more information about each Port 9201 06:02:31,610 --> 06:02:34,508 because basically if your hacker if you try to hack something you 9202 06:02:34,508 --> 06:02:36,341 don't need information about all the ports. 9203 06:02:36,341 --> 06:02:38,859 It's basically the One port which you want to so to know 9204 06:02:38,859 --> 06:02:40,600 that you can there are a lot of options 9205 06:02:40,600 --> 06:02:42,200 which are provided by a map. 9206 06:02:42,200 --> 06:02:44,100 If you want to know more about by and Map There's 9207 06:02:44,100 --> 06:02:46,700 and video and I'd wake up playlist all about in map. 9208 06:02:46,700 --> 06:02:48,292 It's under network security. 9209 06:02:48,292 --> 06:02:50,599 So you make sure to take a look at that. 9210 06:02:50,599 --> 06:02:53,400 So while you are taking a look at particular device, 9211 06:02:53,400 --> 06:02:54,600 make sure you go ahead 9212 06:02:54,600 --> 06:02:56,700 and watch a video on Kali Linux as well. 9213 06:02:56,700 --> 06:02:58,994 So you will know how different Heroes 9214 06:02:58,994 --> 06:03:00,205 and color index are 9215 06:03:00,205 --> 06:03:02,500 though they are similar in few parts. 9216 06:03:02,500 --> 06:03:05,800 So that's it about system as in parrot OS so 9217 06:03:05,800 --> 06:03:07,000 like I said, it's 9218 06:03:07,000 --> 06:03:08,248 On good-looking distro, 9219 06:03:08,248 --> 06:03:10,800 which is lightweight when compared to Kali Linux 9220 06:03:10,800 --> 06:03:13,400 and lot of tools lot of unique tools as well. 9221 06:03:13,400 --> 06:03:16,700 When compared to Kali Linux and it's very smooth away smooth. 9222 06:03:16,700 --> 06:03:18,600 Oh apart from all these good things. 9223 06:03:18,600 --> 06:03:19,731 There are a few things 9224 06:03:19,731 --> 06:03:21,531 that are problematic with part ways. 9225 06:03:21,531 --> 06:03:22,201 First of all, 9226 06:03:22,201 --> 06:03:24,029 like you don't find our search body. 9227 06:03:24,029 --> 06:03:25,543 Oh, that's not a problem. 9228 06:03:25,543 --> 06:03:26,875 But that's one demerit 9229 06:03:26,875 --> 06:03:29,522 you can say and it's also a little problematic 9230 06:03:29,522 --> 06:03:32,700 when it comes to launching your application the process LL slow 9231 06:03:32,700 --> 06:03:33,900 and like Carla lineage. 9232 06:03:33,900 --> 06:03:37,305 So guys, this is your parrot OS so basically Lee 9233 06:03:37,305 --> 06:03:38,900 this was a crisp video 9234 06:03:38,900 --> 06:03:42,000 on what parrot devices it's review its features 9235 06:03:42,000 --> 06:03:45,783 and all that and make sure to watch a video on pero no es 9236 06:03:45,783 --> 06:03:47,000 versus Kali Linux. 9237 06:03:51,800 --> 06:03:55,415 So Linux has been known for its various distributions 9238 06:03:55,415 --> 06:03:57,500 that cater to various needs one 9239 06:03:57,500 --> 06:04:00,500 of the most famous distributions is Kali Linux 9240 06:04:00,500 --> 06:04:03,400 that is a penetration testing oriented distribution, 9241 06:04:03,400 --> 06:04:04,600 which was built to bring 9242 06:04:04,600 --> 06:04:07,300 about much-needed Corrections in its previous. 9243 06:04:07,300 --> 06:04:10,000 Duration known as backtrack OS now 9244 06:04:10,000 --> 06:04:12,121 since the release of Kali Linux. 9245 06:04:12,121 --> 06:04:12,812 It has gone 9246 06:04:12,812 --> 06:04:15,820 under various iterations in the form of updates 9247 06:04:15,820 --> 06:04:17,787 while other penetration testing 9248 06:04:17,787 --> 06:04:20,407 and security related distributions were also 9249 06:04:20,407 --> 06:04:22,600 being developed all around the world. 9250 06:04:22,600 --> 06:04:23,717 So in this session, 9251 06:04:23,717 --> 06:04:24,894 we will compare Kali 9252 06:04:24,894 --> 06:04:28,300 to One Source distribution that has come under the spotlight 9253 06:04:28,300 --> 06:04:32,100 and that is parrot OS so today in this video. 9254 06:04:32,100 --> 06:04:35,200 I will first be giving you guys a brief introduction 9255 06:04:35,200 --> 06:04:37,000 to what exactly is Kali Linux. 9256 06:04:37,000 --> 06:04:39,700 And then I will also give a brief introduction to 9257 06:04:39,700 --> 06:04:43,300 what parrot OS is then we will be comparing Kali 9258 06:04:43,300 --> 06:04:46,500 versus parrot according to various parameters. 9259 06:04:46,900 --> 06:04:49,200 So let's move ahead now. 9260 06:04:49,200 --> 06:04:51,200 Let me give you guys a brief introduction 9261 06:04:51,200 --> 06:04:52,700 to what Kali Linux is. 9262 06:04:52,700 --> 06:04:56,348 So Kali Linux is a penetration testing and security 9263 06:04:56,348 --> 06:04:58,100 focused operating system 9264 06:04:58,100 --> 06:05:02,800 as the name suggests Carly has a Linux kernel at its core above 9265 06:05:02,800 --> 06:05:05,725 that the creators of Carly Marty are Oni 9266 06:05:05,725 --> 06:05:07,000 and Devon Kearns. 9267 06:05:07,000 --> 06:05:10,626 Added the latest injection packages to help pentesters. 9268 06:05:10,626 --> 06:05:14,521 Save some time Kali Linux has developed according to the DB 9269 06:05:14,521 --> 06:05:16,200 and development standards 9270 06:05:16,300 --> 06:05:19,000 and it was developed as a refined penetration test 9271 06:05:19,000 --> 06:05:20,000 during distribution. 9272 06:05:20,000 --> 06:05:21,385 That would be served as 9273 06:05:21,385 --> 06:05:25,234 a replacement for backtrack OS currently the development 9274 06:05:25,234 --> 06:05:28,084 of Carly is being handled by offensive security, 9275 06:05:28,084 --> 06:05:29,600 which is the organization 9276 06:05:29,600 --> 06:05:34,100 that provides prestigious certifications, like oscp osce 9277 06:05:34,100 --> 06:05:36,900 and Os WP over the years. 9278 06:05:36,900 --> 06:05:40,664 Carly has developed its own cult following with people 9279 06:05:40,664 --> 06:05:44,500 who swear by the word and by the power provided by Kali 9280 06:05:44,900 --> 06:05:47,583 while I may not be such a staunch believer 9281 06:05:47,583 --> 06:05:48,533 in Kali Linux. 9282 06:05:48,533 --> 06:05:52,400 There are plenty of reasons for want to use curly for one. 9283 06:05:52,400 --> 06:05:53,900 It's absolutely free. 9284 06:05:54,000 --> 06:05:54,600 Secondly. 9285 06:05:54,600 --> 06:05:55,894 It comes pre-installed 9286 06:05:55,894 --> 06:05:58,600 with tons and tons of penetration testing tools 9287 06:05:58,600 --> 06:06:00,800 and security related tools above that. 9288 06:06:00,800 --> 06:06:04,000 It can be completely customized according to your needs 9289 06:06:04,000 --> 06:06:06,431 as the code is an open-source get tree 9290 06:06:06,431 --> 06:06:09,100 and The whole code is basically available 9291 06:06:09,100 --> 06:06:10,858 to the public to be tweaked. 9292 06:06:10,858 --> 06:06:11,800 Also the kernel 9293 06:06:11,800 --> 06:06:15,600 that runs Kali Linux comes with the latest injection packages. 9294 06:06:15,600 --> 06:06:18,200 And it also comes with gpg signed packages 9295 06:06:18,200 --> 06:06:19,958 and repositories above that. 9296 06:06:19,958 --> 06:06:22,877 Kali Linux has some true multi-language support 9297 06:06:22,877 --> 06:06:26,495 and it was developed in an extremely secure environment. 9298 06:06:26,495 --> 06:06:28,600 Also Carly supports a wide range 9299 06:06:28,600 --> 06:06:31,600 of wireless devices now at this moment Callie 9300 06:06:31,600 --> 06:06:34,500 may seem like a very useful operating system. 9301 06:06:34,800 --> 06:06:37,100 But as you guys might remember the great quote, 9302 06:06:37,100 --> 06:06:38,646 From Spider-Man create 9303 06:06:38,646 --> 06:06:41,600 power comes with heavy resource utilization 9304 06:06:41,700 --> 06:06:44,685 according to the official documentation of Carly 9305 06:06:44,685 --> 06:06:47,100 the system requirements are quite heavy 9306 06:06:47,276 --> 06:06:49,200 on the low-end Kali Linux 9307 06:06:49,200 --> 06:06:52,700 needs a basic of at least 128 MB of RAM 9308 06:06:52,900 --> 06:06:56,750 and a 2 GB hard disk space to set up a simple SSH server 9309 06:06:56,750 --> 06:06:59,900 that will not even have the GUI of the desktop 9310 06:07:00,000 --> 06:07:01,163 on the higher end. 9311 06:07:01,163 --> 06:07:04,128 If you opt to install the default genome desktop 9312 06:07:04,128 --> 06:07:06,400 and the Kali Linux full meta package. 9313 06:07:06,400 --> 06:07:09,500 You should really Aim for at least round 2 gigs of RAM 9314 06:07:09,500 --> 06:07:10,429 and around 20 GB 9315 06:07:10,429 --> 06:07:13,100 of free hard disk space now besides the RAM 9316 06:07:13,100 --> 06:07:14,300 and hardest requirement. 9317 06:07:14,300 --> 06:07:17,100 Your computer needs to have CPU supported by at least one 9318 06:07:17,100 --> 06:07:21,800 of the following architectures them being amd64 i386 9319 06:07:22,083 --> 06:07:27,200 and Armel and AR M HF and also arm 64 now, 9320 06:07:27,200 --> 06:07:29,969 even though the official documentation says 2GB 9321 06:07:29,969 --> 06:07:31,021 of RAM is enough. 9322 06:07:31,021 --> 06:07:33,090 I have personally faced numerous lag 9323 06:07:33,090 --> 06:07:34,218 and stutter issues 9324 06:07:34,218 --> 06:07:36,600 when running Carly on a virtual machine 9325 06:07:36,600 --> 06:07:38,500 with 6G EB of allocated Ram 9326 06:07:38,500 --> 06:07:41,100 which in my opinion is a definite bummer. 9327 06:07:41,500 --> 06:07:43,500 Now, let's take a moment to discuss 9328 06:07:43,500 --> 06:07:46,200 about parrot OS so parrot much 9329 06:07:46,200 --> 06:07:50,200 like Carly is also a deviant based distribution of Linux. 9330 06:07:50,200 --> 06:07:51,739 When I see Debian based, 9331 06:07:51,739 --> 06:07:54,342 it means that the code repositories adhere 9332 06:07:54,342 --> 06:07:57,890 to the Debian development standards para Todo es 2 comes 9333 06:07:57,890 --> 06:08:00,600 with its own arsenal of penetration testing 9334 06:08:00,600 --> 06:08:02,400 and security related tools. 9335 06:08:02,500 --> 06:08:05,900 Most of these tools are also available on Carly. 9336 06:08:06,315 --> 06:08:09,084 No, but it was first released in 2013 9337 06:08:09,400 --> 06:08:11,300 and was developed by a team of Security 9338 06:08:11,300 --> 06:08:14,700 Experts Linux enthusiasts open source developers 9339 06:08:14,700 --> 06:08:17,000 and Advocates of digital rights. 9340 06:08:17,000 --> 06:08:19,665 The team was headed by Lorenz of Elektra 9341 06:08:19,665 --> 06:08:22,400 and part is designed in a very unique way 9342 06:08:22,600 --> 06:08:25,885 while the operating system has everything that is needed 9343 06:08:25,885 --> 06:08:27,200 for a security expert. 9344 06:08:27,200 --> 06:08:28,558 It doesn't present itself 9345 06:08:28,558 --> 06:08:31,268 to be a daunting learning experience for beginners 9346 06:08:31,268 --> 06:08:34,200 who want to set foot into the world of ethical hacking 9347 06:08:34,200 --> 06:08:36,100 and vulnerability analysis. 9348 06:08:36,200 --> 06:08:39,300 But it OS can be very well used as a daily driver 9349 06:08:39,300 --> 06:08:40,369 as it provides all 9350 06:08:40,369 --> 06:08:43,400 of the necessary tools to complete day to day tasks. 9351 06:08:43,500 --> 06:08:46,800 So who exactly is peridot s made for well, 9352 06:08:46,800 --> 06:08:47,601 first of all, 9353 06:08:47,601 --> 06:08:51,400 it is made for Security Experts and digital forensic experts. 9354 06:08:51,400 --> 06:08:54,689 It can be also used by engineers and IIT students 9355 06:08:54,689 --> 06:08:57,500 who are enthusiastic about ethical hacking 9356 06:08:58,100 --> 06:09:01,759 then parrot OS can be also used by researchers journalists 9357 06:09:01,759 --> 06:09:03,300 and hacktivists and last 9358 06:09:03,300 --> 06:09:05,800 but not the least but it OS is also meant 9359 06:09:05,800 --> 06:09:09,000 for these officers and special security institution. 9360 06:09:09,500 --> 06:09:09,900 Okay. 9361 06:09:10,000 --> 06:09:11,900 So now let's take a moment 9362 06:09:11,900 --> 06:09:14,300 to actually discuss the system requirements 9363 06:09:14,300 --> 06:09:17,000 that one might need to run parrot OS 9364 06:09:17,300 --> 06:09:18,900 so the system requirements 9365 06:09:18,900 --> 06:09:22,200 for Bharat is much more forgiving than Kali Linux 9366 06:09:22,200 --> 06:09:23,400 on the CPU side. 9367 06:09:23,400 --> 06:09:28,100 You need an x86 architecture with at least 700 megahertz 9368 06:09:28,100 --> 06:09:30,500 of frequency and architecture. 9369 06:09:30,500 --> 06:09:33,600 Why is you need i386 amd64 9370 06:09:33,600 --> 06:09:37,900 or AMD 486 which is basically the X86 architecture 9371 06:09:38,000 --> 06:09:39,846 or are male and Armature 9372 06:09:39,846 --> 06:09:44,461 which are basically iot devices like Raspberry Pi on the side 9373 06:09:44,461 --> 06:09:46,800 of ram you need at least 256 MB 9374 06:09:46,800 --> 06:09:50,300 on a nine three eight six architecture three a 20mb 9375 06:09:50,300 --> 06:09:52,146 on an amd64 architecture 9376 06:09:52,300 --> 06:09:55,500 and as a general documentation 512mb 9377 06:09:55,500 --> 06:09:59,700 of RAM is generally recommended by the parrot zik OS people. 9378 06:10:00,100 --> 06:10:02,930 On the GPU side parrot OS is very surprising 9379 06:10:02,930 --> 06:10:03,700 as it needs. 9380 06:10:03,700 --> 06:10:05,158 No graphic acceleration. 9381 06:10:05,158 --> 06:10:06,800 That means you can run this 9382 06:10:06,800 --> 06:10:09,100 without a graphic card on the side 9383 06:10:09,100 --> 06:10:12,300 of hard disk space pirate OS needs at least 16 GB 9384 06:10:12,300 --> 06:10:15,400 of free hard disk space for its full installation. 9385 06:10:15,400 --> 06:10:19,200 That is for G 4 gigabytes Left 4 gigabytes 9386 06:10:19,500 --> 06:10:24,300 lesser than Kali Linux and for booting options both Kali Linux 9387 06:10:24,300 --> 06:10:27,200 and parrot OS have the Legacy BIOS preferred. 9388 06:10:28,000 --> 06:10:30,944 Now comparing two operating systems when it comes 9389 06:10:30,944 --> 06:10:32,600 to Parrot OS and Kali Linux 9390 06:10:32,600 --> 06:10:35,600 that are both operating systems meant for similar purposes 9391 06:10:35,600 --> 06:10:36,600 that is penetration. 9392 06:10:36,600 --> 06:10:37,010 Testing. 9393 06:10:37,010 --> 06:10:37,700 In this case. 9394 06:10:37,700 --> 06:10:38,900 It becomes really tough. 9395 06:10:39,000 --> 06:10:42,684 Most of the factors in such cases boil down to a matter 9396 06:10:42,684 --> 06:10:46,300 of personal taste rather than an objective comparison. 9397 06:10:46,600 --> 06:10:49,311 Now before we move ahead with the comparison, 9398 06:10:49,311 --> 06:10:51,700 let me list out a few similarities that you 9399 06:10:51,700 --> 06:10:54,300 might have noticed between the two operating systems. 9400 06:10:54,600 --> 06:10:55,300 So first of all, 9401 06:10:55,500 --> 06:10:56,600 both operating systems 9402 06:10:56,600 --> 06:11:00,046 are tuned for Operating penetration testing 9403 06:11:00,046 --> 06:11:01,800 and network related tools 9404 06:11:02,000 --> 06:11:03,900 and both operating systems are based 9405 06:11:03,900 --> 06:11:07,700 on Debian development standards both of the operating system 9406 06:11:07,700 --> 06:11:09,981 Support 32 and 64-bit architecture 9407 06:11:09,981 --> 06:11:13,239 and both operating systems also support Cloud VPS 9408 06:11:13,239 --> 06:11:14,800 along with iot devices. 9409 06:11:14,800 --> 06:11:15,510 And of course, 9410 06:11:15,510 --> 06:11:18,400 both of them come pre-installed with their own arsenal 9411 06:11:18,400 --> 06:11:19,500 of hacking tools. 9412 06:11:19,700 --> 06:11:22,100 Now, let's get down with the differences. 9413 06:11:22,500 --> 06:11:24,200 The first criteria 9414 06:11:24,200 --> 06:11:27,337 of differences that we are going to discuss is Hardware. 9415 06:11:27,337 --> 06:11:29,866 Points now as you guys can see on the slide. 9416 06:11:29,866 --> 06:11:32,866 I have put down the system requirements of parrot OS 9417 06:11:32,866 --> 06:11:34,100 on the left hand side 9418 06:11:34,100 --> 06:11:37,573 and I have put down the system requirements of Kali Linux 9419 06:11:37,573 --> 06:11:39,000 on the right hand side. 9420 06:11:39,400 --> 06:11:41,730 So as you guys can see parrot OS 9421 06:11:41,730 --> 06:11:45,300 and Kali Linux both need 1 gigahertz dual-core CPU 9422 06:11:45,400 --> 06:11:49,067 when it comes to Ram parrot OS needs much lesser arm 9423 06:11:49,067 --> 06:11:50,239 than Kali Linux, 9424 06:11:50,239 --> 06:11:54,200 but it needs 384 MB of RAM for its minimal running time 9425 06:11:54,200 --> 06:11:57,553 and Kali Linux needs a 1 gigahertz of RAM. 9426 06:11:57,553 --> 06:12:00,200 The other hand in terms of GPU, 9427 06:12:00,200 --> 06:12:03,281 but it OS doesn't really need a graphic card 9428 06:12:03,281 --> 06:12:04,500 as it has no need 9429 06:12:04,500 --> 06:12:07,800 for graphical acceleration Kali Linux on the other hand. 9430 06:12:07,800 --> 06:12:10,673 If you're trying to run the genome desktop version, 9431 06:12:10,673 --> 06:12:12,800 you will certainly need a graphic card 9432 06:12:13,200 --> 06:12:17,100 on the other hand pirate OS need 16 GB of free hard disk space 9433 06:12:17,100 --> 06:12:19,023 for its full installation 9434 06:12:19,500 --> 06:12:22,800 and Kali Linux needs 20 GB of free space. 9435 06:12:22,800 --> 06:12:26,900 So basically parrot OS is a much more lightweight version. 9436 06:12:27,200 --> 06:12:29,321 So we see that parrot OS definitely wins 9437 06:12:29,321 --> 06:12:30,323 against Kali Linux 9438 06:12:30,323 --> 06:12:31,034 when it comes 9439 06:12:31,034 --> 06:12:34,427 to Hardware requirements due to its lightweight nature not only 9440 06:12:34,427 --> 06:12:36,800 does it require lesser Ram to function properly, 9441 06:12:36,800 --> 06:12:39,700 but the full installation is also pretty lightweight thanks 9442 06:12:39,700 --> 06:12:43,100 to the use of the mate desktop environment by the developers. 9443 06:12:43,100 --> 06:12:46,862 So basically if you're having an older Hardware configuration 9444 06:12:46,862 --> 06:12:49,559 on your computer pirate OS should definitely 9445 06:12:49,559 --> 06:12:50,500 be your choice. 9446 06:12:51,100 --> 06:12:53,500 Now the next parameter that we are going to compare. 9447 06:12:53,500 --> 06:12:57,292 The two OS is in is look and feel now this section. 9448 06:12:57,292 --> 06:13:00,600 Be boils down to personal choice personally. 9449 06:13:00,600 --> 06:13:02,648 I prefer the minimalistic look 9450 06:13:02,648 --> 06:13:06,692 that is given by parrot OS the interface of parrot OS 9451 06:13:06,692 --> 06:13:10,162 is built using the Ubuntu mate desktop environment. 9452 06:13:10,162 --> 06:13:12,800 There are two clear sections on top you 9453 06:13:12,800 --> 06:13:16,800 see a pain which contains applications places systems, 9454 06:13:16,800 --> 06:13:19,000 which is much like Kali itself, 9455 06:13:19,100 --> 06:13:21,442 but it also gives some cool information 9456 06:13:21,442 --> 06:13:24,400 about CPU temperatures along with the usage graph 9457 06:13:24,400 --> 06:13:26,800 and the bottom pane contains the menu manager 9458 06:13:26,800 --> 06:13:28,399 and the work station manager, 9459 06:13:28,399 --> 06:13:30,000 which is a brilliant addition 9460 06:13:30,000 --> 06:13:33,975 to the Linux system Kali Linux on the other hand follows 9461 06:13:33,975 --> 06:13:36,000 the genome desktop interface 9462 06:13:36,000 --> 06:13:38,246 while it still has the functionality 9463 06:13:38,246 --> 06:13:40,300 that is offered by para Todo es. 9464 06:13:40,400 --> 06:13:42,600 It doesn't provide the same clean and refined 9465 06:13:42,600 --> 06:13:43,900 look in my opinion. 9466 06:13:44,200 --> 06:13:47,100 If you don't know your way around a collie interface, 9467 06:13:47,100 --> 06:13:49,800 it is pretty easy to actually get lost. 9468 06:13:50,300 --> 06:13:51,900 Now, the next parameter 9469 06:13:51,900 --> 06:13:55,000 that we're going to compare them is hacking tools now 9470 06:13:55,000 --> 06:13:57,312 since both these operating systems are 9471 06:13:57,312 --> 06:14:00,000 For penetration testers and ethical hackers. 9472 06:14:00,000 --> 06:14:03,278 I think hacking tools is the most important criteria 9473 06:14:03,278 --> 06:14:07,000 that both the operating systems are going to be compared in so 9474 06:14:07,000 --> 06:14:08,500 when it comes to General tools 9475 06:14:08,500 --> 06:14:11,423 and functional features para Todo es takes the price 9476 06:14:11,423 --> 06:14:15,200 when compared to Kali Linux pirate OS has all the tools 9477 06:14:15,200 --> 06:14:19,800 that are available in Kali Linux and also it adds his own tools. 9478 06:14:19,800 --> 06:14:22,700 There are several tools that you will find on parrot 9479 06:14:22,700 --> 06:14:24,582 that is not found on Kali Linux. 9480 06:14:24,582 --> 06:14:26,682 Let's take a look at a few of them. 9481 06:14:26,682 --> 06:14:29,500 So the first on that you see is called Wi-Fi Fisher 9482 06:14:29,600 --> 06:14:33,320 now Wi-Fi fish oil is a rogue access point framework 9483 06:14:33,320 --> 06:14:35,732 for conducting red team engagements 9484 06:14:35,732 --> 06:14:40,200 or Wi-Fi security testing using Wi-Fi Fisher penetration testers 9485 06:14:40,200 --> 06:14:41,700 can easily achieve a man 9486 06:14:41,700 --> 06:14:44,700 in the middle position against the wireless clients 9487 06:14:44,700 --> 06:14:47,400 by performing targeted Wi-Fi Association attacks. 9488 06:14:47,600 --> 06:14:49,400 Wi-Fi Fisher can be further 9489 06:14:49,400 --> 06:14:52,400 used to mount victim customized web phishing attacks 9490 06:14:52,400 --> 06:14:55,900 against the connected clients in order to capture credentials 9491 06:14:55,900 --> 06:14:57,500 or in fact the victim 9492 06:14:57,500 --> 06:15:01,000 With some sort of malware another tool 9493 06:15:01,000 --> 06:15:03,950 that is seen on parrot and is much appreciated 9494 06:15:03,950 --> 06:15:04,993 that is not seen 9495 06:15:04,993 --> 06:15:08,644 on the Kali sign is called a non surf now being anonymous 9496 06:15:08,644 --> 06:15:12,100 for a hacker is the first step before hacking a system 9497 06:15:12,300 --> 06:15:14,008 and anonymizing a system 9498 06:15:14,008 --> 06:15:16,500 in an ideal way is not an easy task. 9499 06:15:16,500 --> 06:15:19,323 No one can perfectly anonymize a system and there 9500 06:15:19,323 --> 06:15:22,100 are many tools available on the internet that see 9501 06:15:22,100 --> 06:15:25,400 that they are no no my system one such tool is 9502 06:15:25,400 --> 06:15:27,100 a non surf now, announce. 9503 06:15:27,100 --> 06:15:28,433 So of is pretty good 9504 06:15:28,433 --> 06:15:32,300 as it uses the tour iptables to anonymize the whole system. 9505 06:15:32,600 --> 06:15:35,417 Also, if you guys have not already realizes 9506 06:15:35,417 --> 06:15:38,700 tour also also comes pre-installed on parrot 9507 06:15:38,700 --> 06:15:41,900 while it has to be externally installed on Carly. 9508 06:15:42,100 --> 06:15:43,993 Now these things that you see 9509 06:15:43,993 --> 06:15:45,803 that Wi-Fi Fisher Tor Browser 9510 06:15:45,803 --> 06:15:48,300 and announcer surely they can be imported 9511 06:15:48,300 --> 06:15:51,683 and download it on curly but they don't really come 9512 06:15:51,683 --> 06:15:54,300 pre-installed and that is what counts right now. 9513 06:15:54,900 --> 06:15:57,800 So since pirate OS also Is designed 9514 06:15:57,800 --> 06:16:00,987 with development in mind it also comes pre-installed 9515 06:16:00,987 --> 06:16:04,300 with a bunch of useful compilers for various languages 9516 06:16:04,300 --> 06:16:07,369 and ideas for their respective development, 9517 06:16:07,369 --> 06:16:10,600 which is completely absent on the Kali Linux side. 9518 06:16:10,600 --> 06:16:12,442 So for this part of hacking 9519 06:16:12,442 --> 06:16:16,400 tools parrot OS definitely takes a price now the next thing 9520 06:16:16,400 --> 06:16:17,484 that we are going 9521 06:16:17,484 --> 06:16:20,800 to compare both y'all both these operating systems is 9522 06:16:20,800 --> 06:16:24,300 release variations now both operating systems come 9523 06:16:24,300 --> 06:16:26,100 with a variety of variations, 9524 06:16:26,100 --> 06:16:28,700 but part OS has much more diversity 9525 06:16:28,700 --> 06:16:30,100 in terms of variety. 9526 06:16:30,100 --> 06:16:32,000 So let me just explain what I mean. 9527 06:16:32,000 --> 06:16:34,200 So as you guys can see on the left-hand side, 9528 06:16:34,200 --> 06:16:36,916 I have listed down the release variations 9529 06:16:36,916 --> 06:16:39,700 that are available for parrot OS now aside 9530 06:16:39,700 --> 06:16:41,101 from the full editions, 9531 06:16:41,101 --> 06:16:43,600 which is both provided by parrot and Kali. 9532 06:16:43,600 --> 06:16:47,700 They also both provide the light additions on parrot side 9533 06:16:47,700 --> 06:16:49,900 and the light Edition on Carly side. 9534 06:16:49,900 --> 06:16:52,200 They are both basically the same thing. 9535 06:16:52,200 --> 06:16:56,100 We're in minimalistic tools are actually pre-installed 9536 06:16:56,100 --> 06:16:59,371 and you can Install and customize the operating system 9537 06:16:59,371 --> 06:17:01,100 according to your own needs. 9538 06:17:01,100 --> 06:17:04,217 If you don't choose to customize the operating system, 9539 06:17:04,217 --> 06:17:06,864 you can very well use it as a very lightweight 9540 06:17:06,864 --> 06:17:08,600 and portable operating system. 9541 06:17:08,600 --> 06:17:10,247 So Peridot a slight addition 9542 06:17:10,247 --> 06:17:12,400 and Carly light additions are two flavors 9543 06:17:12,400 --> 06:17:13,600 of the operating system. 9544 06:17:14,000 --> 06:17:14,800 Now, this is 9545 06:17:14,800 --> 06:17:17,400 where the difference is such differences start. 9546 06:17:17,400 --> 06:17:19,610 So parrot os are Edition also exist. 9547 06:17:19,610 --> 06:17:21,000 So this is an addition 9548 06:17:21,000 --> 06:17:23,262 that is used for wireless penetration, 9549 06:17:23,262 --> 06:17:25,900 testing and wireless vulnerability testing. 9550 06:17:25,900 --> 06:17:28,700 So basically anything Thing Wireless parrot 9551 06:17:28,700 --> 06:17:32,300 OS erudition does it faster and does it better then? 9552 06:17:32,300 --> 06:17:34,709 There's also parrot OS Studio Edition, 9553 06:17:34,709 --> 06:17:37,900 which is used for multimedia content creation Yes. 9554 06:17:37,900 --> 06:17:41,275 You heard that right part it OS can also make content 9555 06:17:41,275 --> 06:17:42,774 for your social media. 9556 06:17:42,774 --> 06:17:45,500 So if you're thinking about using part OS 9557 06:17:45,500 --> 06:17:49,086 for marketing as well as security deposit OSU has 9558 06:17:49,086 --> 06:17:52,300 definitely your go-to operating system Carly 9559 06:17:52,300 --> 06:17:55,400 on the other hand aside from its light version 9560 06:17:55,400 --> 06:17:57,187 and full edition offers. 9561 06:17:57,187 --> 06:17:58,900 Some desktop interfaces 9562 06:17:58,900 --> 06:18:04,700 like the E17 KDE and xfce the Ubuntu mate and the lxde. 9563 06:18:05,000 --> 06:18:07,471 So these are basically just skins 9564 06:18:07,471 --> 06:18:08,856 that run over Cali 9565 06:18:09,100 --> 06:18:11,657 and basically make Ali look a little different 9566 06:18:11,657 --> 06:18:13,760 from one another you can check out all 9567 06:18:13,760 --> 06:18:17,000 these different customizations on the khari documentation. 9568 06:18:17,300 --> 06:18:20,300 Other than that Callie has also support for cloud 9569 06:18:20,300 --> 06:18:24,300 and iot devices in the form of the Armel and arm HF releases. 9570 06:18:24,300 --> 06:18:27,307 These releases are also available in parrot over. 9571 06:18:27,307 --> 06:18:29,500 ESO para Todo es doesn't stand down. 9572 06:18:29,500 --> 06:18:31,417 So as you guys see Peridot s 9573 06:18:31,417 --> 06:18:34,500 provides you a lot of diversity in the variety 9574 06:18:34,500 --> 06:18:35,900 that it is offering. 9575 06:18:35,900 --> 06:18:39,164 So in my opinion parrot OS also takes the price 9576 06:18:39,164 --> 06:18:40,300 in this section. 9577 06:18:41,200 --> 06:18:42,972 Now the main question remains 9578 06:18:42,972 --> 06:18:46,718 which of these two distributions is better for beginners Well, 9579 06:18:46,718 --> 06:18:49,850 it is to be duly noted that both these distributions 9580 06:18:49,850 --> 06:18:52,000 are not exactly meant for beginners. 9581 06:18:52,000 --> 06:18:55,600 If you want to learn about Linux as an operating system, 9582 06:18:55,600 --> 06:18:57,900 you're better off using something like Go bond 9583 06:18:57,900 --> 06:18:58,900 to or deepen. 9584 06:18:59,000 --> 06:19:00,431 This also doesn't mean 9585 06:19:00,431 --> 06:19:03,100 that you cannot learn the basics on parrot 9586 06:19:03,100 --> 06:19:05,100 or Kali on the other hand. 9587 06:19:05,100 --> 06:19:08,000 If you are already knowing the basics of Linux 9588 06:19:08,000 --> 06:19:09,300 and want to get your hands 9589 06:19:09,300 --> 06:19:12,000 on an operating system to learn ethical hacking. 9590 06:19:12,500 --> 06:19:16,013 I would personally recommend using the parrot SEC OS light 9591 06:19:16,013 --> 06:19:17,000 addition this is 9592 06:19:17,000 --> 06:19:19,500 because the light version comes with the bare minimum 9593 06:19:19,500 --> 06:19:20,706 of networking tools. 9594 06:19:20,706 --> 06:19:21,941 This means as you learn 9595 06:19:21,941 --> 06:19:25,200 your ethical hacking concept slowly you could develop 9596 06:19:25,200 --> 06:19:27,000 or install tools one by one. 9597 06:19:27,000 --> 06:19:30,100 Instead of being overwhelmed with a whole bunch of them 9598 06:19:30,100 --> 06:19:33,300 from the beginning not only does this allow yourself 9599 06:19:33,300 --> 06:19:35,167 to evolve as an ethical hacker 9600 06:19:35,167 --> 06:19:36,600 and penetration tester, 9601 06:19:36,600 --> 06:19:39,594 but it also makes sure your fundamentals are built 9602 06:19:39,594 --> 06:19:41,000 in a methodical manner. 9603 06:19:41,300 --> 06:19:43,453 Now, I recommend parrot OS / 9604 06:19:43,453 --> 06:19:46,174 Carly for one other reason to that is 9605 06:19:46,174 --> 06:19:49,500 because the default user for Callie is Route. 9606 06:19:49,500 --> 06:19:52,900 This makes the environment a whole lot more aggressive 9607 06:19:52,900 --> 06:19:55,045 and mistakes tend to be punished 9608 06:19:55,045 --> 06:19:58,800 and a whole lot more difficult to deal with So this means 9609 06:19:58,800 --> 06:20:02,400 that parted OS is generally the winner in my opinion. 9610 06:20:07,400 --> 06:20:10,000 When you get hired as a penetration tester 9611 06:20:10,000 --> 06:20:11,600 or a security analyst one 9612 06:20:11,600 --> 06:20:14,800 of the main rules is vulnerability assessment. 9613 06:20:15,000 --> 06:20:18,100 So what exactly is vulnerability assessment? 9614 06:20:18,100 --> 06:20:21,537 Well, I've already possessed man is the process of defining 9615 06:20:21,537 --> 06:20:22,900 identifying classifying 9616 06:20:22,900 --> 06:20:26,511 and prioritizing vulnerabilities in a computer system application 9617 06:20:26,511 --> 06:20:28,100 and network infrastructures 9618 06:20:28,100 --> 06:20:30,563 and providing organization doing the assessment 9619 06:20:30,563 --> 06:20:32,522 with the necessary knowledge awareness 9620 06:20:32,522 --> 06:20:34,952 and risk background to understand the threats 9621 06:20:34,952 --> 06:20:37,600 to its environment and react appropriately to them. 9622 06:20:37,600 --> 06:20:39,459 So vulnerability is a situation 9623 06:20:39,459 --> 06:20:41,997 that can be taken advantage of by a hacker 9624 06:20:41,997 --> 06:20:43,404 or a penetration tester 9625 06:20:43,404 --> 06:20:46,647 for their own misuse or actually for fixing the issue. 9626 06:20:46,647 --> 06:20:49,400 So while I'm ready assessment has three steps. 9627 06:20:49,400 --> 06:20:52,700 So the first step is actually identifying the assets 9628 06:20:52,700 --> 06:20:54,796 and the vulnerabilities of the system. 9629 06:20:54,796 --> 06:20:57,764 The second step is actually quantifying the assessment 9630 06:20:57,764 --> 06:21:01,000 and the third is reporting the results now vulnerability 9631 06:21:01,000 --> 06:21:02,901 assessment is only a small part 9632 06:21:02,901 --> 06:21:05,008 and Pen testing is an extended process 9633 06:21:05,008 --> 06:21:06,510 of vulnerability assessment 9634 06:21:06,510 --> 06:21:08,774 when testing NG or penetration testing 9635 06:21:08,774 --> 06:21:12,400 includes processes like scanning vulnerability assessment 9636 06:21:12,400 --> 06:21:14,411 and itself exploitation research 9637 06:21:14,411 --> 06:21:16,800 and Reporting whatever the results are. 9638 06:21:16,800 --> 06:21:19,442 So in the industry was the most widely 9639 06:21:19,442 --> 06:21:23,300 used Frameworks when penetration testing is Metasploit. 9640 06:21:23,300 --> 06:21:26,425 So Metasploit is widely used in penetration testing 9641 06:21:26,425 --> 06:21:29,938 as I just said and also used for exploitation research. 9642 06:21:29,938 --> 06:21:31,447 So some of you might ask 9643 06:21:31,447 --> 06:21:33,900 what exactly is an exploit research well 9644 06:21:33,900 --> 06:21:36,093 in this world there are tons of exploits 9645 06:21:36,093 --> 06:21:39,500 and the way to approach each Of them is ever so different. 9646 06:21:39,500 --> 06:21:42,700 So what we have to do is exploit all the research 9647 06:21:42,700 --> 06:21:43,945 that is available to us 9648 06:21:43,945 --> 06:21:46,584 and we have to find the best way to approach them. 9649 06:21:46,584 --> 06:21:49,479 So suppose, for example, you have a secure shell login. 9650 06:21:49,479 --> 06:21:52,382 So the best way to actually approach secure shell login 9651 06:21:52,382 --> 06:21:53,521 until my knowledge is 9652 06:21:53,521 --> 06:21:55,697 that you have to get a backdoor access 9653 06:21:55,697 --> 06:21:57,438 to this from the port numbers 9654 06:21:57,438 --> 06:21:59,556 that you can scan via nmap or eczema. 9655 06:21:59,556 --> 06:21:59,852 Okay. 9656 06:21:59,852 --> 06:22:02,087 So without wasting much time at looking 9657 06:22:02,087 --> 06:22:03,577 at prop and presentations, 9658 06:22:03,577 --> 06:22:06,900 let's actually get started as to how we can use Metasploit. 9659 06:22:06,900 --> 06:22:10,200 So So Metasploit is a freely available open source framework 9660 06:22:10,200 --> 06:22:12,000 that is widely used by pentesters 9661 06:22:12,000 --> 06:22:13,200 as we just discussed. 9662 06:22:13,200 --> 06:22:15,703 So to actually install Metasploit, 9663 06:22:15,703 --> 06:22:18,800 which is easily available on Linux and windows. 9664 06:22:18,800 --> 06:22:19,600 I guess. 9665 06:22:19,600 --> 06:22:21,100 Let me just check it out. 9666 06:22:21,100 --> 06:22:22,882 So you go on your browser 9667 06:22:22,882 --> 06:22:26,000 and you time Metasploit downloads now you just 9668 06:22:26,000 --> 06:22:27,600 visit the first link and 9669 06:22:27,600 --> 06:22:30,056 as you guys can see it says it's the world's most 9670 06:22:30,056 --> 06:22:31,491 used penetration testing tool 9671 06:22:31,491 --> 06:22:33,996 and then you just download the Metasploit framework 9672 06:22:33,996 --> 06:22:35,800 by clicking the download button here. 9673 06:22:35,800 --> 06:22:37,949 So y'all might also find Pro version 9674 06:22:37,949 --> 06:22:39,300 which is a paid thing. 9675 06:22:39,300 --> 06:22:41,500 And this has a little bit of extra features 9676 06:22:41,500 --> 06:22:42,558 like group support 9677 06:22:42,558 --> 06:22:45,600 and actually helping a company work as an organization, 9678 06:22:45,600 --> 06:22:47,000 but we don't actually need 9679 06:22:47,000 --> 06:22:49,500 that and practicing our pentesting abilities. 9680 06:22:49,500 --> 06:22:50,950 So for that you just go ahead 9681 06:22:50,950 --> 06:22:53,300 and download Metasploit framework and install it 9682 06:22:53,300 --> 06:22:54,149 on your system above 9683 06:22:54,149 --> 06:22:56,700 that there is another thing I want to get make you guys aware 9684 06:22:56,700 --> 06:22:58,400 of and that is Metasploit table. 9685 06:22:58,400 --> 06:23:01,400 So when actually been testing we need a server 9686 06:23:01,400 --> 06:23:04,000 or a website to actually pen testing zone. 9687 06:23:04,000 --> 06:23:05,200 So normally this is 9688 06:23:05,200 --> 06:23:07,500 a very illegal thing to do with our permission. 9689 06:23:07,500 --> 06:23:10,100 Ian so Met exploitable has actually created 9690 06:23:10,100 --> 06:23:12,700 a server with a lot of vulnerabilities on it 9691 06:23:12,700 --> 06:23:15,600 and it's called Metasploit able to somet exploitable 9692 06:23:15,600 --> 06:23:18,300 to is easily downloadable from this link 9693 06:23:18,300 --> 06:23:19,916 and it's a virtual box file. 9694 06:23:19,916 --> 06:23:22,681 So you guys must have a virtual machine software 9695 06:23:22,681 --> 06:23:25,100 on your system to actually set this thing up. 9696 06:23:25,100 --> 06:23:26,163 I'll also go through 9697 06:23:26,163 --> 06:23:28,334 how to actually set up Metasploit herbal 9698 06:23:28,334 --> 06:23:29,428 because it has a lot 9699 06:23:29,428 --> 06:23:32,311 of configuration and network management to go with it. 9700 06:23:32,311 --> 06:23:33,900 So we'll get to that later. 9701 06:23:33,900 --> 06:23:34,500 But for now, 9702 06:23:34,500 --> 06:23:37,200 let's get started with Metasploit table. 9703 06:23:37,200 --> 06:23:40,800 So before that Metasploit herbal is written in Ruby 9704 06:23:40,800 --> 06:23:43,535 and if you all know Ruby coding and y'all know 9705 06:23:43,535 --> 06:23:44,751 how to make exploits 9706 06:23:44,751 --> 06:23:48,400 y'all can also always contribute to the Metasploit community. 9707 06:23:48,400 --> 06:23:52,361 So Metasploit is one of the most widely used pen testing tools 9708 06:23:52,361 --> 06:23:53,400 in the industry. 9709 06:23:53,400 --> 06:23:55,452 So what exactly is Metasploit? 9710 06:23:55,452 --> 06:23:56,905 Well, it's a framework 9711 06:23:56,905 --> 06:24:01,000 and what a framework is is it's actually a collection of tools. 9712 06:24:01,000 --> 06:24:04,300 So these tools are majorly used for penetration testing 9713 06:24:04,300 --> 06:24:07,110 and exploitation research now one might ask 9714 06:24:07,110 --> 06:24:09,100 what Exactly is exploit research. 9715 06:24:09,100 --> 06:24:11,307 Well, there are tons of exploits out there 9716 06:24:11,307 --> 06:24:14,013 and there are tons of ways to actually approach them 9717 06:24:14,013 --> 06:24:15,372 and this only comes to us 9718 06:24:15,372 --> 06:24:18,198 from thorough research as to how we can approach each 9719 06:24:18,198 --> 06:24:20,100 and every exploit in their best way. 9720 06:24:20,200 --> 06:24:21,600 So talking about Metasploit. 9721 06:24:21,600 --> 06:24:25,155 Well, it's open source and free and it's also written in Ruby. 9722 06:24:25,155 --> 06:24:27,300 So if you guys know Ruby coding and know 9723 06:24:27,300 --> 06:24:29,743 how to make exploits y'all can always contribute 9724 06:24:29,743 --> 06:24:33,021 to the Metasploit framework now talking about the download part. 9725 06:24:33,021 --> 06:24:35,147 Well y'all can easily download Metasploit 9726 06:24:35,147 --> 06:24:36,500 from its download page, 9727 06:24:36,500 --> 06:24:37,822 which is - 9728 06:24:37,822 --> 06:24:41,600 Floyd.com download I'll be leaving the download link 9729 06:24:41,600 --> 06:24:43,000 in the description. 9730 06:24:43,000 --> 06:24:45,117 And once you're on the download page, 9731 06:24:45,117 --> 06:24:47,629 you'll see two versions one is the free version 9732 06:24:47,629 --> 06:24:49,800 which is the original Metasploit framework 9733 06:24:49,800 --> 06:24:52,449 and it's the core framework that everybody works on 9734 06:24:52,449 --> 06:24:54,184 and then there's Metasploit Pro 9735 06:24:54,184 --> 06:24:56,200 which comes with a 14 day free trial. 9736 06:24:56,200 --> 06:24:59,200 So Metasploit Pro actually has a few extra features, 9737 06:24:59,200 --> 06:25:01,200 which is great for an organization. 9738 06:25:01,200 --> 06:25:02,800 Like it helps you work as a team, 9739 06:25:02,800 --> 06:25:03,858 but if you're a guy 9740 06:25:03,858 --> 06:25:07,447 who's just practicing pentesting like me Metasploit framework, 9741 06:25:07,447 --> 06:25:10,300 Work the free version is the absolute way to go now. 9742 06:25:10,300 --> 06:25:11,611 Also when pentesting 9743 06:25:11,611 --> 06:25:14,727 you all will also need Metasploit table now met 9744 06:25:14,727 --> 06:25:18,200 exploitable is an intentionally vulnerable Target machine 9745 06:25:18,200 --> 06:25:20,900 for actually practicing your medicine flight skills 9746 06:25:20,900 --> 06:25:21,900 on so we will go 9747 06:25:21,900 --> 06:25:24,458 over the installation of Metasploit table later. 9748 06:25:24,458 --> 06:25:26,863 But for now, let's go over Metasploit table. 9749 06:25:26,863 --> 06:25:29,100 So once you guys have actually downloaded 9750 06:25:29,100 --> 06:25:32,200 the link y'all can actually install it on your systems 9751 06:25:32,200 --> 06:25:34,900 and Metasploit actually has three interfaces. 9752 06:25:34,900 --> 06:25:37,500 So we are going to be using the command line interface. 9753 06:25:37,500 --> 06:25:40,038 Or the msf console in other words, 9754 06:25:40,038 --> 06:25:44,500 but you all can also use the GUI interface which is called 9755 06:25:44,500 --> 06:25:46,325 Armitage if I'm not wrong. 9756 06:25:46,325 --> 06:25:47,800 So let's get started. 9757 06:25:47,800 --> 06:25:48,756 So first of all, 9758 06:25:48,756 --> 06:25:51,226 I've already actually downloaded Metasploit 9759 06:25:51,226 --> 06:25:52,911 and install it on my computer 9760 06:25:52,911 --> 06:25:56,500 and y'all can just do the same by pressing the download button 9761 06:25:56,500 --> 06:25:59,700 as you guys can see so just start up Metasploit. 9762 06:25:59,700 --> 06:26:02,300 All you have to do is go on your terminal 9763 06:26:02,500 --> 06:26:07,061 and so to start a Metasploit all you have to do. 9764 06:26:07,061 --> 06:26:09,676 Do is go on your terminal on Linux? 9765 06:26:10,400 --> 06:26:12,900 Well, we're starting upholstery SQL Server 9766 06:26:12,900 --> 06:26:15,800 because first of all the postgresql server 9767 06:26:15,800 --> 06:26:18,681 is the basis of all the Metasploit exploits 9768 06:26:18,681 --> 06:26:22,800 that are stored and starting it will just make it run faster. 9769 06:26:22,800 --> 06:26:29,600 So we go service post gray SQL and start 9770 06:26:29,700 --> 06:26:31,900 so that's the start of a service 9771 06:26:31,900 --> 06:26:37,200 and indeed it has so next thing you want to do is go in 9772 06:26:37,200 --> 06:26:39,400 and type msf console. 9773 06:26:39,900 --> 06:26:42,100 And that's going to take a little bit of time 9774 06:26:42,100 --> 06:26:43,700 because I was very slow computer 9775 06:26:43,700 --> 06:26:46,000 and it's going to start up our Metasploit free. 9776 06:26:47,100 --> 06:26:50,796 So as you guys can see you got a big banner out here. 9777 06:26:50,796 --> 06:26:53,000 It says Metasploit cyber mesial 9778 06:26:53,200 --> 06:26:56,494 and it's the banner changes every time don't get worried. 9779 06:26:56,494 --> 06:26:59,717 If you have a different banner and the main thing is 9780 06:26:59,717 --> 06:27:02,044 that you should see this msf thing out here. 9781 06:27:02,044 --> 06:27:04,589 So this means we are in the msf Shell right now, 9782 06:27:04,589 --> 06:27:06,700 which is the Metasploit framework shell. 9783 06:27:06,700 --> 06:27:09,500 So let's get started by actually curing our screen. 9784 06:27:09,700 --> 06:27:13,000 So first things first the first command that you 9785 06:27:13,000 --> 06:27:16,200 might want to run on a deployed is the help command. 9786 06:27:16,200 --> 06:27:17,916 So help will tell us everything 9787 06:27:17,916 --> 06:27:19,800 that we can do with this framework. 9788 06:27:19,800 --> 06:27:22,434 So as you guys can see there are a bunch of commands 9789 06:27:22,434 --> 06:27:24,500 and the descriptions to go along with it. 9790 06:27:24,500 --> 06:27:27,050 Y'all can give it a quick read and find the things 9791 06:27:27,050 --> 06:27:28,400 that are interesting to you. 9792 06:27:28,400 --> 06:27:30,464 So as you guys can see Banner is display 9793 06:27:30,464 --> 06:27:33,700 an awesome Metasploit Banner y'all can change the banner 9794 06:27:33,700 --> 06:27:35,900 as you guys can see there are a lot of Juicy commands 9795 06:27:35,900 --> 06:27:37,400 like there's a banner command, 9796 06:27:37,400 --> 06:27:38,600 which I just had used. 9797 06:27:38,600 --> 06:27:41,813 So if you go and die panel will give you a nice cool Banner 9798 06:27:41,813 --> 06:27:44,100 about Metasploit and there are other commands 9799 06:27:44,100 --> 06:27:46,300 which work very similar to Linux like CD. 9800 06:27:46,300 --> 06:27:49,300 Changes the current directory you can change the color 9801 06:27:49,300 --> 06:27:50,684 by toggling colors 9802 06:27:50,800 --> 06:27:54,100 and then you can connect to the host and all sorts of stuff. 9803 06:27:54,200 --> 06:27:56,900 So Metasploit has a bunch of exploits. 9804 06:27:56,900 --> 06:27:58,400 So before we go further, 9805 06:27:58,400 --> 06:28:01,300 I want to make you guys aware of three important terms 9806 06:28:01,300 --> 06:28:02,500 regarding Metasploit. 9807 06:28:02,500 --> 06:28:05,700 The first is a vulnerability and we had already discussed this 9808 06:28:05,700 --> 06:28:07,700 that a vulnerability is a situation 9809 06:28:07,700 --> 06:28:11,451 which can be taken advantage of by a system or a person 9810 06:28:11,451 --> 06:28:14,300 who axis so the second part is an exploit. 9811 06:28:14,300 --> 06:28:16,447 So what exactly is an exploit Yeah, 9812 06:28:16,447 --> 06:28:18,100 well an exploit is a module 9813 06:28:18,100 --> 06:28:21,300 which is a bunch of code written in Ruby on Metasploit 9814 06:28:21,300 --> 06:28:24,000 that is used to Target different vulnerabilities. 9815 06:28:24,000 --> 06:28:26,100 And the third thing is a payload. 9816 06:28:26,100 --> 06:28:29,400 So a payload is the action that you do 9817 06:28:29,400 --> 06:28:32,386 once you actually have access to somebody system. 9818 06:28:32,386 --> 06:28:35,000 So basically suppose you have hack somebody 9819 06:28:35,000 --> 06:28:37,300 and you've gained access to their system. 9820 06:28:37,300 --> 06:28:40,151 Now the activities you do after gaining access 9821 06:28:40,151 --> 06:28:43,700 is defined as the payload so we just spoke about exploits 9822 06:28:43,700 --> 06:28:44,751 and I told you guys 9823 06:28:44,751 --> 06:28:46,743 that Metasploit has a bunch of Right. 9824 06:28:46,743 --> 06:28:49,400 So how do we see all the exploits that are there? 9825 06:28:49,400 --> 06:28:52,000 So you go show exploits. 9826 06:28:57,500 --> 06:28:58,900 Well, as you guys 9827 06:28:58,900 --> 06:29:01,600 can see we've loaded up a bunch of exploits 9828 06:29:01,600 --> 06:29:03,600 which is basically all the exploits 9829 06:29:03,600 --> 06:29:06,000 that Metasploit has to offer at this moment. 9830 06:29:06,000 --> 06:29:10,214 So let me just increase the screen a bit and let's cruel 9831 06:29:10,214 --> 06:29:11,900 completely to the top. 9832 06:29:16,100 --> 06:29:16,900 Yep. 9833 06:29:17,100 --> 06:29:18,792 So as you guys can see 9834 06:29:19,300 --> 06:29:22,201 show exploits give us a bunch of exploits 9835 06:29:22,201 --> 06:29:27,000 and shows the name a description a disclosure did and the rank. 9836 06:29:27,000 --> 06:29:28,700 So the name and description is 9837 06:29:28,700 --> 06:29:31,297 as it says it's the name of the exploit and it's 9838 06:29:31,297 --> 06:29:32,900 a short description about it. 9839 06:29:32,900 --> 06:29:34,226 The disclosure date is 9840 06:29:34,226 --> 06:29:37,300 when the extract was actually released by Metasploit 9841 06:29:37,300 --> 06:29:38,113 and the rank is 9842 06:29:38,113 --> 06:29:40,489 how it has fared against the vulnerability. 9843 06:29:40,489 --> 06:29:43,600 It was released for since it was actually released. 9844 06:29:43,600 --> 06:29:47,139 So as you guys can see ranks range from Great good 9845 06:29:47,139 --> 06:29:50,100 and stuff and we have a bunch of exploits. 9846 06:29:50,100 --> 06:29:53,200 So as you guys can see there's an Android exploit. 9847 06:29:53,200 --> 06:29:56,300 There's a Samsung Galaxy knocks Android exploit. 9848 06:29:56,300 --> 06:29:58,800 There are bunch of Windows exploit 9849 06:29:58,800 --> 06:30:04,400 Adobe Flash exploit FTP exploits MySQL exploit asp.net exploits 9850 06:30:04,400 --> 06:30:05,956 and a bunch of other stuff. 9851 06:30:05,956 --> 06:30:09,300 So as you guys can see there are a bunch of exploits to use 9852 06:30:09,300 --> 06:30:10,900 and it can get confusing 9853 06:30:10,900 --> 06:30:14,100 and rather Troublesome to search for the exploit. 9854 06:30:14,100 --> 06:30:15,900 You actually want to use so 9855 06:30:15,900 --> 06:30:20,300 as A pen tester you can always go for the search keyword, 9856 06:30:20,300 --> 06:30:21,784 which is basically suppose, 9857 06:30:21,784 --> 06:30:23,740 you know that you have a MySQL server 9858 06:30:23,740 --> 06:30:24,550 which has a bunch 9859 06:30:24,550 --> 06:30:27,000 of vulnerabilities and you want to test those out. 9860 06:30:27,200 --> 06:30:30,500 So you simply go search my SQL now, 9861 06:30:30,500 --> 06:30:32,912 I'll search the database for all the exploits 9862 06:30:32,912 --> 06:30:35,600 that are related to mySQL and present them to you. 9863 06:30:42,100 --> 06:30:44,200 Okay, so we have our results. 9864 06:30:44,200 --> 06:30:47,266 So as you guys can see we have a bunch 9865 06:30:47,266 --> 06:30:49,500 of MySQL related module system. 9866 06:30:49,600 --> 06:30:53,205 Now at this makes it very easier if you are a pen tester 9867 06:30:53,205 --> 06:30:55,500 and you're looking for MySQL exploits 9868 06:30:55,500 --> 06:30:59,600 now suppose you choose your exploit and let's see, 9869 06:30:59,800 --> 06:31:01,300 let's choose. 9870 06:31:01,300 --> 06:31:03,500 Which one do we want to use today? 9871 06:31:03,500 --> 06:31:06,188 We're going to just use this MySQL hash dump. 9872 06:31:06,188 --> 06:31:08,587 So to actually use this we have to copy 9873 06:31:08,587 --> 06:31:12,500 the knee so double click on it and it'll just select it and New 9874 06:31:12,500 --> 06:31:14,600 go Ctrl shift C in your terminal 9875 06:31:15,000 --> 06:31:17,800 so that copies it and so 9876 06:31:17,800 --> 06:31:20,000 if you want some more information about it, 9877 06:31:20,000 --> 06:31:21,900 you can always go info 9878 06:31:22,300 --> 06:31:26,200 and then just paste in the name of the exploit. 9879 06:31:26,400 --> 06:31:29,500 So this gives us a bunch of information actually 9880 06:31:29,500 --> 06:31:32,599 gives us all the information you need about the exploits. 9881 06:31:32,599 --> 06:31:35,600 So it gives you the name that it's a MySQL password. 9882 06:31:35,600 --> 06:31:38,994 Hash dump its module name is Ox Terry scanner 9883 06:31:39,027 --> 06:31:40,423 and all this stuff. 9884 06:31:40,500 --> 06:31:42,147 It's licensed by Metasploit. 9885 06:31:42,147 --> 06:31:44,400 Framework in itself and it has a normal rang 9886 06:31:44,600 --> 06:31:48,200 and these are all the options that you might need to set 9887 06:31:48,200 --> 06:31:50,200 when actually using the exploit 9888 06:31:50,200 --> 06:31:52,761 and this also gives you a small description. 9889 06:31:52,761 --> 06:31:55,408 So it says this module extracts the user names 9890 06:31:55,408 --> 06:31:58,297 and encrypted password hashes from a MySQL server 9891 06:31:58,297 --> 06:31:59,200 and stores them 9892 06:31:59,200 --> 06:32:02,348 for later cracking so seems like really cool stuff. 9893 06:32:02,348 --> 06:32:06,000 You can do with ice cubes server and its password database. 9894 06:32:06,000 --> 06:32:08,300 So if you actually want to use this 9895 06:32:08,300 --> 06:32:10,800 so you have to use the use keyword. 9896 06:32:10,800 --> 06:32:15,000 So we go you Who's and control shift V? 9897 06:32:16,000 --> 06:32:19,600 So as you guys can see it's denoted in red out here 9898 06:32:19,600 --> 06:32:23,498 that we are indeed and exploit that we want to use. 9899 06:32:24,000 --> 06:32:24,800 Now. 9900 06:32:24,800 --> 06:32:26,700 The first thing you want to do 9901 06:32:26,700 --> 06:32:29,300 when you're using an exploit is you want 9902 06:32:29,300 --> 06:32:31,800 to go and say show options. 9903 06:32:32,900 --> 06:32:36,182 Now as you guys can see these are the options 9904 06:32:36,182 --> 06:32:39,300 that we actually need to set before using the exploit. 9905 06:32:39,300 --> 06:32:43,296 Now the options can be necessary or they can be optional 9906 06:32:43,296 --> 06:32:46,000 like so there's a password field out here, 9907 06:32:46,000 --> 06:32:47,571 which is not really necessary, 9908 06:32:47,571 --> 06:32:49,002 but will help your exploit 9909 06:32:49,002 --> 06:32:52,100 if you actually provide it but you need to provide 9910 06:32:52,100 --> 06:32:52,901 the our hosts 9911 06:32:52,901 --> 06:32:55,808 which is the targeting host machine and the port 9912 06:32:55,808 --> 06:32:58,900 and the threads is already set now suppose you want 9913 06:32:58,900 --> 06:33:00,843 to set the our hosts 9914 06:33:00,843 --> 06:33:02,612 so you can just go set. 9915 06:33:02,838 --> 06:33:06,300 Host and you can set it to whatever IP address 9916 06:33:06,300 --> 06:33:13,569 you want like suppose you want to address 192.168.1.1 56 some 9917 06:33:13,569 --> 06:33:14,876 of that sandwich. 9918 06:33:14,876 --> 06:33:16,722 I will set the our hosts. 9919 06:33:16,722 --> 06:33:21,300 You can also set the number of threads now threads are actually 9920 06:33:21,300 --> 06:33:23,669 what the threads mean and parallel processing 9921 06:33:23,669 --> 06:33:26,841 that mean how many parallel threads you're gonna run 9922 06:33:26,841 --> 06:33:28,900 so that you have faster computation. 9923 06:33:28,900 --> 06:33:30,980 So this means new need GPU power 9924 06:33:30,980 --> 06:33:34,100 if you have multiple threads running So let's set 9925 06:33:34,100 --> 06:33:35,404 threads 234 now 9926 06:33:35,800 --> 06:33:38,000 so we've set the threads 30 9927 06:33:38,200 --> 06:33:41,600 and then you can go show options again and see 9928 06:33:41,600 --> 06:33:44,900 that you have indeed actually set your options. 9929 06:33:44,900 --> 06:33:49,400 So we've set the threats to 30 and our host has also been set. 9930 06:33:49,500 --> 06:33:53,545 So that was all about how you can get into a module know 9931 06:33:53,545 --> 06:33:56,225 get some information about a module and 9932 06:33:56,225 --> 06:33:58,200 how can also use them or you 9933 06:33:58,200 --> 06:34:00,381 so once you're done using the module 9934 06:34:00,381 --> 06:34:03,000 or once you're done setting up the options, 9935 06:34:03,300 --> 06:34:08,300 You can go ahead and run the command run or even exploit 9936 06:34:08,500 --> 06:34:12,000 and this will start actually running exploit on the system 9937 06:34:12,000 --> 06:34:16,199 that we want to now of put in a very arbitrary IP address. 9938 06:34:16,199 --> 06:34:19,100 So and that not have MySQL Port running 9939 06:34:19,100 --> 06:34:20,900 so our exploit feel now 9940 06:34:20,900 --> 06:34:23,100 once you have desiderio exploit 9941 06:34:23,100 --> 06:34:26,000 and you want to go back to the main msf. 9942 06:34:26,000 --> 06:34:28,800 Unix shell just go ahead and type back. 9943 06:34:28,800 --> 06:34:30,400 It's as simple as that so 9944 06:34:30,400 --> 06:34:32,800 that brings us back to the msf command line. 9945 06:34:32,800 --> 06:34:35,100 I'm so let's go ahead and clear our screen now. 9946 06:34:36,200 --> 06:34:39,738 Okay, so it's time to do something interesting. 9947 06:34:40,300 --> 06:34:41,500 So to do that. 9948 06:34:41,500 --> 06:34:42,431 First of all, 9949 06:34:42,431 --> 06:34:43,729 we need to go ahead 9950 06:34:43,729 --> 06:34:46,600 and actually download Metasploit able to so 9951 06:34:46,600 --> 06:34:50,164 download Metasploit able to do you have to go on this link. 9952 06:34:50,164 --> 06:34:52,500 I'll leave the link in the description. 9953 06:34:52,800 --> 06:34:55,900 So or rather you can just go on your browser 9954 06:34:55,900 --> 06:35:00,100 and type in Metasploit able to download so met exploitable 9955 06:35:00,100 --> 06:35:04,800 as we had earlier discussed is a Linux based distribution 9956 06:35:04,800 --> 06:35:06,500 and It's mostly meant 9957 06:35:06,500 --> 06:35:09,100 for actually practicing your pen testing skills. 9958 06:35:09,100 --> 06:35:11,700 So basically it has a bunch of ports open on it. 9959 06:35:11,700 --> 06:35:13,570 So it's basically just for your he's 9960 06:35:13,570 --> 06:35:15,082 so that you don't go ahead 9961 06:35:15,082 --> 06:35:17,300 and test it out on some valid website 9962 06:35:17,300 --> 06:35:18,791 and then get thrown into jail 9963 06:35:18,791 --> 06:35:20,900 because that's a very illegal thing to do. 9964 06:35:20,900 --> 06:35:24,600 So go ahead and download Metasploit able to and then 9965 06:35:24,600 --> 06:35:30,100 also download Oracle virtualbox machine Oracle virtualbox. 9966 06:35:30,300 --> 06:35:32,600 So you all can also easily download 9967 06:35:32,600 --> 06:35:35,580 that from www.virtualbox.org. 9968 06:35:35,610 --> 06:35:36,500 And this is 9969 06:35:36,500 --> 06:35:39,400 because you should never run mad exploitable to on a system 9970 06:35:39,400 --> 06:35:40,933 that is connected to a network. 9971 06:35:40,933 --> 06:35:43,179 You should always use it on a virtual machine 9972 06:35:43,179 --> 06:35:45,071 because it's Protected Their Faith so 9973 06:35:45,071 --> 06:35:46,700 that nobody else can access it. 9974 06:35:46,700 --> 06:35:49,100 So to actually set up Metasploit table. 9975 06:35:49,100 --> 06:35:51,790 Once you've downloaded it you go ahead 9976 06:35:51,790 --> 06:35:53,900 and open up your virtual box. 9977 06:35:54,200 --> 06:35:57,700 So out here you have to go into Global tools 9978 06:35:57,800 --> 06:36:01,700 and you create a host only network manager now already 9979 06:36:01,700 --> 06:36:05,200 created a host only network manager and then you go ahead 9980 06:36:05,200 --> 06:36:08,600 and enable the DHCP server by pressing this out here 9981 06:36:08,600 --> 06:36:10,800 like enable then you go back 9982 06:36:10,800 --> 06:36:13,500 and you just go new you give it 9983 06:36:13,500 --> 06:36:15,500 a name like whatever you want to name it. 9984 06:36:15,500 --> 06:36:17,600 I have already named mine Metasploit with to 9985 06:36:17,600 --> 06:36:18,776 as you guys can see. 9986 06:36:18,776 --> 06:36:20,400 So we're going to call this demo 9987 06:36:20,400 --> 06:36:24,400 for just demonstration purposes choose a type to be Linux 9988 06:36:24,400 --> 06:36:28,800 and it someone to 64-bit click next give it a gig of RAM 9989 06:36:28,800 --> 06:36:32,400 and you are going to use an existing virtual hard disk 9990 06:36:32,400 --> 06:36:35,000 so out here you just click on this button out here 9991 06:36:35,000 --> 06:36:36,150 and Browse to the place 9992 06:36:36,150 --> 06:36:37,619 where you actually downloaded 9993 06:36:37,619 --> 06:36:40,000 and unzipped your Metasploit will download file. 9994 06:36:40,000 --> 06:36:42,824 Then you get this virtual machine disk file, 9995 06:36:42,824 --> 06:36:44,257 which is with vmdk file 9996 06:36:44,257 --> 06:36:46,500 and you just go ahead and load it up. 9997 06:36:46,500 --> 06:36:47,600 So I'm not going to do 9998 06:36:47,600 --> 06:36:49,800 that again because that's just going to eat up my Ram 9999 06:36:49,800 --> 06:36:51,750 and I've already installed it up to you. 10000 06:36:51,750 --> 06:36:53,474 So that was all about the installation 10001 06:36:53,474 --> 06:36:54,500 and the configuration. 10002 06:36:54,500 --> 06:36:57,300 So now let's get started and let's start playing 10003 06:36:57,300 --> 06:36:58,652 around with Metasploit. 10004 06:36:58,652 --> 06:37:00,500 So once you're done downloading 10005 06:37:00,500 --> 06:37:03,711 and installing Metasploit table on your computer, 10006 06:37:03,711 --> 06:37:06,817 all you have to do is Is go ahead and start it up 10007 06:37:06,817 --> 06:37:10,000 in your virtual box machine and the login ID 10008 06:37:10,000 --> 06:37:11,800 and the password both are msf. 10009 06:37:11,800 --> 06:37:12,300 Admin. 10010 06:37:12,700 --> 06:37:13,500 So first of all, 10011 06:37:13,500 --> 06:37:17,510 we need the IP address of our Metasploit double server. 10012 06:37:17,510 --> 06:37:21,800 So we go ifconfig and this gives us the address. 10013 06:37:21,802 --> 06:37:26,500 So as you can see out here are addresses 192.168.1.2 6. 10014 06:37:26,500 --> 06:37:27,500 101. 10015 06:37:27,700 --> 06:37:30,600 So once you've go ahead and started a Metasploit herbal, 10016 06:37:30,600 --> 06:37:33,879 it's time that we go ahead and exploit all the vulnerabilities 10017 06:37:33,879 --> 06:37:35,600 that is presented to us by meds. 10018 06:37:35,600 --> 06:37:37,100 Able to so do that. 10019 06:37:37,100 --> 06:37:40,100 Let's head back to our Linux terminal again. 10020 06:37:40,700 --> 06:37:46,280 So once we have the IP address that was 192.168.0 6.11 10021 06:37:46,300 --> 06:37:47,600 if I am correct, 10022 06:37:47,900 --> 06:37:49,115 so let's go 10023 06:37:49,115 --> 06:37:53,269 and quickly get a little bit of information about that. 10024 06:37:53,300 --> 06:38:00,600 So who is 192.168.1.1 6.1 o 1 so this will give us 10025 06:38:00,700 --> 06:38:03,974 who is on Metasploit able to and will give us a bunch 10026 06:38:03,974 --> 06:38:06,903 of information as to To how the server is set up 10027 06:38:06,903 --> 06:38:07,900 where is set up? 10028 06:38:07,900 --> 06:38:10,700 The ports are open and various other things. 10029 06:38:10,900 --> 06:38:13,800 So as you guys can see this gave us a complete 10030 06:38:13,800 --> 06:38:16,301 who is so to get some more information 10031 06:38:16,301 --> 06:38:17,600 about our Metasploit. 10032 06:38:17,600 --> 06:38:18,400 Double Servo. 10033 06:38:18,400 --> 06:38:20,136 We're going to be using nmap. 10034 06:38:20,136 --> 06:38:20,372 Now. 10035 06:38:20,372 --> 06:38:23,425 If you guys don't know about how to use nmap you can go out 10036 06:38:23,425 --> 06:38:25,900 and check my other video on the playlist of made 10037 06:38:25,900 --> 06:38:27,700 a pretty good and map tutorial. 10038 06:38:28,000 --> 06:38:30,400 So we go and map - 10039 06:38:30,400 --> 06:38:35,300 F - s and V which is steel version and we give it. 10040 06:38:35,600 --> 06:38:41,400 the name or the domain name server and 2.16 856 R11 10041 06:38:42,500 --> 06:38:46,000 So we've got a juicy result out here and we can see 10042 06:38:46,000 --> 06:38:48,400 that there's a bunch of stuff open. 10043 06:38:48,500 --> 06:38:52,192 So as you guys can see there's the FTP poor open, 10044 06:38:52,192 --> 06:38:55,800 which has a version of vsf tpd 2.3.4. 10045 06:38:55,900 --> 06:39:00,200 There's also openssh, which is for .7 P1 DPN. 10046 06:39:00,300 --> 06:39:03,429 There's also tell languages almost miserable to have talent 10047 06:39:03,429 --> 06:39:04,900 running on your computer. 10048 06:39:05,000 --> 06:39:06,400 Then there's SMTP. 10049 06:39:06,500 --> 06:39:09,200 There's HTTP and there's a bunch of ports open 10050 06:39:09,200 --> 06:39:11,400 as you guys can just see on your screen. 10051 06:39:11,600 --> 06:39:14,836 So it's We actually used Metasploit like a pen tester 10052 06:39:14,836 --> 06:39:17,700 to go ahead and test out these vulnerabilities. 10053 06:39:17,800 --> 06:39:20,400 So let's choose these FTP things. 10054 06:39:20,600 --> 06:39:23,300 So we have this fdp out here. 10055 06:39:23,700 --> 06:39:25,800 So from the version number, 10056 06:39:25,800 --> 06:39:28,700 which is given to us by the steel version flag 10057 06:39:28,700 --> 06:39:33,100 on and map we know that it's using vsf tpd 2.3.4. 10058 06:39:33,300 --> 06:39:37,500 So we can easily search for an exploit of the same version. 10059 06:39:37,500 --> 06:39:44,500 So as a pen tester you would go search V SFTP D 2.3.4. 10060 06:39:45,200 --> 06:39:47,100 So this should give us all the exploits 10061 06:39:47,100 --> 06:39:50,400 that are available for this particular vulnerability. 10062 06:39:51,800 --> 06:39:54,400 So as you guys can see after a long search 10063 06:39:54,400 --> 06:39:56,500 from the search vsf tpd, 10064 06:39:56,500 --> 06:39:58,000 we found a vulnerability 10065 06:39:58,000 --> 06:40:01,095 or an exploit that can take advantage of the binary. 10066 06:40:01,095 --> 06:40:03,100 So it's time we actually use this. 10067 06:40:03,100 --> 06:40:04,200 So first of all, 10068 06:40:04,200 --> 06:40:06,856 let's get some info about this so info. 10069 06:40:06,856 --> 06:40:08,593 Let's copy down this thing 10070 06:40:08,593 --> 06:40:11,200 and then let's get some info about this. 10071 06:40:11,200 --> 06:40:13,200 So as a small module description 10072 06:40:13,200 --> 06:40:15,500 says this module exploits a malicious back door 10073 06:40:15,500 --> 06:40:18,600 that was added to be SFTP D download archive. 10074 06:40:18,600 --> 06:40:20,600 This backdoor was introduced. 10075 06:40:20,602 --> 06:40:22,700 In the vsf tpd, 2.3.4, 10076 06:40:22,700 --> 06:40:26,400 tar.gz archive between June 30th and voila voila. 10077 06:40:26,700 --> 06:40:30,200 So we have the options of setting in our host. 10078 06:40:30,200 --> 06:40:34,200 It has an available targets provided by these guys, 10079 06:40:34,200 --> 06:40:37,000 and it's a pretty good exploit in my opinion. 10080 06:40:37,700 --> 06:40:39,600 So let's go ahead and use it. 10081 06:40:39,600 --> 06:40:43,200 So we go use and love the exploit. 10082 06:40:43,684 --> 06:40:45,300 So it's visible to us 10083 06:40:45,300 --> 06:40:49,300 that again entered exploit module which is eunuch / 10084 06:40:49,300 --> 06:40:52,400 FTP SFTP D 234 back door. 10085 06:40:52,500 --> 06:40:55,100 So what we're going to do is we are going to actually 10086 06:40:55,100 --> 06:40:58,400 gain a backdoor access to our met exploitable system. 10087 06:40:58,800 --> 06:41:00,800 So to actually make this more believable. 10088 06:41:01,200 --> 06:41:05,700 So if you guys go into your Metasploit herbal system, 10089 06:41:05,700 --> 06:41:06,817 so you guys can see 10090 06:41:06,817 --> 06:41:09,100 that That you are in the root directory 10091 06:41:09,100 --> 06:41:11,100 so you can gain some root access 10092 06:41:11,100 --> 06:41:16,200 by going sudo Su and going msf admin. 10093 06:41:16,600 --> 06:41:18,814 So we're now root user in the msf. 10094 06:41:18,814 --> 06:41:21,700 Admin or rather the Metasploit will console. 10095 06:41:21,700 --> 06:41:26,000 So if we go LS we can see the various files and 10096 06:41:26,000 --> 06:41:28,500 if you go sleepy / home 10097 06:41:28,500 --> 06:41:32,400 when the home directory now and if you do LS out here we can see 10098 06:41:32,400 --> 06:41:34,600 that there are a bunch of stuff. 10099 06:41:34,600 --> 06:41:36,300 So there's an FTP folder. 10100 06:41:36,300 --> 06:41:39,358 There's a hack Folder there's a times of admin folder 10101 06:41:39,358 --> 06:41:41,024 and the service in this user. 10102 06:41:41,102 --> 06:41:42,396 So that's five folders 10103 06:41:42,396 --> 06:41:43,861 if you guys remember so now 10104 06:41:43,861 --> 06:41:46,137 what we're going to do is we're going to gain 10105 06:41:46,137 --> 06:41:48,000 some back door access into the system 10106 06:41:48,000 --> 06:41:50,050 and we're going to create a bunch of folders 10107 06:41:50,050 --> 06:41:51,100 in the home directory. 10108 06:41:51,100 --> 06:41:52,900 So let's get on doing that. 10109 06:41:52,900 --> 06:41:56,900 So to do that we head back to our marriage like terminal 10110 06:41:57,300 --> 06:41:59,200 and we go show options 10111 06:41:59,200 --> 06:42:02,200 as we had already entered are exploited. 10112 06:42:02,200 --> 06:42:03,788 So go show options. 10113 06:42:04,200 --> 06:42:05,611 So as we see the options 10114 06:42:05,611 --> 06:42:08,542 that we have to provide is the ER host and port number 10115 06:42:08,542 --> 06:42:10,700 now the port number has already been set 10116 06:42:10,700 --> 06:42:11,700 because it's 21. 10117 06:42:11,700 --> 06:42:12,960 That's where FTB runs 10118 06:42:12,960 --> 06:42:16,200 or other TCP runs and we now just have to set the host. 10119 06:42:16,200 --> 06:42:19,500 So to set the host we have to just put it in the IP address 10120 06:42:19,500 --> 06:42:21,100 of our Metasploit herbal server. 10121 06:42:21,800 --> 06:42:24,700 So if I remember correctly it set our hosts 10122 06:42:24,900 --> 06:42:28,800 to 192.168 / 56 Art 101. 10123 06:42:29,500 --> 06:42:32,700 So that has said are our hosts so we can again check 10124 06:42:32,700 --> 06:42:36,100 that if we've done it correctly by going show options. 10125 06:42:36,600 --> 06:42:39,200 And we indeed have set our hosts. 10126 06:42:39,300 --> 06:42:39,579 Now. 10127 06:42:39,579 --> 06:42:42,100 All we have to do is run the exploit. 10128 06:42:42,100 --> 06:42:44,000 So we go and hit run. 10129 06:42:44,800 --> 06:42:47,830 So as you guys can see we have actually gained 10130 06:42:47,830 --> 06:42:50,500 a back door service has found and handling 10131 06:42:50,500 --> 06:42:53,300 and the command shell session has started now you 10132 06:42:53,300 --> 06:42:56,500 might be confused as to why do I have this blinking line? 10133 06:42:56,500 --> 06:42:59,200 Well, this blinking line actually means 10134 06:42:59,200 --> 06:43:02,700 that you are inside the Metasploit herbal server. 10135 06:43:02,700 --> 06:43:05,470 That means we have already gained the backdoor access 10136 06:43:05,470 --> 06:43:06,847 and is taking line denotes 10137 06:43:06,847 --> 06:43:09,600 that we are on the terminal of Metasploit able to now 10138 06:43:09,600 --> 06:43:11,300 if you don't guys don't believe me, 10139 06:43:11,300 --> 06:43:13,100 let's do some experimenting. 10140 06:43:13,200 --> 06:43:14,200 So as I had said, 10141 06:43:14,200 --> 06:43:17,785 I'll create a bunch of folders in the home directory. 10142 06:43:17,785 --> 06:43:20,300 So let's change the home directory first 10143 06:43:20,300 --> 06:43:21,310 or rather first. 10144 06:43:21,310 --> 06:43:23,900 You can also do a who am I and instead you 10145 06:43:23,900 --> 06:43:28,500 that you're the root user next you go and do CD / home 10146 06:43:28,800 --> 06:43:30,900 and I'll change the home directory. 10147 06:43:30,900 --> 06:43:33,300 Now, let's make a bunch of folders 10148 06:43:33,300 --> 06:43:35,300 like make directory. 10149 06:43:36,200 --> 06:43:39,400 This is a test. 10150 06:43:39,600 --> 06:43:41,700 So that should have made a directory. 10151 06:43:42,292 --> 06:43:44,907 So let's go into that directory CD. 10152 06:43:45,000 --> 06:43:47,900 This is a test. 10153 06:43:48,400 --> 06:43:51,092 So we're already into the directory. 10154 06:43:51,092 --> 06:43:52,246 This is a test. 10155 06:43:52,255 --> 06:43:52,563 Now. 10156 06:43:52,563 --> 06:43:57,100 Let's make a file called targets Dot txt. 10157 06:43:58,400 --> 06:44:00,100 So that creates 12. 10158 06:44:00,700 --> 06:44:01,951 So just to see 10159 06:44:01,951 --> 06:44:04,797 if you have actually done it properly. 10160 06:44:04,800 --> 06:44:06,700 Let's go back to our Metasploit herbal. 10161 06:44:06,700 --> 06:44:11,500 So Now in the home directory you go and type in LS again. 10162 06:44:12,500 --> 06:44:13,200 Okay. 10163 06:44:13,200 --> 06:44:15,100 So let's type in LS and see so 10164 06:44:15,100 --> 06:44:17,725 as you guys can see we have created. 10165 06:44:17,725 --> 06:44:19,000 This is a test folder 10166 06:44:19,000 --> 06:44:21,270 and it's already available then so let's go 10167 06:44:21,270 --> 06:44:22,800 and move into that folder. 10168 06:44:22,800 --> 06:44:26,200 So this is a test and we are already in that folder. 10169 06:44:26,200 --> 06:44:28,600 So I'm we are also created a text file 10170 06:44:28,600 --> 06:44:30,200 which was called targets. 10171 06:44:30,300 --> 06:44:31,800 So that was LS 10172 06:44:31,900 --> 06:44:33,900 and it should give us a Target start txt. 10173 06:44:34,000 --> 06:44:37,381 So as you guys just saw we gained a backdoor access 10174 06:44:37,381 --> 06:44:40,358 into a remote system through a vulnerability 10175 06:44:40,358 --> 06:44:42,682 that was available to us on the FTP. 10176 06:44:42,682 --> 06:44:44,000 Port so we first did 10177 06:44:44,000 --> 06:44:46,812 that by scanning the entire domain name server 10178 06:44:46,812 --> 06:44:48,500 of Metasploit table by nmap 10179 06:44:48,500 --> 06:44:51,617 and gaining some intelligence as to what ports are running 10180 06:44:51,617 --> 06:44:53,530 and watch boats are actually open 10181 06:44:53,530 --> 06:44:56,100 then we found out that the FTP port is open. 10182 06:44:56,100 --> 06:44:59,400 Then we went on to Metasploit and we found out exploit 10183 06:44:59,400 --> 06:45:02,265 that vulnerability very successfully we found out 10184 06:45:02,265 --> 06:45:03,458 how to use the exploit 10185 06:45:03,458 --> 06:45:06,400 some information about that exploit and in the end, 10186 06:45:06,400 --> 06:45:08,700 we actually executed at months 10187 06:45:08,700 --> 06:45:10,714 and we are already in that folder. 10188 06:45:10,714 --> 06:45:12,973 So and we are also created a Text file 10189 06:45:12,973 --> 06:45:14,500 which was called targets. 10190 06:45:14,500 --> 06:45:16,100 So that was LS 10191 06:45:16,100 --> 06:45:18,100 and it should give us a Target start txt. 10192 06:45:18,300 --> 06:45:21,687 So as you guys just saw we gained a backdoor access 10193 06:45:21,687 --> 06:45:24,600 into a remote system through a vulnerability 10194 06:45:24,600 --> 06:45:27,500 that was available to us on the FTP Port. 10195 06:45:27,500 --> 06:45:31,173 So we first did that by scanning the entire domain name server 10196 06:45:31,173 --> 06:45:32,800 of Metasploit table by nmap 10197 06:45:32,800 --> 06:45:35,858 and gaining some intelligence as to what ports are running 10198 06:45:35,858 --> 06:45:37,800 and what sports are actually open. 10199 06:45:37,800 --> 06:45:40,300 Then we found out that the FTP port is open. 10200 06:45:40,300 --> 06:45:43,658 Then we went on to Metasploit and He found out exploit 10201 06:45:43,658 --> 06:45:46,700 that vulnerability very successfully we found out 10202 06:45:46,700 --> 06:45:47,800 how to use the exploit 10203 06:45:47,800 --> 06:45:50,400 some information about that exploit and in the end, 10204 06:45:50,400 --> 06:45:52,800 we actually executed at months. 10205 06:45:58,000 --> 06:45:59,500 Now you guys must be wondering 10206 06:45:59,500 --> 06:46:02,000 what exactly is and map and why should I learn it? 10207 06:46:02,000 --> 06:46:03,883 Well and map is a network scanner 10208 06:46:03,883 --> 06:46:07,059 that is widely used by ethical hackers to scan networks 10209 06:46:07,059 --> 06:46:08,295 as the name suggests. 10210 06:46:08,295 --> 06:46:11,500 Now, you might wonder why do I need a network scallop? 10211 06:46:11,500 --> 06:46:13,900 Well, Let me give you an example. 10212 06:46:13,900 --> 06:46:15,714 So suppose you have a Wi-Fi 10213 06:46:15,714 --> 06:46:18,194 that has been set up in your new house 10214 06:46:18,194 --> 06:46:19,237 and you realize 10215 06:46:19,237 --> 06:46:23,200 that your data is being actually consumed at a faster rate 10216 06:46:23,200 --> 06:46:25,100 than you are using it. 10217 06:46:25,200 --> 06:46:25,700 Now. 10218 06:46:25,800 --> 06:46:26,900 You have suspected 10219 06:46:26,900 --> 06:46:29,500 that it's your pesky neighbor who keeps on connecting 10220 06:46:29,500 --> 06:46:31,700 to your Wi-Fi and eating up all your data. 10221 06:46:31,700 --> 06:46:34,000 So to actually confirm all your doubts. 10222 06:46:34,000 --> 06:46:36,200 What you want to do is a network scan 10223 06:46:36,200 --> 06:46:39,100 and nmap is a pretty wonderful tool to do 10224 06:46:39,100 --> 06:46:42,300 that now nmap runs on Linux. 10225 06:46:42,500 --> 06:46:43,900 Mac OS and windows 10226 06:46:43,900 --> 06:46:47,071 and I'm mostly going to be running this on Linux 10227 06:46:47,071 --> 06:46:50,715 because that's what I do most of my penetration testing 10228 06:46:50,715 --> 06:46:52,200 and network testing on 10229 06:46:52,269 --> 06:46:54,461 so let's go ahead and get on 10230 06:46:54,461 --> 06:46:58,000 with the installation of nmap on your computer. 10231 06:46:58,000 --> 06:47:02,000 So what you do is go apt-get install and map now 10232 06:47:02,000 --> 06:47:05,100 for this you have to be logged in as root. 10233 06:47:05,100 --> 06:47:07,400 If you're not logged in as root just add pseudo 10234 06:47:07,400 --> 06:47:10,200 before this whole command and it will install it now. 10235 06:47:10,200 --> 06:47:12,400 I already have nmap installed so Um, 10236 06:47:12,400 --> 06:47:14,800 not really going to install it again and again, 10237 06:47:14,900 --> 06:47:20,700 so let's just go ahead and just do a few scans on our website 10238 06:47:20,700 --> 06:47:22,623 that is www.eddecosta.com 10239 06:47:22,623 --> 06:47:26,800 and we are going to see what we get back as results. 10240 06:47:26,800 --> 06:47:28,900 So first of all, let me just show you 10241 06:47:28,900 --> 06:47:32,100 how you can scan a certain domain name servers or DNS. 10242 06:47:32,100 --> 06:47:35,200 So at map we are going to use a flag all the time now, 10243 06:47:35,200 --> 06:47:37,200 let me just tell you what our flag. 10244 06:47:37,200 --> 06:47:39,246 So if you just go to nmap and type - - 10245 06:47:39,246 --> 06:47:41,900 help this will give you all the flags and options 10246 06:47:41,900 --> 06:47:45,100 that are available to Actually use on any map. 10247 06:47:45,100 --> 06:47:48,647 So if you are actually stuck and you can't remember stuff, 10248 06:47:48,647 --> 06:47:50,444 let's go in and type and Mom - 10249 06:47:50,444 --> 06:47:53,800 help and it will give you all the stuff now Network scans 10250 06:47:53,800 --> 06:47:55,314 generally take a long time. 10251 06:47:55,314 --> 06:47:58,400 So I'm going to be using the fast mode most of the time. 10252 06:47:58,400 --> 06:47:59,400 So for fast mode, 10253 06:47:59,400 --> 06:48:02,731 all you have to do is type in any record dot go and sit 10254 06:48:02,731 --> 06:48:05,021 and wait for this can't get over now 10255 06:48:05,021 --> 06:48:06,200 when the scan gets 10256 06:48:06,200 --> 06:48:10,600 over you will see a bunch of information and let me just wait 10257 06:48:10,600 --> 06:48:12,083 till that information pops up 10258 06:48:12,083 --> 06:48:14,800 and then we will talk about the information together. 10259 06:48:14,800 --> 06:48:15,124 Okay. 10260 06:48:15,124 --> 06:48:18,500 So as you guys can see our scan has been completed 10261 06:48:18,500 --> 06:48:21,700 it took 13 .71 seconds to actually do the scan. 10262 06:48:21,700 --> 06:48:25,200 Now as you guys can see it shows us the port's the states 10263 06:48:25,200 --> 06:48:28,800 and the services now the porch is basically the port number 10264 06:48:28,800 --> 06:48:29,867 which are service 10265 06:48:29,867 --> 06:48:33,135 that is also bind it to is working on so we can see 10266 06:48:33,135 --> 06:48:34,900 that SSH service is working 10267 06:48:34,900 --> 06:48:38,200 on port number 22 SMTP on 25 actually 10268 06:48:38,200 --> 06:48:42,300 Beyond 80 our PC by 911 and Sgt. 10269 06:48:42,500 --> 06:48:44,900 BS on 443 so that is 10270 06:48:44,900 --> 06:48:48,255 how you can use nmap to scan a certain website. 10271 06:48:48,255 --> 06:48:51,100 Now if you see and map has also given us 10272 06:48:51,100 --> 06:48:53,000 the public IP of the DNS 10273 06:48:53,000 --> 06:48:56,100 because what nmap does is it looks at the DNS 10274 06:48:56,100 --> 06:48:58,204 and then translate it to an IP 10275 06:48:58,204 --> 06:49:00,800 that is recognized to that DNS server. 10276 06:49:00,800 --> 06:49:01,600 So nmap. 10277 06:49:01,600 --> 06:49:03,500 Also Returns the public IP. 10278 06:49:03,500 --> 06:49:06,600 So what we can do also is and map - 10279 06:49:06,600 --> 06:49:12,300 F and 34.2 10.2 30 and Dot. 10280 06:49:12,400 --> 06:49:13,400 35. 10281 06:49:13,900 --> 06:49:14,219 Okay. 10282 06:49:14,219 --> 06:49:15,615 So as you guys can see 10283 06:49:15,615 --> 06:49:19,200 that our command also works when we put in the IP address 10284 06:49:19,200 --> 06:49:21,400 and it produces the same results. 10285 06:49:21,400 --> 06:49:24,700 Now we can also scan 10286 06:49:24,700 --> 06:49:28,800 for multiple hosts now suppose you are on a network 10287 06:49:28,800 --> 06:49:30,754 and you want to scan for multiple hosts now. 10288 06:49:30,754 --> 06:49:33,300 You don't really want to run different commands for that. 10289 06:49:33,300 --> 06:49:36,700 Now what you can do is just go in and type and map and a bunch 10290 06:49:36,700 --> 06:49:48,290 of IP addresses like 192.168.1.1 and Or 1.2 and 192.168.1.3 10291 06:49:48,320 --> 06:49:51,800 and what this will do is it will draw the net Maps scan 10292 06:49:51,800 --> 06:49:53,600 on these three different IP addresses 10293 06:49:53,600 --> 06:49:57,100 and you did this in just one command. 10294 06:49:57,100 --> 06:49:59,700 So that's a way that you can do this. 10295 06:49:59,700 --> 06:50:00,500 Now. 10296 06:50:00,500 --> 06:50:01,852 You can also know about 10297 06:50:01,852 --> 06:50:05,000 how much of your scan is left by just pressing the up button 10298 06:50:05,000 --> 06:50:06,290 so that will tell you 10299 06:50:06,290 --> 06:50:10,100 and give you a constant update on how your scan is going like - 10300 06:50:10,100 --> 06:50:13,300 32.4% Dot and 4.7 now 10301 06:50:13,300 --> 06:50:16,000 and also show you kind of the time remaining. 10302 06:50:16,200 --> 06:50:16,559 Okay. 10303 06:50:16,559 --> 06:50:19,000 So till this port scan is going on. 10304 06:50:19,000 --> 06:50:21,300 Let me just tell you about the states now States 10305 06:50:21,300 --> 06:50:24,300 can be of two types open closed and unavailable. 10306 06:50:24,300 --> 06:50:27,050 Sometimes you will see that it is unavailable and that's 10307 06:50:27,050 --> 06:50:29,700 because some sort of 5 all or something is running out 10308 06:50:29,700 --> 06:50:32,700 there states can also be closed in that case mostly 10309 06:50:32,700 --> 06:50:34,600 and math will not return you any result 10310 06:50:34,600 --> 06:50:38,627 unless you're explicitly finding something of the closed state. 10311 06:50:38,627 --> 06:50:42,200 So that was a little trivia on States and how they work. 10312 06:50:42,219 --> 06:50:44,312 How much are Scott has done 10313 06:50:44,312 --> 06:50:48,389 so a scout is dot 81% takes around another 20 seconds. 10314 06:50:48,400 --> 06:50:49,800 It should be done soon. 10315 06:50:49,800 --> 06:50:50,400 Now. 10316 06:50:50,400 --> 06:50:54,815 This scan could be significantly made faster with just EF tag, 10317 06:50:54,815 --> 06:50:58,000 but I really want to give you all a good look 10318 06:50:58,000 --> 06:50:59,538 into how this works. 10319 06:50:59,538 --> 06:51:02,000 97 98 99. 10320 06:51:02,515 --> 06:51:02,900 Okay. 10321 06:51:02,900 --> 06:51:05,794 So as you guys can see this is our result. 10322 06:51:05,794 --> 06:51:08,900 It gives us a bunch of ports and services now 10323 06:51:08,900 --> 06:51:11,517 as I just said this thing can be also closed 10324 06:51:11,517 --> 06:51:13,100 and also unable Available. 10325 06:51:13,100 --> 06:51:16,200 So open and closed we see both the examples. 10326 06:51:16,200 --> 06:51:19,700 Okay, so that was about how you can scan multiple ports. 10327 06:51:19,700 --> 06:51:23,159 So you can also scan multiple boards with this command 10328 06:51:23,159 --> 06:51:24,400 as I will show you. 10329 06:51:24,400 --> 06:51:29,500 So what I do not one six eight dot one dot one to Thirty. 10330 06:51:29,500 --> 06:51:32,800 Now what this will do is basically scan everything 10331 06:51:32,800 --> 06:51:39,100 from 192.168.1.1 to 192.168.1.2 up to 30 like that. 10332 06:51:39,100 --> 06:51:42,600 So this is a very useful way of actually scanning. 10333 06:51:42,600 --> 06:51:44,197 Tubal IP addresses. 10334 06:51:44,600 --> 06:51:47,000 Let me just show you how that works. 10335 06:51:47,600 --> 06:51:49,600 Since we have used the a flag, 10336 06:51:49,600 --> 06:51:52,500 this is going to work considerably faster now 10337 06:51:52,500 --> 06:51:54,400 as you guys can see out here. 10338 06:51:54,400 --> 06:51:57,880 This had taken around a hundred nineteen seconds. 10339 06:51:57,880 --> 06:52:00,200 So that's round two minutes now. 10340 06:52:00,200 --> 06:52:02,900 This will take a considerably less a time. 10341 06:52:02,900 --> 06:52:06,078 So, let's see this was done in 29.91 seconds, 10342 06:52:06,078 --> 06:52:08,100 and we'd it 30 IP addresses. 10343 06:52:08,100 --> 06:52:09,900 So we see that - 10344 06:52:09,900 --> 06:52:13,900 F surely speed ins the whole scanning process now, 10345 06:52:14,000 --> 06:52:17,100 you can also give nmap a Target list now, 10346 06:52:17,100 --> 06:52:20,400 let me Could Target list so targets D XD. 10347 06:52:20,400 --> 06:52:22,200 We just got it out for you. 10348 06:52:22,600 --> 06:52:24,160 So that's starting it now. 10349 06:52:24,160 --> 06:52:26,200 All I want to do is edit this file. 10350 06:52:26,200 --> 06:52:28,600 So, let me just edit that file and put 10351 06:52:28,600 --> 06:52:41,850 a 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.5 10352 06:52:41,900 --> 06:52:46,600 for 192.168.1.5 or 15. 10353 06:52:46,600 --> 06:52:47,300 Boom Rose. 10354 06:52:47,300 --> 06:52:49,753 Sit now, all we have to do is save it. 10355 06:52:49,753 --> 06:52:53,200 So that saves it and control X to actually access it. 10356 06:52:53,200 --> 06:52:56,900 Now, you can go ahead and view what is a target set txt. 10357 06:52:56,900 --> 06:53:00,600 So as you guys can see this is what isn't Target such cxt. 10358 06:53:00,600 --> 06:53:04,411 And now you can just pass it to end map with the IL flag 10359 06:53:04,411 --> 06:53:07,798 and you could say that nmap is going to actually 10360 06:53:07,798 --> 06:53:09,600 scan all the IP addresses 10361 06:53:09,600 --> 06:53:11,288 that are in this file. 10362 06:53:11,288 --> 06:53:12,900 So let that just run. 10363 06:53:12,900 --> 06:53:15,000 So this will take a little bit of time 10364 06:53:15,000 --> 06:53:17,300 because it's five IP addresses 10365 06:53:17,300 --> 06:53:22,200 and it's really radical the fast boat 83% 10366 06:53:22,200 --> 06:53:24,100 of our work is done. 10367 06:53:24,300 --> 06:53:25,000 Okay. 10368 06:53:25,000 --> 06:53:28,127 So as we see our scan has been completed now, 10369 06:53:28,127 --> 06:53:30,900 what do you see out here is scan results 10370 06:53:30,900 --> 06:53:36,300 for whatever we had provided and targets dot txt list. 10371 06:53:36,600 --> 06:53:40,200 So that's how you can also provide and map input file 10372 06:53:40,200 --> 06:53:43,400 and it will give you the results for all the targets 10373 06:53:43,400 --> 06:53:45,400 that were specified in the file. 10374 06:53:45,400 --> 06:53:46,636 Now, let's go ahead 10375 06:53:46,636 --> 06:53:49,500 and talk about a little bit on Port scanning. 10376 06:53:49,500 --> 06:53:53,300 So nmap is also A brilliant tool for scouting boards. 10377 06:53:53,300 --> 06:53:55,100 And if you have a server or web site, 10378 06:53:55,100 --> 06:53:58,600 you know that there are 65535 ports out there 10379 06:53:58,600 --> 06:54:04,661 or every silver and almost 99% are unused so sometimes kind 10380 06:54:04,661 --> 06:54:07,200 of ports is really at the society. 10381 06:54:07,200 --> 06:54:10,100 Now you can scan boards by just using the pflag 10382 06:54:10,100 --> 06:54:14,198 and specifying the port number and this is how you would do it. 10383 06:54:14,198 --> 06:54:17,200 And if you just specify the IP address after that, 10384 06:54:17,200 --> 06:54:20,600 so I'm going to use w-w-w dot Ed u-- record. 10385 06:54:20,900 --> 06:54:23,700 Go and what you can also do is 10386 06:54:23,700 --> 06:54:26,273 this will scan only the port number 20, 10387 06:54:26,273 --> 06:54:29,349 but you can also scan from port number 20 to 25. 10388 06:54:29,349 --> 06:54:32,100 You can also put in comas and tell and lap. 10389 06:54:32,100 --> 06:54:34,000 You also want to scan all these 10390 06:54:34,000 --> 06:54:37,900 are the port 80 is HTTP and 443 is HTTP, 10391 06:54:38,200 --> 06:54:40,003 so you can surely do that. 10392 06:54:40,003 --> 06:54:42,508 So let me just go ahead and run this. 10393 06:54:42,508 --> 06:54:46,000 Okay, so that gives us an information on the boards 10394 06:54:46,000 --> 06:54:48,730 that is there now something about ports. 10395 06:54:48,730 --> 06:54:50,708 Also you suppose, you know. 10396 06:54:50,708 --> 06:54:53,200 You want to scan for some HTTP Port 10397 06:54:53,200 --> 06:54:56,312 so you can just say and map and with the - 10398 06:54:56,312 --> 06:54:57,698 be you can just say 10399 06:54:57,698 --> 06:55:01,200 that I want to scan the HTTP board www dot Ed u-- 10400 06:55:01,200 --> 06:55:04,678 red card dot go so that will just go ahead and do that. 10401 06:55:04,678 --> 06:55:06,200 And as you guys can see 10402 06:55:06,200 --> 06:55:09,000 that give us a result and you can also add 10403 06:55:09,000 --> 06:55:13,100 in stuff like MySQL FTP and stuff like that. 10404 06:55:13,100 --> 06:55:15,900 So let me just see show you 10405 06:55:15,900 --> 06:55:18,900 how that rods okhttp is done poor Sgt. 10406 06:55:18,900 --> 06:55:22,700 Okay, so as you can You guys can see these artboards 10407 06:55:22,700 --> 06:55:26,414 that are running and it gave us according to the day. 10408 06:55:26,414 --> 06:55:26,700 Now. 10409 06:55:26,700 --> 06:55:28,600 If you want to scan all the ports, 10410 06:55:28,600 --> 06:55:30,482 you can use - P - 10411 06:55:30,482 --> 06:55:33,635 and the IP address at www.deeptrekker.com. 10412 06:55:35,000 --> 06:55:36,800 Now this generate takes a lot of time 10413 06:55:36,800 --> 06:55:38,900 because you're basically doing 65,000 scan. 10414 06:55:38,900 --> 06:55:40,416 So I'm not really going to do that. 10415 06:55:40,416 --> 06:55:41,709 I'm going to quit this out. 10416 06:55:41,709 --> 06:55:42,350 Another thing 10417 06:55:42,350 --> 06:55:45,000 that I want to show you all that generally takes a lot 10418 06:55:45,000 --> 06:55:48,022 of time to actually execute is called something 10419 06:55:48,022 --> 06:55:49,600 like an aggressive scam. 10420 06:55:49,600 --> 06:55:51,690 So as you guys can See out here. 10421 06:55:51,690 --> 06:55:54,500 I have done an aggressive scan on Ed Eureka. 10422 06:55:54,600 --> 06:55:55,500 So do that. 10423 06:55:55,500 --> 06:55:58,800 All you have to do is and map - A 10424 06:55:58,800 --> 06:56:01,100 and then you go Eddie record dot go. 10425 06:56:01,100 --> 06:56:03,093 So let us see how much time 10426 06:56:03,093 --> 06:56:07,147 did this take to actually execute this deck 459 seconds 10427 06:56:07,147 --> 06:56:09,098 that's long time for scan, 10428 06:56:09,098 --> 06:56:12,400 but it gives us a bunch of other information. 10429 06:56:12,400 --> 06:56:14,991 For example, it gives us the traceroute. 10430 06:56:14,991 --> 06:56:18,445 So what is the traceroute first of all so traceroute 10431 06:56:18,445 --> 06:56:22,645 is the route taken by a packet to to actually reach the clients 10432 06:56:22,645 --> 06:56:24,000 and the target cell. 10433 06:56:24,100 --> 06:56:28,300 So as you guys can see our back it had 22 hops first went 10434 06:56:28,300 --> 06:56:30,400 to the first stop was to the Gateway router 10435 06:56:30,400 --> 06:56:32,590 that is 192.168.1.1. 10436 06:56:32,900 --> 06:56:37,700 Then when to the Airtel lease line then rent this IP address 10437 06:56:37,700 --> 06:56:40,400 that went to the pslv SNL dotnet 10438 06:56:40,446 --> 06:56:43,600 and it went to London New York the Chicago 10439 06:56:43,600 --> 06:56:47,700 and the went all the way up to wherever this thing has hosted 10440 06:56:47,700 --> 06:56:49,301 that was some information 10441 06:56:49,301 --> 06:56:51,800 and then there is some other Information 10442 06:56:51,800 --> 06:56:54,100 given to us like the TCB open 10443 06:56:54,100 --> 06:56:58,100 TCB rap program version sport type sport States 10444 06:56:58,100 --> 06:57:01,328 and all sorts of other information is given about 10445 06:57:01,328 --> 06:57:02,786 in an aggressive scan 10446 06:57:02,786 --> 06:57:05,706 another scan that I have previously also done 10447 06:57:05,706 --> 06:57:07,100 and kept for y'all is 10448 06:57:07,100 --> 06:57:10,900 because it takes a lot of time and I have done something 10449 06:57:10,900 --> 06:57:13,825 called this service version so and map - 10450 06:57:13,825 --> 06:57:18,100 s and V where V Capital will give you the service version. 10451 06:57:18,100 --> 06:57:20,600 So it tries to actually guess the word. 10452 06:57:20,600 --> 06:57:22,400 Asian of the service that is running. 10453 06:57:22,400 --> 06:57:27,500 So for example on TCP Port it tells us it is postfix SMTP D 10454 06:57:27,600 --> 06:57:28,700 or the Apache. 10455 06:57:28,700 --> 06:57:30,700 It's Apache HTTP D. 10456 06:57:30,900 --> 06:57:33,832 You can see all sorts of versions that are here. 10457 06:57:33,832 --> 06:57:36,562 Another thing and map is generally brilliant 10458 06:57:36,562 --> 06:57:38,797 is for guessing the operating system 10459 06:57:38,797 --> 06:57:39,763 that is running. 10460 06:57:39,763 --> 06:57:42,300 Oh, I have already done this can previously 10461 06:57:42,300 --> 06:57:44,700 because this takes a humongous amount of time 10462 06:57:44,700 --> 06:57:47,700 that I don't really have and that is three eighty six point 10463 06:57:47,700 --> 06:57:48,650 three four seconds 10464 06:57:48,650 --> 06:57:50,708 and this can together basically took me. 10465 06:57:50,708 --> 06:57:51,500 In ten minutes, 10466 06:57:51,500 --> 06:57:53,500 and I don't really have that kind of time 10467 06:57:53,500 --> 06:57:55,100 for explaining all this stuff. 10468 06:57:55,100 --> 06:57:58,428 So as you guys could see out here the OS get is 10469 06:57:58,428 --> 06:58:00,600 kind of os detail is fortunate 10470 06:58:00,600 --> 06:58:03,781 for the gate it kind of tries to guess the OS 10471 06:58:03,781 --> 06:58:05,300 upon the time to live 10472 06:58:05,300 --> 06:58:08,000 that is in the response from the packets 10473 06:58:08,000 --> 06:58:09,000 that it sends. 10474 06:58:09,000 --> 06:58:11,600 So - SVP - oh and - 10475 06:58:11,600 --> 06:58:13,700 A are some really cool stuff stuff 10476 06:58:13,700 --> 06:58:15,347 that you might want to know. 10477 06:58:15,347 --> 06:58:17,930 Another thing that you can do is trace route 10478 06:58:17,930 --> 06:58:20,800 as I had just told y'all and y'all can do Trace. 10479 06:58:20,800 --> 06:58:21,800 Trout separately. 10480 06:58:21,800 --> 06:58:22,900 So you go - - 10481 06:58:22,900 --> 06:58:26,700 traceroute and then you say the name of any sort of website. 10482 06:58:26,700 --> 06:58:27,500 So suppose. 10483 06:58:27,500 --> 06:58:30,000 I want to know how I reach netflix.com. 10484 06:58:30,000 --> 06:58:34,700 So I go netflix.com and this will give me a trace route 10485 06:58:34,700 --> 06:58:39,400 that shows me how my packet actually reaches the flicks.com. 10486 06:58:40,000 --> 06:58:40,400 Okay. 10487 06:58:40,400 --> 06:58:44,100 So this is basically it was a direct one hop. 10488 06:58:44,200 --> 06:58:47,289 Okay, so that was surprising all the other hand. 10489 06:58:47,289 --> 06:58:49,700 If I were to do this on Eddie record dot 10490 06:58:49,700 --> 06:58:52,900 go it would take A bunch of hops to actually reach 10491 06:58:52,900 --> 06:58:55,700 that it is by just take some time to run. 10492 06:58:55,900 --> 06:58:58,100 Okay, so it's 94 percent down. 10493 06:58:58,100 --> 06:59:00,500 I'm just waiting for it to get completed. 10494 06:59:00,600 --> 06:59:00,900 Okay. 10495 06:59:00,900 --> 06:59:03,958 So this gave us a hop and as you guys can see we took 10496 06:59:03,958 --> 06:59:06,800 twenty two hops to actually reach a direct cannot go 10497 06:59:06,800 --> 06:59:10,900 and it's the same process you go through a bunch of IP addresses 10498 06:59:10,900 --> 06:59:13,000 and then you reach this thing called you 10499 06:59:13,000 --> 06:59:15,900 as West do compute that Amazon AWS. 10500 06:59:15,900 --> 06:59:17,200 Okay, so that was 10501 06:59:17,200 --> 06:59:20,500 about traceroute now just to end this tutorial. 10502 06:59:20,500 --> 06:59:22,100 Let me just tell you guys 10503 06:59:22,100 --> 06:59:25,000 that you all can also save a file to add map. 10504 06:59:25,000 --> 06:59:28,100 And that is basically save all whatever you found 10505 06:59:28,100 --> 06:59:30,719 from a search into a file and let me just show you 10506 06:59:30,719 --> 06:59:31,619 how to do that. 10507 06:59:31,619 --> 06:59:31,841 Now. 10508 06:59:31,841 --> 06:59:34,900 Sometimes when you are working as a security analyst you 10509 06:59:34,900 --> 06:59:38,957 will have to perform Network scans on a wide area network 10510 06:59:38,957 --> 06:59:39,900 that is huge. 10511 06:59:39,900 --> 06:59:43,362 It's basically huge these cards take a lot of time 10512 06:59:43,362 --> 06:59:46,628 and you don't really have the space or your command line 10513 06:59:46,628 --> 06:59:47,694 to actually store 10514 06:59:47,694 --> 06:59:49,700 that and see that in the parade. 10515 06:59:49,700 --> 06:59:50,800 That is feasible. 10516 06:59:50,800 --> 06:59:51,800 Little for analysis. 10517 06:59:51,800 --> 06:59:55,300 So what do you want to do is actually save it in a file. 10518 06:59:55,300 --> 06:59:57,400 So what you can do is say Ed map. 10519 06:59:57,400 --> 06:59:59,100 Oh n and then you 10520 06:59:59,100 --> 07:00:04,000 can see the other file we could say results Dot txt, 10521 07:00:04,200 --> 07:00:07,400 and we could save this in file. 10522 07:00:07,400 --> 07:00:11,000 So w-w-w dot Ed u-- Rekha dot go. 10523 07:00:11,200 --> 07:00:13,400 So whatever search result 10524 07:00:13,400 --> 07:00:16,700 is going to be generated is going to be stored 10525 07:00:16,700 --> 07:00:18,943 in this file called results dot txt. 10526 07:00:18,943 --> 07:00:19,209 Now. 10527 07:00:19,209 --> 07:00:20,874 This file need not exist. 10528 07:00:20,874 --> 07:00:24,332 List from before it will just be created by and map 10529 07:00:24,332 --> 07:00:26,200 and now you see if I do LS. 10530 07:00:26,200 --> 07:00:28,800 We have a Target or a results dot txt. 10531 07:00:28,800 --> 07:00:30,700 Now if I just cut out that file, 10532 07:00:30,700 --> 07:00:33,400 let me just less it actually results Dot txt. 10533 07:00:33,400 --> 07:00:36,204 And what you see out here is an nmap scan result 10534 07:00:36,204 --> 07:00:37,100 that is stored. 10535 07:00:37,400 --> 07:00:40,800 Another thing that I would like to show you all before I end 10536 07:00:40,800 --> 07:00:43,188 this at map tutorial is a verbose mode. 10537 07:00:43,188 --> 07:00:45,200 So for verbose mode is basically 10538 07:00:45,200 --> 07:00:47,173 when we were pressing up arrows to see 10539 07:00:47,173 --> 07:00:48,762 how much of our scan is done. 10540 07:00:48,762 --> 07:00:50,900 You can basically do that for postponed. 10541 07:00:50,900 --> 07:00:52,238 Take all - F + - 10542 07:00:52,238 --> 07:00:55,700 V for verbose and you could say www dot Ed u-- 10543 07:00:55,700 --> 07:00:59,100 record Dot and this will basically give 10544 07:00:59,100 --> 07:01:02,700 you a verbose mode of what is actually going on. 10545 07:01:02,700 --> 07:01:06,160 I'll tell you everything and boom roasted there it's done 10546 07:01:06,160 --> 07:01:08,691 and we have finished our and map tutorial 10547 07:01:08,691 --> 07:01:10,400 and now you see if I do LS. 10548 07:01:10,405 --> 07:01:13,200 We have a Target or a results dot txt 10549 07:01:13,200 --> 07:01:14,950 if I just cut out that file. 10550 07:01:14,950 --> 07:01:17,700 Let me just less it actually results Dot txt. 10551 07:01:17,700 --> 07:01:20,600 And what do you see out here is an nmap scan result. 10552 07:01:20,600 --> 07:01:22,258 That is Stored a lot of thing 10553 07:01:22,258 --> 07:01:25,200 that I would like to show you all before I end this 10554 07:01:25,200 --> 07:01:27,383 at map tutorial is a verbose mode. 10555 07:01:27,383 --> 07:01:29,500 So for verbose mode is basically 10556 07:01:29,500 --> 07:01:31,473 when we were pressing up arrows to see 10557 07:01:31,473 --> 07:01:33,062 how much of our scan is done. 10558 07:01:33,062 --> 07:01:35,200 You can basically do that for postponed. 10559 07:01:35,200 --> 07:01:36,538 So you go - F + - 10560 07:01:36,538 --> 07:01:40,000 V for verbose and you could say www dot Ed u-- 10561 07:01:40,000 --> 07:01:43,300 record Dot and this will basically give 10562 07:01:43,300 --> 07:01:46,900 you a verbose mode of what is actually going on. 10563 07:01:46,900 --> 07:01:50,500 I'll tell you everything and boom roasted there it's done 10564 07:01:50,500 --> 07:01:53,200 and We have finished our and map tutorial. 10565 07:01:58,100 --> 07:01:59,000 So first of all, 10566 07:01:59,000 --> 07:02:00,800 what exactly is cross-site scripting? 10567 07:02:01,300 --> 07:02:03,028 Well cross-site scripting 10568 07:02:03,028 --> 07:02:05,943 refers to client-side code injection attacks 10569 07:02:05,943 --> 07:02:07,300 where in an attacker 10570 07:02:07,300 --> 07:02:10,700 can execute a malicious script also commonly referred 10571 07:02:10,700 --> 07:02:14,000 to as a malicious payload into a legitimate website 10572 07:02:14,000 --> 07:02:17,700 or web application now xss is amongst the most rampant 10573 07:02:17,700 --> 07:02:20,288 of web application vulnerabilities and occurs 10574 07:02:20,288 --> 07:02:23,000 when of Web application makes use of something 10575 07:02:23,000 --> 07:02:24,300 like a nun validated 10576 07:02:24,300 --> 07:02:26,900 or unencoded user input within the output 10577 07:02:26,900 --> 07:02:30,100 that it generates Now by leveraging xss 10578 07:02:30,100 --> 07:02:34,000 and attacker does not Target a victim directly instead 10579 07:02:34,000 --> 07:02:37,700 an attacker would be exploiting a vulnerability within a website 10580 07:02:37,700 --> 07:02:39,611 or something like a web application 10581 07:02:39,611 --> 07:02:41,200 that the victim would visit 10582 07:02:41,200 --> 07:02:43,566 and essentially using the vulnerable website 10583 07:02:43,566 --> 07:02:46,043 or the web application as a vehicle to deliver 10584 07:02:46,043 --> 07:02:48,300 a malicious script to the victims browser. 10585 07:02:49,100 --> 07:02:52,000 Now while exercise can be taken advantage 10586 07:02:52,000 --> 07:02:56,000 of within a virtual box script ActiveX and Flash 10587 07:02:56,100 --> 07:02:59,473 unquestionably the most widely abused is Javascript. 10588 07:02:59,473 --> 07:03:00,400 This is mostly 10589 07:03:00,400 --> 07:03:02,581 because JavaScript is the fundamental 10590 07:03:02,581 --> 07:03:04,400 to any browsing experience all 10591 07:03:04,400 --> 07:03:07,600 the modern sides today have some JavaScript framework running 10592 07:03:07,600 --> 07:03:11,600 in the background now xss can be used 10593 07:03:11,600 --> 07:03:13,900 in a range of ways to cause serious problems. 10594 07:03:14,100 --> 07:03:17,335 Well, the traditional is uses of exercise is the ability 10595 07:03:17,335 --> 07:03:18,727 for an attacker to steal. 10596 07:03:18,727 --> 07:03:20,135 Session cookies allowing 10597 07:03:20,135 --> 07:03:22,900 an attacker to probably impersonate a victim and 10598 07:03:22,900 --> 07:03:25,200 that Justin's and that just doesn't stop there. 10599 07:03:25,600 --> 07:03:28,220 So exercise has been used to wreak havoc 10600 07:03:28,220 --> 07:03:29,900 on social websites spread 10601 07:03:29,900 --> 07:03:32,800 malware website defa commence and fish for credentials 10602 07:03:32,800 --> 07:03:34,334 and even used in conjunction 10603 07:03:34,334 --> 07:03:36,800 with some clever social engineering techniques 10604 07:03:36,800 --> 07:03:39,200 to escalate to even more damaging attacks. 10605 07:03:40,300 --> 07:03:42,854 Now cross site scripting can be classified 10606 07:03:42,854 --> 07:03:44,600 into three major categories. 10607 07:03:44,600 --> 07:03:47,223 So the first is reflected cross-site scripting. 10608 07:03:47,223 --> 07:03:50,400 The second is stored or persistent cross-site scripting 10609 07:03:50,400 --> 07:03:52,889 and the third is dom-based cross-site scripting so 10610 07:03:52,889 --> 07:03:55,654 out here Dom refers to the document object model 10611 07:03:55,654 --> 07:03:58,000 that is used file web application building. 10612 07:03:58,600 --> 07:04:01,400 So let's take a moment to discuss the three types 10613 07:04:01,400 --> 07:04:02,900 of cross-site scripting. 10614 07:04:02,900 --> 07:04:05,815 So the first one we're going to be discussing is reflected 10615 07:04:05,815 --> 07:04:07,015 cross-site scripting Now 10616 07:04:07,015 --> 07:04:09,450 by far the most common type of cross-site scripting 10617 07:04:09,450 --> 07:04:10,400 that you'll become. 10618 07:04:10,400 --> 07:04:13,700 Because is probably reflected cross-site scripting here. 10619 07:04:13,700 --> 07:04:14,900 The attackers payload 10620 07:04:14,900 --> 07:04:17,100 is a script and has to be part of a request 10621 07:04:17,100 --> 07:04:20,500 which is sent to the web server and reflected back in such a way 10622 07:04:20,500 --> 07:04:23,300 that the HTTP response includes the payload 10623 07:04:23,300 --> 07:04:27,300 from the HTTP request Now using a phishing email 10624 07:04:27,300 --> 07:04:30,488 and other social engineering techniques the attacker layers 10625 07:04:30,488 --> 07:04:33,900 in the victim to inadvertently make a request to the server 10626 07:04:33,900 --> 07:04:36,468 which contains the cross site scripting payload, 10627 07:04:36,468 --> 07:04:38,600 and then he ends up executing the script 10628 07:04:38,600 --> 07:04:41,800 that gets reflected and cute it inside his own browser. 10629 07:04:42,300 --> 07:04:44,900 Now since reflected cross-site scripting isn't really 10630 07:04:44,900 --> 07:04:45,900 a persistent kind 10631 07:04:45,900 --> 07:04:47,929 of attack the attacker needs to deliver 10632 07:04:47,929 --> 07:04:49,363 this payload to each victim 10633 07:04:49,363 --> 07:04:50,600 that he wants to serve. 10634 07:04:50,600 --> 07:04:53,600 So a medium like a social network is very conveniently 10635 07:04:53,600 --> 07:04:55,700 used for destination of these attacks. 10636 07:04:55,800 --> 07:04:57,744 So now let's take a step by step. 10637 07:04:57,744 --> 07:05:00,600 Look at how cross-site scripting actually works. 10638 07:05:00,900 --> 07:05:03,800 So firstly the attacker crafts a URL containing 10639 07:05:03,800 --> 07:05:06,500 a malicious string and sends it to the victim. 10640 07:05:07,000 --> 07:05:09,300 Now the poor victim is tricked by the attacker 10641 07:05:09,300 --> 07:05:11,500 into requesting the URL from the website, 10642 07:05:11,500 --> 07:05:13,500 which is running a I respond script 10643 07:05:13,600 --> 07:05:16,197 and then the website includes the militia string 10644 07:05:16,197 --> 07:05:17,800 from the URL in the response. 10645 07:05:17,800 --> 07:05:20,287 And then in the end the victims browser executes, 10646 07:05:20,287 --> 07:05:22,723 the malicious script inside the response sending 10647 07:05:22,723 --> 07:05:24,900 the victims cookies to the attacker silver. 10648 07:05:25,400 --> 07:05:26,200 Okay. 10649 07:05:26,200 --> 07:05:29,500 So at first reflected xss might seem very harmless 10650 07:05:29,500 --> 07:05:32,600 because it requires a victim himself to actually send 10651 07:05:32,600 --> 07:05:35,100 a request containing a militia string now 10652 07:05:35,100 --> 07:05:37,900 since nobody would be willingly attacking himself. 10653 07:05:37,900 --> 07:05:38,900 So there seems to be 10654 07:05:38,900 --> 07:05:41,700 no way of actually performing the attack but 10655 07:05:41,700 --> 07:05:44,222 as it turns out there are at least two common ways 10656 07:05:44,222 --> 07:05:45,200 of causing a victim 10657 07:05:45,200 --> 07:05:47,700 to launcher reflected cross-eyed attack on himself. 10658 07:05:48,000 --> 07:05:49,197 So the first way is 10659 07:05:49,197 --> 07:05:51,907 if the user or targets a specific individual 10660 07:05:51,907 --> 07:05:55,500 and the attacker can send the malicious URL to the victim. 10661 07:05:55,500 --> 07:05:59,500 For example using email or for example instant messaging 10662 07:05:59,500 --> 07:06:01,700 and then trick him into visiting the site. 10663 07:06:02,000 --> 07:06:04,505 Secondly if the user targets a large group 10664 07:06:04,505 --> 07:06:07,388 of people the attacker then can publish the link 10665 07:06:07,388 --> 07:06:08,597 or the malicious URL 10666 07:06:08,597 --> 07:06:10,654 or his own website or social media, 10667 07:06:10,654 --> 07:06:13,800 and then he'll just wait for visitors to click on it. 10668 07:06:14,500 --> 07:06:16,493 So these two methods are similar 10669 07:06:16,493 --> 07:06:19,129 and both can be very successful with the use 10670 07:06:19,129 --> 07:06:22,500 of a URL shortening service like one provided by Google. 10671 07:06:22,500 --> 07:06:24,974 So this masks the militia string from users 10672 07:06:24,974 --> 07:06:26,800 who might otherwise identifier. 10673 07:06:27,000 --> 07:06:27,263 Okay. 10674 07:06:27,263 --> 07:06:30,000 So that was all about reflected cross-site scripting. 10675 07:06:30,000 --> 07:06:32,300 Let's move on to store cross-site scripting now. 10676 07:06:33,400 --> 07:06:36,029 So the most damaging type of cross-site scripting 10677 07:06:36,029 --> 07:06:38,553 that is there today is persistent or stored 10678 07:06:38,553 --> 07:06:42,100 cross-site scripting installed cross-site scripting attacks. 10679 07:06:42,100 --> 07:06:43,200 It attacks. 10680 07:06:43,200 --> 07:06:46,000 I'm sorry installed cross-site scripting attacks. 10681 07:06:46,100 --> 07:06:49,100 The attacker is injecting a script into the database 10682 07:06:49,100 --> 07:06:51,900 that is permanently stored on the target application. 10683 07:06:52,000 --> 07:06:53,500 So a classic example 10684 07:06:53,500 --> 07:06:56,000 is a malicious script inserted by an attacker 10685 07:06:56,000 --> 07:06:59,100 in the comment field or on a blog or a forum post. 10686 07:06:59,200 --> 07:07:00,759 So when a victim navigates 10687 07:07:00,759 --> 07:07:03,100 to the affected webpage now in a browser 10688 07:07:03,100 --> 07:07:05,590 The cross site scripting payload will be served. 10689 07:07:05,590 --> 07:07:07,105 As a part of the web page just 10690 07:07:07,105 --> 07:07:09,162 like any legitimate comment would be now. 10691 07:07:09,162 --> 07:07:11,906 This means that the victim will be inadvertently ended 10692 07:07:11,906 --> 07:07:14,132 up ending up executing the malicious script. 10693 07:07:14,132 --> 07:07:16,100 Once the page is viewed in the browser. 10694 07:07:16,500 --> 07:07:18,200 Now, let's also take a step by step. 10695 07:07:18,200 --> 07:07:21,300 Look at how cross-site scripting in the stored version works. 10696 07:07:21,500 --> 07:07:24,500 So the attacker uses one of the websites form to insert 10697 07:07:24,500 --> 07:07:27,500 a malicious string into the websites database first. 10698 07:07:27,500 --> 07:07:30,468 Now the victim unknowingly request the page 10699 07:07:30,468 --> 07:07:31,600 from the website 10700 07:07:31,600 --> 07:07:34,013 and then the website Glued some malicious string 10701 07:07:34,013 --> 07:07:35,656 from the database in the response 10702 07:07:35,656 --> 07:07:37,300 and then sends it to the victim. 10703 07:07:37,700 --> 07:07:40,300 Now the poor victim will be actually executing 10704 07:07:40,300 --> 07:07:42,293 the malicious script inside the response 10705 07:07:42,293 --> 07:07:44,900 and sending all the cookies to the attackers server. 10706 07:07:45,100 --> 07:07:46,600 So that's basically 10707 07:07:46,600 --> 07:07:50,300 how stored or persistent cross-site scripting works. 10708 07:07:50,300 --> 07:07:54,000 Now it's time for the last type of cross-site scripting 10709 07:07:54,000 --> 07:07:57,500 which is document object model based cross-site scripting. 10710 07:07:57,500 --> 07:08:00,632 So dom-based cross-site scripting is an advanced type 10711 07:08:00,632 --> 07:08:02,500 of cross-site scripting attack. 10712 07:08:02,800 --> 07:08:04,500 So which is made possible 10713 07:08:04,500 --> 07:08:08,100 when the web applications client-side script writer uses 10714 07:08:08,100 --> 07:08:10,600 provided data to the document object model. 10715 07:08:11,200 --> 07:08:12,400 So basically it means 10716 07:08:12,400 --> 07:08:15,455 that data is subsequently read from the document object model 10717 07:08:15,455 --> 07:08:18,256 by the web application and output it to the browser. 10718 07:08:18,256 --> 07:08:20,756 So if the data is incorrectly handled in this place 10719 07:08:20,756 --> 07:08:22,813 and attacker can very well inject a payload, 10720 07:08:22,813 --> 07:08:25,700 which will be stored as a part of the document object model 10721 07:08:25,700 --> 07:08:26,564 and then executed 10722 07:08:26,564 --> 07:08:28,600 when the data is read back from the Dome. 10723 07:08:29,400 --> 07:08:31,800 No, let's see how that actually happens. 10724 07:08:31,800 --> 07:08:34,152 So first attacker craft the URL containing 10725 07:08:34,152 --> 07:08:36,900 a malicious string and sends it to the victim. 10726 07:08:37,000 --> 07:08:39,368 Now this victim is again tricked by the attacker 10727 07:08:39,368 --> 07:08:41,888 into actually requesting the URL from the website. 10728 07:08:41,888 --> 07:08:43,302 This is like the primary step 10729 07:08:43,302 --> 07:08:45,400 in actually performing cross-site scripting. 10730 07:08:45,600 --> 07:08:46,659 Now the third step is 10731 07:08:46,659 --> 07:08:49,509 that the website receives the request but does not include 10732 07:08:49,509 --> 07:08:51,100 the militia string in the response. 10733 07:08:51,100 --> 07:08:54,200 Here's the catch of dom-based cross-site scripting. 10734 07:08:54,700 --> 07:08:57,500 So now the victims browser executes the legitimate script 10735 07:08:57,500 --> 07:08:58,500 inside the response. 10736 07:08:58,600 --> 07:09:01,400 Causing the malicious script to be inserted into the page 10737 07:09:01,400 --> 07:09:04,100 that is basically into the inner HTML attributes 10738 07:09:04,300 --> 07:09:06,826 and the final step is then the victims browser then 10739 07:09:06,826 --> 07:09:09,376 executes the malicious script inserted into the page 10740 07:09:09,376 --> 07:09:10,493 and then just sends 10741 07:09:10,493 --> 07:09:12,900 the victim the cookies to the attacker silver. 10742 07:09:13,700 --> 07:09:15,641 Now if you guys must have realized 10743 07:09:15,641 --> 07:09:17,571 in the previous examples of persistent 10744 07:09:17,571 --> 07:09:20,452 and reflected cross-site scripting those server inserts, 10745 07:09:20,452 --> 07:09:22,249 the malicious script into the page, 10746 07:09:22,249 --> 07:09:24,839 which is then sent as a response to the victim now 10747 07:09:24,839 --> 07:09:27,800 when the victims browser receives the response it assumes 10748 07:09:27,800 --> 07:09:29,800 that the malicious Ripped is to be a part 10749 07:09:29,800 --> 07:09:31,428 of the pages legitimate content 10750 07:09:31,428 --> 07:09:34,211 and then automatically executes it during page load as 10751 07:09:34,211 --> 07:09:38,100 with any other script would be but in a Dom base attack, 10752 07:09:38,100 --> 07:09:41,200 there is no malicious script insert it as a part of the page. 10753 07:09:41,200 --> 07:09:42,048 The only scripts 10754 07:09:42,048 --> 07:09:44,700 that are being actually automatically automatically 10755 07:09:44,700 --> 07:09:48,000 executed during the page load is legitimate part of the page. 10756 07:09:48,000 --> 07:09:49,600 So that's the scary part. 10757 07:09:49,600 --> 07:09:50,600 So the problem is 10758 07:09:50,600 --> 07:09:53,818 that this legitimate script directly makes user input 10759 07:09:53,818 --> 07:09:55,800 in order to add HTML to the page. 10760 07:09:55,800 --> 07:09:57,100 So the militia string 10761 07:09:57,100 --> 07:09:59,700 is inserted into the page using Nice chairman, 10762 07:09:59,700 --> 07:10:01,084 so it's pastas sgml. 10763 07:10:01,084 --> 07:10:04,200 So mostly people who are actually in servicing 10764 07:10:04,200 --> 07:10:07,700 or surveying any server for cross-site scripting attacks. 10765 07:10:07,700 --> 07:10:10,200 They will not be actually checking the client side. 10766 07:10:10,200 --> 07:10:13,000 So it's a very subtle difference but it's very important. 10767 07:10:13,200 --> 07:10:15,700 So in traditional cross site scripting the militias 10768 07:10:15,700 --> 07:10:17,400 JavaScript is actually executed 10769 07:10:17,400 --> 07:10:20,700 when the page is loaded as a part of the HTML server 10770 07:10:20,700 --> 07:10:23,100 and in dom-based cross-site scripting 10771 07:10:23,100 --> 07:10:26,400 the militias JavaScript is executed at some point 10772 07:10:26,400 --> 07:10:28,300 after the page has already been loaded. 10773 07:10:28,500 --> 07:10:31,100 Because the page is legitimate JavaScript treating 10774 07:10:31,100 --> 07:10:33,800 user input is using it in an unsafe way. 10775 07:10:34,000 --> 07:10:38,000 So now that we have actually discussed all the three types 10776 07:10:38,000 --> 07:10:39,555 of cross-site scripting 10777 07:10:39,555 --> 07:10:42,600 that is varied that is widely available today. 10778 07:10:42,700 --> 07:10:45,060 Now, let's see what can actually happen 10779 07:10:45,060 --> 07:10:46,800 if cross-site scripting will 10780 07:10:46,800 --> 07:10:49,300 if you were actually a victim of cross-site scripting, 10781 07:10:49,300 --> 07:10:49,800 I'm sorry. 10782 07:10:50,100 --> 07:10:51,337 So, let's see what can happen 10783 07:10:51,337 --> 07:10:53,600 if you actually were a victim of cross-site scripting. 10784 07:10:54,100 --> 07:10:56,754 So the consequences of what an attacker can do 10785 07:10:56,754 --> 07:10:58,931 with the ability to execute JavaScript 10786 07:10:58,931 --> 07:11:01,800 on a webpage may not immediately stand out to you guys, 10787 07:11:01,900 --> 07:11:03,100 but especially 10788 07:11:03,100 --> 07:11:05,900 since browsers like Java like Chrome run JavaScript 10789 07:11:05,900 --> 07:11:08,400 in a very tightly controlled environment these days 10790 07:11:08,400 --> 07:11:10,300 and JavaScript has very limited access 10791 07:11:10,300 --> 07:11:12,500 to users operating systems and user files. 10792 07:11:12,500 --> 07:11:14,100 But when considering 10793 07:11:14,100 --> 07:11:16,800 the JavaScript has the access to the following 10794 07:11:16,800 --> 07:11:18,900 that we're going to discuss we can only see 10795 07:11:18,900 --> 07:11:21,900 how creative JavaScript attackers can get. 10796 07:11:22,300 --> 07:11:25,800 So firstly with malicious JavaScript has access 10797 07:11:25,800 --> 07:11:27,300 to all the same objects 10798 07:11:27,300 --> 07:11:30,747 that the rest of the web page has so this includes a thing 10799 07:11:30,747 --> 07:11:31,805 called cookies now 10800 07:11:31,805 --> 07:11:34,300 cookies are often used to store session tokens. 10801 07:11:34,300 --> 07:11:36,994 And if an attacker can obtain a user session cookie, 10802 07:11:36,994 --> 07:11:39,900 they can impersonate that user anywhere on the internet. 10803 07:11:40,500 --> 07:11:44,400 Secondly JavaScript can read and make arbitrary modifications 10804 07:11:44,400 --> 07:11:46,300 to the browser's document object model. 10805 07:11:46,700 --> 07:11:49,600 So your page will just be incorporated 10806 07:11:49,600 --> 07:11:51,247 with all sorts of scripts 10807 07:11:51,247 --> 07:11:55,200 and viruses without You even knowing from the server side now 10808 07:11:55,200 --> 07:11:56,743 JavaScript can be used 10809 07:11:56,743 --> 07:11:59,900 with the XML HTTP request to send HTTP request 10810 07:11:59,900 --> 07:12:02,900 with arbitrary content to arbitrary destinations. 10811 07:12:03,000 --> 07:12:04,600 And the most scary part is 10812 07:12:04,600 --> 07:12:08,500 that JavaScript and modern browsers can leverage HTML5 apis 10813 07:12:08,500 --> 07:12:12,400 such as accessing a user's geolocation webcam microphone 10814 07:12:12,400 --> 07:12:13,600 and whatnot and even 10815 07:12:13,600 --> 07:12:16,000 specific files from the users file system. 10816 07:12:16,100 --> 07:12:19,682 Now while most of these apis require the users to opt 10817 07:12:19,682 --> 07:12:22,300 in cross-site scripting with in actions 10818 07:12:22,300 --> 07:12:23,023 with some very 10819 07:12:23,023 --> 07:12:25,400 clever social engineering can bring an attacker 10820 07:12:25,400 --> 07:12:28,200 of very long way now the above in combination 10821 07:12:28,200 --> 07:12:29,651 with social engineering 10822 07:12:29,651 --> 07:12:31,044 as I just said allows 10823 07:12:31,044 --> 07:12:33,700 an attacker to pull off Advanced attacks, 10824 07:12:33,700 --> 07:12:36,500 including cookie theft keylogging fishing 10825 07:12:36,500 --> 07:12:38,900 and identity theft to now 10826 07:12:38,900 --> 07:12:41,650 critically cross-site scripting vulnerabilities provide. 10827 07:12:41,650 --> 07:12:42,637 The perfect ground 10828 07:12:42,637 --> 07:12:45,600 for attackers to escalate attacks to more serious ones. 10829 07:12:45,600 --> 07:12:48,900 So now that we understand what cross-site scripting attacks are 10830 07:12:48,900 --> 07:12:51,300 and how damaging they can be to your application. 10831 07:12:51,300 --> 07:12:53,200 Let's dive To the best known practices 10832 07:12:53,200 --> 07:12:56,200 that are actually followed to prevent them in the first place. 10833 07:12:56,700 --> 07:13:00,191 So the first mechanism that is used is called escaping. 10834 07:13:00,191 --> 07:13:01,614 So escaping data means 10835 07:13:01,614 --> 07:13:05,100 that taking data and application has received and ensuring 10836 07:13:05,100 --> 07:13:08,200 that it's secure before actually rendering it for the end user. 10837 07:13:08,800 --> 07:13:11,300 Now by escaping user input key characters 10838 07:13:11,300 --> 07:13:14,000 in the data received by a web page will be prevented 10839 07:13:14,000 --> 07:13:15,294 from being interpreted 10840 07:13:15,294 --> 07:13:17,705 in any malicious sort of way now innocence 10841 07:13:17,705 --> 07:13:20,323 your censoring the data or webpage receives in a way 10842 07:13:20,323 --> 07:13:23,800 that will disallow characters especially those brackets 10843 07:13:23,800 --> 07:13:27,800 that begin the HTML attributes like in HTML and I'm G 10844 07:13:27,800 --> 07:13:29,950 so these will be stopped from being rendered 10845 07:13:29,950 --> 07:13:32,300 which would otherwise cause harm to your application 10846 07:13:32,300 --> 07:13:33,800 and users and database, 10847 07:13:33,900 --> 07:13:37,100 but if your page doesn't allow users to add their own code 10848 07:13:37,100 --> 07:13:40,000 to the page A good rule of thumb is We need to escape any 10849 07:13:40,000 --> 07:13:42,700 and all HTML URL and JavaScript entities. 10850 07:13:43,400 --> 07:13:45,800 However, if you are running a forum 10851 07:13:45,800 --> 07:13:49,800 and you do allow users to as Rich text to your content, 10852 07:13:49,800 --> 07:13:51,400 you have a few choices. 10853 07:13:51,400 --> 07:13:53,800 So firstly you will need to carefully choose 10854 07:13:53,800 --> 07:13:55,935 which HTML entities you will escape 10855 07:13:55,935 --> 07:13:58,726 and which you won't or buy replacement format 10856 07:13:58,726 --> 07:14:00,500 for raw HTML such as markdown 10857 07:14:00,500 --> 07:14:03,135 which will in turn allow you to continue escaping all 10858 07:14:03,135 --> 07:14:06,520 the sorts of HTML characters now the second method 10859 07:14:06,520 --> 07:14:09,000 that is normally used is called validating input 10860 07:14:09,000 --> 07:14:11,200 And so validating input is the process 10861 07:14:11,200 --> 07:14:14,500 of ensuring an application is rendering the correct data 10862 07:14:14,500 --> 07:14:16,282 and preventing malicious data 10863 07:14:16,282 --> 07:14:19,600 from doing harm to the site the database and the users. 10864 07:14:19,700 --> 07:14:23,454 So while whitelisting and input validation are more commonly 10865 07:14:23,454 --> 07:14:26,000 associated with stuff like SQL injection, 10866 07:14:26,000 --> 07:14:28,395 they can also be used as an additional method 10867 07:14:28,395 --> 07:14:30,900 of prevention for cross-site scripting attacks. 10868 07:14:31,100 --> 07:14:33,492 So input validation is especially helpful 10869 07:14:33,492 --> 07:14:36,400 and good at preventing cross-site scripting in forms 10870 07:14:36,400 --> 07:14:38,700 as it prevents a user from adding special. 10871 07:14:38,700 --> 07:14:41,300 Characters into the fields instead of refusing 10872 07:14:41,300 --> 07:14:42,535 the quest completely. 10873 07:14:42,535 --> 07:14:44,521 But in fact valid input validation is 10874 07:14:44,521 --> 07:14:47,541 not the primary method of prevention for vulnerabilities 10875 07:14:47,541 --> 07:14:49,188 such as cross-site scripting 10876 07:14:49,188 --> 07:14:51,259 and even SQL injection for that example, 10877 07:14:51,259 --> 07:14:54,500 but instead they help to reduce the effects should an attacker 10878 07:14:54,500 --> 07:14:57,100 actually discover such a vulnerability in your system. 10879 07:14:57,500 --> 07:15:00,300 Now the third way to prevent cross-site scripting attack 10880 07:15:00,300 --> 07:15:01,829 is to sanitize user input. 10881 07:15:01,829 --> 07:15:03,900 So sanitizing data is a strong defense 10882 07:15:03,900 --> 07:15:05,384 but should not be used alone 10883 07:15:05,384 --> 07:15:07,400 to battle cross-site scripting attacks. 10884 07:15:07,400 --> 07:15:08,605 It's totally possible. 10885 07:15:08,605 --> 07:15:11,400 Will that you find the need to use all three methods 10886 07:15:11,400 --> 07:15:14,900 of prevention in working towards a more secure application. 10887 07:15:15,200 --> 07:15:16,900 Now as you guys might notice 10888 07:15:16,900 --> 07:15:20,300 that sanitizing user inputs is especially helpful on sites 10889 07:15:20,300 --> 07:15:23,886 that allow HTML markup to ensure data received Can Do no harm 10890 07:15:23,886 --> 07:15:25,800 to users as well as your database 10891 07:15:25,800 --> 07:15:29,000 by scrubbing the data clean of potentially harmful markup 10892 07:15:29,000 --> 07:15:31,520 and changing the unacceptable user input 10893 07:15:31,520 --> 07:15:33,200 into an acceptable format. 10894 07:15:33,800 --> 07:15:34,376 OK guys. 10895 07:15:34,376 --> 07:15:38,918 So that was all the theory about cross-site scripting it's time. 10896 07:15:38,918 --> 07:15:40,000 Demo right now. 10897 07:15:40,684 --> 07:15:42,915 So for the demonstration now, 10898 07:15:43,600 --> 07:15:45,679 I'm going to be showing you guys the three types 10899 07:15:45,679 --> 07:15:46,767 of cross-site scripting 10900 07:15:46,767 --> 07:15:48,800 that we have discussed throughout the course 10901 07:15:48,800 --> 07:15:49,600 of the session. 10902 07:15:50,300 --> 07:15:53,007 So not only will this be a rather interesting to see 10903 07:15:53,007 --> 07:15:56,214 how cross-site scripting works on a vulnerable web application, 10904 07:15:56,214 --> 07:15:57,300 but it will also give 10905 07:15:57,300 --> 07:15:59,700 us a better understanding of cross-site scripting 10906 07:15:59,700 --> 07:16:02,900 in itself now to perform cross-site scripting is 10907 07:16:02,900 --> 07:16:03,900 a very big crime. 10908 07:16:03,900 --> 07:16:06,900 So we really can Target any random web platform website 10909 07:16:06,900 --> 07:16:08,600 or web application for that matter. 10910 07:16:09,700 --> 07:16:11,511 So keeping that thing in mind I 10911 07:16:11,511 --> 07:16:14,200 have chosen the broken web application project. 10912 07:16:14,200 --> 07:16:16,306 So this is brought To Us by a wasp 10913 07:16:16,306 --> 07:16:20,200 which stands for open source web application security project. 10914 07:16:20,300 --> 07:16:23,600 The broken web application project or Bebop is 10915 07:16:23,600 --> 07:16:25,185 a broken web application 10916 07:16:25,185 --> 07:16:27,300 that is intentionally vulnerable 10917 07:16:27,300 --> 07:16:30,204 and it incorporates a majority of the known bugs 10918 07:16:30,204 --> 07:16:33,600 that are out there and it is widely used by 10919 07:16:33,600 --> 07:16:35,484 security enthusiastic students 10920 07:16:35,484 --> 07:16:38,500 and practicing ethical hackers to mostly practice 10921 07:16:38,500 --> 07:16:40,800 and nurture their skills in the right direction. 10922 07:16:41,400 --> 07:16:43,895 Okay, so to get started first of all, 10923 07:16:43,895 --> 07:16:47,500 we need to download a few files and get things ready. 10924 07:16:47,600 --> 07:16:50,039 So first of all, we will download the broken web. 10925 07:16:50,039 --> 07:16:50,700 Ation project 10926 07:16:50,700 --> 07:16:52,400 and I'll be leaving the download link 10927 07:16:52,400 --> 07:16:55,405 in the description just in case you guys want to practice 10928 07:16:55,405 --> 07:16:56,700 in your own free time. 10929 07:16:56,800 --> 07:16:57,442 Secondly. 10930 07:16:57,442 --> 07:16:59,800 We need to download a virtual box. 10931 07:16:59,800 --> 07:17:02,400 Now after we have both the files ready 10932 07:17:02,400 --> 07:17:04,200 and we have it installed 10933 07:17:04,200 --> 07:17:07,400 and we have our broken web application installed 10934 07:17:07,400 --> 07:17:08,800 in the virtual machine. 10935 07:17:08,800 --> 07:17:09,900 We are good to go. 10936 07:17:10,492 --> 07:17:10,800 Now. 10937 07:17:10,800 --> 07:17:12,814 I've already done all that boring job 10938 07:17:12,814 --> 07:17:15,500 and actually installed the broken web application 10939 07:17:15,500 --> 07:17:16,576 as you guys can see. 10940 07:17:16,576 --> 07:17:17,600 I'm already running 10941 07:17:17,600 --> 07:17:20,200 the owasp broken web application on my virtual. 10942 07:17:21,100 --> 07:17:24,400 And this is the Oval Office virtual machine. 10943 07:17:26,200 --> 07:17:29,530 So as you guys can see it's based off Linux 10944 07:17:29,530 --> 07:17:31,500 and if we go ifconfig, 10945 07:17:31,700 --> 07:17:34,400 it'll give us the IP address that it's running on. 10946 07:17:34,400 --> 07:17:36,100 So as you guys can see, 10947 07:17:36,100 --> 07:17:44,800 it's running on 192.168.1 46.4 so If we just head over there, 10948 07:17:44,800 --> 07:17:46,800 yeah, I've already open that up. 10949 07:17:46,800 --> 07:17:47,800 We get a portal. 10950 07:17:47,800 --> 07:17:49,600 So for this particular demonstration, 10951 07:17:49,600 --> 07:17:52,300 I'm going to be using the broken web application project 10952 07:17:52,300 --> 07:17:53,644 and also webgoat. 10953 07:17:53,900 --> 07:17:54,804 So first of all, 10954 07:17:54,804 --> 07:17:57,800 let's head over to the broken web application project. 10955 07:18:00,100 --> 07:18:02,700 So we'll be greeted with a login screen out here 10956 07:18:02,700 --> 07:18:05,052 and the credentials for this is B and Bug 10957 07:18:05,052 --> 07:18:06,200 as you guys can see, 10958 07:18:06,200 --> 07:18:09,400 so just go and enter login after you enter the credentials. 10959 07:18:12,500 --> 07:18:17,000 Okay, so y'all will be welcomed with a place 10960 07:18:17,000 --> 07:18:18,491 where you can choose your bug 10961 07:18:18,491 --> 07:18:20,782 and you can also choose the amount of security 10962 07:18:20,782 --> 07:18:22,400 that you want to practice with. 10963 07:18:22,400 --> 07:18:24,735 So since this is a very simple demonstration, 10964 07:18:24,735 --> 07:18:26,700 I'm going to set the security too low. 10965 07:18:26,700 --> 07:18:27,907 And the first thing 10966 07:18:27,907 --> 07:18:30,130 that we're going to test is actually 10967 07:18:30,130 --> 07:18:32,100 reflected cross-site scripting. 10968 07:18:32,300 --> 07:18:35,400 So reflected cross-site scripting mostly has things 10969 07:18:35,400 --> 07:18:37,200 to do with the get request 10970 07:18:37,300 --> 07:18:39,789 when we are actually coding on the back end. 10971 07:18:39,789 --> 07:18:40,600 So, let's see. 10972 07:18:41,500 --> 07:18:43,003 First of all we go ahead 10973 07:18:43,003 --> 07:18:46,700 and choose reflected cross-site scripting for the get method 10974 07:18:46,700 --> 07:18:48,400 and we go and press hack. 10975 07:18:49,600 --> 07:18:51,541 Now will be presented with a form. 10976 07:18:51,541 --> 07:18:53,100 Now form is a very good way 10977 07:18:53,100 --> 07:18:56,000 of actually showing reflected cross-site scripting 10978 07:18:56,000 --> 07:18:58,926 because normally when an attacker will be trying 10979 07:18:58,926 --> 07:19:02,600 to attack you he'll be trying to send you a form or any way. 10980 07:19:02,600 --> 07:19:04,100 You can actually input 10981 07:19:04,100 --> 07:19:07,800 something into the his soul so interestingly 10982 07:19:07,800 --> 07:19:11,442 if we go and just in put nothing into these two fields 10983 07:19:11,442 --> 07:19:14,304 and just go will see the URL change out here. 10984 07:19:14,304 --> 07:19:15,800 So firstly you guys see 10985 07:19:15,800 --> 07:19:19,023 that it's the fields are very clearly visible 10986 07:19:19,023 --> 07:19:22,100 and These are the two fields and that means 10987 07:19:22,100 --> 07:19:24,200 that it's an uncoded input. 10988 07:19:24,200 --> 07:19:26,240 So this is a very rich place 10989 07:19:26,240 --> 07:19:29,300 to actually practice your web vulnerability 10990 07:19:29,300 --> 07:19:31,400 and penetration testing skills. 10991 07:19:31,900 --> 07:19:33,700 So if I were to hackl, 10992 07:19:33,700 --> 07:19:36,200 I would try and run a script out here. 10993 07:19:36,500 --> 07:19:38,423 So if I were to go script 10994 07:19:38,700 --> 07:19:40,800 and I've already practiced a few out here 10995 07:19:40,800 --> 07:19:42,100 as you guys can see, 10996 07:19:42,600 --> 07:19:44,600 so if you go script alert, 10997 07:19:44,700 --> 07:19:47,600 this is an example of reflected xss. 10998 07:19:50,600 --> 07:19:53,600 Yeah, and if we go and just end the script out here. 10999 07:19:55,300 --> 07:19:57,404 This is going to actually render 11000 07:19:57,404 --> 07:20:00,200 the JavaScript input as a part of the page 11001 07:20:00,200 --> 07:20:02,500 and we are going to get an output because of this. 11002 07:20:02,700 --> 07:20:05,700 So that's how reflected cross-site script 11003 07:20:05,700 --> 07:20:06,700 is actually working. 11004 07:20:09,000 --> 07:20:13,000 So as you guys can see we the what am I saying? 11005 07:20:13,000 --> 07:20:16,500 As you guys can see the web application has actually 11006 07:20:16,500 --> 07:20:19,200 rendered our JavaScript and now we can see 11007 07:20:19,200 --> 07:20:20,500 that reflected cross-site 11008 07:20:20,500 --> 07:20:22,400 scripting is actually working out here. 11009 07:20:22,600 --> 07:20:24,478 So now you guys must have realized 11010 07:20:24,478 --> 07:20:26,103 that in a practical scenario. 11011 07:20:26,103 --> 07:20:28,162 This form must be sent to the victim 11012 07:20:28,162 --> 07:20:30,400 and must be tricked into filling the form 11013 07:20:30,400 --> 07:20:32,000 for the attack to be successful. 11014 07:20:32,400 --> 07:20:34,467 Also in more practical scenarios 11015 07:20:34,467 --> 07:20:36,600 where sites are also having forms. 11016 07:20:36,600 --> 07:20:38,966 They're going to be putting filters to the Of 11017 07:20:38,966 --> 07:20:40,310 the input parameters such 11018 07:20:40,310 --> 07:20:42,300 that you cannot run JavaScript in them 11019 07:20:42,500 --> 07:20:47,000 and you cannot also input any unencoded inputs into them. 11020 07:20:47,500 --> 07:20:50,000 So that was all about reflective JavaScript. 11021 07:20:50,000 --> 07:20:51,900 I mean reflected cross-site scripting. 11022 07:20:52,300 --> 07:20:55,600 So now let's move on to store cross-site scripting 11023 07:20:55,600 --> 07:20:58,700 which is the most dangerous form of cross-site scripting. 11024 07:21:01,600 --> 07:21:04,400 Okay, so as I had discussed 11025 07:21:04,400 --> 07:21:07,895 the comment sections are normally the best place 11026 07:21:07,895 --> 07:21:10,700 for actually stored cross-site scripting. 11027 07:21:13,800 --> 07:21:19,400 so as you guys can see out here 11028 07:21:19,800 --> 07:21:22,200 if we already have a few comments 11029 07:21:22,200 --> 07:21:26,500 that had added for practicing now in store cross-site 11030 07:21:26,500 --> 07:21:29,600 scripting the attacker is normally attacking the data 11031 07:21:29,600 --> 07:21:30,438 that is stored. 11032 07:21:30,438 --> 07:21:32,950 So basically we are going to inject the script 11033 07:21:32,950 --> 07:21:35,056 into the database into the server. 11034 07:21:35,056 --> 07:21:37,300 So if the script has some malicious intent 11035 07:21:37,300 --> 07:21:38,989 and it can do a multitude of thing 11036 07:21:38,989 --> 07:21:41,600 if it has a malicious intent will not get into that. 11037 07:21:41,600 --> 07:21:42,866 So for that reason, 11038 07:21:42,866 --> 07:21:45,600 let's first add a normal comment out here. 11039 07:21:45,600 --> 07:21:46,600 So let's say 11040 07:21:46,600 --> 07:21:49,900 if this was blog I'd say good job there. 11041 07:21:49,900 --> 07:21:52,600 Like I said or something like hey, 11042 07:21:52,600 --> 07:21:54,000 man, nice work. 11043 07:21:57,500 --> 07:22:00,000 If you go and press submit, okay, 11044 07:22:00,000 --> 07:22:01,900 it's showing this is an example of persistent 11045 07:22:01,900 --> 07:22:02,900 cross-site scripting 11046 07:22:02,900 --> 07:22:06,522 because I had already inserted malicious script. 11047 07:22:06,522 --> 07:22:11,200 So this is that script out here the second input but just 11048 07:22:11,200 --> 07:22:12,900 for demonstration purposes. 11049 07:22:12,900 --> 07:22:16,800 Let's go in and put it again so we can also input raw data 11050 07:22:16,800 --> 07:22:19,600 that is unencoded input in the form of script. 11051 07:22:19,900 --> 07:22:21,500 So let's go alerts. 11052 07:22:23,500 --> 07:22:25,700 Unless his print hello world. 11053 07:22:38,100 --> 07:22:41,600 So if we go and press submit so at first ones 11054 07:22:41,600 --> 07:22:44,522 that other cross-site script and then it will say 11055 07:22:44,522 --> 07:22:45,982 that this page isn't working. 11056 07:22:45,982 --> 07:22:48,064 So this is also a very good example now we 11057 07:22:48,064 --> 07:22:50,400 have two scripts actually running on this page. 11058 07:22:50,400 --> 07:22:51,455 So the first one is 11059 07:22:51,455 --> 07:22:54,900 actually this is an example of cross-site scripting persistent. 11060 07:22:54,900 --> 07:22:58,900 So that was the second one and then comes the hello world. 11061 07:22:58,900 --> 07:23:02,800 So that's actually two scripts running back to back. 11062 07:23:03,200 --> 07:23:05,500 So anybody if I were to actually come back 11063 07:23:05,500 --> 07:23:06,800 to this side any other day 11064 07:23:06,800 --> 07:23:08,797 and these comments existed It would just 11065 07:23:08,797 --> 07:23:11,000 get automatically executed from the database 11066 07:23:11,000 --> 07:23:13,200 because just because we are referring to it. 11067 07:23:13,500 --> 07:23:17,000 Okay, so time for dom-based cross-site scripting 11068 07:23:17,000 --> 07:23:20,709 and I was using this application for the first time yesterday 11069 07:23:20,709 --> 07:23:21,533 and I realized 11070 07:23:21,533 --> 07:23:23,600 that there is actually no way that we 11071 07:23:23,600 --> 07:23:26,300 can actually test dom-based cross-site scripting you. 11072 07:23:26,300 --> 07:23:28,800 So to actually test on base cross site scripting 11073 07:23:28,800 --> 07:23:31,300 we are going to be using this thing called webgoat. 11074 07:23:32,000 --> 07:23:33,598 Now the login credentials 11075 07:23:33,598 --> 07:23:35,900 to webgoat is guests for the username 11076 07:23:35,900 --> 07:23:37,442 and guests for the password. 11077 07:23:37,442 --> 07:23:39,700 I'd already logged in so it didn't ask me. 11078 07:23:39,700 --> 07:23:41,300 So now if we go out here 11079 07:23:41,300 --> 07:23:44,100 and go on the cross site scripting in xs/s, 11080 07:23:44,100 --> 07:23:46,940 you will also see that there is no options 11081 07:23:46,940 --> 07:23:50,841 available for actually donbass cross-site scripting this is 11082 07:23:50,841 --> 07:23:53,600 because it's under a acts security or Ajax 11083 07:23:53,600 --> 07:23:55,300 if you might pronounce it that way. 11084 07:23:56,200 --> 07:23:59,000 So in this is under a acts security 11085 07:23:59,000 --> 07:24:01,579 because if you guys remember we had just discussed 11086 07:24:01,579 --> 07:24:04,264 that don't be cross site scripting is a client-side 11087 07:24:04,264 --> 07:24:05,500 cross-site scripting. 11088 07:24:05,500 --> 07:24:09,141 So things like a normal script would normally be checked 11089 07:24:09,141 --> 07:24:10,400 on the server side. 11090 07:24:10,400 --> 07:24:12,769 But when we are talking on client side, 11091 07:24:12,769 --> 07:24:16,200 we are talking about languages like HTML a acts etcetera 11092 07:24:16,200 --> 07:24:19,008 so you can put your scripts in HTML form. 11093 07:24:19,008 --> 07:24:23,100 So suppose we were to go so let's input a script first. 11094 07:24:23,100 --> 07:24:24,800 So suppose you have to go script. 11095 07:24:24,800 --> 07:24:25,800 Hello world now. 11096 07:24:25,800 --> 07:24:29,531 If we go and submit the solution nothing actually happens 11097 07:24:29,531 --> 07:24:33,100 because we are actually putting in encoded in puts out there. 11098 07:24:33,100 --> 07:24:35,100 It's the Dom that is unencoded. 11099 07:24:36,000 --> 07:24:40,000 Now if we were to actually go in and input in a language 11100 07:24:40,000 --> 07:24:44,200 that the client-side actually understands for example HTML, 11101 07:24:44,200 --> 07:24:46,584 so we immediately get a result. 11102 07:24:46,800 --> 07:24:48,400 So first of all, 11103 07:24:48,400 --> 07:24:51,570 it's going to actually manipulate the inner 11104 07:24:51,570 --> 07:24:53,100 HTML attributes of this site. 11105 07:24:53,100 --> 07:24:56,361 So if we go image and we put a source now, 11106 07:24:56,361 --> 07:24:59,900 let's not give the source anything and on alert 11107 07:25:00,800 --> 07:25:02,800 on are urado on an error. 11108 07:25:03,200 --> 07:25:06,200 We're going to run some simple JavaScript so alert 11109 07:25:07,600 --> 07:25:17,900 And we can say this is an example of dom-based xss. 11110 07:25:19,500 --> 07:25:22,800 Now as soon as I end end the image tag, 11111 07:25:22,800 --> 07:25:25,636 this is going to get done because the client side 11112 07:25:25,636 --> 07:25:28,000 is always rendering the client-side page. 11113 07:25:28,000 --> 07:25:29,900 So watch this. 11114 07:25:34,100 --> 07:25:36,869 Sorry, I think I miss type somewhere. 11115 07:25:37,900 --> 07:25:40,600 Let's go again so image. 11116 07:25:44,100 --> 07:25:47,700 Unless you something I've already used and you can see 11117 07:25:47,700 --> 07:25:49,600 that it says hacked and out. 11118 07:25:49,600 --> 07:25:52,500 He'll we've not even press submit solution. 11119 07:25:53,300 --> 07:25:54,726 So out here you can see 11120 07:25:54,726 --> 07:25:58,000 that as soon as we completed it is again saying hacked so 11121 07:25:58,000 --> 07:26:00,300 that means as soon as you complete the query or 11122 07:26:00,300 --> 07:26:02,600 the client-side HTML language, 11123 07:26:02,600 --> 07:26:04,206 so that will completely 11124 07:26:04,206 --> 07:26:07,000 trigger the cross-eyed payload image tag. 11125 07:26:07,000 --> 07:26:08,431 This is going to get run 11126 07:26:08,431 --> 07:26:10,902 because the client side is always rendering 11127 07:26:10,902 --> 07:26:12,300 the client-side page. 11128 07:26:12,300 --> 07:26:14,100 So watch this. 11129 07:26:18,200 --> 07:26:19,000 I'm sorry. 11130 07:26:19,000 --> 07:26:21,100 I think I miss type somewhere. 11131 07:26:22,100 --> 07:26:24,900 Let's go again so image. 11132 07:26:28,300 --> 07:26:32,166 Okay, let's use something I've already used and you can see 11133 07:26:32,166 --> 07:26:34,300 that it says hacked and out here. 11134 07:26:34,300 --> 07:26:36,800 We've not even press submit solution. 11135 07:26:37,600 --> 07:26:39,066 So out here you can see 11136 07:26:39,066 --> 07:26:41,800 that as soon as we completed it is again saying 11137 07:26:41,800 --> 07:26:44,500 that so that means as soon as you complete the query or 11138 07:26:44,500 --> 07:26:46,807 the client-side HTML language, 11139 07:26:46,911 --> 07:26:50,988 so that will completely trigger the cross-eyed payload 11140 07:26:55,600 --> 07:26:56,815 firstly let's go 11141 07:26:56,815 --> 07:27:01,300 or what does and DDOS means now to understand a DDOS attack. 11142 07:27:01,300 --> 07:27:05,000 It is essential to understand the fundamentals of a Dos attack 11143 07:27:05,000 --> 07:27:07,600 does simply stands for denial of service? 11144 07:27:07,600 --> 07:27:10,400 The service could be of any kind for example, 11145 07:27:10,400 --> 07:27:12,700 imagine your mother confiscate your cellphone 11146 07:27:12,700 --> 07:27:15,400 when you are preparing for your exams to help you study 11147 07:27:15,400 --> 07:27:16,968 without any sort of distraction 11148 07:27:16,968 --> 07:27:19,700 while the intentions of your model is truly out of care 11149 07:27:19,700 --> 07:27:22,528 and concern you are being denied the service of calling 11150 07:27:22,528 --> 07:27:25,244 and any other service offered by your cell phone now 11151 07:27:25,244 --> 07:27:27,800 with respect to a computer and computer networks. 11152 07:27:27,800 --> 07:27:29,800 A denial of service could be in the form 11153 07:27:29,800 --> 07:27:32,500 of hijacking web servers overloading ports, 11154 07:27:32,500 --> 07:27:33,893 which request rendering 11155 07:27:33,893 --> 07:27:36,659 them unusable the dying Wireless authentication 11156 07:27:36,659 --> 07:27:38,423 and eyeing any sort of service 11157 07:27:38,423 --> 07:27:40,500 that is provided on the internet attacks 11158 07:27:40,500 --> 07:27:43,100 of such intent can be performed from a single machine 11159 07:27:43,100 --> 07:27:45,909 while single machine attacks are much easier to execute 11160 07:27:45,909 --> 07:27:47,497 and monitor their also easy 11161 07:27:47,497 --> 07:27:49,900 to detect and mitigate to solve this issue. 11162 07:27:49,900 --> 07:27:52,900 The attack could be executed from multiple devices spread 11163 07:27:52,900 --> 07:27:54,017 across a wide area. 11164 07:27:54,017 --> 07:27:57,000 Not only does this make it difficult to stop the attack 11165 07:27:57,000 --> 07:27:59,671 but it also becomes near impossible to point out. 11166 07:27:59,671 --> 07:28:02,900 The main culprit such attacks are called distributed denial 11167 07:28:02,900 --> 07:28:04,900 of service or DDOS attacks. 11168 07:28:04,900 --> 07:28:08,200 Now, let us see how they work the main idea of a U.s. 11169 07:28:08,200 --> 07:28:09,304 Attack as explained 11170 07:28:09,304 --> 07:28:12,700 is making a certain service unavailable since everything 11171 07:28:12,700 --> 07:28:15,700 that is attacked is in reality running on a machine. 11172 07:28:15,700 --> 07:28:17,600 The service can be made available. 11173 07:28:17,600 --> 07:28:20,400 If the performance of the machine can be brought down. 11174 07:28:20,400 --> 07:28:23,800 This is the fundamental behind dose and DDOS attacks. 11175 07:28:23,800 --> 07:28:26,656 Now some dos attacks are executed by flooding servers 11176 07:28:26,656 --> 07:28:28,068 with connection requests 11177 07:28:28,068 --> 07:28:29,787 until the server is overloaded 11178 07:28:29,787 --> 07:28:32,787 and is deemed useless others are executed by sending 11179 07:28:32,787 --> 07:28:34,511 unfragmented packets to a server 11180 07:28:34,511 --> 07:28:37,100 which they are unable to handle these methods 11181 07:28:37,100 --> 07:28:38,500 when Muted by a botnet 11182 07:28:38,500 --> 07:28:40,600 exponentially increase the amount of damage 11183 07:28:40,600 --> 07:28:41,644 that they are doing 11184 07:28:41,644 --> 07:28:44,288 and their difficulty to mitigate increases in Leaps 11185 07:28:44,288 --> 07:28:47,700 and Bounds to understand more about how these attacks work. 11186 07:28:47,700 --> 07:28:50,166 Let us look at the different types of attacks. 11187 07:28:50,166 --> 07:28:53,372 Now while there are plenty of ways to perform a DDOS attack. 11188 07:28:53,372 --> 07:28:55,700 I'll be listing down the more famous ones. 11189 07:28:55,700 --> 07:28:58,891 These methodologies have become famous due to their success rate 11190 07:28:58,891 --> 07:29:00,984 and the Damage they have caused over time. 11191 07:29:00,984 --> 07:29:03,434 It is important to note that with the advancement 11192 07:29:03,434 --> 07:29:04,200 and Technology. 11193 07:29:04,200 --> 07:29:06,200 The more creative minds have devised more 11194 07:29:06,200 --> 07:29:07,700 devious ways to perform. 11195 07:29:07,700 --> 07:29:08,500 Dos attacks. 11196 07:29:08,500 --> 07:29:10,382 Now the first type of methodology 11197 07:29:10,382 --> 07:29:13,400 that we are going to discuss is called ping of death now 11198 07:29:13,400 --> 07:29:16,100 according to the TCP IP protocol the maximum size 11199 07:29:16,100 --> 07:29:19,600 of the packet can be 65,535 bytes the Ping 11200 07:29:19,600 --> 07:29:22,029 of death attack exploits this particular fact 11201 07:29:22,029 --> 07:29:23,300 in this type of attack. 11202 07:29:23,300 --> 07:29:24,600 The attacker sends packets 11203 07:29:24,600 --> 07:29:26,502 that are more than the max packet size 11204 07:29:26,502 --> 07:29:28,912 when the packet fragments are added up computers 11205 07:29:28,912 --> 07:29:30,050 generally do not know 11206 07:29:30,050 --> 07:29:32,558 what to do with such packets and end up freezing 11207 07:29:32,558 --> 07:29:34,814 or sometimes crashing entirely then we come 11208 07:29:34,814 --> 07:29:37,533 to reflect on the docks this particular attack. 11209 07:29:37,533 --> 07:29:40,605 Iraq is more often than not used with the help of a botnet. 11210 07:29:40,605 --> 07:29:42,075 The attacker sends a host 11211 07:29:42,075 --> 07:29:44,400 of innocent computers a connection request 11212 07:29:44,400 --> 07:29:47,200 using a botnet which are also called reflectors. 11213 07:29:47,200 --> 07:29:49,750 Now this connection that comes from the botnet looks 11214 07:29:49,750 --> 07:29:52,100 like it comes from the victim and this is done 11215 07:29:52,100 --> 07:29:54,693 by spoofing The Source part in the packet header. 11216 07:29:54,693 --> 07:29:56,600 This makes the host of computers send 11217 07:29:56,600 --> 07:29:58,600 an acknowledgement to the victim computer 11218 07:29:58,600 --> 07:30:00,352 since there are multiple such requests 11219 07:30:00,352 --> 07:30:01,794 from the different computers 11220 07:30:01,794 --> 07:30:04,163 to the same machine this overloads the computer 11221 07:30:04,163 --> 07:30:05,400 and crashes it this type 11222 07:30:05,400 --> 07:30:07,300 of attack is also known as a Smurfette. 11223 07:30:08,000 --> 07:30:11,400 Another type of attack is called mail bomb now mail bomb attacks 11224 07:30:11,400 --> 07:30:13,504 generally attack email servers in this type 11225 07:30:13,504 --> 07:30:16,800 of attack instead of packets oversized emails filled with 11226 07:30:16,800 --> 07:30:19,900 random garbage values are sent to the targeted email server. 11227 07:30:19,900 --> 07:30:21,820 This generally crashes the email server 11228 07:30:21,820 --> 07:30:24,500 due to a sudden spike in load and renders them useless 11229 07:30:24,500 --> 07:30:25,391 until fixed last 11230 07:30:25,391 --> 07:30:27,900 but not the least we have the teardrop attack. 11231 07:30:27,900 --> 07:30:29,310 So in this type of attack, 11232 07:30:29,310 --> 07:30:30,956 the fragmentation offset field 11233 07:30:30,956 --> 07:30:33,391 of a packet is abused one of the fields 11234 07:30:33,391 --> 07:30:36,261 in an IP header is a fragment offset field indicating 11235 07:30:36,261 --> 07:30:38,048 the starting position or offset. 11236 07:30:38,048 --> 07:30:40,577 Of the data contained in a fragmented packet 11237 07:30:40,577 --> 07:30:42,819 relative to the data in the original packet 11238 07:30:42,819 --> 07:30:44,230 if the sum of the offset 11239 07:30:44,230 --> 07:30:46,992 and the size of one fragmented packet differs from that 11240 07:30:46,992 --> 07:30:49,817 of the next fragmented packet the packet overlap now 11241 07:30:49,817 --> 07:30:52,700 when this happens a server vulnerable to teardrop attacks 11242 07:30:52,700 --> 07:30:55,189 is unable to reassemble the packets resulting 11243 07:30:55,189 --> 07:30:57,000 in a denial of service condition. 11244 07:30:57,000 --> 07:30:57,314 Okay. 11245 07:30:57,314 --> 07:31:00,900 So that was all the theoretical portion of this video now, 11246 07:31:00,900 --> 07:31:04,600 it's time to actually perform our very own DDOS attack. 11247 07:31:04,800 --> 07:31:05,147 Okay. 11248 07:31:05,147 --> 07:31:07,871 So now that we finish the theoretical part 11249 07:31:07,871 --> 07:31:09,600 of how DDOS actually works 11250 07:31:09,600 --> 07:31:12,322 and what it actually is but it's different types. 11251 07:31:12,322 --> 07:31:15,000 Let me just give you guys a quick demonstration on 11252 07:31:15,000 --> 07:31:16,866 how you could apply a denial 11253 07:31:16,866 --> 07:31:17,999 of service attack 11254 07:31:17,999 --> 07:31:20,100 on a wireless network anywhere around you 11255 07:31:20,100 --> 07:31:22,150 like this could be somewhere like Starbucks 11256 07:31:22,150 --> 07:31:25,035 where you're sitting or this could be a library also 11257 07:31:25,035 --> 07:31:26,930 or your college institution no matter 11258 07:31:26,930 --> 07:31:29,400 where you're sitting this procedure will work. 11259 07:31:29,400 --> 07:31:33,200 So the first thing we want to do is actually open up a terminal 11260 07:31:33,200 --> 07:31:36,216 as because we were Be doing most of our work 11261 07:31:36,216 --> 07:31:37,901 on a command line basis. 11262 07:31:37,901 --> 07:31:40,447 Now for this particular demonstration. 11263 07:31:40,447 --> 07:31:44,309 We will be actually using two tools first is aircrack-ng, 11264 07:31:44,309 --> 07:31:45,986 which is a suit of tools 11265 07:31:45,986 --> 07:31:49,128 which contains aircrack-ng airmon-ng a replay 11266 07:31:49,128 --> 07:31:50,600 and G and airodump-ng. 11267 07:31:50,600 --> 07:31:53,258 So these are the four tools that come along with it. 11268 07:31:53,258 --> 07:31:54,199 And the second one 11269 07:31:54,199 --> 07:31:56,900 that we'll be using is called Mac change of okay. 11270 07:31:56,900 --> 07:31:59,500 So let me just put my terminal on maximum. 11271 07:31:59,500 --> 07:32:02,798 So you guys can see what I'm actually writing out. 11272 07:32:02,798 --> 07:32:06,500 So first thing we want to do is Actually log in as root. 11273 07:32:06,500 --> 07:32:08,200 So let me just do that quickly 11274 07:32:08,200 --> 07:32:11,100 because we need to login as root because most of the stuff 11275 07:32:11,100 --> 07:32:14,500 that we're going to do right now will need administrator access. 11276 07:32:14,500 --> 07:32:14,766 Now. 11277 07:32:14,766 --> 07:32:17,699 If the first thing we want to do is check out 11278 07:32:17,699 --> 07:32:19,700 our wireless network cards name 11279 07:32:19,700 --> 07:32:22,559 and we can do that easily by typing ifconfig. 11280 07:32:22,559 --> 07:32:23,600 Now, you can see 11281 07:32:23,600 --> 07:32:28,900 that my wireless card is called WL 1 and we get the MAC address 11282 07:32:28,900 --> 07:32:31,300 and we also get the IPv6 dress. 11283 07:32:31,300 --> 07:32:35,553 So that's my wireless network card and we'll Actually setting 11284 07:32:35,553 --> 07:32:37,468 that up in monitor mode now 11285 07:32:37,468 --> 07:32:40,600 before we actually go in to start up our Network 11286 07:32:40,600 --> 07:32:41,885 are in monitor mode. 11287 07:32:41,885 --> 07:32:43,905 Let me just show you how you can install 11288 07:32:43,905 --> 07:32:47,200 the two tools that I just spoke about that is aircrack-ng 11289 07:32:47,200 --> 07:32:48,300 at Mac changer. 11290 07:32:48,300 --> 07:32:50,250 So do install aircrack-ng. 11291 07:32:50,250 --> 07:32:51,919 You can just go app get 11292 07:32:51,919 --> 07:32:56,700 install aircrack-ng hit enter and this should do it for you. 11293 07:32:56,700 --> 07:32:58,578 I already have it installed. 11294 07:32:58,578 --> 07:33:02,000 So it's not going to do much to install mac changer. 11295 07:33:02,000 --> 07:33:04,317 You could just go the same command 11296 07:33:04,317 --> 07:33:06,500 that is zap get install mac changer 11297 07:33:06,700 --> 07:33:08,000 and you can check 11298 07:33:08,000 --> 07:33:11,061 if both the tools have been installed properly 11299 07:33:11,061 --> 07:33:14,700 by opening the manual pages by typing man aircrack-ng 11300 07:33:14,700 --> 07:33:17,200 and this will open up the manual page for you. 11301 07:33:17,200 --> 07:33:20,000 And let's also do the same format to ensure. 11302 07:33:20,000 --> 07:33:22,500 So what we're going to do first is set up 11303 07:33:22,500 --> 07:33:25,300 our network interface card into monitor mode. 11304 07:33:25,400 --> 07:33:26,600 So to do that, 11305 07:33:26,600 --> 07:33:29,300 all we have to do is type ifconfig, 11306 07:33:29,300 --> 07:33:31,399 and we need to put a network interface card down. 11307 07:33:31,399 --> 07:33:31,900 So we go. 11308 07:33:31,900 --> 07:33:35,900 Wlo one down and with the command IW Go mode monitor. 11309 07:33:35,900 --> 07:33:37,100 Don't forget to specify 11310 07:33:37,100 --> 07:33:38,700 the interface that you're working on. 11311 07:33:38,700 --> 07:33:40,848 So IW config WL 1 mode Monitor 11312 07:33:40,848 --> 07:33:44,000 and all you have to do now is put it back up. 11313 07:33:44,000 --> 07:33:47,100 So what we are going to type is ifconfig. 11314 07:33:47,100 --> 07:33:48,100 Wl1 up. 11315 07:33:48,200 --> 07:33:50,971 You can check the mode it will see managed 11316 07:33:50,971 --> 07:33:52,537 if it's monitoring mode. 11317 07:33:52,537 --> 07:33:55,300 So as you guys can see it says mode managed, 11318 07:33:55,300 --> 07:33:58,600 so that's how we're going to go ahead so you can check 11319 07:33:58,600 --> 07:34:00,423 that just for your own purposes 11320 07:34:00,423 --> 07:34:02,200 so we can also check for only. 11321 07:34:02,200 --> 07:34:04,600 Wlo one by specifying the interface. 11322 07:34:04,600 --> 07:34:08,500 Or you could also check the mode only by passing it 11323 07:34:08,500 --> 07:34:11,900 through a pipe function and that is using grep mode. 11324 07:34:12,000 --> 07:34:16,000 So IW config wl1 crap and mold. 11325 07:34:16,400 --> 07:34:18,302 Well mode begin to the capital M. 11326 07:34:18,302 --> 07:34:20,800 So that's how you would probably return it. 11327 07:34:20,900 --> 07:34:22,100 So as you guys can see 11328 07:34:22,100 --> 07:34:24,026 that has returned the mode for us icon 11329 07:34:24,026 --> 07:34:26,468 along with the access point and the frequency. 11330 07:34:26,468 --> 07:34:28,600 Okay, so that was a little fun trivia on 11331 07:34:28,600 --> 07:34:31,500 how you could fetch the mode from a certain command 11332 07:34:31,500 --> 07:34:34,300 that like iwconfig by passing it through a pipe 11333 07:34:34,300 --> 07:34:37,215 and Open your list mode crap basically means grab. 11334 07:34:37,215 --> 07:34:39,862 Okay, so now moving on we will get to the more 11335 07:34:39,862 --> 07:34:42,295 important stuff now so firstly we need to check 11336 07:34:42,295 --> 07:34:43,475 for some sub processes 11337 07:34:43,475 --> 07:34:45,298 that might still be running and 11338 07:34:45,298 --> 07:34:48,600 that right actually interfere with the scanning process. 11339 07:34:48,600 --> 07:34:49,500 So to do that, 11340 07:34:49,500 --> 07:34:51,800 what we do is airmon-ng check 11341 07:34:51,800 --> 07:34:54,700 and then the name of the interface now 11342 07:34:54,700 --> 07:34:57,012 as you guys can see I have the network manager 11343 07:34:57,012 --> 07:34:59,600 that is running out here and we need to kill that first 11344 07:34:59,600 --> 07:35:01,600 and that can be easily done by going kill 11345 07:35:01,600 --> 07:35:02,920 with the PID after that. 11346 07:35:02,920 --> 07:35:04,900 You can run a general command called. 11347 07:35:04,900 --> 07:35:06,700 Old airmon-ng check 11348 07:35:06,700 --> 07:35:10,700 and kill so whatever it finds it will kill it accordingly 11349 07:35:10,700 --> 07:35:13,000 and when it produces no results like this, 11350 07:35:13,000 --> 07:35:14,300 that means you're ready to go 11351 07:35:14,300 --> 07:35:15,900 as there are no sub processes running 11352 07:35:15,900 --> 07:35:17,700 that might actually interfere with us 11353 07:35:17,700 --> 07:35:21,400 can now what we want to do is we want to run a dump scan 11354 07:35:21,400 --> 07:35:23,630 on the network interface card 11355 07:35:23,700 --> 07:35:26,900 and check out all the possible access points 11356 07:35:26,900 --> 07:35:28,500 that are available to us. 11357 07:35:28,500 --> 07:35:31,171 So as you guys can see this produces a bunch 11358 07:35:31,171 --> 07:35:34,600 of access points and they come with their be ssids there. 11359 07:35:34,600 --> 07:35:36,645 So have the power which is the pwr 11360 07:35:36,645 --> 07:35:40,834 that is the power of the signal and let me go down back again. 11361 07:35:40,834 --> 07:35:44,400 So yeah, you can see the beacons you can see the data you can see 11362 07:35:44,400 --> 07:35:48,055 the channels available and what the bssid is. 11363 07:35:48,055 --> 07:35:49,200 It's the Mac ID 11364 07:35:49,200 --> 07:35:52,039 that is actually tied in with the essid 11365 07:35:52,039 --> 07:35:55,700 which basically represents the name of the router. 11366 07:35:55,700 --> 07:35:58,300 Now, what we want to do from here is we want 11367 07:35:58,300 --> 07:36:01,700 to choose which router we want to actually dose. 11368 07:36:01,700 --> 07:36:03,850 Now, the whole process of dosing is actually 11369 07:36:03,850 --> 07:36:06,400 we will continue Sleety authenticate all the devices 11370 07:36:06,400 --> 07:36:07,700 that are connected to it. 11371 07:36:07,700 --> 07:36:10,600 So for now I have chosen Eddie Rekha Wi-Fi to actually 11372 07:36:10,600 --> 07:36:13,638 toss out and once I send it the authentication broadcast, 11373 07:36:13,638 --> 07:36:14,508 it will actually 11374 07:36:14,508 --> 07:36:17,411 the authenticate all the devices that are connected to it. 11375 07:36:17,411 --> 07:36:19,121 Now this the authentication 11376 07:36:19,121 --> 07:36:21,400 is done with a tool called are replay 11377 07:36:21,400 --> 07:36:24,454 which is a part of the aircrack-ng suit of tools. 11378 07:36:24,454 --> 07:36:24,687 Now. 11379 07:36:24,687 --> 07:36:25,505 Let's just see 11380 07:36:25,505 --> 07:36:28,800 how we can use are a play by opening up the help command. 11381 07:36:28,800 --> 07:36:29,600 So we go - - 11382 07:36:29,600 --> 07:36:31,731 help and this opens up the help command for us. 11383 07:36:31,731 --> 07:36:33,497 Now as you guys can see it shows us 11384 07:36:33,497 --> 07:36:34,900 that we can send a D'Orsay. 11385 07:36:34,900 --> 07:36:36,928 Gation message by tapping into - 11386 07:36:36,928 --> 07:36:39,400 0 and then we need to type in the count. 11387 07:36:39,400 --> 07:36:41,464 So what we are going to do is type in - 11388 07:36:41,464 --> 07:36:43,800 0 which will send the DL syndication message 11389 07:36:43,800 --> 07:36:45,700 and now we can dive 1 or 0. 11390 07:36:45,700 --> 07:36:48,738 So 1 will send only one the authentication message 11391 07:36:48,738 --> 07:36:51,716 while 0 will continuously Loop it and send a bunch 11392 07:36:51,716 --> 07:36:53,600 of the authentication messages. 11393 07:36:53,600 --> 07:36:56,100 We are going to say zero because we want to be sure 11394 07:36:56,100 --> 07:36:59,100 that we are the authenticating everybody and we can also 11395 07:36:59,100 --> 07:37:00,636 generally specify the person. 11396 07:37:00,636 --> 07:37:03,246 We also want to specifically the authenticate but for 11397 07:37:03,246 --> 07:37:04,200 this demonstration, 11398 07:37:04,200 --> 07:37:06,900 I'm just Just going to try and the authenticate everybody 11399 07:37:06,900 --> 07:37:07,600 that is there. 11400 07:37:07,600 --> 07:37:09,334 So what we are going to do is 11401 07:37:09,334 --> 07:37:12,500 we are going to copy down the MAC address or the bssid 11402 07:37:12,500 --> 07:37:13,556 as you would know it 11403 07:37:13,556 --> 07:37:16,770 and then we are going to run the authentication message. 11404 07:37:16,770 --> 07:37:19,700 Now as you guys can see Rd authentication message 11405 07:37:19,700 --> 07:37:22,100 is beginning to hunt on Channel Nine. 11406 07:37:22,146 --> 07:37:25,300 Now as you guys know and as I already know 11407 07:37:25,300 --> 07:37:30,800 that our bssid or Mac address is working on Channel 6 now, 11408 07:37:30,800 --> 07:37:34,600 we can easily change the channel that are interface. 11409 07:37:34,600 --> 07:37:38,700 Working on by just going IW config WL 1 and then Channel 11410 07:37:38,700 --> 07:37:40,400 and then specifying the channel 11411 07:37:40,400 --> 07:37:44,200 as you guys can see our chosen router is working on Channel 6. 11412 07:37:44,200 --> 07:37:46,000 So that's exactly what we're going to do. 11413 07:37:46,000 --> 07:37:49,000 Now as you guys can see it immediately starts sending 11414 07:37:49,000 --> 07:37:52,357 the authentication codes to the specified router 11415 07:37:52,357 --> 07:37:55,000 and this will actually make any device 11416 07:37:55,000 --> 07:37:57,732 that is connected to that router almost unusable. 11417 07:37:57,732 --> 07:38:00,968 You might see that you are still connected to the Wi-Fi, 11418 07:38:00,968 --> 07:38:02,553 but try browsing the internet 11419 07:38:02,553 --> 07:38:05,619 with them you will never be able to actually Each any site 11420 07:38:05,619 --> 07:38:06,484 as I'm constantly 11421 07:38:06,484 --> 07:38:08,719 the authenticating your service you will need 11422 07:38:08,719 --> 07:38:10,379 that for a handshake all the time. 11423 07:38:10,379 --> 07:38:13,600 And even if it completes you are suddenly the authenticated again 11424 07:38:13,600 --> 07:38:15,800 because I'm running this thing on a loop. 11425 07:38:15,800 --> 07:38:19,000 Now, you can let this command run for a few moments 11426 07:38:19,000 --> 07:38:22,000 or how much of a time you want to DDOS at guy for well, 11427 07:38:22,000 --> 07:38:23,200 this is not exactly a DDOS 11428 07:38:23,200 --> 07:38:25,200 because you're doing it from one single machine, 11429 07:38:25,200 --> 07:38:28,060 but you can also optimize this code to actually looks 11430 07:38:28,060 --> 07:38:30,700 like it's running from several different machine. 11431 07:38:30,700 --> 07:38:32,397 So let me just show you how to do that. 11432 07:38:32,397 --> 07:38:34,899 We are going to write a script file to actually optimize. 11433 07:38:34,899 --> 07:38:37,299 Is our code lat so this script file 11434 07:38:37,299 --> 07:38:39,400 will actually automate most of the things 11435 07:38:39,400 --> 07:38:41,500 that we just did and also optimize a little 11436 07:38:41,500 --> 07:38:43,800 by changing our Mac address every single time. 11437 07:38:43,800 --> 07:38:46,400 So we become hard to actually point out. 11438 07:38:46,400 --> 07:38:49,000 So the first thing that we want to do is 11439 07:38:49,000 --> 07:38:53,000 we want to put our wireless network card down and maybe 11440 07:38:53,000 --> 07:38:55,300 that's not the first thing that I want to do. 11441 07:38:55,300 --> 07:38:57,200 Just give me a moment to think about this. 11442 07:38:57,200 --> 07:38:59,400 I haven't actually thought this true I'm doing 11443 07:38:59,400 --> 07:39:00,314 this on the Fly. 11444 07:39:00,314 --> 07:39:00,600 Okay. 11445 07:39:00,600 --> 07:39:01,457 So the first thing 11446 07:39:01,457 --> 07:39:03,600 that we're going to do is we're going to start 11447 07:39:03,600 --> 07:39:05,953 a while loop that Is going to continuously run 11448 07:39:05,953 --> 07:39:07,757 until we actually externally stop it. 11449 07:39:07,757 --> 07:39:10,431 So we go while true and then we're going to say do 11450 07:39:10,431 --> 07:39:12,300 and the first thing that we want to do 11451 07:39:12,300 --> 07:39:16,600 is send out the authentication message and we are going 11452 07:39:16,600 --> 07:39:20,900 to send a it around 10 the authentication messages 11453 07:39:21,400 --> 07:39:24,488 and we want to run it on a specific bssid. 11454 07:39:24,488 --> 07:39:27,200 So that is the bssid that had copied. 11455 07:39:27,200 --> 07:39:28,500 So let me just put in that 11456 07:39:28,600 --> 07:39:30,739 and then we just put in the interface 11457 07:39:30,739 --> 07:39:32,504 is it supposed to work on now? 11458 07:39:32,504 --> 07:39:34,857 What we want to do after that is You want 11459 07:39:34,857 --> 07:39:36,300 to change the MAC address 11460 07:39:36,300 --> 07:39:39,420 after we have sent all these 10 packets. 11461 07:39:39,420 --> 07:39:43,676 So what we will need to do is put down our wireless network 11462 07:39:43,676 --> 07:39:46,098 and as already discussed we can do 11463 07:39:46,098 --> 07:39:48,300 that with ifconfig wlan0 down. 11464 07:39:48,300 --> 07:39:52,223 And now what we want to do is change our Mac address 11465 07:39:52,223 --> 07:39:53,023 so we can do 11466 07:39:53,023 --> 07:39:55,800 that with the simple tool that we had installed 11467 07:39:55,800 --> 07:39:58,200 and saying Mac changer - 11468 07:39:58,200 --> 07:40:02,300 are so let me just open up a Quick Tab and show you guys 11469 07:40:02,300 --> 07:40:04,400 how much Ginger actually works. 11470 07:40:04,500 --> 07:40:05,970 Now you can already check 11471 07:40:05,970 --> 07:40:08,900 out my other video called the ethical hacking course, 11472 07:40:08,900 --> 07:40:11,231 which actually covers a lot of topics 11473 07:40:11,231 --> 07:40:14,521 and Mac changer is just one of them and you can check 11474 07:40:14,521 --> 07:40:16,800 how to use it in depth in that video. 11475 07:40:16,800 --> 07:40:19,100 But for now, let me just give you a brief introduction 11476 07:40:19,100 --> 07:40:22,000 how much change it works the Mac changer will basically give you 11477 07:40:22,000 --> 07:40:22,800 a new Mac address 11478 07:40:22,800 --> 07:40:25,650 every time let me just open up the help menu for you guys. 11479 07:40:25,650 --> 07:40:27,515 So as you guys can see these are the options 11480 07:40:27,515 --> 07:40:28,600 that are available to us. 11481 07:40:28,600 --> 07:40:30,600 We can get a random Mac address. 11482 07:40:30,600 --> 07:40:33,700 We can also tell to show our Mac address and we also 11483 07:40:33,700 --> 07:40:35,800 have to specify Interface 11484 07:40:35,800 --> 07:40:38,358 when we want to show us the MAC address now, 11485 07:40:38,358 --> 07:40:40,500 let me just generate new Mac address. 11486 07:40:40,500 --> 07:40:42,800 So you see our chair that interface up 11487 07:40:42,800 --> 07:40:45,270 or insufficient permissions is being shown. 11488 07:40:45,270 --> 07:40:48,800 So this means we always have to put down our interface first. 11489 07:40:48,800 --> 07:40:51,600 So let me just do that quickly ifconfig wlan0 down. 11490 07:40:51,600 --> 07:40:54,800 And now what we want to do is give ourselves a new Mac address 11491 07:40:54,800 --> 07:40:55,700 and boom roasted. 11492 07:40:55,700 --> 07:40:57,250 We already have a new Mac address 11493 07:40:57,250 --> 07:40:59,300 as you guys can see from the new Mac part. 11494 07:40:59,300 --> 07:41:01,900 Now if you put back are in network interface card, 11495 07:41:01,900 --> 07:41:04,424 and then try and show up Mac address again weeks. 11496 07:41:04,424 --> 07:41:06,600 See that our current MAC and are from red. 11497 07:41:06,600 --> 07:41:09,100 Mack are two completely different Mac addresses 11498 07:41:09,100 --> 07:41:12,400 and of current MAC and the new Mac I identical. 11499 07:41:12,400 --> 07:41:14,945 So this is how you can actually generate 11500 07:41:14,945 --> 07:41:18,600 new Mac addresses to spoof your own identity on the while 11501 07:41:18,600 --> 07:41:20,466 and that is very useful in this case 11502 07:41:20,466 --> 07:41:21,400 because the person 11503 07:41:21,400 --> 07:41:24,000 you're attacking will be so confused as to what to do 11504 07:41:24,000 --> 07:41:26,300 because your Mac address is changing every time 11505 07:41:26,300 --> 07:41:27,581 and there's no real solution 11506 07:41:27,581 --> 07:41:29,881 to the situation that you're creating for them. 11507 07:41:29,881 --> 07:41:30,300 At least. 11508 07:41:30,300 --> 07:41:31,752 I don't know of any solution. 11509 07:41:31,752 --> 07:41:33,952 If you do know how to stop this for yourself. 11510 07:41:33,952 --> 07:41:34,682 Please leave it. 11511 07:41:34,682 --> 07:41:36,550 Down in the comment section below and help 11512 07:41:36,550 --> 07:41:37,600 the world a little bit. 11513 07:41:37,600 --> 07:41:37,900 Now. 11514 07:41:37,900 --> 07:41:42,400 We wanted also get to know what our Mac address is every time. 11515 07:41:42,400 --> 07:41:44,800 So let me just type my function 11516 07:41:44,800 --> 07:41:47,300 through the whole thing and let me just try 11517 07:41:47,300 --> 07:41:49,000 and grab the new Mac address. 11518 07:41:49,000 --> 07:41:51,200 So my changer are wl1 11519 07:41:51,200 --> 07:41:54,586 and grab Mark and then we want to put our Rental Car 11520 07:41:54,586 --> 07:41:55,848 in the monitor mode 11521 07:41:55,848 --> 07:41:59,500 and then we also want to put up our network interface card. 11522 07:41:59,500 --> 07:42:01,800 Now, what we want to do out here is optimize it 11523 07:42:01,800 --> 07:42:03,779 so we can be attacking constantly. 11524 07:42:03,779 --> 07:42:05,426 So let us Put a sleep timer. 11525 07:42:05,426 --> 07:42:07,300 So this will make our program sleep 11526 07:42:07,300 --> 07:42:08,967 for a particular amount of time. 11527 07:42:08,967 --> 07:42:11,000 I'm going to make a sleep for 5 seconds. 11528 07:42:11,000 --> 07:42:13,000 So after every 5 seconds, 11529 07:42:13,000 --> 07:42:15,900 it's gonna send that particular bssid. 11530 07:42:15,900 --> 07:42:17,900 Then the authentication messages 11531 07:42:17,900 --> 07:42:20,400 then just going to bring down my interface card. 11532 07:42:20,400 --> 07:42:22,500 It's gonna change my Mac address. 11533 07:42:22,500 --> 07:42:24,668 It's going to put back the interface card 11534 07:42:24,668 --> 07:42:27,300 in the monitor mode and sleep for 5 seconds. 11535 07:42:27,300 --> 07:42:29,400 And then repeat the entire process 11536 07:42:29,600 --> 07:42:31,500 and to end the script. 11537 07:42:31,500 --> 07:42:33,038 Let's just say done. 11538 07:42:33,038 --> 07:42:36,192 So that will denote when Loop is done now. 11539 07:42:36,192 --> 07:42:39,500 Let me just save it Ctrl o control X to exit 11540 07:42:39,500 --> 07:42:40,600 and there we go. 11541 07:42:40,600 --> 07:42:41,300 Okay. 11542 07:42:41,300 --> 07:42:43,800 So first of all to actually run 11543 07:42:43,800 --> 07:42:47,600 this need to give it some more permission. 11544 07:42:47,600 --> 07:42:50,146 So as you guys can see we already have it. 11545 07:42:50,146 --> 07:42:53,139 Let me just put it in a much more readable format. 11546 07:42:53,139 --> 07:42:53,472 Okay. 11547 07:42:53,472 --> 07:42:55,600 So as you guys can see our doors 11548 07:42:55,600 --> 07:42:58,723 does sh doesn't really have execute ability 11549 07:42:58,723 --> 07:43:01,400 so we can do that with command chmod. 11550 07:43:01,400 --> 07:43:03,925 So I'm going to give it some executable permission. 11551 07:43:03,925 --> 07:43:06,400 So chmod One plus X and then the name of the file. 11552 07:43:06,400 --> 07:43:09,542 So this will actually change our dos dos SSH 11553 07:43:09,542 --> 07:43:11,600 into a executable bash script. 11554 07:43:11,600 --> 07:43:11,913 Okay. 11555 07:43:11,913 --> 07:43:14,524 So it seems that we have done some error. 11556 07:43:14,524 --> 07:43:17,200 So let's just go back into our bash script 11557 07:43:17,200 --> 07:43:20,800 and check for the error that we have probably done. 11558 07:43:20,800 --> 07:43:24,400 So now - does a jet d'eau start sh. 11559 07:43:24,900 --> 07:43:25,600 Okay. 11560 07:43:25,600 --> 07:43:27,600 So the thing that I am missing is 11561 07:43:27,600 --> 07:43:29,400 that I forgot - 11562 07:43:29,400 --> 07:43:33,000 A that I'm supposed to put before putting the bssid 11563 07:43:33,000 --> 07:43:36,100 and the are replay Angie part of the code. 11564 07:43:36,100 --> 07:43:38,700 So let me just go ahead and quickly do that. 11565 07:43:38,700 --> 07:43:39,028 Okay. 11566 07:43:39,028 --> 07:43:40,661 So now that that is done. 11567 07:43:40,661 --> 07:43:43,468 Let me just save it and quickly exit and see 11568 07:43:43,468 --> 07:43:45,100 if this thing is working. 11569 07:43:45,900 --> 07:43:46,200 Ok. 11570 07:43:46,200 --> 07:43:50,413 So now we are trying to work out our script 11571 07:43:50,413 --> 07:43:52,400 now you guys should know 11572 07:43:52,400 --> 07:43:55,000 that this Erica Wi-Fi is my company's Wi-Fi 11573 07:43:55,000 --> 07:43:58,300 and I have complete permission to go ahead and do this to them. 11574 07:43:58,300 --> 07:43:58,900 Also. 11575 07:43:58,900 --> 07:44:00,913 My company's Wi-Fi is kind of secure. 11576 07:44:00,913 --> 07:44:02,200 So every time it senses 11577 07:44:02,200 --> 07:44:04,400 that ADI authentication message is being sent. 11578 07:44:04,400 --> 07:44:05,300 I ain't like that. 11579 07:44:05,300 --> 07:44:07,800 It kind of changes the channel that it is working on. 11580 07:44:07,800 --> 07:44:09,862 So these guys are really smart smarter 11581 07:44:09,862 --> 07:44:11,200 than me most of the time 11582 07:44:11,200 --> 07:44:12,759 and this time I'm just going 11583 07:44:12,759 --> 07:44:15,100 to try and force them to work on Channel 6. 11584 07:44:15,100 --> 07:44:17,500 So let me just go ahead and run my script once. 11585 07:44:17,500 --> 07:44:19,100 Okay, so let me just check that. 11586 07:44:19,100 --> 07:44:21,422 They're still working on Channel 6 Yep. 11587 07:44:21,422 --> 07:44:23,500 They're still working on Channel 6. 11588 07:44:23,700 --> 07:44:27,100 Let me just check my script once if it's correctly done 11589 07:44:27,100 --> 07:44:29,200 if I have the perfect Mark ID. 11590 07:44:29,200 --> 07:44:33,200 Let me just copy in the Mac ID just to be sure once again, 11591 07:44:33,200 --> 07:44:34,400 so they go. 11592 07:44:34,400 --> 07:44:35,200 Copied it. 11593 07:44:35,200 --> 07:44:39,066 Let's go into the script and let's face it out. 11594 07:44:39,066 --> 07:44:39,391 Okay. 11595 07:44:39,391 --> 07:44:40,886 So now that that is done 11596 07:44:40,886 --> 07:44:44,000 and we have mac IDs and everything set up properly. 11597 07:44:44,000 --> 07:44:46,700 Let me just show you how to run the script so you go 11598 07:44:46,700 --> 07:44:49,304 Dot and backward slash and then you said - 11599 07:44:49,304 --> 07:44:50,104 does SH now. 11600 07:44:50,104 --> 07:44:52,858 I see that our thing is working on Channel 8. 11601 07:44:52,858 --> 07:44:55,300 So this will definitely not book and say 11602 07:44:55,300 --> 07:44:59,400 that the SSID is not so what we need to do 11603 07:44:59,400 --> 07:45:01,035 as I have showed you guys 11604 07:45:01,035 --> 07:45:04,700 earlier we can go aw config wl1 and change the channel 2. 11605 07:45:04,700 --> 07:45:05,500 Channel 6. 11606 07:45:05,500 --> 07:45:07,800 Oops, I channel to channel it again. 11607 07:45:08,000 --> 07:45:09,266 This will not work. 11608 07:45:09,266 --> 07:45:09,858 I'm sorry. 11609 07:45:09,858 --> 07:45:10,800 That was my bad. 11610 07:45:10,800 --> 07:45:12,900 So now that we have changed it to channel 6, 11611 07:45:12,900 --> 07:45:16,200 you can see that it is sending everything immediately. 11612 07:45:16,200 --> 07:45:16,900 Okay. 11613 07:45:16,900 --> 07:45:20,500 So that is actually running our script very well. 11614 07:45:20,500 --> 07:45:22,700 And as you guys can see the security measures 11615 07:45:22,700 --> 07:45:24,100 are taken by my company. 11616 07:45:24,100 --> 07:45:26,299 It will not always work on Channel 6. 11617 07:45:26,300 --> 07:45:29,757 It will keep rotating now until it finds the safe channel. 11618 07:45:29,757 --> 07:45:32,000 So it really can't find a safe Channel. 11619 07:45:32,000 --> 07:45:35,600 I was always be dosing on Channel 6 and It will run. 11620 07:45:35,600 --> 07:45:39,194 Sometimes it won't run sometimes but mostly with unsecured Wi-Fi 11621 07:45:39,194 --> 07:45:40,900 that is running at your home. 11622 07:45:40,900 --> 07:45:43,900 Mostly this will work a hundred percent times. 11623 07:45:43,900 --> 07:45:45,100 So let me just stop this 11624 07:45:45,100 --> 07:45:46,976 because my company will go mad on me 11625 07:45:46,976 --> 07:45:48,800 if I just keep on dancing them. 11626 07:45:48,800 --> 07:45:51,916 So this brings us to the end of a demonstration. 11627 07:45:51,916 --> 07:45:55,100 This is how you can always toss your neighbors 11628 07:45:55,100 --> 07:45:56,452 if they're annoying you 11629 07:45:56,452 --> 07:45:59,300 but remember if you're caught you could be prosecuted. 11630 07:45:59,300 --> 07:46:01,516 So this was about how the device works 11631 07:46:01,516 --> 07:46:04,141 with DDOS actually is and the different types 11632 07:46:04,141 --> 07:46:07,509 and how you can do one on your own with your own system 11633 07:46:07,509 --> 07:46:08,400 by my company. 11634 07:46:08,400 --> 07:46:12,009 It will not always work on Channel 6 will keep rotating now 11635 07:46:12,009 --> 07:46:14,000 until it finds the safe channel. 11636 07:46:14,000 --> 07:46:16,300 So it really can't find a safe Channel. 11637 07:46:16,300 --> 07:46:17,668 I was always be dosing 11638 07:46:17,668 --> 07:46:21,500 on Channel 6 and it will run sometimes it won't run sometimes 11639 07:46:21,500 --> 07:46:23,411 but mostly with unsecured Wi-Fi 11640 07:46:23,411 --> 07:46:25,200 that is running at your home. 11641 07:46:25,200 --> 07:46:28,200 Mostly this will work a hundred percent times. 11642 07:46:28,200 --> 07:46:29,400 So let me just stop this 11643 07:46:29,400 --> 07:46:31,315 because my company will go mad on me 11644 07:46:31,315 --> 07:46:33,064 if I just keep on dancing them. 11645 07:46:33,064 --> 07:46:34,700 So this brings us to the end. 11646 07:46:34,700 --> 07:46:36,188 To off a demonstration. 11647 07:46:36,188 --> 07:46:39,300 This is how you can always dose your neighbors 11648 07:46:39,300 --> 07:46:40,596 if they're annoying you 11649 07:46:40,596 --> 07:46:43,600 but remember if you're caught you could be prosecuted. 11650 07:46:43,600 --> 07:46:45,867 So this was about how the device Works 11651 07:46:45,867 --> 07:46:47,400 would beat us actually is 11652 07:46:47,400 --> 07:46:50,800 and the different types and how you can do one on your own 11653 07:46:50,800 --> 07:46:52,100 with your own system. 11654 07:46:56,700 --> 07:46:57,484 In early days 11655 07:46:57,484 --> 07:47:00,602 of Internet building websites were straightforward. 11656 07:47:00,602 --> 07:47:02,100 There was no JavaScript. 11657 07:47:02,100 --> 07:47:05,012 No back-end know CSS and very few images 11658 07:47:05,012 --> 07:47:07,700 but as web gained popularity the need 11659 07:47:07,700 --> 07:47:09,645 for more advanced technology 11660 07:47:09,645 --> 07:47:11,800 and dynamic websites group this 11661 07:47:11,800 --> 07:47:15,284 led to development of common Gateway interface or CGI 11662 07:47:15,284 --> 07:47:18,500 as we call it and server-side scripting languages 11663 07:47:18,500 --> 07:47:20,700 like ASP JavaScript PHP 11664 07:47:20,700 --> 07:47:25,508 and many others websites changed and started storing user input 11665 07:47:25,508 --> 07:47:26,800 and site content. 11666 07:47:26,811 --> 07:47:30,700 Databases each and every data field of a website is 11667 07:47:30,700 --> 07:47:34,400 like a gate to database for example in login form. 11668 07:47:34,400 --> 07:47:36,413 The user enters the login data 11669 07:47:36,413 --> 07:47:39,500 and search failed the user enters a search text 11670 07:47:39,500 --> 07:47:43,700 and in data saving form the user enters the data to be saved. 11671 07:47:43,800 --> 07:47:46,800 All this indicate data goes to database. 11672 07:47:46,800 --> 07:47:48,500 So instead of correct data, 11673 07:47:48,500 --> 07:47:52,264 if any malicious code is entered then there are possibilities 11674 07:47:52,264 --> 07:47:55,181 for some serious damage to happen to the database 11675 07:47:55,181 --> 07:47:56,700 and sometimes to the end. 11676 07:47:56,700 --> 07:48:00,467 Fire system and this is what SQL injection is all about. 11677 07:48:00,467 --> 07:48:03,718 I'm sure you've heard of SQL SQL query language 11678 07:48:03,718 --> 07:48:06,900 or SQL is a language which is designed to man, 11679 07:48:06,900 --> 07:48:09,590 you plate and manage data in a database 11680 07:48:09,590 --> 07:48:13,315 SQL injection attack is a type of cybersecurity attack 11681 07:48:13,315 --> 07:48:16,600 that targets these databases using specifically 11682 07:48:16,600 --> 07:48:19,600 crafted SQL statements to trick the systems 11683 07:48:19,600 --> 07:48:22,500 into doing unexpected and undesired things. 11684 07:48:22,500 --> 07:48:23,522 So by leveraging 11685 07:48:23,522 --> 07:48:26,400 an SQL injection vulnerability present in web. 11686 07:48:26,911 --> 07:48:27,800 Or the website 11687 07:48:27,800 --> 07:48:31,000 given the right circumstances an attacker can use it 11688 07:48:31,000 --> 07:48:34,304 to bypass web applications authentication details as 11689 07:48:34,304 --> 07:48:35,600 in if you have login 11690 07:48:35,600 --> 07:48:37,040 and password user can 11691 07:48:37,040 --> 07:48:39,555 or attacker can enter just the user ID. 11692 07:48:39,555 --> 07:48:42,600 Skip the password entry and get into the system 11693 07:48:42,600 --> 07:48:44,900 or it can sometimes retrieve the content 11694 07:48:44,900 --> 07:48:46,338 of an entire database. 11695 07:48:46,338 --> 07:48:50,090 He can also use SQL injection vulnerability to add modify 11696 07:48:50,090 --> 07:48:51,900 and sometime delete records 11697 07:48:51,900 --> 07:48:54,611 in a database affecting data Integrity 11698 07:48:54,611 --> 07:48:56,800 while using this vulnerability. 11699 07:48:56,800 --> 07:49:00,800 Attacker can do unimaginable things this exactly shows 11700 07:49:00,800 --> 07:49:03,300 how dangerous and SQL injection can be now. 11701 07:49:03,300 --> 07:49:06,711 Let's check out how a typical SQL injection is carried out. 11702 07:49:06,711 --> 07:49:09,700 Well, let's start with non-technical explanation guys. 11703 07:49:09,700 --> 07:49:11,288 Have a simple analogy here. 11704 07:49:11,288 --> 07:49:13,000 So first let's go through this. 11705 07:49:13,000 --> 07:49:15,100 Once you understand this you are easily able 11706 07:49:15,100 --> 07:49:18,100 to relate this with what SQL injection attack is. 11707 07:49:18,100 --> 07:49:19,700 So anyway first imagine 11708 07:49:19,700 --> 07:49:21,700 that you have a fully automated bus 11709 07:49:21,700 --> 07:49:22,998 that functions based 11710 07:49:22,998 --> 07:49:26,700 on the instructions given by human through a standard web. 11711 07:49:26,800 --> 07:49:29,500 Well that for might look something like this. 11712 07:49:29,500 --> 07:49:33,459 For example the for might say drive through the route 11713 07:49:33,459 --> 07:49:35,500 and where should the bus stop 11714 07:49:35,500 --> 07:49:38,500 if when should the bus stop this route and 11715 07:49:38,500 --> 07:49:40,887 where should the bus stop and this condition? 11716 07:49:40,887 --> 07:49:43,600 That's when should the bus stop or the user inputs. 11717 07:49:43,600 --> 07:49:46,000 This is where you will have to enter the input 11718 07:49:46,000 --> 07:49:49,000 into the form now after putting some data into the field. 11719 07:49:49,000 --> 07:49:51,700 It looks something like this drive through Route 11720 07:49:51,700 --> 07:49:54,400 77 and stop at the bus stop 11721 07:49:54,400 --> 07:49:56,700 if there are people at the bus stop. 11722 07:49:56,700 --> 07:49:58,700 Well, that looks simple enough, right? 11723 07:49:58,700 --> 07:50:00,500 So basically you're the human 11724 07:50:00,500 --> 07:50:03,200 or the person is trying to give 3 instruction 11725 07:50:03,200 --> 07:50:05,900 that is per should stop at Route 77. 11726 07:50:06,200 --> 07:50:07,700 It should stop at the bus stop 11727 07:50:07,700 --> 07:50:09,880 if there are people at the bus stop. 11728 07:50:09,880 --> 07:50:13,270 Well, that sounds harmless now imagine a scenario 11729 07:50:13,270 --> 07:50:16,193 where someone manages to send these instructions 11730 07:50:16,193 --> 07:50:17,500 which looks something 11731 07:50:17,500 --> 07:50:22,236 like this drive through Route 77 and do not stop at the bus stop 11732 07:50:22,236 --> 07:50:24,158 and ignore rest of the firm 11733 07:50:24,158 --> 07:50:26,651 if there are people at the bus stop. 11734 07:50:26,651 --> 07:50:29,500 And now since the bus is fully automated. 11735 07:50:29,500 --> 07:50:31,807 It does exactly as instructed. 11736 07:50:31,807 --> 07:50:35,000 It drives up Route 77 and does not stop 11737 07:50:35,000 --> 07:50:38,600 at any bus stop even when there are people waited 11738 07:50:38,600 --> 07:50:42,693 because the instruction says do not stop at the bus stop 11739 07:50:42,693 --> 07:50:44,900 and ignore the rest of the form. 11740 07:50:44,900 --> 07:50:46,244 So this part which is 11741 07:50:46,244 --> 07:50:49,200 if there are people at the bus stop is ignored 11742 07:50:49,200 --> 07:50:50,788 we were able to do this 11743 07:50:50,788 --> 07:50:52,617 because the query structure 11744 07:50:52,617 --> 07:50:55,900 and the supplied data are not separated properly 11745 07:50:55,900 --> 07:50:58,388 so that Automated bus does not differentiate 11746 07:50:58,388 --> 07:50:59,800 between the instructions 11747 07:50:59,800 --> 07:51:03,243 and the data it simply does anything that it is fed 11748 07:51:03,243 --> 07:51:07,100 with are asked to do well SQL injection attacks are based 11749 07:51:07,100 --> 07:51:09,033 on the same concept attackers 11750 07:51:09,033 --> 07:51:11,700 are able to inject malicious instructions 11751 07:51:11,700 --> 07:51:15,441 into good ones all of which are then sent to database server 11752 07:51:15,441 --> 07:51:16,900 through web application 11753 07:51:16,900 --> 07:51:20,105 and now the technical explanation and SQL injection 11754 07:51:20,105 --> 07:51:21,900 needs to conditions to exist 11755 07:51:21,900 --> 07:51:26,200 which is a relational database that uses SQL and a user. 11756 07:51:26,400 --> 07:51:29,660 And put which is directly used in an SQL query. 11757 07:51:29,660 --> 07:51:32,000 Let's say we have an SQL statement 11758 07:51:32,000 --> 07:51:33,733 a simple SQL statement. 11759 07:51:33,733 --> 07:51:36,900 This statement says select from table users 11760 07:51:36,900 --> 07:51:39,600 where username is so-and-so and password is so 11761 07:51:39,600 --> 07:51:42,300 and so basically you can think of it as a code 11762 07:51:42,300 --> 07:51:43,300 for a login form. 11763 07:51:43,300 --> 07:51:45,045 It's asking for the username 11764 07:51:45,045 --> 07:51:47,280 and the password this SQL statement 11765 07:51:47,280 --> 07:51:48,697 is passed to a function 11766 07:51:48,697 --> 07:51:51,630 that sends the entire string to Connected database 11767 07:51:51,630 --> 07:51:55,400 where it will be passed executed and returns a result at the end 11768 07:51:55,400 --> 07:51:57,867 if you have noticed First the statement contains 11769 07:51:57,867 --> 07:51:59,579 some special characters, right? 11770 07:51:59,579 --> 07:52:01,900 We have asked her to return all the columns 11771 07:52:01,900 --> 07:52:03,549 for selected database row 11772 07:52:03,549 --> 07:52:06,651 and then there is equals to only riddance values 11773 07:52:06,651 --> 07:52:08,500 that match the search string 11774 07:52:08,500 --> 07:52:11,038 and then we have single quote here 11775 07:52:11,038 --> 07:52:13,261 and here to tell the SQL database 11776 07:52:13,261 --> 07:52:15,900 where the search string starts or ends. 11777 07:52:15,900 --> 07:52:16,862 So for user you 11778 07:52:16,862 --> 07:52:20,248 have starting here and in here and for password here, 11779 07:52:20,248 --> 07:52:23,700 so basically a pair now consider the following example 11780 07:52:23,700 --> 07:52:28,100 in which a website user is able to change the Use of this user 11781 07:52:28,200 --> 07:52:31,000 and password such as n log in form. 11782 07:52:31,200 --> 07:52:34,365 So if the values are put into user and password, 11783 07:52:34,365 --> 07:52:36,587 it looks something like this select 11784 07:52:36,587 --> 07:52:37,672 from users table. 11785 07:52:37,672 --> 07:52:40,800 The user name is Dean and password as Winchester's 11786 07:52:40,800 --> 07:52:43,133 and the SQL statement is simple enough. 11787 07:52:43,133 --> 07:52:44,190 It's very direct. 11788 07:52:44,190 --> 07:52:47,900 So if there is a user called Dean with password Winchester's 11789 07:52:47,900 --> 07:52:49,221 then all the columns 11790 07:52:49,221 --> 07:52:51,800 of table users are extracted now suppose 11791 07:52:51,800 --> 07:52:55,700 if the input is not properly sanitized by the web application 11792 07:52:55,700 --> 07:52:59,900 the attacker Can easily insert some malicious SQL statement 11793 07:52:59,900 --> 07:53:02,715 like this the username might be Dean 11794 07:53:02,715 --> 07:53:04,100 or 1 is equal to 1 11795 07:53:04,100 --> 07:53:08,100 and then you have double hyphen followed by password is equal 11796 07:53:08,100 --> 07:53:12,094 to Winchester's so basically along with the data the user 11797 07:53:12,094 --> 07:53:14,372 or the attacker has tried to enter 11798 07:53:14,372 --> 07:53:18,100 a malicious SQL statement disguising it as a data here. 11799 07:53:18,100 --> 07:53:20,600 So guys, you need to notice two things here. 11800 07:53:20,600 --> 07:53:24,400 First one we have or 1 is equal to 1 it's a condition 11801 07:53:24,400 --> 07:53:26,518 that will always be true therefore. 11802 07:53:26,518 --> 07:53:29,279 It is accepted as a valid input by application. 11803 07:53:29,279 --> 07:53:31,800 For example, if Dean is not a valid user or 11804 07:53:31,800 --> 07:53:33,441 if there is no user called Dean 11805 07:53:33,441 --> 07:53:36,600 in the database application would consider the next value 11806 07:53:36,600 --> 07:53:37,900 because there is or in 11807 07:53:37,900 --> 07:53:40,400 between our next value is 1 is equal to 1 11808 07:53:40,400 --> 07:53:42,084 which always returns true. 11809 07:53:42,084 --> 07:53:46,100 So basically our input will be something like this Dean or true 11810 07:53:46,100 --> 07:53:49,600 and if there is no user called Dean the next input will be true 11811 07:53:49,600 --> 07:53:51,898 and it will be taken as an input value 11812 07:53:51,898 --> 07:53:53,700 and values will be displayed. 11813 07:53:53,700 --> 07:53:56,300 So the next part which has double - 11814 07:53:56,300 --> 07:53:58,400 I'm sure you know what double - 11815 07:53:58,400 --> 07:53:59,457 represents Droid. 11816 07:53:59,457 --> 07:54:02,932 Basically, it's commenting the next part of the SQL query. 11817 07:54:02,932 --> 07:54:04,700 So it instruct the SQL passer 11818 07:54:04,700 --> 07:54:06,900 that the rest of the line is a comment 11819 07:54:06,900 --> 07:54:08,600 and should not be executed. 11820 07:54:08,600 --> 07:54:11,800 So the part that's password part will be ignored. 11821 07:54:11,800 --> 07:54:14,600 So basically what we're trying to do is we're trying 11822 07:54:14,600 --> 07:54:17,070 to bypass the password authentication here. 11823 07:54:17,070 --> 07:54:19,964 So once the query executes the SQL injection effectively 11824 07:54:19,964 --> 07:54:22,100 removes the password verification resulting 11825 07:54:22,100 --> 07:54:24,700 in an authentication bypass by using double life, 11826 07:54:24,700 --> 07:54:26,600 and we're commenting rest of the comment. 11827 07:54:26,600 --> 07:54:28,600 And before that using one is equal to one 11828 07:54:28,600 --> 07:54:30,500 which is translated to true. 11829 07:54:30,500 --> 07:54:33,000 We are trying to enter the database without even 11830 07:54:33,000 --> 07:54:34,400 giving an invalid value. 11831 07:54:34,400 --> 07:54:37,100 So the application will most likely log the attacker in 11832 07:54:37,100 --> 07:54:39,300 with the first account from the query result. 11833 07:54:39,300 --> 07:54:41,800 And as you guys know most of the time the first account 11834 07:54:41,800 --> 07:54:42,667 in a database is 11835 07:54:42,667 --> 07:54:45,973 that if an administrative user so basically by doing nothing 11836 07:54:45,973 --> 07:54:48,258 or basically by giving some random data here 11837 07:54:48,258 --> 07:54:51,199 the attacker was able to extract the admin details, 11838 07:54:51,200 --> 07:54:52,938 it sounds very dangerous, right? 11839 07:54:52,938 --> 07:54:55,600 So that's all an SQL injection attack is all about 900782