Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,240 --> 00:00:02,140
Hello everybody and welcome back.
2
00:00:02,740 --> 00:00:08,970
And in the previous editorial we covered some of the basic networking terms which you will need to know
3
00:00:08,970 --> 00:00:15,570
in order to follow up with this course now these are just some of the basic terms not really widely
4
00:00:15,750 --> 00:00:16,530
explained.
5
00:00:16,710 --> 00:00:21,200
If you want to know more about some of those terms that I covered in the previous video you can always
6
00:00:21,210 --> 00:00:24,450
google any of them and just learn more about them.
7
00:00:25,440 --> 00:00:32,610
But in this video we will cover some of the hacking terms that you need to know in order to better understand
8
00:00:32,660 --> 00:00:35,940
what we will be doing in the next lectures.
9
00:00:35,940 --> 00:00:38,450
So I will just write to you.
10
00:00:38,930 --> 00:00:44,460
I will open leaf bed which is basically something like no pet just in minutes in here.
11
00:00:44,550 --> 00:00:47,760
I will write one by one the terms that we cover.
12
00:00:48,120 --> 00:00:54,530
So now the first hacking term which is also beginning process in ethical hacking is called foot printing.
13
00:00:56,550 --> 00:00:59,020
Now you might be asking now what is foot printing.
14
00:00:59,020 --> 00:01:02,250
Well basically it is just the same as it says it is.
15
00:01:02,310 --> 00:01:11,160
It's just um getting as many information about for example a company as you can before you attack them.
16
00:01:11,160 --> 00:01:15,240
Now let's say a client asks you to test his company or his.
17
00:01:15,360 --> 00:01:17,110
Yes his company website.
18
00:01:17,460 --> 00:01:22,570
And you want to you want to get as much information as you can.
19
00:01:22,680 --> 00:01:30,470
Now one of the most common methods for doing that would probably be Google hacking which is basically
20
00:01:30,470 --> 00:01:36,710
just opening Google and searching for files or anything that is uploaded on the Internet which may help
21
00:01:36,710 --> 00:01:39,330
you in further attacks.
22
00:01:39,350 --> 00:01:46,550
There is also a Web site called showdown and the it is basically used to discover vulnerable devices
23
00:01:46,670 --> 00:01:47,950
on the Internet.
24
00:01:48,200 --> 00:01:53,060
You can use that in order to check if any of those devices that belong to the companies vulnerable to
25
00:01:53,150 --> 00:01:56,150
any of the known attacks.
26
00:01:56,150 --> 00:01:58,770
Now we will cover all of those tools.
27
00:01:58,920 --> 00:02:00,200
Uh don't worry.
28
00:02:00,200 --> 00:02:06,150
We will cover that one by one in detail and you will know better what am I talking about.
29
00:02:06,440 --> 00:02:12,200
But also there is one more tool which is I don't I don't think it is that known but it is called harvester.
30
00:02:12,220 --> 00:02:18,410
I'm not sure we haven't installed in the clinics we might have if we don't we will install it.
31
00:02:18,500 --> 00:02:25,700
Uh harvester is basically used for uh gathering the emails for a certain domain.
32
00:02:25,700 --> 00:02:32,940
For example you want together all of the emails that belong to Apple company for example.
33
00:02:33,200 --> 00:02:41,120
You just type the domain name and the harvester will basically automatically go over to Google and there
34
00:02:41,120 --> 00:02:46,580
are a bunch of other options that I will show you but um plainly it will go over to Google and search
35
00:02:46,580 --> 00:02:50,460
for all the e-mails available that that belong to that domain.
36
00:02:51,010 --> 00:02:59,070
So you basically get a list of all the e-mails that belong to a certain company that you're attacking.
37
00:02:59,290 --> 00:03:07,540
Now that is basically foot printing so we will cover that firstly in the one of the next lectures.
38
00:03:07,640 --> 00:03:14,270
Once you finish foot printing then comes the next thing the next process in the process of ethical hacking
39
00:03:14,270 --> 00:03:17,050
which is scanning an enumeration.
40
00:03:17,120 --> 00:03:24,080
So I will just write that out right here scanning and enumeration now for printing basically it gets
41
00:03:24,080 --> 00:03:31,070
you the information without actually testing or without actually attacking the company itself or the
42
00:03:31,090 --> 00:03:33,890
website or whatever it is you are testing.
43
00:03:35,230 --> 00:03:42,890
No scanning basically does is it says it is just scanning the company network for example in order to
44
00:03:42,890 --> 00:03:49,610
discover what versions of software they are running what ports they have open what operating system
45
00:03:49,610 --> 00:03:52,600
are they running on their machines and more and more.
46
00:03:52,670 --> 00:03:57,680
Now you might have heard for this program you probably have if you have any ethical hacking knowledge
47
00:03:57,680 --> 00:04:00,390
from before it is called and map.
48
00:04:00,660 --> 00:04:06,380
Let me just type here and map this is the program that you will cover in details.
49
00:04:06,380 --> 00:04:09,090
It is basically use to scan a network.
50
00:04:09,170 --> 00:04:14,600
You can use it to scan the Web site or an hour range of IP addresses if you want to.
51
00:04:14,990 --> 00:04:21,560
You can discover with it what ports are open on the certain Web site or on a certain machine or on more
52
00:04:21,560 --> 00:04:22,460
machines.
53
00:04:22,460 --> 00:04:26,380
You can also discover what operating system it has.
54
00:04:26,380 --> 00:04:32,810
And it basically just prints you out with bunch of operating systems and it shows the possibility of
55
00:04:32,810 --> 00:04:40,620
having that operating system in percentage it is most likely accurate but there are times when it just
56
00:04:40,620 --> 00:04:46,800
gives you are wrong operating system but knows I didn't have that much.
57
00:04:46,800 --> 00:04:53,030
Now also what an app can do is discover the version of software running on an open port.
58
00:04:53,050 --> 00:04:58,060
So for example you have an edgy DP port open and you're running a website.
59
00:04:58,180 --> 00:05:05,260
The End Method the end up has the ability to discover for example what web server are you running on
60
00:05:05,260 --> 00:05:06,090
that port.
61
00:05:06,250 --> 00:05:12,520
So it might print out a patch it to or anything else that you're running there which basically just
62
00:05:12,520 --> 00:05:18,220
keeps out the banner in order for us to grab it and find out what version you're running.
63
00:05:18,220 --> 00:05:24,280
Now as I said we will cover all of that in the details from now on you just need to know theoretically
64
00:05:24,400 --> 00:05:25,560
what it basically does.
65
00:05:26,320 --> 00:05:29,470
And we will cover it practically later on.
66
00:05:29,470 --> 00:05:34,800
Now the next thing you also need to know is system hacking.
67
00:05:37,090 --> 00:05:43,570
This is a very important part because this is actually the part where we discover a way to enter the
68
00:05:44,140 --> 00:05:50,230
machine for example no system hacking is usually done with back doors backdoor is our program that you
69
00:05:50,230 --> 00:05:56,620
run on our victim P.C. and it basically gives you full access to that P.C. without the victim knowing
70
00:05:56,620 --> 00:06:05,090
that now back doors usually have some of the options such as being able to execute commands on the victim's
71
00:06:05,090 --> 00:06:12,260
P.C. being able to access a microphone the web camera being able to screenshot the screen being able
72
00:06:12,260 --> 00:06:18,800
to upload download files change files and for example upload a key logger which will give us back our
73
00:06:18,800 --> 00:06:28,190
keystrokes that the victim is type again in there on their keyboard basically back doors are detectable.
74
00:06:28,200 --> 00:06:34,560
The ones we will cover in the Intermediate section can be detected because they are mostly widely used
75
00:06:34,710 --> 00:06:37,070
by every ethical hacker ever.
76
00:06:37,380 --> 00:06:44,430
So in the event section will code our own back doors that will be fully undetectable by any antivirus
77
00:06:44,880 --> 00:06:45,420
available
78
00:06:48,260 --> 00:06:49,100
now.
79
00:06:49,120 --> 00:06:53,860
Note the current system hacking we can go on until the malware.
80
00:06:53,950 --> 00:07:02,330
Now you most likely know what varies but basically malware is malicious program now by malicious I mean
81
00:07:02,450 --> 00:07:05,060
it can be any program that does damage to your P.C..
82
00:07:05,060 --> 00:07:14,160
For example let's say you make a program a simple program that just creates files in an infinite loop.
83
00:07:14,240 --> 00:07:17,240
So basically it creates infinite files.
84
00:07:17,300 --> 00:07:22,760
Now that program will most likely make your P.C. crash before you get too close it.
85
00:07:22,880 --> 00:07:31,540
So it is basically our version of a malware since it makes your P.C. crash and it doesn't do any good.
86
00:07:31,690 --> 00:07:32,350
Now.
87
00:07:32,650 --> 00:07:41,040
Most known terms for malware are worms Trojans and viruses will be also coding some of the malware.
88
00:07:41,050 --> 00:07:44,510
But we are not really interested in that for now.
89
00:07:44,620 --> 00:07:52,240
Since those programs really don't have any use except to destroy someone's machine so we wont be covering
90
00:07:52,240 --> 00:07:57,060
that much of malware that will surely go over it.
91
00:07:57,640 --> 00:08:02,900
Now the next thing you want to know is what is sniffing mobs.
92
00:08:02,960 --> 00:08:08,090
Sniff sniff saying Sorry I can type at the moment.
93
00:08:08,510 --> 00:08:16,390
Well basically sniffing is an action where you as it says sniff someone elses packets.
94
00:08:16,390 --> 00:08:22,450
Now you shouldn't be doing that but in some cases in some ethical hacking projects you might need to
95
00:08:22,450 --> 00:08:25,020
do that in order to gather some of the information.
96
00:08:25,060 --> 00:08:31,360
For example a password can be hacked to sniffing for example on a local network.
97
00:08:31,360 --> 00:08:35,390
If you run a man in the middle attack and you sniff others packets.
98
00:08:35,590 --> 00:08:42,450
If someone logs into a to a website that is in G.P.S. you will see their password in plaintext from
99
00:08:43,030 --> 00:08:49,180
the tool that you most likely we will use for sniffing is called Wild shark.
100
00:08:49,180 --> 00:08:55,900
It is a widely known tool and it is used to just basically go over the packets that are going through
101
00:08:55,900 --> 00:09:04,450
your network interface card so now that we covered but sniffing is we can go to social engineering.
102
00:09:06,400 --> 00:09:12,870
No this is something very important as it is most likely to get you into a company or any other machine
103
00:09:12,900 --> 00:09:19,380
or basically to hack anything you want to since in the social engineering attacks you don't really attack
104
00:09:19,470 --> 00:09:23,230
the machine itself as much as you attack the person.
105
00:09:24,160 --> 00:09:31,180
So for example I always say why would you hack a Wi-Fi from a restaurant for example if you can just
106
00:09:31,300 --> 00:09:34,240
ask someone what is the Wi-Fi password.
107
00:09:34,390 --> 00:09:38,960
Now it is a simple simple use of social engineering for example.
108
00:09:39,070 --> 00:09:41,740
Not really that good one but is an example.
109
00:09:41,740 --> 00:09:45,220
So social engineering basically means attacking people.
110
00:09:45,250 --> 00:09:47,600
Now what I mean by attacking people.
111
00:09:47,800 --> 00:09:53,160
Well let's say for example I make a backdoor I called a backdoor.
112
00:09:53,280 --> 00:10:00,000
Now what are the chances of someone opening an executable file that looks suspicious.
113
00:10:00,000 --> 00:10:06,660
Well not big chances but if you for example change the icon of that file to be a picture and you change
114
00:10:06,660 --> 00:10:17,220
the name of that file to be a dot JP JP G or BMG there the chances of someone opening the file increased
115
00:10:17,220 --> 00:10:17,780
drastically
116
00:10:21,540 --> 00:10:26,790
so let's say for example you know something about the person that you want to hack and you just send
117
00:10:26,790 --> 00:10:29,930
them a fake email from someone they know.
118
00:10:29,930 --> 00:10:37,050
And in that email you send basically that picture which is a hidden backdoor and they open the picture
119
00:10:37,380 --> 00:10:45,300
and the backdoor just installs itself deeply in the system without them even knowing that that is basically
120
00:10:45,300 --> 00:10:47,220
what social engineering is.
121
00:10:47,370 --> 00:10:52,860
It is a method of attacking people and not the machine.
122
00:10:52,860 --> 00:10:57,260
Now now that we cover that we can go on to the next step which is denial of service
123
00:11:00,360 --> 00:11:02,990
now denial of service is basically what it says.
124
00:11:03,000 --> 00:11:04,020
It's just you.
125
00:11:04,050 --> 00:11:07,630
It is used to crash someone's Web site or machine.
126
00:11:07,680 --> 00:11:14,310
So basically you send a lot of packets which the website cannot handle and basically just crashes and
127
00:11:14,310 --> 00:11:16,930
nobody else is able to connect to it anymore
128
00:11:20,120 --> 00:11:21,320
in order to perform.
129
00:11:21,350 --> 00:11:24,080
And now it's denial of service attacks.
130
00:11:24,110 --> 00:11:31,040
You will need a bunch of pieces in order to be able to crash anything so you can perform a denial of
131
00:11:31,040 --> 00:11:36,760
service attack with one P.C. you won't be crashing anything because there are not enough packages that
132
00:11:36,770 --> 00:11:41,510
can be sent in order to crash a website for example.
133
00:11:41,510 --> 00:11:46,520
But if you make a command and control center for example and send a bunch of back doors to bunch of
134
00:11:46,520 --> 00:11:52,370
pieces and they all run the same command at the same time which is sending packets to the website they
135
00:11:52,370 --> 00:11:53,900
will be able to crash it.
136
00:11:53,930 --> 00:12:00,080
Now depending on the website some of them are easier to crash and some of them are harder to crash but
137
00:12:00,140 --> 00:12:04,830
you get the basic idea now.
138
00:12:05,790 --> 00:12:11,070
We will cover ask you all and accesses cross-eyed scripting.
139
00:12:11,070 --> 00:12:12,690
Let me just find this exercise.
140
00:12:12,760 --> 00:12:14,790
I'll just type it like here.
141
00:12:14,790 --> 00:12:21,180
Well basically here we exploit the user name input not the user name but any input.
142
00:12:21,210 --> 00:12:30,840
For example the basic example of a Eskil injection would be let's say you have an online shop and someone
143
00:12:30,900 --> 00:12:35,930
didn't filter out the requests that you put in the search bar well enough.
144
00:12:35,940 --> 00:12:43,600
So if you type here a code for example it will be you read website as part of their website code.
145
00:12:44,040 --> 00:12:48,450
So you'll be running code on their Web site and you should not be able to do that.
146
00:12:48,510 --> 00:12:55,890
Now these attacks are only available because of the poor programming of your Web site.
147
00:12:55,890 --> 00:13:03,430
They didn't program it well enough they didn't filter out the user input so that is a skill.
148
00:13:03,550 --> 00:13:08,660
Now we will cover also Wi-Fi hacking in detail.
149
00:13:08,680 --> 00:13:14,830
Now there are a bunch of methods to attack Wi-Fi with the CPE Eugene you whatever you want.
150
00:13:14,920 --> 00:13:21,290
Now most of the courses that I saw did not even cover the attacking of Wi-Fi with cheap you.
151
00:13:21,520 --> 00:13:22,450
I didn't know why.
152
00:13:22,450 --> 00:13:29,170
Because well basically the most common method is would air crack program which hacks or not hacks which
153
00:13:29,560 --> 00:13:31,960
tries to break the password of Wi-Fi.
154
00:13:32,050 --> 00:13:42,980
We see you now the power of the CPO is fast but the power of the your graphics card will be much much
155
00:13:42,980 --> 00:13:52,840
better for hacking Wi-Fi because when you have Wi-Fi you basically get the hashed password and you don't
156
00:13:52,850 --> 00:13:58,100
know you don't see it in plain text and you need the power of our CPO or power of your graphics card
157
00:13:58,160 --> 00:14:06,020
in order to crack that password hash and much faster method is to crack with your graphics card.
158
00:14:06,020 --> 00:14:14,150
We will also cover the attacking of Wi-Fi on an enterprise bar less which will basically use to make
159
00:14:14,630 --> 00:14:20,930
a fake log in page where someone will enter their password for wireless.
160
00:14:20,930 --> 00:14:30,320
We can also make an evil twin which is basically a method where you reproduce the exact the exact same
161
00:14:30,710 --> 00:14:38,180
wireless hotspot and with enough signal available to the victims you can make them connect to your wireless
162
00:14:38,210 --> 00:14:41,510
instead of their wireless their real virus.
163
00:14:41,510 --> 00:14:46,160
So basically just to authenticate everyone from the real wireless and they will automatically connect
164
00:14:46,160 --> 00:14:52,210
back to your wireless and therefore you can watch all of the data that is going through.
165
00:14:52,240 --> 00:14:58,630
And also if they need to log in in order to use the bar less you will catch your day password now we
166
00:14:58,630 --> 00:15:04,370
will also cover mobile hacking in the mostly mobile hacking.
167
00:15:04,400 --> 00:15:12,290
We will cover the android attacks because their mind than and eyes but we will also cover some of the
168
00:15:12,290 --> 00:15:14,960
apple attacks.
169
00:15:15,200 --> 00:15:21,740
For example let's say you make an application which looks like a widget application and you install
170
00:15:21,740 --> 00:15:24,510
it on someone's mobile phone.
171
00:15:24,560 --> 00:15:29,010
You will be able to access all of their messages calls send messages.
172
00:15:29,090 --> 00:15:35,410
You can watch files pictures download upload and all of that without them knowing it.
173
00:15:35,600 --> 00:15:36,620
Now how we do that.
174
00:15:36,680 --> 00:15:42,440
Well basically we need to create something like a backdoor just for the android device for example.
175
00:15:42,470 --> 00:15:50,810
The problem with this method is that they need to click on a certain part which can be suspicious.
176
00:15:50,810 --> 00:15:56,750
I will show you when we get to that but we will try to make that as less suspicious as we can.
177
00:15:56,750 --> 00:16:00,350
Now there is also one more thing we need to cover which is cryptography
178
00:16:02,810 --> 00:16:08,740
well you probably know what cryptography is but that is basically a method of protecting your information
179
00:16:10,040 --> 00:16:10,510
now.
180
00:16:10,520 --> 00:16:14,240
For example you have a passport password hashes.
181
00:16:14,290 --> 00:16:18,080
Now they're hashed for a reason.
182
00:16:18,110 --> 00:16:24,660
So some of the attacks such as sniffing can be used to seed the password and steal it.
183
00:16:24,860 --> 00:16:30,170
You can steal the password but it won't be in the plain text it will be encrypted and you will need
184
00:16:30,170 --> 00:16:31,550
to decrypt it.
185
00:16:31,790 --> 00:16:39,590
And if the password this big and uses numbers letters symbols and all of that it will be very hard for
186
00:16:39,590 --> 00:16:43,660
the attacker to decrypt your password now.
187
00:16:43,680 --> 00:16:49,280
Cryptography is used so that only the use of codes it basically uses coding.
188
00:16:49,320 --> 00:16:56,810
So Tony those for whom the information is intended can read and process it and nobody else can.
189
00:16:56,940 --> 00:17:04,050
We will cover some of the basic cryptography methods but we will only touch it a little bit since cryptography
190
00:17:04,110 --> 00:17:05,820
is of course itself.
191
00:17:05,820 --> 00:17:12,900
It has a lot of stuff to it and we won't be able to cover all of that but we will just barely touch
192
00:17:12,900 --> 00:17:15,860
it in order for you to understand what that is.
193
00:17:17,410 --> 00:17:24,040
So that's about it for these basic terms now as well as the networking terms you can if you want to
194
00:17:24,040 --> 00:17:31,450
search these more search more about these online and read about them to cover all of them theoretically
195
00:17:31,450 --> 00:17:37,350
and practically later on in the intermediate in the Intermediate section.
196
00:17:37,540 --> 00:17:43,870
And basically we will code some of our own tools in the advance section the footprint in part we will
197
00:17:43,870 --> 00:17:44,210
cover.
198
00:17:44,210 --> 00:17:49,630
Now in the beginning section I will show you Google hacking these showdowns website and the harvester
199
00:17:49,640 --> 00:17:50,970
in order to get e-mails.
200
00:17:51,850 --> 00:17:56,100
And until then I hope I hope you have a great day.
201
00:17:56,110 --> 00:17:58,380
And I will see you later.
202
00:17:58,480 --> 00:17:58,720
Bye.
22405
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.