Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,760 --> 00:00:07,210
Now, before we dive into the course content, I'd like to give you a teaser or a taste of what you'll
2
00:00:07,210 --> 00:00:10,000
be able to do by the end of the course.
3
00:00:10,840 --> 00:00:17,740
Now, usually in my teaser lectures, I'd give one example to show students what they'll be able to
4
00:00:17,740 --> 00:00:19,690
do once done with the course.
5
00:00:19,900 --> 00:00:25,420
But in this course, you're going to learn so many cool things, and we're going to build more than
6
00:00:25,420 --> 00:00:27,490
20 hacking tools.
7
00:00:27,490 --> 00:00:32,650
So it's unfair, and it's really hard for me to pick only one example.
8
00:00:33,580 --> 00:00:40,060
Therefore, instead, I'm going to show you three examples taken from the three main sections of the
9
00:00:40,060 --> 00:00:40,720
course.
10
00:00:41,290 --> 00:00:47,170
Now, keep in mind each one of these sections is divided into a number of subsections.
11
00:00:47,320 --> 00:00:53,740
So these examples are only a small fraction of what you'll be able to do once done with the course.
12
00:00:53,740 --> 00:01:00,670
But I think they'll work really well to give you a taste of what you'll be able to achieve once done.
13
00:01:01,390 --> 00:01:06,420
Now, since this is just a teaser, don't worry about how these programs work.
14
00:01:06,430 --> 00:01:10,150
We will cover how to write these programs in details.
15
00:01:10,570 --> 00:01:14,920
So for now, just sit back, watch the lecture and enjoy it.
16
00:01:14,920 --> 00:01:20,740
And then once you start the course, you will learn how to write all of these programs and much, much
17
00:01:20,740 --> 00:01:21,370
more.
18
00:01:22,690 --> 00:01:26,680
In the first example, I'm going to use two programs.
19
00:01:27,070 --> 00:01:35,320
The first one will allow us to intercept data sent or received by any computer on the same network.
20
00:01:36,200 --> 00:01:44,060
The second one will read this data and filter it to show us usernames, passwords, visited URLs and
21
00:01:44,060 --> 00:01:44,840
so on.
22
00:01:44,870 --> 00:01:50,540
We're going to write these programs ourselves from scratch later on in the course.
23
00:01:51,500 --> 00:01:54,950
Now these programs are running on my hacker machine.
24
00:01:54,950 --> 00:02:01,670
So let's go to the target machine and try to generate some traffic and maybe log in to a service.
25
00:02:01,940 --> 00:02:06,260
I'm going to go to Hotmail dot com and let's try to sign in.
26
00:02:06,260 --> 00:02:11,180
So I'm going to click on sign in and I'm just going to put some sample information.
27
00:02:11,180 --> 00:02:17,060
So I'm going to put a username and the sample password and I'm going to hit enter.
28
00:02:17,860 --> 00:02:24,610
And now if we go back to the hacker machine, you can see that first of all, I can see all the requests,
29
00:02:24,610 --> 00:02:31,450
I can see all the websites they're visiting, and I can also see the username and password that they
30
00:02:31,450 --> 00:02:32,560
logged in with.
31
00:02:32,590 --> 00:02:39,700
So I can see the username was 822 at Hotmail dot com and I can see the password was one, two, three,
32
00:02:39,700 --> 00:02:40,930
four, five, six.
33
00:02:42,770 --> 00:02:46,610
The second example that I'm going to show you is a backdoor.
34
00:02:47,000 --> 00:02:54,320
A backdoor is a program that when executed on a system, it allows us to remotely control that system.
35
00:02:54,320 --> 00:02:57,740
So basically hack it and gain full control over it.
36
00:02:58,450 --> 00:03:04,030
Now, just like all the other tools, we're going to program this from scratch, and I'm going to show
37
00:03:04,030 --> 00:03:10,600
you how to write this in a generic way so that you can use the information you learn here in many scenarios.
38
00:03:10,600 --> 00:03:15,490
For example, you'll be able to write a web server, a chat program, and so on.
39
00:03:16,950 --> 00:03:17,850
Now, right here.
40
00:03:17,850 --> 00:03:19,680
I'm already at the hacker machine.
41
00:03:19,680 --> 00:03:24,390
And as you can see, it's already listening and waiting for incoming connections.
42
00:03:25,140 --> 00:03:30,480
Once the backdoor gets executed on a computer, we will get a connection.
43
00:03:30,480 --> 00:03:37,800
As you can see here, once we have the connection, we'll be able to use all the features implemented
44
00:03:37,800 --> 00:03:41,490
in this backdoor which we're going to implement ourselves.
45
00:03:41,970 --> 00:03:44,790
So first of all, I have file system access.
46
00:03:44,790 --> 00:03:49,980
So if I do the it will show me my current working directory.
47
00:03:49,980 --> 00:03:53,760
And as you can see, I'm in users Z downloads.
48
00:03:54,210 --> 00:03:58,590
That's basically because the backdoor is actually stored in this location.
49
00:03:59,560 --> 00:04:07,930
So I can do c d dot dot to go back one directory and if I do KD now to see where am I?
50
00:04:07,960 --> 00:04:14,110
You can see I'm in Z and we can also execute all system commands.
51
00:04:14,200 --> 00:04:18,480
And keep in mind this factor works on all operating systems.
52
00:04:18,490 --> 00:04:25,030
It works on Linux, Windows and OS X, so you can use the system commands of your target and they will
53
00:04:25,030 --> 00:04:26,320
work by default.
54
00:04:26,680 --> 00:04:28,720
So right now my target is Windows.
55
00:04:28,720 --> 00:04:32,320
So if I wanted to list the directories, I can do it there.
56
00:04:32,680 --> 00:04:38,770
And as you can see, I get a list of all the files and directories in the current working directory.
57
00:04:39,520 --> 00:04:44,020
Now I can go back in downloads by doing see the downloads.
58
00:04:45,200 --> 00:04:51,260
And if I list again in here, you'll see the files that we have in the downloads, which are the back
59
00:04:51,260 --> 00:04:55,490
door and the GT-R image which I have right here.
60
00:04:57,780 --> 00:05:03,360
Now I also want to highlight a feature that we're going to program, which is the ability to download
61
00:05:03,360 --> 00:05:04,170
files.
62
00:05:05,100 --> 00:05:11,610
So I'm just going to do a download and I'm going to follow it by the file name that I want to download
63
00:05:11,610 --> 00:05:12,720
and it's the image.
64
00:05:12,720 --> 00:05:15,810
So it's got all the jpg.
65
00:05:17,020 --> 00:05:21,160
And as you can see, I'll see it automatically being downloaded in here.
66
00:05:21,160 --> 00:05:26,680
And if we double click this, we have the image intact and we're able to open it.
67
00:05:27,850 --> 00:05:33,250
Now I'm downloading the image just as an example, but it just goes to show you that you'll be able
68
00:05:33,250 --> 00:05:36,520
to download any file from the target system.
69
00:05:37,600 --> 00:05:43,360
You can also upload files, which is really, really useful because you'll be able to upload evil files,
70
00:05:43,360 --> 00:05:45,820
viruses, keyloggers and so on.
71
00:05:46,060 --> 00:05:54,910
And as an example, I'm just going to rename this image to GTR two dot JPG and I'm going to upload it.
72
00:05:57,060 --> 00:06:02,580
So I'm going to do upload G2 or two dot jpg.
73
00:06:04,260 --> 00:06:11,160
Now it's tell me the upload is successful and if we go here again, you can see we have the new image.
74
00:06:12,040 --> 00:06:18,040
Now, if this was an evil file because you're able to execute system commands from the back door, you'll
75
00:06:18,040 --> 00:06:23,710
be able to just call it from here and execute it remotely on the target computer.
76
00:06:25,060 --> 00:06:29,470
The last example that I want to show you is a vulnerability scanner.
77
00:06:30,040 --> 00:06:36,790
This is a program that can automatically discover weaknesses in websites and web applications.
78
00:06:36,790 --> 00:06:40,690
So all you have to do is just give this program a website.
79
00:06:40,690 --> 00:06:47,480
And first of all, it's going to discover all the links and all the pages in the Target website.
80
00:06:47,500 --> 00:06:55,050
Then for each one of these pages, it's going to extract all the parameters and all the forms.
81
00:06:55,060 --> 00:07:03,190
And finally, for each one of these parameters and forms, it's going to submit code to discover vulnerabilities.
82
00:07:03,820 --> 00:07:07,660
Then once it's done, it's going to show me the results.
83
00:07:07,660 --> 00:07:14,710
And as you can see, it was able to discover an XSS vulnerability in here, just like all the other
84
00:07:14,710 --> 00:07:15,370
programs.
85
00:07:15,370 --> 00:07:18,960
We're going to write this from scratch ourselves.
86
00:07:18,970 --> 00:07:21,520
So again, don't worry about how this works.
87
00:07:21,520 --> 00:07:25,780
And don't worry if you don't understand what a vulnerability is and all of that.
88
00:07:25,780 --> 00:07:29,290
We will cover all of this later on in the course.
9404
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.