Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,760 --> 00:00:07,210 Now, before we dive into the course content, I'd like to give you a teaser or a taste of what you'll 2 00:00:07,210 --> 00:00:10,000 be able to do by the end of the course. 3 00:00:10,840 --> 00:00:17,740 Now, usually in my teaser lectures, I'd give one example to show students what they'll be able to 4 00:00:17,740 --> 00:00:19,690 do once done with the course. 5 00:00:19,900 --> 00:00:25,420 But in this course, you're going to learn so many cool things, and we're going to build more than 6 00:00:25,420 --> 00:00:27,490 20 hacking tools. 7 00:00:27,490 --> 00:00:32,650 So it's unfair, and it's really hard for me to pick only one example. 8 00:00:33,580 --> 00:00:40,060 Therefore, instead, I'm going to show you three examples taken from the three main sections of the 9 00:00:40,060 --> 00:00:40,720 course. 10 00:00:41,290 --> 00:00:47,170 Now, keep in mind each one of these sections is divided into a number of subsections. 11 00:00:47,320 --> 00:00:53,740 So these examples are only a small fraction of what you'll be able to do once done with the course. 12 00:00:53,740 --> 00:01:00,670 But I think they'll work really well to give you a taste of what you'll be able to achieve once done. 13 00:01:01,390 --> 00:01:06,420 Now, since this is just a teaser, don't worry about how these programs work. 14 00:01:06,430 --> 00:01:10,150 We will cover how to write these programs in details. 15 00:01:10,570 --> 00:01:14,920 So for now, just sit back, watch the lecture and enjoy it. 16 00:01:14,920 --> 00:01:20,740 And then once you start the course, you will learn how to write all of these programs and much, much 17 00:01:20,740 --> 00:01:21,370 more. 18 00:01:22,690 --> 00:01:26,680 In the first example, I'm going to use two programs. 19 00:01:27,070 --> 00:01:35,320 The first one will allow us to intercept data sent or received by any computer on the same network. 20 00:01:36,200 --> 00:01:44,060 The second one will read this data and filter it to show us usernames, passwords, visited URLs and 21 00:01:44,060 --> 00:01:44,840 so on. 22 00:01:44,870 --> 00:01:50,540 We're going to write these programs ourselves from scratch later on in the course. 23 00:01:51,500 --> 00:01:54,950 Now these programs are running on my hacker machine. 24 00:01:54,950 --> 00:02:01,670 So let's go to the target machine and try to generate some traffic and maybe log in to a service. 25 00:02:01,940 --> 00:02:06,260 I'm going to go to Hotmail dot com and let's try to sign in. 26 00:02:06,260 --> 00:02:11,180 So I'm going to click on sign in and I'm just going to put some sample information. 27 00:02:11,180 --> 00:02:17,060 So I'm going to put a username and the sample password and I'm going to hit enter. 28 00:02:17,860 --> 00:02:24,610 And now if we go back to the hacker machine, you can see that first of all, I can see all the requests, 29 00:02:24,610 --> 00:02:31,450 I can see all the websites they're visiting, and I can also see the username and password that they 30 00:02:31,450 --> 00:02:32,560 logged in with. 31 00:02:32,590 --> 00:02:39,700 So I can see the username was 822 at Hotmail dot com and I can see the password was one, two, three, 32 00:02:39,700 --> 00:02:40,930 four, five, six. 33 00:02:42,770 --> 00:02:46,610 The second example that I'm going to show you is a backdoor. 34 00:02:47,000 --> 00:02:54,320 A backdoor is a program that when executed on a system, it allows us to remotely control that system. 35 00:02:54,320 --> 00:02:57,740 So basically hack it and gain full control over it. 36 00:02:58,450 --> 00:03:04,030 Now, just like all the other tools, we're going to program this from scratch, and I'm going to show 37 00:03:04,030 --> 00:03:10,600 you how to write this in a generic way so that you can use the information you learn here in many scenarios. 38 00:03:10,600 --> 00:03:15,490 For example, you'll be able to write a web server, a chat program, and so on. 39 00:03:16,950 --> 00:03:17,850 Now, right here. 40 00:03:17,850 --> 00:03:19,680 I'm already at the hacker machine. 41 00:03:19,680 --> 00:03:24,390 And as you can see, it's already listening and waiting for incoming connections. 42 00:03:25,140 --> 00:03:30,480 Once the backdoor gets executed on a computer, we will get a connection. 43 00:03:30,480 --> 00:03:37,800 As you can see here, once we have the connection, we'll be able to use all the features implemented 44 00:03:37,800 --> 00:03:41,490 in this backdoor which we're going to implement ourselves. 45 00:03:41,970 --> 00:03:44,790 So first of all, I have file system access. 46 00:03:44,790 --> 00:03:49,980 So if I do the it will show me my current working directory. 47 00:03:49,980 --> 00:03:53,760 And as you can see, I'm in users Z downloads. 48 00:03:54,210 --> 00:03:58,590 That's basically because the backdoor is actually stored in this location. 49 00:03:59,560 --> 00:04:07,930 So I can do c d dot dot to go back one directory and if I do KD now to see where am I? 50 00:04:07,960 --> 00:04:14,110 You can see I'm in Z and we can also execute all system commands. 51 00:04:14,200 --> 00:04:18,480 And keep in mind this factor works on all operating systems. 52 00:04:18,490 --> 00:04:25,030 It works on Linux, Windows and OS X, so you can use the system commands of your target and they will 53 00:04:25,030 --> 00:04:26,320 work by default. 54 00:04:26,680 --> 00:04:28,720 So right now my target is Windows. 55 00:04:28,720 --> 00:04:32,320 So if I wanted to list the directories, I can do it there. 56 00:04:32,680 --> 00:04:38,770 And as you can see, I get a list of all the files and directories in the current working directory. 57 00:04:39,520 --> 00:04:44,020 Now I can go back in downloads by doing see the downloads. 58 00:04:45,200 --> 00:04:51,260 And if I list again in here, you'll see the files that we have in the downloads, which are the back 59 00:04:51,260 --> 00:04:55,490 door and the GT-R image which I have right here. 60 00:04:57,780 --> 00:05:03,360 Now I also want to highlight a feature that we're going to program, which is the ability to download 61 00:05:03,360 --> 00:05:04,170 files. 62 00:05:05,100 --> 00:05:11,610 So I'm just going to do a download and I'm going to follow it by the file name that I want to download 63 00:05:11,610 --> 00:05:12,720 and it's the image. 64 00:05:12,720 --> 00:05:15,810 So it's got all the jpg. 65 00:05:17,020 --> 00:05:21,160 And as you can see, I'll see it automatically being downloaded in here. 66 00:05:21,160 --> 00:05:26,680 And if we double click this, we have the image intact and we're able to open it. 67 00:05:27,850 --> 00:05:33,250 Now I'm downloading the image just as an example, but it just goes to show you that you'll be able 68 00:05:33,250 --> 00:05:36,520 to download any file from the target system. 69 00:05:37,600 --> 00:05:43,360 You can also upload files, which is really, really useful because you'll be able to upload evil files, 70 00:05:43,360 --> 00:05:45,820 viruses, keyloggers and so on. 71 00:05:46,060 --> 00:05:54,910 And as an example, I'm just going to rename this image to GTR two dot JPG and I'm going to upload it. 72 00:05:57,060 --> 00:06:02,580 So I'm going to do upload G2 or two dot jpg. 73 00:06:04,260 --> 00:06:11,160 Now it's tell me the upload is successful and if we go here again, you can see we have the new image. 74 00:06:12,040 --> 00:06:18,040 Now, if this was an evil file because you're able to execute system commands from the back door, you'll 75 00:06:18,040 --> 00:06:23,710 be able to just call it from here and execute it remotely on the target computer. 76 00:06:25,060 --> 00:06:29,470 The last example that I want to show you is a vulnerability scanner. 77 00:06:30,040 --> 00:06:36,790 This is a program that can automatically discover weaknesses in websites and web applications. 78 00:06:36,790 --> 00:06:40,690 So all you have to do is just give this program a website. 79 00:06:40,690 --> 00:06:47,480 And first of all, it's going to discover all the links and all the pages in the Target website. 80 00:06:47,500 --> 00:06:55,050 Then for each one of these pages, it's going to extract all the parameters and all the forms. 81 00:06:55,060 --> 00:07:03,190 And finally, for each one of these parameters and forms, it's going to submit code to discover vulnerabilities. 82 00:07:03,820 --> 00:07:07,660 Then once it's done, it's going to show me the results. 83 00:07:07,660 --> 00:07:14,710 And as you can see, it was able to discover an XSS vulnerability in here, just like all the other 84 00:07:14,710 --> 00:07:15,370 programs. 85 00:07:15,370 --> 00:07:18,960 We're going to write this from scratch ourselves. 86 00:07:18,970 --> 00:07:21,520 So again, don't worry about how this works. 87 00:07:21,520 --> 00:07:25,780 And don't worry if you don't understand what a vulnerability is and all of that. 88 00:07:25,780 --> 00:07:29,290 We will cover all of this later on in the course. 9404