All language subtitles for [English (auto-generated)] The Complete Python Hacking Course Beginner To Advance 2023 [DownSub.com]
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scots Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Odia (Oriya)
Kinyarwanda
Turkmen
Tatar
Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,359 --> 00:00:02,580
hello everybody and welcome to this
2
00:00:02,580 --> 00:00:05,040
complete Python 3 hacking course
3
00:00:05,040 --> 00:00:07,080
now in this course we are going to code
4
00:00:07,080 --> 00:00:09,540
multiple projects each one of them will
5
00:00:09,540 --> 00:00:11,519
have its own purpose and you will have
6
00:00:11,519 --> 00:00:13,440
all of the code at the end of each
7
00:00:13,440 --> 00:00:15,299
project in the resources list to
8
00:00:15,299 --> 00:00:16,560
download
9
00:00:16,560 --> 00:00:18,539
and by the end of this course you should
10
00:00:18,539 --> 00:00:20,460
have a pretty good knowledge on how to
11
00:00:20,460 --> 00:00:22,800
create tools using Python 3 for your own
12
00:00:22,800 --> 00:00:25,019
penetration tests
13
00:00:25,019 --> 00:00:26,640
so as I mentioned this will gather
14
00:00:26,640 --> 00:00:28,439
different tools from different fields
15
00:00:28,439 --> 00:00:30,900
such as for example Port scanners back
16
00:00:30,900 --> 00:00:33,420
doors email Scrappers vulnerability
17
00:00:33,420 --> 00:00:35,820
scanners and many more
18
00:00:35,820 --> 00:00:38,160
I'm going to code as we go and explain
19
00:00:38,160 --> 00:00:40,379
everything line by line so you should
20
00:00:40,379 --> 00:00:42,420
have no problem understanding the code
21
00:00:42,420 --> 00:00:44,640
and just in case you don't like to code
22
00:00:44,640 --> 00:00:46,920
along you will have all of the programs
23
00:00:46,920 --> 00:00:49,200
available to download at the end of each
24
00:00:49,200 --> 00:00:51,600
project you can simply just download the
25
00:00:51,600 --> 00:00:54,120
code and follow along the tutorials as I
26
00:00:54,120 --> 00:00:57,000
explain without having to code anything
27
00:00:57,000 --> 00:00:58,260
okay
28
00:00:58,260 --> 00:01:00,899
now one important thing is if you have
29
00:01:00,899 --> 00:01:03,239
any questions regarding any program or
30
00:01:03,239 --> 00:01:04,979
if you have any proposals and you want
31
00:01:04,979 --> 00:01:06,840
me to add something to the course feel
32
00:01:06,840 --> 00:01:08,820
free to post in the Q a section and I
33
00:01:08,820 --> 00:01:11,220
will respond as soon as I can
34
00:01:11,220 --> 00:01:13,080
also if you don't understand anything
35
00:01:13,080 --> 00:01:15,119
make sure that you post in the Q a
36
00:01:15,119 --> 00:01:17,340
section or send me a private message and
37
00:01:17,340 --> 00:01:19,799
I will also respond there as well
38
00:01:19,799 --> 00:01:21,600
another thing to mention is that
39
00:01:21,600 --> 00:01:22,920
throughout the course there will be
40
00:01:22,920 --> 00:01:24,659
different articles and bonus lectures
41
00:01:24,659 --> 00:01:26,280
which will give you additional knowledge
42
00:01:26,280 --> 00:01:28,560
and for example if this course doesn't
43
00:01:28,560 --> 00:01:30,000
cover something such as for example
44
00:01:30,000 --> 00:01:32,280
installing Windows 7 virtual machine
45
00:01:32,280 --> 00:01:35,100
I'll make sure to leave a link to the
46
00:01:35,100 --> 00:01:36,780
tutorial where you can watch and follow
47
00:01:36,780 --> 00:01:38,520
along the tutorial in order to continue
48
00:01:38,520 --> 00:01:39,659
the course
49
00:01:39,659 --> 00:01:41,880
this course will be updated every month
50
00:01:41,880 --> 00:01:45,420
with new lectures with updated code and
51
00:01:45,420 --> 00:01:47,640
with your proposals if you tell me for
52
00:01:47,640 --> 00:01:48,900
example you want to see an updated
53
00:01:48,900 --> 00:01:50,759
keylogger I will make sure that they
54
00:01:50,759 --> 00:01:53,280
create it and put it inside of a course
55
00:01:53,280 --> 00:01:55,079
now in this course we are going to use
56
00:01:55,079 --> 00:01:57,119
Kali Linux as a virtual machine and
57
00:01:57,119 --> 00:01:58,380
don't worry I will lead you through the
58
00:01:58,380 --> 00:02:00,899
steps of installation in the
59
00:02:00,899 --> 00:02:02,880
introductory part of the course in case
60
00:02:02,880 --> 00:02:04,860
you're an advanced ethical hacker feel
61
00:02:04,860 --> 00:02:06,659
free to skip the introductory part and
62
00:02:06,659 --> 00:02:08,758
get straight into the coding lessons
63
00:02:08,758 --> 00:02:10,739
for all of you beginners I will teach
64
00:02:10,739 --> 00:02:12,480
you in the introductory video how you
65
00:02:12,480 --> 00:02:14,280
can create your own virtual machine and
66
00:02:14,280 --> 00:02:16,500
set up your own environment in order to
67
00:02:16,500 --> 00:02:18,360
start with this course
68
00:02:18,360 --> 00:02:20,700
another advice that I have is in case
69
00:02:20,700 --> 00:02:22,500
you don't have too much python knowledge
70
00:02:22,500 --> 00:02:24,420
feel free to also take a course on the
71
00:02:24,420 --> 00:02:26,700
side as we are not going to cover Python
72
00:02:26,700 --> 00:02:29,099
3 Basics we're going to get straight
73
00:02:29,099 --> 00:02:31,440
into coding different tools with python
74
00:02:31,440 --> 00:02:32,459
3.
75
00:02:32,459 --> 00:02:34,080
now even though I'm going to explain
76
00:02:34,080 --> 00:02:35,879
some of the basics throughout our code
77
00:02:35,879 --> 00:02:38,220
it would still be best for you if you
78
00:02:38,220 --> 00:02:39,959
would take a Python 3 separate course
79
00:02:39,959 --> 00:02:41,940
and I will also have some of my
80
00:02:41,940 --> 00:02:44,519
recommendations for Python 3 courses in
81
00:02:44,519 --> 00:02:46,860
the resources of this lecture so without
82
00:02:46,860 --> 00:02:49,080
further Ado thank you for enrolling and
83
00:02:49,080 --> 00:02:50,879
let's not make this any longer and let's
84
00:02:50,879 --> 00:02:53,160
get straight into the course
85
00:02:53,160 --> 00:02:55,019
hello everyone and welcome to the
86
00:02:55,019 --> 00:02:57,540
trailer of our course now in this short
87
00:02:57,540 --> 00:02:59,459
video I will give you a small teaser as
88
00:02:59,459 --> 00:03:01,200
to what you can expect after you finish
89
00:03:01,200 --> 00:03:03,720
this course it's always the best idea to
90
00:03:03,720 --> 00:03:05,459
show the students some of the things
91
00:03:05,459 --> 00:03:06,780
that you will be doing inside of the
92
00:03:06,780 --> 00:03:08,580
course and some of the things that they
93
00:03:08,580 --> 00:03:10,739
will learn and master at the end
94
00:03:10,739 --> 00:03:13,140
so for this teaser I decided to show you
95
00:03:13,140 --> 00:03:15,599
the back door but not just any back door
96
00:03:15,599 --> 00:03:17,879
I decided to show you a back door that
97
00:03:17,879 --> 00:03:19,319
we're going to run from two separate
98
00:03:19,319 --> 00:03:21,060
machines and we will establish two
99
00:03:21,060 --> 00:03:23,459
connections with Target systems we will
100
00:03:23,459 --> 00:03:25,019
be able to switch between both of these
101
00:03:25,019 --> 00:03:27,120
connections and execute commands on both
102
00:03:27,120 --> 00:03:28,620
of the systems
103
00:03:28,620 --> 00:03:30,720
let me show you what they mean now don't
104
00:03:30,720 --> 00:03:32,220
worry if you don't understand anything
105
00:03:32,220 --> 00:03:34,620
in this tutorial we're going to code all
106
00:03:34,620 --> 00:03:36,840
of this and I will explain it in the
107
00:03:36,840 --> 00:03:39,599
future projects for now on just sit back
108
00:03:39,599 --> 00:03:41,400
and enjoy the teaser
109
00:03:41,400 --> 00:03:43,980
here we have the Kali Linux machine from
110
00:03:43,980 --> 00:03:45,420
this cataly Linux machine I will use
111
00:03:45,420 --> 00:03:47,459
Python 3 to run a command the control
112
00:03:47,459 --> 00:03:49,200
center which is our program that we
113
00:03:49,200 --> 00:03:51,659
coded I will run it right here and it
114
00:03:51,659 --> 00:03:53,159
will tell us that it is waiting for the
115
00:03:53,159 --> 00:03:54,959
incoming connections
116
00:03:54,959 --> 00:03:57,540
okay so now if I go back to my Windows
117
00:03:57,540 --> 00:03:59,819
10 machine which is this one I will have
118
00:03:59,819 --> 00:04:02,519
this picture.jpg file which looks like a
119
00:04:02,519 --> 00:04:06,360
normal image but if we execute it
120
00:04:06,360 --> 00:04:08,340
it will also open up the image and
121
00:04:08,340 --> 00:04:10,500
nothing else if we see nothing else is
122
00:04:10,500 --> 00:04:12,659
being opened so everything looks
123
00:04:12,659 --> 00:04:15,180
normally but this actual file in the
124
00:04:15,180 --> 00:04:17,940
background opened up our back door which
125
00:04:17,940 --> 00:04:19,798
is also a program that we're going to
126
00:04:19,798 --> 00:04:20,519
code
127
00:04:20,519 --> 00:04:22,919
if you go to Kali Linux
128
00:04:22,919 --> 00:04:25,259
in just a few seconds we should see the
129
00:04:25,259 --> 00:04:28,500
connection from our Windows 10 machine
130
00:04:28,500 --> 00:04:30,300
while it is connecting to our Command
131
00:04:30,300 --> 00:04:33,360
control center oh here it is so we got
132
00:04:33,360 --> 00:04:34,940
the connection from
133
00:04:34,940 --> 00:04:37,199
192.168.1.2 which is the IP address of
134
00:04:37,199 --> 00:04:39,479
my windows 10. let's also run the same
135
00:04:39,479 --> 00:04:41,520
file from my Windows 10 virtual machine
136
00:04:41,520 --> 00:04:43,940
if I go right here double click on
137
00:04:43,940 --> 00:04:47,040
picture.jpg click on run it will open up
138
00:04:47,040 --> 00:04:49,020
an image and nothing else but it will
139
00:04:49,020 --> 00:04:52,440
also run in the background our back door
140
00:04:52,440 --> 00:04:54,419
let's go to our Cal Linux and see
141
00:04:54,419 --> 00:04:56,639
whether we receive the connection
142
00:04:56,639 --> 00:04:58,440
and here it is here's the connection
143
00:04:58,440 --> 00:05:00,479
from the Windows 7 machine so now we got
144
00:05:00,479 --> 00:05:03,000
two Targets connected to our commander
145
00:05:03,000 --> 00:05:05,100
control center we can check all the
146
00:05:05,100 --> 00:05:07,080
sessions that we have by typing targets
147
00:05:07,080 --> 00:05:09,660
command it will print us session zero
148
00:05:09,660 --> 00:05:11,880
with this IP address and session one
149
00:05:11,880 --> 00:05:14,520
with this IP address right here
150
00:05:14,520 --> 00:05:16,680
in order to access any of these sessions
151
00:05:16,680 --> 00:05:19,380
we can simply just specify session one
152
00:05:19,380 --> 00:05:21,900
which is our Windows 7 machine and type
153
00:05:21,900 --> 00:05:24,240
who am I and execute all of the commands
154
00:05:24,240 --> 00:05:26,520
such as ipconfig
155
00:05:26,520 --> 00:05:28,919
such as deer in order to check all the
156
00:05:28,919 --> 00:05:31,500
contents in that specific directory so
157
00:05:31,500 --> 00:05:34,259
here it is if we want to we can also set
158
00:05:34,259 --> 00:05:37,380
this session to the background
159
00:05:37,380 --> 00:05:39,539
and clear the screen and we can enter
160
00:05:39,539 --> 00:05:42,660
session 0 which is Windows 10 machine
161
00:05:42,660 --> 00:05:44,759
if I type who am I inside of a Windows
162
00:05:44,759 --> 00:05:46,620
10 machine I will see a different
163
00:05:46,620 --> 00:05:48,600
response than to Windows 7 which means
164
00:05:48,600 --> 00:05:50,580
we are on a different Target
165
00:05:50,580 --> 00:05:53,520
if I type ipconfig
166
00:05:53,520 --> 00:05:55,919
you will see a different IP address as
167
00:05:55,919 --> 00:05:57,780
well as there will give you a different
168
00:05:57,780 --> 00:06:00,539
output for that specific directory
169
00:06:00,539 --> 00:06:03,000
okay we can use the clear command inside
170
00:06:03,000 --> 00:06:04,860
of a shell in order to clear the screen
171
00:06:04,860 --> 00:06:07,199
in case we have multiple commands
172
00:06:07,199 --> 00:06:09,300
if I type the help command inside of a
173
00:06:09,300 --> 00:06:11,039
shell function it will give us all the
174
00:06:11,039 --> 00:06:13,139
available things that we can do with our
175
00:06:13,139 --> 00:06:14,580
Target
176
00:06:14,580 --> 00:06:16,560
we can change the directories using CD
177
00:06:16,560 --> 00:06:18,780
command we can upload files download
178
00:06:18,780 --> 00:06:21,419
files we can start our keylogger using
179
00:06:21,419 --> 00:06:23,400
the key log start so let's give it a try
180
00:06:23,400 --> 00:06:25,800
let's start our key logger let's type
181
00:06:25,800 --> 00:06:27,000
key log
182
00:06:27,000 --> 00:06:28,620
underscore start
183
00:06:28,620 --> 00:06:30,180
it will give us a message that the
184
00:06:30,180 --> 00:06:32,160
keylogger has been started so let's open
185
00:06:32,160 --> 00:06:34,380
up Notepad
186
00:06:34,380 --> 00:06:36,660
and start typing something inside of our
187
00:06:36,660 --> 00:06:39,780
Windows 10 notepad so if I type how is
188
00:06:39,780 --> 00:06:41,460
your day
189
00:06:41,460 --> 00:06:46,639
question mark can you see this message
190
00:06:46,740 --> 00:06:49,259
and we go back to our Calvin Linux
191
00:06:49,259 --> 00:06:50,699
machine and we take a look at the help
192
00:06:50,699 --> 00:06:52,800
command keylog underscore dump we'll
193
00:06:52,800 --> 00:06:54,840
print the keystrokes the target inputted
194
00:06:54,840 --> 00:06:57,060
so let's try it out key log underscore
195
00:06:57,060 --> 00:06:58,020
dump
196
00:06:58,020 --> 00:07:00,900
press enter and here we get notepad how
197
00:07:00,900 --> 00:07:03,300
is your date question mark can you see
198
00:07:03,300 --> 00:07:05,639
this message another question mark
199
00:07:05,639 --> 00:07:07,979
we can also stop the key logger by
200
00:07:07,979 --> 00:07:10,860
typing keylog underscore stop which will
201
00:07:10,860 --> 00:07:13,440
stop and self-destruct the keylogger
202
00:07:13,440 --> 00:07:15,840
file as it says right here
203
00:07:15,840 --> 00:07:17,639
if we want we can also create the
204
00:07:17,639 --> 00:07:19,020
persistence
205
00:07:19,020 --> 00:07:20,759
which will allow us to start our back
206
00:07:20,759 --> 00:07:22,979
door every time that the target restarts
207
00:07:22,979 --> 00:07:24,060
their machine
208
00:07:24,060 --> 00:07:25,620
so they only need to start the first
209
00:07:25,620 --> 00:07:28,259
time and every other time our backdoor
210
00:07:28,259 --> 00:07:29,880
will start on its own
211
00:07:29,880 --> 00:07:31,740
and another interesting command that we
212
00:07:31,740 --> 00:07:33,780
can do which is not specified right here
213
00:07:33,780 --> 00:07:36,419
is the screenshot command so if I type
214
00:07:36,419 --> 00:07:37,680
screenshot
215
00:07:37,680 --> 00:07:40,020
and before I press enter let me lower
216
00:07:40,020 --> 00:07:42,300
this so we can see everything
217
00:07:42,300 --> 00:07:45,300
if I type screenshot and press enter in
218
00:07:45,300 --> 00:07:47,039
just a few seconds we should have a
219
00:07:47,039 --> 00:07:49,259
screenshot of the target's desktop saved
220
00:07:49,259 --> 00:07:51,000
on our cataly Linux machine
221
00:07:51,000 --> 00:07:52,560
so let's see whether we saved it
222
00:07:52,560 --> 00:07:54,960
correctly if we go to the file
223
00:07:54,960 --> 00:07:57,300
here is the screenshot saved under the
224
00:07:57,300 --> 00:07:59,460
name screenshot 0.
225
00:07:59,460 --> 00:08:01,740
and here it is it is the exact same
226
00:08:01,740 --> 00:08:03,720
image that we saw before we pressed
227
00:08:03,720 --> 00:08:05,759
enter on the screenshot command so we
228
00:08:05,759 --> 00:08:07,440
successfully have the screenshot option
229
00:08:07,440 --> 00:08:10,020
in order to capture the target's desktop
230
00:08:10,020 --> 00:08:11,940
and that is just some of the options the
231
00:08:11,940 --> 00:08:14,340
power back door can do and this Vector
232
00:08:14,340 --> 00:08:15,780
is just one of the programs that we're
233
00:08:15,780 --> 00:08:18,660
going to code throughout this course
234
00:08:18,660 --> 00:08:20,819
so this is just a small teaser I showed
235
00:08:20,819 --> 00:08:22,319
you what we are going to do
236
00:08:22,319 --> 00:08:24,960
this is only a small portion of it or
237
00:08:24,960 --> 00:08:26,520
just a small portion of what our back
238
00:08:26,520 --> 00:08:28,860
door can do and we're going to see how
239
00:08:28,860 --> 00:08:31,259
we can code all of this inside of the
240
00:08:31,259 --> 00:08:33,419
future projects so thank you for
241
00:08:33,419 --> 00:08:35,279
watching and I will see you in the
242
00:08:35,279 --> 00:08:37,320
future lectures bye
243
00:08:37,320 --> 00:08:39,360
welcome everybody to the first lecture
244
00:08:39,360 --> 00:08:41,580
of our introduction section of our
245
00:08:41,580 --> 00:08:43,320
python hacking course
246
00:08:43,320 --> 00:08:45,480
so in this tutorial I'm going to show
247
00:08:45,480 --> 00:08:47,820
you where you can find and how you can
248
00:08:47,820 --> 00:08:49,920
download and install the virtualbox
249
00:08:49,920 --> 00:08:52,140
software that we're going to need in
250
00:08:52,140 --> 00:08:54,779
order to create our virtual machines
251
00:08:54,779 --> 00:08:57,000
okay now it is rather easy to install
252
00:08:57,000 --> 00:08:59,399
the software and as its name says we're
253
00:08:59,399 --> 00:09:01,080
going to need it in order to host the
254
00:09:01,080 --> 00:09:03,060
Cal Linux machine in which we are going
255
00:09:03,060 --> 00:09:05,519
to write our python code so let's get
256
00:09:05,519 --> 00:09:07,980
straight into how to download it so all
257
00:09:07,980 --> 00:09:09,779
you need to do is go to your Google home
258
00:09:09,779 --> 00:09:12,240
or Firefox whichever search engine
259
00:09:12,240 --> 00:09:14,640
you're using and navigate to the link
260
00:09:14,640 --> 00:09:17,220
virtualbox.org
261
00:09:17,220 --> 00:09:19,380
once you visit this link it will lead
262
00:09:19,380 --> 00:09:21,120
you to this page where it would tell you
263
00:09:21,120 --> 00:09:23,640
to download virtualbox 6.1 now it
264
00:09:23,640 --> 00:09:25,200
doesn't really matter which version you
265
00:09:25,200 --> 00:09:27,180
are going to download they're rather all
266
00:09:27,180 --> 00:09:29,220
the same so you can simply just click on
267
00:09:29,220 --> 00:09:31,440
the newest one which in my case at the
268
00:09:31,440 --> 00:09:34,380
moment is 6.1 click on download
269
00:09:34,380 --> 00:09:36,120
and it will lead you to this page where
270
00:09:36,120 --> 00:09:38,160
it will ask you for which type of host
271
00:09:38,160 --> 00:09:40,620
you want to download the virtualbox
272
00:09:40,620 --> 00:09:42,600
and right here under the virtualbox
273
00:09:42,600 --> 00:09:45,120
platform packages you can choose Windows
274
00:09:45,120 --> 00:09:47,760
hosts or sex hosts Linux distributions
275
00:09:47,760 --> 00:09:49,800
and Solaris hosts
276
00:09:49,800 --> 00:09:51,540
since I am running Windows 10
277
00:09:51,540 --> 00:09:54,480
environment on my main PC I'm going to
278
00:09:54,480 --> 00:09:57,240
navigate to the windows hosts and just
279
00:09:57,240 --> 00:09:58,860
like that it should start downloading
280
00:09:58,860 --> 00:10:01,920
the virtualbox installer file onto my
281
00:10:01,920 --> 00:10:04,260
machine as we can see right here it is
282
00:10:04,260 --> 00:10:07,140
not that larger file it is 108 megabytes
283
00:10:07,140 --> 00:10:09,360
large so as soon as it downloads you can
284
00:10:09,360 --> 00:10:10,980
simply just run it and install
285
00:10:10,980 --> 00:10:12,660
virtualbox
286
00:10:12,660 --> 00:10:14,580
the process of installation virtualbox
287
00:10:14,580 --> 00:10:16,800
is rather easy but I'm still going to
288
00:10:16,800 --> 00:10:19,440
guide you through the steps as to how to
289
00:10:19,440 --> 00:10:21,420
install virtualbox
290
00:10:21,420 --> 00:10:23,820
so as we can see right here there's not
291
00:10:23,820 --> 00:10:25,740
much time left
292
00:10:25,740 --> 00:10:28,260
okay so here it is
293
00:10:28,260 --> 00:10:30,060
let's open this up
294
00:10:30,060 --> 00:10:32,220
showing folder
295
00:10:32,220 --> 00:10:34,320
I will paste it onto my desktop right
296
00:10:34,320 --> 00:10:35,399
here
297
00:10:35,399 --> 00:10:39,440
and all you need to do is run the file
298
00:10:41,100 --> 00:10:43,080
we get a pop-up window which says
299
00:10:43,080 --> 00:10:45,980
preparing to install
300
00:10:47,519 --> 00:10:49,560
and here is the welcome window to the
301
00:10:49,560 --> 00:10:51,959
fertile box we want to click next right
302
00:10:51,959 --> 00:10:53,579
here
303
00:10:53,579 --> 00:10:56,220
next here as well
304
00:10:56,220 --> 00:10:58,620
and under the custom setup you can
305
00:10:58,620 --> 00:11:00,180
choose which options you want to leave
306
00:11:00,180 --> 00:11:02,459
unchecked and which options you want to
307
00:11:02,459 --> 00:11:04,680
uncheck so for example I will leave all
308
00:11:04,680 --> 00:11:07,079
four checked as I do one start menu
309
00:11:07,079 --> 00:11:09,779
entries and I also want shortcut on my
310
00:11:09,779 --> 00:11:11,339
desktop so I'm just going to click on
311
00:11:11,339 --> 00:11:13,200
next right here
312
00:11:13,200 --> 00:11:15,120
and this is a warning that usually comes
313
00:11:15,120 --> 00:11:16,740
up once you install virtualbox which
314
00:11:16,740 --> 00:11:18,480
tells you that during the installation
315
00:11:18,480 --> 00:11:19,920
of virtualbox you might actually
316
00:11:19,920 --> 00:11:21,920
temporarily disconnect from the internet
317
00:11:21,920 --> 00:11:24,240
even though that never really happened
318
00:11:24,240 --> 00:11:26,640
to me it might be the best idea in case
319
00:11:26,640 --> 00:11:28,500
you're downloading something to actually
320
00:11:28,500 --> 00:11:30,600
wait for that to finish before you
321
00:11:30,600 --> 00:11:33,120
actually click on the yes to proceed the
322
00:11:33,120 --> 00:11:34,920
installation since I am not doing
323
00:11:34,920 --> 00:11:36,600
anything at the moment I am simply just
324
00:11:36,600 --> 00:11:38,160
going to click here yes
325
00:11:38,160 --> 00:11:41,640
and click here on install
326
00:11:41,640 --> 00:11:43,560
and as it says right here this may take
327
00:11:43,560 --> 00:11:45,660
several minutes usually it is around two
328
00:11:45,660 --> 00:11:48,120
to three minutes it will ask us for the
329
00:11:48,120 --> 00:11:50,100
administrator password we are going to
330
00:11:50,100 --> 00:11:51,899
click here yes since I don't really have
331
00:11:51,899 --> 00:11:53,820
a password to type in and it should
332
00:11:53,820 --> 00:11:56,040
start installing virtualbox on my
333
00:11:56,040 --> 00:11:57,720
machine
334
00:11:57,720 --> 00:11:59,820
now you might notice that I already do
335
00:11:59,820 --> 00:12:02,760
have virtualbox but this is 6.0 version
336
00:12:02,760 --> 00:12:04,920
and this version is actually going to be
337
00:12:04,920 --> 00:12:08,459
updated to the newest one which is 6.1
338
00:12:08,459 --> 00:12:10,320
so I'm just going to wait for this to
339
00:12:10,320 --> 00:12:12,959
finish and I will get back to you right
340
00:12:12,959 --> 00:12:15,180
away okay so the installation has
341
00:12:15,180 --> 00:12:16,620
finished and I'm just going to click
342
00:12:16,620 --> 00:12:19,440
right here finish and it should
343
00:12:19,440 --> 00:12:23,120
automatically start my virtualbox
344
00:12:23,640 --> 00:12:27,540
and here it is now your window might be
345
00:12:27,540 --> 00:12:29,160
a little bit different because I already
346
00:12:29,160 --> 00:12:31,079
have some machines installed right here
347
00:12:31,079 --> 00:12:33,180
and you should not see any of these
348
00:12:33,180 --> 00:12:35,339
cataly Linux machines or Ubuntu machines
349
00:12:35,339 --> 00:12:38,820
ovas machines on your screen this should
350
00:12:38,820 --> 00:12:41,279
all be empty you should see these
351
00:12:41,279 --> 00:12:43,620
buttons right here which new stands for
352
00:12:43,620 --> 00:12:45,540
basically creating a new virtual machine
353
00:12:45,540 --> 00:12:47,639
which we're going to take a look at how
354
00:12:47,639 --> 00:12:50,100
to do in the next video for now on WE
355
00:12:50,100 --> 00:12:52,680
successfully install Oracle virtualbox
356
00:12:52,680 --> 00:12:54,959
and in the next video we're going to see
357
00:12:54,959 --> 00:12:57,540
how we can install Kali Linux as our
358
00:12:57,540 --> 00:13:00,420
operating system on the virtual machine
359
00:13:00,420 --> 00:13:02,760
okay so thank you for watching this
360
00:13:02,760 --> 00:13:04,980
tutorial and I will see you in the next
361
00:13:04,980 --> 00:13:07,139
lecture bye
362
00:13:07,139 --> 00:13:09,360
welcome back everyone since in the
363
00:13:09,360 --> 00:13:11,100
previous video we successfully installed
364
00:13:11,100 --> 00:13:13,500
virtualbox right now we want to see
365
00:13:13,500 --> 00:13:15,660
where we can download Kali Linux which
366
00:13:15,660 --> 00:13:17,940
version should we download and how we
367
00:13:17,940 --> 00:13:20,820
can create a virtual machine okay so
368
00:13:20,820 --> 00:13:23,040
right now if you go to your Google home
369
00:13:23,040 --> 00:13:25,680
and navigate to the official Cal Linux
370
00:13:25,680 --> 00:13:28,380
website which is the link kelly.org
371
00:13:28,380 --> 00:13:31,440
downloads you should see this page which
372
00:13:31,440 --> 00:13:33,360
will give you the latest version of Kali
373
00:13:33,360 --> 00:13:34,320
Linux
374
00:13:34,320 --> 00:13:38,120
in this case at the current time this is
375
00:13:38,120 --> 00:13:41,519
2020.1 a and it is the size of 2
376
00:13:41,519 --> 00:13:42,839
gigabytes
377
00:13:42,839 --> 00:13:44,579
now as I mentioned this is the newest
378
00:13:44,579 --> 00:13:46,920
version possible but I will not be using
379
00:13:46,920 --> 00:13:48,720
this version in the course
380
00:13:48,720 --> 00:13:50,820
the reason for that is it seems to be a
381
00:13:50,820 --> 00:13:52,860
little bit laggy on my PC but if you
382
00:13:52,860 --> 00:13:54,600
want to use the newest version and it
383
00:13:54,600 --> 00:13:56,459
works perfectly for you feel free to
384
00:13:56,459 --> 00:13:57,839
download it it doesn't really matter
385
00:13:57,839 --> 00:14:00,540
regarding the course content so in order
386
00:14:00,540 --> 00:14:02,220
to download it you simply just click on
387
00:14:02,220 --> 00:14:04,620
Cal Linux 64-bit and it should start
388
00:14:04,620 --> 00:14:06,899
downloading it over http
389
00:14:06,899 --> 00:14:08,820
and you also have the option to download
390
00:14:08,820 --> 00:14:11,579
it over torrent if you'd like
391
00:14:11,579 --> 00:14:13,800
now for those of you that also do not
392
00:14:13,800 --> 00:14:15,720
like the newest version you can simply
393
00:14:15,720 --> 00:14:18,260
just go to another page which is
394
00:14:18,260 --> 00:14:20,760
old.kelly.org which will have all of the
395
00:14:20,760 --> 00:14:22,740
previous Kali Linux versions and their
396
00:14:22,740 --> 00:14:25,200
release dates so you can download any
397
00:14:25,200 --> 00:14:27,779
version you like in my case I will just
398
00:14:27,779 --> 00:14:29,519
use the version before the newest one
399
00:14:29,519 --> 00:14:33,060
which is 2019.4 you simply just click on
400
00:14:33,060 --> 00:14:36,660
the Kali 2019.4
401
00:14:37,440 --> 00:14:38,940
and it should lead you to this page
402
00:14:38,940 --> 00:14:41,399
where you can download the ISO file for
403
00:14:41,399 --> 00:14:44,240
the Cal Linux 2019.4 version
404
00:14:44,240 --> 00:14:48,660
464-bit and 32-bit machine okay
405
00:14:48,660 --> 00:14:50,339
so I would simply just download Cal
406
00:14:50,339 --> 00:14:54,060
Linux 2019.4 and use this ISO file in
407
00:14:54,060 --> 00:14:55,980
order to continue the installation if
408
00:14:55,980 --> 00:14:58,019
you want to use the newest version well
409
00:14:58,019 --> 00:14:59,639
then you download this scale Linux
410
00:14:59,639 --> 00:15:02,699
64-bit or Cal Linux 32-bit depending on
411
00:15:02,699 --> 00:15:04,320
your machine but you are most likely
412
00:15:04,320 --> 00:15:07,620
going to have a 64-bit machine
413
00:15:07,620 --> 00:15:10,139
so once you click on it as we can see in
414
00:15:10,139 --> 00:15:11,579
just a few seconds it should start
415
00:15:11,579 --> 00:15:13,860
downloading it but I'm not going to wait
416
00:15:13,860 --> 00:15:15,899
for this because I already have the ISO
417
00:15:15,899 --> 00:15:17,459
file downloaded so I will just cancel
418
00:15:17,459 --> 00:15:19,139
this installation
419
00:15:19,139 --> 00:15:21,959
I will navigate to my virtualbox and
420
00:15:21,959 --> 00:15:24,420
let's see how we can use the ISO file in
421
00:15:24,420 --> 00:15:26,760
combination with virtualbox to create a
422
00:15:26,760 --> 00:15:28,560
calorie Linux virtual machine
423
00:15:28,560 --> 00:15:30,420
also you might have noticed that I
424
00:15:30,420 --> 00:15:32,279
already have a couple Cal Linux machines
425
00:15:32,279 --> 00:15:34,500
installed right here I'm going to use
426
00:15:34,500 --> 00:15:36,899
this one for the actual course but I
427
00:15:36,899 --> 00:15:38,399
will show you how you can proceed with
428
00:15:38,399 --> 00:15:40,079
the installation of the newest version
429
00:15:40,079 --> 00:15:43,620
since it just came out and it has some
430
00:15:43,620 --> 00:15:45,120
different options during the
431
00:15:45,120 --> 00:15:46,800
installation that you might get confused
432
00:15:46,800 --> 00:15:49,380
with so let's cover that as well you
433
00:15:49,380 --> 00:15:50,820
simply just click on the new button
434
00:15:50,820 --> 00:15:52,380
which will create a new virtual machine
435
00:15:52,380 --> 00:15:54,779
it should pop up with this window where
436
00:15:54,779 --> 00:15:56,279
it will ask you for the name and
437
00:15:56,279 --> 00:15:57,959
operating system
438
00:15:57,959 --> 00:16:00,180
you can name it anything you want I will
439
00:16:00,180 --> 00:16:02,399
name it Neil Kelly
440
00:16:02,399 --> 00:16:04,560
set the type of the operating system to
441
00:16:04,560 --> 00:16:07,320
be Linux and the version to be Debian
442
00:16:07,320 --> 00:16:10,139
64-bit in case you downloaded the 64-bit
443
00:16:10,139 --> 00:16:11,820
version of cat Linux
444
00:16:11,820 --> 00:16:13,620
now the reason we use Debian is because
445
00:16:13,620 --> 00:16:16,920
Square Enix is Debian based therefore we
446
00:16:16,920 --> 00:16:18,660
choose this option
447
00:16:18,660 --> 00:16:20,940
click here on next and here it will ask
448
00:16:20,940 --> 00:16:22,800
you for the memory size or the RAM
449
00:16:22,800 --> 00:16:24,720
memory that you want to allocate to your
450
00:16:24,720 --> 00:16:25,980
virtual machine
451
00:16:25,980 --> 00:16:28,079
I would advise you not to go below the
452
00:16:28,079 --> 00:16:30,600
one gigabyte of ram but you can also go
453
00:16:30,600 --> 00:16:33,899
up to the 4 5 maybe even 8 gigabytes of
454
00:16:33,899 --> 00:16:36,180
RAM depending on your actual machine
455
00:16:36,180 --> 00:16:38,459
okay so I will just leave it on one
456
00:16:38,459 --> 00:16:39,779
gigabyte
457
00:16:39,779 --> 00:16:42,420
uh we want to leave the option create a
458
00:16:42,420 --> 00:16:45,480
virtual hard disk now click on create
459
00:16:45,480 --> 00:16:47,699
also leave it on virtualbox disk image
460
00:16:47,699 --> 00:16:49,980
click on next and we want to set
461
00:16:49,980 --> 00:16:52,560
dynamically allocated
462
00:16:52,560 --> 00:16:54,899
here you allocate the amount of memory
463
00:16:54,899 --> 00:16:56,940
you want to give from your hard disk to
464
00:16:56,940 --> 00:16:58,980
the virtual machine and you should not
465
00:16:58,980 --> 00:17:01,680
go below 20 Gigabytes especially in the
466
00:17:01,680 --> 00:17:03,060
newest version which allows you to
467
00:17:03,060 --> 00:17:04,439
download an install bunch of different
468
00:17:04,439 --> 00:17:07,079
softwares used for ethical hacking so
469
00:17:07,079 --> 00:17:08,220
I'm just going to leave it on 20
470
00:17:08,220 --> 00:17:10,380
Gigabytes and click on create
471
00:17:10,380 --> 00:17:12,780
and we can see the new Cali has been
472
00:17:12,780 --> 00:17:13,919
added
473
00:17:13,919 --> 00:17:15,780
now before we proceed with the
474
00:17:15,780 --> 00:17:17,819
installation of the cataly Linux in the
475
00:17:17,819 --> 00:17:19,679
next video we need to change a few of
476
00:17:19,679 --> 00:17:22,140
the settings inside of this machine
477
00:17:22,140 --> 00:17:24,240
so select your machine that you just
478
00:17:24,240 --> 00:17:27,480
created click on settings and under the
479
00:17:27,480 --> 00:17:29,640
storage settings you want to navigate to
480
00:17:29,640 --> 00:17:32,460
the controller IDE delete this empty
481
00:17:32,460 --> 00:17:34,559
part by right clicking on it and
482
00:17:34,559 --> 00:17:36,840
clicking remove attachment
483
00:17:36,840 --> 00:17:39,059
click on remove and then you want to
484
00:17:39,059 --> 00:17:42,059
click on this circle with a plus
485
00:17:42,059 --> 00:17:44,400
added the version of Cal Linux that you
486
00:17:44,400 --> 00:17:46,340
downloaded in this case I have the
487
00:17:46,340 --> 00:17:50,700
2019.4 and 2020.1 a and I'm just going
488
00:17:50,700 --> 00:17:53,100
to show you for the purpose of this
489
00:17:53,100 --> 00:17:56,100
tutorial the 2020.1 a
490
00:17:56,100 --> 00:17:57,960
click on choose
491
00:17:57,960 --> 00:18:00,059
now another thing that you might want to
492
00:18:00,059 --> 00:18:01,919
consider in case you cannot see them
493
00:18:01,919 --> 00:18:05,280
right here you can go on to the ad
494
00:18:05,280 --> 00:18:07,260
and simply just find the ISO file that
495
00:18:07,260 --> 00:18:09,120
you downloaded inside of your PC
496
00:18:09,120 --> 00:18:10,860
wherever you saved it
497
00:18:10,860 --> 00:18:12,240
okay
498
00:18:12,240 --> 00:18:14,820
so let's click on cancel
499
00:18:14,820 --> 00:18:16,860
and also another thing that you want to
500
00:18:16,860 --> 00:18:19,980
change is under the network settings you
501
00:18:19,980 --> 00:18:21,960
want to go to the attach to and click on
502
00:18:21,960 --> 00:18:24,240
bridged adapter
503
00:18:24,240 --> 00:18:26,400
also make sure that you leave it on the
504
00:18:26,400 --> 00:18:28,620
ethernet cable connection since wireless
505
00:18:28,620 --> 00:18:30,960
adapters know to actually present
506
00:18:30,960 --> 00:18:33,360
problem inside the Linux and most of
507
00:18:33,360 --> 00:18:35,820
them aren't even supported therefore you
508
00:18:35,820 --> 00:18:37,440
might actually have problem connected to
509
00:18:37,440 --> 00:18:39,179
the internet if you connect over
510
00:18:39,179 --> 00:18:41,820
wireless adapter that's why it is always
511
00:18:41,820 --> 00:18:44,760
the best idea to use ethernet cable
512
00:18:44,760 --> 00:18:46,860
okay so once you finish all of that
513
00:18:46,860 --> 00:18:49,679
click on OK and your new Cal Linux
514
00:18:49,679 --> 00:18:51,960
machine is ready for the installation
515
00:18:51,960 --> 00:18:54,000
so we're going to continue with that in
516
00:18:54,000 --> 00:18:55,740
the next video we're going to pass
517
00:18:55,740 --> 00:18:57,840
through all of the steps and then we are
518
00:18:57,840 --> 00:18:59,700
ready to jump into the coding sections
519
00:18:59,700 --> 00:19:01,440
of this course
520
00:19:01,440 --> 00:19:03,960
now keep in mind that even after the
521
00:19:03,960 --> 00:19:05,340
installation there are a few things that
522
00:19:05,340 --> 00:19:07,260
you should do with Cal Linux I'll make
523
00:19:07,260 --> 00:19:09,960
sure to leave all of the links below so
524
00:19:09,960 --> 00:19:11,700
we don't waste time explaining the
525
00:19:11,700 --> 00:19:13,320
catalytics and explaining the command
526
00:19:13,320 --> 00:19:16,559
line and instead we can just focus on
527
00:19:16,559 --> 00:19:19,260
the coding parts of the course okay so
528
00:19:19,260 --> 00:19:20,940
thank you for watching this tutorial and
529
00:19:20,940 --> 00:19:24,780
I will see you in the next lecture bye
530
00:19:24,780 --> 00:19:27,900
welcome back in this tutorial we're
531
00:19:27,900 --> 00:19:29,520
going to continue with the installation
532
00:19:29,520 --> 00:19:31,919
of Cal Linux so we successfully managed
533
00:19:31,919 --> 00:19:33,900
to set up all of the options inside of
534
00:19:33,900 --> 00:19:36,000
our virtualbox and right now we are
535
00:19:36,000 --> 00:19:38,039
ready to start our machine and install
536
00:19:38,039 --> 00:19:40,500
the operating system I'm going to lead
537
00:19:40,500 --> 00:19:42,780
you through all of the steps needed to
538
00:19:42,780 --> 00:19:45,179
take in order to install Cal Linux and
539
00:19:45,179 --> 00:19:47,220
then in the next video we are ready to
540
00:19:47,220 --> 00:19:50,640
start hacking using python okay so all
541
00:19:50,640 --> 00:19:52,200
you need to do right now is click on the
542
00:19:52,200 --> 00:19:54,299
start button while you select your
543
00:19:54,299 --> 00:19:57,140
cataly Linux machine
544
00:19:58,919 --> 00:20:01,140
as we can see this is the first window
545
00:20:01,140 --> 00:20:03,120
that we will encounter let me just
546
00:20:03,120 --> 00:20:05,340
enlarge my screen it will ask us for
547
00:20:05,340 --> 00:20:07,679
different types of options such as if we
548
00:20:07,679 --> 00:20:09,960
want the graphical install or the usual
549
00:20:09,960 --> 00:20:12,120
install it doesn't really matter we can
550
00:20:12,120 --> 00:20:13,380
simply just go with the graphical
551
00:20:13,380 --> 00:20:15,780
install and install the cat Linux like
552
00:20:15,780 --> 00:20:18,020
that
553
00:20:19,200 --> 00:20:21,299
okay so here's the next option that pops
554
00:20:21,299 --> 00:20:23,400
up it will ask us to select the language
555
00:20:23,400 --> 00:20:25,799
I will leave it in English
556
00:20:25,799 --> 00:20:28,080
the location it doesn't really matter I
557
00:20:28,080 --> 00:20:30,240
could just leave it on United States if
558
00:20:30,240 --> 00:20:31,799
you like to you can select your own
559
00:20:31,799 --> 00:20:34,320
location click on continue
560
00:20:34,320 --> 00:20:36,299
and here it asks us which type of
561
00:20:36,299 --> 00:20:38,160
keyboard configuration we want to use I
562
00:20:38,160 --> 00:20:40,380
will leave it on American English click
563
00:20:40,380 --> 00:20:42,720
on continue
564
00:20:42,720 --> 00:20:44,520
now while this is installing another
565
00:20:44,520 --> 00:20:46,620
thing I want to mention is another
566
00:20:46,620 --> 00:20:48,059
reason why I don't really like the
567
00:20:48,059 --> 00:20:50,340
newest version because it will ask you
568
00:20:50,340 --> 00:20:53,760
to actually have a new user and not use
569
00:20:53,760 --> 00:20:55,559
the root account in order to complete
570
00:20:55,559 --> 00:20:57,840
your actions inside the Cal Linux and
571
00:20:57,840 --> 00:20:59,460
that is also another thing why I prefer
572
00:20:59,460 --> 00:21:01,080
the older versions because you can
573
00:21:01,080 --> 00:21:03,780
simply just use root account to perform
574
00:21:03,780 --> 00:21:06,299
anything you'd like now keep in mind
575
00:21:06,299 --> 00:21:08,160
that using root account can cause some
576
00:21:08,160 --> 00:21:10,559
security breaches but since we're using
577
00:21:10,559 --> 00:21:12,360
a virtual machine this is just for the
578
00:21:12,360 --> 00:21:14,220
learning purposes it doesn't really
579
00:21:14,220 --> 00:21:17,580
matter that's why I chose the 2019.4
580
00:21:17,580 --> 00:21:20,280
version of Cal Linux which I find better
581
00:21:20,280 --> 00:21:23,520
and more suitable for this course but
582
00:21:23,520 --> 00:21:25,380
right now here is the next option that
583
00:21:25,380 --> 00:21:27,000
pops up which is the configuration of
584
00:21:27,000 --> 00:21:31,500
network the hostname we can call it test
585
00:21:31,500 --> 00:21:33,360
the domain name we can simply just
586
00:21:33,360 --> 00:21:35,460
delete and leave on empty because we
587
00:21:35,460 --> 00:21:37,919
don't really need it at the moment and
588
00:21:37,919 --> 00:21:39,179
here is the option that they talked
589
00:21:39,179 --> 00:21:41,820
about it will ask us to set up users and
590
00:21:41,820 --> 00:21:43,860
passwords and this option didn't exist
591
00:21:43,860 --> 00:21:46,280
in the previous versions only in
592
00:21:46,280 --> 00:21:48,840
2020.18 version which is the one where
593
00:21:48,840 --> 00:21:51,000
Instinct at the moment so you will have
594
00:21:51,000 --> 00:21:52,919
to create a new user in this case I will
595
00:21:52,919 --> 00:21:55,320
just call it test
596
00:21:55,320 --> 00:21:57,720
username for your account will also be
597
00:21:57,720 --> 00:22:00,659
test and here we choose a password for
598
00:22:00,659 --> 00:22:02,580
the new user here you can type any
599
00:22:02,580 --> 00:22:04,559
password you like I'm going to type test
600
00:22:04,559 --> 00:22:06,720
one two three four
601
00:22:06,720 --> 00:22:10,380
and also test one two three four
602
00:22:10,380 --> 00:22:13,460
and click on continue
603
00:22:13,679 --> 00:22:16,020
configuring the clock I will select
604
00:22:16,020 --> 00:22:18,620
Eastern
605
00:22:20,640 --> 00:22:23,400
the partitioning of disks we want to
606
00:22:23,400 --> 00:22:26,340
select the option guided use entire disk
607
00:22:26,340 --> 00:22:28,320
select the hard disk you created during
608
00:22:28,320 --> 00:22:31,620
the previous video and click on continue
609
00:22:31,620 --> 00:22:34,260
and here we want to set all files in one
610
00:22:34,260 --> 00:22:36,240
partition as it does even say in the
611
00:22:36,240 --> 00:22:39,000
brackets recommended for new users click
612
00:22:39,000 --> 00:22:40,200
on continue
613
00:22:40,200 --> 00:22:42,600
click finish partitioning and write
614
00:22:42,600 --> 00:22:44,460
changes to disk we want to select yes
615
00:22:44,460 --> 00:22:47,480
and click on continue
616
00:22:48,000 --> 00:22:49,679
now this will start the installation
617
00:22:49,679 --> 00:22:51,720
which will get interrupted with maybe
618
00:22:51,720 --> 00:22:54,720
one two questions keep in mind that this
619
00:22:54,720 --> 00:22:57,179
will take some time to actually install
620
00:22:57,179 --> 00:23:01,020
especially the newest version uh it did
621
00:23:01,020 --> 00:23:03,600
take me around 45 minutes to an hour to
622
00:23:03,600 --> 00:23:05,299
actually finish all of the installations
623
00:23:05,299 --> 00:23:08,159
and once it finishes that you should be
624
00:23:08,159 --> 00:23:11,880
ready to use your catalytics machine
625
00:23:11,880 --> 00:23:13,679
now we're just going to leave it right
626
00:23:13,679 --> 00:23:16,140
here and if we get any pop-up question
627
00:23:16,140 --> 00:23:20,280
I'm going to get back to you right away
628
00:23:20,280 --> 00:23:21,960
okay so here is the first pop-up
629
00:23:21,960 --> 00:23:24,120
question it is the configuration of the
630
00:23:24,120 --> 00:23:26,100
package manager here you simply just
631
00:23:26,100 --> 00:23:28,200
want to click on continue and leave this
632
00:23:28,200 --> 00:23:30,679
blank
633
00:23:31,200 --> 00:23:33,000
all right so here is another question
634
00:23:33,000 --> 00:23:35,340
and this is actually the newest feature
635
00:23:35,340 --> 00:23:39,179
of the Cal Linux 2020.1 a which allows
636
00:23:39,179 --> 00:23:41,640
us to actually install desired tools and
637
00:23:41,640 --> 00:23:43,679
not install everything that we might
638
00:23:43,679 --> 00:23:46,380
never use but even though I would still
639
00:23:46,380 --> 00:23:48,299
advise you to actually select everything
640
00:23:48,299 --> 00:23:50,700
or at least select the most important
641
00:23:50,700 --> 00:23:52,919
tools for Cal Linux especially if you
642
00:23:52,919 --> 00:23:55,679
plan on using it later on even after the
643
00:23:55,679 --> 00:23:56,460
course
644
00:23:56,460 --> 00:23:58,919
now for our course it really doesn't
645
00:23:58,919 --> 00:24:01,020
matter what you select right here as we
646
00:24:01,020 --> 00:24:02,760
are simply just going to use Python 3
647
00:24:02,760 --> 00:24:05,400
during our lectures
648
00:24:05,400 --> 00:24:07,740
so right here you can use spacebar to
649
00:24:07,740 --> 00:24:10,620
select different things such as Cali
650
00:24:10,620 --> 00:24:12,720
desktop environment where you can select
651
00:24:12,720 --> 00:24:14,880
everything if you want
652
00:24:14,880 --> 00:24:16,799
it doesn't really matter just once you
653
00:24:16,799 --> 00:24:20,179
select everything that you need
654
00:24:21,179 --> 00:24:24,559
you can click on continue
655
00:24:25,260 --> 00:24:27,360
and this installation right here will
656
00:24:27,360 --> 00:24:29,400
take some time there will be another
657
00:24:29,400 --> 00:24:31,380
pop-up question which will ask you
658
00:24:31,380 --> 00:24:33,299
something along the lines whether you
659
00:24:33,299 --> 00:24:35,400
want to install the grab about loader to
660
00:24:35,400 --> 00:24:37,440
the master boot record where you want to
661
00:24:37,440 --> 00:24:39,120
select yes
662
00:24:39,120 --> 00:24:41,580
and after that I believe there will be
663
00:24:41,580 --> 00:24:43,980
no more pop-ups and you should have the
664
00:24:43,980 --> 00:24:46,440
installation complete and your Cal Linux
665
00:24:46,440 --> 00:24:48,539
will be ready to use
666
00:24:48,539 --> 00:24:50,159
so that would be about it for this
667
00:24:50,159 --> 00:24:52,440
installation tutorial I will leave some
668
00:24:52,440 --> 00:24:55,440
links in the resources of the lecture
669
00:24:55,440 --> 00:24:58,200
where you can get familiar with the Cal
670
00:24:58,200 --> 00:25:00,480
Linux a little bit more and where you
671
00:25:00,480 --> 00:25:03,120
can perform top 10 things that everyone
672
00:25:03,120 --> 00:25:05,520
should do after installing catalytics
673
00:25:05,520 --> 00:25:07,919
okay so that would be about it for this
674
00:25:07,919 --> 00:25:10,260
tutorial and in the next lecture we're
675
00:25:10,260 --> 00:25:12,240
finally going to see how we can download
676
00:25:12,240 --> 00:25:14,580
and install pycharm which we are going
677
00:25:14,580 --> 00:25:17,700
to use for creating our programs
678
00:25:17,700 --> 00:25:21,120
hope I see you there and take care bye
679
00:25:21,120 --> 00:25:23,640
welcome back now that we got our
680
00:25:23,640 --> 00:25:26,159
catalytics setup and ready all we are
681
00:25:26,159 --> 00:25:28,260
left to do before we can start coding is
682
00:25:28,260 --> 00:25:30,539
install the pycharm
683
00:25:30,539 --> 00:25:32,520
now what is pycharm you might be asking
684
00:25:32,520 --> 00:25:34,140
well pycharm is an integrated
685
00:25:34,140 --> 00:25:35,820
development environment used for
686
00:25:35,820 --> 00:25:38,159
computer programming especially aimed
687
00:25:38,159 --> 00:25:40,679
for python programmers it is also a
688
00:25:40,679 --> 00:25:42,179
cross-platform so you can get it for
689
00:25:42,179 --> 00:25:44,640
Windows Mac OS and Linux systems if
690
00:25:44,640 --> 00:25:45,840
you'd like
691
00:25:45,840 --> 00:25:47,340
now let's see how we can actually
692
00:25:47,340 --> 00:25:48,539
download it
693
00:25:48,539 --> 00:25:50,460
first of all we need to open up our
694
00:25:50,460 --> 00:25:52,679
Firefox and depending on which version
695
00:25:52,679 --> 00:25:54,960
of Cal Linux you are running it might be
696
00:25:54,960 --> 00:25:56,760
located on the left side of the screen
697
00:25:56,760 --> 00:25:58,799
right here in case you're using the
698
00:25:58,799 --> 00:26:01,080
newest version and in case you're using
699
00:26:01,080 --> 00:26:04,559
the 2019.4 version like I am you simply
700
00:26:04,559 --> 00:26:06,900
just go to this icon right here type in
701
00:26:06,900 --> 00:26:08,220
Firefox
702
00:26:08,220 --> 00:26:10,320
and click enter
703
00:26:10,320 --> 00:26:12,720
it will open up the Firefox for you and
704
00:26:12,720 --> 00:26:14,220
then we can navigate to the Google
705
00:26:14,220 --> 00:26:17,960
search bar and type pie chart
706
00:26:18,740 --> 00:26:23,120
click on the first link that pops up
707
00:26:23,940 --> 00:26:27,500
and then click on download
708
00:26:28,559 --> 00:26:30,419
you will see that it will automatically
709
00:26:30,419 --> 00:26:32,279
realize that we are running Linux
710
00:26:32,279 --> 00:26:34,260
systems and we'll get two different
711
00:26:34,260 --> 00:26:36,900
versions available for download we get
712
00:26:36,900 --> 00:26:38,460
the professional version and the
713
00:26:38,460 --> 00:26:40,380
community version now since the
714
00:26:40,380 --> 00:26:42,120
community version is free and open
715
00:26:42,120 --> 00:26:44,400
source we're going to download that one
716
00:26:44,400 --> 00:26:47,100
instead of the professional version
717
00:26:47,100 --> 00:26:49,380
in just a few seconds this pop-up window
718
00:26:49,380 --> 00:26:51,419
should come up and it will ask us
719
00:26:51,419 --> 00:26:53,460
whether we want to open the file or save
720
00:26:53,460 --> 00:26:55,919
the file in this case we want to save
721
00:26:55,919 --> 00:26:58,260
the file click here on OK
722
00:26:58,260 --> 00:27:00,419
and right here under this Arrow if you
723
00:27:00,419 --> 00:27:02,220
click on it you will see that it has
724
00:27:02,220 --> 00:27:04,500
started downloading pycharm on our Cal
725
00:27:04,500 --> 00:27:06,900
Linux machine
726
00:27:06,900 --> 00:27:08,700
now while this is downloading I just
727
00:27:08,700 --> 00:27:11,580
want to mention one thing so I will just
728
00:27:11,580 --> 00:27:13,380
lower this
729
00:27:13,380 --> 00:27:15,480
and I will open up the terminal which is
730
00:27:15,480 --> 00:27:18,000
this icon right here
731
00:27:18,000 --> 00:27:20,100
in case you are using the newest version
732
00:27:20,100 --> 00:27:23,340
you will not be a root account inside of
733
00:27:23,340 --> 00:27:25,140
the terminal you will simply just be a
734
00:27:25,140 --> 00:27:26,700
user that you created during the
735
00:27:26,700 --> 00:27:28,740
installation which is showed in the
736
00:27:28,740 --> 00:27:30,659
previous few videos
737
00:27:30,659 --> 00:27:33,600
if you're using the the 2019.4 version
738
00:27:33,600 --> 00:27:35,460
like I am you will not have a problem
739
00:27:35,460 --> 00:27:37,380
with root account as you will simply
740
00:27:37,380 --> 00:27:39,360
just be the root account every time you
741
00:27:39,360 --> 00:27:41,940
log in as we can see right here
742
00:27:41,940 --> 00:27:45,000
now let me just zoom this in so we can
743
00:27:45,000 --> 00:27:48,440
see everything a little bit better
744
00:27:48,779 --> 00:27:52,500
okay so it's good now uh therefore some
745
00:27:52,500 --> 00:27:54,539
of the commands that we run will require
746
00:27:54,539 --> 00:27:57,299
root privileges and I just want to show
747
00:27:57,299 --> 00:27:59,159
you how you can run them for example
748
00:27:59,159 --> 00:28:02,279
let's say the command who am I
749
00:28:02,279 --> 00:28:04,860
requires root privileges now it doesn't
750
00:28:04,860 --> 00:28:06,900
but let's say it does
751
00:28:06,900 --> 00:28:08,940
if you're using a simple user account
752
00:28:08,940 --> 00:28:11,340
and not a root account in order to run
753
00:28:11,340 --> 00:28:13,500
the who am I command and not get the
754
00:28:13,500 --> 00:28:15,539
access denied error you can simply just
755
00:28:15,539 --> 00:28:19,760
type sudo who am I
756
00:28:20,580 --> 00:28:22,980
now on the newest version of Cal Linux
757
00:28:22,980 --> 00:28:25,440
it will ask you for the password of your
758
00:28:25,440 --> 00:28:27,299
own account you simply just type it in
759
00:28:27,299 --> 00:28:29,700
and it will execute this command and
760
00:28:29,700 --> 00:28:32,039
give you the output okay
761
00:28:32,039 --> 00:28:34,200
so I just wanted to mention that in case
762
00:28:34,200 --> 00:28:36,059
you run into some errors where you
763
00:28:36,059 --> 00:28:38,400
require root privileges in order to run
764
00:28:38,400 --> 00:28:42,240
and now let's see if our download has
765
00:28:42,240 --> 00:28:44,640
finished we have 73 more Megabytes left
766
00:28:44,640 --> 00:28:46,559
so I'm just going to wait for this to
767
00:28:46,559 --> 00:28:48,360
finish and then we will proceed with the
768
00:28:48,360 --> 00:28:50,159
installation
769
00:28:50,159 --> 00:28:52,260
okay so it is finished we want to click
770
00:28:52,260 --> 00:28:54,240
on this icon right here which will open
771
00:28:54,240 --> 00:28:56,400
up the folder where our pytarm is
772
00:28:56,400 --> 00:29:00,179
located we can close the Firefox as we
773
00:29:00,179 --> 00:29:02,820
no longer need it and right here we can
774
00:29:02,820 --> 00:29:05,039
see that the pycharm is located in the
775
00:29:05,039 --> 00:29:07,500
slash root slash downloads directory
776
00:29:07,500 --> 00:29:09,720
now on the new catalytics it might be
777
00:29:09,720 --> 00:29:12,360
slash the name of your account and then
778
00:29:12,360 --> 00:29:13,799
slash downloads
779
00:29:13,799 --> 00:29:15,840
so let's navigate inside of our terminal
780
00:29:15,840 --> 00:29:18,899
to that directory slash root
781
00:29:18,899 --> 00:29:21,240
slash downloads
782
00:29:21,240 --> 00:29:24,299
type LS and we can see pycharm is right
783
00:29:24,299 --> 00:29:25,559
here
784
00:29:25,559 --> 00:29:27,360
now you might notice that it has the
785
00:29:27,360 --> 00:29:30,240
extension of dot star.gc which simply
786
00:29:30,240 --> 00:29:31,980
just means that this is a packed file
787
00:29:31,980 --> 00:29:34,140
and we have to unpack it before we
788
00:29:34,140 --> 00:29:37,200
actually run anything from it in order
789
00:29:37,200 --> 00:29:38,880
to unpack this you could simply just
790
00:29:38,880 --> 00:29:42,140
type the command tar and then Dash
791
00:29:42,140 --> 00:29:45,840
xzf and then the name of the file
792
00:29:45,840 --> 00:29:48,600
you can simply just type py and then tap
793
00:29:48,600 --> 00:29:50,520
in order to auto complete the name so
794
00:29:50,520 --> 00:29:52,140
you don't have to bother typing all of
795
00:29:52,140 --> 00:29:53,700
this by yourself
796
00:29:53,700 --> 00:29:56,279
press here enter and in just a few
797
00:29:56,279 --> 00:30:00,020
seconds this should be unpacked
798
00:30:00,240 --> 00:30:03,299
okay so here it is once we type LS once
799
00:30:03,299 --> 00:30:05,220
again now we will have another director
800
00:30:05,220 --> 00:30:07,260
which will be the unpacked python
801
00:30:07,260 --> 00:30:08,399
directory
802
00:30:08,399 --> 00:30:11,159
so let's navigate to there using the ecd
803
00:30:11,159 --> 00:30:12,120
command
804
00:30:12,120 --> 00:30:14,940
type LS and we will see bunch of files
805
00:30:14,940 --> 00:30:16,860
and directories inside of this pycharm
806
00:30:16,860 --> 00:30:19,020
directory we want to go to the bin
807
00:30:19,020 --> 00:30:21,779
directory type LS once again
808
00:30:21,779 --> 00:30:24,539
and inside of this pin directory we want
809
00:30:24,539 --> 00:30:28,320
to run this pycharm.sh file now you
810
00:30:28,320 --> 00:30:29,820
might notice that this is a DOT sh
811
00:30:29,820 --> 00:30:32,100
extension therefore we need to run it
812
00:30:32,100 --> 00:30:34,980
using bash we simply just type in bash
813
00:30:34,980 --> 00:30:38,520
and then pycharm.sh
814
00:30:38,520 --> 00:30:40,260
now this is another command that might
815
00:30:40,260 --> 00:30:42,120
require root privileges in order to run
816
00:30:42,120 --> 00:30:43,799
so in case you are using the newest
817
00:30:43,799 --> 00:30:45,299
version of Cal Linux and you are not
818
00:30:45,299 --> 00:30:47,580
root account you simply just type sudo
819
00:30:47,580 --> 00:30:50,940
and then bash pycharm.sh type in the
820
00:30:50,940 --> 00:30:52,799
password and this should execute with no
821
00:30:52,799 --> 00:30:53,880
problems
822
00:30:53,880 --> 00:30:56,960
so let's run this
823
00:30:57,899 --> 00:31:00,899
it will run the pycharm.sh program and
824
00:31:00,899 --> 00:31:03,059
it should start pycharm for us
825
00:31:03,059 --> 00:31:06,299
here it is we got pycharm opened up and
826
00:31:06,299 --> 00:31:07,740
before we actually click on create new
827
00:31:07,740 --> 00:31:09,960
project we want to go down here under
828
00:31:09,960 --> 00:31:11,940
the configure
829
00:31:11,940 --> 00:31:15,720
and click on create desktop entry
830
00:31:15,720 --> 00:31:17,640
we want to check create the entry for
831
00:31:17,640 --> 00:31:20,880
all users and click on OK
832
00:31:20,880 --> 00:31:23,039
once we do that we can simply just click
833
00:31:23,039 --> 00:31:25,200
on create new project
834
00:31:25,200 --> 00:31:28,440
call it test since this is the test
835
00:31:28,440 --> 00:31:30,000
project and we're not going to code
836
00:31:30,000 --> 00:31:32,640
anything inside of this project and it
837
00:31:32,640 --> 00:31:35,580
should load up this window right here it
838
00:31:35,580 --> 00:31:37,200
will create the virtual environment for
839
00:31:37,200 --> 00:31:39,240
you it will give you some tips for the
840
00:31:39,240 --> 00:31:41,640
programming and also for the pycharm
841
00:31:41,640 --> 00:31:44,940
which we are not really interested in
842
00:31:44,940 --> 00:31:46,740
and when everything is done and
843
00:31:46,740 --> 00:31:48,299
everything is loaded up we should be
844
00:31:48,299 --> 00:31:50,580
ready to code so let's click on close
845
00:31:50,580 --> 00:31:54,120
right here let's enlarge this to so this
846
00:31:54,120 --> 00:31:56,399
is how pycharm looks like now in order
847
00:31:56,399 --> 00:31:58,799
to create a file and start coding you
848
00:31:58,799 --> 00:32:01,440
can go to the test right click on it
849
00:32:01,440 --> 00:32:05,159
click on new and then python file let's
850
00:32:05,159 --> 00:32:09,000
call it test Dot py
851
00:32:09,000 --> 00:32:11,460
and it will let you code Python program
852
00:32:11,460 --> 00:32:13,020
right here
853
00:32:13,020 --> 00:32:16,940
so you can simply just type print
854
00:32:16,980 --> 00:32:19,559
hello world
855
00:32:19,559 --> 00:32:21,960
and then go under run
856
00:32:21,960 --> 00:32:23,820
the program
857
00:32:23,820 --> 00:32:25,559
from the test
858
00:32:25,559 --> 00:32:27,899
and here it is the output which says
859
00:32:27,899 --> 00:32:29,520
hello world
860
00:32:29,520 --> 00:32:31,620
now if you install python for the first
861
00:32:31,620 --> 00:32:33,899
time these letters right here might be
862
00:32:33,899 --> 00:32:36,240
too small for you let's see how we can
863
00:32:36,240 --> 00:32:38,760
increase the font of these letters so
864
00:32:38,760 --> 00:32:40,559
you can go on to the file
865
00:32:40,559 --> 00:32:44,100
go to the settings
866
00:32:44,100 --> 00:32:46,140
under the settings you want to go to the
867
00:32:46,140 --> 00:32:47,279
editor
868
00:32:47,279 --> 00:32:49,679
click on font
869
00:32:49,679 --> 00:32:51,480
and under the font you can change
870
00:32:51,480 --> 00:32:54,120
whichever font you like so let's say 22
871
00:32:54,120 --> 00:32:57,720
click on OK and the letters are now
872
00:32:57,720 --> 00:32:59,220
larger
873
00:32:59,220 --> 00:33:01,620
so now that we got the pycharm ready in
874
00:33:01,620 --> 00:33:03,299
the next section we're going to start
875
00:33:03,299 --> 00:33:05,640
off with our first project which is
876
00:33:05,640 --> 00:33:09,120
going to be a port scanner in Python 3
877
00:33:09,120 --> 00:33:12,120
okay so that would be about it for this
878
00:33:12,120 --> 00:33:14,220
tutorial thank you for watching and
879
00:33:14,220 --> 00:33:16,200
let's get straight into the hacking in
880
00:33:16,200 --> 00:33:19,679
the next section take care bye
881
00:33:19,679 --> 00:33:22,559
hello everybody and welcome to our first
882
00:33:22,559 --> 00:33:24,720
project where we are going to code our
883
00:33:24,720 --> 00:33:27,539
own port scanner using python 3.
884
00:33:27,539 --> 00:33:29,279
so in the previous section we introduced
885
00:33:29,279 --> 00:33:31,380
ourselves to Cal Linux we installed
886
00:33:31,380 --> 00:33:33,600
pycharm and now we are ready to start
887
00:33:33,600 --> 00:33:35,760
writing our code
888
00:33:35,760 --> 00:33:38,340
before we start let's first explain what
889
00:33:38,340 --> 00:33:40,799
is the purpose of a port scanner but it
890
00:33:40,799 --> 00:33:42,899
will do and how are we going to create
891
00:33:42,899 --> 00:33:44,220
it
892
00:33:44,220 --> 00:33:46,860
well first of all a port scanner is a
893
00:33:46,860 --> 00:33:48,960
program that allows you to scan Target
894
00:33:48,960 --> 00:33:51,779
machine and discover whether it has some
895
00:33:51,779 --> 00:33:55,500
open or closed ports for example we all
896
00:33:55,500 --> 00:33:57,840
know that the port 80 is used in order
897
00:33:57,840 --> 00:34:00,779
to serve HTTP and in order to serve a
898
00:34:00,779 --> 00:34:02,340
website page
899
00:34:02,340 --> 00:34:03,960
now how would you actually discover
900
00:34:03,960 --> 00:34:06,720
whether Port 80 is open without visiting
901
00:34:06,720 --> 00:34:07,740
that page
902
00:34:07,740 --> 00:34:10,918
well using our Port scanner we can see
903
00:34:10,918 --> 00:34:12,839
whether we can connect to that Port 80
904
00:34:12,839 --> 00:34:15,480
or whether we cannot if we can connect
905
00:34:15,480 --> 00:34:17,580
that means that the port is open and it
906
00:34:17,580 --> 00:34:19,500
is most likely hosting a web page there
907
00:34:19,500 --> 00:34:22,320
and if we cannot connect that means that
908
00:34:22,320 --> 00:34:25,139
the port is closed simple as that
909
00:34:25,139 --> 00:34:27,418
so that will be the Baseline and the
910
00:34:27,418 --> 00:34:29,940
base part of our program
911
00:34:29,940 --> 00:34:32,399
now let's open a new project and to do
912
00:34:32,399 --> 00:34:34,859
that we can go right here onto file and
913
00:34:34,859 --> 00:34:37,859
then new project here we can call it
914
00:34:37,859 --> 00:34:39,659
Port scanner
915
00:34:39,659 --> 00:34:42,659
click on create it will ask you whether
916
00:34:42,659 --> 00:34:44,639
you want to open the new project in this
917
00:34:44,639 --> 00:34:46,800
window or in another window I will
918
00:34:46,800 --> 00:34:48,300
simply just select this window right
919
00:34:48,300 --> 00:34:49,980
here
920
00:34:49,980 --> 00:34:51,899
it will create the virtual environment
921
00:34:51,899 --> 00:34:54,300
for this project and then we can start
922
00:34:54,300 --> 00:34:55,560
coding
923
00:34:55,560 --> 00:34:58,560
now here it is the port scanner we will
924
00:34:58,560 --> 00:35:00,359
click on new
925
00:35:00,359 --> 00:35:03,359
and then python file and we will call it
926
00:35:03,359 --> 00:35:06,480
port scanner.py
927
00:35:06,480 --> 00:35:10,440
okay python file we created it let me
928
00:35:10,440 --> 00:35:12,480
just enlarge a little bit more the font
929
00:35:12,480 --> 00:35:13,980
size
930
00:35:13,980 --> 00:35:17,040
so once again to the editor font
931
00:35:17,040 --> 00:35:21,720
and right here let's go 24 apply and now
932
00:35:21,720 --> 00:35:24,119
we are ready to go now for this project
933
00:35:24,119 --> 00:35:25,680
we are going to need two different
934
00:35:25,680 --> 00:35:28,260
python libraries we're going to need to
935
00:35:28,260 --> 00:35:31,020
import the socket Library
936
00:35:31,020 --> 00:35:34,020
and we're also going to need to import
937
00:35:34,020 --> 00:35:36,440
a library called
938
00:35:36,440 --> 00:35:39,300
ipy and we're going to import it like
939
00:35:39,300 --> 00:35:42,300
this from ipy
940
00:35:42,300 --> 00:35:44,640
import IP
941
00:35:44,640 --> 00:35:47,160
now right away
942
00:35:47,160 --> 00:35:50,700
you might notice that the ipy and IP are
943
00:35:50,700 --> 00:35:53,400
both red underlined this means that the
944
00:35:53,400 --> 00:35:55,440
pi charm cannot recognize this library
945
00:35:55,440 --> 00:35:58,260
and cannot find it
946
00:35:58,260 --> 00:36:00,599
so before we actually start using it we
947
00:36:00,599 --> 00:36:02,940
need to download it first
948
00:36:02,940 --> 00:36:04,680
now there are a few ways we can actually
949
00:36:04,680 --> 00:36:07,020
download it you can download it using a
950
00:36:07,020 --> 00:36:09,119
regular terminal which we are going to
951
00:36:09,119 --> 00:36:11,700
do as a first try
952
00:36:11,700 --> 00:36:14,940
right here so I will just
953
00:36:14,940 --> 00:36:16,859
put it like this so we can see
954
00:36:16,859 --> 00:36:18,240
everything
955
00:36:18,240 --> 00:36:20,700
now in order to install a desired
956
00:36:20,700 --> 00:36:23,099
Library using the terminal you have to
957
00:36:23,099 --> 00:36:26,339
use a command called pip3 install
958
00:36:26,339 --> 00:36:29,160
now pip3 is a byte of Python 3 and it is
959
00:36:29,160 --> 00:36:31,140
used to actually install Python 3
960
00:36:31,140 --> 00:36:33,240
libraries that are missing and that you
961
00:36:33,240 --> 00:36:36,000
need in order to run your program
962
00:36:36,000 --> 00:36:38,640
okay now if you're using a new Cal Linux
963
00:36:38,640 --> 00:36:40,500
you most likely won't have pip3
964
00:36:40,500 --> 00:36:43,380
installed and in order to install it you
965
00:36:43,380 --> 00:36:45,560
simply just typed apt install
966
00:36:45,560 --> 00:36:47,940
python3 Dash pip
967
00:36:47,940 --> 00:36:50,940
press here enter and it will install it
968
00:36:50,940 --> 00:36:53,280
for you for me it is already been
969
00:36:53,280 --> 00:36:55,800
installed so we can continue right away
970
00:36:55,800 --> 00:36:58,200
let me clear the screen and launch this
971
00:36:58,200 --> 00:37:00,480
a little bit just in case you cannot see
972
00:37:00,480 --> 00:37:03,240
what I'm typing
973
00:37:03,240 --> 00:37:04,920
and let's get the library that we're
974
00:37:04,920 --> 00:37:06,960
missing so pip3
975
00:37:06,960 --> 00:37:12,260
install ipy press your enter
976
00:37:14,040 --> 00:37:16,740
and it will say requirement already
977
00:37:16,740 --> 00:37:18,359
satisfied
978
00:37:18,359 --> 00:37:20,760
now this might seem confusing because
979
00:37:20,760 --> 00:37:23,160
two minutes ago I just told you that we
980
00:37:23,160 --> 00:37:25,380
are missing this library that we cannot
981
00:37:25,380 --> 00:37:26,400
find it
982
00:37:26,400 --> 00:37:28,680
and here inside the terminal it says
983
00:37:28,680 --> 00:37:30,420
that the requirement has already been
984
00:37:30,420 --> 00:37:32,460
satisfied and that we already have this
985
00:37:32,460 --> 00:37:34,980
library at this location
986
00:37:34,980 --> 00:37:37,200
well that is another part of the pie
987
00:37:37,200 --> 00:37:38,780
charm that you need to understand
988
00:37:38,780 --> 00:37:40,859
pycharm simply creates a virtual
989
00:37:40,859 --> 00:37:42,900
environment every time you create a new
990
00:37:42,900 --> 00:37:46,140
project that means that the library that
991
00:37:46,140 --> 00:37:48,119
you have installed inside of your Cal
992
00:37:48,119 --> 00:37:50,160
Linux doesn't necessarily have to be
993
00:37:50,160 --> 00:37:52,619
installed inside of your pycharm program
994
00:37:52,619 --> 00:37:55,980
therefore this ipy library has not been
995
00:37:55,980 --> 00:37:57,900
installed inside of this virtual
996
00:37:57,900 --> 00:38:00,180
environment so where can we install it
997
00:38:00,180 --> 00:38:04,440
well you can go here on Terminal and you
998
00:38:04,440 --> 00:38:06,240
will see right away that before the root
999
00:38:06,240 --> 00:38:09,000
Cali and then the actual directory we
1000
00:38:09,000 --> 00:38:11,940
have this VNV inside of brackets which
1001
00:38:11,940 --> 00:38:13,800
stands for virtual environment
1002
00:38:13,800 --> 00:38:15,540
so right here if we type the same
1003
00:38:15,540 --> 00:38:18,440
command which is pip3 installed and then
1004
00:38:18,440 --> 00:38:21,599
ipy press here enter
1005
00:38:21,599 --> 00:38:23,640
you can see that right now it is
1006
00:38:23,640 --> 00:38:25,560
successfully downloading it and it has
1007
00:38:25,560 --> 00:38:27,540
downloaded it inside of our virtual
1008
00:38:27,540 --> 00:38:30,300
environment right now if we lower this
1009
00:38:30,300 --> 00:38:33,119
go right here you can see that this is
1010
00:38:33,119 --> 00:38:35,400
no longer red underlined and now we have
1011
00:38:35,400 --> 00:38:37,859
both of our libraries ready to use
1012
00:38:37,859 --> 00:38:40,079
so I just wanted to show you that
1013
00:38:40,079 --> 00:38:41,760
because it is really important and we
1014
00:38:41,760 --> 00:38:43,200
will be switching between libraries
1015
00:38:43,200 --> 00:38:45,300
throughout the entire course so it is
1016
00:38:45,300 --> 00:38:46,800
important for you to understand the
1017
00:38:46,800 --> 00:38:48,200
meaning of a virtual environment
1018
00:38:48,200 --> 00:38:50,700
therefore once you next time try to
1019
00:38:50,700 --> 00:38:52,200
install a desired library that is
1020
00:38:52,200 --> 00:38:54,240
missing from Pine charm don't use
1021
00:38:54,240 --> 00:38:56,640
calendar next terminal like this you
1022
00:38:56,640 --> 00:38:58,740
simply just go down here and inside of
1023
00:38:58,740 --> 00:39:00,420
this python project you can install the
1024
00:39:00,420 --> 00:39:02,460
desired library inside of the virtual
1025
00:39:02,460 --> 00:39:03,540
environment
1026
00:39:03,540 --> 00:39:05,460
so now that we imported the desired
1027
00:39:05,460 --> 00:39:07,560
libraries in the next video we can start
1028
00:39:07,560 --> 00:39:10,200
finally coding our Port scanner
1029
00:39:10,200 --> 00:39:12,900
see you there bye welcome back everybody
1030
00:39:12,900 --> 00:39:15,839
let's continue with our Port scanner so
1031
00:39:15,839 --> 00:39:17,820
what we did by now is we imported two
1032
00:39:17,820 --> 00:39:19,380
libraries that we need in order for our
1033
00:39:19,380 --> 00:39:21,660
program to work let's get straight into
1034
00:39:21,660 --> 00:39:23,880
coding the main program
1035
00:39:23,880 --> 00:39:26,640
okay so first thing let's think about it
1036
00:39:26,640 --> 00:39:28,859
what we need to logically do in order to
1037
00:39:28,859 --> 00:39:30,839
discover where the report is open or
1038
00:39:30,839 --> 00:39:31,740
closed
1039
00:39:31,740 --> 00:39:33,599
well we need to establish a connection
1040
00:39:33,599 --> 00:39:36,599
with the target machine and then we need
1041
00:39:36,599 --> 00:39:38,520
to try to connect to the specific Port
1042
00:39:38,520 --> 00:39:41,160
if we manage to connect the port is open
1043
00:39:41,160 --> 00:39:43,500
if we don't manage to connect the port
1044
00:39:43,500 --> 00:39:44,640
is closed
1045
00:39:44,640 --> 00:39:46,260
now there is another thing that can
1046
00:39:46,260 --> 00:39:47,880
happen and that is that the port is
1047
00:39:47,880 --> 00:39:49,500
filtered but we are not going to cover
1048
00:39:49,500 --> 00:39:52,380
that at the moment so first of all let's
1049
00:39:52,380 --> 00:39:54,660
see how we can establish the connection
1050
00:39:54,660 --> 00:39:57,380
here is where we use the socket Library
1051
00:39:57,380 --> 00:39:59,700
socket Library allows us to establish
1052
00:39:59,700 --> 00:40:03,180
the connection over internet so how can
1053
00:40:03,180 --> 00:40:05,820
we do that well it's rather easy and
1054
00:40:05,820 --> 00:40:07,140
it's something that we will use
1055
00:40:07,140 --> 00:40:09,599
throughout this course a lot it's a same
1056
00:40:09,599 --> 00:40:11,760
shim of a few different lines of code
1057
00:40:11,760 --> 00:40:13,619
that will allow us to connect to the
1058
00:40:13,619 --> 00:40:15,119
Target machine
1059
00:40:15,119 --> 00:40:17,820
so in the first line we will Define a
1060
00:40:17,820 --> 00:40:19,680
socket descriptor
1061
00:40:19,680 --> 00:40:22,079
we do that by specifying the name and
1062
00:40:22,079 --> 00:40:25,440
then equals socket.socket
1063
00:40:25,440 --> 00:40:27,240
just like this we Define the socket
1064
00:40:27,240 --> 00:40:28,740
descriptor and you can name this
1065
00:40:28,740 --> 00:40:30,240
anything you want it doesn't have to be
1066
00:40:30,240 --> 00:40:32,940
named sock it can be named s but for the
1067
00:40:32,940 --> 00:40:34,380
purpose of this tutorial we're going to
1068
00:40:34,380 --> 00:40:36,960
leave it on sock as soon as we do that
1069
00:40:36,960 --> 00:40:38,700
we can try to connect to the Target
1070
00:40:38,700 --> 00:40:39,839
machine
1071
00:40:39,839 --> 00:40:42,720
so sock.connect
1072
00:40:42,720 --> 00:40:45,119
and inside the disconnect function we
1073
00:40:45,119 --> 00:40:47,040
need to specify two open and two close
1074
00:40:47,040 --> 00:40:49,320
brackets and there we need to specify
1075
00:40:49,320 --> 00:40:51,180
the IP address
1076
00:40:51,180 --> 00:40:54,180
and the port that we want to connect to
1077
00:40:54,180 --> 00:40:56,940
all right now you will see right away
1078
00:40:56,940 --> 00:40:59,700
that once again this IP address and this
1079
00:40:59,700 --> 00:41:02,579
port is underlined red that means that
1080
00:41:02,579 --> 00:41:05,160
this is not defined so we need to Define
1081
00:41:05,160 --> 00:41:08,400
what IP address is and what port is
1082
00:41:08,400 --> 00:41:10,500
what we're going to do is we're simply
1083
00:41:10,500 --> 00:41:11,940
just going to create a variable which
1084
00:41:11,940 --> 00:41:13,920
will be called IP address
1085
00:41:13,920 --> 00:41:16,560
and we're going to set this variable to
1086
00:41:16,560 --> 00:41:18,540
be equal to whatever the user of this
1087
00:41:18,540 --> 00:41:20,640
program inputs during the running of the
1088
00:41:20,640 --> 00:41:22,020
program
1089
00:41:22,020 --> 00:41:23,579
now what they mean by that is we're
1090
00:41:23,579 --> 00:41:25,500
going to use the input function which
1091
00:41:25,500 --> 00:41:27,900
allows us to add the runtime specify the
1092
00:41:27,900 --> 00:41:30,180
IP address that we want to scan
1093
00:41:30,180 --> 00:41:31,980
so we're going to prompt to the user of
1094
00:41:31,980 --> 00:41:33,359
this program
1095
00:41:33,359 --> 00:41:35,099
something like this
1096
00:41:35,099 --> 00:41:39,079
enter Target to scan
1097
00:41:39,300 --> 00:41:41,660
okay
1098
00:41:42,240 --> 00:41:44,520
now that we have that we also need to
1099
00:41:44,520 --> 00:41:46,560
define the port
1100
00:41:46,560 --> 00:41:50,460
and let's say the port will be port 80.
1101
00:41:50,460 --> 00:41:52,320
it will be a simple integer so we're
1102
00:41:52,320 --> 00:41:54,480
going to select it like this and now our
1103
00:41:54,480 --> 00:41:56,099
code is good to go
1104
00:41:56,099 --> 00:41:58,800
all we are left to do is we're left to
1105
00:41:58,800 --> 00:42:00,240
wrap this inside of a try and accept
1106
00:42:00,240 --> 00:42:02,400
Rule and this try and accept rule
1107
00:42:02,400 --> 00:42:03,960
basically means that we are going to try
1108
00:42:03,960 --> 00:42:06,960
this and in case that doesn't work we're
1109
00:42:06,960 --> 00:42:09,359
going to try something else which will
1110
00:42:09,359 --> 00:42:12,480
be under this except part so try and
1111
00:42:12,480 --> 00:42:14,820
then sock dot connect we are trying to
1112
00:42:14,820 --> 00:42:17,160
connect to the port and if we don't
1113
00:42:17,160 --> 00:42:19,079
manage to connect we're going to print
1114
00:42:19,079 --> 00:42:21,680
to the screen
1115
00:42:21,960 --> 00:42:25,040
that's the port
1116
00:42:25,640 --> 00:42:27,839
is closed
1117
00:42:27,839 --> 00:42:31,040
and one can simply just specify Port 80
1118
00:42:31,040 --> 00:42:34,380
is closed because we are scanning that
1119
00:42:34,380 --> 00:42:35,220
port
1120
00:42:35,220 --> 00:42:38,280
if we do manage to connect we can print
1121
00:42:38,280 --> 00:42:43,800
Port 80 is open okay so this is the base
1122
00:42:43,800 --> 00:42:46,200
part of the program let's see whether
1123
00:42:46,200 --> 00:42:49,140
this works now in order to test this and
1124
00:42:49,140 --> 00:42:51,000
see whether it works I'm going to pick a
1125
00:42:51,000 --> 00:42:52,619
random IP address which in this case
1126
00:42:52,619 --> 00:42:55,140
will be the IP address of my laptop and
1127
00:42:55,140 --> 00:42:56,460
in your case you can simply just scan
1128
00:42:56,460 --> 00:42:58,619
any website on the internet for example
1129
00:42:58,619 --> 00:43:02,700
let's say we go to Firefox
1130
00:43:02,700 --> 00:43:05,280
and we can visit any website we want now
1131
00:43:05,280 --> 00:43:07,680
keep in mind once we actually manage to
1132
00:43:07,680 --> 00:43:09,240
visit the website that means that the
1133
00:43:09,240 --> 00:43:11,160
port 80 is open because we are loading
1134
00:43:11,160 --> 00:43:14,760
the web page so let's go to this one
1135
00:43:14,760 --> 00:43:17,880
you can choose any you like I'm going to
1136
00:43:17,880 --> 00:43:20,599
scan this one
1137
00:43:21,180 --> 00:43:23,700
okay so let's copy this
1138
00:43:23,700 --> 00:43:26,099
this is the name of the website
1139
00:43:26,099 --> 00:43:28,079
let's go right here inside of our
1140
00:43:28,079 --> 00:43:30,180
terminal and let's try to run the
1141
00:43:30,180 --> 00:43:32,880
program Python 3 and then the name of
1142
00:43:32,880 --> 00:43:36,180
the program which in our case oops
1143
00:43:36,180 --> 00:43:40,160
in our case it is
1144
00:43:40,440 --> 00:43:44,400
Python 3 or scanner.py
1145
00:43:44,400 --> 00:43:46,560
it will ask us to enter the target to
1146
00:43:46,560 --> 00:43:48,780
scan now you will notice if you specify
1147
00:43:48,780 --> 00:43:51,000
like this so we paste the name of the
1148
00:43:51,000 --> 00:43:53,400
website and we click here enter it will
1149
00:43:53,400 --> 00:43:55,920
tell you that the port 80 is closed
1150
00:43:55,920 --> 00:43:58,380
now why does it tell that is the port 80
1151
00:43:58,380 --> 00:44:01,200
really closed well not really since we
1152
00:44:01,200 --> 00:44:03,480
actually managed to open it right here
1153
00:44:03,480 --> 00:44:06,240
on our Firefox therefore something is
1154
00:44:06,240 --> 00:44:07,680
wrong with our program
1155
00:44:07,680 --> 00:44:09,900
well we cannot really specify the link
1156
00:44:09,900 --> 00:44:11,520
to the actual website so how can we
1157
00:44:11,520 --> 00:44:13,260
discover the IP address to this website
1158
00:44:13,260 --> 00:44:15,119
well we can use something called
1159
00:44:15,119 --> 00:44:17,160
nslookup
1160
00:44:17,160 --> 00:44:20,520
and we specify the actual link
1161
00:44:20,520 --> 00:44:22,800
press here enter
1162
00:44:22,800 --> 00:44:25,440
and what this will do whoops it says
1163
00:44:25,440 --> 00:44:30,359
cannot find let's just try like this
1164
00:44:30,359 --> 00:44:33,660
without the http www and then the name
1165
00:44:33,660 --> 00:44:36,380
of the website
1166
00:44:36,480 --> 00:44:39,480
okay so here it is now we are able to
1167
00:44:39,480 --> 00:44:41,640
retrieve the IP address to this specific
1168
00:44:41,640 --> 00:44:43,079
website
1169
00:44:43,079 --> 00:44:45,420
what if we copy this IP address and go
1170
00:44:45,420 --> 00:44:48,300
with this so copy
1171
00:44:48,300 --> 00:44:50,700
and let's clear the screen and run our
1172
00:44:50,700 --> 00:44:53,520
Port scanner once again enter Target to
1173
00:44:53,520 --> 00:44:56,640
scan we paste this and now we get the
1174
00:44:56,640 --> 00:44:59,339
correct result it says Port 80 is open
1175
00:44:59,339 --> 00:45:02,280
okay so for now on what we did we
1176
00:45:02,280 --> 00:45:04,319
created two simple variables one will
1177
00:45:04,319 --> 00:45:06,240
host the IP address that we input during
1178
00:45:06,240 --> 00:45:08,040
the running of the program and the other
1179
00:45:08,040 --> 00:45:10,980
one will host the port number 80. so we
1180
00:45:10,980 --> 00:45:12,420
are not inputting this we are not
1181
00:45:12,420 --> 00:45:14,099
changing this this will simply just
1182
00:45:14,099 --> 00:45:15,900
stick to 80 for now
1183
00:45:15,900 --> 00:45:18,720
then we try to connect and if we manage
1184
00:45:18,720 --> 00:45:20,640
to connect we print that the port 80 is
1185
00:45:20,640 --> 00:45:22,980
open if we don't manage to connect we
1186
00:45:22,980 --> 00:45:25,200
print Port 80 is closed
1187
00:45:25,200 --> 00:45:27,359
okay so good for now we discovered that
1188
00:45:27,359 --> 00:45:29,700
the port 80 is open on this specific
1189
00:45:29,700 --> 00:45:31,560
website that we scanned
1190
00:45:31,560 --> 00:45:33,180
but this is not really what we want
1191
00:45:33,180 --> 00:45:35,940
right we want to actually scan multiple
1192
00:45:35,940 --> 00:45:39,000
targets we want to scan all ports or as
1193
00:45:39,000 --> 00:45:41,339
many number of ports as we like we want
1194
00:45:41,339 --> 00:45:43,260
to print which port is open which Port
1195
00:45:43,260 --> 00:45:44,640
is closed
1196
00:45:44,640 --> 00:45:47,520
and ideally we also want to connect to
1197
00:45:47,520 --> 00:45:49,740
that port and see which software is it
1198
00:45:49,740 --> 00:45:51,780
running on that open port
1199
00:45:51,780 --> 00:45:53,940
now that word scanner would be a really
1200
00:45:53,940 --> 00:45:54,960
good one
1201
00:45:54,960 --> 00:45:56,940
so let's see in the next few videos how
1202
00:45:56,940 --> 00:45:59,520
we can Implement all of that we would
1203
00:45:59,520 --> 00:46:01,800
also like to change this program to also
1204
00:46:01,800 --> 00:46:04,140
accept the links and not just the IP
1205
00:46:04,140 --> 00:46:06,300
addresses so you saw previously we
1206
00:46:06,300 --> 00:46:07,980
couldn't really specify the link it gave
1207
00:46:07,980 --> 00:46:10,319
us the wrong result because it cannot
1208
00:46:10,319 --> 00:46:12,060
really connect to a link inside of this
1209
00:46:12,060 --> 00:46:14,280
program but we also want to make sure
1210
00:46:14,280 --> 00:46:16,200
that once the user of this program
1211
00:46:16,200 --> 00:46:18,960
specifies a link such as www.google.com
1212
00:46:18,960 --> 00:46:21,720
it will also manage to discover open and
1213
00:46:21,720 --> 00:46:24,000
close ports so we're going to see how we
1214
00:46:24,000 --> 00:46:25,740
can perform all of that in the next few
1215
00:46:25,740 --> 00:46:26,880
lectures
1216
00:46:26,880 --> 00:46:29,339
for now on we created the base part and
1217
00:46:29,339 --> 00:46:31,079
we are ready to continue coding on
1218
00:46:31,079 --> 00:46:33,180
alright so hope I see you in the next
1219
00:46:33,180 --> 00:46:34,800
tutorial bye
1220
00:46:34,800 --> 00:46:36,839
all right welcome back let's continue
1221
00:46:36,839 --> 00:46:39,420
with our Port scanner what we did by now
1222
00:46:39,420 --> 00:46:41,040
as you can see from the previous video
1223
00:46:41,040 --> 00:46:43,380
we only discovered that the port 80 is
1224
00:46:43,380 --> 00:46:45,660
open on the website that we scanned
1225
00:46:45,660 --> 00:46:47,819
so what we need to do now is we need to
1226
00:46:47,819 --> 00:46:50,579
wrap this code inside the function
1227
00:46:50,579 --> 00:46:52,140
and let me show you why we are doing
1228
00:46:52,140 --> 00:46:54,839
that if I simply Define a function which
1229
00:46:54,839 --> 00:46:58,440
will be called scan underscore port
1230
00:46:58,440 --> 00:47:00,060
and for those of you who don't know to
1231
00:47:00,060 --> 00:47:01,680
define a function you simply just type
1232
00:47:01,680 --> 00:47:03,839
Def and then the function name
1233
00:47:03,839 --> 00:47:06,839
this function will take two parameters
1234
00:47:06,839 --> 00:47:08,940
which will be the IP address
1235
00:47:08,940 --> 00:47:10,619
which were defined at the beginning of
1236
00:47:10,619 --> 00:47:14,940
the program and it will also be report
1237
00:47:14,940 --> 00:47:16,200
okay
1238
00:47:16,200 --> 00:47:18,960
we specify two dots and now we need to
1239
00:47:18,960 --> 00:47:20,880
tap all of this code in
1240
00:47:20,880 --> 00:47:23,819
so it can belong to the function that we
1241
00:47:23,819 --> 00:47:25,380
created
1242
00:47:25,380 --> 00:47:28,500
okay so here it is what this function
1243
00:47:28,500 --> 00:47:30,720
will do is it will scan the port and it
1244
00:47:30,720 --> 00:47:34,319
will define whether it is open or closed
1245
00:47:34,319 --> 00:47:36,900
now another thing that we want to do is
1246
00:47:36,900 --> 00:47:39,060
we don't really want the ports to be
1247
00:47:39,060 --> 00:47:41,280
already predetermined for example let's
1248
00:47:41,280 --> 00:47:42,960
say that the user of this program wants
1249
00:47:42,960 --> 00:47:45,540
to scan Port 22 which is the SSH Port
1250
00:47:45,540 --> 00:47:47,880
well we want to allow them to actually
1251
00:47:47,880 --> 00:47:50,220
do that so we need to remove this port
1252
00:47:50,220 --> 00:47:52,859
equals 18.
1253
00:47:52,859 --> 00:47:55,020
and also from these comments right here
1254
00:47:55,020 --> 00:47:56,880
we want to type
1255
00:47:56,880 --> 00:47:58,859
port
1256
00:47:58,859 --> 00:48:00,900
and then we are going to type it like
1257
00:48:00,900 --> 00:48:03,180
this
1258
00:48:03,180 --> 00:48:05,060
Plus
1259
00:48:05,060 --> 00:48:08,640
string from the port and the reason why
1260
00:48:08,640 --> 00:48:10,859
we are using the string function onto
1261
00:48:10,859 --> 00:48:13,020
this port variable is because the port
1262
00:48:13,020 --> 00:48:15,500
variable will hold an integer value
1263
00:48:15,500 --> 00:48:18,000
therefore once we actually try to print
1264
00:48:18,000 --> 00:48:21,060
it we will get an error if we try to
1265
00:48:21,060 --> 00:48:23,099
print an integer value so we need to
1266
00:48:23,099 --> 00:48:24,960
convert it first to string using this
1267
00:48:24,960 --> 00:48:27,780
Str function and then we can print this
1268
00:48:27,780 --> 00:48:30,359
so for example if the for if the port is
1269
00:48:30,359 --> 00:48:34,619
number 23 this will print Port 23 is
1270
00:48:34,619 --> 00:48:35,520
open
1271
00:48:35,520 --> 00:48:39,500
we also need to do the same right here
1272
00:48:40,380 --> 00:48:43,880
string from Port
1273
00:48:44,400 --> 00:48:48,119
okay so Port 23 is closed and now let's
1274
00:48:48,119 --> 00:48:50,400
test our function but let's add a little
1275
00:48:50,400 --> 00:48:52,260
bit of a Twist to it so what we want to
1276
00:48:52,260 --> 00:48:55,500
do is we want to scan first 10 ports on
1277
00:48:55,500 --> 00:48:57,060
our website
1278
00:48:57,060 --> 00:49:00,359
all right so how can we do that well we
1279
00:49:00,359 --> 00:49:04,200
don't have a port specified at all so we
1280
00:49:04,200 --> 00:49:06,660
need to iterate over numbers 1 through
1281
00:49:06,660 --> 00:49:09,660
10 and then specify for each number that
1282
00:49:09,660 --> 00:49:12,480
the port is equal that exact number
1283
00:49:12,480 --> 00:49:14,460
let me show you what they mean so right
1284
00:49:14,460 --> 00:49:17,880
here if I go all the way down and below
1285
00:49:17,880 --> 00:49:20,819
the function I specify
1286
00:49:20,819 --> 00:49:22,980
for Port
1287
00:49:22,980 --> 00:49:24,900
in range
1288
00:49:24,900 --> 00:49:27,480
one to ten
1289
00:49:27,480 --> 00:49:31,859
I want to perform a function scan oops
1290
00:49:31,859 --> 00:49:36,119
underscore port on the IP address
1291
00:49:36,119 --> 00:49:38,940
with the port number
1292
00:49:38,940 --> 00:49:41,760
so what this will do is it will go for
1293
00:49:41,760 --> 00:49:44,339
port in range from 1 to 10 so first of
1294
00:49:44,339 --> 00:49:46,319
all Port would be number one we want to
1295
00:49:46,319 --> 00:49:48,960
scan the IP address with the port equal
1296
00:49:48,960 --> 00:49:51,480
to one then it will perform this task
1297
00:49:51,480 --> 00:49:52,800
right here
1298
00:49:52,800 --> 00:49:54,540
then it will go back
1299
00:49:54,540 --> 00:49:56,700
change the port variable to be equal to
1300
00:49:56,700 --> 00:49:59,520
2 and then it will perform the same task
1301
00:49:59,520 --> 00:50:01,920
just with the port number equal to 2.
1302
00:50:01,920 --> 00:50:03,780
also what we want to do is we want to
1303
00:50:03,780 --> 00:50:06,300
copy this
1304
00:50:06,300 --> 00:50:09,240
copy then we can delete it
1305
00:50:09,240 --> 00:50:12,020
and we can paste it below the function
1306
00:50:12,020 --> 00:50:13,980
right here
1307
00:50:13,980 --> 00:50:17,520
okay now let's see whether this works
1308
00:50:17,520 --> 00:50:19,740
so once again for this feel free to scan
1309
00:50:19,740 --> 00:50:22,380
any website you want I will simply just
1310
00:50:22,380 --> 00:50:24,480
go with the same website that we used in
1311
00:50:24,480 --> 00:50:27,000
the previous video and once again in
1312
00:50:27,000 --> 00:50:28,920
order to discover the IP address of the
1313
00:50:28,920 --> 00:50:31,380
link We simply just type nslookup
1314
00:50:31,380 --> 00:50:33,660
and then
1315
00:50:33,660 --> 00:50:37,980
the link to the actual website copy IP
1316
00:50:37,980 --> 00:50:40,220
address
1317
00:50:40,740 --> 00:50:42,900
copy
1318
00:50:42,900 --> 00:50:46,640
and then let's run the program
1319
00:50:48,180 --> 00:50:51,240
enter Target to scan we select the IP
1320
00:50:51,240 --> 00:50:54,260
address here it is
1321
00:50:54,780 --> 00:50:58,160
and now it is scanning first 10 ports
1322
00:50:58,160 --> 00:51:02,040
now right away you can notice that it's
1323
00:51:02,040 --> 00:51:03,839
not really printing anything it is
1324
00:51:03,839 --> 00:51:06,900
actually going rather slow and it is
1325
00:51:06,900 --> 00:51:08,819
still not even finished with the first
1326
00:51:08,819 --> 00:51:10,920
Port now we don't really want this we
1327
00:51:10,920 --> 00:51:13,619
want our Port scanner to work faster so
1328
00:51:13,619 --> 00:51:15,359
how can we fix this well first of all
1329
00:51:15,359 --> 00:51:18,800
Ctrl C onto the program
1330
00:51:18,960 --> 00:51:22,500
right here and then inside of our scan
1331
00:51:22,500 --> 00:51:24,300
Port function we need to add another
1332
00:51:24,300 --> 00:51:26,220
line
1333
00:51:26,220 --> 00:51:29,059
which will be
1334
00:51:29,760 --> 00:51:31,859
sock dot set
1335
00:51:31,859 --> 00:51:34,140
timeout and we want to set the timeout
1336
00:51:34,140 --> 00:51:37,079
to be equal to 0.5 seconds
1337
00:51:37,079 --> 00:51:39,660
now keep in mind also that the accuracy
1338
00:51:39,660 --> 00:51:41,940
of the scan will depend on the length of
1339
00:51:41,940 --> 00:51:44,280
the timeout so some ports will take a
1340
00:51:44,280 --> 00:51:46,619
longer to connect to and some ports will
1341
00:51:46,619 --> 00:51:48,180
take less to connect to if you simply
1342
00:51:48,180 --> 00:51:50,099
just leave it without timeout the
1343
00:51:50,099 --> 00:51:52,020
accuracy will be the highest the lower
1344
00:51:52,020 --> 00:51:55,079
the timeout the smaller the accuracy but
1345
00:51:55,079 --> 00:51:57,300
this is a price that we want to pay in
1346
00:51:57,300 --> 00:52:00,059
order to actually scan the target faster
1347
00:52:00,059 --> 00:52:02,339
so let's see whether this worked so
1348
00:52:02,339 --> 00:52:04,440
Python 3 Port scanner
1349
00:52:04,440 --> 00:52:06,720
we paste the IP address and we can see
1350
00:52:06,720 --> 00:52:09,780
Port 1 is closed and all of the 10 ports
1351
00:52:09,780 --> 00:52:12,300
are closed on our website
1352
00:52:12,300 --> 00:52:15,540
so we scan ports 1 through 10.
1353
00:52:15,540 --> 00:52:18,240
okay now this is probably correct for
1354
00:52:18,240 --> 00:52:19,800
the website that I'm scanning but how
1355
00:52:19,800 --> 00:52:21,599
can we check that well in the previous
1356
00:52:21,599 --> 00:52:23,400
video I scanned the exact same website
1357
00:52:23,400 --> 00:52:26,640
and I scan the port 80. so how can I
1358
00:52:26,640 --> 00:52:28,800
check whether this is working correctly
1359
00:52:28,800 --> 00:52:31,559
well instead of the range 1 through 10 I
1360
00:52:31,559 --> 00:52:34,520
will simply just type
1361
00:52:34,920 --> 00:52:36,960
75
1362
00:52:36,960 --> 00:52:39,599
through 85
1363
00:52:39,599 --> 00:52:41,940
and most likely all of the ports will be
1364
00:52:41,940 --> 00:52:44,940
closed except the port 80. so let's see
1365
00:52:44,940 --> 00:52:47,839
how this works Python 3 Port scanner
1366
00:52:47,839 --> 00:52:50,280
paste the IP address
1367
00:52:50,280 --> 00:52:52,800
all the ports are closed and we have one
1368
00:52:52,800 --> 00:52:57,420
port open and that is port 80. okay so
1369
00:52:57,420 --> 00:52:59,940
our program seems to work really well
1370
00:52:59,940 --> 00:53:01,980
okay so we discovered that we need to
1371
00:53:01,980 --> 00:53:03,960
set the timeout in order to actually
1372
00:53:03,960 --> 00:53:06,119
scan ports faster
1373
00:53:06,119 --> 00:53:10,140
we lose the accuracy but we gain on time
1374
00:53:10,140 --> 00:53:12,420
in the next video we're going to take a
1375
00:53:12,420 --> 00:53:15,599
look at how we can convert the link to
1376
00:53:15,599 --> 00:53:17,400
an actual IP address
1377
00:53:17,400 --> 00:53:19,319
for example we're going to take a look
1378
00:53:19,319 --> 00:53:21,240
at how we can convert our link of a
1379
00:53:21,240 --> 00:53:23,579
website to an IP address inside of our
1380
00:53:23,579 --> 00:53:25,500
program so whether the user of this
1381
00:53:25,500 --> 00:53:27,480
program specifies a link or an IP
1382
00:53:27,480 --> 00:53:29,760
address this will still work
1383
00:53:29,760 --> 00:53:31,500
okay so I hope I see you in the next
1384
00:53:31,500 --> 00:53:34,800
video and take care bye
1385
00:53:34,800 --> 00:53:36,780
welcome back everyone let's continue
1386
00:53:36,780 --> 00:53:39,599
with our Port scanner so what we did by
1387
00:53:39,599 --> 00:53:41,700
now is we simply just created this
1388
00:53:41,700 --> 00:53:43,440
function which allows us to scan the
1389
00:53:43,440 --> 00:53:46,200
ports and we also saw how we can use for
1390
00:53:46,200 --> 00:53:48,300
Loop in order to iterate over a certain
1391
00:53:48,300 --> 00:53:50,640
amount of ports and scan each and every
1392
00:53:50,640 --> 00:53:51,900
one of them
1393
00:53:51,900 --> 00:53:53,760
but right now let's see how we can
1394
00:53:53,760 --> 00:53:56,099
Implement a function that will allow the
1395
00:53:56,099 --> 00:53:58,440
user of this program to specify the
1396
00:53:58,440 --> 00:54:00,480
domain name as well as the IP address if
1397
00:54:00,480 --> 00:54:01,619
they like
1398
00:54:01,619 --> 00:54:05,339
well here is where our ipy library comes
1399
00:54:05,339 --> 00:54:06,420
in help
1400
00:54:06,420 --> 00:54:08,579
so you will notice that this is still
1401
00:54:08,579 --> 00:54:10,859
gray that means that we haven't used it
1402
00:54:10,859 --> 00:54:13,140
inside of our code and that will change
1403
00:54:13,140 --> 00:54:13,920
now
1404
00:54:13,920 --> 00:54:15,240
so
1405
00:54:15,240 --> 00:54:17,760
we'll simply just create a function up
1406
00:54:17,760 --> 00:54:20,339
here which will be called let's say
1407
00:54:20,339 --> 00:54:22,740
check underscore IP
1408
00:54:22,740 --> 00:54:24,420
and this function will take one
1409
00:54:24,420 --> 00:54:26,400
parameter which we will specify inside
1410
00:54:26,400 --> 00:54:28,200
of these brackets and that parameter
1411
00:54:28,200 --> 00:54:31,859
will be the IP address okay
1412
00:54:31,859 --> 00:54:33,900
now before we code any of this function
1413
00:54:33,900 --> 00:54:36,839
we need to specify all the way down
1414
00:54:36,839 --> 00:54:38,760
what we are going to provide to this
1415
00:54:38,760 --> 00:54:41,099
function and by that I mean which
1416
00:54:41,099 --> 00:54:43,760
parameter are we going to send well
1417
00:54:43,760 --> 00:54:46,079
logically in our case we're going to
1418
00:54:46,079 --> 00:54:48,960
send the IP address parameter keep in
1419
00:54:48,960 --> 00:54:50,579
mind that this IP address variable
1420
00:54:50,579 --> 00:54:53,520
doesn't have to store the IP address it
1421
00:54:53,520 --> 00:54:56,700
can also store the domain name
1422
00:54:56,700 --> 00:54:59,520
so what we need to do is we need to
1423
00:54:59,520 --> 00:55:01,680
simply just after the user specifies the
1424
00:55:01,680 --> 00:55:03,599
target we'll simply just call the
1425
00:55:03,599 --> 00:55:06,839
function check underscore IP and we will
1426
00:55:06,839 --> 00:55:09,420
paste the IP address
1427
00:55:09,420 --> 00:55:12,680
inside of that function
1428
00:55:13,380 --> 00:55:16,079
then we are going to store all of this
1429
00:55:16,079 --> 00:55:20,000
inside of a converted
1430
00:55:20,520 --> 00:55:23,520
underscore IP and you will see in just a
1431
00:55:23,520 --> 00:55:26,220
second why we are doing this so right
1432
00:55:26,220 --> 00:55:28,800
here we are going to scan the converted
1433
00:55:28,800 --> 00:55:31,400
IP address
1434
00:55:32,760 --> 00:55:36,000
and the port number
1435
00:55:36,000 --> 00:55:39,180
okay so let's code function above so
1436
00:55:39,180 --> 00:55:40,680
obviously we need to use this library
1437
00:55:40,680 --> 00:55:43,500
right here and this actual Library comes
1438
00:55:43,500 --> 00:55:45,300
with a specific function which is simply
1439
00:55:45,300 --> 00:55:47,640
called ipfunction okay
1440
00:55:47,640 --> 00:55:51,300
so if I go to my Google home and I have
1441
00:55:51,300 --> 00:55:53,460
a page opened right here which is
1442
00:55:53,460 --> 00:55:55,559
basically the documentation of the ipy
1443
00:55:55,559 --> 00:55:57,599
library we can see that they use right
1444
00:55:57,599 --> 00:55:59,579
here this IP function in order to
1445
00:55:59,579 --> 00:56:02,460
convert an IP address to the IP format
1446
00:56:02,460 --> 00:56:04,920
so in order for our function to work we
1447
00:56:04,920 --> 00:56:06,720
need to specify inside of the brackets
1448
00:56:06,720 --> 00:56:09,240
the IP address which is the parameter of
1449
00:56:09,240 --> 00:56:11,099
our function
1450
00:56:11,099 --> 00:56:13,380
if it manages to convert the IP address
1451
00:56:13,380 --> 00:56:15,420
that means that this works successfully
1452
00:56:15,420 --> 00:56:17,819
and that the user actually specified the
1453
00:56:17,819 --> 00:56:20,339
actual IP address to the Target if it
1454
00:56:20,339 --> 00:56:22,559
gets an value error that means that the
1455
00:56:22,559 --> 00:56:24,480
user specify the domain name
1456
00:56:24,480 --> 00:56:27,359
so let's write that right here and in
1457
00:56:27,359 --> 00:56:28,800
case you don't understand we are going
1458
00:56:28,800 --> 00:56:31,079
to test this so don't worry we're going
1459
00:56:31,079 --> 00:56:34,200
to try to convert the IP address
1460
00:56:34,200 --> 00:56:36,240
and if it manages we are going to return
1461
00:56:36,240 --> 00:56:38,940
simply what we sent to the function
1462
00:56:38,940 --> 00:56:40,500
which is the IP
1463
00:56:40,500 --> 00:56:42,839
and in case it doesn't work we are going
1464
00:56:42,839 --> 00:56:46,380
to get the value error
1465
00:56:46,380 --> 00:56:48,240
which means that the user most likely
1466
00:56:48,240 --> 00:56:50,400
specified the domain name and therefore
1467
00:56:50,400 --> 00:56:53,040
we're going to return a function which
1468
00:56:53,040 --> 00:56:54,960
belongs to the socket Library which
1469
00:56:54,960 --> 00:56:57,599
allows us to convert the actual hostname
1470
00:56:57,599 --> 00:57:00,300
to the IP address so all we need to do
1471
00:57:00,300 --> 00:57:02,280
is specify that function and call it
1472
00:57:02,280 --> 00:57:04,920
upon our IP address and we can do that
1473
00:57:04,920 --> 00:57:08,099
by simply specifying return socket dot
1474
00:57:08,099 --> 00:57:10,680
get host by name
1475
00:57:10,680 --> 00:57:13,200
and here we specify the hostname or in
1476
00:57:13,200 --> 00:57:15,960
our case the IP which we paste it to our
1477
00:57:15,960 --> 00:57:19,079
function okay so this is our internal
1478
00:57:19,079 --> 00:57:21,300
function now let's see inside of a
1479
00:57:21,300 --> 00:57:23,599
terminal
1480
00:57:23,760 --> 00:57:27,000
and let's open up our python 3.
1481
00:57:27,000 --> 00:57:31,140
and here we can import IP oops let me
1482
00:57:31,140 --> 00:57:34,319
just do it like this first of all I will
1483
00:57:34,319 --> 00:57:37,579
enlarge this so we can see it better
1484
00:57:37,579 --> 00:57:41,940
open Python 3 import or
1485
00:57:41,940 --> 00:57:44,400
from ipy
1486
00:57:44,400 --> 00:57:46,680
import IP
1487
00:57:46,680 --> 00:57:49,140
and now let's say we have a variable
1488
00:57:49,140 --> 00:57:51,359
called IP address
1489
00:57:51,359 --> 00:57:53,720
and it will be
1490
00:57:53,720 --> 00:57:57,240
192.168.1.1 okay and now if I simply
1491
00:57:57,240 --> 00:58:00,300
just call converted IP
1492
00:58:00,300 --> 00:58:01,800
equals
1493
00:58:01,800 --> 00:58:06,200
IP from IP address
1494
00:58:07,920 --> 00:58:12,020
and I print the converted IP
1495
00:58:12,359 --> 00:58:14,520
you will see it will still be the same
1496
00:58:14,520 --> 00:58:16,859
IP address so it really didn't change
1497
00:58:16,859 --> 00:58:19,319
anything therefore right here if it
1498
00:58:19,319 --> 00:58:21,180
manages to do that we're simply just
1499
00:58:21,180 --> 00:58:23,220
returning the IP address that we pasted
1500
00:58:23,220 --> 00:58:25,500
inside of this function and we are not
1501
00:58:25,500 --> 00:58:27,300
making any changes to it
1502
00:58:27,300 --> 00:58:29,880
but that is only the case if this user
1503
00:58:29,880 --> 00:58:32,220
specifies the IP address if the user
1504
00:58:32,220 --> 00:58:33,780
specifies the domain name so let's
1505
00:58:33,780 --> 00:58:35,579
create a variable called domain name
1506
00:58:35,579 --> 00:58:38,700
equals and then let's say
1507
00:58:38,700 --> 00:58:41,700
google.com
1508
00:58:42,240 --> 00:58:44,700
and we try the same thing so converted
1509
00:58:44,700 --> 00:58:46,440
IP
1510
00:58:46,440 --> 00:58:49,380
equals IP
1511
00:58:49,380 --> 00:58:52,799
from the domain name
1512
00:58:52,799 --> 00:58:55,140
and you will see we will get an error
1513
00:58:55,140 --> 00:58:57,839
and it will be the value error
1514
00:58:57,839 --> 00:59:00,299
so that is the case right here
1515
00:59:00,299 --> 00:59:02,160
then we are going to perform the get
1516
00:59:02,160 --> 00:59:04,140
host by name which will retrieve the IP
1517
00:59:04,140 --> 00:59:06,359
address of the google.com and then we
1518
00:59:06,359 --> 00:59:08,400
will return the IP address inside of our
1519
00:59:08,400 --> 00:59:10,020
scan Port function
1520
00:59:10,020 --> 00:59:11,880
so that is all there is for this
1521
00:59:11,880 --> 00:59:14,339
function now let's see whether this
1522
00:59:14,339 --> 00:59:16,260
works
1523
00:59:16,260 --> 00:59:19,200
okay so let's run the program Python 3
1524
00:59:19,200 --> 00:59:21,839
and then Port scanner
1525
00:59:21,839 --> 00:59:26,339
enter Target to scan let's say we enter
1526
00:59:26,339 --> 00:59:28,440
let's say the same website as before
1527
00:59:28,440 --> 00:59:30,599
let's not change it right now and
1528
00:59:30,599 --> 00:59:32,900
instead of the IP address we now enter
1529
00:59:32,900 --> 00:59:34,980
the domain name
1530
00:59:34,980 --> 00:59:37,740
we're going to leave this to run and
1531
00:59:37,740 --> 00:59:39,299
here we can see that it works
1532
00:59:39,299 --> 00:59:41,040
successfully as it did manage to find
1533
00:59:41,040 --> 00:59:43,740
the port 80 open we will get the same
1534
00:59:43,740 --> 00:59:46,200
result even if we scanned with an IP
1535
00:59:46,200 --> 00:59:48,359
address so right now we can specify both
1536
00:59:48,359 --> 00:59:50,819
the domain name and IP address so that
1537
00:59:50,819 --> 00:59:51,839
is good
1538
00:59:51,839 --> 00:59:53,400
now in the next video we're going to
1539
00:59:53,400 --> 00:59:54,900
take a look at how we can specify
1540
00:59:54,900 --> 00:59:56,760
multiple targets and scan multiple
1541
00:59:56,760 --> 00:59:58,319
targets at once
1542
00:59:58,319 --> 01:00:00,119
so we don't have to run our program over
1543
01:00:00,119 --> 01:00:02,160
and over again we can do the same thing
1544
01:00:02,160 --> 01:00:04,140
just by specifying multiple targets
1545
01:00:04,140 --> 01:00:05,700
inside of our program
1546
01:00:05,700 --> 01:00:08,040
and it will scan them one by one
1547
01:00:08,040 --> 01:00:10,140
so we're going to take a look at that in
1548
01:00:10,140 --> 01:00:11,700
the next tutorial hope you enjoyed this
1549
01:00:11,700 --> 01:00:13,980
small lecture and I will see you in the
1550
01:00:13,980 --> 01:00:16,079
next one bye
1551
01:00:16,079 --> 01:00:17,880
welcome back everybody and let's
1552
01:00:17,880 --> 01:00:20,160
continue with our Port scanner so we
1553
01:00:20,160 --> 01:00:21,900
managed to create a function that will
1554
01:00:21,900 --> 01:00:24,000
convert the domain name into an IP
1555
01:00:24,000 --> 01:00:26,040
address and now we want to be able to
1556
01:00:26,040 --> 01:00:28,020
specify multiple targets for our program
1557
01:00:28,020 --> 01:00:29,579
to scan
1558
01:00:29,579 --> 01:00:32,400
okay so how we can do that well it is
1559
01:00:32,400 --> 01:00:34,740
rather easy we're going to implement a
1560
01:00:34,740 --> 01:00:36,420
little bit of changes down here at the
1561
01:00:36,420 --> 01:00:38,700
bottom of our program so here you will
1562
01:00:38,700 --> 01:00:41,160
notice that we have the variable called
1563
01:00:41,160 --> 01:00:42,480
IP address
1564
01:00:42,480 --> 01:00:45,240
now it says enter Target to scan
1565
01:00:45,240 --> 01:00:47,220
well we could simply just do something
1566
01:00:47,220 --> 01:00:49,740
like this and specify to the user of
1567
01:00:49,740 --> 01:00:51,540
this program that they can also enter
1568
01:00:51,540 --> 01:00:55,140
multiple targets by typing Target slash
1569
01:00:55,140 --> 01:00:56,339
S
1570
01:00:56,339 --> 01:00:58,740
and also we're going to specify to the
1571
01:00:58,740 --> 01:01:01,020
user
1572
01:01:01,020 --> 01:01:04,940
split multiple targets
1573
01:01:05,099 --> 01:01:06,540
with
1574
01:01:06,540 --> 01:01:07,920
comma
1575
01:01:07,920 --> 01:01:12,660
okay so simple as that let us make this
1576
01:01:12,660 --> 01:01:14,579
a little bit better but this is just the
1577
01:01:14,579 --> 01:01:16,500
part where we prompt the user how they
1578
01:01:16,500 --> 01:01:19,079
can specify multiple targets now we need
1579
01:01:19,079 --> 01:01:21,119
to actually split these targets and scan
1580
01:01:21,119 --> 01:01:23,280
each one of them one by one
1581
01:01:23,280 --> 01:01:26,040
so how can we do that well first thing
1582
01:01:26,040 --> 01:01:27,780
we're going to do is so we don't get
1583
01:01:27,780 --> 01:01:29,579
confused we are going to rename this
1584
01:01:29,579 --> 01:01:33,599
into targets variable
1585
01:01:33,599 --> 01:01:35,579
and then what we're going to do we're
1586
01:01:35,579 --> 01:01:38,520
going to delete this line for now
1587
01:01:38,520 --> 01:01:42,119
we're going to specify if and then
1588
01:01:42,119 --> 01:01:44,400
comma
1589
01:01:44,400 --> 01:01:46,260
in targets
1590
01:01:46,260 --> 01:01:48,420
if there is command targets logically
1591
01:01:48,420 --> 01:01:50,220
that means that the user of this program
1592
01:01:50,220 --> 01:01:53,099
specified multiple targets to scan if
1593
01:01:53,099 --> 01:01:55,140
there is not comma inside of the targets
1594
01:01:55,140 --> 01:01:56,940
variable that means that the user only
1595
01:01:56,940 --> 01:01:59,579
specified one target to scan so we're
1596
01:01:59,579 --> 01:02:01,619
going to lead by that logic
1597
01:02:01,619 --> 01:02:05,700
so if comma is in targets then for IP
1598
01:02:05,700 --> 01:02:07,619
address
1599
01:02:07,619 --> 01:02:09,240
and we're going to call it simply just
1600
01:02:09,240 --> 01:02:11,160
IP underscore add
1601
01:02:11,160 --> 01:02:13,500
in targets
1602
01:02:13,500 --> 01:02:15,059
and we're going to call the function
1603
01:02:15,059 --> 01:02:16,920
called split
1604
01:02:16,920 --> 01:02:18,720
and what this function does is basically
1605
01:02:18,720 --> 01:02:21,480
it will split the string
1606
01:02:21,480 --> 01:02:23,520
with the character that we specify
1607
01:02:23,520 --> 01:02:25,559
inside of the brackets so we want to
1608
01:02:25,559 --> 01:02:28,319
split at every comma if we split at
1609
01:02:28,319 --> 01:02:29,760
every comma that means we're going to
1610
01:02:29,760 --> 01:02:32,400
split all of the IP addresses one by one
1611
01:02:32,400 --> 01:02:35,280
therefore we're specify right here for
1612
01:02:35,280 --> 01:02:38,040
IP address in targets.split we want to
1613
01:02:38,040 --> 01:02:42,480
scan each and every IP address so scan
1614
01:02:42,480 --> 01:02:43,920
port
1615
01:02:43,920 --> 01:02:46,500
IP address
1616
01:02:46,500 --> 01:02:48,960
and then
1617
01:02:48,960 --> 01:02:50,880
so we want to scan each and every Target
1618
01:02:50,880 --> 01:02:53,700
from this list and in order to do that
1619
01:02:53,700 --> 01:02:56,280
we're going to create a function which
1620
01:02:56,280 --> 01:02:59,339
is going to be called scan now I know we
1621
01:02:59,339 --> 01:03:01,859
do have a scan Port function but we're
1622
01:03:01,859 --> 01:03:03,480
going to use this function in order to
1623
01:03:03,480 --> 01:03:06,900
scan one single port one by one
1624
01:03:06,900 --> 01:03:08,640
and we're going to call this scan
1625
01:03:08,640 --> 01:03:10,619
function in order to scan each and every
1626
01:03:10,619 --> 01:03:12,900
Target and also convert the domain name
1627
01:03:12,900 --> 01:03:16,140
into an IP address if needed so all that
1628
01:03:16,140 --> 01:03:17,940
this function will take as a parameter
1629
01:03:17,940 --> 01:03:21,359
will be the IP address which we'll get
1630
01:03:21,359 --> 01:03:25,020
from this for Loop right here okay we
1631
01:03:25,020 --> 01:03:27,480
also want to strip it from any
1632
01:03:27,480 --> 01:03:30,540
unnecessary empty spaces in case there
1633
01:03:30,540 --> 01:03:31,559
are some
1634
01:03:31,559 --> 01:03:34,020
and right now all we need to do is code
1635
01:03:34,020 --> 01:03:38,059
this function let's go all the way up
1636
01:03:38,640 --> 01:03:41,579
and call the scan function onto the
1637
01:03:41,579 --> 01:03:45,180
target so this will be one single Target
1638
01:03:45,180 --> 01:03:47,280
and first we need to do is to get back
1639
01:03:47,280 --> 01:03:49,319
the line that we deleted before which is
1640
01:03:49,319 --> 01:03:51,540
the conversion of the IP address so
1641
01:03:51,540 --> 01:03:55,020
converted underscore IP
1642
01:03:55,020 --> 01:03:57,299
will be equal
1643
01:03:57,299 --> 01:04:00,359
to check IP which is our function that
1644
01:04:00,359 --> 01:04:02,700
we coded in the previous lecture and we
1645
01:04:02,700 --> 01:04:04,799
need to check the IP address
1646
01:04:04,799 --> 01:04:07,260
from the target which is our parameter
1647
01:04:07,260 --> 01:04:09,359
inside of the function
1648
01:04:09,359 --> 01:04:12,660
okay and now we will print just so we
1649
01:04:12,660 --> 01:04:14,400
know what we're doing we're going to
1650
01:04:14,400 --> 01:04:16,020
print
1651
01:04:16,020 --> 01:04:18,960
first of all new line character
1652
01:04:18,960 --> 01:04:22,060
which is backslash n
1653
01:04:22,060 --> 01:04:23,220
[Music]
1654
01:04:23,220 --> 01:04:24,660
Plus
1655
01:04:24,660 --> 01:04:26,880
and let's make some type of a smiley
1656
01:04:26,880 --> 01:04:28,740
right here which will look something
1657
01:04:28,740 --> 01:04:30,960
like this so
1658
01:04:30,960 --> 01:04:35,720
and let's print scanning Target
1659
01:04:36,180 --> 01:04:38,880
we also want to specify which Target are
1660
01:04:38,880 --> 01:04:40,559
we scanning in case there are multiple
1661
01:04:40,559 --> 01:04:43,500
ones so we'll specify the string of the
1662
01:04:43,500 --> 01:04:45,420
target which will be either the domain
1663
01:04:45,420 --> 01:04:47,880
name or the IP address
1664
01:04:47,880 --> 01:04:50,579
if we specify plus the string of the
1665
01:04:50,579 --> 01:04:53,880
converted IP it will only specify the IP
1666
01:04:53,880 --> 01:04:55,799
address since it will already be
1667
01:04:55,799 --> 01:04:58,380
converted from the domain name
1668
01:04:58,380 --> 01:05:00,000
but we don't want that we want to
1669
01:05:00,000 --> 01:05:01,920
specify plus the string of Target which
1670
01:05:01,920 --> 01:05:03,359
will be the names that the user
1671
01:05:03,359 --> 01:05:06,660
specified to the program and then we
1672
01:05:06,660 --> 01:05:09,839
need to copy this part from Below which
1673
01:05:09,839 --> 01:05:12,540
is four port in range
1674
01:05:12,540 --> 01:05:15,119
scan each and every port
1675
01:05:15,119 --> 01:05:17,700
let's copy this we no longer need it
1676
01:05:17,700 --> 01:05:20,700
right here we can delete it from here
1677
01:05:20,700 --> 01:05:23,040
and we can move it inside of our scan
1678
01:05:23,040 --> 01:05:25,520
function
1679
01:05:25,680 --> 01:05:27,480
so right here
1680
01:05:27,480 --> 01:05:30,000
let me just tap this properly and we're
1681
01:05:30,000 --> 01:05:33,420
going to change a few things if we need
1682
01:05:33,420 --> 01:05:37,380
so for porting range 75 to 85 we can
1683
01:05:37,380 --> 01:05:39,900
change that right away for example from
1684
01:05:39,900 --> 01:05:43,200
Port 1 to Port 100 and you can keep this
1685
01:05:43,200 --> 01:05:46,520
number as low or as high as you want
1686
01:05:46,520 --> 01:05:48,839
just for the purposes of this tutorial
1687
01:05:48,839 --> 01:05:50,700
we're going to leave it on only scanning
1688
01:05:50,700 --> 01:05:53,640
100 ports since most of the ports that
1689
01:05:53,640 --> 01:05:55,260
we want to see whether they're open or
1690
01:05:55,260 --> 01:05:58,079
closed will be in the first 100 ports
1691
01:05:58,079 --> 01:05:59,460
okay
1692
01:05:59,460 --> 01:06:01,740
and then we will call the scan Port
1693
01:06:01,740 --> 01:06:04,500
function onto the port number and also
1694
01:06:04,500 --> 01:06:06,960
onto the converted IP which we converted
1695
01:06:06,960 --> 01:06:09,480
in the first line of our function
1696
01:06:09,480 --> 01:06:12,359
okay so everything makes sense now
1697
01:06:12,359 --> 01:06:13,740
another thing that we need to change
1698
01:06:13,740 --> 01:06:15,780
down here
1699
01:06:15,780 --> 01:06:18,540
since we specified if comma in targets
1700
01:06:18,540 --> 01:06:20,700
that means that the actual user
1701
01:06:20,700 --> 01:06:23,040
specified multiple targets to scan but
1702
01:06:23,040 --> 01:06:25,260
what if they specify only one target
1703
01:06:25,260 --> 01:06:27,660
well then nothing of this will get
1704
01:06:27,660 --> 01:06:30,839
executed and we will not really scan any
1705
01:06:30,839 --> 01:06:32,819
Target throughout our program it will
1706
01:06:32,819 --> 01:06:34,680
simply just exit the program without
1707
01:06:34,680 --> 01:06:36,420
scanning the target
1708
01:06:36,420 --> 01:06:38,819
so we need to add an else statement
1709
01:06:38,819 --> 01:06:39,960
right here
1710
01:06:39,960 --> 01:06:43,680
so if command targets else
1711
01:06:43,680 --> 01:06:47,339
we want to scan the targets simple as
1712
01:06:47,339 --> 01:06:49,859
that because in this case the targets
1713
01:06:49,859 --> 01:06:51,900
will be just one IP address or one
1714
01:06:51,900 --> 01:06:54,480
domain name then it will jump from that
1715
01:06:54,480 --> 01:06:56,520
function to the scan function which will
1716
01:06:56,520 --> 01:06:58,680
convert that IP address and it will
1717
01:06:58,680 --> 01:07:01,440
perform this scan Port function onto the
1718
01:07:01,440 --> 01:07:03,900
first 100 ports
1719
01:07:03,900 --> 01:07:06,420
okay so everything makes sense now let's
1720
01:07:06,420 --> 01:07:08,520
see whether we have an error inside of
1721
01:07:08,520 --> 01:07:10,680
our program or if everything works
1722
01:07:10,680 --> 01:07:13,200
perfectly okay so let's see how we can
1723
01:07:13,200 --> 01:07:16,140
run it let's open up our terminal
1724
01:07:16,140 --> 01:07:18,240
and navigate
1725
01:07:18,240 --> 01:07:20,520
and first I will enlarge this so we can
1726
01:07:20,520 --> 01:07:22,079
see everything
1727
01:07:22,079 --> 01:07:24,359
and we need to navigate to our pycharm
1728
01:07:24,359 --> 01:07:26,400
directory it will usually be in the
1729
01:07:26,400 --> 01:07:28,319
slash root directory so here it is
1730
01:07:28,319 --> 01:07:31,559
pycharm projects I will CD to that
1731
01:07:31,559 --> 01:07:33,720
directory type LS
1732
01:07:33,720 --> 01:07:35,460
we have the test directory which we
1733
01:07:35,460 --> 01:07:37,619
created once we install the pycharm and
1734
01:07:37,619 --> 01:07:40,079
we have our Port scanner directory or
1735
01:07:40,079 --> 01:07:42,359
our Port scanner project so let's change
1736
01:07:42,359 --> 01:07:44,160
the directory to the port scanner type
1737
01:07:44,160 --> 01:07:46,559
LS once again and here is our port
1738
01:07:46,559 --> 01:07:48,180
scanner.py
1739
01:07:48,180 --> 01:07:50,220
I will clear the screen and I will run
1740
01:07:50,220 --> 01:07:51,900
the program
1741
01:07:51,900 --> 01:07:54,299
first of all let's try it with one
1742
01:07:54,299 --> 01:07:55,559
target
1743
01:07:55,559 --> 01:07:57,180
so
1744
01:07:57,180 --> 01:07:59,099
let's switch it up a little bit I will
1745
01:07:59,099 --> 01:08:01,920
use my actual router IP address in order
1746
01:08:01,920 --> 01:08:04,020
to perform test of this program so I
1747
01:08:04,020 --> 01:08:07,319
will type 182.168.1.1
1748
01:08:07,440 --> 01:08:09,480
press here enter and you will see it
1749
01:08:09,480 --> 01:08:10,799
will perform the scan really fast
1750
01:08:10,799 --> 01:08:12,500
because my router is close to me
1751
01:08:12,500 --> 01:08:15,599
therefore we can see most of the ports
1752
01:08:15,599 --> 01:08:19,020
are closed we have the port 22 open for
1753
01:08:19,020 --> 01:08:21,600
23 open
1754
01:08:21,600 --> 01:08:25,080
let's see which ones are also open port
1755
01:08:25,080 --> 01:08:29,580
53 open for the DNS and Port 80 open all
1756
01:08:29,580 --> 01:08:32,698
the other ports are closed okay
1757
01:08:32,698 --> 01:08:36,120
so right away we can notice that this is
1758
01:08:36,120 --> 01:08:38,640
not really that good to look at we don't
1759
01:08:38,640 --> 01:08:40,259
really want to print the closed ports as
1760
01:08:40,259 --> 01:08:41,819
there is too much happening right here
1761
01:08:41,819 --> 01:08:43,560
especially if you scan more than 100
1762
01:08:43,560 --> 01:08:45,719
ports it will be really hard to find all
1763
01:08:45,719 --> 01:08:47,640
of the open ones so let's see what we
1764
01:08:47,640 --> 01:08:49,859
can do inside of our program in order to
1765
01:08:49,859 --> 01:08:52,920
print only the open ports okay so right
1766
01:08:52,920 --> 01:08:54,540
here whoops
1767
01:08:54,540 --> 01:08:56,819
need to go right here inside our code
1768
01:08:56,819 --> 01:08:59,759
and in the scan Port function is our
1769
01:08:59,759 --> 01:09:01,920
print statements for default open and
1770
01:09:01,920 --> 01:09:05,040
Port closed so what we can do is instead
1771
01:09:05,040 --> 01:09:07,500
of Printing Port is closed we can delete
1772
01:09:07,500 --> 01:09:09,920
this
1773
01:09:13,319 --> 01:09:16,198
and we can simply specify pass
1774
01:09:16,198 --> 01:09:17,939
now what this will do is it will not
1775
01:09:17,939 --> 01:09:20,219
perform anything it will not print any
1776
01:09:20,219 --> 01:09:23,160
statements it will simply just pass in
1777
01:09:23,160 --> 01:09:26,399
case the port is closed okay simple as
1778
01:09:26,399 --> 01:09:30,719
that let's test it once again Python 3
1779
01:09:30,719 --> 01:09:34,380
Port scanner.py specify the IP address
1780
01:09:34,380 --> 01:09:36,600
of my router once again and this is a
1781
01:09:36,600 --> 01:09:38,580
lot better we can see scanning Target
1782
01:09:38,580 --> 01:09:41,279
and then the actual IP address of my
1783
01:09:41,279 --> 01:09:44,279
router and then which ports are open and
1784
01:09:44,279 --> 01:09:46,500
it is the exact same four ports that we
1785
01:09:46,500 --> 01:09:48,238
saw before
1786
01:09:48,238 --> 01:09:50,580
let's try another Target let's specify
1787
01:09:50,580 --> 01:09:52,560
actually two Targets now
1788
01:09:52,560 --> 01:09:55,140
if I run the program
1789
01:09:55,140 --> 01:09:57,900
and for this test you can specify the
1790
01:09:57,900 --> 01:10:00,060
same Target as I will which will be an
1791
01:10:00,060 --> 01:10:01,320
actual domain name
1792
01:10:01,320 --> 01:10:06,420
which is called test PHP Dot oneweb.com
1793
01:10:06,420 --> 01:10:08,520
okay
1794
01:10:08,520 --> 01:10:11,100
so let's specify this Target and also
1795
01:10:11,100 --> 01:10:13,380
you can specify any other random IP
1796
01:10:13,380 --> 01:10:15,600
address or domain name if you want in
1797
01:10:15,600 --> 01:10:17,280
this case I will specify once again my
1798
01:10:17,280 --> 01:10:19,920
router so we have a mixture of the
1799
01:10:19,920 --> 01:10:22,260
domain name and the IP address so we can
1800
01:10:22,260 --> 01:10:24,239
see whether this will work properly if I
1801
01:10:24,239 --> 01:10:27,239
press enter it will first start off with
1802
01:10:27,239 --> 01:10:29,580
this domain name right here and it will
1803
01:10:29,580 --> 01:10:32,040
scan for the open ports and then it will
1804
01:10:32,040 --> 01:10:34,380
proceed to the IP address of my router
1805
01:10:34,380 --> 01:10:37,020
and scan the open ports for that router
1806
01:10:37,020 --> 01:10:38,040
as well
1807
01:10:38,040 --> 01:10:40,679
so we can see on the first link it found
1808
01:10:40,679 --> 01:10:45,719
four ports open for 21 22 53 and 80 and
1809
01:10:45,719 --> 01:10:47,940
on my router the same four ports as
1810
01:10:47,940 --> 01:10:48,900
before
1811
01:10:48,900 --> 01:10:51,540
program works correctly
1812
01:10:51,540 --> 01:10:53,159
we're almost close to finishing our
1813
01:10:53,159 --> 01:10:55,440
program but there is one more thing that
1814
01:10:55,440 --> 01:10:57,780
we actually want to do we want to also
1815
01:10:57,780 --> 01:11:00,179
print which service is running on an
1816
01:11:00,179 --> 01:11:01,739
open port
1817
01:11:01,739 --> 01:11:04,260
for example let's say we want to
1818
01:11:04,260 --> 01:11:06,239
discover whether Port 80 is running
1819
01:11:06,239 --> 01:11:08,640
Apache 2 or some other version of a web
1820
01:11:08,640 --> 01:11:10,140
server
1821
01:11:10,140 --> 01:11:12,600
well we can do that by simply grabbing
1822
01:11:12,600 --> 01:11:15,600
the banner on an open port and more
1823
01:11:15,600 --> 01:11:17,460
about that in the next lecture for now
1824
01:11:17,460 --> 01:11:19,500
on we are glad that we can scan multiple
1825
01:11:19,500 --> 01:11:21,480
targets whether they are specified as a
1826
01:11:21,480 --> 01:11:24,360
domain name or as an IP address we can
1827
01:11:24,360 --> 01:11:27,060
split them by comma we can also scan one
1828
01:11:27,060 --> 01:11:29,699
target if we want and we also print only
1829
01:11:29,699 --> 01:11:31,380
open ports as we are not really
1830
01:11:31,380 --> 01:11:34,380
interested in the closed ports okay so
1831
01:11:34,380 --> 01:11:36,060
thank you for watching this lecture and
1832
01:11:36,060 --> 01:11:39,300
I will see you in the next one bye
1833
01:11:39,300 --> 01:11:41,699
welcome back everybody and let's finally
1834
01:11:41,699 --> 01:11:44,760
finish our Port scanner as I mentioned
1835
01:11:44,760 --> 01:11:46,679
in the previous video we're only left to
1836
01:11:46,679 --> 01:11:48,900
do one small thing before our Port
1837
01:11:48,900 --> 01:11:51,719
scanner is complete and ready to use and
1838
01:11:51,719 --> 01:11:53,460
that is to perform the banner grabbing
1839
01:11:53,460 --> 01:11:55,980
on the open ports to discover which
1840
01:11:55,980 --> 01:11:57,960
services and which softwares are running
1841
01:11:57,960 --> 01:12:00,780
on those open ports which can give us
1842
01:12:00,780 --> 01:12:02,760
even more detail and information that we
1843
01:12:02,760 --> 01:12:06,239
can use in our future attack okay so
1844
01:12:06,239 --> 01:12:07,679
what we need to do
1845
01:12:07,679 --> 01:12:10,500
is let's first of all think how we can
1846
01:12:10,500 --> 01:12:12,060
actually grab the banner from an open
1847
01:12:12,060 --> 01:12:14,640
port well logically we need to connect
1848
01:12:14,640 --> 01:12:17,520
to that Port we need to try to receive
1849
01:12:17,520 --> 01:12:20,040
something from that open port and then
1850
01:12:20,040 --> 01:12:22,260
read that information that we received
1851
01:12:22,260 --> 01:12:23,640
from that port
1852
01:12:23,640 --> 01:12:25,739
so we already performed half of that job
1853
01:12:25,739 --> 01:12:28,260
we connect to that Port right here at
1854
01:12:28,260 --> 01:12:29,400
this line
1855
01:12:29,400 --> 01:12:31,620
so all we're left to do after it is
1856
01:12:31,620 --> 01:12:33,960
check whether that Port retrieves some
1857
01:12:33,960 --> 01:12:36,000
information or send some information
1858
01:12:36,000 --> 01:12:39,540
back to us once we connect okay so how
1859
01:12:39,540 --> 01:12:41,699
can we do that well right after the
1860
01:12:41,699 --> 01:12:44,520
connect function we can try to retrieve
1861
01:12:44,520 --> 01:12:45,960
the information
1862
01:12:45,960 --> 01:12:47,699
we're going to use a specific function
1863
01:12:47,699 --> 01:12:49,739
to do that and we will store the result
1864
01:12:49,739 --> 01:12:51,780
of that function inside of our variable
1865
01:12:51,780 --> 01:12:54,600
which we will name Banner so Banner will
1866
01:12:54,600 --> 01:12:56,219
be equal
1867
01:12:56,219 --> 01:12:58,679
uh to the function which will be called
1868
01:12:58,679 --> 01:13:01,440
get banner and that function will take
1869
01:13:01,440 --> 01:13:04,980
as a parameter the socket object
1870
01:13:04,980 --> 01:13:06,840
so we're pasting our socket object
1871
01:13:06,840 --> 01:13:08,880
inside of this function so we can use it
1872
01:13:08,880 --> 01:13:11,400
inside of it and then we will retrieve
1873
01:13:11,400 --> 01:13:13,500
the actual Banner if we manage to get it
1874
01:13:13,500 --> 01:13:15,600
to the banner variable
1875
01:13:15,600 --> 01:13:18,060
all right so let's first of all code
1876
01:13:18,060 --> 01:13:20,460
that function we can do it right here
1877
01:13:20,460 --> 01:13:22,140
between the scan port and check
1878
01:13:22,140 --> 01:13:25,020
ipfunction and we will call it as we
1879
01:13:25,020 --> 01:13:27,719
already said get Banner
1880
01:13:27,719 --> 01:13:29,520
this function will take the socket
1881
01:13:29,520 --> 01:13:31,140
object as a parameter which we already
1882
01:13:31,140 --> 01:13:33,840
pasted inside of our scan Port function
1883
01:13:33,840 --> 01:13:36,480
and all we need to return from this is
1884
01:13:36,480 --> 01:13:39,540
we need to return the socket object and
1885
01:13:39,540 --> 01:13:41,820
then dot receive which is the function
1886
01:13:41,820 --> 01:13:44,460
that receives the data from this open
1887
01:13:44,460 --> 01:13:45,900
port
1888
01:13:45,900 --> 01:13:47,940
we can also specify inside of the
1889
01:13:47,940 --> 01:13:50,040
brackets which amount of bytes we want
1890
01:13:50,040 --> 01:13:52,320
to receive and usually this number is
1891
01:13:52,320 --> 01:13:56,280
specified as 1024 bytes as we don't
1892
01:13:56,280 --> 01:13:58,260
really need more in order to get and
1893
01:13:58,260 --> 01:14:00,840
print the banner okay so this is the
1894
01:14:00,840 --> 01:14:03,600
entire function the entire get Banner
1895
01:14:03,600 --> 01:14:05,580
function now we need to perform some
1896
01:14:05,580 --> 01:14:07,560
modifications right here inside of our
1897
01:14:07,560 --> 01:14:08,580
program
1898
01:14:08,580 --> 01:14:12,719
so we have the function right here
1899
01:14:12,719 --> 01:14:15,360
and we try right here to store the
1900
01:14:15,360 --> 01:14:18,659
banner inside this variable okay
1901
01:14:18,659 --> 01:14:21,420
now if we do manage to store it we're
1902
01:14:21,420 --> 01:14:22,920
going to print
1903
01:14:22,920 --> 01:14:25,679
port and then the string of the port is
1904
01:14:25,679 --> 01:14:26,940
open
1905
01:14:26,940 --> 01:14:28,920
but let's change it up so it looks a
1906
01:14:28,920 --> 01:14:30,659
little bit better so we're going to
1907
01:14:30,659 --> 01:14:33,480
delete all of this and print the exact
1908
01:14:33,480 --> 01:14:36,000
same thing just with the Bender attached
1909
01:14:36,000 --> 01:14:37,800
so we're going to print something like
1910
01:14:37,800 --> 01:14:39,960
this let's add the plus sign which means
1911
01:14:39,960 --> 01:14:43,679
that the port is open so open port
1912
01:14:43,679 --> 01:14:47,460
and then space we will add the string of
1913
01:14:47,460 --> 01:14:50,100
the port number that we are scanning
1914
01:14:50,100 --> 01:14:53,040
so plus the string of port
1915
01:14:53,040 --> 01:14:55,320
and then the next thing we want to do is
1916
01:14:55,320 --> 01:14:58,140
plus and we want to add the banner let's
1917
01:14:58,140 --> 01:15:00,540
separate it with two dots
1918
01:15:00,540 --> 01:15:04,620
and then add or concat the string from
1919
01:15:04,620 --> 01:15:06,000
the banner
1920
01:15:06,000 --> 01:15:10,140
to our open port number so we are going
1921
01:15:10,140 --> 01:15:12,300
to leave it like this
1922
01:15:12,300 --> 01:15:15,060
let me just see another thing that we
1923
01:15:15,060 --> 01:15:17,100
need to add is another accept statement
1924
01:15:17,100 --> 01:15:19,679
right here so accept in case we cannot
1925
01:15:19,679 --> 01:15:21,780
get the banner we're only going to print
1926
01:15:21,780 --> 01:15:24,780
open port and we're not going to print
1927
01:15:24,780 --> 01:15:26,640
any type of banner as we didn't really
1928
01:15:26,640 --> 01:15:30,620
manage to retrieve it so open port
1929
01:15:31,500 --> 01:15:35,100
plus the string of port and that is all
1930
01:15:35,100 --> 01:15:36,719
we need to do right here
1931
01:15:36,719 --> 01:15:40,320
now let's see whether this will work
1932
01:15:40,320 --> 01:15:42,360
if we open the terminal
1933
01:15:42,360 --> 01:15:44,340
right here
1934
01:15:44,340 --> 01:15:45,900
and large
1935
01:15:45,900 --> 01:15:48,120
the letter so we can see everything and
1936
01:15:48,120 --> 01:15:50,100
navigate to pycharm projects and then
1937
01:15:50,100 --> 01:15:52,199
Port scanner
1938
01:15:52,199 --> 01:15:54,659
then we try to run the port scanner and
1939
01:15:54,659 --> 01:15:56,280
specify
1940
01:15:56,280 --> 01:15:58,020
same two websites as in the previous
1941
01:15:58,020 --> 01:16:02,520
video so test PHP Dot oneweb.com
1942
01:16:02,520 --> 01:16:05,100
let's first of all try with this one
1943
01:16:05,100 --> 01:16:07,380
it will scan the Target and we can see
1944
01:16:07,380 --> 01:16:09,780
right here we do manage to retrieve some
1945
01:16:09,780 --> 01:16:12,960
of the banners from two different open
1946
01:16:12,960 --> 01:16:14,280
ports
1947
01:16:14,280 --> 01:16:16,380
so here it is we got the banner for the
1948
01:16:16,380 --> 01:16:18,719
open port 21 and now we know the
1949
01:16:18,719 --> 01:16:20,760
diversion of the software running on the
1950
01:16:20,760 --> 01:16:23,640
open port 21 which is the FTP Port is
1951
01:16:23,640 --> 01:16:25,400
pro ftpd
1952
01:16:25,400 --> 01:16:28,800
1.3.3 e server and what we can do with
1953
01:16:28,800 --> 01:16:30,840
this information we can simply just copy
1954
01:16:30,840 --> 01:16:32,940
this paste it inside of a Google and see
1955
01:16:32,940 --> 01:16:34,920
whether there is any type of exploit for
1956
01:16:34,920 --> 01:16:37,980
this specific version of the FTP server
1957
01:16:37,980 --> 01:16:40,140
we can also perform the same thing for
1958
01:16:40,140 --> 01:16:43,679
the SSH which is on Port 22 we see that
1959
01:16:43,679 --> 01:16:47,880
the version is SSH 2.1 open SSH 5.3 P1
1960
01:16:47,880 --> 01:16:50,940
Debian Ubuntu then we can copy this and
1961
01:16:50,940 --> 01:16:54,300
try to find it on Google for some and
1962
01:16:54,300 --> 01:16:55,980
try to find some vulnerabilities for
1963
01:16:55,980 --> 01:16:57,300
this version in Google
1964
01:16:57,300 --> 01:16:58,980
simple as that
1965
01:16:58,980 --> 01:17:01,260
but let's make our actual output a
1966
01:17:01,260 --> 01:17:02,880
little bit prettier we don't really want
1967
01:17:02,880 --> 01:17:05,640
it to print this B and then the
1968
01:17:05,640 --> 01:17:08,040
apostrophe and we also don't want it to
1969
01:17:08,040 --> 01:17:10,560
print the slash r or the backslash R
1970
01:17:10,560 --> 01:17:12,840
backslash n which seem to just stand for
1971
01:17:12,840 --> 01:17:15,900
the new line character okay so let's see
1972
01:17:15,900 --> 01:17:18,300
how we can get rid of that well in the
1973
01:17:18,300 --> 01:17:20,580
part where we are printing the banner if
1974
01:17:20,580 --> 01:17:22,679
we take a look at the hour output we can
1975
01:17:22,679 --> 01:17:24,540
see that the banner output starts with b
1976
01:17:24,540 --> 01:17:26,520
and then apostrophe
1977
01:17:26,520 --> 01:17:28,199
that is because we haven't really
1978
01:17:28,199 --> 01:17:30,900
decoded our Banner
1979
01:17:30,900 --> 01:17:34,199
once it actually receives the message or
1980
01:17:34,199 --> 01:17:37,560
receives this 1024 bytes those 1024
1981
01:17:37,560 --> 01:17:40,080
bytes will be encoded by default
1982
01:17:40,080 --> 01:17:42,420
in order for us to remove that b and the
1983
01:17:42,420 --> 01:17:44,640
apostrophe we can simply just type
1984
01:17:44,640 --> 01:17:46,920
Banner dot decode
1985
01:17:46,920 --> 01:17:49,080
which is a function which will remove
1986
01:17:49,080 --> 01:17:51,480
that and we also want to strip the new
1987
01:17:51,480 --> 01:17:53,219
line character so how we can do that
1988
01:17:53,219 --> 01:17:55,080
well we can add another function to this
1989
01:17:55,080 --> 01:17:58,679
Banner which is dot strip
1990
01:17:58,679 --> 01:18:02,100
and right here we can specify
1991
01:18:02,100 --> 01:18:03,900
backslash n
1992
01:18:03,900 --> 01:18:06,300
for example let's see whether this
1993
01:18:06,300 --> 01:18:09,300
worked if I go right here
1994
01:18:09,300 --> 01:18:14,159
and type same website test PHP
1995
01:18:14,159 --> 01:18:17,940
Dot oneweb.com
1996
01:18:18,900 --> 01:18:21,060
here it is now we got the prettier
1997
01:18:21,060 --> 01:18:24,000
output if you compare this one
1998
01:18:24,000 --> 01:18:26,219
with this one you will notice we no
1999
01:18:26,219 --> 01:18:28,860
longer get this B apostrophe and this
2000
01:18:28,860 --> 01:18:32,100
backslash R and backslash n
2001
01:18:32,100 --> 01:18:34,440
all right so great our Port scanner
2002
01:18:34,440 --> 01:18:36,659
works let's also test it to see whether
2003
01:18:36,659 --> 01:18:39,179
it works on multiple targets so I will
2004
01:18:39,179 --> 01:18:40,380
clear the screen
2005
01:18:40,380 --> 01:18:42,960
run my port scanner
2006
01:18:42,960 --> 01:18:45,420
specify for example three targets which
2007
01:18:45,420 --> 01:18:47,340
one of them will be this one which we
2008
01:18:47,340 --> 01:18:49,440
used in the first lectures of our Port
2009
01:18:49,440 --> 01:18:51,960
scanner then we can use the IP address
2010
01:18:51,960 --> 01:18:53,400
on my router
2011
01:18:53,400 --> 01:18:56,719
and then we can use the same test PHP
2012
01:18:56,719 --> 01:19:00,719
Dot oneweb.com
2013
01:19:01,260 --> 01:19:04,260
it will go and scan one by one first of
2014
01:19:04,260 --> 01:19:06,360
all it will start with this IP address
2015
01:19:06,360 --> 01:19:08,580
right here if it manages to find open
2016
01:19:08,580 --> 01:19:11,040
ports it will print them out if it also
2017
01:19:11,040 --> 01:19:12,780
manages to grab the banner it will also
2018
01:19:12,780 --> 01:19:15,239
print that out it will also print the
2019
01:19:15,239 --> 01:19:17,159
banner out as well next to the open port
2020
01:19:17,159 --> 01:19:19,320
then it will proceed to the next two
2021
01:19:19,320 --> 01:19:21,659
Targets and perform the exact same task
2022
01:19:21,659 --> 01:19:23,460
on both of them
2023
01:19:23,460 --> 01:19:25,739
now you might notice that some targets
2024
01:19:25,739 --> 01:19:27,780
will go slower in scanning and some
2025
01:19:27,780 --> 01:19:29,760
targets will go faster and that is
2026
01:19:29,760 --> 01:19:32,400
pretty much normal keep in mind that
2027
01:19:32,400 --> 01:19:34,260
this part right here which is the socket
2028
01:19:34,260 --> 01:19:36,840
dot set timeout is crucial in order to
2029
01:19:36,840 --> 01:19:39,900
get more or less accurate scan
2030
01:19:39,900 --> 01:19:42,480
if we simply just remove this line then
2031
01:19:42,480 --> 01:19:44,280
some actual targets might be scanning
2032
01:19:44,280 --> 01:19:47,100
for hours depending on the distance and
2033
01:19:47,100 --> 01:19:48,960
the open ports that they have and also
2034
01:19:48,960 --> 01:19:50,300
the services that they are running
2035
01:19:50,300 --> 01:19:52,440
sometimes it might take longer to
2036
01:19:52,440 --> 01:19:54,120
connect to those ports and so on and so
2037
01:19:54,120 --> 01:19:56,400
on therefore it is always good to set a
2038
01:19:56,400 --> 01:19:58,260
timeout so you don't have to wait an
2039
01:19:58,260 --> 01:20:01,080
entire day for your scan to finish
2040
01:20:01,080 --> 01:20:03,659
but by lowering this timeout you will
2041
01:20:03,659 --> 01:20:06,420
also lose the accuracy of your scan for
2042
01:20:06,420 --> 01:20:08,580
example let's say we have a port that
2043
01:20:08,580 --> 01:20:10,320
takes one second to connect to and you
2044
01:20:10,320 --> 01:20:12,840
set the timeout 0.5 seconds
2045
01:20:12,840 --> 01:20:15,960
well then after 0.5 seconds it will
2046
01:20:15,960 --> 01:20:18,000
determine that this port is closed even
2047
01:20:18,000 --> 01:20:19,920
though it is not it just takes longer to
2048
01:20:19,920 --> 01:20:22,560
connect to therefore you will lose the
2049
01:20:22,560 --> 01:20:24,420
accuracy and you will not know that that
2050
01:20:24,420 --> 01:20:26,040
port is open
2051
01:20:26,040 --> 01:20:27,900
so this part right here which is the
2052
01:20:27,900 --> 01:20:30,120
timeout is completely up to you you can
2053
01:20:30,120 --> 01:20:31,980
change it to whichever time you want
2054
01:20:31,980 --> 01:20:35,040
let's go back to our scan and we can see
2055
01:20:35,040 --> 01:20:37,260
all three scans have finished on the
2056
01:20:37,260 --> 01:20:39,420
first Target we only found one open port
2057
01:20:39,420 --> 01:20:41,520
we didn't manage to retrieve any Banner
2058
01:20:41,520 --> 01:20:44,520
for it on my router we found four open
2059
01:20:44,520 --> 01:20:47,520
ports and Port 22 sent the banner back
2060
01:20:47,520 --> 01:20:49,500
to us and now we know which version of
2061
01:20:49,500 --> 01:20:51,120
software it is running
2062
01:20:51,120 --> 01:20:53,520
and the target number three we already
2063
01:20:53,520 --> 01:20:56,280
scanned and we got the exact same result
2064
01:20:56,280 --> 01:20:59,940
okay so our Port scanner is complete it
2065
01:20:59,940 --> 01:21:01,980
can scan multiple targets it retrieves
2066
01:21:01,980 --> 01:21:03,120
the banners
2067
01:21:03,120 --> 01:21:05,040
and now we are ready to use it for our
2068
01:21:05,040 --> 01:21:07,860
penetration testing okay so in the next
2069
01:21:07,860 --> 01:21:10,320
video we're going to go really fast over
2070
01:21:10,320 --> 01:21:12,120
this code so we can explain it once
2071
01:21:12,120 --> 01:21:13,800
again for those of you that have some
2072
01:21:13,800 --> 01:21:15,840
inconvenience or if there is something
2073
01:21:15,840 --> 01:21:17,280
that you do not understand I will simply
2074
01:21:17,280 --> 01:21:19,500
just go fast through that code and then
2075
01:21:19,500 --> 01:21:21,360
we're going to see how we can also
2076
01:21:21,360 --> 01:21:24,179
import our Port scanner into another
2077
01:21:24,179 --> 01:21:26,820
Python program if we want to
2078
01:21:26,820 --> 01:21:29,040
after that video we're going to proceed
2079
01:21:29,040 --> 01:21:31,980
to our next project okay so thank you
2080
01:21:31,980 --> 01:21:33,540
for watching this video and I will see
2081
01:21:33,540 --> 01:21:36,239
you in the next one bye welcome back
2082
01:21:36,239 --> 01:21:38,340
everyone and this is the last video to
2083
01:21:38,340 --> 01:21:40,440
our Port scanner project
2084
01:21:40,440 --> 01:21:42,480
right now what we're going to do is we
2085
01:21:42,480 --> 01:21:45,060
are going to first of all recap what we
2086
01:21:45,060 --> 01:21:47,159
did inside of this program
2087
01:21:47,159 --> 01:21:48,780
so we're just going to go to the program
2088
01:21:48,780 --> 01:21:50,520
code real fast and explain what
2089
01:21:50,520 --> 01:21:52,560
everything is doing once again
2090
01:21:52,560 --> 01:21:54,719
and then I will show you how you can use
2091
01:21:54,719 --> 01:21:57,000
this program and import it inside of
2092
01:21:57,000 --> 01:21:59,520
another program so you can use it all
2093
01:21:59,520 --> 01:22:01,860
right so first of all let's navigate all
2094
01:22:01,860 --> 01:22:03,480
the way down to the beginning of the
2095
01:22:03,480 --> 01:22:06,000
program here as you can see we prompt
2096
01:22:06,000 --> 01:22:08,040
the user to input the Target or multiple
2097
01:22:08,040 --> 01:22:09,960
targets we then check whether they
2098
01:22:09,960 --> 01:22:12,360
specified one target or multiple targets
2099
01:22:12,360 --> 01:22:14,699
if we find comma inside of this variable
2100
01:22:14,699 --> 01:22:16,679
that means they specified multiple
2101
01:22:16,679 --> 01:22:19,320
targets therefore we will split all of
2102
01:22:19,320 --> 01:22:21,600
those targets and for each and every IP
2103
01:22:21,600 --> 01:22:23,820
address inside of this variable we will
2104
01:22:23,820 --> 01:22:27,120
perform the scanning of that IP address
2105
01:22:27,120 --> 01:22:29,460
in any other case that means if we
2106
01:22:29,460 --> 01:22:31,440
didn't find comma that means they only
2107
01:22:31,440 --> 01:22:33,420
specified one target therefore we are
2108
01:22:33,420 --> 01:22:36,360
going to perform the scan function onto
2109
01:22:36,360 --> 01:22:38,400
the targets variable as it is only
2110
01:22:38,400 --> 01:22:41,100
storing one IP address or one domain
2111
01:22:41,100 --> 01:22:42,780
name okay
2112
01:22:42,780 --> 01:22:44,760
then once we navigate to the scan
2113
01:22:44,760 --> 01:22:46,140
function
2114
01:22:46,140 --> 01:22:48,480
here we first take the converted IP
2115
01:22:48,480 --> 01:22:50,640
variable and then we perform the check
2116
01:22:50,640 --> 01:22:53,580
IP function onto the specified Target if
2117
01:22:53,580 --> 01:22:55,620
the specified Target is simply IP
2118
01:22:55,620 --> 01:22:57,480
address we will return that IP address
2119
01:22:57,480 --> 01:22:59,520
and it will be stored inside of the
2120
01:22:59,520 --> 01:23:02,520
converted IP in case the target is an
2121
01:23:02,520 --> 01:23:04,980
actual domain name therefore we're going
2122
01:23:04,980 --> 01:23:07,020
to perform this socket get host by name
2123
01:23:07,020 --> 01:23:09,120
method which allows us to convert the
2124
01:23:09,120 --> 01:23:11,940
domain name into an IP address
2125
01:23:11,940 --> 01:23:13,320
okay
2126
01:23:13,320 --> 01:23:16,080
right after we convert the IB address we
2127
01:23:16,080 --> 01:23:19,560
scan for 100 ports now this number keep
2128
01:23:19,560 --> 01:23:21,360
in mind can be changed for example you
2129
01:23:21,360 --> 01:23:23,880
can scan for first 500 ports if you'd
2130
01:23:23,880 --> 01:23:26,340
like it doesn't have to be 100 this is a
2131
01:23:26,340 --> 01:23:28,620
number that you can change now another
2132
01:23:28,620 --> 01:23:30,179
thing that you might want to implement
2133
01:23:30,179 --> 01:23:32,340
in this program if you want is you can
2134
01:23:32,340 --> 01:23:34,380
also prompt to the user for how many
2135
01:23:34,380 --> 01:23:36,360
ports they want to scan
2136
01:23:36,360 --> 01:23:38,520
how we would do that but we will simply
2137
01:23:38,520 --> 01:23:40,560
do that by specifying something like
2138
01:23:40,560 --> 01:23:42,719
this you go to the beginning of the
2139
01:23:42,719 --> 01:23:44,820
program and there you can simply type
2140
01:23:44,820 --> 01:23:48,060
Port num let's say we call the variable
2141
01:23:48,060 --> 01:23:51,980
like that and then input
2142
01:23:53,340 --> 01:23:54,600
enter
2143
01:23:54,600 --> 01:23:58,920
number of ports that you want
2144
01:23:58,920 --> 01:24:00,480
can
2145
01:24:00,480 --> 01:24:02,520
then the user would enter the number of
2146
01:24:02,520 --> 01:24:03,659
ports
2147
01:24:03,659 --> 01:24:06,780
oops let's not leave this to to be
2148
01:24:06,780 --> 01:24:09,480
Capital let's leave it like this so
2149
01:24:09,480 --> 01:24:11,159
enter number of ports that you want to
2150
01:24:11,159 --> 01:24:13,199
scan then you would take this actual
2151
01:24:13,199 --> 01:24:15,540
variable and you will also paste it into
2152
01:24:15,540 --> 01:24:17,520
the scan function
2153
01:24:17,520 --> 01:24:19,679
once you do that if you go back to the
2154
01:24:19,679 --> 01:24:22,020
scan function right here you would
2155
01:24:22,020 --> 01:24:25,140
simply have something like portnum
2156
01:24:25,140 --> 01:24:28,440
as a parameter and then you would have
2157
01:24:28,440 --> 01:24:30,840
for porting range one through port
2158
01:24:30,840 --> 01:24:33,060
number so you wouldn't have 500 you
2159
01:24:33,060 --> 01:24:36,120
would have something like Port num
2160
01:24:36,120 --> 01:24:37,860
so simple as that
2161
01:24:37,860 --> 01:24:39,420
but we're not going to leave it like
2162
01:24:39,420 --> 01:24:41,699
this let's just leave it as the way it
2163
01:24:41,699 --> 01:24:44,040
was before this is just something that
2164
01:24:44,040 --> 01:24:45,960
you can Implement and leave it in the
2165
01:24:45,960 --> 01:24:48,780
program if you want in this case we are
2166
01:24:48,780 --> 01:24:50,760
not going to use that since it is not
2167
01:24:50,760 --> 01:24:53,040
necessary we simply just always want to
2168
01:24:53,040 --> 01:24:56,159
scan for first 500 ports
2169
01:24:56,159 --> 01:24:59,420
so I will delete this
2170
01:24:59,940 --> 01:25:02,040
also keep in mind if you leave that
2171
01:25:02,040 --> 01:25:03,840
option you also need to specify the port
2172
01:25:03,840 --> 01:25:06,179
number inside of this line right here
2173
01:25:06,179 --> 01:25:08,340
and also inside of this line right here
2174
01:25:08,340 --> 01:25:10,440
as a second parameter to the function
2175
01:25:10,440 --> 01:25:13,920
okay so once we get to this for Loop we
2176
01:25:13,920 --> 01:25:15,900
scan for each and every port between the
2177
01:25:15,900 --> 01:25:18,540
range of 1 and 500 and we do that by
2178
01:25:18,540 --> 01:25:20,820
using the scan Port function
2179
01:25:20,820 --> 01:25:22,500
so let's go to the scan board function
2180
01:25:22,500 --> 01:25:24,480
and this is the main part of the program
2181
01:25:24,480 --> 01:25:27,000
here we create the socket object we set
2182
01:25:27,000 --> 01:25:28,980
the timeout so we don't actually waste
2183
01:25:28,980 --> 01:25:31,080
too much of our time trying to figure
2184
01:25:31,080 --> 01:25:32,760
out whether a port is closed or open
2185
01:25:32,760 --> 01:25:35,760
keep in mind that the accuracy of the
2186
01:25:35,760 --> 01:25:37,739
scan will depend on the amount of the
2187
01:25:37,739 --> 01:25:40,020
timeout that you set the lower the
2188
01:25:40,020 --> 01:25:42,000
timeout the lesser the accuracy the
2189
01:25:42,000 --> 01:25:43,860
harder the timeout the bigger the
2190
01:25:43,860 --> 01:25:46,620
accuracy okay so then we perform the
2191
01:25:46,620 --> 01:25:48,719
connect function onto the target IP
2192
01:25:48,719 --> 01:25:50,760
address and the port number
2193
01:25:50,760 --> 01:25:52,739
right after it if we manage to connect
2194
01:25:52,739 --> 01:25:54,900
we will simply just try to get banner
2195
01:25:54,900 --> 01:25:57,239
and figure out which software is the
2196
01:25:57,239 --> 01:25:58,860
target running on that specific open
2197
01:25:58,860 --> 01:26:00,840
port if we don't manage to get the
2198
01:26:00,840 --> 01:26:02,639
Bender we will simply just print open
2199
01:26:02,639 --> 01:26:04,679
port without the banner and if we do
2200
01:26:04,679 --> 01:26:06,659
manage to get it we'll print open port
2201
01:26:06,659 --> 01:26:09,239
then the port number and we will attach
2202
01:26:09,239 --> 01:26:13,500
the banner right after the two dots okay
2203
01:26:13,500 --> 01:26:15,659
in any other case if we don't manage to
2204
01:26:15,659 --> 01:26:17,580
connect we will simply just pass and not
2205
01:26:17,580 --> 01:26:19,320
print anything because we are not really
2206
01:26:19,320 --> 01:26:21,420
interested in printing which ports are
2207
01:26:21,420 --> 01:26:23,699
closed we're only interested in printing
2208
01:26:23,699 --> 01:26:27,000
the open ports okay so this is basically
2209
01:26:27,000 --> 01:26:29,219
the whole idea of this port scanner
2210
01:26:29,219 --> 01:26:31,139
project and now let's see how we can
2211
01:26:31,139 --> 01:26:33,540
actually use this program and import it
2212
01:26:33,540 --> 01:26:36,300
into another program okay so how can we
2213
01:26:36,300 --> 01:26:38,219
do that well first of all what we need
2214
01:26:38,219 --> 01:26:40,380
to do is we need to create another file
2215
01:26:40,380 --> 01:26:42,900
so I'm just going to go right click on
2216
01:26:42,900 --> 01:26:45,739
the port scanner
2217
01:26:46,500 --> 01:26:49,260
then go to the new and then python file
2218
01:26:49,260 --> 01:26:53,940
and let's call this file ipscan.py
2219
01:26:54,659 --> 01:26:56,699
it will automatically add it right here
2220
01:26:56,699 --> 01:26:59,340
so you will have two tabs one for
2221
01:26:59,340 --> 01:27:01,440
default scanner and one for the IP scan
2222
01:27:01,440 --> 01:27:04,199
and now we want to import this program
2223
01:27:04,199 --> 01:27:06,000
now one thing before you actually do
2224
01:27:06,000 --> 01:27:07,620
that is you need to make sure that both
2225
01:27:07,620 --> 01:27:09,719
of these files are in the same directory
2226
01:27:09,719 --> 01:27:12,120
in my case they are both in the port
2227
01:27:12,120 --> 01:27:14,159
scanner project therefore they are in
2228
01:27:14,159 --> 01:27:16,679
the same directory so I can proceed
2229
01:27:16,679 --> 01:27:18,960
now the next thing that we need to take
2230
01:27:18,960 --> 01:27:20,760
a look at is the name of our Port
2231
01:27:20,760 --> 01:27:23,520
scanner so it is named portscanner.py
2232
01:27:23,520 --> 01:27:25,139
now in order to actually import this
2233
01:27:25,139 --> 01:27:26,940
file into another file in the same
2234
01:27:26,940 --> 01:27:29,040
directory we simply just type the
2235
01:27:29,040 --> 01:27:31,440
command import and then the name of the
2236
01:27:31,440 --> 01:27:33,360
program that we want to import in our
2237
01:27:33,360 --> 01:27:35,520
case it is Port scanner
2238
01:27:35,520 --> 01:27:38,760
so let's type it right here for scanner
2239
01:27:38,760 --> 01:27:40,560
and you will see that pycharm already
2240
01:27:40,560 --> 01:27:43,500
recognizes it therefore we successfully
2241
01:27:43,500 --> 01:27:45,540
managed to import our Port scanner
2242
01:27:45,540 --> 01:27:47,400
program
2243
01:27:47,400 --> 01:27:49,560
now how can we perform the same task
2244
01:27:49,560 --> 01:27:51,320
that we did right here
2245
01:27:51,320 --> 01:27:55,500
just without typing all of this code
2246
01:27:55,500 --> 01:27:57,600
well we can simply just call these
2247
01:27:57,600 --> 01:28:00,540
functions from our second program and
2248
01:28:00,540 --> 01:28:03,960
use them independently Okay so
2249
01:28:03,960 --> 01:28:05,940
the use of this importing is basically
2250
01:28:05,940 --> 01:28:08,159
if anyone else wants to use our Port
2251
01:28:08,159 --> 01:28:10,320
scanner they can simply just import it
2252
01:28:10,320 --> 01:28:12,000
and use the functions from that program
2253
01:28:12,000 --> 01:28:14,580
into their own program
2254
01:28:14,580 --> 01:28:16,380
so what we're going to specify right
2255
01:28:16,380 --> 01:28:19,020
here first is the IP address to for
2256
01:28:19,020 --> 01:28:20,280
example be
2257
01:28:20,280 --> 01:28:24,600
test PHP Dot oneweb.com
2258
01:28:24,600 --> 01:28:26,400
this is the domain name that we use to
2259
01:28:26,400 --> 01:28:28,920
test with our Port scanner before so
2260
01:28:28,920 --> 01:28:31,199
nothing new right here and all we need
2261
01:28:31,199 --> 01:28:33,360
to do to actually run this port scanner
2262
01:28:33,360 --> 01:28:35,580
inside of a different program is to call
2263
01:28:35,580 --> 01:28:38,340
the scan function
2264
01:28:38,340 --> 01:28:40,440
now at first you might be asking well
2265
01:28:40,440 --> 01:28:42,000
why are we calling the scan function
2266
01:28:42,000 --> 01:28:44,400
well basically you will notice that by
2267
01:28:44,400 --> 01:28:46,860
calling this scan function all of the
2268
01:28:46,860 --> 01:28:49,320
other functions get called as well
2269
01:28:49,320 --> 01:28:51,659
for example inside with the scan
2270
01:28:51,659 --> 01:28:54,060
function we first call the check IP
2271
01:28:54,060 --> 01:28:56,460
function in order to check for the IP
2272
01:28:56,460 --> 01:28:58,620
address then we call the scan Port
2273
01:28:58,620 --> 01:29:00,900
function which will scan each and every
2274
01:29:00,900 --> 01:29:03,000
port that we specify inside of this for
2275
01:29:03,000 --> 01:29:05,040
Loop and inside of the scan Port
2276
01:29:05,040 --> 01:29:07,739
function the get Banner function gets
2277
01:29:07,739 --> 01:29:10,139
called in order to print the banner so
2278
01:29:10,139 --> 01:29:11,760
we don't need to call specifically all
2279
01:29:11,760 --> 01:29:13,380
of these functions we can simply just
2280
01:29:13,380 --> 01:29:16,020
call the scan function
2281
01:29:16,020 --> 01:29:18,780
okay so how can we do that well in order
2282
01:29:18,780 --> 01:29:20,100
to call a function from a different
2283
01:29:20,100 --> 01:29:22,260
program we first of all need to specify
2284
01:29:22,260 --> 01:29:24,780
the program name just the same way that
2285
01:29:24,780 --> 01:29:26,400
you would specify a method from a
2286
01:29:26,400 --> 01:29:28,679
different library for example right here
2287
01:29:28,679 --> 01:29:32,040
we use socket library and we called a
2288
01:29:32,040 --> 01:29:34,139
method or a function
2289
01:29:34,139 --> 01:29:36,060
and we call the function from that
2290
01:29:36,060 --> 01:29:38,340
specific library but before we had to
2291
01:29:38,340 --> 01:29:40,980
specify the library name same way goes
2292
01:29:40,980 --> 01:29:42,840
here we first need to specify Port
2293
01:29:42,840 --> 01:29:46,920
scanner and then Dot and then scan
2294
01:29:46,920 --> 01:29:49,020
you remember that this can function
2295
01:29:49,020 --> 01:29:50,880
takes one argument which will be the
2296
01:29:50,880 --> 01:29:53,100
target as the pycharm already tells us
2297
01:29:53,100 --> 01:29:56,280
right here and our Target will be the IP
2298
01:29:56,280 --> 01:29:58,139
address
2299
01:29:58,139 --> 01:30:00,300
and believe it or not but this is the
2300
01:30:00,300 --> 01:30:01,620
entire program
2301
01:30:01,620 --> 01:30:04,199
just by using these three lines we can
2302
01:30:04,199 --> 01:30:06,300
perform the same thing that we did
2303
01:30:06,300 --> 01:30:10,400
inside of our Port scanner project
2304
01:30:10,560 --> 01:30:12,480
so this is the power of importing
2305
01:30:12,480 --> 01:30:14,520
libraries you can see that anyone who
2306
01:30:14,520 --> 01:30:16,380
wants to use this can simply just write
2307
01:30:16,380 --> 01:30:18,420
three lines and they will perform the
2308
01:30:18,420 --> 01:30:20,880
same task that we performed by coding
2309
01:30:20,880 --> 01:30:23,100
the entire Port scanner
2310
01:30:23,100 --> 01:30:24,780
but there is another thing that we need
2311
01:30:24,780 --> 01:30:26,820
to take a look at before we actually try
2312
01:30:26,820 --> 01:30:29,340
to run the IP scan you might notice this
2313
01:30:29,340 --> 01:30:30,840
part right here
2314
01:30:30,840 --> 01:30:33,060
well we didn't really want to run this
2315
01:30:33,060 --> 01:30:35,340
since first of all we're calling this
2316
01:30:35,340 --> 01:30:38,340
can function already inside of our
2317
01:30:38,340 --> 01:30:40,860
ipscan program therefore we don't really
2318
01:30:40,860 --> 01:30:44,460
want to call it twice and we would
2319
01:30:44,460 --> 01:30:46,139
actually call it because by importing
2320
01:30:46,139 --> 01:30:48,900
the port scanner into our ipscan we're
2321
01:30:48,900 --> 01:30:51,960
also calling this part of the code
2322
01:30:51,960 --> 01:30:54,300
importing a library simply means that we
2323
01:30:54,300 --> 01:30:55,920
are going to paste the entire Port
2324
01:30:55,920 --> 01:30:58,679
scanner code into our ipscan function
2325
01:30:58,679 --> 01:31:01,139
therefore this part of the code will
2326
01:31:01,139 --> 01:31:02,520
also get ran
2327
01:31:02,520 --> 01:31:04,500
so how can we make sure that this part
2328
01:31:04,500 --> 01:31:07,739
of the code doesn't get ran well simply
2329
01:31:07,739 --> 01:31:10,020
we can type
2330
01:31:10,020 --> 01:31:13,800
if underscore underscore name underscore
2331
01:31:13,800 --> 01:31:16,739
underscore equals equals and then open
2332
01:31:16,739 --> 01:31:19,739
double quotes underscore underscore main
2333
01:31:19,739 --> 01:31:21,840
underscore underscore
2334
01:31:21,840 --> 01:31:24,300
if this is equal to Main
2335
01:31:24,300 --> 01:31:26,639
then we're going to run this part of
2336
01:31:26,639 --> 01:31:27,900
code
2337
01:31:27,900 --> 01:31:30,600
so let's tap all of these lines in so
2338
01:31:30,600 --> 01:31:33,719
they belong to this if statement
2339
01:31:33,719 --> 01:31:36,300
and now this part of program will only
2340
01:31:36,300 --> 01:31:40,199
get ran if we run the port scanner
2341
01:31:40,199 --> 01:31:42,420
this line basically means that the
2342
01:31:42,420 --> 01:31:44,520
actual python will recognize whether
2343
01:31:44,520 --> 01:31:46,920
this program is being ran as a main
2344
01:31:46,920 --> 01:31:49,980
program or it is being imported into a
2345
01:31:49,980 --> 01:31:52,320
different program and ran from there in
2346
01:31:52,320 --> 01:31:54,000
case it is being important in different
2347
01:31:54,000 --> 01:31:55,980
program like in this case right here
2348
01:31:55,980 --> 01:31:59,400
then it will not run this part of the
2349
01:31:59,400 --> 01:32:00,300
code
2350
01:32:00,300 --> 01:32:02,280
if it is not imported into a different
2351
01:32:02,280 --> 01:32:04,380
program and if we simply just try to run
2352
01:32:04,380 --> 01:32:06,719
the port scanner itself then this part
2353
01:32:06,719 --> 01:32:09,179
of the code will actually run and that
2354
01:32:09,179 --> 01:32:12,120
is the meaning of this line right here
2355
01:32:12,120 --> 01:32:14,699
you can simply just remember this as if
2356
01:32:14,699 --> 01:32:16,739
this is the main program then run this
2357
01:32:16,739 --> 01:32:19,440
part of the code okay so right now let's
2358
01:32:19,440 --> 01:32:22,800
test our ipscan.py
2359
01:32:22,800 --> 01:32:25,500
let's open the terminal
2360
01:32:25,500 --> 01:32:30,600
and let's type Python 3 ipscan.py
2361
01:32:31,139 --> 01:32:33,719
you can see it is scanning the target it
2362
01:32:33,719 --> 01:32:36,360
already found the two ports open and it
2363
01:32:36,360 --> 01:32:38,699
will scan for first 500 ports as we
2364
01:32:38,699 --> 01:32:40,500
specified and changed the number from
2365
01:32:40,500 --> 01:32:43,440
100 to 500 you can see we are also
2366
01:32:43,440 --> 01:32:45,120
getting some banners from these open
2367
01:32:45,120 --> 01:32:50,360
ports we got open port 106 open port 110
2368
01:32:50,360 --> 01:32:53,580
143 we can see here is a long Banner
2369
01:32:53,580 --> 01:32:55,679
from that Port not really sure what this
2370
01:32:55,679 --> 01:32:57,000
is
2371
01:32:57,000 --> 01:32:59,100
we also discover another open port which
2372
01:32:59,100 --> 01:33:02,340
is Port 465 and therefore our program
2373
01:33:02,340 --> 01:33:04,800
closes as it reached the 500 ports
2374
01:33:04,800 --> 01:33:05,520
number
2375
01:33:05,520 --> 01:33:07,679
okay so it actually does work now
2376
01:33:07,679 --> 01:33:09,179
another thing that you should keep in
2377
01:33:09,179 --> 01:33:11,159
mind is that you will need to actually
2378
01:33:11,159 --> 01:33:14,580
code this part of the code into this IP
2379
01:33:14,580 --> 01:33:17,159
scan because for example if a user
2380
01:33:17,159 --> 01:33:19,320
specifies comma and then an IP address
2381
01:33:19,320 --> 01:33:22,320
this will not work because we do not
2382
01:33:22,320 --> 01:33:24,659
have this part and this if statement
2383
01:33:24,659 --> 01:33:27,120
right here therefore it will not be able
2384
01:33:27,120 --> 01:33:30,600
to scan because of this comma right here
2385
01:33:30,600 --> 01:33:32,400
so if you want to be able to scan
2386
01:33:32,400 --> 01:33:34,320
multiple targets from your ipscan
2387
01:33:34,320 --> 01:33:36,420
program make sure that you implement
2388
01:33:36,420 --> 01:33:40,560
this if statement into the IP scan but
2389
01:33:40,560 --> 01:33:41,940
we are not going to do that at the
2390
01:33:41,940 --> 01:33:43,620
moment there is no need for that we
2391
01:33:43,620 --> 01:33:45,239
already did that in the port scanner
2392
01:33:45,239 --> 01:33:47,760
program and I will leave that up to you
2393
01:33:47,760 --> 01:33:50,940
okay so with this we actually finish our
2394
01:33:50,940 --> 01:33:52,380
first project which will be the port
2395
01:33:52,380 --> 01:33:55,080
scanner and in the next project we're
2396
01:33:55,080 --> 01:33:56,639
going to take a look at how we can
2397
01:33:56,639 --> 01:33:58,620
create the vulnerability scanner which
2398
01:33:58,620 --> 01:34:01,020
will be based on this port scanner that
2399
01:34:01,020 --> 01:34:03,120
we just created so make sure not to
2400
01:34:03,120 --> 01:34:04,980
delete this program as we are going to
2401
01:34:04,980 --> 01:34:07,139
need it you also know that you will have
2402
01:34:07,139 --> 01:34:09,300
all of these actual programs in the
2403
01:34:09,300 --> 01:34:11,219
resources at the end of each project
2404
01:34:11,219 --> 01:34:13,199
okay so you can simply just download
2405
01:34:13,199 --> 01:34:16,260
them if you don't want to code them I
2406
01:34:16,260 --> 01:34:18,239
hope you enjoyed this lecture and I will
2407
01:34:18,239 --> 01:34:20,280
see you in the vulnerability scanner
2408
01:34:20,280 --> 01:34:22,800
project take care and bye welcome
2409
01:34:22,800 --> 01:34:25,380
everybody to our second project of this
2410
01:34:25,380 --> 01:34:27,360
course which would be a vulnerability
2411
01:34:27,360 --> 01:34:30,420
scanner all right so what we did by now
2412
01:34:30,420 --> 01:34:32,940
is we created our Port scanner which
2413
01:34:32,940 --> 01:34:34,920
managed to scan multiple targets as well
2414
01:34:34,920 --> 01:34:37,139
as one Target and also discover which
2415
01:34:37,139 --> 01:34:39,659
ports were open and closed and we also
2416
01:34:39,659 --> 01:34:40,920
managed to discover some of the
2417
01:34:40,920 --> 01:34:43,440
softwares running on those open ports
2418
01:34:43,440 --> 01:34:45,780
all right right now we want to advance
2419
01:34:45,780 --> 01:34:47,760
our game and create a vulnerability
2420
01:34:47,760 --> 01:34:49,560
scanner which will be able to detect
2421
01:34:49,560 --> 01:34:52,080
which of those softwares are potentially
2422
01:34:52,080 --> 01:34:54,780
vulnerable to some type of the attack
2423
01:34:54,780 --> 01:34:56,580
so there are a few approaches that we
2424
01:34:56,580 --> 01:34:59,159
can do in order to create this I picked
2425
01:34:59,159 --> 01:35:01,679
one which is going to be based on our
2426
01:35:01,679 --> 01:35:03,600
Port scanner meaning that we are first
2427
01:35:03,600 --> 01:35:06,060
going to import our Port scanner we are
2428
01:35:06,060 --> 01:35:08,460
going to scan for the open ports then we
2429
01:35:08,460 --> 01:35:10,380
are going to create a list of vulnerable
2430
01:35:10,380 --> 01:35:13,980
softwares in a txt file which then we're
2431
01:35:13,980 --> 01:35:16,080
going to also import into our program
2432
01:35:16,080 --> 01:35:18,179
and then we are going to compare the
2433
01:35:18,179 --> 01:35:20,280
softwares on the open ports with the
2434
01:35:20,280 --> 01:35:23,040
softwares named in the list or in our
2435
01:35:23,040 --> 01:35:25,860
txt file and if they do match that means
2436
01:35:25,860 --> 01:35:27,600
that we discover the loadable software
2437
01:35:27,600 --> 01:35:30,960
which can be exploited all right now you
2438
01:35:30,960 --> 01:35:32,400
can actually download some of these
2439
01:35:32,400 --> 01:35:34,080
vulnerable software's list over the
2440
01:35:34,080 --> 01:35:36,360
Internet or for the purposes of this
2441
01:35:36,360 --> 01:35:38,219
tutorial you can simply just create a
2442
01:35:38,219 --> 01:35:40,260
small list of a few softwares like I
2443
01:35:40,260 --> 01:35:42,780
will in order to test our program but
2444
01:35:42,780 --> 01:35:44,760
before we do any of that let us open up
2445
01:35:44,760 --> 01:35:47,460
our pycharm and create our new project
2446
01:35:47,460 --> 01:35:51,060
all right so I will open up my pycharm
2447
01:35:51,060 --> 01:35:53,940
by going here and typing pycharm
2448
01:35:53,940 --> 01:35:56,580
here it is it loaded fully and by
2449
01:35:56,580 --> 01:35:58,380
default it will open up our previous
2450
01:35:58,380 --> 01:36:00,360
project which will be the port scanner
2451
01:36:00,360 --> 01:36:02,340
project but we do not want to continue
2452
01:36:02,340 --> 01:36:05,040
coding inside of that project we want to
2453
01:36:05,040 --> 01:36:06,840
create a new one and then we are going
2454
01:36:06,840 --> 01:36:09,060
to copy paste the port scanner into that
2455
01:36:09,060 --> 01:36:10,500
new project
2456
01:36:10,500 --> 01:36:12,960
all right so let's wait for it to reopen
2457
01:36:12,960 --> 01:36:14,940
all of the files from the port scanner
2458
01:36:14,940 --> 01:36:15,840
project
2459
01:36:15,840 --> 01:36:18,480
okay so here it is now let's go on to
2460
01:36:18,480 --> 01:36:20,159
the file right here
2461
01:36:20,159 --> 01:36:23,480
click on the new project
2462
01:36:23,940 --> 01:36:26,100
under the create new project in the
2463
01:36:26,100 --> 01:36:28,440
location we can create a name for our
2464
01:36:28,440 --> 01:36:30,320
new project which would be
2465
01:36:30,320 --> 01:36:32,760
vulnerability or let's just type phone
2466
01:36:32,760 --> 01:36:34,739
scanner it doesn't really matter you can
2467
01:36:34,739 --> 01:36:37,139
call it anything you want and then click
2468
01:36:37,139 --> 01:36:39,360
on create it will ask you whether you
2469
01:36:39,360 --> 01:36:41,400
want to open the project inside of this
2470
01:36:41,400 --> 01:36:43,260
window or whether you want to create a
2471
01:36:43,260 --> 01:36:45,120
new window for it we can simply just
2472
01:36:45,120 --> 01:36:47,400
create this window
2473
01:36:47,400 --> 01:36:50,639
and it will open up the new project we
2474
01:36:50,639 --> 01:36:53,520
just created all right so here it is
2475
01:36:53,520 --> 01:36:54,900
it's creating all the dependencies
2476
01:36:54,900 --> 01:36:57,120
needed and right now what we're going to
2477
01:36:57,120 --> 01:37:00,540
do we're going to open up our terminal
2478
01:37:00,540 --> 01:37:02,340
we are going to navigate to our Port
2479
01:37:02,340 --> 01:37:04,800
scanner project using our terminal and
2480
01:37:04,800 --> 01:37:06,719
then we'll copy our Port scanner to the
2481
01:37:06,719 --> 01:37:09,840
vulnerability scanner right so let's go
2482
01:37:09,840 --> 01:37:13,080
to the pycharm projects if I type LS
2483
01:37:13,080 --> 01:37:16,020
here are both of these then we want to
2484
01:37:16,020 --> 01:37:18,060
navigate to the port scanner type LS
2485
01:37:18,060 --> 01:37:20,420
once again and we want to copy the port
2486
01:37:20,420 --> 01:37:23,580
scanner.py into the portability scanner
2487
01:37:23,580 --> 01:37:26,760
directory all right so CP port
2488
01:37:26,760 --> 01:37:30,780
scanner.py to the root pycharm and then
2489
01:37:30,780 --> 01:37:33,060
vulnerability scanner
2490
01:37:33,060 --> 01:37:36,120
press enter and in just a few seconds we
2491
01:37:36,120 --> 01:37:38,699
should see our Port scanner right here
2492
01:37:38,699 --> 01:37:43,159
okay so here it is let's open it up
2493
01:37:45,000 --> 01:37:47,040
and here is our program
2494
01:37:47,040 --> 01:37:49,020
now as I mentioned previously we are
2495
01:37:49,020 --> 01:37:50,820
going to base our vulnerability scanner
2496
01:37:50,820 --> 01:37:53,699
onto the sports scanner right here but
2497
01:37:53,699 --> 01:37:55,739
we're not going to code it right in this
2498
01:37:55,739 --> 01:37:57,120
program we're simply just going to
2499
01:37:57,120 --> 01:37:59,639
import our Port scanner as I showed you
2500
01:37:59,639 --> 01:38:01,380
in the previous video how you can do
2501
01:38:01,380 --> 01:38:03,179
that and we're going to perform some
2502
01:38:03,179 --> 01:38:05,340
small modifications to this program
2503
01:38:05,340 --> 01:38:07,260
right here for example we want to make
2504
01:38:07,260 --> 01:38:10,020
this program a class so we're going to
2505
01:38:10,020 --> 01:38:11,820
delete some of the functions right here
2506
01:38:11,820 --> 01:38:13,920
we're going to modify this part of the
2507
01:38:13,920 --> 01:38:15,960
program and we're going to create this
2508
01:38:15,960 --> 01:38:19,440
to be one giant class all right but more
2509
01:38:19,440 --> 01:38:21,540
about that in the next tutorial for now
2510
01:38:21,540 --> 01:38:23,760
on we just simply copy this we created
2511
01:38:23,760 --> 01:38:25,920
our new project and in the next video we
2512
01:38:25,920 --> 01:38:27,480
are ready to start coding our
2513
01:38:27,480 --> 01:38:30,840
vulnerability scanner alright so see you
2514
01:38:30,840 --> 01:38:33,300
there and take care bye
2515
01:38:33,300 --> 01:38:34,980
welcome back everybody
2516
01:38:34,980 --> 01:38:36,840
so for now we haven't really done
2517
01:38:36,840 --> 01:38:39,540
anything yet but we did import our Port
2518
01:38:39,540 --> 01:38:41,699
scanner and now we are ready to start
2519
01:38:41,699 --> 01:38:44,219
coding the main part of the program so
2520
01:38:44,219 --> 01:38:45,840
let's go to the vulnerability scanner
2521
01:38:45,840 --> 01:38:48,000
right here right click on it click on
2522
01:38:48,000 --> 01:38:50,639
the new and click on python file so all
2523
01:38:50,639 --> 01:38:52,320
of this stuff we already learned we know
2524
01:38:52,320 --> 01:38:54,540
how to do it and let's create a program
2525
01:38:54,540 --> 01:38:56,239
which will be called
2526
01:38:56,239 --> 01:38:59,040
wolfscan.py now first thing that we want
2527
01:38:59,040 --> 01:39:01,560
to do is of course to import our Port
2528
01:39:01,560 --> 01:39:04,040
scanner
2529
01:39:04,860 --> 01:39:06,840
which makes sure that it is in the same
2530
01:39:06,840 --> 01:39:09,000
directory that is important
2531
01:39:09,000 --> 01:39:10,980
and that is actually going to be the
2532
01:39:10,980 --> 01:39:12,360
only library that we are going to need
2533
01:39:12,360 --> 01:39:14,460
since these two libraries which are
2534
01:39:14,460 --> 01:39:16,139
going to be the socket library and the
2535
01:39:16,139 --> 01:39:18,900
ipy library are already imported inside
2536
01:39:18,900 --> 01:39:22,260
of this port scanner program all right
2537
01:39:22,260 --> 01:39:24,480
now you might notice once again that
2538
01:39:24,480 --> 01:39:26,699
this ipy is actually red underlined
2539
01:39:26,699 --> 01:39:28,620
which means that this Library does not
2540
01:39:28,620 --> 01:39:30,420
exist inside the default virtual
2541
01:39:30,420 --> 01:39:33,120
environment and we already talked about
2542
01:39:33,120 --> 01:39:35,460
this before you need to actually pip3
2543
01:39:35,460 --> 01:39:37,320
install it inside of this virtual
2544
01:39:37,320 --> 01:39:38,900
environment so let's do that right away
2545
01:39:38,900 --> 01:39:42,239
using our terminal make sure that you're
2546
01:39:42,239 --> 01:39:44,760
using terminal inside of the pycharm and
2547
01:39:44,760 --> 01:39:49,380
simply just type pip3 install ipy
2548
01:39:50,239 --> 01:39:53,280
it will install the library for you and
2549
01:39:53,280 --> 01:39:55,260
as soon as it is finished you should no
2550
01:39:55,260 --> 01:39:57,960
longer have this red underlined all
2551
01:39:57,960 --> 01:40:01,100
right so let's see
2552
01:40:01,739 --> 01:40:04,320
here it is it is gone now and now we
2553
01:40:04,320 --> 01:40:06,179
have all of the libraries needed to
2554
01:40:06,179 --> 01:40:08,699
complete our project all right so let's
2555
01:40:08,699 --> 01:40:10,320
go back to our main part of the program
2556
01:40:10,320 --> 01:40:13,020
we imported our Port scanner and now
2557
01:40:13,020 --> 01:40:14,639
let's think about all of the things that
2558
01:40:14,639 --> 01:40:16,139
we need in order to complete this
2559
01:40:16,139 --> 01:40:18,900
project so first of all of course we
2560
01:40:18,900 --> 01:40:20,760
need the target if we are going to scan
2561
01:40:20,760 --> 01:40:22,679
so we want to prompt the user of this
2562
01:40:22,679 --> 01:40:25,440
program for the target's IP address so
2563
01:40:25,440 --> 01:40:28,920
let's call it targets IP equals input
2564
01:40:28,920 --> 01:40:31,620
and we're going to actually ask the user
2565
01:40:31,620 --> 01:40:33,900
for the input of this
2566
01:40:33,900 --> 01:40:37,020
so let's type it like this and then we
2567
01:40:37,020 --> 01:40:42,120
can add a star sign enter Target to scan
2568
01:40:42,120 --> 01:40:46,020
for vulnerable open ports
2569
01:40:46,020 --> 01:40:49,080
okay so this will be the target's IP
2570
01:40:49,080 --> 01:40:51,060
once again we also want to make sure
2571
01:40:51,060 --> 01:40:53,460
that this can be both IP address and the
2572
01:40:53,460 --> 01:40:55,380
actual domain name but we don't need to
2573
01:40:55,380 --> 01:40:57,179
worry about that as that part of the
2574
01:40:57,179 --> 01:40:59,760
code is already located inside of our
2575
01:40:59,760 --> 01:41:02,699
Port scanner that we imported so no need
2576
01:41:02,699 --> 01:41:05,159
to code it once again let's just go to
2577
01:41:05,159 --> 01:41:07,500
the next line and also let's ask for the
2578
01:41:07,500 --> 01:41:09,659
user for the number of ports that they
2579
01:41:09,659 --> 01:41:12,360
want to scan now we didn't use it in our
2580
01:41:12,360 --> 01:41:14,580
Port scanner so why not use it right
2581
01:41:14,580 --> 01:41:16,440
here let's say they want to scan 100
2582
01:41:16,440 --> 01:41:18,659
ports and a different user wants to scan
2583
01:41:18,659 --> 01:41:21,420
200 ports let's add that as an available
2584
01:41:21,420 --> 01:41:24,480
option as well so port number
2585
01:41:24,480 --> 01:41:27,780
will be equal to the input
2586
01:41:27,780 --> 01:41:30,540
and in the second line we prompt the
2587
01:41:30,540 --> 01:41:33,679
user for the amount
2588
01:41:34,020 --> 01:41:36,900
of ports
2589
01:41:36,900 --> 01:41:38,820
you want
2590
01:41:38,820 --> 01:41:40,619
scan
2591
01:41:40,619 --> 01:41:42,780
and let's also notify them inside of the
2592
01:41:42,780 --> 01:41:45,060
brackets that 500 will mean
2593
01:41:45,060 --> 01:41:49,500
first 500 ports okay so in case they get
2594
01:41:49,500 --> 01:41:51,719
confused they know what they need to
2595
01:41:51,719 --> 01:41:54,659
specify all right now another important
2596
01:41:54,659 --> 01:41:56,340
thing that we need to do about this line
2597
01:41:56,340 --> 01:41:58,440
is we need to make sure that this port
2598
01:41:58,440 --> 01:42:01,380
number is an integer value for example
2599
01:42:01,380 --> 01:42:04,260
if the user specifies number 100 it will
2600
01:42:04,260 --> 01:42:06,420
be stored inside of this port number but
2601
01:42:06,420 --> 01:42:08,820
it will be stored as a string and not as
2602
01:42:08,820 --> 01:42:10,980
an integer therefore we need to wrap
2603
01:42:10,980 --> 01:42:13,219
this entire part
2604
01:42:13,219 --> 01:42:16,199
inside of an integer function and this
2605
01:42:16,199 --> 01:42:18,000
integer function simply just converts
2606
01:42:18,000 --> 01:42:20,400
whatever is inside of the brackets into
2607
01:42:20,400 --> 01:42:22,020
an integer value
2608
01:42:22,020 --> 01:42:24,300
keep in mind that you will get an error
2609
01:42:24,300 --> 01:42:26,820
in case the actual user of this program
2610
01:42:26,820 --> 01:42:29,520
specifies a string for example they type
2611
01:42:29,520 --> 01:42:32,639
the word tree well that word will not
2612
01:42:32,639 --> 01:42:34,860
get converted to an integer because that
2613
01:42:34,860 --> 01:42:36,840
is not possible therefore this will only
2614
01:42:36,840 --> 01:42:39,600
work if the user specifies the actual
2615
01:42:39,600 --> 01:42:42,300
number which should be the case as we
2616
01:42:42,300 --> 01:42:44,219
are indeed asking for a number therefore
2617
01:42:44,219 --> 01:42:46,860
we want to convert it to integer so our
2618
01:42:46,860 --> 01:42:49,380
program can continue executing alright
2619
01:42:49,380 --> 01:42:51,000
so now that we got these two things out
2620
01:42:51,000 --> 01:42:53,159
of the way there is a third and last
2621
01:42:53,159 --> 01:42:54,900
thing that we need to ask the user
2622
01:42:54,900 --> 01:42:56,580
before we actually start running the
2623
01:42:56,580 --> 01:42:58,560
main part of the program and that is
2624
01:42:58,560 --> 01:43:01,139
going to be the actual file from which
2625
01:43:01,139 --> 01:43:03,360
we're going to read vulnerable softwares
2626
01:43:03,360 --> 01:43:05,940
so for this program to run we need a
2627
01:43:05,940 --> 01:43:08,100
file as I mentioned at the beginning of
2628
01:43:08,100 --> 01:43:09,780
this section we need a file that is
2629
01:43:09,780 --> 01:43:11,940
going to store vulnerable software names
2630
01:43:11,940 --> 01:43:14,340
that then we're going to compare with
2631
01:43:14,340 --> 01:43:16,679
the softwares running on open ports so
2632
01:43:16,679 --> 01:43:18,420
we're going to call that
2633
01:43:18,420 --> 01:43:22,619
for example wool underscore file and it
2634
01:43:22,619 --> 01:43:24,060
will be equal
2635
01:43:24,060 --> 01:43:27,199
to the input
2636
01:43:30,239 --> 01:43:33,540
oops let's add the double quotes
2637
01:43:33,540 --> 01:43:36,659
so to the input
2638
01:43:36,659 --> 01:43:39,179
and then we prompt the user enter path
2639
01:43:39,179 --> 01:43:42,199
to the file
2640
01:43:42,480 --> 01:43:45,679
with vulnerable
2641
01:43:46,380 --> 01:43:48,420
softwares
2642
01:43:48,420 --> 01:43:50,460
okay so now that we finished everything
2643
01:43:50,460 --> 01:43:52,860
these are three things that we need in
2644
01:43:52,860 --> 01:43:54,480
order to run this program
2645
01:43:54,480 --> 01:43:56,880
let's print also the new line character
2646
01:43:56,880 --> 01:43:59,600
so right after this
2647
01:43:59,600 --> 01:44:03,540
we can have a little bit better View and
2648
01:44:03,540 --> 01:44:05,760
now we want to use the port scanner onto
2649
01:44:05,760 --> 01:44:08,100
our program all right so we're simply
2650
01:44:08,100 --> 01:44:09,659
just going to call the function Port
2651
01:44:09,659 --> 01:44:10,860
scanner
2652
01:44:10,860 --> 01:44:13,800
dot scan
2653
01:44:13,800 --> 01:44:17,040
onto the targets IP
2654
01:44:17,040 --> 01:44:18,659
okay now
2655
01:44:18,659 --> 01:44:20,820
if you think about this a little bit you
2656
01:44:20,820 --> 01:44:22,500
will notice that this will not actually
2657
01:44:22,500 --> 01:44:25,440
work now why this will not work well
2658
01:44:25,440 --> 01:44:27,360
there are a few problems with our Port
2659
01:44:27,360 --> 01:44:30,540
scanner not with the port scanner itself
2660
01:44:30,540 --> 01:44:33,179
but with the way that we imported it and
2661
01:44:33,179 --> 01:44:34,800
that we are going to use it inside of
2662
01:44:34,800 --> 01:44:37,260
our vulnerability scanner so first of
2663
01:44:37,260 --> 01:44:39,360
all we got a problem with this port
2664
01:44:39,360 --> 01:44:41,460
number variable
2665
01:44:41,460 --> 01:44:44,100
we cannot really paste it into our scan
2666
01:44:44,100 --> 01:44:46,800
function as our scan function only takes
2667
01:44:46,800 --> 01:44:48,420
one parameter so that is the first
2668
01:44:48,420 --> 01:44:51,239
problem as we don't really have a way to
2669
01:44:51,239 --> 01:44:53,520
actually tell the port scanner that we
2670
01:44:53,520 --> 01:44:55,619
want to use this exact amount of ports
2671
01:44:55,619 --> 01:44:57,600
so that is the part that we also need to
2672
01:44:57,600 --> 01:44:59,880
edit inside of a report scanner
2673
01:44:59,880 --> 01:45:01,920
now another thing that we want to do is
2674
01:45:01,920 --> 01:45:04,139
we want to convert this entire actual
2675
01:45:04,139 --> 01:45:06,600
Port scanner into a class
2676
01:45:06,600 --> 01:45:08,580
and we also want to get rid of some of
2677
01:45:08,580 --> 01:45:10,380
the functions that we don't need
2678
01:45:10,380 --> 01:45:13,020
and also we want to get rid of this part
2679
01:45:13,020 --> 01:45:14,460
of the program
2680
01:45:14,460 --> 01:45:16,139
since there is a lot to do with this
2681
01:45:16,139 --> 01:45:17,580
port scanner we are going to leave that
2682
01:45:17,580 --> 01:45:19,440
for the next tutorial so in the next
2683
01:45:19,440 --> 01:45:21,179
tutorial we're going to cover this port
2684
01:45:21,179 --> 01:45:23,219
scanner and convert it to the best
2685
01:45:23,219 --> 01:45:25,199
possible way for us to use it inside of
2686
01:45:25,199 --> 01:45:27,179
our vulnerability scanner and then we're
2687
01:45:27,179 --> 01:45:29,820
going to continue from there alright so
2688
01:45:29,820 --> 01:45:32,100
for now we simply just prompted the user
2689
01:45:32,100 --> 01:45:34,380
for the needed things and in the next
2690
01:45:34,380 --> 01:45:35,760
video we're going to cover the port
2691
01:45:35,760 --> 01:45:38,280
scanner and how we can convert it the
2692
01:45:38,280 --> 01:45:39,719
best way possible
2693
01:45:39,719 --> 01:45:42,719
see you there and take care bye hello
2694
01:45:42,719 --> 01:45:44,580
everybody and welcome to this tutorial
2695
01:45:44,580 --> 01:45:46,619
and right now let's cover the port
2696
01:45:46,619 --> 01:45:48,840
scanner conversion to a class
2697
01:45:48,840 --> 01:45:51,060
all right so anyone who's actually
2698
01:45:51,060 --> 01:45:53,699
covered and learned python before knows
2699
01:45:53,699 --> 01:45:55,560
what classes are and knows why they are
2700
01:45:55,560 --> 01:45:58,500
important and in this case in our case
2701
01:45:58,500 --> 01:46:00,420
we want to make sure that we converted
2702
01:46:00,420 --> 01:46:03,119
class for the better usage inside of
2703
01:46:03,119 --> 01:46:05,520
this vulnerability scanner project
2704
01:46:05,520 --> 01:46:07,380
all right so first thing that we are
2705
01:46:07,380 --> 01:46:08,340
going to do
2706
01:46:08,340 --> 01:46:10,320
is we're going to create the class at
2707
01:46:10,320 --> 01:46:12,780
the top of this program we're going to
2708
01:46:12,780 --> 01:46:15,300
create it with the keyword class and
2709
01:46:15,300 --> 01:46:17,340
then we're going to call it let's say
2710
01:46:17,340 --> 01:46:20,119
port scan
2711
01:46:20,580 --> 01:46:23,159
open and close brackets and add two dots
2712
01:46:23,159 --> 01:46:24,920
and this is how we can create a class
2713
01:46:24,920 --> 01:46:27,360
now all of these functions that we have
2714
01:46:27,360 --> 01:46:29,520
below we want to make sure that they
2715
01:46:29,520 --> 01:46:32,179
belong to our port scan class
2716
01:46:32,179 --> 01:46:35,520
so what we can do is we can tap each and
2717
01:46:35,520 --> 01:46:37,619
every line so let's do it one by one
2718
01:46:37,619 --> 01:46:40,020
like this and you will see that some of
2719
01:46:40,020 --> 01:46:41,940
these actual keywords will start
2720
01:46:41,940 --> 01:46:44,580
changing colors as they start belonging
2721
01:46:44,580 --> 01:46:47,219
to our port scan class all right so
2722
01:46:47,219 --> 01:46:50,600
let's do it like this
2723
01:46:53,159 --> 01:46:56,100
all of it should be tapped once so let's
2724
01:46:56,100 --> 01:46:58,800
go like this and the scan port at the
2725
01:46:58,800 --> 01:47:00,920
end
2726
01:47:09,719 --> 01:47:13,139
okay so here it is now this part of the
2727
01:47:13,139 --> 01:47:14,699
program you might be asking what we're
2728
01:47:14,699 --> 01:47:16,860
going to do with this well in this case
2729
01:47:16,860 --> 01:47:18,960
we don't need it so we can simply just
2730
01:47:18,960 --> 01:47:20,520
delete that
2731
01:47:20,520 --> 01:47:23,520
all we need are our class with these
2732
01:47:23,520 --> 01:47:25,800
functions right here let me just create
2733
01:47:25,800 --> 01:47:27,780
space between each of these functions so
2734
01:47:27,780 --> 01:47:29,639
we can see each and every one of them a
2735
01:47:29,639 --> 01:47:32,639
little bit better and now let's see what
2736
01:47:32,639 --> 01:47:34,619
we need to do in order to get this to
2737
01:47:34,619 --> 01:47:37,080
work well first of all we are missing a
2738
01:47:37,080 --> 01:47:38,820
function that every class needs and that
2739
01:47:38,820 --> 01:47:41,580
is the init function this init function
2740
01:47:41,580 --> 01:47:43,920
will be coded at the top of the class so
2741
01:47:43,920 --> 01:47:46,739
right below the initiation of the class
2742
01:47:46,739 --> 01:47:48,420
itself we're going to type def
2743
01:47:48,420 --> 01:47:51,540
underscore underscore init underscore
2744
01:47:51,540 --> 01:47:52,739
underscore
2745
01:47:52,739 --> 01:47:55,320
all right and you will notice that by
2746
01:47:55,320 --> 01:47:57,600
default if I open and close brackets it
2747
01:47:57,600 --> 01:47:59,639
will add this self argument as a
2748
01:47:59,639 --> 01:48:02,219
parameter to this init function or init
2749
01:48:02,219 --> 01:48:04,739
method right here and this self-argument
2750
01:48:04,739 --> 01:48:07,080
basically means that it is belonging to
2751
01:48:07,080 --> 01:48:08,940
this class and what we're going to
2752
01:48:08,940 --> 01:48:11,639
Define inside of this init method is all
2753
01:48:11,639 --> 01:48:14,159
of the stuff well all of the parameters
2754
01:48:14,159 --> 01:48:16,619
that are going to define the object to
2755
01:48:16,619 --> 01:48:18,900
our class for example we want to define
2756
01:48:18,900 --> 01:48:21,300
the target parameter and the port number
2757
01:48:21,300 --> 01:48:24,119
parameter that is an actual attribute to
2758
01:48:24,119 --> 01:48:27,179
our class which defines our object all
2759
01:48:27,179 --> 01:48:30,119
right so next to the self argument we
2760
01:48:30,119 --> 01:48:32,639
need to define those two attributes so
2761
01:48:32,639 --> 01:48:34,800
the first one we can call Target
2762
01:48:34,800 --> 01:48:36,780
and the second one which is the new one
2763
01:48:36,780 --> 01:48:40,560
will be called Port underscore number
2764
01:48:40,560 --> 01:48:44,100
all right so simple as that and in order
2765
01:48:44,100 --> 01:48:45,780
to Define them inside of the init
2766
01:48:45,780 --> 01:48:48,239
function we simply just type self.target
2767
01:48:48,239 --> 01:48:51,900
will be equal to Target and self dot
2768
01:48:51,900 --> 01:48:53,280
port number
2769
01:48:53,280 --> 01:48:56,280
will be equal to port number
2770
01:48:56,280 --> 01:48:57,900
and this is just a python way to
2771
01:48:57,900 --> 01:49:00,000
actually Define them so nothing really
2772
01:49:00,000 --> 01:49:02,219
important there let me just delete this
2773
01:49:02,219 --> 01:49:04,199
empty space and now that we have our
2774
01:49:04,199 --> 01:49:07,020
init function we need to add this self
2775
01:49:07,020 --> 01:49:10,500
argument or self parameter to each and
2776
01:49:10,500 --> 01:49:12,420
every function that belongs to this
2777
01:49:12,420 --> 01:49:13,560
class
2778
01:49:13,560 --> 01:49:15,480
so we're simply just going to go right
2779
01:49:15,480 --> 01:49:18,480
here and type self
2780
01:49:18,480 --> 01:49:22,760
we're also going to type self right here
2781
01:49:25,320 --> 01:49:28,580
self right here
2782
01:49:29,880 --> 01:49:34,219
and South right here
2783
01:49:36,719 --> 01:49:39,239
and another very important thing that we
2784
01:49:39,239 --> 01:49:41,880
should consider is that we don't need
2785
01:49:41,880 --> 01:49:44,820
any of these other parameters outside of
2786
01:49:44,820 --> 01:49:46,440
the self parameter
2787
01:49:46,440 --> 01:49:49,560
and why is that well once you define
2788
01:49:49,560 --> 01:49:52,320
those attributes that we need inside of
2789
01:49:52,320 --> 01:49:54,060
this init method right here
2790
01:49:54,060 --> 01:49:56,219
we can access these variables throughout
2791
01:49:56,219 --> 01:49:59,219
each and every function in our class
2792
01:49:59,219 --> 01:50:01,380
so we don't need to paste them as
2793
01:50:01,380 --> 01:50:03,300
parameters let us just delete everything
2794
01:50:03,300 --> 01:50:05,880
but the cell parameter from each and
2795
01:50:05,880 --> 01:50:08,420
every class
2796
01:50:10,619 --> 01:50:14,060
and right here as well
2797
01:50:14,580 --> 01:50:16,560
make sure you do not delete it from the
2798
01:50:16,560 --> 01:50:19,199
init methods so let's leave it like this
2799
01:50:19,199 --> 01:50:21,239
so now that we fixed all of the methods
2800
01:50:21,239 --> 01:50:23,940
let's restructure our program a little
2801
01:50:23,940 --> 01:50:26,639
bit so I will start off with this scan
2802
01:50:26,639 --> 01:50:28,440
Port function
2803
01:50:28,440 --> 01:50:30,360
all right so what we're going to do with
2804
01:50:30,360 --> 01:50:32,580
this scan Port function besides it's
2805
01:50:32,580 --> 01:50:34,679
doing the usual stuff that it did inside
2806
01:50:34,679 --> 01:50:37,320
of our Port scanner uh project we're
2807
01:50:37,320 --> 01:50:40,800
going to add the converted IP
2808
01:50:40,800 --> 01:50:43,619
into the scan Port function instead of
2809
01:50:43,619 --> 01:50:45,239
the scan function
2810
01:50:45,239 --> 01:50:47,280
so we're going to delete it from the
2811
01:50:47,280 --> 01:50:51,179
scan function first let's go right here
2812
01:50:51,179 --> 01:50:53,639
we also are not interested into printing
2813
01:50:53,639 --> 01:50:55,800
anymore since printing we are going to
2814
01:50:55,800 --> 01:50:57,480
do in the main program which is going to
2815
01:50:57,480 --> 01:50:59,820
be the vulnerability scanner so our scan
2816
01:50:59,820 --> 01:51:01,739
function will be left with just these
2817
01:51:01,739 --> 01:51:03,659
two lines of code while the conversion
2818
01:51:03,659 --> 01:51:05,580
of the IP address will be moved right
2819
01:51:05,580 --> 01:51:07,739
here into the scan Port function
2820
01:51:07,739 --> 01:51:10,020
so we're going to call the check IP
2821
01:51:10,020 --> 01:51:12,440
function
2822
01:51:14,340 --> 01:51:16,920
and you will notice right away that some
2823
01:51:16,920 --> 01:51:19,139
of the stuff inside of our class is
2824
01:51:19,139 --> 01:51:21,600
actually red underlined and by some of
2825
01:51:21,600 --> 01:51:23,460
the stuff I mean a lot of things such as
2826
01:51:23,460 --> 01:51:25,619
for example these check IPS underlined
2827
01:51:25,619 --> 01:51:28,500
these two variables are underlined these
2828
01:51:28,500 --> 01:51:30,420
get Banner is underlined the port is
2829
01:51:30,420 --> 01:51:32,580
underlined so all this stuff are
2830
01:51:32,580 --> 01:51:34,860
underlined which means that they are not
2831
01:51:34,860 --> 01:51:38,100
recognized by the pie charm well why is
2832
01:51:38,100 --> 01:51:38,820
that
2833
01:51:38,820 --> 01:51:41,159
let's start off first with the functions
2834
01:51:41,159 --> 01:51:43,860
themselves as to why they are underlined
2835
01:51:43,860 --> 01:51:45,960
once you create a class you need to
2836
01:51:45,960 --> 01:51:47,820
actually rename those functions when you
2837
01:51:47,820 --> 01:51:49,920
call them inside of the class you need
2838
01:51:49,920 --> 01:51:52,679
to add the self argument before
2839
01:51:52,679 --> 01:51:55,860
so for example if I type self dot check
2840
01:51:55,860 --> 01:51:58,560
IP you will notice that it will no
2841
01:51:58,560 --> 01:52:00,960
longer be a red underlined and this will
2842
01:52:00,960 --> 01:52:03,719
get recognized by the pycharm this is
2843
01:52:03,719 --> 01:52:05,520
just a way to call different methods
2844
01:52:05,520 --> 01:52:07,860
from the class itself so the class can
2845
01:52:07,860 --> 01:52:10,800
recognize that this check IP belongs to
2846
01:52:10,800 --> 01:52:13,980
its own methods and therefore it knows
2847
01:52:13,980 --> 01:52:17,040
which actual method to call
2848
01:52:17,040 --> 01:52:19,199
same goes with this get Banner function
2849
01:52:19,199 --> 01:52:21,840
right here which we can simply just add
2850
01:52:21,840 --> 01:52:24,780
self.get banner and it will stop being
2851
01:52:24,780 --> 01:52:26,760
read underline
2852
01:52:26,760 --> 01:52:28,500
let's see whether we have another
2853
01:52:28,500 --> 01:52:30,719
function which is red underline here it
2854
01:52:30,719 --> 01:52:33,300
is scan Port if I simply just type self
2855
01:52:33,300 --> 01:52:36,920
Dot scanport
2856
01:52:37,380 --> 01:52:40,380
we can see it works successfully
2857
01:52:40,380 --> 01:52:42,239
now but what are we going to do with
2858
01:52:42,239 --> 01:52:44,520
these actual variables which are red
2859
01:52:44,520 --> 01:52:47,340
underlined well first of all we don't
2860
01:52:47,340 --> 01:52:49,380
really need this IP address variable
2861
01:52:49,380 --> 01:52:51,659
anymore as we are actually getting the
2862
01:52:51,659 --> 01:52:53,460
IP address from our main part of the
2863
01:52:53,460 --> 01:52:54,840
program which is going to be the
2864
01:52:54,840 --> 01:52:57,420
target's ipv variable right here and
2865
01:52:57,420 --> 01:52:58,860
then we're going to paste it into our
2866
01:52:58,860 --> 01:53:01,440
class which will then get stored inside
2867
01:53:01,440 --> 01:53:04,020
of the cell.target variable which then
2868
01:53:04,020 --> 01:53:06,719
we can use throughout our class so let's
2869
01:53:06,719 --> 01:53:09,000
change it everywhere we can first of all
2870
01:53:09,000 --> 01:53:11,400
we're going to change it in the check IP
2871
01:53:11,400 --> 01:53:14,159
method so we're no longer checking the
2872
01:53:14,159 --> 01:53:16,199
IP from the IP we're checking the
2873
01:53:16,199 --> 01:53:19,199
eyepiece from the self the Target and
2874
01:53:19,199 --> 01:53:21,000
make sure that throughout of this class
2875
01:53:21,000 --> 01:53:22,920
you also use the self-argument when
2876
01:53:22,920 --> 01:53:25,679
specifying the variable name so we're
2877
01:53:25,679 --> 01:53:28,020
trying the ipfunction from self.target
2878
01:53:28,020 --> 01:53:30,540
and in case it works we're returning
2879
01:53:30,540 --> 01:53:32,280
self.target
2880
01:53:32,280 --> 01:53:34,800
in case it doesn't work we want to
2881
01:53:34,800 --> 01:53:37,440
return the get host by name from the
2882
01:53:37,440 --> 01:53:40,080
cell.target once again keep in mind that
2883
01:53:40,080 --> 01:53:42,659
this will store the IP address from our
2884
01:53:42,659 --> 01:53:44,340
Target machine
2885
01:53:44,340 --> 01:53:47,340
goes right here to the scan Port we
2886
01:53:47,340 --> 01:53:49,260
don't really need this converted IP
2887
01:53:49,260 --> 01:53:52,320
anymore and why won't we need it well we
2888
01:53:52,320 --> 01:53:53,639
don't need it because as you can see
2889
01:53:53,639 --> 01:53:56,280
this scan Port function doesn't take the
2890
01:53:56,280 --> 01:53:57,960
IP address as a parameter anymore
2891
01:53:57,960 --> 01:54:00,719
therefore this is red underlined so we
2892
01:54:00,719 --> 01:54:02,760
can simply delete it
2893
01:54:02,760 --> 01:54:06,179
but what with this port number well we
2894
01:54:06,179 --> 01:54:08,040
actually need to send this port as a
2895
01:54:08,040 --> 01:54:10,440
parameter because we are inside this for
2896
01:54:10,440 --> 01:54:12,840
Loop therefore this port will change
2897
01:54:12,840 --> 01:54:15,360
through each iteration and we need to
2898
01:54:15,360 --> 01:54:18,000
specify to this method right here which
2899
01:54:18,000 --> 01:54:21,000
iteration is it currently at so we need
2900
01:54:21,000 --> 01:54:22,440
to send the port as an argument
2901
01:54:22,440 --> 01:54:24,540
therefore we're going to go to the scan
2902
01:54:24,540 --> 01:54:25,500
port
2903
01:54:25,500 --> 01:54:27,780
and next to the self we're going to add
2904
01:54:27,780 --> 01:54:30,360
Port as a parameter and you will see
2905
01:54:30,360 --> 01:54:33,540
right here at these three spots the red
2906
01:54:33,540 --> 01:54:36,420
underline will go away as this port now
2907
01:54:36,420 --> 01:54:39,480
exists in this program and the last part
2908
01:54:39,480 --> 01:54:41,940
which thread underlined is this IP
2909
01:54:41,940 --> 01:54:43,679
address right here
2910
01:54:43,679 --> 01:54:46,199
once again we don't really need this IP
2911
01:54:46,199 --> 01:54:49,380
address anymore we have self.target and
2912
01:54:49,380 --> 01:54:50,940
right here since at the beginning of
2913
01:54:50,940 --> 01:54:53,280
this try statement we converted the IP
2914
01:54:53,280 --> 01:54:55,500
we don't need to specify cell.target
2915
01:54:55,500 --> 01:54:58,820
right here we can specify converted IP
2916
01:54:58,820 --> 01:55:01,500
all right since this will be the IP
2917
01:55:01,500 --> 01:55:03,540
address whether the target was specified
2918
01:55:03,540 --> 01:55:06,540
as a domain or simply as an IP address
2919
01:55:06,540 --> 01:55:08,100
all right
2920
01:55:08,100 --> 01:55:09,840
another thing that we want to make sure
2921
01:55:09,840 --> 01:55:11,820
is that we don't have unnecessary
2922
01:55:11,820 --> 01:55:14,100
functions that can be put inside of a
2923
01:55:14,100 --> 01:55:16,139
different functions for example this get
2924
01:55:16,139 --> 01:55:18,600
Banner can also be put inside of this
2925
01:55:18,600 --> 01:55:21,000
scan Port function therefore we don't
2926
01:55:21,000 --> 01:55:23,880
really need this method right here
2927
01:55:23,880 --> 01:55:26,159
so we can simply just delete the get
2928
01:55:26,159 --> 01:55:28,380
Banner
2929
01:55:28,380 --> 01:55:31,619
and we can put it right here
2930
01:55:31,619 --> 01:55:33,960
as you will see this will get flagged as
2931
01:55:33,960 --> 01:55:35,840
get Banner doesn't exist anymore
2932
01:55:35,840 --> 01:55:38,400
therefore instead of trying to call this
2933
01:55:38,400 --> 01:55:40,500
function what we're going to do
2934
01:55:40,500 --> 01:55:42,119
is we're going to write the get better
2935
01:55:42,119 --> 01:55:46,500
function code instead right here so suck
2936
01:55:46,500 --> 01:55:49,080
dot receive
2937
01:55:49,080 --> 01:55:52,800
we want to receive 1024 bytes
2938
01:55:52,800 --> 01:55:54,600
and we're simply just using the sock
2939
01:55:54,600 --> 01:55:57,119
object that we created right here so no
2940
01:55:57,119 --> 01:55:59,400
worries about that we don't need to name
2941
01:55:59,400 --> 01:56:01,860
it anything differently we also want to
2942
01:56:01,860 --> 01:56:05,060
decode the response
2943
01:56:05,880 --> 01:56:07,679
and the reason why we're decoding the
2944
01:56:07,679 --> 01:56:09,960
response is so we didn't really have to
2945
01:56:09,960 --> 01:56:12,659
do it later on right here
2946
01:56:12,659 --> 01:56:15,179
so once we decode the response we then
2947
01:56:15,179 --> 01:56:17,460
want to strip it
2948
01:56:17,460 --> 01:56:19,860
from any unnecessary characters such as
2949
01:56:19,860 --> 01:56:22,260
for example backslash n and also we want
2950
01:56:22,260 --> 01:56:25,820
to strip it from backslash r
2951
01:56:26,340 --> 01:56:28,260
and the reason why we are performing
2952
01:56:28,260 --> 01:56:29,659
this stripping part
2953
01:56:29,659 --> 01:56:32,400
is because especially in this program
2954
01:56:32,400 --> 01:56:34,380
right here in our vulnerability scanner
2955
01:56:34,380 --> 01:56:36,600
it is important to strip everything that
2956
01:56:36,600 --> 01:56:39,119
we don't need from the response as this
2957
01:56:39,119 --> 01:56:40,920
Banner variable will store the most
2958
01:56:40,920 --> 01:56:42,840
important and crucial part to our
2959
01:56:42,840 --> 01:56:45,179
vulnerability scanner as inside of this
2960
01:56:45,179 --> 01:56:46,860
program we are going to compare this
2961
01:56:46,860 --> 01:56:50,699
Bender variable with the actual content
2962
01:56:50,699 --> 01:56:53,100
from this vulnerability file in order if
2963
01:56:53,100 --> 01:56:55,560
they match so for example if we have the
2964
01:56:55,560 --> 01:56:57,719
same Banner in a vulnerability file and
2965
01:56:57,719 --> 01:56:59,760
the same Banner gets retrieved into this
2966
01:56:59,760 --> 01:57:02,100
variable and imagine that we do not
2967
01:57:02,100 --> 01:57:04,440
strip these actual characters from it
2968
01:57:04,440 --> 01:57:06,659
well our program will not really find
2969
01:57:06,659 --> 01:57:09,000
the match as they will be different only
2970
01:57:09,000 --> 01:57:10,800
by this character
2971
01:57:10,800 --> 01:57:12,780
so that's why we're stripping it as the
2972
01:57:12,780 --> 01:57:14,940
new line character is not important to
2973
01:57:14,940 --> 01:57:18,800
us all right so simple as that
2974
01:57:18,800 --> 01:57:21,960
the next thing we actually don't need is
2975
01:57:21,960 --> 01:57:23,699
these print statements right here we
2976
01:57:23,699 --> 01:57:26,219
needed them inside of our Port scanner
2977
01:57:26,219 --> 01:57:27,540
project but we don't need them anymore
2978
01:57:27,540 --> 01:57:29,340
as we are not really interested in
2979
01:57:29,340 --> 01:57:31,020
printing which ports are closed and
2980
01:57:31,020 --> 01:57:32,880
which ports are open
2981
01:57:32,880 --> 01:57:35,880
since this is not a port scanner
2982
01:57:35,880 --> 01:57:38,219
but however there is another problem
2983
01:57:38,219 --> 01:57:41,460
that will occur and that is that this
2984
01:57:41,460 --> 01:57:44,400
Banner can only store one Banner at a
2985
01:57:44,400 --> 01:57:45,420
time
2986
01:57:45,420 --> 01:57:47,760
but we need to retrieve multiple banners
2987
01:57:47,760 --> 01:57:50,159
if we find multiple ports open on the
2988
01:57:50,159 --> 01:57:51,840
targets and if we also manage to
2989
01:57:51,840 --> 01:57:53,460
retrieve multiple bandits from those
2990
01:57:53,460 --> 01:57:54,719
open ports
2991
01:57:54,719 --> 01:57:56,639
so we will need to store multiple
2992
01:57:56,639 --> 01:57:59,340
banners and not just one so how can we
2993
01:57:59,340 --> 01:58:01,260
fix that well
2994
01:58:01,260 --> 01:58:03,360
we can actually easily fix that we can
2995
01:58:03,360 --> 01:58:04,619
simply just add
2996
01:58:04,619 --> 01:58:07,199
a list which will be at the beginning of
2997
01:58:07,199 --> 01:58:09,360
our class right here we're going to call
2998
01:58:09,360 --> 01:58:11,520
it banners and in order to define a list
2999
01:58:11,520 --> 01:58:13,619
we specify these square brackets right
3000
01:58:13,619 --> 01:58:15,900
here by specifying open and close square
3001
01:58:15,900 --> 01:58:18,119
brackets we initiate that this Benders
3002
01:58:18,119 --> 01:58:20,580
list will be empty for now and then
3003
01:58:20,580 --> 01:58:22,380
every time we actually manage to
3004
01:58:22,380 --> 01:58:24,659
retrieve the banner right here
3005
01:58:24,659 --> 01:58:27,540
with this line we can then right after
3006
01:58:27,540 --> 01:58:30,480
it below append
3007
01:58:30,480 --> 01:58:33,599
the actual Banner to the banners list
3008
01:58:33,599 --> 01:58:35,940
just like this and you will notice that
3009
01:58:35,940 --> 01:58:38,340
this Banner is that these banners is red
3010
01:58:38,340 --> 01:58:40,080
underlined that means that we need to
3011
01:58:40,080 --> 01:58:43,560
add the self dot banners argument right
3012
01:58:43,560 --> 01:58:46,560
here and everything will work correctly
3013
01:58:46,560 --> 01:58:48,840
and in case we don't manage to retrieve
3014
01:58:48,840 --> 01:58:50,580
the banner we're simply just going to
3015
01:58:50,580 --> 01:58:54,480
pass for now all right and at the end we
3016
01:58:54,480 --> 01:58:56,099
can simply just close the connection
3017
01:58:56,099 --> 01:58:58,500
with sock.close
3018
01:58:58,500 --> 01:59:01,440
so simple as that let me see if
3019
01:59:01,440 --> 01:59:02,520
everything
3020
01:59:02,520 --> 01:59:05,340
is correct for now everything seems to
3021
01:59:05,340 --> 01:59:06,900
be good
3022
01:59:06,900 --> 01:59:09,900
our get check IP function is good our
3023
01:59:09,900 --> 01:59:11,580
scan is good
3024
01:59:11,580 --> 01:59:13,679
but don't worry
3025
01:59:13,679 --> 01:59:15,540
there is another thing that we actually
3026
01:59:15,540 --> 01:59:17,940
have to do which is going to be to
3027
01:59:17,940 --> 01:59:20,159
create another list which is going to be
3028
01:59:20,159 --> 01:59:23,940
the open ports list
3029
01:59:23,940 --> 01:59:25,800
now you might be asking why are we
3030
01:59:25,800 --> 01:59:27,540
actually doing this
3031
01:59:27,540 --> 01:59:29,639
and this is more easily showed than
3032
01:59:29,639 --> 01:59:31,560
explain but I will try to explain it
3033
01:59:31,560 --> 01:59:33,599
anyway right now and once we run the
3034
01:59:33,599 --> 01:59:35,099
program you will get it while we need
3035
01:59:35,099 --> 01:59:37,560
this open ports list for now on let me
3036
01:59:37,560 --> 01:59:40,020
just try to explain it well once we
3037
01:59:40,020 --> 01:59:41,940
actually created this class right here
3038
01:59:41,940 --> 01:59:44,460
with these three methods you notice that
3039
01:59:44,460 --> 01:59:46,500
we also had to create this banners list
3040
01:59:46,500 --> 01:59:48,659
right here in order to store multiple
3041
01:59:48,659 --> 01:59:49,860
banners
3042
01:59:49,860 --> 01:59:51,599
once you actually get to actually
3043
01:59:51,599 --> 01:59:54,179
printing those banners and open ports
3044
01:59:54,179 --> 01:59:56,400
into our vulnerability scanner we want
3045
01:59:56,400 --> 01:59:58,860
to make sure that each open port will
3046
01:59:58,860 --> 02:00:01,199
match to each banner and since we
3047
02:00:01,199 --> 02:00:03,480
removed all of the print statements we
3048
02:00:03,480 --> 02:00:05,699
cannot really print open port one by one
3049
02:00:05,699 --> 02:00:08,340
we have to store all of the open ports
3050
02:00:08,340 --> 02:00:09,900
somewhere and all of the banners
3051
02:00:09,900 --> 02:00:12,119
somewhere and then we have to print them
3052
02:00:12,119 --> 02:00:15,360
each element one by one that's why we
3053
02:00:15,360 --> 02:00:17,880
also need the open port list that we
3054
02:00:17,880 --> 02:00:20,159
created right here and after each time
3055
02:00:20,159 --> 02:00:22,199
we managed to connect to a port we will
3056
02:00:22,199 --> 02:00:25,260
add that port to the open ports list so
3057
02:00:25,260 --> 02:00:28,560
self dot open ports and then dot append
3058
02:00:28,560 --> 02:00:30,420
the same way we are adding the banners
3059
02:00:30,420 --> 02:00:33,119
we're also going to add open ports and
3060
02:00:33,119 --> 02:00:34,800
we're simply just going to specify right
3061
02:00:34,800 --> 02:00:37,080
here Port all right
3062
02:00:37,080 --> 02:00:41,639
now that is not the end of our problems
3063
02:00:41,639 --> 02:00:43,739
you will notice once we actually had
3064
02:00:43,739 --> 02:00:46,800
Port scanner projects that we had more
3065
02:00:46,800 --> 02:00:49,560
open ports than more panels retrieved
3066
02:00:49,560 --> 02:00:51,659
for example some of the ports that were
3067
02:00:51,659 --> 02:00:54,239
open and that we tagged as open weren't
3068
02:00:54,239 --> 02:00:56,940
sending us any Banner therefore we just
3069
02:00:56,940 --> 02:00:59,820
didn't have Banner for that open port
3070
02:00:59,820 --> 02:01:01,500
and that could present us a problem
3071
02:01:01,500 --> 02:01:04,739
because if we have 10 open ports for
3072
02:01:04,739 --> 02:01:06,780
example and we retrieve only three
3073
02:01:06,780 --> 02:01:09,840
banners then in one list which will be
3074
02:01:09,840 --> 02:01:11,639
the open ports list we will have 10
3075
02:01:11,639 --> 02:01:14,159
elements or 10 ports and in the banners
3076
02:01:14,159 --> 02:01:16,980
list we will have three elements and
3077
02:01:16,980 --> 02:01:18,659
therefore once we want to print each
3078
02:01:18,659 --> 02:01:21,239
element one by one for example the
3079
02:01:21,239 --> 02:01:23,820
element one from the open ports should
3080
02:01:23,820 --> 02:01:26,219
correspond to the element 1 from banners
3081
02:01:26,219 --> 02:01:29,219
and so on and so on it will get confused
3082
02:01:29,219 --> 02:01:31,500
in some of the open ports which don't
3083
02:01:31,500 --> 02:01:33,960
have banners will get banners and it
3084
02:01:33,960 --> 02:01:36,540
will all get mixed up and it will not be
3085
02:01:36,540 --> 02:01:38,760
correct therefore we want to make sure
3086
02:01:38,760 --> 02:01:40,980
that the open port list has the exact
3087
02:01:40,980 --> 02:01:43,619
same amount of elements as the Banner's
3088
02:01:43,619 --> 02:01:47,520
list has so each element can respond to
3089
02:01:47,520 --> 02:01:50,460
each element from the different list
3090
02:01:50,460 --> 02:01:52,500
how can we do that since we are
3091
02:01:52,500 --> 02:01:54,060
obviously going to have less banners
3092
02:01:54,060 --> 02:01:56,460
than open ports well we can fix that
3093
02:01:56,460 --> 02:01:58,800
just by instead of the pass statement
3094
02:01:58,800 --> 02:02:01,139
right here under the accept we can also
3095
02:02:01,139 --> 02:02:03,360
pen to the banners list
3096
02:02:03,360 --> 02:02:05,760
so for each open port we're going to
3097
02:02:05,760 --> 02:02:08,699
append anyway even if it manages to
3098
02:02:08,699 --> 02:02:10,320
retrieve the banner we are going to
3099
02:02:10,320 --> 02:02:12,119
append and if it doesn't manage to
3100
02:02:12,119 --> 02:02:13,920
retrieve the banner we're also going to
3101
02:02:13,920 --> 02:02:17,760
append so self.banners dot append but in
3102
02:02:17,760 --> 02:02:19,139
this case we are simply just going to
3103
02:02:19,139 --> 02:02:21,719
append empty space we're not going to
3104
02:02:21,719 --> 02:02:24,540
append any string or anything else it
3105
02:02:24,540 --> 02:02:26,520
will simply just be there so an element
3106
02:02:26,520 --> 02:02:30,060
can get added to the banners list all
3107
02:02:30,060 --> 02:02:32,580
right so we simply change this so we can
3108
02:02:32,580 --> 02:02:34,920
have the same amount of elements in both
3109
02:02:34,920 --> 02:02:37,800
banners and open ports
3110
02:02:37,800 --> 02:02:39,780
and with this we successfully
3111
02:02:39,780 --> 02:02:42,599
transformed our Port scanner into an
3112
02:02:42,599 --> 02:02:44,580
actual class that we can use inside of
3113
02:02:44,580 --> 02:02:47,159
our vulnerability scanner project and in
3114
02:02:47,159 --> 02:02:49,260
the next video we're going to see how we
3115
02:02:49,260 --> 02:02:50,820
can call this class from our
3116
02:02:50,820 --> 02:02:53,460
vulnerability scanner okay so thank you
3117
02:02:53,460 --> 02:02:55,199
for watching this tutorial and I will
3118
02:02:55,199 --> 02:02:58,560
see you in the next one bye
3119
02:02:58,560 --> 02:03:01,320
welcome back everybody let's see now how
3120
02:03:01,320 --> 02:03:03,239
we can actually call our Port scanner
3121
02:03:03,239 --> 02:03:06,060
class into our vulnerability scanner
3122
02:03:06,060 --> 02:03:09,119
program all right so we have everything
3123
02:03:09,119 --> 02:03:11,280
ready right here we switched everything
3124
02:03:11,280 --> 02:03:13,860
that we needed to we also added some of
3125
02:03:13,860 --> 02:03:15,719
the lists some of the specific
3126
02:03:15,719 --> 02:03:18,239
attributes to this class we changed some
3127
02:03:18,239 --> 02:03:20,340
of the functions as well as deleted the
3128
02:03:20,340 --> 02:03:23,820
get Banner method from this class and we
3129
02:03:23,820 --> 02:03:25,800
also added the conversion of IP address
3130
02:03:25,800 --> 02:03:28,800
into the scan Port method all right
3131
02:03:28,800 --> 02:03:31,080
so now that what we need to do is we
3132
02:03:31,080 --> 02:03:32,760
need to see how we can create an object
3133
02:03:32,760 --> 02:03:34,800
that will belong to this class and how
3134
02:03:34,800 --> 02:03:36,179
we can use it inside of our
3135
02:03:36,179 --> 02:03:38,460
vulnerability scanner program
3136
02:03:38,460 --> 02:03:40,860
well right away I can tell you that this
3137
02:03:40,860 --> 02:03:42,840
will not work because with this we're
3138
02:03:42,840 --> 02:03:44,699
simply specifying the name of the file
3139
02:03:44,699 --> 02:03:48,239
that we imported and then the function
3140
02:03:48,239 --> 02:03:51,119
but this function no longer exists as a
3141
02:03:51,119 --> 02:03:52,500
separate function inside of the port
3142
02:03:52,500 --> 02:03:55,739
scanner that function is now the actual
3143
02:03:55,739 --> 02:03:58,679
method to the port scan class
3144
02:03:58,679 --> 02:04:00,840
so in order to actually call that we
3145
02:04:00,840 --> 02:04:02,580
first of all need to create an object
3146
02:04:02,580 --> 02:04:04,679
that will belong to that class
3147
02:04:04,679 --> 02:04:06,719
and we can simply call that object
3148
02:04:06,719 --> 02:04:09,420
Target so simple as that Target will be
3149
02:04:09,420 --> 02:04:12,119
our object and in order to initiate that
3150
02:04:12,119 --> 02:04:13,920
object to belong to the portskin class
3151
02:04:13,920 --> 02:04:16,260
we first of all need to specify the port
3152
02:04:16,260 --> 02:04:17,940
scanner which is the file that we are
3153
02:04:17,940 --> 02:04:20,219
using the class from and then the name
3154
02:04:20,219 --> 02:04:22,260
of the class itself
3155
02:04:22,260 --> 02:04:24,840
now you will notice that if I specify
3156
02:04:24,840 --> 02:04:27,540
the open and close brackets pycharm will
3157
02:04:27,540 --> 02:04:30,000
suggest right away that this port scan
3158
02:04:30,000 --> 02:04:33,179
class takes two parameters
3159
02:04:33,179 --> 02:04:35,460
the first parameter will be the target's
3160
02:04:35,460 --> 02:04:38,520
IP address and the number of ports that
3161
02:04:38,520 --> 02:04:40,139
we want to scan for the vulnerable
3162
02:04:40,139 --> 02:04:41,219
software
3163
02:04:41,219 --> 02:04:43,440
now why does it say these two parameters
3164
02:04:43,440 --> 02:04:45,659
well inside of our Port scanner class
3165
02:04:45,659 --> 02:04:47,280
you will notice that we have two
3166
02:04:47,280 --> 02:04:50,400
variables inside of our init method and
3167
02:04:50,400 --> 02:04:52,199
these two variables are exactly what we
3168
02:04:52,199 --> 02:04:54,900
need to specify to our object so we need
3169
02:04:54,900 --> 02:04:56,639
to know the target's IP address as well
3170
02:04:56,639 --> 02:04:59,400
as the number of ports so let's specify
3171
02:04:59,400 --> 02:05:01,500
that we already prompted to the user for
3172
02:05:01,500 --> 02:05:03,599
these two values therefore we can simply
3173
02:05:03,599 --> 02:05:06,540
just specify right here targets AP and
3174
02:05:06,540 --> 02:05:10,560
then comma port number all right and we
3175
02:05:10,560 --> 02:05:12,659
successfully created the object to our
3176
02:05:12,659 --> 02:05:14,159
port scan class
3177
02:05:14,159 --> 02:05:16,440
right now in order to initiate the scan
3178
02:05:16,440 --> 02:05:19,020
itself so we can scan for the open ports
3179
02:05:19,020 --> 02:05:20,520
and retrieve the Banners To those open
3180
02:05:20,520 --> 02:05:22,860
ports we need to initiate the method
3181
02:05:22,860 --> 02:05:24,300
from this class
3182
02:05:24,300 --> 02:05:26,340
and how do we do that we need to
3183
02:05:26,340 --> 02:05:29,219
initiate the method onto our object from
3184
02:05:29,219 --> 02:05:31,320
the port scanner class
3185
02:05:31,320 --> 02:05:33,300
so how can we do that but first of all
3186
02:05:33,300 --> 02:05:34,980
we need to check which method we need to
3187
02:05:34,980 --> 02:05:37,800
initiate and ideally we want to initiate
3188
02:05:37,800 --> 02:05:40,020
one method which will call all of the
3189
02:05:40,020 --> 02:05:42,360
other methods as well and in our case
3190
02:05:42,360 --> 02:05:45,239
that method would be this can function
3191
02:05:45,239 --> 02:05:48,179
as scan method called the scan Port
3192
02:05:48,179 --> 02:05:51,000
method and the scan Port method calls
3193
02:05:51,000 --> 02:05:53,340
the check IP method as well as checks
3194
02:05:53,340 --> 02:05:55,139
for the banners and adds them to the
3195
02:05:55,139 --> 02:05:55,980
list
3196
02:05:55,980 --> 02:05:59,159
so we need to type right here Target dot
3197
02:05:59,159 --> 02:06:00,960
scan
3198
02:06:00,960 --> 02:06:04,080
and simply we just these two lines we
3199
02:06:04,080 --> 02:06:06,599
perform the entire scan for open ports
3200
02:06:06,599 --> 02:06:10,139
and softwares on our Target's IP address
3201
02:06:10,139 --> 02:06:12,239
all we're left to do right now is
3202
02:06:12,239 --> 02:06:14,400
compare those banners that we retrieved
3203
02:06:14,400 --> 02:06:16,739
from the open ports with the banners
3204
02:06:16,739 --> 02:06:18,599
that we will have in a separate file
3205
02:06:18,599 --> 02:06:20,099
that we're just going that we're going
3206
02:06:20,099 --> 02:06:22,500
to create in just a second and if we
3207
02:06:22,500 --> 02:06:25,560
find a match that means that we found a
3208
02:06:25,560 --> 02:06:27,300
vulnerable software
3209
02:06:27,300 --> 02:06:30,239
all right so first of all we need to
3210
02:06:30,239 --> 02:06:32,280
perform something and that will be the
3211
02:06:32,280 --> 02:06:34,619
scanning of a Target and then we're
3212
02:06:34,619 --> 02:06:36,599
going to add two or three banners to the
3213
02:06:36,599 --> 02:06:38,460
actual txt file which then we're going
3214
02:06:38,460 --> 02:06:39,420
to use
3215
02:06:39,420 --> 02:06:41,280
well let me just show you it is easier
3216
02:06:41,280 --> 02:06:43,080
if I just show you first of all I will
3217
02:06:43,080 --> 02:06:45,659
enlarge this Zoom this in
3218
02:06:45,659 --> 02:06:47,699
and I will navigate to our pychon
3219
02:06:47,699 --> 02:06:49,739
projects as well as the port scanner
3220
02:06:49,739 --> 02:06:52,920
project and here if I simply just python
3221
02:06:52,920 --> 02:06:55,800
the port scanner.py
3222
02:06:55,800 --> 02:06:59,900
and let's say we test this website test
3223
02:06:59,900 --> 02:07:03,360
php.oneweb.com press your enter it will
3224
02:07:03,360 --> 02:07:05,099
scan for the open ports and we will
3225
02:07:05,099 --> 02:07:07,080
retrieve some banners from it
3226
02:07:07,080 --> 02:07:09,119
then we're going to copy these banners
3227
02:07:09,119 --> 02:07:11,940
and add them into a txt file which then
3228
02:07:11,940 --> 02:07:14,219
we will use inside of this program
3229
02:07:14,219 --> 02:07:16,320
so let's say we want to copy first two
3230
02:07:16,320 --> 02:07:18,540
banners all right we're just going to
3231
02:07:18,540 --> 02:07:21,420
wait for a few seconds for this scan to
3232
02:07:21,420 --> 02:07:24,179
finish and keep in mind we are using the
3233
02:07:24,179 --> 02:07:26,040
port scanner tool that we created so you
3234
02:07:26,040 --> 02:07:28,199
can see it can be sometimes useful
3235
02:07:28,199 --> 02:07:30,719
especially when you try to gather more
3236
02:07:30,719 --> 02:07:32,960
information about the targets machine
3237
02:07:32,960 --> 02:07:35,280
alright so here it is it has finished
3238
02:07:35,280 --> 02:07:38,400
now let's copy this
3239
02:07:38,400 --> 02:07:40,440
we don't need that IP address we're
3240
02:07:40,440 --> 02:07:42,360
going to copy this
3241
02:07:42,360 --> 02:07:44,940
then right here under the volt scanner
3242
02:07:44,940 --> 02:07:46,980
we're going to click on new but instead
3243
02:07:46,980 --> 02:07:48,719
of new python file we simply just want
3244
02:07:48,719 --> 02:07:50,880
to create new file it will be called
3245
02:07:50,880 --> 02:07:54,119
let's say Vol underscore file or no
3246
02:07:54,119 --> 02:07:55,500
let's not call it like the actual
3247
02:07:55,500 --> 02:07:59,880
variable uh wallbanners.txt
3248
02:07:59,880 --> 02:08:01,560
let's call it just like that and then
3249
02:08:01,560 --> 02:08:03,719
right here we're going to paste this as
3250
02:08:03,719 --> 02:08:05,219
a first Banner
3251
02:08:05,219 --> 02:08:07,679
and as a second Banner we are going to
3252
02:08:07,679 --> 02:08:09,000
paste
3253
02:08:09,000 --> 02:08:12,659
let's say this copy selection
3254
02:08:12,659 --> 02:08:15,900
and paste it right here all right so
3255
02:08:15,900 --> 02:08:19,619
here it is we got two banners ready
3256
02:08:19,619 --> 02:08:21,719
and now let's see if we managed to find
3257
02:08:21,719 --> 02:08:24,599
these two matches with our vulnerability
3258
02:08:24,599 --> 02:08:28,080
scanner okay so first of all what we
3259
02:08:28,080 --> 02:08:29,820
need to do in order to compare the
3260
02:08:29,820 --> 02:08:32,159
banners with the banners from the file
3261
02:08:32,159 --> 02:08:34,739
we need to open that file first so how
3262
02:08:34,739 --> 02:08:36,599
can we do that well in Python we do it
3263
02:08:36,599 --> 02:08:41,239
with this statement so with open
3264
02:08:41,340 --> 02:08:43,920
and then open and close brackets and
3265
02:08:43,920 --> 02:08:45,780
first parameter to this open function
3266
02:08:45,780 --> 02:08:48,060
would be the file name which is stored
3267
02:08:48,060 --> 02:08:50,760
inside of this wall file variable so
3268
02:08:50,760 --> 02:08:54,900
with open wall underscore file
3269
02:08:54,900 --> 02:08:56,699
and the second parameter would be how
3270
02:08:56,699 --> 02:08:58,380
you want to actually open it in our case
3271
02:08:58,380 --> 02:09:00,480
we want to open that file for reading so
3272
02:09:00,480 --> 02:09:02,520
we want to read from it you also have
3273
02:09:02,520 --> 02:09:04,320
the write and append option but in this
3274
02:09:04,320 --> 02:09:06,360
case we're going to open the file for
3275
02:09:06,360 --> 02:09:08,159
reading which we specified just by
3276
02:09:08,159 --> 02:09:10,860
simply typing smaller case r
3277
02:09:10,860 --> 02:09:13,020
and then we specify
3278
02:09:13,020 --> 02:09:15,719
as and then the name of the file object
3279
02:09:15,719 --> 02:09:18,060
as file let's call it like that so with
3280
02:09:18,060 --> 02:09:20,099
open vulnerability file for reading as
3281
02:09:20,099 --> 02:09:21,300
filed
3282
02:09:21,300 --> 02:09:24,420
then we need to perform the comparison
3283
02:09:24,420 --> 02:09:26,940
of these banners what we're going to do
3284
02:09:26,940 --> 02:09:28,920
first is we're going to add a count
3285
02:09:28,920 --> 02:09:32,159
variable which will be equal to 0 and
3286
02:09:32,159 --> 02:09:33,780
then we're going to take a look at all
3287
02:09:33,780 --> 02:09:35,699
of the banners that we gathered during
3288
02:09:35,699 --> 02:09:38,460
our scan all right so how can we do that
3289
02:09:38,460 --> 02:09:40,800
we can access those vendors by simply
3290
02:09:40,800 --> 02:09:44,460
typing Target dot banners
3291
02:09:44,460 --> 02:09:47,099
how can we do that well since we created
3292
02:09:47,099 --> 02:09:48,780
this object right here
3293
02:09:48,780 --> 02:09:51,540
this object besides these two variables
3294
02:09:51,540 --> 02:09:54,719
also has these two variables right here
3295
02:09:54,719 --> 02:09:57,239
or these two lists should I say so we
3296
02:09:57,239 --> 02:09:59,340
can also access them as well if we want
3297
02:09:59,340 --> 02:10:01,199
to using our object
3298
02:10:01,199 --> 02:10:04,260
so Target banners and what we want to do
3299
02:10:04,260 --> 02:10:06,659
with that is we want to iterate over it
3300
02:10:06,659 --> 02:10:08,340
so for Banner
3301
02:10:08,340 --> 02:10:12,000
in target.banners
3302
02:10:12,719 --> 02:10:14,639
we first of all want to navigate to the
3303
02:10:14,639 --> 02:10:16,980
beginning of our ball banners.txt file
3304
02:10:16,980 --> 02:10:20,400
and we can do that using file.seek zero
3305
02:10:20,400 --> 02:10:22,679
and the reason why we need this line is
3306
02:10:22,679 --> 02:10:25,080
because in case we remove this
3307
02:10:25,080 --> 02:10:27,960
it will only find the first result and
3308
02:10:27,960 --> 02:10:29,520
it will not manage to find the second
3309
02:10:29,520 --> 02:10:31,860
result because it will take the first
3310
02:10:31,860 --> 02:10:34,320
Banner then it will iterate over all of
3311
02:10:34,320 --> 02:10:36,540
the banners inside of this list and if
3312
02:10:36,540 --> 02:10:39,000
it finds it it will be stuck at the end
3313
02:10:39,000 --> 02:10:41,460
of the actual file and it will not get
3314
02:10:41,460 --> 02:10:43,380
back to read it from the beginning for
3315
02:10:43,380 --> 02:10:45,840
the next Banner it will just read it
3316
02:10:45,840 --> 02:10:47,820
from where it stopped that's why after
3317
02:10:47,820 --> 02:10:50,159
every Banner we need to actually seek to
3318
02:10:50,159 --> 02:10:52,320
the beginning of this file which we do
3319
02:10:52,320 --> 02:10:55,440
using file.seek zero zero means simply
3320
02:10:55,440 --> 02:10:57,540
return to the beginning and read all
3321
02:10:57,540 --> 02:10:59,699
over again
3322
02:10:59,699 --> 02:11:02,400
and now we need to iterate once again so
3323
02:11:02,400 --> 02:11:04,139
four line
3324
02:11:04,139 --> 02:11:07,920
in file.readlines
3325
02:11:08,520 --> 02:11:09,960
and you will notice that we actually
3326
02:11:09,960 --> 02:11:11,880
have two functions right here one is
3327
02:11:11,880 --> 02:11:14,880
read line and one is read lines if you
3328
02:11:14,880 --> 02:11:17,400
use Redline it will only read one
3329
02:11:17,400 --> 02:11:19,500
characters one by one so we don't really
3330
02:11:19,500 --> 02:11:21,599
want that we want to use read line so it
3331
02:11:21,599 --> 02:11:23,639
actually leads line by line
3332
02:11:23,639 --> 02:11:25,500
so let's just type it right here for
3333
02:11:25,500 --> 02:11:28,560
line in file dot read lines
3334
02:11:28,560 --> 02:11:30,480
and since this is a function we need to
3335
02:11:30,480 --> 02:11:33,239
open and close brackets
3336
02:11:33,239 --> 02:11:36,060
and now we can compare the banners if
3337
02:11:36,060 --> 02:11:38,460
line dot strip we want to strip it from
3338
02:11:38,460 --> 02:11:40,080
anything that might cause some problems
3339
02:11:40,080 --> 02:11:42,659
in matching these two banners and keep
3340
02:11:42,659 --> 02:11:44,520
in mind that this line is simply just
3341
02:11:44,520 --> 02:11:47,219
aligned from the dxt file for example it
3342
02:11:47,219 --> 02:11:50,040
can be this and then we need to compare
3343
02:11:50,040 --> 02:11:52,619
that with the banners from this list
3344
02:11:52,619 --> 02:11:55,739
right here so ifline.strip
3345
02:11:55,739 --> 02:11:57,719
in Banner
3346
02:11:57,719 --> 02:11:59,760
in Banner that we are currently reading
3347
02:11:59,760 --> 02:12:01,739
from this list
3348
02:12:01,739 --> 02:12:04,139
so if line.strips in better
3349
02:12:04,139 --> 02:12:06,599
and then here we want to print
3350
02:12:06,599 --> 02:12:08,940
let's print it like this
3351
02:12:08,940 --> 02:12:11,880
so open single quote
3352
02:12:11,880 --> 02:12:13,860
two exclamation marks and let's print in
3353
02:12:13,860 --> 02:12:18,360
capital letters for example vulnerable
3354
02:12:18,780 --> 02:12:20,940
Banner
3355
02:12:20,940 --> 02:12:22,260
and then
3356
02:12:22,260 --> 02:12:24,239
let's also add double quotes to our
3357
02:12:24,239 --> 02:12:26,639
actual string so we can add it between
3358
02:12:26,639 --> 02:12:30,659
the banner plus the banner itself Plus
3359
02:12:30,659 --> 02:12:33,239
and then single quotes double quotes at
3360
02:12:33,239 --> 02:12:36,060
the beginning and then on Port
3361
02:12:36,060 --> 02:12:40,040
and let's print it like this
3362
02:12:41,280 --> 02:12:44,639
plus the string
3363
02:12:44,639 --> 02:12:46,739
and here want to actually print the port
3364
02:12:46,739 --> 02:12:48,780
number corresponding to that specific
3365
02:12:48,780 --> 02:12:51,239
Banner so how can we do that
3366
02:12:51,239 --> 02:12:52,980
well that is why we need this count
3367
02:12:52,980 --> 02:12:55,380
variable since discount variable will
3368
02:12:55,380 --> 02:12:57,540
keep a track of each element that we'd
3369
02:12:57,540 --> 02:12:59,340
pass by by scanning each and every
3370
02:12:59,340 --> 02:13:01,619
Banner so each and every Banner will
3371
02:13:01,619 --> 02:13:04,320
correspond to the exact same number of
3372
02:13:04,320 --> 02:13:07,560
elements inside of this open ports list
3373
02:13:07,560 --> 02:13:09,900
right here so for example if the count
3374
02:13:09,900 --> 02:13:12,599
variable came to number three that means
3375
02:13:12,599 --> 02:13:14,579
we are scanning third banner and that
3376
02:13:14,579 --> 02:13:17,460
third Banner will be corresponding to
3377
02:13:17,460 --> 02:13:20,280
the third element of the open ports list
3378
02:13:20,280 --> 02:13:22,800
which will be the actual port number to
3379
02:13:22,800 --> 02:13:25,199
that specific better so in order to
3380
02:13:25,199 --> 02:13:27,300
access that list we need to type the
3381
02:13:27,300 --> 02:13:29,760
target object Dot
3382
02:13:29,760 --> 02:13:33,000
open ports we can access it the same way
3383
02:13:33,000 --> 02:13:35,099
that we access the banners so dot open
3384
02:13:35,099 --> 02:13:37,619
ports and here we need to specify which
3385
02:13:37,619 --> 02:13:39,179
element are we looking for and we
3386
02:13:39,179 --> 02:13:40,920
specify that in the square brackets
3387
02:13:40,920 --> 02:13:42,000
right here
3388
02:13:42,000 --> 02:13:46,079
so then we add right here count
3389
02:13:46,079 --> 02:13:48,900
so simple as that
3390
02:13:48,900 --> 02:13:52,079
for some reason we are getting these red
3391
02:13:52,079 --> 02:13:53,520
lines
3392
02:13:53,520 --> 02:13:56,540
in for example line dot strip port
3393
02:13:56,540 --> 02:13:59,520
scanner.port scan
3394
02:13:59,520 --> 02:14:02,840
and why is that
3395
02:14:03,239 --> 02:14:05,520
well let's just finish this
3396
02:14:05,520 --> 02:14:07,860
so we don't forget the last line which
3397
02:14:07,860 --> 02:14:09,659
will be to actually increase the count
3398
02:14:09,659 --> 02:14:12,000
variable by one and you need to keep in
3399
02:14:12,000 --> 02:14:13,560
mind where are you actually increasing
3400
02:14:13,560 --> 02:14:15,719
it inside of each Loop well you want to
3401
02:14:15,719 --> 02:14:17,520
increase it inside of this Loop but you
3402
02:14:17,520 --> 02:14:19,679
don't want to increase it inside of this
3403
02:14:19,679 --> 02:14:21,900
Loop so you want to increase it after
3404
02:14:21,900 --> 02:14:24,300
you pass every Banner you increase the
3405
02:14:24,300 --> 02:14:26,219
element by one because you proceed to
3406
02:14:26,219 --> 02:14:28,199
the next Banner in the list therefore we
3407
02:14:28,199 --> 02:14:31,320
want to increase it right here so count
3408
02:14:31,320 --> 02:14:35,060
plus equals 1.
3409
02:14:36,300 --> 02:14:38,579
okay so everything seems to be working
3410
02:14:38,579 --> 02:14:41,699
correctly we just seem to have bunch of
3411
02:14:41,699 --> 02:14:43,980
Errors right here but let's try to run
3412
02:14:43,980 --> 02:14:46,139
the program so we can see
3413
02:14:46,139 --> 02:14:48,360
what type of errors are those so we'll
3414
02:14:48,360 --> 02:14:50,040
scan Dot py
3415
02:14:50,040 --> 02:14:54,139
and it says right here invalid syntax
3416
02:14:54,139 --> 02:14:57,540
let's see where that is invalid syntax
3417
02:14:57,540 --> 02:14:59,820
inside of the profile
3418
02:14:59,820 --> 02:15:02,639
okay so we have a bracket extra so let's
3419
02:15:02,639 --> 02:15:06,800
delete this try it once again
3420
02:15:07,320 --> 02:15:09,719
oh no we actually do not have a bracket
3421
02:15:09,719 --> 02:15:11,520
extra
3422
02:15:11,520 --> 02:15:13,920
we're not even fixing the correct part
3423
02:15:13,920 --> 02:15:16,800
it is inside this wall file yeah we have
3424
02:15:16,800 --> 02:15:18,960
an extra square bracket right here so
3425
02:15:18,960 --> 02:15:21,060
let's delete that and if I run it once
3426
02:15:21,060 --> 02:15:21,840
again
3427
02:15:21,840 --> 02:15:24,239
I know we can notice that we no longer
3428
02:15:24,239 --> 02:15:26,940
have any errors so this extra bracket
3429
02:15:26,940 --> 02:15:29,159
right here created as the problem throat
3430
02:15:29,159 --> 02:15:31,260
the entire program so now that we fixed
3431
02:15:31,260 --> 02:15:34,020
it this should work enter Target to scan
3432
02:15:34,020 --> 02:15:36,719
for vulnerable open ports let's type
3433
02:15:36,719 --> 02:15:40,320
uh test php.1 web
3434
02:15:40,320 --> 02:15:41,699
.com
3435
02:15:41,699 --> 02:15:44,159
we want to scan for first 100 boards
3436
02:15:44,159 --> 02:15:46,020
because both of the vulnerable softwares
3437
02:15:46,020 --> 02:15:48,420
are located inside of the first 100
3438
02:15:48,420 --> 02:15:51,060
ports and we want to enter the path to
3439
02:15:51,060 --> 02:15:52,560
the file with vulnerable softwares while
3440
02:15:52,560 --> 02:15:54,780
in our case since the actual file is
3441
02:15:54,780 --> 02:15:56,579
inside the same directory as our program
3442
02:15:56,579 --> 02:15:58,920
we don't need to specify the path we can
3443
02:15:58,920 --> 02:16:01,260
simply just passify the file name but if
3444
02:16:01,260 --> 02:16:03,300
this file was in another directory you
3445
02:16:03,300 --> 02:16:04,980
would need to specify the full path to
3446
02:16:04,980 --> 02:16:06,420
the directory
3447
02:16:06,420 --> 02:16:10,440
in our case wallbanners.txt
3448
02:16:10,920 --> 02:16:13,560
press here enter and now we wait for it
3449
02:16:13,560 --> 02:16:15,840
to perform the scan first of the first
3450
02:16:15,840 --> 02:16:18,239
100 ports then it will go to this
3451
02:16:18,239 --> 02:16:20,520
iteration right here with opening of the
3452
02:16:20,520 --> 02:16:22,320
file and then comparing the banners and
3453
02:16:22,320 --> 02:16:24,540
if it manages to find the banner that
3454
02:16:24,540 --> 02:16:27,300
matches in both of the banners list and
3455
02:16:27,300 --> 02:16:30,119
the actual file that we open then it
3456
02:16:30,119 --> 02:16:31,739
will print native vulnerable software
3457
02:16:31,739 --> 02:16:34,558
has been found alright so let's see
3458
02:16:34,558 --> 02:16:36,780
right here it might take a few seconds
3459
02:16:36,780 --> 02:16:38,519
to finish
3460
02:16:38,519 --> 02:16:40,978
and here it is we found two vulnerable
3461
02:16:40,978 --> 02:16:42,599
banners as it prints right here
3462
02:16:42,599 --> 02:16:46,080
vulnerable Banner with this name right
3463
02:16:46,080 --> 02:16:49,439
here on Port 21 and vulnerable Banner
3464
02:16:49,439 --> 02:16:53,280
with this name on Port 22. alright so
3465
02:16:53,280 --> 02:16:55,799
good we managed to find vulnerable
3466
02:16:55,799 --> 02:16:57,959
banners and now we can simply just
3467
02:16:57,959 --> 02:17:00,898
proceed to exploit the target with these
3468
02:17:00,898 --> 02:17:04,799
two vulnerabilities all right so that
3469
02:17:04,799 --> 02:17:06,299
would be about it for this vulnerability
3470
02:17:06,299 --> 02:17:07,799
scanner as you can see it is not really
3471
02:17:07,799 --> 02:17:10,620
that big of a project it is mostly based
3472
02:17:10,620 --> 02:17:12,540
on our Port scanner we simply just
3473
02:17:12,540 --> 02:17:15,718
compare the actual banners from the file
3474
02:17:15,718 --> 02:17:18,420
and the scan itself and then we print it
3475
02:17:18,420 --> 02:17:21,780
out alright so once again this is
3476
02:17:21,780 --> 02:17:23,218
something that you can download from the
3477
02:17:23,218 --> 02:17:25,558
Internet or you can simply just create
3478
02:17:25,558 --> 02:17:28,080
it by yourself just by adding multiple
3479
02:17:28,080 --> 02:17:29,820
vulnerable banners to this list and then
3480
02:17:29,820 --> 02:17:32,218
creating your own list
3481
02:17:32,218 --> 02:17:35,040
and then you can use this program in
3482
02:17:35,040 --> 02:17:37,978
order to scan the Target in the next
3483
02:17:37,978 --> 02:17:39,959
video we are going to perform the recap
3484
02:17:39,959 --> 02:17:42,299
of this actual project we're going to
3485
02:17:42,299 --> 02:17:44,040
see once again how this program works
3486
02:17:44,040 --> 02:17:46,019
briefly explain it once again in case
3487
02:17:46,019 --> 02:17:47,218
there is something that you missed or
3488
02:17:47,218 --> 02:17:49,320
did not understand and then we are going
3489
02:17:49,320 --> 02:17:52,679
to proceed to our next project thank you
3490
02:17:52,679 --> 02:17:54,058
for watching and see you in the next
3491
02:17:54,058 --> 02:17:57,179
lecture bye welcome back let's perform a
3492
02:17:57,179 --> 02:18:00,058
recap on our vulnerability scanner all
3493
02:18:00,058 --> 02:18:01,978
right so let's go step by step so the
3494
02:18:01,978 --> 02:18:04,080
first thing that we did is we imported
3495
02:18:04,080 --> 02:18:06,718
our Port scanner that we coded in the
3496
02:18:06,718 --> 02:18:08,040
previous project
3497
02:18:08,040 --> 02:18:10,439
now in order for this port scanner to
3498
02:18:10,439 --> 02:18:11,638
work we perform some of the
3499
02:18:11,638 --> 02:18:14,099
modifications to the code Itself by
3500
02:18:14,099 --> 02:18:16,558
adding the actual port scan class which
3501
02:18:16,558 --> 02:18:18,359
will have these multiple methods and
3502
02:18:18,359 --> 02:18:20,580
each one of them will perform a separate
3503
02:18:20,580 --> 02:18:21,898
task
3504
02:18:21,898 --> 02:18:23,398
we also performed some little
3505
02:18:23,398 --> 02:18:25,859
modifications to the actual parameters
3506
02:18:25,859 --> 02:18:28,138
themselves and also deleted the get
3507
02:18:28,138 --> 02:18:30,660
Banner function and we put it inside of
3508
02:18:30,660 --> 02:18:33,120
the scan Port function we also removed
3509
02:18:33,120 --> 02:18:34,740
all the print statements as we do not
3510
02:18:34,740 --> 02:18:36,540
need them and we added two different
3511
02:18:36,540 --> 02:18:39,000
lists which is the banners list and the
3512
02:18:39,000 --> 02:18:41,340
open ports list in order to be able to
3513
02:18:41,340 --> 02:18:44,040
print the banners and open ports inside
3514
02:18:44,040 --> 02:18:47,280
of our vulnerability scanner after that
3515
02:18:47,280 --> 02:18:49,019
we then created these three variables
3516
02:18:49,019 --> 02:18:50,398
which will store all of the needed
3517
02:18:50,398 --> 02:18:52,260
information for our Port scanner to run
3518
02:18:52,260 --> 02:18:54,898
if we initiated an object right after it
3519
02:18:54,898 --> 02:18:56,939
which will belong to the class port scan
3520
02:18:56,939 --> 02:18:59,398
we then initiated the scan Itself by
3521
02:18:59,398 --> 02:19:01,019
calling the scan method from the port
3522
02:19:01,019 --> 02:19:02,340
scan class
3523
02:19:02,340 --> 02:19:04,799
after the scan has finished we now know
3524
02:19:04,799 --> 02:19:07,558
that after this line in our open ports
3525
02:19:07,558 --> 02:19:09,840
list right here and in our banners list
3526
02:19:09,840 --> 02:19:12,058
later here we have all of the results
3527
02:19:12,058 --> 02:19:13,320
ready
3528
02:19:13,320 --> 02:19:16,019
so then after the scan we open the file
3529
02:19:16,019 --> 02:19:18,299
which contains the vulnerable softwares
3530
02:19:18,299 --> 02:19:20,099
on an open port
3531
02:19:20,099 --> 02:19:22,439
as soon as we open the file we created
3532
02:19:22,439 --> 02:19:23,939
the count variable which is really
3533
02:19:23,939 --> 02:19:25,859
important in order to keep the track of
3534
02:19:25,859 --> 02:19:28,679
elements in the banners and open ports
3535
02:19:28,679 --> 02:19:29,519
as well
3536
02:19:29,519 --> 02:19:32,099
after every Banner that we scanned we
3537
02:19:32,099 --> 02:19:33,959
increase the count variable by 1 and
3538
02:19:33,959 --> 02:19:36,420
proceed to the next banner and then we
3539
02:19:36,420 --> 02:19:39,179
compare the line with the banner itself
3540
02:19:39,179 --> 02:19:41,218
and if there is any part that matches
3541
02:19:41,218 --> 02:19:43,799
with the banner we will print it as a
3542
02:19:43,799 --> 02:19:45,780
vulnerable Banner as well as specify
3543
02:19:45,780 --> 02:19:49,320
which Port this software is running on
3544
02:19:49,320 --> 02:19:52,920
all right so now that we recapped all of
3545
02:19:52,920 --> 02:19:54,960
the things that we did let's perform one
3546
02:19:54,960 --> 02:19:57,660
final test to see whether it works if I
3547
02:19:57,660 --> 02:19:58,859
clear this
3548
02:19:58,859 --> 02:20:03,420
Python 3 and then ballscan.py
3549
02:20:03,420 --> 02:20:05,460
let's perform the same test once again
3550
02:20:05,460 --> 02:20:08,720
mobile web.com
3551
02:20:08,760 --> 02:20:12,840
first 100 ports and wall banners
3552
02:20:12,840 --> 02:20:15,540
.txt now you might be asking the reason
3553
02:20:15,540 --> 02:20:17,880
why we are performing these Recaps after
3554
02:20:17,880 --> 02:20:20,040
every project well it is in case you
3555
02:20:20,040 --> 02:20:21,240
missed something or didn't understand
3556
02:20:21,240 --> 02:20:23,280
something so we just go over the code
3557
02:20:23,280 --> 02:20:27,240
one more time in short term and it will
3558
02:20:27,240 --> 02:20:28,800
also help you to remember everything
3559
02:20:28,800 --> 02:20:31,439
better and to fully understand the
3560
02:20:31,439 --> 02:20:34,380
program once it is fully coded and once
3561
02:20:34,380 --> 02:20:36,660
it is working as well as we can see we
3562
02:20:36,660 --> 02:20:38,399
got the exact same result as in the
3563
02:20:38,399 --> 02:20:39,960
previous video and we managed to find
3564
02:20:39,960 --> 02:20:42,420
both of the vulnerable banners which is
3565
02:20:42,420 --> 02:20:43,439
good
3566
02:20:43,439 --> 02:20:47,359
now if I try to for example scan my
3567
02:20:47,359 --> 02:20:49,680
router's IP address
3568
02:20:49,680 --> 02:20:51,300
100
3569
02:20:51,300 --> 02:20:54,359
world banners.txt
3570
02:20:54,359 --> 02:20:56,340
it will scan my router and you will see
3571
02:20:56,340 --> 02:20:58,319
it will not find any vulnerable
3572
02:20:58,319 --> 02:21:00,720
softwares as there is not any open port
3573
02:21:00,720 --> 02:21:03,180
on my router which is running one of
3574
02:21:03,180 --> 02:21:06,000
these two softwares all right so that
3575
02:21:06,000 --> 02:21:07,560
would be about it for this project I
3576
02:21:07,560 --> 02:21:09,540
hope you enjoyed it and in the next
3577
02:21:09,540 --> 02:21:11,520
video we're going to see how we can
3578
02:21:11,520 --> 02:21:13,380
still gain access to the Target machine
3579
02:21:13,380 --> 02:21:15,660
even if we don't find a vulnerable
3580
02:21:15,660 --> 02:21:17,760
software running on an open port and we
3581
02:21:17,760 --> 02:21:19,800
don't know how to exploit it we're going
3582
02:21:19,800 --> 02:21:21,300
to take a look at some of the different
3583
02:21:21,300 --> 02:21:23,819
things that we can do in order to enter
3584
02:21:23,819 --> 02:21:25,740
the targets machine such as for example
3585
02:21:25,740 --> 02:21:28,500
performing the SSH brute force and
3586
02:21:28,500 --> 02:21:31,500
gaining the SSH access to the Target
3587
02:21:31,500 --> 02:21:33,120
so we're going to see how we can do that
3588
02:21:33,120 --> 02:21:35,580
in our next project and after that many
3589
02:21:35,580 --> 02:21:37,140
more projects to go so thank you for
3590
02:21:37,140 --> 02:21:39,180
watching this tutorial and I will see
3591
02:21:39,180 --> 02:21:42,000
you in the next lecture bye hello
3592
02:21:42,000 --> 02:21:44,460
everyone and this is our bonus video for
3593
02:21:44,460 --> 02:21:47,580
the SSH Brute Force section and in this
3594
02:21:47,580 --> 02:21:49,140
video I will demonstrate how you can
3595
02:21:49,140 --> 02:21:51,479
install met exploitable as a virtual
3596
02:21:51,479 --> 02:21:52,620
machine
3597
02:21:52,620 --> 02:21:54,120
alright so there are a few things that
3598
02:21:54,120 --> 02:21:55,740
you need to do first of all you need to
3599
02:21:55,740 --> 02:21:57,720
open up your Google Chrome and type in
3600
02:21:57,720 --> 02:22:00,060
the metasploitable name inside of your
3601
02:22:00,060 --> 02:22:01,020
search bar
3602
02:22:01,020 --> 02:22:02,760
then you should navigate to the first
3603
02:22:02,760 --> 02:22:04,680
link which will be the sourceforce.net
3604
02:22:04,680 --> 02:22:07,680
metasploitable download click on it and
3605
02:22:07,680 --> 02:22:09,479
simply click on this green download
3606
02:22:09,479 --> 02:22:12,000
button it will start downloading this
3607
02:22:12,000 --> 02:22:14,520
ZIP file which is around 800 megabytes
3608
02:22:14,520 --> 02:22:17,460
large and once it has finished then you
3609
02:22:17,460 --> 02:22:19,620
can extract it to the desktop
3610
02:22:19,620 --> 02:22:21,780
or simply just move it to the desktop
3611
02:22:21,780 --> 02:22:25,280
create a new folder
3612
02:22:25,740 --> 02:22:27,359
call that folder for example
3613
02:22:27,359 --> 02:22:30,359
metasploitable
3614
02:22:30,960 --> 02:22:35,359
paste this ZIP file into that folder
3615
02:22:35,399 --> 02:22:37,800
then we want to extract all of the files
3616
02:22:37,800 --> 02:22:41,280
inside of this folder that we created
3617
02:22:41,280 --> 02:22:43,140
now this will take a few seconds to
3618
02:22:43,140 --> 02:22:45,560
finish and we should receive the
3619
02:22:45,560 --> 02:22:47,819
metasploitable.vmdk file which then we
3620
02:22:47,819 --> 02:22:49,740
will use in order to create our virtual
3621
02:22:49,740 --> 02:22:51,479
machine with all the vulnerable
3622
02:22:51,479 --> 02:22:53,819
softwares now the only thing we need
3623
02:22:53,819 --> 02:22:55,859
from this virtual machine is the SSH
3624
02:22:55,859 --> 02:22:58,920
client so once again if you have any SSH
3625
02:22:58,920 --> 02:23:01,380
service running on any other machine you
3626
02:23:01,380 --> 02:23:02,640
don't really need to do this you can
3627
02:23:02,640 --> 02:23:05,460
perform the SSH brute force on any SSH
3628
02:23:05,460 --> 02:23:08,220
machine that you managed to find and of
3629
02:23:08,220 --> 02:23:09,660
course that you have the permission to
3630
02:23:09,660 --> 02:23:12,899
test on alright so this is fist we got
3631
02:23:12,899 --> 02:23:15,180
this file right here and you will see a
3632
02:23:15,180 --> 02:23:16,620
couple of files in which we are
3633
02:23:16,620 --> 02:23:18,600
interested in this metasploitable file
3634
02:23:18,600 --> 02:23:22,260
which is dot vmdk it is the size of 1.79
3635
02:23:22,260 --> 02:23:25,319
gigabytes and right now we need to open
3636
02:23:25,319 --> 02:23:27,000
up our virtualbox
3637
02:23:27,000 --> 02:23:29,640
click on new
3638
02:23:29,640 --> 02:23:31,920
put in a name for your virtual machine
3639
02:23:31,920 --> 02:23:35,340
for example let's call it Metasploit
3640
02:23:35,340 --> 02:23:37,620
and make sure that under the type you
3641
02:23:37,620 --> 02:23:39,780
set Linux and under the version you set
3642
02:23:39,780 --> 02:23:42,840
all the way down other Linux 64-bit
3643
02:23:42,840 --> 02:23:44,540
click on next
3644
02:23:44,540 --> 02:23:47,100
512 megabytes is more than enough for
3645
02:23:47,100 --> 02:23:49,260
this machine so click on next and
3646
02:23:49,260 --> 02:23:51,000
instead of going with the create a
3647
02:23:51,000 --> 02:23:52,920
virtual hard disk now as we did with the
3648
02:23:52,920 --> 02:23:55,080
color Linux machine we want to go to the
3649
02:23:55,080 --> 02:23:57,180
use an existing virtual hard disk file
3650
02:23:57,180 --> 02:24:00,120
click on this and right here click on
3651
02:24:00,120 --> 02:24:02,520
this icon where it will open this video
3652
02:24:02,520 --> 02:24:04,500
where you can simply just find your
3653
02:24:04,500 --> 02:24:08,220
metasploitable vmdk file and use it as
3654
02:24:08,220 --> 02:24:10,319
your hard disk since I don't have it
3655
02:24:10,319 --> 02:24:12,960
right here I want to go to the ad
3656
02:24:12,960 --> 02:24:15,540
then I want to navigate to the desktop
3657
02:24:15,540 --> 02:24:18,240
2D met exploitable and then this file
3658
02:24:18,240 --> 02:24:20,060
and here it is the
3659
02:24:20,060 --> 02:24:24,140
metasploitable.vndk click on open
3660
02:24:24,300 --> 02:24:27,780
try to find it right here here it is I
3661
02:24:27,780 --> 02:24:30,000
will simply just double click on it it
3662
02:24:30,000 --> 02:24:32,100
will automatically set it right here and
3663
02:24:32,100 --> 02:24:33,960
I will click on create
3664
02:24:33,960 --> 02:24:36,120
as soon as that has finished we also
3665
02:24:36,120 --> 02:24:37,979
want to set the network settings that we
3666
02:24:37,979 --> 02:24:40,380
used in the Cal Linux we also want to
3667
02:24:40,380 --> 02:24:42,359
set it in the metasploitable as well so
3668
02:24:42,359 --> 02:24:44,340
go to the bridge adapter and set the
3669
02:24:44,340 --> 02:24:46,620
ethernet cable connection and once again
3670
02:24:46,620 --> 02:24:48,780
make sure cable connected is checked
3671
02:24:48,780 --> 02:24:52,020
click on OK and now you can start the
3672
02:24:52,020 --> 02:24:54,300
machine so I will simply just click on
3673
02:24:54,300 --> 02:24:56,939
start and you will notice that this
3674
02:24:56,939 --> 02:24:58,800
actual machine doesn't take too long to
3675
02:24:58,800 --> 02:25:01,560
install it will take just two or three
3676
02:25:01,560 --> 02:25:03,840
minutes possibly and then we are ready
3677
02:25:03,840 --> 02:25:07,140
to proceed with our brute forcer for the
3678
02:25:07,140 --> 02:25:10,020
SSH service all right so it says
3679
02:25:10,020 --> 02:25:12,180
starting up right here
3680
02:25:12,180 --> 02:25:14,100
it will automatically download and
3681
02:25:14,100 --> 02:25:15,780
install all of this stuff and all the
3682
02:25:15,780 --> 02:25:17,460
softwares that it needs so we don't
3683
02:25:17,460 --> 02:25:19,620
really have to do anything all we need
3684
02:25:19,620 --> 02:25:22,080
to do is to log into the machine once it
3685
02:25:22,080 --> 02:25:24,300
has finished installing everything all
3686
02:25:24,300 --> 02:25:25,979
right so we are going to wait for that
3687
02:25:25,979 --> 02:25:28,200
to finish and here it is it is already
3688
02:25:28,200 --> 02:25:31,380
over it is asking us for the login and
3689
02:25:31,380 --> 02:25:33,720
you will notice that above the actual
3690
02:25:33,720 --> 02:25:35,939
login it tells us that the username and
3691
02:25:35,939 --> 02:25:39,479
password is msf admin and msf admin so
3692
02:25:39,479 --> 02:25:41,760
let's go right here and type rsf admin
3693
02:25:41,760 --> 02:25:46,260
and as a password as well msf admin
3694
02:25:46,260 --> 02:25:48,600
clear the screen since this is just a
3695
02:25:48,600 --> 02:25:50,399
command line machine and if I type
3696
02:25:50,399 --> 02:25:53,160
ifconfig I make sure that we are in the
3697
02:25:53,160 --> 02:25:55,380
same local area network with the IP
3698
02:25:55,380 --> 02:25:56,780
address of
3699
02:25:56,780 --> 02:25:59,819
192.168.1.3 and this is basically it we
3700
02:25:59,819 --> 02:26:01,680
successfully downloaded and installed
3701
02:26:01,680 --> 02:26:04,020
metasploitable virtual machine
3702
02:26:04,020 --> 02:26:05,580
so thank you for watching this tutorial
3703
02:26:05,580 --> 02:26:07,800
and I will see you in the next lecture
3704
02:26:07,800 --> 02:26:09,180
bye
3705
02:26:09,180 --> 02:26:11,340
hello everybody and welcome to our third
3706
02:26:11,340 --> 02:26:13,500
project which is going to be the SSH
3707
02:26:13,500 --> 02:26:16,680
brute forcer so for now on we managed to
3708
02:26:16,680 --> 02:26:18,780
scan the open ports to determine which
3709
02:26:18,780 --> 02:26:20,939
ones were closed which ones were open we
3710
02:26:20,939 --> 02:26:22,740
also managed to scan for the softwares
3711
02:26:22,740 --> 02:26:24,720
running on those open ports and now
3712
02:26:24,720 --> 02:26:27,000
let's imagine an example that we didn't
3713
02:26:27,000 --> 02:26:28,680
really manage to find any vulnerable
3714
02:26:28,680 --> 02:26:30,780
software running on those open ports
3715
02:26:30,780 --> 02:26:32,760
well now we have to turn to different
3716
02:26:32,760 --> 02:26:35,220
approaches such as for example trying to
3717
02:26:35,220 --> 02:26:37,140
gain access through some of those
3718
02:26:37,140 --> 02:26:39,420
Services running all those open ports
3719
02:26:39,420 --> 02:26:41,460
and we're going to take a look at the
3720
02:26:41,460 --> 02:26:43,260
first one which is going to be the SSH
3721
02:26:43,260 --> 02:26:46,620
Brute Force now what is an SSH
3722
02:26:46,620 --> 02:26:48,720
well sh is a way that you can
3723
02:26:48,720 --> 02:26:50,460
communicate and control the target
3724
02:26:50,460 --> 02:26:53,100
machine over the Internet just by
3725
02:26:53,100 --> 02:26:55,560
performing the SSH connection to that
3726
02:26:55,560 --> 02:26:56,819
specific machine
3727
02:26:56,819 --> 02:26:59,280
now of course it is a secure protocol
3728
02:26:59,280 --> 02:27:01,260
therefore we would need the username and
3729
02:27:01,260 --> 02:27:03,540
password in order to gain access to that
3730
02:27:03,540 --> 02:27:06,120
specific machine over the SSH protocol
3731
02:27:06,120 --> 02:27:08,280
now for the purposes of this project
3732
02:27:08,280 --> 02:27:10,140
we're going to use a virtual machine
3733
02:27:10,140 --> 02:27:13,140
which is called metasploitable now I
3734
02:27:13,140 --> 02:27:15,120
downloaded it and already installed it
3735
02:27:15,120 --> 02:27:18,420
here it is and in case you don't know
3736
02:27:18,420 --> 02:27:21,060
how to do that I created a bonus video
3737
02:27:21,060 --> 02:27:22,740
which is going to be at the last section
3738
02:27:22,740 --> 02:27:25,080
of this course and there you should see
3739
02:27:25,080 --> 02:27:27,540
the bonus video which simply just shows
3740
02:27:27,540 --> 02:27:29,420
you how to download and install
3741
02:27:29,420 --> 02:27:32,100
metasploitable now I will assume that
3742
02:27:32,100 --> 02:27:34,319
you already have it and that you watch
3743
02:27:34,319 --> 02:27:35,880
that video so I will simply just start
3744
02:27:35,880 --> 02:27:38,359
this machine
3745
02:27:38,819 --> 02:27:40,800
and first of all we're going to take a
3746
02:27:40,800 --> 02:27:42,359
look at how we can simply just connect
3747
02:27:42,359 --> 02:27:45,300
over the SSH using our terminal and then
3748
02:27:45,300 --> 02:27:47,100
we're going to try to implement all of
3749
02:27:47,100 --> 02:27:50,399
that into our SSH Brute Force program
3750
02:27:50,399 --> 02:27:52,260
now there will be two versions of this
3751
02:27:52,260 --> 02:27:54,540
program one will be a regular sh brute
3752
02:27:54,540 --> 02:27:56,819
force and the other one will be the SSH
3753
02:27:56,819 --> 02:28:00,060
brute forcer with threading library now
3754
02:28:00,060 --> 02:28:02,399
the reason why we do that is because if
3755
02:28:02,399 --> 02:28:04,200
you use a Threading library in order to
3756
02:28:04,200 --> 02:28:05,819
perform brute forcing it will
3757
02:28:05,819 --> 02:28:08,040
automatically be faster than simply just
3758
02:28:08,040 --> 02:28:10,620
using one thread in order to perform the
3759
02:28:10,620 --> 02:28:12,120
Brute Force
3760
02:28:12,120 --> 02:28:14,520
but let's not bother ourselves with that
3761
02:28:14,520 --> 02:28:16,800
right now let's see how we can connect
3762
02:28:16,800 --> 02:28:19,740
to the SSH using our terminal so our
3763
02:28:19,740 --> 02:28:22,439
machine is up and running we log in
3764
02:28:22,439 --> 02:28:25,800
using the msf admin as a username and
3765
02:28:25,800 --> 02:28:29,700
msf admin as a password and here it is
3766
02:28:29,700 --> 02:28:32,340
everything works correctly if I type
3767
02:28:32,340 --> 02:28:34,500
ifconfig I will check my IP address
3768
02:28:34,500 --> 02:28:36,500
which is going to be
3769
02:28:36,500 --> 02:28:39,300
192.168.1.3 so I need to remember that
3770
02:28:39,300 --> 02:28:42,240
open up my terminal let me enlarge all
3771
02:28:42,240 --> 02:28:43,740
of this in
3772
02:28:43,740 --> 02:28:46,319
and now try to connect to that IP
3773
02:28:46,319 --> 02:28:49,020
address using as Sage protocol so SSH
3774
02:28:49,020 --> 02:28:51,260
and then
3775
02:28:51,260 --> 02:28:54,720
192.168.1.3 press here enter and here
3776
02:28:54,720 --> 02:28:56,399
are some of the stuff that happens once
3777
02:28:56,399 --> 02:28:58,439
you try to connect over the sh the
3778
02:28:58,439 --> 02:29:00,600
authenticity of the host can be
3779
02:29:00,600 --> 02:29:03,359
established as a key fingerprint is and
3780
02:29:03,359 --> 02:29:05,280
then this one are sure you want to
3781
02:29:05,280 --> 02:29:07,979
continue connecting we want to type here
3782
02:29:07,979 --> 02:29:10,020
yes
3783
02:29:10,020 --> 02:29:12,060
and it will tell us that it permanently
3784
02:29:12,060 --> 02:29:14,580
added the RSA to the list of known hosts
3785
02:29:14,580 --> 02:29:16,920
now this is just some regular stuff that
3786
02:29:16,920 --> 02:29:18,359
happens once you try to actually connect
3787
02:29:18,359 --> 02:29:21,120
to the sh and we're going to have to
3788
02:29:21,120 --> 02:29:22,620
implement some of these things in our
3789
02:29:22,620 --> 02:29:24,660
program as well so keep in mind for that
3790
02:29:24,660 --> 02:29:27,899
right now and it will ask us to connect
3791
02:29:27,899 --> 02:29:29,760
to the root account which we don't
3792
02:29:29,760 --> 02:29:32,040
really want so I'm just going to click
3793
02:29:32,040 --> 02:29:34,500
exit right here
3794
02:29:34,500 --> 02:29:37,800
I will control C and then I will SSH msf
3795
02:29:37,800 --> 02:29:42,000
admin and then add 192.168.1.3
3796
02:29:43,680 --> 02:29:46,740
okay and the password will be msf admin
3797
02:29:46,740 --> 02:29:49,380
if I'm not mistaken and here it is we
3798
02:29:49,380 --> 02:29:50,939
successfully managed to connect to the
3799
02:29:50,939 --> 02:29:53,700
msf admin account on the multiploitable
3800
02:29:53,700 --> 02:29:56,580
virtual machine using the SSH from our
3801
02:29:56,580 --> 02:29:59,340
terminal all right and now if I type
3802
02:29:59,340 --> 02:30:01,740
5config in this terminal you will see
3803
02:30:01,740 --> 02:30:04,380
that we get the exact same IP address as
3804
02:30:04,380 --> 02:30:06,600
we got when I typed ifconfig inside our
3805
02:30:06,600 --> 02:30:07,859
metasploitable
3806
02:30:07,859 --> 02:30:09,660
so we basically got something like a
3807
02:30:09,660 --> 02:30:12,240
reverse shell running and we can execute
3808
02:30:12,240 --> 02:30:14,760
any commands we want and we can do
3809
02:30:14,760 --> 02:30:16,560
anything onto our met exploitable
3810
02:30:16,560 --> 02:30:19,020
machine so let me exit this since we are
3811
02:30:19,020 --> 02:30:20,640
not really interested in doing this over
3812
02:30:20,640 --> 02:30:22,880
terminal and let's start the new project
3813
02:30:22,880 --> 02:30:26,399
on SSH brute forcer
3814
02:30:26,399 --> 02:30:28,340
now of course I showed you an example
3815
02:30:28,340 --> 02:30:31,439
let me just open up my pycharm now of
3816
02:30:31,439 --> 02:30:33,660
course I showed you an example in which
3817
02:30:33,660 --> 02:30:35,340
we actually know the password to the
3818
02:30:35,340 --> 02:30:38,160
Target and in our program we want to
3819
02:30:38,160 --> 02:30:39,540
make sure that we do not know the
3820
02:30:39,540 --> 02:30:41,280
password and we will try multiple
3821
02:30:41,280 --> 02:30:43,500
passwords until we actually find the
3822
02:30:43,500 --> 02:30:46,439
correct one okay and then once we find
3823
02:30:46,439 --> 02:30:48,479
the correct one we will print it to the
3824
02:30:48,479 --> 02:30:51,300
screen found password and we will print
3825
02:30:51,300 --> 02:30:53,340
the username and the password for that
3826
02:30:53,340 --> 02:30:55,620
specific account
3827
02:30:55,620 --> 02:30:58,140
Now by default we will probably open up
3828
02:30:58,140 --> 02:30:59,819
our previous project which is going to
3829
02:30:59,819 --> 02:31:01,920
be the vulnerability scanner yeah here
3830
02:31:01,920 --> 02:31:05,040
it is but we want to as usual create a
3831
02:31:05,040 --> 02:31:07,560
new project which we will call the SSH
3832
02:31:07,560 --> 02:31:10,080
brute forcer so let's wait for all of
3833
02:31:10,080 --> 02:31:11,819
this to load up
3834
02:31:11,819 --> 02:31:14,280
okay so it loaded up let's go to the
3835
02:31:14,280 --> 02:31:15,600
file
3836
02:31:15,600 --> 02:31:18,500
new project
3837
02:31:19,439 --> 02:31:22,200
let's name the project to be SSH Brute
3838
02:31:22,200 --> 02:31:23,700
Force
3839
02:31:23,700 --> 02:31:26,460
click on create we want to create and
3840
02:31:26,460 --> 02:31:28,200
open the new project inside of this
3841
02:31:28,200 --> 02:31:30,380
window
3842
02:31:32,520 --> 02:31:34,560
let's wait for it to create the virtual
3843
02:31:34,560 --> 02:31:35,880
environment for us and all the
3844
02:31:35,880 --> 02:31:37,439
dependencies
3845
02:31:37,439 --> 02:31:39,420
and now we can simply just create our
3846
02:31:39,420 --> 02:31:43,140
python file by right clicking new python
3847
02:31:43,140 --> 02:31:48,180
file and let's call it SSH brute.py
3848
02:31:48,420 --> 02:31:50,460
easy to remember so
3849
02:31:50,460 --> 02:31:52,200
all we are going to do in this video
3850
02:31:52,200 --> 02:31:53,880
before we end it is we're going to
3851
02:31:53,880 --> 02:31:56,160
import the needed libraries for this
3852
02:31:56,160 --> 02:31:58,620
program to work
3853
02:31:58,620 --> 02:32:01,140
now let's type the import command and
3854
02:32:01,140 --> 02:32:03,359
the first library and the most important
3855
02:32:03,359 --> 02:32:05,399
library for this actual project is going
3856
02:32:05,399 --> 02:32:07,260
to be the paramico
3857
02:32:07,260 --> 02:32:09,960
Library we will use this library in
3858
02:32:09,960 --> 02:32:12,000
order to automate the process of
3859
02:32:12,000 --> 02:32:14,580
connecting to our SSH client so this
3860
02:32:14,580 --> 02:32:16,560
library has already pre-made functions
3861
02:32:16,560 --> 02:32:18,600
that we can use in order to make this
3862
02:32:18,600 --> 02:32:21,060
process shorter all right then we're
3863
02:32:21,060 --> 02:32:23,760
going to need assist Library the OS
3864
02:32:23,760 --> 02:32:25,859
Library
3865
02:32:25,859 --> 02:32:28,080
the socket library of course every time
3866
02:32:28,080 --> 02:32:30,720
we actually try to perform some some
3867
02:32:30,720 --> 02:32:32,939
tasks over the Internet we will most
3868
02:32:32,939 --> 02:32:35,160
likely use the socket library and we are
3869
02:32:35,160 --> 02:32:38,939
also going to use the term color Library
3870
02:32:38,939 --> 02:32:40,979
now you will notice that out of these
3871
02:32:40,979 --> 02:32:42,899
file libraries two are actually red
3872
02:32:42,899 --> 02:32:44,700
underlined which means we do not have
3873
02:32:44,700 --> 02:32:46,620
them installed inside our virtual
3874
02:32:46,620 --> 02:32:48,540
environment so let's install them we
3875
02:32:48,540 --> 02:32:51,000
already know how to do that we will open
3876
02:32:51,000 --> 02:32:53,160
up our terminal inside our pycharm and
3877
02:32:53,160 --> 02:32:55,560
type pip3 install and first let's go
3878
02:32:55,560 --> 02:32:58,020
with the paramico since paramico is
3879
02:32:58,020 --> 02:32:59,760
essential for this program to work while
3880
02:32:59,760 --> 02:33:01,979
as term color we don't really need but
3881
02:33:01,979 --> 02:33:04,920
it will make our program look nicer and
3882
02:33:04,920 --> 02:33:06,660
we can see it successfully installed
3883
02:33:06,660 --> 02:33:10,140
paramico and now let's pip3 install term
3884
02:33:10,140 --> 02:33:13,439
color alright so paper is return color
3885
02:33:13,439 --> 02:33:15,840
and this will finish in just a second
3886
02:33:15,840 --> 02:33:17,220
here it is
3887
02:33:17,220 --> 02:33:20,040
if I exit this terminal and go back to
3888
02:33:20,040 --> 02:33:21,120
my program
3889
02:33:21,120 --> 02:33:23,100
for some reason this is still red
3890
02:33:23,100 --> 02:33:24,780
underline not really sure why let's
3891
02:33:24,780 --> 02:33:27,060
start typing something maybe it will go
3892
02:33:27,060 --> 02:33:27,960
away
3893
02:33:27,960 --> 02:33:29,760
print
3894
02:33:29,760 --> 02:33:32,819
yeah it went away great so everything is
3895
02:33:32,819 --> 02:33:34,920
imported successfully and in the next
3896
02:33:34,920 --> 02:33:38,280
video we can start off with our brute
3897
02:33:38,280 --> 02:33:40,200
forcer hope I see you in the next
3898
02:33:40,200 --> 02:33:43,380
lecture and take care bye welcome back
3899
02:33:43,380 --> 02:33:45,420
everyone and let's continue with the
3900
02:33:45,420 --> 02:33:47,819
coding of our brute forcer you will
3901
02:33:47,819 --> 02:33:49,920
notice right away that we're going to
3902
02:33:49,920 --> 02:33:52,200
start it rather the same as our
3903
02:33:52,200 --> 02:33:54,120
vulnerability scanner by prompting the
3904
02:33:54,120 --> 02:33:55,979
users to input three different things
3905
02:33:55,979 --> 02:33:57,600
that we are going to store into three
3906
02:33:57,600 --> 02:33:59,340
different variables and use throughout
3907
02:33:59,340 --> 02:34:00,420
our program
3908
02:34:00,420 --> 02:34:02,399
now two of those three things are going
3909
02:34:02,399 --> 02:34:04,080
to be the exact same as in our
3910
02:34:04,080 --> 02:34:06,300
vulnerability scanner and the third one
3911
02:34:06,300 --> 02:34:08,460
is going to be the username for the sh
3912
02:34:08,460 --> 02:34:11,100
account so first thing we're going to
3913
02:34:11,100 --> 02:34:13,500
prompt the user is to enter the host so
3914
02:34:13,500 --> 02:34:15,780
the actual IP address to the Target that
3915
02:34:15,780 --> 02:34:17,880
they want to connect to so we're going
3916
02:34:17,880 --> 02:34:21,180
to type it right here input
3917
02:34:21,180 --> 02:34:24,080
and let's add
3918
02:34:24,120 --> 02:34:25,560
plus sign
3919
02:34:25,560 --> 02:34:29,040
and then Target address
3920
02:34:29,040 --> 02:34:31,020
so the user can specify the target
3921
02:34:31,020 --> 02:34:32,040
address
3922
02:34:32,040 --> 02:34:33,899
the second thing that we are going to
3923
02:34:33,899 --> 02:34:35,880
need is going to be the username for the
3924
02:34:35,880 --> 02:34:37,260
account that we are trying to Brute
3925
02:34:37,260 --> 02:34:39,600
Force which in our case if you're using
3926
02:34:39,600 --> 02:34:41,399
that exploitable as I am is going to be
3927
02:34:41,399 --> 02:34:44,160
msf admin all right so we're going to
3928
02:34:44,160 --> 02:34:46,020
input
3929
02:34:46,020 --> 02:34:48,060
right here
3930
02:34:48,060 --> 02:34:50,640
at the plus sign once again and Sh
3931
02:34:50,640 --> 02:34:52,859
username
3932
02:34:52,859 --> 02:34:54,420
and the last thing that we want to
3933
02:34:54,420 --> 02:34:57,359
prompt to the user is to input the file
3934
02:34:57,359 --> 02:34:59,700
or the file name from which we are going
3935
02:34:59,700 --> 02:35:01,319
to read the passwords
3936
02:35:01,319 --> 02:35:04,859
all right so input file let's call it
3937
02:35:04,859 --> 02:35:09,000
like that and we're going to type input
3938
02:35:09,000 --> 02:35:12,859
single quotes plus sign and then
3939
02:35:12,859 --> 02:35:15,840
passwords file
3940
02:35:15,840 --> 02:35:18,660
alright so simple as that once the user
3941
02:35:18,660 --> 02:35:21,000
specifies all of these three things we
3942
02:35:21,000 --> 02:35:22,859
are ready to start running our program
3943
02:35:22,859 --> 02:35:24,720
the first thing that we're going to take
3944
02:35:24,720 --> 02:35:26,460
a look at is whether the username
3945
02:35:26,460 --> 02:35:28,380
specified the actual password file
3946
02:35:28,380 --> 02:35:30,960
correctly and we're going to do that
3947
02:35:30,960 --> 02:35:33,540
using the OS Library so we're going to
3948
02:35:33,540 --> 02:35:35,520
see whether this file actually exists if
3949
02:35:35,520 --> 02:35:37,260
it doesn't exist
3950
02:35:37,260 --> 02:35:39,840
we're going to print to the user file
3951
02:35:39,840 --> 02:35:42,720
doesn't exist okay so now in order to
3952
02:35:42,720 --> 02:35:44,160
actually do that we're going to use an
3953
02:35:44,160 --> 02:35:47,160
if statement and we're going to call the
3954
02:35:47,160 --> 02:35:50,399
OS library with the path and Dot exists
3955
02:35:50,399 --> 02:35:51,680
now this
3956
02:35:51,680 --> 02:35:53,640
os.path.exists will check for a
3957
02:35:53,640 --> 02:35:56,160
specified path whether that path simply
3958
02:35:56,160 --> 02:35:58,439
exists or not basically it performs the
3959
02:35:58,439 --> 02:36:01,020
same thing as its name says so
3960
02:36:01,020 --> 02:36:04,020
os.path.exists
3961
02:36:04,080 --> 02:36:06,479
and in the brackets we specify the
3962
02:36:06,479 --> 02:36:08,580
actual path to the file so in our case
3963
02:36:08,580 --> 02:36:11,340
that will be input file
3964
02:36:11,340 --> 02:36:14,460
and if it equals equals to false since
3965
02:36:14,460 --> 02:36:16,260
this actual function will return true
3966
02:36:16,260 --> 02:36:18,899
and false true if the file exists and
3967
02:36:18,899 --> 02:36:21,240
false if it doesn't exist so in this
3968
02:36:21,240 --> 02:36:23,040
case if it doesn't exist we're going to
3969
02:36:23,040 --> 02:36:25,340
print
3970
02:36:28,859 --> 02:36:33,120
that file doesn't exist and we also want
3971
02:36:33,120 --> 02:36:34,859
to make sure that we already here slash
3972
02:36:34,859 --> 02:36:37,920
path in case the user specifies path and
3973
02:36:37,920 --> 02:36:39,540
not just the file name
3974
02:36:39,540 --> 02:36:41,819
and then we're going to use the sys
3975
02:36:41,819 --> 02:36:43,920
library in order to exit the program
3976
02:36:43,920 --> 02:36:47,040
with number one so sys.exits in case
3977
02:36:47,040 --> 02:36:49,020
that file doesn't exist so the user can
3978
02:36:49,020 --> 02:36:51,120
actually rerun the program and specify
3979
02:36:51,120 --> 02:36:53,640
the correct file right now that we did
3980
02:36:53,640 --> 02:36:55,800
all of this we need to actually proceed
3981
02:36:55,800 --> 02:36:58,319
with the main part of the program which
3982
02:36:58,319 --> 02:36:59,939
is going to be the comparison of the
3983
02:36:59,939 --> 02:37:02,460
passwords with the SSH client so in
3984
02:37:02,460 --> 02:37:04,140
order to do that we're going to have to
3985
02:37:04,140 --> 02:37:06,780
open file first and to open this
3986
02:37:06,780 --> 02:37:08,520
password file we simply just use the
3987
02:37:08,520 --> 02:37:09,899
same thing as from the vulnerability
3988
02:37:09,899 --> 02:37:12,300
scanner which is the statement with open
3989
02:37:12,300 --> 02:37:15,120
and then we specify the file name in our
3990
02:37:15,120 --> 02:37:17,280
case it is stored inside the input file
3991
02:37:17,280 --> 02:37:19,620
variable and then we open it up for
3992
02:37:19,620 --> 02:37:22,140
reading once we do that we simply create
3993
02:37:22,140 --> 02:37:24,720
the file descriptor name which is going
3994
02:37:24,720 --> 02:37:27,899
to be just file and then we check
3995
02:37:27,899 --> 02:37:30,960
all the passwords line by line so for
3996
02:37:30,960 --> 02:37:32,220
each line
3997
02:37:32,220 --> 02:37:35,280
in file.redlines and keep in mind that
3998
02:37:35,280 --> 02:37:38,220
you need to use readline with s and
3999
02:37:38,220 --> 02:37:40,500
there is also read line but read line
4000
02:37:40,500 --> 02:37:42,960
will only read character one by one and
4001
02:37:42,960 --> 02:37:44,760
we want to make sure we use read line so
4002
02:37:44,760 --> 02:37:47,460
we read line by line all right
4003
02:37:47,460 --> 02:37:49,920
once it reads the line that line will be
4004
02:37:49,920 --> 02:37:52,260
a password and we're going to set it so
4005
02:37:52,260 --> 02:37:54,180
password equals
4006
02:37:54,180 --> 02:37:57,120
line and that line we want to strip out
4007
02:37:57,120 --> 02:37:59,340
any character that we don't need for
4008
02:37:59,340 --> 02:38:01,439
example the new line character we don't
4009
02:38:01,439 --> 02:38:03,420
really need it inside of the string so
4010
02:38:03,420 --> 02:38:04,920
we're going to strip any unnecessary
4011
02:38:04,920 --> 02:38:06,780
thing and store it in a new variable
4012
02:38:06,780 --> 02:38:08,580
that we just created which is going to
4013
02:38:08,580 --> 02:38:11,640
be called password all right once we
4014
02:38:11,640 --> 02:38:14,100
have the password ready to test then we
4015
02:38:14,100 --> 02:38:16,020
can simply just try to connect with that
4016
02:38:16,020 --> 02:38:18,060
password
4017
02:38:18,060 --> 02:38:20,100
and in order to do that we're going to
4018
02:38:20,100 --> 02:38:23,580
use a function SSH underscore whoops SSH
4019
02:38:23,580 --> 02:38:25,979
underscore connect
4020
02:38:25,979 --> 02:38:29,340
with this specified password now you
4021
02:38:29,340 --> 02:38:31,979
might notice right away that this is red
4022
02:38:31,979 --> 02:38:34,380
underline and the reason why this thread
4023
02:38:34,380 --> 02:38:36,240
underline is because this function
4024
02:38:36,240 --> 02:38:38,160
doesn't even exist
4025
02:38:38,160 --> 02:38:39,899
now you might be asking why are we using
4026
02:38:39,899 --> 02:38:41,520
it if it doesn't exist well we're going
4027
02:38:41,520 --> 02:38:43,740
to code it in the next video and inside
4028
02:38:43,740 --> 02:38:45,540
of this function we're going to use the
4029
02:38:45,540 --> 02:38:47,580
paramico library in order to automate
4030
02:38:47,580 --> 02:38:50,399
the SSH connection to the Target all
4031
02:38:50,399 --> 02:38:52,260
right so that would be about it for this
4032
02:38:52,260 --> 02:38:54,780
tutorial and I will see you in the next
4033
02:38:54,780 --> 02:38:57,840
lecture bye welcome back everyone and
4034
02:38:57,840 --> 02:38:59,700
right now we are ready to start coding
4035
02:38:59,700 --> 02:39:02,460
our sh connect function in the previous
4036
02:39:02,460 --> 02:39:04,979
video we coded all of this so this is
4037
02:39:04,979 --> 02:39:06,479
just the base part of the program where
4038
02:39:06,479 --> 02:39:09,000
we ask for some uh imported information
4039
02:39:09,000 --> 02:39:10,740
then we check whether that information
4040
02:39:10,740 --> 02:39:13,800
is correct and then we continue with the
4041
02:39:13,800 --> 02:39:15,899
actual brute forcing right now we are
4042
02:39:15,899 --> 02:39:17,520
going to call the sh connect function
4043
02:39:17,520 --> 02:39:19,560
and let's do it at the beginning of the
4044
02:39:19,560 --> 02:39:21,240
program we're going to Define it first
4045
02:39:21,240 --> 02:39:23,750
Define SSH underscore connect
4046
02:39:23,750 --> 02:39:25,140
[Music]
4047
02:39:25,140 --> 02:39:27,060
and this function will actually take two
4048
02:39:27,060 --> 02:39:29,340
parameters one of them is going to be
4049
02:39:29,340 --> 02:39:31,560
the password which we specified right
4050
02:39:31,560 --> 02:39:33,359
here and the other one we're going to
4051
02:39:33,359 --> 02:39:35,520
actually declare right here in the
4052
02:39:35,520 --> 02:39:37,020
brackets and we're going to call it code
4053
02:39:37,020 --> 02:39:40,200
to be equal to zero what this means when
4054
02:39:40,200 --> 02:39:42,000
you simply specify code to be equal to
4055
02:39:42,000 --> 02:39:44,580
zero is in case we don't really specify
4056
02:39:44,580 --> 02:39:46,680
anything as a second parameter right
4057
02:39:46,680 --> 02:39:48,600
here in this line that means that this
4058
02:39:48,600 --> 02:39:50,460
code parameter will automatically be set
4059
02:39:50,460 --> 02:39:53,100
to zero all right and we want it like
4060
02:39:53,100 --> 02:39:55,500
that so let's add two dots right here
4061
02:39:55,500 --> 02:39:57,180
and start coding the part of the
4062
02:39:57,180 --> 02:39:58,979
function first of all we need to create
4063
02:39:58,979 --> 02:40:00,660
a variable which is going to be called
4064
02:40:00,660 --> 02:40:03,600
SSH and that variable will be equal to
4065
02:40:03,600 --> 02:40:05,060
parametical
4066
02:40:05,060 --> 02:40:07,560
dot sh client
4067
02:40:07,560 --> 02:40:09,720
so we're going to use this sh client
4068
02:40:09,720 --> 02:40:11,100
function in order to declare this
4069
02:40:11,100 --> 02:40:12,000
variable
4070
02:40:12,000 --> 02:40:13,680
and then we're going to use this
4071
02:40:13,680 --> 02:40:14,640
variable
4072
02:40:14,640 --> 02:40:18,479
to set missing host key policy so this
4073
02:40:18,479 --> 02:40:20,460
is a long function as you can see you
4074
02:40:20,460 --> 02:40:22,260
can simply just tab it to auto complete
4075
02:40:22,260 --> 02:40:24,720
it once the pycharm outputs it as a
4076
02:40:24,720 --> 02:40:26,399
possible function to use so we're going
4077
02:40:26,399 --> 02:40:28,939
to type as Sage set musicowski policy
4078
02:40:28,939 --> 02:40:31,620
and right here we need to specify
4079
02:40:31,620 --> 02:40:33,120
paramico
4080
02:40:33,120 --> 02:40:36,780
dot Auto add
4081
02:40:36,780 --> 02:40:40,560
policy and this is also function so this
4082
02:40:40,560 --> 02:40:42,479
is just some basic two lines that we
4083
02:40:42,479 --> 02:40:44,640
need to set before we try to connect to
4084
02:40:44,640 --> 02:40:48,899
the SSH client and right after it comes
4085
02:40:48,899 --> 02:40:50,880
the connect part which we will try with
4086
02:40:50,880 --> 02:40:54,560
the try and accept statement
4087
02:40:56,340 --> 02:40:58,260
similar thing that we did with our Port
4088
02:40:58,260 --> 02:40:59,760
scanner we're going to do right here
4089
02:40:59,760 --> 02:41:01,620
we're going to try to connect inside
4090
02:41:01,620 --> 02:41:03,780
this try statement and in the accept
4091
02:41:03,780 --> 02:41:05,819
statement we're going to print that the
4092
02:41:05,819 --> 02:41:08,700
password was incorrect all right so
4093
02:41:08,700 --> 02:41:10,920
right here in the try statement we're
4094
02:41:10,920 --> 02:41:14,760
going to type SSH dot connect
4095
02:41:14,760 --> 02:41:17,760
we're going to connect onto the host and
4096
02:41:17,760 --> 02:41:19,439
keep in mind that the host is this
4097
02:41:19,439 --> 02:41:21,479
variable right here which stores the IP
4098
02:41:21,479 --> 02:41:23,580
address that the user specifies
4099
02:41:23,580 --> 02:41:27,060
we want to connect over the port 22
4100
02:41:27,060 --> 02:41:29,460
because the port 22 is a regular port
4101
02:41:29,460 --> 02:41:31,140
for the SSH
4102
02:41:31,140 --> 02:41:33,960
we want to set the username to be equal
4103
02:41:33,960 --> 02:41:35,399
to username
4104
02:41:35,399 --> 02:41:37,620
which once again is this variable right
4105
02:41:37,620 --> 02:41:38,520
here
4106
02:41:38,520 --> 02:41:40,680
and we want to set the last thing which
4107
02:41:40,680 --> 02:41:42,899
is going to be the password to be equal
4108
02:41:42,899 --> 02:41:44,520
to password
4109
02:41:44,520 --> 02:41:47,340
which we pasted right here as a
4110
02:41:47,340 --> 02:41:48,359
parameter
4111
02:41:48,359 --> 02:41:51,300
so it is going to get stored from here
4112
02:41:51,300 --> 02:41:54,000
to here all right so this connect
4113
02:41:54,000 --> 02:41:56,340
function that comes with the parameter
4114
02:41:56,340 --> 02:41:59,640
library has four parameters the IP
4115
02:41:59,640 --> 02:42:02,280
address the port number the username and
4116
02:42:02,280 --> 02:42:04,800
the password and this is all that we are
4117
02:42:04,800 --> 02:42:06,000
going to do right here in the try
4118
02:42:06,000 --> 02:42:08,280
statement in the accept statement we're
4119
02:42:08,280 --> 02:42:10,200
going to check for an error which is
4120
02:42:10,200 --> 02:42:13,460
going to be called paramico
4121
02:42:13,460 --> 02:42:16,380
authentication exception which simply
4122
02:42:16,380 --> 02:42:18,840
just stands for if the password is was
4123
02:42:18,840 --> 02:42:20,760
incorrect we're going to perform this
4124
02:42:20,760 --> 02:42:22,319
part of the code so if the
4125
02:42:22,319 --> 02:42:23,939
authentication didn't manage to go
4126
02:42:23,939 --> 02:42:25,979
through that means we specified the
4127
02:42:25,979 --> 02:42:28,140
incorrect password and therefore we're
4128
02:42:28,140 --> 02:42:30,300
going to set the code parameter which
4129
02:42:30,300 --> 02:42:32,100
remember is the second parameter to our
4130
02:42:32,100 --> 02:42:35,960
function to be equal to one
4131
02:42:36,060 --> 02:42:38,160
and in the last case which is going to
4132
02:42:38,160 --> 02:42:40,560
be another accept statement we're going
4133
02:42:40,560 --> 02:42:42,240
to set right here
4134
02:42:42,240 --> 02:42:43,800
accept
4135
02:42:43,800 --> 02:42:46,439
socket error
4136
02:42:46,439 --> 02:42:48,720
as e
4137
02:42:48,720 --> 02:42:50,939
we're going to set the code to be equal
4138
02:42:50,939 --> 02:42:52,620
to 2.
4139
02:42:52,620 --> 02:42:54,660
and before I explain this try and except
4140
02:42:54,660 --> 02:42:56,160
once again let me just type here as
4141
02:42:56,160 --> 02:42:59,340
sage.close once we finish everything and
4142
02:42:59,340 --> 02:43:01,800
we want to return the code from this
4143
02:43:01,800 --> 02:43:03,060
function
4144
02:43:03,060 --> 02:43:05,160
so let's go through it once again we
4145
02:43:05,160 --> 02:43:07,800
declare the sh client we add the auto
4146
02:43:07,800 --> 02:43:10,080
add policy these are two standard lines
4147
02:43:10,080 --> 02:43:12,240
before we try to connect then we try to
4148
02:43:12,240 --> 02:43:14,280
connect to the Target if we manage to
4149
02:43:14,280 --> 02:43:16,319
connect with the password then the
4150
02:43:16,319 --> 02:43:17,939
second parameter which is called will
4151
02:43:17,939 --> 02:43:20,819
remain zero if we specify wrong password
4152
02:43:20,819 --> 02:43:23,580
the code will be changed to 1 and if
4153
02:43:23,580 --> 02:43:25,140
there is any error during the connection
4154
02:43:25,140 --> 02:43:27,240
for example we cannot connect to the
4155
02:43:27,240 --> 02:43:29,520
Target because it is offline then the
4156
02:43:29,520 --> 02:43:33,479
code will be 2. therefore once we return
4157
02:43:33,479 --> 02:43:36,060
the code and we check it then we will
4158
02:43:36,060 --> 02:43:38,399
know which password is correct and which
4159
02:43:38,399 --> 02:43:40,859
password isn't correct all right so
4160
02:43:40,859 --> 02:43:42,600
we're going to finish that in the next
4161
02:43:42,600 --> 02:43:45,120
tutorial for now on we got our function
4162
02:43:45,120 --> 02:43:47,520
ready and before I finish off this
4163
02:43:47,520 --> 02:43:50,280
lecture I will just add right here that
4164
02:43:50,280 --> 02:43:53,280
the response is going to be equal to sh
4165
02:43:53,280 --> 02:43:55,439
connect with the password
4166
02:43:55,439 --> 02:43:57,720
the reason for that is since we are
4167
02:43:57,720 --> 02:43:59,939
returning the code from our function we
4168
02:43:59,939 --> 02:44:01,680
want to store the result inside of a
4169
02:44:01,680 --> 02:44:03,600
response variable therefore this
4170
02:44:03,600 --> 02:44:05,880
response variable will contain the value
4171
02:44:05,880 --> 02:44:10,319
of the code whether it is 0 1 or 2 all
4172
02:44:10,319 --> 02:44:12,180
right so simple as that and let's
4173
02:44:12,180 --> 02:44:14,220
continue in the next tutorial hope I see
4174
02:44:14,220 --> 02:44:16,740
you there and take care bye
4175
02:44:16,740 --> 02:44:19,319
welcome back let's wrap up our program
4176
02:44:19,319 --> 02:44:21,479
and run it for a test
4177
02:44:21,479 --> 02:44:23,460
so there are a few things that we
4178
02:44:23,460 --> 02:44:25,020
actually need to finish before we do
4179
02:44:25,020 --> 02:44:27,600
that for now on we got the main part of
4180
02:44:27,600 --> 02:44:28,979
the program ready which is the connect
4181
02:44:28,979 --> 02:44:31,319
function we used up all of these four
4182
02:44:31,319 --> 02:44:33,660
libraries and we are just now going to
4183
02:44:33,660 --> 02:44:36,359
use the term color Library as well and
4184
02:44:36,359 --> 02:44:38,880
we also managed to open the file read
4185
02:44:38,880 --> 02:44:41,220
the password from the file and now we
4186
02:44:41,220 --> 02:44:43,439
need to compare the actual code that we
4187
02:44:43,439 --> 02:44:46,140
return from the response
4188
02:44:46,140 --> 02:44:48,540
and see whether that password is correct
4189
02:44:48,540 --> 02:44:52,140
or not all right so the last line is US
4190
02:44:52,140 --> 02:44:54,479
returning the code and storing it in the
4191
02:44:54,479 --> 02:44:56,700
response variable so let's think about
4192
02:44:56,700 --> 02:44:59,700
what we need to do after it well we need
4193
02:44:59,700 --> 02:45:02,580
to compare the actual response with 0 1
4194
02:45:02,580 --> 02:45:05,040
and 2 simple as that
4195
02:45:05,040 --> 02:45:07,380
so in the try statement we are first of
4196
02:45:07,380 --> 02:45:10,560
all going to compare if response equals
4197
02:45:10,560 --> 02:45:13,740
equals to zero that means let's check it
4198
02:45:13,740 --> 02:45:17,460
out first but zero means well since 0 is
4199
02:45:17,460 --> 02:45:19,680
a parameter that is already set by
4200
02:45:19,680 --> 02:45:22,260
default or the code is parameter that is
4201
02:45:22,260 --> 02:45:23,880
already set by default to be equal to
4202
02:45:23,880 --> 02:45:26,520
zero and we do not change it if we
4203
02:45:26,520 --> 02:45:28,680
manage to connect that means that 0
4204
02:45:28,680 --> 02:45:31,680
equals successful connection so we're
4205
02:45:31,680 --> 02:45:35,180
going to print found password
4206
02:45:37,439 --> 02:45:41,100
let's print it like this so inside we
4207
02:45:41,100 --> 02:45:42,840
are going to add the plus sign
4208
02:45:42,840 --> 02:45:44,040
found
4209
02:45:44,040 --> 02:45:46,560
password
4210
02:45:46,560 --> 02:45:49,020
two dots and then let's add the password
4211
02:45:49,020 --> 02:45:51,720
as a string
4212
02:45:51,720 --> 02:45:54,840
and let's also add for which account we
4213
02:45:54,840 --> 02:45:56,340
managed to find the password so for
4214
02:45:56,340 --> 02:45:58,700
account
4215
02:45:58,800 --> 02:46:01,319
and then let's also add Plus
4216
02:46:01,319 --> 02:46:03,660
username all right
4217
02:46:03,660 --> 02:46:06,120
and let me just move this a little bit
4218
02:46:06,120 --> 02:46:08,520
to the side so everything can fit inside
4219
02:46:08,520 --> 02:46:11,580
of our screen and now there is the part
4220
02:46:11,580 --> 02:46:13,920
where we can use term card library and
4221
02:46:13,920 --> 02:46:15,899
what term color Library allows us to do
4222
02:46:15,899 --> 02:46:18,180
is to print the statements in different
4223
02:46:18,180 --> 02:46:19,319
colors
4224
02:46:19,319 --> 02:46:21,420
that's what I meant when I mentioned
4225
02:46:21,420 --> 02:46:22,859
that it is not needed inside of this
4226
02:46:22,859 --> 02:46:24,479
program but it will make it look a
4227
02:46:24,479 --> 02:46:26,700
little bit prettier so inside of the
4228
02:46:26,700 --> 02:46:28,439
print statement we're going to Define
4229
02:46:28,439 --> 02:46:30,180
term color
4230
02:46:30,180 --> 02:46:32,939
and then dot colored which is the actual
4231
02:46:32,939 --> 02:46:34,620
function that we need to use
4232
02:46:34,620 --> 02:46:38,460
open up two brackets right here
4233
02:46:38,460 --> 02:46:40,680
and in the first bracket we're going to
4234
02:46:40,680 --> 02:46:43,200
type the actual print statement which is
4235
02:46:43,200 --> 02:46:44,700
this thing
4236
02:46:44,700 --> 02:46:47,040
let us go to the site
4237
02:46:47,040 --> 02:46:49,800
so here we close the first bracket then
4238
02:46:49,800 --> 02:46:52,319
we need to add the comma and in between
4239
02:46:52,319 --> 02:46:54,300
the single quotes here we specify in
4240
02:46:54,300 --> 02:46:56,460
which color we want to print let's say
4241
02:46:56,460 --> 02:46:58,800
we want to print in green color
4242
02:46:58,800 --> 02:47:00,960
as we successfully managed to connect so
4243
02:47:00,960 --> 02:47:02,880
it will be green and then we need to
4244
02:47:02,880 --> 02:47:04,859
close the first bracket which is going
4245
02:47:04,859 --> 02:47:06,540
to be the bracket to the term color
4246
02:47:06,540 --> 02:47:08,819
function and now the second bracket
4247
02:47:08,819 --> 02:47:10,500
which is going to be the bracket to the
4248
02:47:10,500 --> 02:47:12,120
print statement
4249
02:47:12,120 --> 02:47:14,220
so let's check if we have the right
4250
02:47:14,220 --> 02:47:16,920
amount of brackets one bracket two
4251
02:47:16,920 --> 02:47:19,620
bracket three brackets and three close
4252
02:47:19,620 --> 02:47:21,660
brackets all right so everything seems
4253
02:47:21,660 --> 02:47:22,800
to be good
4254
02:47:22,800 --> 02:47:26,160
now let's go down here if we manage to
4255
02:47:26,160 --> 02:47:28,260
find the password let me just move this
4256
02:47:28,260 --> 02:47:31,399
so we can see entire code
4257
02:47:35,880 --> 02:47:38,160
if we manage to find the password
4258
02:47:38,160 --> 02:47:40,680
then we can break out of this program
4259
02:47:40,680 --> 02:47:42,899
since we don't really need to test
4260
02:47:42,899 --> 02:47:45,720
anymore we managed to find it in case we
4261
02:47:45,720 --> 02:47:46,800
don't manage
4262
02:47:46,800 --> 02:47:49,680
which will be the else if statement or
4263
02:47:49,680 --> 02:47:54,060
else if response equals equals to one
4264
02:47:54,060 --> 02:47:57,720
then we will simply just print incorrect
4265
02:47:57,720 --> 02:48:00,780
login and we're going to add the
4266
02:48:00,780 --> 02:48:03,240
password so we can see which password is
4267
02:48:03,240 --> 02:48:06,660
incorrect and the last case which is if
4268
02:48:06,660 --> 02:48:08,100
the response
4269
02:48:08,100 --> 02:48:10,200
is equal to 2
4270
02:48:10,200 --> 02:48:14,340
then we're going to print simply just
4271
02:48:14,340 --> 02:48:17,100
let's print it like this
4272
02:48:17,100 --> 02:48:20,880
and let's print can't connect
4273
02:48:20,880 --> 02:48:22,859
as an error so we didn't manage to
4274
02:48:22,859 --> 02:48:24,899
connect possibly the target is offline
4275
02:48:24,899 --> 02:48:27,540
and after it we want to see us exit the
4276
02:48:27,540 --> 02:48:29,520
program since we didn't manage to
4277
02:48:29,520 --> 02:48:31,020
connect there is nothing really more to
4278
02:48:31,020 --> 02:48:34,260
test right here and after it as the
4279
02:48:34,260 --> 02:48:36,540
accept statement we want to print any
4280
02:48:36,540 --> 02:48:38,880
other exception in case there is some
4281
02:48:38,880 --> 02:48:40,500
exception that we didn't cover such as
4282
02:48:40,500 --> 02:48:43,080
connection wrong password or didn't
4283
02:48:43,080 --> 02:48:45,000
manage to connect we want to print it
4284
02:48:45,000 --> 02:48:47,819
right here so accept exception
4285
02:48:47,819 --> 02:48:49,859
as e
4286
02:48:49,859 --> 02:48:53,220
we want to print that exception so print
4287
02:48:53,220 --> 02:48:57,060
e and then we can pass
4288
02:48:57,060 --> 02:48:59,399
since this actual exception can occur
4289
02:48:59,399 --> 02:49:01,740
only in one password therefore we don't
4290
02:49:01,740 --> 02:49:03,180
really want to break out of the program
4291
02:49:03,180 --> 02:49:05,760
we want to print that exception and
4292
02:49:05,760 --> 02:49:08,580
possibly go on to the next password okay
4293
02:49:08,580 --> 02:49:10,800
so this is the entire program
4294
02:49:10,800 --> 02:49:12,840
let's see if there is anything that we
4295
02:49:12,840 --> 02:49:15,359
didn't code let's delete this empty
4296
02:49:15,359 --> 02:49:17,880
space right here we used up all the
4297
02:49:17,880 --> 02:49:20,399
libraries that's been imported this is
4298
02:49:20,399 --> 02:49:22,080
the part of the program well we'll check
4299
02:49:22,080 --> 02:49:25,260
for the password and this is the actual
4300
02:49:25,260 --> 02:49:27,120
connection part of the program alright
4301
02:49:27,120 --> 02:49:29,399
so let's test it up we're going to open
4302
02:49:29,399 --> 02:49:31,140
up our terminal
4303
02:49:31,140 --> 02:49:33,300
enlarge everything so we can see it
4304
02:49:33,300 --> 02:49:34,979
better
4305
02:49:34,979 --> 02:49:37,020
and before we actually test it you might
4306
02:49:37,020 --> 02:49:39,060
notice that we're missing one thing and
4307
02:49:39,060 --> 02:49:41,580
that thing is going to be the passwords
4308
02:49:41,580 --> 02:49:44,640
list now once again for this for the
4309
02:49:44,640 --> 02:49:46,200
purposes of this tutorial I'm going to
4310
02:49:46,200 --> 02:49:48,120
create a small password list with around
4311
02:49:48,120 --> 02:49:50,640
10 passwords but if you were to perform
4312
02:49:50,640 --> 02:49:52,859
a real life attack you would actually
4313
02:49:52,859 --> 02:49:55,080
use a lot bigger password with possibly
4314
02:49:55,080 --> 02:49:57,000
tens of thousands or hundreds of
4315
02:49:57,000 --> 02:49:59,760
thousand passwords and see which one is
4316
02:49:59,760 --> 02:50:02,160
correct if you manage to find it
4317
02:50:02,160 --> 02:50:04,140
now of course in the bonus videos I will
4318
02:50:04,140 --> 02:50:05,520
leave a video where I will show you
4319
02:50:05,520 --> 02:50:07,319
where you can actually download some of
4320
02:50:07,319 --> 02:50:08,819
the bigger password lists that are used
4321
02:50:08,819 --> 02:50:10,859
for real life attacks but right now
4322
02:50:10,859 --> 02:50:12,479
we're going to test it on a small
4323
02:50:12,479 --> 02:50:14,520
password list that we're going to create
4324
02:50:14,520 --> 02:50:18,560
so let's go right here right click
4325
02:50:20,220 --> 02:50:23,580
right click right here new and we want
4326
02:50:23,580 --> 02:50:26,040
well we don't want that we want to go
4327
02:50:26,040 --> 02:50:29,520
once again a new new file just a regular
4328
02:50:29,520 --> 02:50:33,420
file and let's call it passwords.txt
4329
02:50:33,420 --> 02:50:35,640
and let's add some random passwords such
4330
02:50:35,640 --> 02:50:38,899
as for example hello world
4331
02:50:39,300 --> 02:50:40,859
one two three
4332
02:50:40,859 --> 02:50:44,220
five four three two one password one two
4333
02:50:44,220 --> 02:50:45,960
three
4334
02:50:45,960 --> 02:50:50,060
let's type in another password
4335
02:50:50,520 --> 02:50:54,359
test four three two one let's add a real
4336
02:50:54,359 --> 02:50:56,160
password right now so we can see whether
4337
02:50:56,160 --> 02:50:58,920
it works which is msf admin and let's
4338
02:50:58,920 --> 02:51:01,920
add two more passwords so so root and
4339
02:51:01,920 --> 02:51:05,160
root one two three why not so we have
4340
02:51:05,160 --> 02:51:06,240
around
4341
02:51:06,240 --> 02:51:08,340
nine passwords so let's add one more so
4342
02:51:08,340 --> 02:51:10,380
we can Circle it to ten one two three
4343
02:51:10,380 --> 02:51:13,620
four five six seven eight nine and this
4344
02:51:13,620 --> 02:51:15,899
is our password list all right so let's
4345
02:51:15,899 --> 02:51:17,340
test our program
4346
02:51:17,340 --> 02:51:19,740
we have our terminal open
4347
02:51:19,740 --> 02:51:22,620
we zoomed everything in now let's go to
4348
02:51:22,620 --> 02:51:25,800
the pie charm let's go to the
4349
02:51:25,800 --> 02:51:29,939
sh brute force and right here we want to
4350
02:51:29,939 --> 02:51:33,600
run the sh blue.py so Python 3 SSH root
4351
02:51:33,600 --> 02:51:35,100
Dot py
4352
02:51:35,100 --> 02:51:37,859
we have somewhere invalid syntax so
4353
02:51:37,859 --> 02:51:39,920
let's see where that is file.redlines
4354
02:51:39,920 --> 02:51:42,660
this is somewhere down here
4355
02:51:42,660 --> 02:51:45,479
four line in file.readlines and at the
4356
02:51:45,479 --> 02:51:47,160
end of the fourth statement we need to
4357
02:51:47,160 --> 02:51:50,040
specify two dots therefore this didn't
4358
02:51:50,040 --> 02:51:53,780
work let's test it once again
4359
02:51:54,240 --> 02:51:57,080
Target address we specify
4360
02:51:57,080 --> 02:51:59,939
192.168.1.3 and once again in order to
4361
02:51:59,939 --> 02:52:01,680
check out the IP address of your target
4362
02:52:01,680 --> 02:52:03,359
machine
4363
02:52:03,359 --> 02:52:06,660
you simply just type ifconfig inside of
4364
02:52:06,660 --> 02:52:08,399
your met exploitable and you will get
4365
02:52:08,399 --> 02:52:12,319
the inet address right here which is
4366
02:52:12,319 --> 02:52:15,000
192.168.1.3 in my case in your case it
4367
02:52:15,000 --> 02:52:16,620
will most likely be something different
4368
02:52:16,620 --> 02:52:18,960
so don't specify the same thing right
4369
02:52:18,960 --> 02:52:21,359
here okay so now that specify this press
4370
02:52:21,359 --> 02:52:23,819
enter the SSH username for the Met
4371
02:52:23,819 --> 02:52:27,180
splitable is msf admin now you can
4372
02:52:27,180 --> 02:52:29,040
perform this attack if you want to
4373
02:52:29,040 --> 02:52:31,560
practice after this on a root account on
4374
02:52:31,560 --> 02:52:33,840
metasploitable with a big password list
4375
02:52:33,840 --> 02:52:35,880
that you can download online and see
4376
02:52:35,880 --> 02:52:37,979
whether you can crack the root as Sage
4377
02:52:37,979 --> 02:52:40,439
account on the met exploitable so asset
4378
02:52:40,439 --> 02:52:42,899
username msf admin and passwords file
4379
02:52:42,899 --> 02:52:45,140
will be
4380
02:52:45,140 --> 02:52:48,180
passwords.txt press here enter
4381
02:52:48,180 --> 02:52:50,939
and let's see whether this will work as
4382
02:52:50,939 --> 02:52:53,939
you can see first password is incorrect
4383
02:52:53,939 --> 02:52:56,220
second password incorrect third and
4384
02:52:56,220 --> 02:52:58,800
fourth are also Incorrect and let's see
4385
02:52:58,800 --> 02:53:00,420
what happens once we get to the msf
4386
02:53:00,420 --> 02:53:02,520
admin
4387
02:53:02,520 --> 02:53:05,520
and here it is found password msf admin
4388
02:53:05,520 --> 02:53:07,740
for account msf admin
4389
02:53:07,740 --> 02:53:09,479
then it exited out of the program
4390
02:53:09,479 --> 02:53:11,520
because there is no point in testing out
4391
02:53:11,520 --> 02:53:13,080
other passwords
4392
02:53:13,080 --> 02:53:15,180
so all we need to do in order to fix
4393
02:53:15,180 --> 02:53:16,620
this
4394
02:53:16,620 --> 02:53:18,479
so it can look a little bit prettier is
4395
02:53:18,479 --> 02:53:20,220
we want to
4396
02:53:20,220 --> 02:53:24,300
print right here right after the
4397
02:53:24,300 --> 02:53:26,399
input file we want to print the new line
4398
02:53:26,399 --> 02:53:28,620
character so we can differentiate the
4399
02:53:28,620 --> 02:53:31,140
input parameters that we specify from
4400
02:53:31,140 --> 02:53:33,540
the actual passwords that it tests so
4401
02:53:33,540 --> 02:53:36,060
print backslash n
4402
02:53:36,060 --> 02:53:38,520
and let's run it once again right here
4403
02:53:38,520 --> 02:53:40,880
clear
4404
02:53:40,920 --> 02:53:43,920
182.168.1.3
4405
02:53:43,979 --> 02:53:48,540
msf admin and passwords.txt
4406
02:53:48,540 --> 02:53:51,479
here it is new line character is there
4407
02:53:51,479 --> 02:53:53,460
and it will perform the exact same task
4408
02:53:53,460 --> 02:53:56,040
as it did previously now you might
4409
02:53:56,040 --> 02:53:57,720
notice that this is going a little bit
4410
02:53:57,720 --> 02:54:00,120
slow and that is something that we will
4411
02:54:00,120 --> 02:54:02,580
fix in the next video as we're going to
4412
02:54:02,580 --> 02:54:04,740
see how we can import threading library
4413
02:54:04,740 --> 02:54:07,500
inside of this program to make it Brute
4414
02:54:07,500 --> 02:54:09,779
Force the passwords faster because in
4415
02:54:09,779 --> 02:54:12,000
real life attacks if you for example had
4416
02:54:12,000 --> 02:54:15,060
100 000 passwords this would take a long
4417
02:54:15,060 --> 02:54:17,939
time to actually brute force and you
4418
02:54:17,939 --> 02:54:19,680
don't really want to sit for a week
4419
02:54:19,680 --> 02:54:22,080
waiting for a hundred thousand passwords
4420
02:54:22,080 --> 02:54:24,300
to finish you want to finish it as fast
4421
02:54:24,300 --> 02:54:26,160
as possible so we're going to take a
4422
02:54:26,160 --> 02:54:28,319
look at that in the next tutorial I hope
4423
02:54:28,319 --> 02:54:29,880
you enjoyed this one
4424
02:54:29,880 --> 02:54:32,399
and I will see you in the threading part
4425
02:54:32,399 --> 02:54:35,160
of this section take care bye welcome
4426
02:54:35,160 --> 02:54:36,840
everyone to this lecture where we are
4427
02:54:36,840 --> 02:54:39,180
going to take a look at the code of how
4428
02:54:39,180 --> 02:54:42,060
we can make our SSH brute forcer work
4429
02:54:42,060 --> 02:54:45,359
faster by using thread Library
4430
02:54:45,359 --> 02:54:47,819
all right so here is the code and the
4431
02:54:47,819 --> 02:54:49,380
reason why we are not going to code it
4432
02:54:49,380 --> 02:54:51,779
ourselves is because it is rather
4433
02:54:51,779 --> 02:54:53,819
similar to the first program that we
4434
02:54:53,819 --> 02:54:56,700
coded in the previous few videos there
4435
02:54:56,700 --> 02:54:59,580
are just some minor changes as well as
4436
02:54:59,580 --> 02:55:01,560
adding some libraries that we're going
4437
02:55:01,560 --> 02:55:03,720
to need so let's start off from the
4438
02:55:03,720 --> 02:55:05,880
beginning well first of all there are
4439
02:55:05,880 --> 02:55:07,680
two different libraries that we had to
4440
02:55:07,680 --> 02:55:11,279
import next to these four those two are
4441
02:55:11,279 --> 02:55:14,460
time library and threading Library both
4442
02:55:14,460 --> 02:55:16,140
of these libraries belong to the default
4443
02:55:16,140 --> 02:55:18,840
python libraries so there is no need for
4444
02:55:18,840 --> 02:55:20,760
you to actually install them in your
4445
02:55:20,760 --> 02:55:22,859
virtual environment as they are already
4446
02:55:22,859 --> 02:55:23,939
there
4447
02:55:23,939 --> 02:55:25,800
right after it at the beginning of the
4448
02:55:25,800 --> 02:55:28,500
program we declare a stop flag variable
4449
02:55:28,500 --> 02:55:30,540
and this variable is going to be of use
4450
02:55:30,540 --> 02:55:32,520
to us once we get to the actual
4451
02:55:32,520 --> 02:55:35,340
threading part so for now on WE simply
4452
02:55:35,340 --> 02:55:37,080
just declare a variable and it will be
4453
02:55:37,080 --> 02:55:40,140
an integer value of zero in our sh
4454
02:55:40,140 --> 02:55:42,779
connect function we make a few minor
4455
02:55:42,779 --> 02:55:45,060
changes such as for example we declared
4456
02:55:45,060 --> 02:55:46,800
that we are going to use the global stop
4457
02:55:46,800 --> 02:55:49,500
flag variable inside of this function
4458
02:55:49,500 --> 02:55:51,660
then we perform the same two things that
4459
02:55:51,660 --> 02:55:54,359
we performed in the regular brute forcer
4460
02:55:54,359 --> 02:55:57,359
after it we try to connect and if we
4461
02:55:57,359 --> 02:55:59,460
manage to connect then we set the stop
4462
02:55:59,460 --> 02:56:01,979
flag to be equal to 1.
4463
02:56:01,979 --> 02:56:04,020
then after it we print that the password
4464
02:56:04,020 --> 02:56:06,240
was found and in any other case we'll
4465
02:56:06,240 --> 02:56:08,880
print incorrect login and we will close
4466
02:56:08,880 --> 02:56:11,700
the sh connection now let's get to the
4467
02:56:11,700 --> 02:56:13,500
part where we actually set the stop flag
4468
02:56:13,500 --> 02:56:15,660
variable to be equal to one why do we do
4469
02:56:15,660 --> 02:56:19,560
that well if we go all the way down
4470
02:56:19,560 --> 02:56:21,479
all these things are the same as in the
4471
02:56:21,479 --> 02:56:23,700
previous program right here I just added
4472
02:56:23,700 --> 02:56:25,439
a print statement that says starting
4473
02:56:25,439 --> 02:56:27,840
threaded sh Brute Force
4474
02:56:27,840 --> 02:56:29,880
and Below there we open the file for
4475
02:56:29,880 --> 02:56:31,859
passwords and if we go to the
4476
02:56:31,859 --> 02:56:34,020
passwords.txt file you will notice that
4477
02:56:34,020 --> 02:56:36,000
I added a few more passwords right here
4478
02:56:36,000 --> 02:56:38,040
around 150.
4479
02:56:38,040 --> 02:56:40,260
so we can see how fast it will Brute
4480
02:56:40,260 --> 02:56:42,840
Force the correct password is somewhere
4481
02:56:42,840 --> 02:56:45,240
around here and let's continue with the
4482
02:56:45,240 --> 02:56:48,300
program so we go into the for Loop and
4483
02:56:48,300 --> 02:56:50,700
we read password by password or line by
4484
02:56:50,700 --> 02:56:53,340
line and if stop flag is equal to zero
4485
02:56:53,340 --> 02:56:55,800
then we will join all threads and exit
4486
02:56:55,800 --> 02:56:57,300
the program
4487
02:56:57,300 --> 02:56:59,399
and the threads that we create are
4488
02:56:59,399 --> 02:57:02,399
actually down here okay so let's
4489
02:57:02,399 --> 02:57:04,620
not pay attention to this part of the
4490
02:57:04,620 --> 02:57:06,979
code at the moment so for each password
4491
02:57:06,979 --> 02:57:09,840
we perform the strip function onto that
4492
02:57:09,840 --> 02:57:11,760
password so we can get rid of all the
4493
02:57:11,760 --> 02:57:14,700
unnecessary characters then we create a
4494
02:57:14,700 --> 02:57:16,560
thread object which is going to be
4495
02:57:16,560 --> 02:57:20,100
called T we perform the actual thread
4496
02:57:20,100 --> 02:57:22,380
object and the thread function onto the
4497
02:57:22,380 --> 02:57:24,420
SSH connect function and that is the
4498
02:57:24,420 --> 02:57:26,520
first parameter to this thread function
4499
02:57:26,520 --> 02:57:29,160
so the target is the actual function
4500
02:57:29,160 --> 02:57:30,960
that you're going to perform the thread
4501
02:57:30,960 --> 02:57:33,660
on and the args are the arguments to
4502
02:57:33,660 --> 02:57:35,939
that function so in our case that is
4503
02:57:35,939 --> 02:57:37,800
just one argument which is the password
4504
02:57:37,800 --> 02:57:40,979
parameter and this comma right here has
4505
02:57:40,979 --> 02:57:42,899
to be there even though we don't have a
4506
02:57:42,899 --> 02:57:45,120
second parameter otherwise this will not
4507
02:57:45,120 --> 02:57:47,279
work so we have to add it right here
4508
02:57:47,279 --> 02:57:49,500
right after we create the thread object
4509
02:57:49,500 --> 02:57:51,600
and we call it onto the target of SSH
4510
02:57:51,600 --> 02:57:53,220
connect with the arguments of password
4511
02:57:53,220 --> 02:57:56,399
then we can start that thread and we can
4512
02:57:56,399 --> 02:57:59,580
sleep for 0.5 seconds after every time
4513
02:57:59,580 --> 02:58:01,979
we start a thread all right
4514
02:58:01,979 --> 02:58:03,899
so what this will do is it will start to
4515
02:58:03,899 --> 02:58:05,939
thread each time a new password is being
4516
02:58:05,939 --> 02:58:08,520
read from the file and each password
4517
02:58:08,520 --> 02:58:11,580
will have its own thread and in case the
4518
02:58:11,580 --> 02:58:14,279
stop flag gets switched to 1 well that
4519
02:58:14,279 --> 02:58:15,899
means that some of those threads
4520
02:58:15,899 --> 02:58:17,399
actually manage to find the correct
4521
02:58:17,399 --> 02:58:19,560
password as they manage to connect to
4522
02:58:19,560 --> 02:58:21,960
the Target therefore we set the flag to
4523
02:58:21,960 --> 02:58:24,300
be equal to 1 and once the flag is set
4524
02:58:24,300 --> 02:58:26,460
to 1 that means that we can close the
4525
02:58:26,460 --> 02:58:28,439
program since we found the correct
4526
02:58:28,439 --> 02:58:30,720
password therefore we perform the T dot
4527
02:58:30,720 --> 02:58:32,460
join function which will join all the
4528
02:58:32,460 --> 02:58:34,680
threads that running and then we can
4529
02:58:34,680 --> 02:58:36,479
exit the program
4530
02:58:36,479 --> 02:58:39,300
and that is the entire program that runs
4531
02:58:39,300 --> 02:58:41,939
on threads so let's see whether it is
4532
02:58:41,939 --> 02:58:43,920
faster than the previous one
4533
02:58:43,920 --> 02:58:49,580
first I'm going to go and enlarge this
4534
02:58:50,160 --> 02:58:52,680
then I will navigate to the pycharm and
4535
02:58:52,680 --> 02:58:54,899
then as Sage brute force and first we
4536
02:58:54,899 --> 02:58:56,819
will run the previous program
4537
02:58:56,819 --> 02:58:59,220
so the previous program had no threading
4538
02:58:59,220 --> 02:59:01,439
library and let's see how that one will
4539
02:59:01,439 --> 02:59:04,939
do so the target address is
4540
02:59:04,939 --> 02:59:08,100
192.168.1.3 in my case the SSH username
4541
02:59:08,100 --> 02:59:11,460
is msf admin and the passwords file is
4542
02:59:11,460 --> 02:59:12,660
password
4543
02:59:12,660 --> 02:59:18,080
or passwords.txt press here enter
4544
02:59:18,540 --> 02:59:21,420
it will start running we can see we got
4545
02:59:21,420 --> 02:59:24,840
some incorrect logins
4546
02:59:24,840 --> 02:59:26,939
and you can see each password takes
4547
02:59:26,939 --> 02:59:30,240
around one second to finish therefore
4548
02:59:30,240 --> 02:59:33,120
this is going rather slow so let's just
4549
02:59:33,120 --> 02:59:35,340
Ctrl CD so we don't wait for the correct
4550
02:59:35,340 --> 02:59:37,260
password
4551
02:59:37,260 --> 02:59:40,560
and if we run the second program which
4552
02:59:40,560 --> 02:59:43,920
is our threaded brute forcer
4553
02:59:43,920 --> 02:59:47,720
and type in the same information
4554
02:59:50,760 --> 02:59:53,460
it will start our threaded brute forcer
4555
02:59:53,460 --> 02:59:56,100
and you will see that the passwords go a
4556
02:59:56,100 --> 02:59:58,439
lot faster than before
4557
02:59:58,439 --> 03:00:00,300
as you can see we already managed to
4558
03:00:00,300 --> 03:00:03,300
cover more than 20 passwords and here it
4559
03:00:03,300 --> 03:00:06,060
is here is the correct password and few
4560
03:00:06,060 --> 03:00:08,760
seconds after that it closes the program
4561
03:00:08,760 --> 03:00:11,340
now the reason why it goes for few more
4562
03:00:11,340 --> 03:00:13,080
passwords after finding the correct
4563
03:00:13,080 --> 03:00:14,880
password is because all of these
4564
03:00:14,880 --> 03:00:17,700
passwords were separate threads that for
4565
03:00:17,700 --> 03:00:20,100
ran before this one has finished
4566
03:00:20,100 --> 03:00:22,260
therefore it had to finish these ones
4567
03:00:22,260 --> 03:00:24,720
first and then exit program
4568
03:00:24,720 --> 03:00:26,700
and you can see how many passwords we
4569
03:00:26,700 --> 03:00:29,399
managed to actually cover in just a
4570
03:00:29,399 --> 03:00:31,560
matter of a second or two and it also
4571
03:00:31,560 --> 03:00:34,560
managed to find the correct password
4572
03:00:34,560 --> 03:00:36,600
now the reason why incorrect passwords
4573
03:00:36,600 --> 03:00:38,640
are printed in Red is because I also
4574
03:00:38,640 --> 03:00:40,439
added a print statement
4575
03:00:40,439 --> 03:00:43,920
somewhere around here which says that we
4576
03:00:43,920 --> 03:00:46,260
print the incorrect password in red
4577
03:00:46,260 --> 03:00:48,600
color by using term color.colored
4578
03:00:48,600 --> 03:00:50,819
function which we already covered before
4579
03:00:50,819 --> 03:00:54,060
that's basically it for this sh brute
4580
03:00:54,060 --> 03:00:56,220
forcer I hope you enjoyed this section
4581
03:00:56,220 --> 03:00:58,920
as well as the previous two and this was
4582
03:00:58,920 --> 03:01:01,560
also some type of a recap video to this
4583
03:01:01,560 --> 03:01:03,120
Brute Force so therefore we are not
4584
03:01:03,120 --> 03:01:05,160
going to do a recap video as a next
4585
03:01:05,160 --> 03:01:06,899
lecture we are going to go straight into
4586
03:01:06,899 --> 03:01:09,300
the next project so hope you enjoyed
4587
03:01:09,300 --> 03:01:11,220
this one once again and I will see you
4588
03:01:11,220 --> 03:01:14,460
in the next tutorial bye
4589
03:01:14,460 --> 03:01:17,160
hello everyone and Welcome to our next
4590
03:01:17,160 --> 03:01:18,960
project which is going to be a project
4591
03:01:18,960 --> 03:01:21,899
on our spoofing now this is going to be
4592
03:01:21,899 --> 03:01:24,000
a little bit of harder project than the
4593
03:01:24,000 --> 03:01:26,100
previous View that we did since we're
4594
03:01:26,100 --> 03:01:27,779
going to interact with different packets
4595
03:01:27,779 --> 03:01:30,120
and different internet protocols inside
4596
03:01:30,120 --> 03:01:32,460
of this section we're also going to
4597
03:01:32,460 --> 03:01:34,680
introduce a new library which is a
4598
03:01:34,680 --> 03:01:36,600
massive Library called scapi which
4599
03:01:36,600 --> 03:01:38,580
allows us to modify send and receive
4600
03:01:38,580 --> 03:01:41,540
different packets and responses alright
4601
03:01:41,540 --> 03:01:44,040
now for those of you that are not
4602
03:01:44,040 --> 03:01:46,140
familiar with networking with Arps
4603
03:01:46,140 --> 03:01:48,720
poofing or with our packets in general I
4604
03:01:48,720 --> 03:01:50,160
will make sure to leave some of the
4605
03:01:50,160 --> 03:01:52,560
resources links so you can read more
4606
03:01:52,560 --> 03:01:54,359
about the Arps spoofing and understand
4607
03:01:54,359 --> 03:01:56,399
it a whole lot better
4608
03:01:56,399 --> 03:01:58,260
in this project we're going to create
4609
03:01:58,260 --> 03:02:01,020
two programs first one is going to be
4610
03:02:01,020 --> 03:02:03,540
the Manual Arts proofing so we're going
4611
03:02:03,540 --> 03:02:05,700
to go through the entire process of Arps
4612
03:02:05,700 --> 03:02:07,979
moving line by line we're going to see
4613
03:02:07,979 --> 03:02:10,680
the responses how it happens what we
4614
03:02:10,680 --> 03:02:12,060
need to specify in order for our
4615
03:02:12,060 --> 03:02:14,460
spoofing to happen and then we are going
4616
03:02:14,460 --> 03:02:16,140
to create a second program which is
4617
03:02:16,140 --> 03:02:18,420
going to automate that entire process
4618
03:02:18,420 --> 03:02:20,700
the reason why we are first performing
4619
03:02:20,700 --> 03:02:22,800
the manual a lot of spoofing is so we
4620
03:02:22,800 --> 03:02:24,660
can understand everything a little bit
4621
03:02:24,660 --> 03:02:26,939
better all right
4622
03:02:26,939 --> 03:02:29,640
now let's explain our spoofing briefly
4623
03:02:29,640 --> 03:02:31,439
well let's imagine we have three
4624
03:02:31,439 --> 03:02:33,540
machines on the network the first one is
4625
03:02:33,540 --> 03:02:35,399
router which is routing the connections
4626
03:02:35,399 --> 03:02:38,819
the second two are two different laptops
4627
03:02:38,819 --> 03:02:41,100
one of them is the target laptop and one
4628
03:02:41,100 --> 03:02:43,080
of them is the attacker laptop
4629
03:02:43,080 --> 03:02:45,779
now the attacker machine sends the ARP
4630
03:02:45,779 --> 03:02:47,880
packets which tell the router and tell
4631
03:02:47,880 --> 03:02:50,220
the machine that their connection should
4632
03:02:50,220 --> 03:02:53,160
go over the attacker's machine
4633
03:02:53,160 --> 03:02:55,740
how do they do that well simply the
4634
03:02:55,740 --> 03:02:57,779
attacker sends the router a packet which
4635
03:02:57,779 --> 03:02:59,640
tells the router hey I am the target
4636
03:02:59,640 --> 03:03:01,859
machine you can send the packets to me
4637
03:03:01,859 --> 03:03:04,200
instead of the real Target machine
4638
03:03:04,200 --> 03:03:06,060
then what we do with those packets we
4639
03:03:06,060 --> 03:03:08,160
read them and then we can forward them
4640
03:03:08,160 --> 03:03:10,140
to the actual Target machine so the
4641
03:03:10,140 --> 03:03:11,580
target will have no idea that anything
4642
03:03:11,580 --> 03:03:14,040
is happening since the packets are
4643
03:03:14,040 --> 03:03:16,680
arriving at the destination
4644
03:03:16,680 --> 03:03:18,960
if we do the opposite to the Target so
4645
03:03:18,960 --> 03:03:20,760
we send the arc package to the Target
4646
03:03:20,760 --> 03:03:23,640
which tell the target machine hey I am
4647
03:03:23,640 --> 03:03:25,800
the router please send the packets to me
4648
03:03:25,800 --> 03:03:27,180
and then
4649
03:03:27,180 --> 03:03:28,800
the packets that were supposed to go
4650
03:03:28,800 --> 03:03:30,899
from the target machine to the router go
4651
03:03:30,899 --> 03:03:32,880
first to our machine and then we forward
4652
03:03:32,880 --> 03:03:35,760
them to the router and therefore we are
4653
03:03:35,760 --> 03:03:37,859
the man in the middle there by ours
4654
03:03:37,859 --> 03:03:41,040
proofing the correction all right so
4655
03:03:41,040 --> 03:03:43,380
another thing to keep in mind is that
4656
03:03:43,380 --> 03:03:46,140
this will not work on all networks it
4657
03:03:46,140 --> 03:03:48,120
will only work of some networks where
4658
03:03:48,120 --> 03:03:50,580
our spoofing is still possible there are
4659
03:03:50,580 --> 03:03:52,200
a bunch of different networks in the
4660
03:03:52,200 --> 03:03:54,540
world that have security measures that
4661
03:03:54,540 --> 03:03:56,399
prevent ARB spoofing
4662
03:03:56,399 --> 03:03:59,040
but there is even more of them that do
4663
03:03:59,040 --> 03:04:01,979
not prevent ARP spoofing
4664
03:04:01,979 --> 03:04:03,779
so that's why we are covering this
4665
03:04:03,779 --> 03:04:06,300
project let's start with creating the
4666
03:04:06,300 --> 03:04:09,359
project inside of a pycharm here it is I
4667
03:04:09,359 --> 03:04:11,520
already went on file and the new project
4668
03:04:11,520 --> 03:04:13,220
so I will simply just type right here
4669
03:04:13,220 --> 03:04:16,760
Arps buffer
4670
03:04:16,859 --> 03:04:19,200
click on create we want to create on
4671
03:04:19,200 --> 03:04:21,560
this window
4672
03:04:24,720 --> 03:04:26,580
and we're going to start off by
4673
03:04:26,580 --> 03:04:29,340
importing the libraries that we need
4674
03:04:29,340 --> 03:04:31,979
for the first program which is going to
4675
03:04:31,979 --> 03:04:34,200
be us going line by line and checking
4676
03:04:34,200 --> 03:04:37,620
out how arp's proofing Works we're only
4677
03:04:37,620 --> 03:04:39,240
going to need one library and that is
4678
03:04:39,240 --> 03:04:42,720
going to be this KP Library so first of
4679
03:04:42,720 --> 03:04:44,840
all
4680
03:04:44,939 --> 03:04:47,880
I will go right here and click on new
4681
03:04:47,880 --> 03:04:50,399
python file and we will call this first
4682
03:04:50,399 --> 03:04:53,640
program malicious ARP packet and we can
4683
03:04:53,640 --> 03:04:56,939
shorten that by simply typing Mal art
4684
03:04:56,939 --> 03:05:00,660
dot py simple as that and all we need to
4685
03:05:00,660 --> 03:05:04,200
do is type fromskp.all
4686
03:05:04,200 --> 03:05:05,819
import
4687
03:05:05,819 --> 03:05:08,399
and Then star sign and the Star Sign
4688
03:05:08,399 --> 03:05:10,500
simply implicates that we are importing
4689
03:05:10,500 --> 03:05:12,960
everything from kp.all but you can
4690
03:05:12,960 --> 03:05:14,880
notice that the Escape is actually red
4691
03:05:14,880 --> 03:05:17,100
underlying therefore we need to install
4692
03:05:17,100 --> 03:05:20,580
it first so let's open up our terminal
4693
03:05:20,580 --> 03:05:27,120
53 oops pip 3 installed escapee
4694
03:05:27,779 --> 03:05:30,180
it will collect the library and in no
4695
03:05:30,180 --> 03:05:32,160
time we should have it up and running
4696
03:05:32,160 --> 03:05:35,700
here it is if we go right here in just a
4697
03:05:35,700 --> 03:05:39,720
few seconds this red line will go away
4698
03:05:39,720 --> 03:05:42,899
all right so let's experiment with skp a
4699
03:05:42,899 --> 03:05:44,279
little bit
4700
03:05:44,279 --> 03:05:47,520
so if I go and open up my terminal right
4701
03:05:47,520 --> 03:05:48,540
here
4702
03:05:48,540 --> 03:05:50,399
and before we actually code anything
4703
03:05:50,399 --> 03:05:52,920
inside of pycharm Let Us open up our
4704
03:05:52,920 --> 03:05:54,359
terminal
4705
03:05:54,359 --> 03:05:57,540
zoom in our terminal
4706
03:05:57,540 --> 03:06:00,600
and run scapey now you will notice that
4707
03:06:00,600 --> 03:06:02,640
you can simply just run scapey instead
4708
03:06:02,640 --> 03:06:04,979
of python in your terminal and it will
4709
03:06:04,979 --> 03:06:08,460
open a platform or a framework that
4710
03:06:08,460 --> 03:06:12,120
allows you to only execute commands
4711
03:06:12,120 --> 03:06:14,520
all right so here it is I will enlarge
4712
03:06:14,520 --> 03:06:17,340
this so we can see everything better in
4713
03:06:17,340 --> 03:06:18,960
case you don't have scaping installed
4714
03:06:18,960 --> 03:06:21,300
simply you can install it by using pip3
4715
03:06:21,300 --> 03:06:24,000
as we showed in pie chart
4716
03:06:24,000 --> 03:06:26,700
now what Skippy allows us to do is it
4717
03:06:26,700 --> 03:06:28,920
allows us to create different types of
4718
03:06:28,920 --> 03:06:32,279
packets for example we have TCP packets
4719
03:06:32,279 --> 03:06:34,680
UDP packets we can also create icmp
4720
03:06:34,680 --> 03:06:37,260
packets and in our case in this section
4721
03:06:37,260 --> 03:06:39,840
we are going to use our packets
4722
03:06:39,840 --> 03:06:42,359
so if I simply just type LS
4723
03:06:42,359 --> 03:06:45,300
and in brackets I specify arp
4724
03:06:45,300 --> 03:06:47,100
you will notice that first of all this
4725
03:06:47,100 --> 03:06:49,500
LS is the same as the ls command inside
4726
03:06:49,500 --> 03:06:51,840
of a terminal it will simply just list
4727
03:06:51,840 --> 03:06:54,180
all of the different fields that the r
4728
03:06:54,180 --> 03:06:55,920
packet has
4729
03:06:55,920 --> 03:06:57,899
so we have all of those fields that we
4730
03:06:57,899 --> 03:07:00,180
need to specify inside of an ARP packet
4731
03:07:00,180 --> 03:07:02,580
before we actually try to send it
4732
03:07:02,580 --> 03:07:04,399
we have pdst
4733
03:07:04,399 --> 03:07:09,899
hwdst B source and HW source and op and
4734
03:07:09,899 --> 03:07:11,939
these five fields are the most important
4735
03:07:11,939 --> 03:07:15,420
to us for this section this P DSD is
4736
03:07:15,420 --> 03:07:17,460
actually the destination to which we are
4737
03:07:17,460 --> 03:07:20,580
sending the packet the hwdst destination
4738
03:07:20,580 --> 03:07:22,740
Mac address which we are sending the
4739
03:07:22,740 --> 03:07:25,200
packet the P source is our own IP
4740
03:07:25,200 --> 03:07:28,319
address and the HW source is our own Mac
4741
03:07:28,319 --> 03:07:29,220
address
4742
03:07:29,220 --> 03:07:33,240
the op field is simply set to either one
4743
03:07:33,240 --> 03:07:34,800
or two
4744
03:07:34,800 --> 03:07:36,779
and the reason for that is because there
4745
03:07:36,779 --> 03:07:39,540
are two types of our packets if op is
4746
03:07:39,540 --> 03:07:41,279
set to one that means we are sending the
4747
03:07:41,279 --> 03:07:45,180
ARP request and if op is set to 2 that
4748
03:07:45,180 --> 03:07:47,880
means we are sending the ARP response
4749
03:07:47,880 --> 03:07:50,580
and the request is simply us asking for
4750
03:07:50,580 --> 03:07:53,580
example at which Mac address and IP
4751
03:07:53,580 --> 03:07:55,979
address is the router and the response
4752
03:07:55,979 --> 03:07:57,960
would be if someone asks for our own Mac
4753
03:07:57,960 --> 03:07:59,520
address over the broadcast we would
4754
03:07:59,520 --> 03:08:02,819
simply reply K that IP address is at
4755
03:08:02,819 --> 03:08:05,100
this Mac address and that is the ARP
4756
03:08:05,100 --> 03:08:06,899
response all right
4757
03:08:06,899 --> 03:08:09,000
but even though if you don't understand
4758
03:08:09,000 --> 03:08:10,560
you will understand it too the process
4759
03:08:10,560 --> 03:08:13,080
of coding now in order to create a
4760
03:08:13,080 --> 03:08:15,120
packet inside of scapey we can define
4761
03:08:15,120 --> 03:08:18,479
something like packet equals and then
4762
03:08:18,479 --> 03:08:21,120
ARP specifying which packet we want and
4763
03:08:21,120 --> 03:08:23,340
inside of the brackets we specify all of
4764
03:08:23,340 --> 03:08:25,200
these options that we need
4765
03:08:25,200 --> 03:08:27,600
for example I can simply specify P
4766
03:08:27,600 --> 03:08:30,720
destination equals and then let's say
4767
03:08:30,720 --> 03:08:34,740
the IP address of my router
4768
03:08:34,740 --> 03:08:37,979
and if I just type packet.show
4769
03:08:37,979 --> 03:08:40,620
you will see all of the fields for my
4770
03:08:40,620 --> 03:08:43,020
packet most of them will be set
4771
03:08:43,020 --> 03:08:44,340
automatically
4772
03:08:44,340 --> 03:08:47,040
you will notice that the HW source and P
4773
03:08:47,040 --> 03:08:49,260
Source are set automatically and this is
4774
03:08:49,260 --> 03:08:51,420
the MAC address of our Cal Linux machine
4775
03:08:51,420 --> 03:08:53,700
and the IP address of our Cal Linux
4776
03:08:53,700 --> 03:08:55,560
machine
4777
03:08:55,560 --> 03:08:58,140
the op is set to who has which means
4778
03:08:58,140 --> 03:09:00,660
this is a request if we try to change it
4779
03:09:00,660 --> 03:09:02,700
for example packets
4780
03:09:02,700 --> 03:09:05,640
dot op equals to
4781
03:09:05,640 --> 03:09:08,880
and then we type once again packet.show
4782
03:09:08,880 --> 03:09:10,500
we got
4783
03:09:10,500 --> 03:09:14,040
changed op value which is now is at so
4784
03:09:14,040 --> 03:09:16,920
this means we are sending a response all
4785
03:09:16,920 --> 03:09:20,580
right the packet type is is ipv4 and you
4786
03:09:20,580 --> 03:09:23,760
can see the HW type is 0x1
4787
03:09:23,760 --> 03:09:26,640
and all these values are set except the
4788
03:09:26,640 --> 03:09:28,979
hardware destination or the MAC address
4789
03:09:28,979 --> 03:09:31,200
of the actual Target that we want to get
4790
03:09:31,200 --> 03:09:33,240
the MAC address from
4791
03:09:33,240 --> 03:09:35,220
alright so this is just small intro to
4792
03:09:35,220 --> 03:09:37,200
the art packets and in the next video
4793
03:09:37,200 --> 03:09:39,300
we're going to implement this in our
4794
03:09:39,300 --> 03:09:42,840
pycharm and send our first malicious Arc
4795
03:09:42,840 --> 03:09:45,180
packet thank you for watching and take
4796
03:09:45,180 --> 03:09:46,800
care bye
4797
03:09:46,800 --> 03:09:48,300
welcome back
4798
03:09:48,300 --> 03:09:51,180
let's see how arp's pooping really works
4799
03:09:51,180 --> 03:09:53,100
alright so
4800
03:09:53,100 --> 03:09:55,620
now that we Import in our library the
4801
03:09:55,620 --> 03:09:57,540
first thing and the first step in order
4802
03:09:57,540 --> 03:09:59,640
to actually perform the Arts proofing is
4803
03:09:59,640 --> 03:10:02,760
to create the malicious packet
4804
03:10:02,760 --> 03:10:04,500
so how can we do that
4805
03:10:04,500 --> 03:10:06,420
well first of all we need to figure out
4806
03:10:06,420 --> 03:10:09,359
which machines are we trying to attack
4807
03:10:09,359 --> 03:10:12,420
in this case I will try to attack my
4808
03:10:12,420 --> 03:10:15,300
Windows 10 main PC so this environment
4809
03:10:15,300 --> 03:10:16,560
right here
4810
03:10:16,560 --> 03:10:19,020
now you can also try to attack Windows
4811
03:10:19,020 --> 03:10:20,939
machine but it can also be a Linux
4812
03:10:20,939 --> 03:10:22,680
machine if you'd like
4813
03:10:22,680 --> 03:10:24,899
all right so the first thing that we
4814
03:10:24,899 --> 03:10:27,660
need to do is to pretend that we do not
4815
03:10:27,660 --> 03:10:30,000
know how to communicate with our Target
4816
03:10:30,000 --> 03:10:32,640
machine therefore we need to find out
4817
03:10:32,640 --> 03:10:35,460
its Mac address first how can we do that
4818
03:10:35,460 --> 03:10:37,979
well we can simply just send an ARP
4819
03:10:37,979 --> 03:10:40,500
request through the broadcast Mac
4820
03:10:40,500 --> 03:10:42,300
address which means that every machine
4821
03:10:42,300 --> 03:10:44,399
on this local area network will receive
4822
03:10:44,399 --> 03:10:47,160
the request and possibly send a reply
4823
03:10:47,160 --> 03:10:49,500
so how can we do that well first of all
4824
03:10:49,500 --> 03:10:52,560
we need to create a packet
4825
03:10:52,560 --> 03:10:54,240
which is going to cover the broadcast
4826
03:10:54,240 --> 03:10:56,220
Mac address
4827
03:10:56,220 --> 03:10:58,380
we can set the broadcast Mac address
4828
03:10:58,380 --> 03:11:00,840
inside of the adder layer of the packet
4829
03:11:00,840 --> 03:11:03,060
so we will simply just create the editor
4830
03:11:03,060 --> 03:11:06,720
packet with the destination of
4831
03:11:06,720 --> 03:11:09,359
the broadcast Mac address which we all
4832
03:11:09,359 --> 03:11:13,740
know to be FF ffff and this now we
4833
03:11:13,740 --> 03:11:16,920
specify six times all right now if we go
4834
03:11:16,920 --> 03:11:18,960
to the escapee right here from our
4835
03:11:18,960 --> 03:11:21,899
terminal and we type LS on the adder
4836
03:11:21,899 --> 03:11:24,000
packet we can see it only has three
4837
03:11:24,000 --> 03:11:26,819
fields which is the type the source and
4838
03:11:26,819 --> 03:11:28,859
the destination
4839
03:11:28,859 --> 03:11:31,140
if I create a packet which is going to
4840
03:11:31,140 --> 03:11:33,779
be equal to enter with the destination
4841
03:11:33,779 --> 03:11:35,640
that we just specified of the broadcast
4842
03:11:35,640 --> 03:11:38,540
Mac address
4843
03:11:38,880 --> 03:11:41,640
and print packet.show
4844
03:11:41,640 --> 03:11:43,380
you will see that the source will
4845
03:11:43,380 --> 03:11:45,540
automatically be set to the MAC address
4846
03:11:45,540 --> 03:11:48,000
of my Kali Linux machine
4847
03:11:48,000 --> 03:11:50,760
and the type will be set as well as we
4848
03:11:50,760 --> 03:11:52,859
can see right here the destination is
4849
03:11:52,859 --> 03:11:55,560
set to the broadcast Mac address
4850
03:11:55,560 --> 03:11:57,720
but if we want to we can actually add
4851
03:11:57,720 --> 03:12:00,600
the r player to this Adder layer in
4852
03:12:00,600 --> 03:12:02,520
order to create a full packet and that
4853
03:12:02,520 --> 03:12:04,800
is what we're going to do
4854
03:12:04,800 --> 03:12:07,020
so what I'm going to do
4855
03:12:07,020 --> 03:12:09,240
is before even coding it in the pie
4856
03:12:09,240 --> 03:12:11,100
charm I'm going to restart scapey right
4857
03:12:11,100 --> 03:12:13,439
here and demonstrate the creation of
4858
03:12:13,439 --> 03:12:15,840
packet first because we have a visuals
4859
03:12:15,840 --> 03:12:17,520
right here therefore we can understand
4860
03:12:17,520 --> 03:12:19,740
it a whole lot better let's create a
4861
03:12:19,740 --> 03:12:21,899
broadcast packet that we already typed
4862
03:12:21,899 --> 03:12:24,740
in the pi term
4863
03:12:24,960 --> 03:12:27,420
that will have the other layer with the
4864
03:12:27,420 --> 03:12:30,300
destination to be equal to the broadcast
4865
03:12:30,300 --> 03:12:32,640
since we are sending out a request to
4866
03:12:32,640 --> 03:12:35,279
everyone and hopefully getting a reply
4867
03:12:35,279 --> 03:12:37,740
from someone who knows where our Windows
4868
03:12:37,740 --> 03:12:40,560
10 machine is located all right
4869
03:12:40,560 --> 03:12:43,319
now after we do that we need to also add
4870
03:12:43,319 --> 03:12:46,020
the r player so let's just create our
4871
03:12:46,020 --> 03:12:48,479
player right here
4872
03:12:48,479 --> 03:12:51,000
to be equal to the arp
4873
03:12:51,000 --> 03:12:53,399
and here all we need to do is specify
4874
03:12:53,399 --> 03:12:56,220
the IP address of our Target machine so
4875
03:12:56,220 --> 03:12:58,140
I'm going to check the IP address of my
4876
03:12:58,140 --> 03:13:00,300
Windows 10 machine right here
4877
03:13:00,300 --> 03:13:02,580
by opening up the command prompt and
4878
03:13:02,580 --> 03:13:05,040
typing ipconfig
4879
03:13:05,040 --> 03:13:07,200
press your enter and we can see that the
4880
03:13:07,200 --> 03:13:09,840
IP address of my Windows 10 machine is
4881
03:13:09,840 --> 03:13:12,840
192.168.1.2
4882
03:13:12,840 --> 03:13:14,580
so that is what we need to specify
4883
03:13:14,580 --> 03:13:17,640
inside of our R player we are interested
4884
03:13:17,640 --> 03:13:19,620
at the destination so we will specify
4885
03:13:19,620 --> 03:13:21,660
pdst
4886
03:13:21,660 --> 03:13:25,140
to be equal to the IP address of Windows
4887
03:13:25,140 --> 03:13:27,899
10 machine all right so we got that
4888
03:13:27,899 --> 03:13:29,279
ready
4889
03:13:29,279 --> 03:13:32,700
let me enlarge this a little bit more
4890
03:13:32,700 --> 03:13:36,359
and now if I simply just type R player
4891
03:13:36,359 --> 03:13:38,279
dot show
4892
03:13:38,279 --> 03:13:40,620
will have all of the fields filled
4893
03:13:40,620 --> 03:13:42,960
automatically by default
4894
03:13:42,960 --> 03:13:45,420
our IP address is there and our Mac
4895
03:13:45,420 --> 03:13:48,420
address is there as well the op is also
4896
03:13:48,420 --> 03:13:50,880
said to be an ARP request now in order
4897
03:13:50,880 --> 03:13:52,500
to actually combine these two packets
4898
03:13:52,500 --> 03:13:54,840
all we need to do is create another
4899
03:13:54,840 --> 03:13:56,819
variable which will be called entire
4900
03:13:56,819 --> 03:13:59,540
packet
4901
03:14:00,720 --> 03:14:03,180
and this entire packet will be equal to
4902
03:14:03,180 --> 03:14:04,859
broadcast
4903
03:14:04,859 --> 03:14:08,640
slash ARP layer
4904
03:14:08,640 --> 03:14:10,800
and that is how we can combine these two
4905
03:14:10,800 --> 03:14:11,700
packets
4906
03:14:11,700 --> 03:14:13,620
let me just show you right here so you
4907
03:14:13,620 --> 03:14:15,180
can understand it better if I type
4908
03:14:15,180 --> 03:14:18,359
entire packet dot show
4909
03:14:18,359 --> 03:14:20,640
you will see right now we have two
4910
03:14:20,640 --> 03:14:23,580
layers to our entire packet
4911
03:14:23,580 --> 03:14:25,920
the ethernet layer which we set the
4912
03:14:25,920 --> 03:14:27,600
destination to be the broadcast Mac
4913
03:14:27,600 --> 03:14:30,540
address and the r player which we set
4914
03:14:30,540 --> 03:14:33,300
the IP destination to be the IP address
4915
03:14:33,300 --> 03:14:36,180
of our Windows 10 machine
4916
03:14:36,180 --> 03:14:39,060
now we can send out this packet alright
4917
03:14:39,060 --> 03:14:42,120
so how can we do that
4918
03:14:42,120 --> 03:14:44,819
well we can use a function which is
4919
03:14:44,819 --> 03:14:47,100
called SRP
4920
03:14:47,100 --> 03:14:49,200
and this function allows us to send the
4921
03:14:49,200 --> 03:14:51,899
entire packet we can also specify the
4922
03:14:51,899 --> 03:14:54,540
timeout to be equal to 2 seconds and we
4923
03:14:54,540 --> 03:14:56,819
want to set the verbose to be equal to
4924
03:14:56,819 --> 03:14:58,620
true
4925
03:14:58,620 --> 03:14:59,899
now
4926
03:14:59,899 --> 03:15:03,240
this actual function will retrieve two
4927
03:15:03,240 --> 03:15:06,180
lists the first list will be the
4928
03:15:06,180 --> 03:15:08,279
answered responses and the second list
4929
03:15:08,279 --> 03:15:11,760
would be the unanswered machines all
4930
03:15:11,760 --> 03:15:14,340
right so in order to actually print that
4931
03:15:14,340 --> 03:15:16,200
list afterwards we first of all need to
4932
03:15:16,200 --> 03:15:18,120
store it and let's call the variable
4933
03:15:18,120 --> 03:15:21,120
answer and since I just mentioned that
4934
03:15:21,120 --> 03:15:23,040
it retrieves two lists we want to pick
4935
03:15:23,040 --> 03:15:26,640
the first list by specifying this 0
4936
03:15:26,640 --> 03:15:29,279
inside of square brackets since the
4937
03:15:29,279 --> 03:15:32,340
first list are answered responses if I
4938
03:15:32,340 --> 03:15:34,319
press here enter
4939
03:15:34,319 --> 03:15:36,720
it will tell us that it received one
4940
03:15:36,720 --> 03:15:39,120
package got one answers and remaining
4941
03:15:39,120 --> 03:15:40,740
zero packets so everything worked
4942
03:15:40,740 --> 03:15:45,620
properly if I type here print answer
4943
03:15:46,680 --> 03:15:48,779
it will tell you the results which means
4944
03:15:48,779 --> 03:15:51,120
that we got other response it was not a
4945
03:15:51,120 --> 03:15:54,060
TCP answer or UDP or icmp it was under
4946
03:15:54,060 --> 03:15:56,399
the other and by other it means we got
4947
03:15:56,399 --> 03:15:59,100
the ARP response which is good now in
4948
03:15:59,100 --> 03:16:00,960
order to print this response we can
4949
03:16:00,960 --> 03:16:04,260
simply just type print answer
4950
03:16:04,260 --> 03:16:07,439
and select the first element
4951
03:16:07,439 --> 03:16:10,200
and you will see our packet right here
4952
03:16:10,200 --> 03:16:13,140
now if we take a look at this packet we
4953
03:16:13,140 --> 03:16:15,899
will see that this is our own packet
4954
03:16:15,899 --> 03:16:17,819
that we sent since we have the ethernet
4955
03:16:17,819 --> 03:16:19,880
set for the destination to the broadcast
4956
03:16:19,880 --> 03:16:23,340
and the r player set to have the IP
4957
03:16:23,340 --> 03:16:26,160
destination to the Windows 10 machine
4958
03:16:26,160 --> 03:16:28,740
and this right here
4959
03:16:28,740 --> 03:16:31,859
would be the response that we got as we
4960
03:16:31,859 --> 03:16:34,200
can see the destination Mac address is
4961
03:16:34,200 --> 03:16:36,660
the MAC address of our own Kali Linux
4962
03:16:36,660 --> 03:16:37,740
machine
4963
03:16:37,740 --> 03:16:40,800
the source is the MAC address from our
4964
03:16:40,800 --> 03:16:43,439
Windows 10 machine since our Windows 10
4965
03:16:43,439 --> 03:16:45,300
machine sent this packet back to us
4966
03:16:45,300 --> 03:16:48,720
telling us that this is its own Mac
4967
03:16:48,720 --> 03:16:49,859
address
4968
03:16:49,859 --> 03:16:52,560
we can also see it right here where the
4969
03:16:52,560 --> 03:16:55,080
HW source is the MAC address of Windows
4970
03:16:55,080 --> 03:16:58,620
10 machine the P source is the source IP
4971
03:16:58,620 --> 03:17:00,660
address of Windows 10 machine and this
4972
03:17:00,660 --> 03:17:03,120
is where the Windows 10 machine sent the
4973
03:17:03,120 --> 03:17:05,819
packet to which is our Cal Linux machine
4974
03:17:05,819 --> 03:17:08,640
therefore we received it now what we
4975
03:17:08,640 --> 03:17:11,040
want to get out of this entire packet is
4976
03:17:11,040 --> 03:17:14,279
this Mac address right here
4977
03:17:14,279 --> 03:17:17,160
so how we can do that well we can simply
4978
03:17:17,160 --> 03:17:19,920
just print let's print something like
4979
03:17:19,920 --> 03:17:21,359
this answer
4980
03:17:21,359 --> 03:17:23,760
and since this has bunch of elements we
4981
03:17:23,760 --> 03:17:27,060
will select the first one which is this
4982
03:17:27,060 --> 03:17:30,240
and then we can select
4983
03:17:30,240 --> 03:17:32,640
the second element
4984
03:17:32,640 --> 03:17:37,760
under the number one if we print it
4985
03:17:38,359 --> 03:17:41,279
Python 3 makes no sense
4986
03:17:41,279 --> 03:17:46,819
wait if I just type print dot show
4987
03:17:46,819 --> 03:17:50,640
here it is bound method we only get the
4988
03:17:50,640 --> 03:17:53,220
response now as we can see right here we
4989
03:17:53,220 --> 03:17:55,920
no longer get this part and all we want
4990
03:17:55,920 --> 03:17:58,859
to select from this response is the HW
4991
03:17:58,859 --> 03:18:01,439
source which is this right here since
4992
03:18:01,439 --> 03:18:03,779
this is the MAC address of the Windows
4993
03:18:03,779 --> 03:18:06,840
10 machine so let's select it if we type
4994
03:18:06,840 --> 03:18:10,500
here Target Mac address
4995
03:18:10,500 --> 03:18:13,680
we can set it to be equal to
4996
03:18:13,680 --> 03:18:15,540
answer
4997
03:18:15,540 --> 03:18:19,140
first element which is the packet that
4998
03:18:19,140 --> 03:18:21,000
we sent and the packet that we received
4999
03:18:21,000 --> 03:18:23,340
but since we only want the packet that
5000
03:18:23,340 --> 03:18:25,160
we received we set the second element
5001
03:18:25,160 --> 03:18:28,200
and that is this part right here and
5002
03:18:28,200 --> 03:18:30,540
from the second element we want to get
5003
03:18:30,540 --> 03:18:34,680
the HW source which is the MAC address
5004
03:18:34,680 --> 03:18:36,720
of the Windows 10 machine
5005
03:18:36,720 --> 03:18:38,700
if I press here enter
5006
03:18:38,700 --> 03:18:42,800
and we print the target Mac address
5007
03:18:45,300 --> 03:18:47,819
we get just the MAC address of Windows
5008
03:18:47,819 --> 03:18:50,279
10 machine alright great how cool is
5009
03:18:50,279 --> 03:18:52,200
that we successfully retrieved the MAC
5010
03:18:52,200 --> 03:18:54,600
address of Windows 10 Machine by sending
5011
03:18:54,600 --> 03:18:56,819
the art packet and getting the ARP
5012
03:18:56,819 --> 03:18:59,340
response back to us
5013
03:18:59,340 --> 03:19:01,800
now it is time to get to the hacking
5014
03:19:01,800 --> 03:19:04,620
stuff this was all just small networking
5015
03:19:04,620 --> 03:19:07,319
right now we want to create a malformed
5016
03:19:07,319 --> 03:19:09,600
or unalicious art packet and send it
5017
03:19:09,600 --> 03:19:11,160
once again
5018
03:19:11,160 --> 03:19:12,960
how can we do that
5019
03:19:12,960 --> 03:19:15,060
well first we need to craft the packet
5020
03:19:15,060 --> 03:19:18,000
all right so we already know how to do
5021
03:19:18,000 --> 03:19:19,740
that let's create a variable called
5022
03:19:19,740 --> 03:19:23,279
packet and this packet variable will be
5023
03:19:23,279 --> 03:19:26,300
equal to the art packet
5024
03:19:26,300 --> 03:19:28,680
first since this is a malicious packet
5025
03:19:28,680 --> 03:19:30,660
let's see what we want this packet to do
5026
03:19:30,660 --> 03:19:32,939
well we want this packet to tell the
5027
03:19:32,939 --> 03:19:35,340
Windows 10 machine that our Kali Linux
5028
03:19:35,340 --> 03:19:38,340
machine is a router so it sends all of
5029
03:19:38,340 --> 03:19:40,800
its packets to us first of all we need
5030
03:19:40,800 --> 03:19:43,560
to set the op value to be equal to 2
5031
03:19:43,560 --> 03:19:46,620
since we want our packet to be the art
5032
03:19:46,620 --> 03:19:49,319
response we are telling the Windows 10
5033
03:19:49,319 --> 03:19:51,000
machine that we are the router we are
5034
03:19:51,000 --> 03:19:52,859
not requesting anything therefore we
5035
03:19:52,859 --> 03:19:55,920
will set the op to be equal to 2.
5036
03:19:55,920 --> 03:19:57,960
the next thing we want to set is the
5037
03:19:57,960 --> 03:19:59,880
hardware destination or the MAC address
5038
03:19:59,880 --> 03:20:02,399
of our Windows 10 machine and this is
5039
03:20:02,399 --> 03:20:04,979
why we needed Mac address that we
5040
03:20:04,979 --> 03:20:07,439
received from this packet right here we
5041
03:20:07,439 --> 03:20:08,880
got it in the Target Mac address
5042
03:20:08,880 --> 03:20:11,220
variable so you can either specify the
5043
03:20:11,220 --> 03:20:13,620
MAC address itself or you can specify
5044
03:20:13,620 --> 03:20:15,960
Target Mac address
5045
03:20:15,960 --> 03:20:17,399
all right
5046
03:20:17,399 --> 03:20:19,080
the next thing that we need to specify
5047
03:20:19,080 --> 03:20:21,240
is the P destination
5048
03:20:21,240 --> 03:20:23,220
which is the IP address to our Target
5049
03:20:23,220 --> 03:20:28,140
machine in my case that is 192.168.1.2
5050
03:20:29,640 --> 03:20:31,200
and the last thing that we need to
5051
03:20:31,200 --> 03:20:33,479
specify is the P source
5052
03:20:33,479 --> 03:20:37,260
if I specify psrc equals here we
5053
03:20:37,260 --> 03:20:39,240
specified the machine that we want to
5054
03:20:39,240 --> 03:20:42,000
impersonate in our case we want to be
5055
03:20:42,000 --> 03:20:44,100
the router therefore I will specify my
5056
03:20:44,100 --> 03:20:46,700
router's IP address which is
5057
03:20:46,700 --> 03:20:49,319
192.168.1.1 in case you don't know what
5058
03:20:49,319 --> 03:20:51,359
your router's IP address is you can
5059
03:20:51,359 --> 03:20:53,399
simply just go open up your terminal and
5060
03:20:53,399 --> 03:20:56,939
type in netstat dash NR
5061
03:20:56,939 --> 03:21:00,000
under the Gateway you will see your
5062
03:21:00,000 --> 03:21:02,760
router's IP address all right so let's
5063
03:21:02,760 --> 03:21:04,740
close this
5064
03:21:04,740 --> 03:21:07,620
now that we have everything ready once
5065
03:21:07,620 --> 03:21:09,439
again we are sending the op equals to
5066
03:21:09,439 --> 03:21:11,700
because we are saying that we are
5067
03:21:11,700 --> 03:21:14,340
Gateway so this is a response let's
5068
03:21:14,340 --> 03:21:17,279
press here enter if I just type packet
5069
03:21:17,279 --> 03:21:19,560
dot show
5070
03:21:19,560 --> 03:21:23,460
here is the contents of our packet we
5071
03:21:23,460 --> 03:21:25,920
got everything ready to go
5072
03:21:25,920 --> 03:21:27,899
but before we actually send out this
5073
03:21:27,899 --> 03:21:30,540
packet let's see what are the ARP tables
5074
03:21:30,540 --> 03:21:32,580
on our Windows 10 machine so how can we
5075
03:21:32,580 --> 03:21:34,979
do that well open up your command prompt
5076
03:21:34,979 --> 03:21:38,160
once again I will clear the screen and
5077
03:21:38,160 --> 03:21:41,040
if you type ARP Dash a
5078
03:21:41,040 --> 03:21:43,500
you will see the ARP table on our
5079
03:21:43,500 --> 03:21:45,840
Windows 10 machine we can see that the
5080
03:21:45,840 --> 03:21:47,939
router's IP address is at this Mac
5081
03:21:47,939 --> 03:21:49,319
address right here
5082
03:21:49,319 --> 03:21:52,380
the Kali Linux IP address is at this Mac
5083
03:21:52,380 --> 03:21:54,660
address right here
5084
03:21:54,660 --> 03:21:56,279
you will notice once we send the
5085
03:21:56,279 --> 03:21:58,920
malicious packet that these two IP
5086
03:21:58,920 --> 03:22:01,080
addresses which is the router's IP
5087
03:22:01,080 --> 03:22:03,300
address and the Cal Linux IP address
5088
03:22:03,300 --> 03:22:06,779
will have the same Mac addresses that
5089
03:22:06,779 --> 03:22:08,700
means that we successfully spoofed the
5090
03:22:08,700 --> 03:22:11,760
Windows 10 machine into thinking
5091
03:22:11,760 --> 03:22:15,000
that we are the router and then it will
5092
03:22:15,000 --> 03:22:16,740
send all of its packets to our Mac
5093
03:22:16,740 --> 03:22:18,840
address instead of the router's MAC
5094
03:22:18,840 --> 03:22:19,620
address
5095
03:22:19,620 --> 03:22:21,899
so let's see if this will work
5096
03:22:21,899 --> 03:22:23,640
in order to send this packet we will
5097
03:22:23,640 --> 03:22:25,979
simply just use the send function we
5098
03:22:25,979 --> 03:22:28,979
will specify packet and then
5099
03:22:28,979 --> 03:22:31,680
verbose equals false since we don't need
5100
03:22:31,680 --> 03:22:34,439
to see anything we send the packet and
5101
03:22:34,439 --> 03:22:36,479
let's go to our Command Prompt and run
5102
03:22:36,479 --> 03:22:39,680
the same command once again
5103
03:22:39,720 --> 03:22:42,420
and here it is we successfully spoofed
5104
03:22:42,420 --> 03:22:44,700
the Windows 10 machine
5105
03:22:44,700 --> 03:22:47,240
now we got the
5106
03:22:47,240 --> 03:22:50,660
192.168.1.1 which is our router and
5107
03:22:50,660 --> 03:22:52,680
192.168.1.4 which is scale Linux machine
5108
03:22:52,680 --> 03:22:57,260
to have the same Mac address
5109
03:22:57,960 --> 03:23:00,420
how cool is that we successfully spoofed
5110
03:23:00,420 --> 03:23:01,979
the Windows 10 machine
5111
03:23:01,979 --> 03:23:03,960
and this is what's called the ARP
5112
03:23:03,960 --> 03:23:05,220
spoofing
5113
03:23:05,220 --> 03:23:07,800
now if you don't run this packet in a
5114
03:23:07,800 --> 03:23:10,200
while loop this will most likely get
5115
03:23:10,200 --> 03:23:12,479
reset after a few seconds or minutes so
5116
03:23:12,479 --> 03:23:15,000
let's see if we still have it yeah it
5117
03:23:15,000 --> 03:23:16,859
already got reset back as you can see
5118
03:23:16,859 --> 03:23:19,560
the router is already set back to its
5119
03:23:19,560 --> 03:23:22,140
own real Mac address but if we send this
5120
03:23:22,140 --> 03:23:23,520
once again
5121
03:23:23,520 --> 03:23:26,939
and type the ARP Dashay once again
5122
03:23:26,939 --> 03:23:30,239
we spoke the router one more time
5123
03:23:30,239 --> 03:23:32,220
Okay so
5124
03:23:32,220 --> 03:23:34,200
we're going to see in the next video how
5125
03:23:34,200 --> 03:23:36,479
we can do this in a while loop and how
5126
03:23:36,479 --> 03:23:38,040
we can create a program that will
5127
03:23:38,040 --> 03:23:40,140
automate this entire process
5128
03:23:40,140 --> 03:23:42,060
so thank you for watching and I will see
5129
03:23:42,060 --> 03:23:44,939
you in the next tutorial bye
5130
03:23:44,939 --> 03:23:47,700
welcome back we are ready for our final
5131
03:23:47,700 --> 03:23:50,520
project of this section let's create the
5132
03:23:50,520 --> 03:23:52,800
ARP spoofer which will automate the
5133
03:23:52,800 --> 03:23:55,020
entire process and run it in a while
5134
03:23:55,020 --> 03:23:56,580
loop
5135
03:23:56,580 --> 03:23:58,140
since we already did this in the
5136
03:23:58,140 --> 03:24:00,540
previous video in using KP in our
5137
03:24:00,540 --> 03:24:02,160
terminal we don't really need it right
5138
03:24:02,160 --> 03:24:03,300
here
5139
03:24:03,300 --> 03:24:07,399
we can simply just create a new file
5140
03:24:08,460 --> 03:24:12,899
which we can call ARP spoofer
5141
03:24:12,899 --> 03:24:14,399
Dot py
5142
03:24:14,399 --> 03:24:15,720
all right
5143
03:24:15,720 --> 03:24:17,580
we need the same library that we
5144
03:24:17,580 --> 03:24:20,939
imported before so import
5145
03:24:20,939 --> 03:24:23,100
so we're going to import scapi like this
5146
03:24:23,100 --> 03:24:26,040
import kp.org
5147
03:24:26,040 --> 03:24:28,500
escapee
5148
03:24:28,500 --> 03:24:32,819
we also want to import the sys Library
5149
03:24:32,819 --> 03:24:35,819
and we want to import the time Library
5150
03:24:35,819 --> 03:24:37,800
all right so these are the three
5151
03:24:37,800 --> 03:24:39,840
libraries that we are going to need as
5152
03:24:39,840 --> 03:24:42,060
you can see we have all three of them so
5153
03:24:42,060 --> 03:24:44,220
we need to install any additional
5154
03:24:44,220 --> 03:24:45,600
libraries
5155
03:24:45,600 --> 03:24:47,880
now the first thing that we want to
5156
03:24:47,880 --> 03:24:50,100
prompt to the user is for the target's
5157
03:24:50,100 --> 03:24:54,420
IP address and router's IP address
5158
03:24:54,420 --> 03:24:56,279
now before we actually even code
5159
03:24:56,279 --> 03:24:58,859
anything let's discuss what we want this
5160
03:24:58,859 --> 03:25:01,140
program to do in the previous video we
5161
03:25:01,140 --> 03:25:03,000
showed how we actually sent a malicious
5162
03:25:03,000 --> 03:25:05,279
packet to Windows 10 machine telling
5163
03:25:05,279 --> 03:25:08,160
them that we are the router now we need
5164
03:25:08,160 --> 03:25:10,800
to do that two times so we need to send
5165
03:25:10,800 --> 03:25:12,359
the malicious packet to Windows 10
5166
03:25:12,359 --> 03:25:14,939
machine telling the Windows 10 that we
5167
03:25:14,939 --> 03:25:16,920
are the router and we also need to send
5168
03:25:16,920 --> 03:25:18,479
the malicious packet to the router
5169
03:25:18,479 --> 03:25:20,399
telling the router that we are Windows
5170
03:25:20,399 --> 03:25:21,899
10 machine
5171
03:25:21,899 --> 03:25:24,300
and then we can forward the packets from
5172
03:25:24,300 --> 03:25:25,979
one machine to another
5173
03:25:25,979 --> 03:25:27,779
and vice versa
5174
03:25:27,779 --> 03:25:29,520
if you think about it it should be
5175
03:25:29,520 --> 03:25:31,979
rather easy so let's start with it we
5176
03:25:31,979 --> 03:25:33,660
first of all need to prompt the user of
5177
03:25:33,660 --> 03:25:36,420
this program to specify the target's IP
5178
03:25:36,420 --> 03:25:39,600
address and the router's IP address
5179
03:25:39,600 --> 03:25:41,340
all right so let's start with the target
5180
03:25:41,340 --> 03:25:42,899
IP
5181
03:25:42,899 --> 03:25:45,060
and since we imported assist Library we
5182
03:25:45,060 --> 03:25:47,040
can simply just specify that the target
5183
03:25:47,040 --> 03:25:52,279
IP will be equal to the sys dot arc V
5184
03:25:52,380 --> 03:25:55,140
which is number two and this basically
5185
03:25:55,140 --> 03:25:56,880
means that we are going to read the
5186
03:25:56,880 --> 03:25:59,819
targets IP and the router's IP from the
5187
03:25:59,819 --> 03:26:01,380
command line once the user of this
5188
03:26:01,380 --> 03:26:03,960
program runs it let me just give you a
5189
03:26:03,960 --> 03:26:06,660
quick look if so you can understand it
5190
03:26:06,660 --> 03:26:09,000
uh
5191
03:26:09,000 --> 03:26:11,340
for example this program will be ran
5192
03:26:11,340 --> 03:26:13,979
something like this so Python 3 ARP
5193
03:26:13,979 --> 03:26:15,060
spoofer
5194
03:26:15,060 --> 03:26:19,020
oops Dot py and then after it we would
5195
03:26:19,020 --> 03:26:20,660
specify
5196
03:26:20,660 --> 03:26:23,479
192.168.1.1 and
5197
03:26:23,479 --> 03:26:26,399
192.168.1.2 so the first argument will
5198
03:26:26,399 --> 03:26:27,660
be
5199
03:26:27,660 --> 03:26:30,120
the IP address of our router and the
5200
03:26:30,120 --> 03:26:31,739
second argument will be the IP address
5201
03:26:31,739 --> 03:26:34,560
from our Target machine and then we're
5202
03:26:34,560 --> 03:26:37,800
going to read the IP addresses from the
5203
03:26:37,800 --> 03:26:40,020
command line and store it into these
5204
03:26:40,020 --> 03:26:42,779
variables so the target IB will be the
5205
03:26:42,779 --> 03:26:44,939
second parameter or in this case the
5206
03:26:44,939 --> 03:26:47,220
third parameter since counting of
5207
03:26:47,220 --> 03:26:49,739
elements starts from 0 and the zero
5208
03:26:49,739 --> 03:26:52,380
element is the actual name of the
5209
03:26:52,380 --> 03:26:55,319
program all right and we are left with
5210
03:26:55,319 --> 03:27:00,000
the router IP to be equal to sys.org V
5211
03:27:00,000 --> 03:27:02,580
first element or the second element in
5212
03:27:02,580 --> 03:27:05,100
this case which will be the
5213
03:27:05,100 --> 03:27:07,859
IP address of the router all right so
5214
03:27:07,859 --> 03:27:09,779
we're going to read these two from the
5215
03:27:09,779 --> 03:27:10,920
command
5216
03:27:10,920 --> 03:27:14,040
then we're storing it right here and the
5217
03:27:14,040 --> 03:27:15,600
next thing that we want to do with these
5218
03:27:15,600 --> 03:27:17,700
two information since this is the only
5219
03:27:17,700 --> 03:27:19,739
thing that we are going to get from the
5220
03:27:19,739 --> 03:27:21,899
user of this program we want to get the
5221
03:27:21,899 --> 03:27:25,979
Mac addresses for these two Targets
5222
03:27:25,979 --> 03:27:28,319
so how can we do that well let's simply
5223
03:27:28,319 --> 03:27:32,460
specify another variable called Target
5224
03:27:32,460 --> 03:27:35,580
Mac and that variable will be equal to
5225
03:27:35,580 --> 03:27:38,819
get MAC address
5226
03:27:38,819 --> 03:27:42,920
from the targets IP
5227
03:27:43,800 --> 03:27:45,239
then you will see that this is red
5228
03:27:45,239 --> 03:27:47,100
underlined that means this function does
5229
03:27:47,100 --> 03:27:48,840
not exist therefore we are going to have
5230
03:27:48,840 --> 03:27:51,840
to code it and don't worry about it we
5231
03:27:51,840 --> 03:27:53,580
already kind of coded this function in
5232
03:27:53,580 --> 03:27:55,319
the previous video once we saw the
5233
03:27:55,319 --> 03:27:57,060
process of getting the MAC address of
5234
03:27:57,060 --> 03:27:59,220
our Windows 10 machine all we need to do
5235
03:27:59,220 --> 03:28:01,979
is the same the exact same thing just
5236
03:28:01,979 --> 03:28:03,660
now we need to do it with both Windows
5237
03:28:03,660 --> 03:28:05,700
10 machine and the router
5238
03:28:05,700 --> 03:28:08,220
so let's type it right here router Mac
5239
03:28:08,220 --> 03:28:09,779
equals
5240
03:28:09,779 --> 03:28:13,580
get MAC address
5241
03:28:14,819 --> 03:28:18,380
from the routers
5242
03:28:18,899 --> 03:28:20,460
IP
5243
03:28:20,460 --> 03:28:22,200
and we need to make sure that all of
5244
03:28:22,200 --> 03:28:24,060
these variables are strings as we are
5245
03:28:24,060 --> 03:28:25,500
going to use them so we're just going to
5246
03:28:25,500 --> 03:28:28,319
wrap them just in case inside of a
5247
03:28:28,319 --> 03:28:29,220
string
5248
03:28:29,220 --> 03:28:31,800
function
5249
03:28:31,800 --> 03:28:34,920
all right so string
5250
03:28:34,920 --> 03:28:36,660
we also want to make sure that the IP
5251
03:28:36,660 --> 03:28:39,620
addresses are strings
5252
03:28:39,859 --> 03:28:43,859
just in case let's wrap this so we have
5253
03:28:43,859 --> 03:28:46,020
everything set to go
5254
03:28:46,020 --> 03:28:48,180
now what we need to do is we need to
5255
03:28:48,180 --> 03:28:51,380
code the get MAC address function
5256
03:28:51,380 --> 03:28:54,960
so let's code it right here
5257
03:28:54,960 --> 03:28:57,600
let's define it first so Define get MAC
5258
03:28:57,600 --> 03:28:59,700
address
5259
03:28:59,700 --> 03:29:02,279
let's lower this in for just a second so
5260
03:29:02,279 --> 03:29:04,620
we can see the program better and since
5261
03:29:04,620 --> 03:29:06,600
we already noticed right here this
5262
03:29:06,600 --> 03:29:08,880
function will take a parameter the IP
5263
03:29:08,880 --> 03:29:10,979
address
5264
03:29:10,979 --> 03:29:12,840
whether it is the IP address of the
5265
03:29:12,840 --> 03:29:14,540
Target or the router it doesn't matter
5266
03:29:14,540 --> 03:29:18,540
the function will perform the same so if
5267
03:29:18,540 --> 03:29:20,220
we remember from the previous video what
5268
03:29:20,220 --> 03:29:23,100
we first did is we created the broadcast
5269
03:29:23,100 --> 03:29:25,760
layer
5270
03:29:26,520 --> 03:29:31,279
that will be equal to KP dot ather
5271
03:29:31,859 --> 03:29:33,600
with the destination
5272
03:29:33,600 --> 03:29:37,160
to the broadcast Mac address
5273
03:29:37,680 --> 03:29:40,140
alright so this is the first layer and
5274
03:29:40,140 --> 03:29:42,300
the second layer you already know is the
5275
03:29:42,300 --> 03:29:43,739
ARP layer
5276
03:29:43,739 --> 03:29:47,399
this will be equal to kp.arp
5277
03:29:47,399 --> 03:29:50,279
and the P destination has to be set to
5278
03:29:50,279 --> 03:29:53,220
the IP address of this actual function
5279
03:29:53,220 --> 03:29:55,800
so in this case it will be the targets
5280
03:29:55,800 --> 03:29:59,760
IP and in this case the router's IP
5281
03:29:59,760 --> 03:30:02,279
basically once again we are sending the
5282
03:30:02,279 --> 03:30:04,200
broadcast Mac address so we're sending
5283
03:30:04,200 --> 03:30:06,779
to the entire network asking what is the
5284
03:30:06,779 --> 03:30:09,120
MAC address of this IP address right
5285
03:30:09,120 --> 03:30:09,960
here
5286
03:30:09,960 --> 03:30:11,340
all right
5287
03:30:11,340 --> 03:30:13,680
we already know that the other fields of
5288
03:30:13,680 --> 03:30:15,120
the r packet will get filled
5289
03:30:15,120 --> 03:30:16,620
automatically so we don't need to
5290
03:30:16,620 --> 03:30:18,960
specify them by default if you remember
5291
03:30:18,960 --> 03:30:21,479
the op parameter of this art packet will
5292
03:30:21,479 --> 03:30:23,520
be set to 1 which means it is by default
5293
03:30:23,520 --> 03:30:25,260
a request so we don't have to set that
5294
03:30:25,260 --> 03:30:26,279
as well
5295
03:30:26,279 --> 03:30:29,160
and right now let's create a packet a
5296
03:30:29,160 --> 03:30:34,560
final packet which we can call get Mac
5297
03:30:34,560 --> 03:30:36,239
packet
5298
03:30:36,239 --> 03:30:37,800
just so we can understand everything
5299
03:30:37,800 --> 03:30:40,439
better once we read the program code
5300
03:30:40,439 --> 03:30:42,600
and this get Mac packet will be the
5301
03:30:42,600 --> 03:30:46,979
broadcast layer slash ARP layer
5302
03:30:46,979 --> 03:30:48,359
all right
5303
03:30:48,359 --> 03:30:50,340
all we will have to do is send this
5304
03:30:50,340 --> 03:30:53,700
packet and retrieve the MAC address
5305
03:30:53,700 --> 03:30:55,920
if you remember we will store this
5306
03:30:55,920 --> 03:30:58,560
inside of our answer variable and then
5307
03:30:58,560 --> 03:31:00,840
we will perform the SRP function which
5308
03:31:00,840 --> 03:31:03,600
sends and retrieves the response
5309
03:31:03,600 --> 03:31:06,000
we will perform that on the get Mac
5310
03:31:06,000 --> 03:31:08,540
packet
5311
03:31:09,060 --> 03:31:12,600
with the timeout of two seconds
5312
03:31:12,600 --> 03:31:14,520
we want to set different post to be
5313
03:31:14,520 --> 03:31:16,319
equal to false
5314
03:31:16,319 --> 03:31:19,140
and we want to grab the first element of
5315
03:31:19,140 --> 03:31:21,060
this list which is going to be the list
5316
03:31:21,060 --> 03:31:22,920
with answers
5317
03:31:22,920 --> 03:31:25,560
all right and then from that list with
5318
03:31:25,560 --> 03:31:28,020
answers we want to return the MAC
5319
03:31:28,020 --> 03:31:31,439
address of the specified Target so we
5320
03:31:31,439 --> 03:31:33,899
are returning the answer this answer
5321
03:31:33,899 --> 03:31:36,660
variable will also have a bunch of lists
5322
03:31:36,660 --> 03:31:38,580
so we need to set right here that we
5323
03:31:38,580 --> 03:31:40,979
want the first list
5324
03:31:40,979 --> 03:31:43,319
then from the first list we want the
5325
03:31:43,319 --> 03:31:45,899
response which is going to have the MAC
5326
03:31:45,899 --> 03:31:48,120
address of the Target and therefore we
5327
03:31:48,120 --> 03:31:51,960
want to get it with HW SRC so we are
5328
03:31:51,960 --> 03:31:53,760
returning the MAC address of the target
5329
03:31:53,760 --> 03:31:55,319
machine
5330
03:31:55,319 --> 03:31:57,239
alright so before we continue anything
5331
03:31:57,239 --> 03:32:01,340
let's see whether this works
5332
03:32:01,439 --> 03:32:05,540
at the end we're going to print
5333
03:32:05,580 --> 03:32:09,000
the router Mac
5334
03:32:09,000 --> 03:32:11,899
and we want to print
5335
03:32:11,899 --> 03:32:14,819
the target Mac
5336
03:32:14,819 --> 03:32:17,580
so let's run the program we already know
5337
03:32:17,580 --> 03:32:20,220
that we have to run it like this so keep
5338
03:32:20,220 --> 03:32:22,080
in mind that you do not reverse these
5339
03:32:22,080 --> 03:32:23,760
two IP addresses the first IP address
5340
03:32:23,760 --> 03:32:26,340
that should go is the router's IP which
5341
03:32:26,340 --> 03:32:28,859
we can see right here since this is the
5342
03:32:28,859 --> 03:32:31,439
element 2 and this is the element 3 and
5343
03:32:31,439 --> 03:32:34,200
the second argument is the target's IP
5344
03:32:34,200 --> 03:32:36,239
so if I run this
5345
03:32:36,239 --> 03:32:38,819
we get both of the Mac addresses printed
5346
03:32:38,819 --> 03:32:41,819
out at the screen so we successfully get
5347
03:32:41,819 --> 03:32:44,160
the Mac addresses to our router and
5348
03:32:44,160 --> 03:32:45,479
Target machine
5349
03:32:45,479 --> 03:32:46,920
good
5350
03:32:46,920 --> 03:32:49,439
in the next video we can code this poof
5351
03:32:49,439 --> 03:32:51,540
part which is going to actually send the
5352
03:32:51,540 --> 03:32:54,479
malicious packet and create our spoofing
5353
03:32:54,479 --> 03:32:56,700
between these two Targets so thank you
5354
03:32:56,700 --> 03:32:58,500
for watching this lecture and I will see
5355
03:32:58,500 --> 03:33:01,680
you in the next video bye
5356
03:33:01,680 --> 03:33:04,200
welcome back so for now on half of the
5357
03:33:04,200 --> 03:33:06,479
program is done good we managed to get
5358
03:33:06,479 --> 03:33:08,640
Mac addresses from our Target and our
5359
03:33:08,640 --> 03:33:11,220
router now it's time to actually perform
5360
03:33:11,220 --> 03:33:13,439
the hacking stuff and spoke these two
5361
03:33:13,439 --> 03:33:14,640
Targets
5362
03:33:14,640 --> 03:33:17,460
alright so let's do it now that we got
5363
03:33:17,460 --> 03:33:19,260
the Mac addresses let's see what's next
5364
03:33:19,260 --> 03:33:21,420
step first of all I'm going to delete
5365
03:33:21,420 --> 03:33:23,580
these two print statements as we don't
5366
03:33:23,580 --> 03:33:25,080
really need them
5367
03:33:25,080 --> 03:33:26,760
at the moment
5368
03:33:26,760 --> 03:33:29,660
lower this
5369
03:33:29,939 --> 03:33:32,760
and now if you remember we need to enter
5370
03:33:32,760 --> 03:33:34,979
a while loop in order for our spoofing
5371
03:33:34,979 --> 03:33:37,620
to last longer
5372
03:33:37,620 --> 03:33:39,479
so what we are going to do is I'm going
5373
03:33:39,479 --> 03:33:41,880
to type the try and accept statement
5374
03:33:41,880 --> 03:33:43,380
right here
5375
03:33:43,380 --> 03:33:45,660
and in this try statement we'll simply
5376
03:33:45,660 --> 03:33:48,000
just try to spoof the targets so while
5377
03:33:48,000 --> 03:33:50,300
true
5378
03:33:50,460 --> 03:33:53,819
we want to spoof
5379
03:33:53,819 --> 03:33:55,680
and we will see in just a second what
5380
03:33:55,680 --> 03:33:58,800
parameters will this pull function take
5381
03:33:58,800 --> 03:34:01,739
and in the accept statement we want to
5382
03:34:01,739 --> 03:34:02,939
accept
5383
03:34:02,939 --> 03:34:05,520
keyboard Interruption and the re the
5384
03:34:05,520 --> 03:34:07,080
reason why we're specifying the keyboard
5385
03:34:07,080 --> 03:34:09,120
interrupt is because if you take a
5386
03:34:09,120 --> 03:34:10,859
closer look this is a while true Loop
5387
03:34:10,859 --> 03:34:13,140
and while true Loop are infinite Loops
5388
03:34:13,140 --> 03:34:15,300
that means this false proof for the
5389
03:34:15,300 --> 03:34:17,460
infinite amount of time therefore we
5390
03:34:17,460 --> 03:34:19,500
want to make sure that at any time that
5391
03:34:19,500 --> 03:34:21,420
we want to stop the program we'll simply
5392
03:34:21,420 --> 03:34:23,100
just keyboard interrupt and it will
5393
03:34:23,100 --> 03:34:25,319
close the spoofing
5394
03:34:25,319 --> 03:34:28,880
so I will print right here
5395
03:34:29,160 --> 03:34:33,000
closing arp's buffer
5396
03:34:33,000 --> 03:34:35,640
and then we can simply exit the program
5397
03:34:35,640 --> 03:34:37,020
all right
5398
03:34:37,020 --> 03:34:39,300
so now let's get back to this both
5399
03:34:39,300 --> 03:34:41,580
function it is read underlined of course
5400
03:34:41,580 --> 03:34:43,680
because it doesn't exist therefore we
5401
03:34:43,680 --> 03:34:45,660
will have to code it but before we do
5402
03:34:45,660 --> 03:34:47,340
that let's take a look at what
5403
03:34:47,340 --> 03:34:50,040
parameters this function should take
5404
03:34:50,040 --> 03:34:51,479
well
5405
03:34:51,479 --> 03:34:53,880
it actually has to take all of these
5406
03:34:53,880 --> 03:34:56,399
four parameters right here since we want
5407
03:34:56,399 --> 03:34:58,620
to spoof both to the targets and for
5408
03:34:58,620 --> 03:35:00,600
each of the target we need its own Mac
5409
03:35:00,600 --> 03:35:03,239
address and its own IP address therefore
5410
03:35:03,239 --> 03:35:05,220
we need to send all of these four
5411
03:35:05,220 --> 03:35:08,640
variables into this spool function
5412
03:35:08,640 --> 03:35:11,640
let's keep a track of in which order we
5413
03:35:11,640 --> 03:35:13,080
are sending them so we're first of all
5414
03:35:13,080 --> 03:35:15,739
going to send
5415
03:35:15,779 --> 03:35:18,960
router IP
5416
03:35:18,960 --> 03:35:22,319
then we will send Target IP
5417
03:35:22,319 --> 03:35:25,080
then we'll send router Mac and the last
5418
03:35:25,080 --> 03:35:28,800
thing we need to send is the target Mac
5419
03:35:28,800 --> 03:35:31,500
so we are sending these four variables
5420
03:35:31,500 --> 03:35:34,620
and right here we will code the function
5421
03:35:34,620 --> 03:35:36,600
itself
5422
03:35:36,600 --> 03:35:38,760
and keep in mind that we need to specify
5423
03:35:38,760 --> 03:35:41,520
the exact same order of these variables
5424
03:35:41,520 --> 03:35:43,800
so we don't get error when running the
5425
03:35:43,800 --> 03:35:45,000
program
5426
03:35:45,000 --> 03:35:47,640
the next one is Target IP
5427
03:35:47,640 --> 03:35:50,040
after it comes the router Mac
5428
03:35:50,040 --> 03:35:54,000
and lastly the target Mac here it is now
5429
03:35:54,000 --> 03:35:55,739
let's see what we need to code right
5430
03:35:55,739 --> 03:35:56,939
here
5431
03:35:56,939 --> 03:35:59,340
in the first video of this section once
5432
03:35:59,340 --> 03:36:01,859
we created the first malicious packet we
5433
03:36:01,859 --> 03:36:04,560
created it using an OP equals tool which
5434
03:36:04,560 --> 03:36:06,479
is a response which is good it should be
5435
03:36:06,479 --> 03:36:08,399
like that and we're going to do the same
5436
03:36:08,399 --> 03:36:11,040
thing right here just right now instead
5437
03:36:11,040 --> 03:36:12,960
of one packet we're going to create two
5438
03:36:12,960 --> 03:36:15,120
packets one will be sent to the router
5439
03:36:15,120 --> 03:36:16,739
and the other one will be sent to the
5440
03:36:16,739 --> 03:36:19,200
Windows 10 machine spoofing them both at
5441
03:36:19,200 --> 03:36:20,340
the same time
5442
03:36:20,340 --> 03:36:22,260
so let's create a variable which will be
5443
03:36:22,260 --> 03:36:24,120
called packet one
5444
03:36:24,120 --> 03:36:27,300
the packet one will be a packet that we
5445
03:36:27,300 --> 03:36:30,239
will determine to go to the router
5446
03:36:30,239 --> 03:36:32,279
so how can we do that we'll we'll simply
5447
03:36:32,279 --> 03:36:35,399
create escape.arp packet as usual
5448
03:36:35,399 --> 03:36:38,040
we send the op to be equal to 2 since
5449
03:36:38,040 --> 03:36:41,160
this is a response and in order to to
5450
03:36:41,160 --> 03:36:43,439
navigate this packet to router we simply
5451
03:36:43,439 --> 03:36:45,300
send the hardware destination to be
5452
03:36:45,300 --> 03:36:47,640
equal to router Mac
5453
03:36:47,640 --> 03:36:49,500
we also need to send the P destination
5454
03:36:49,500 --> 03:36:53,420
to be equal to router IP
5455
03:36:53,580 --> 03:36:56,160
right here and another thing that we
5456
03:36:56,160 --> 03:36:58,680
need is going to be the P source
5457
03:36:58,680 --> 03:37:01,800
now before I actually type this B Source
5458
03:37:01,800 --> 03:37:03,899
I will create packet2
5459
03:37:03,899 --> 03:37:05,939
which is going to be navigated to the
5460
03:37:05,939 --> 03:37:07,260
Windows 10 machine
5461
03:37:07,260 --> 03:37:09,660
or to your own Target machine which is
5462
03:37:09,660 --> 03:37:12,239
not router
5463
03:37:12,239 --> 03:37:15,979
op has to be equal to two
5464
03:37:16,739 --> 03:37:19,200
Hardware destination has to be equal to
5465
03:37:19,200 --> 03:37:20,819
Target Mac
5466
03:37:20,819 --> 03:37:22,920
NDP destination has to be equal to
5467
03:37:22,920 --> 03:37:24,540
Target IP
5468
03:37:24,540 --> 03:37:26,939
and P Source once again we're going to
5469
03:37:26,939 --> 03:37:29,160
leave empty right here
5470
03:37:29,160 --> 03:37:30,840
and the reason why we are leaving it
5471
03:37:30,840 --> 03:37:32,760
empty what do you think what should be
5472
03:37:32,760 --> 03:37:36,120
the P Source or the packet source
5473
03:37:36,120 --> 03:37:38,819
in the first packet
5474
03:37:38,819 --> 03:37:40,979
keep in mind that the P source is the IP
5475
03:37:40,979 --> 03:37:42,960
address of the machine that is sending
5476
03:37:42,960 --> 03:37:45,239
this packet so in our case that will be
5477
03:37:45,239 --> 03:37:47,279
the IP address of the cataly Linux
5478
03:37:47,279 --> 03:37:48,420
machine
5479
03:37:48,420 --> 03:37:50,279
but we're not going to specify the IP
5480
03:37:50,279 --> 03:37:51,840
address of the Cal Linux machine because
5481
03:37:51,840 --> 03:37:54,120
then it would just be a regular packet
5482
03:37:54,120 --> 03:37:55,620
we want to create a malicious packet
5483
03:37:55,620 --> 03:37:56,880
that will be able to spoof the
5484
03:37:56,880 --> 03:37:57,899
connection
5485
03:37:57,899 --> 03:38:00,359
so what we need to specify right here is
5486
03:38:00,359 --> 03:38:02,460
the target's IP
5487
03:38:02,460 --> 03:38:04,439
we want to send this packet to the
5488
03:38:04,439 --> 03:38:07,319
router and make it seem as it came from
5489
03:38:07,319 --> 03:38:08,939
the Windows 10 machine
5490
03:38:08,939 --> 03:38:10,920
the same thing goes with the packet 2.
5491
03:38:10,920 --> 03:38:12,540
we want to send this packet to the
5492
03:38:12,540 --> 03:38:15,300
Windows 10 machine and make it seem like
5493
03:38:15,300 --> 03:38:17,700
it came from the router therefore in the
5494
03:38:17,700 --> 03:38:20,700
packet 2 we are specifying router IP
5495
03:38:20,700 --> 03:38:24,239
simple as that
5496
03:38:24,239 --> 03:38:26,939
all we are left to do right now is send
5497
03:38:26,939 --> 03:38:28,979
these two packets
5498
03:38:28,979 --> 03:38:31,739
so how can we do that well using the
5499
03:38:31,739 --> 03:38:35,420
send function so kp.send
5500
03:38:35,880 --> 03:38:38,580
we will first send back F1
5501
03:38:38,580 --> 03:38:41,580
and then scapit.send
5502
03:38:41,580 --> 03:38:43,560
packet two
5503
03:38:43,560 --> 03:38:46,260
all right simple as that and our program
5504
03:38:46,260 --> 03:38:49,859
is almost done all we are left to add is
5505
03:38:49,859 --> 03:38:52,439
right here under the while true Loop
5506
03:38:52,439 --> 03:38:54,600
below this pull function we want to add
5507
03:38:54,600 --> 03:38:57,600
a small timeout so it doesn't spoof too
5508
03:38:57,600 --> 03:39:00,420
fast we want to add time.sleep
5509
03:39:00,420 --> 03:39:03,600
let's sleep for 2 seconds between each
5510
03:39:03,600 --> 03:39:06,120
and every packet that we send so we will
5511
03:39:06,120 --> 03:39:07,920
send the ARP response the malicious art
5512
03:39:07,920 --> 03:39:10,380
response every two seconds and we will
5513
03:39:10,380 --> 03:39:12,840
keep the ARP tables updated with the
5514
03:39:12,840 --> 03:39:15,359
incorrect Mac addresses to the router
5515
03:39:15,359 --> 03:39:17,399
and Windows 10 machine
5516
03:39:17,399 --> 03:39:20,399
so our program should be finished now
5517
03:39:20,399 --> 03:39:24,120
Let's test it and see how it works if I
5518
03:39:24,120 --> 03:39:26,580
open up my terminal right here
5519
03:39:26,580 --> 03:39:29,460
clear the screen and type python Arps
5520
03:39:29,460 --> 03:39:33,200
and then I specify
5521
03:39:33,200 --> 03:39:36,000
192.168.1.1 so first goes the router's
5522
03:39:36,000 --> 03:39:39,420
IP address and then 182.168.1
5523
03:39:39,420 --> 03:39:42,300
.2 this is the Windows 10 IP address
5524
03:39:42,300 --> 03:39:44,880
before we run it let's check once again
5525
03:39:44,880 --> 03:39:49,380
the arc tables of this target machine
5526
03:39:49,380 --> 03:39:52,859
let's also open a browser so we can see
5527
03:39:52,859 --> 03:39:55,260
that we can connect to the internet
5528
03:39:55,260 --> 03:39:57,660
okay so here is the browser and every
5529
03:39:57,660 --> 03:39:59,580
time we actually open this browser our
5530
03:39:59,580 --> 03:40:01,560
connection goes through the router
5531
03:40:01,560 --> 03:40:03,720
through this Mac address and then it
5532
03:40:03,720 --> 03:40:06,239
retrieves this page back to us and right
5533
03:40:06,239 --> 03:40:08,520
now we're going to try to make this
5534
03:40:08,520 --> 03:40:10,920
browser open the page while going
5535
03:40:10,920 --> 03:40:13,319
through our Linux machine
5536
03:40:13,319 --> 03:40:16,819
so let's run the program
5537
03:40:18,060 --> 03:40:20,760
it will print right here send one packet
5538
03:40:20,760 --> 03:40:22,500
these are the packets that are being
5539
03:40:22,500 --> 03:40:25,080
sent each and every two seconds as we
5540
03:40:25,080 --> 03:40:27,540
specified right here now let's check the
5541
03:40:27,540 --> 03:40:31,020
arc tables on our Windows 10 machine
5542
03:40:31,020 --> 03:40:33,180
and we can see we successfully spoofed
5543
03:40:33,180 --> 03:40:35,819
the MAC address of the router now the
5544
03:40:35,819 --> 03:40:37,620
Windows 10 machine thinks that the
5545
03:40:37,620 --> 03:40:40,260
router is our Linux machine and sends
5546
03:40:40,260 --> 03:40:42,300
all the packets to us
5547
03:40:42,300 --> 03:40:44,760
same goes with the router the router is
5548
03:40:44,760 --> 03:40:46,920
also spoofed and sends all the packets
5549
03:40:46,920 --> 03:40:48,479
that should go to the Windows 10 machine
5550
03:40:48,479 --> 03:40:51,000
to our Cal Linux machine
5551
03:40:51,000 --> 03:40:53,520
now if we try to go
5552
03:40:53,520 --> 03:40:55,620
and open
5553
03:40:55,620 --> 03:40:57,720
some page
5554
03:40:57,720 --> 03:41:00,359
I clicked on a random website you will
5555
03:41:00,359 --> 03:41:04,260
notice that it will load pretty long
5556
03:41:04,260 --> 03:41:06,960
matter of fact in just a few seconds it
5557
03:41:06,960 --> 03:41:08,819
will say that the actual connection
5558
03:41:08,819 --> 03:41:11,100
cannot be established and it will not
5559
03:41:11,100 --> 03:41:12,779
open this page
5560
03:41:12,779 --> 03:41:15,359
now why is that well let me click X
5561
03:41:15,359 --> 03:41:16,620
right here
5562
03:41:16,620 --> 03:41:19,620
if we close this program right here
5563
03:41:19,620 --> 03:41:22,200
there is one thing that we forgot to do
5564
03:41:22,200 --> 03:41:24,359
we successfully spoofed both of the
5565
03:41:24,359 --> 03:41:27,060
targets but now we perform more of
5566
03:41:27,060 --> 03:41:29,580
something like a Dos attack on both of
5567
03:41:29,580 --> 03:41:31,200
these targets as they cannot connect to
5568
03:41:31,200 --> 03:41:32,640
the internet anymore
5569
03:41:32,640 --> 03:41:34,739
that is because we are not forwarding
5570
03:41:34,739 --> 03:41:38,040
packets from one target to another
5571
03:41:38,040 --> 03:41:39,899
in order to be able to forward the
5572
03:41:39,899 --> 03:41:41,520
packets we need to run the command
5573
03:41:41,520 --> 03:41:43,500
inside of our terminal
5574
03:41:43,500 --> 03:41:46,500
which is Echo 1
5575
03:41:46,500 --> 03:41:49,200
and then these two arrows to write at
5576
03:41:49,200 --> 03:41:51,779
this location so slash proc slash sys
5577
03:41:51,779 --> 03:41:54,600
slash net
5578
03:41:54,600 --> 03:41:59,880
slash ipv4 and slash IP forward
5579
03:41:59,880 --> 03:42:01,739
press here enter
5580
03:42:01,739 --> 03:42:05,720
and if I run the program once again
5581
03:42:07,680 --> 03:42:11,040
and try to load the website
5582
03:42:11,040 --> 03:42:14,399
now it loads successfully
5583
03:42:14,399 --> 03:42:17,399
we can load every website that we want
5584
03:42:17,399 --> 03:42:19,140
if you want to we can also go to
5585
03:42:19,140 --> 03:42:21,800
facebook.com
5586
03:42:24,899 --> 03:42:26,939
it will load all the pages without any
5587
03:42:26,939 --> 03:42:28,859
problem and on the Windows 10 machine
5588
03:42:28,859 --> 03:42:31,140
you will not notice anything out of
5589
03:42:31,140 --> 03:42:33,300
order you will most likely never know
5590
03:42:33,300 --> 03:42:35,460
that you have been R spoofed and that
5591
03:42:35,460 --> 03:42:37,399
someone can read all of your information
5592
03:42:37,399 --> 03:42:39,420
the only way that you can actually
5593
03:42:39,420 --> 03:42:41,640
notice that if you simply just go to
5594
03:42:41,640 --> 03:42:43,500
your command prompt and type the command
5595
03:42:43,500 --> 03:42:45,540
arp-8
5596
03:42:45,540 --> 03:42:48,060
and you notice that two different IP
5597
03:42:48,060 --> 03:42:50,399
addresses have same Mac address this is
5598
03:42:50,399 --> 03:42:52,439
a good indication that at the moment you
5599
03:42:52,439 --> 03:42:55,319
are being arp spoofed all right so we
5600
03:42:55,319 --> 03:42:57,479
can see our arp's buffer works correctly
5601
03:42:57,479 --> 03:42:59,399
now all the packets are going through
5602
03:42:59,399 --> 03:43:01,319
our own machine and we can read them if
5603
03:43:01,319 --> 03:43:03,840
we want to but more about that in the
5604
03:43:03,840 --> 03:43:06,300
later sections when we code our own
5605
03:43:06,300 --> 03:43:08,399
password sniffer then we are going to
5606
03:43:08,399 --> 03:43:10,739
combine our arp's buffer right here with
5607
03:43:10,739 --> 03:43:12,899
the password sniffer and we're going to
5608
03:43:12,899 --> 03:43:15,600
see how these two tools will combine in
5609
03:43:15,600 --> 03:43:17,640
order for us to sniff the passwords that
5610
03:43:17,640 --> 03:43:20,100
some more types in their browser alright
5611
03:43:20,100 --> 03:43:21,479
so that would be about it for this
5612
03:43:21,479 --> 03:43:23,880
section in the next video of course we
5613
03:43:23,880 --> 03:43:26,040
are going to perform a small recap onto
5614
03:43:26,040 --> 03:43:28,319
this program and then we will proceed to
5615
03:43:28,319 --> 03:43:29,640
the next project
5616
03:43:29,640 --> 03:43:33,000
thank you for watching and take care bye
5617
03:43:33,000 --> 03:43:35,399
welcome back and before we finish off
5618
03:43:35,399 --> 03:43:37,859
with this section let us do a recap on
5619
03:43:37,859 --> 03:43:39,300
our ARP Stover
5620
03:43:39,300 --> 03:43:41,160
so we'll start off from the beginning of
5621
03:43:41,160 --> 03:43:42,180
the program
5622
03:43:42,180 --> 03:43:44,760
we first prompt the user from 40 Target
5623
03:43:44,760 --> 03:43:47,340
IP and the router IP which they provide
5624
03:43:47,340 --> 03:43:49,920
us with the command itself so the
5625
03:43:49,920 --> 03:43:52,680
command goes Python 3 arp's buffer then
5626
03:43:52,680 --> 03:43:54,540
the IP address of the router and then
5627
03:43:54,540 --> 03:43:57,120
the IP address of the target machine
5628
03:43:57,120 --> 03:43:59,100
then with these information that we
5629
03:43:59,100 --> 03:44:01,920
gather from the command itself we
5630
03:44:01,920 --> 03:44:03,899
proceed to perform our own function
5631
03:44:03,899 --> 03:44:06,420
which is get MAC address function using
5632
03:44:06,420 --> 03:44:08,819
these information to get the target Mac
5633
03:44:08,819 --> 03:44:11,460
address and the router Mac address so we
5634
03:44:11,460 --> 03:44:13,500
use this function right here which is
5635
03:44:13,500 --> 03:44:15,060
get MAC address
5636
03:44:15,060 --> 03:44:17,700
we craft our own packet that will
5637
03:44:17,700 --> 03:44:19,800
consist of the broadcast layer which
5638
03:44:19,800 --> 03:44:21,720
will be the ethernet layer containing
5639
03:44:21,720 --> 03:44:23,399
the broadcast Mac address as the
5640
03:44:23,399 --> 03:44:24,479
destination
5641
03:44:24,479 --> 03:44:26,520
the second layer will be the r player
5642
03:44:26,520 --> 03:44:28,920
which will contain the IP address of the
5643
03:44:28,920 --> 03:44:31,920
target machine as the destination IP
5644
03:44:31,920 --> 03:44:34,920
then we craft that packet by adding both
5645
03:44:34,920 --> 03:44:36,960
of these layers together and then we
5646
03:44:36,960 --> 03:44:39,420
send the packet from the response of the
5647
03:44:39,420 --> 03:44:42,359
packet We Gather the MAC address of that
5648
03:44:42,359 --> 03:44:43,560
machine
5649
03:44:43,560 --> 03:44:45,779
right after we do that for both the
5650
03:44:45,779 --> 03:44:47,580
target Mac and the router Mac address
5651
03:44:47,580 --> 03:44:50,220
then we proceed to go into the while
5652
03:44:50,220 --> 03:44:52,800
true Loop or the infinite Loop which
5653
03:44:52,800 --> 03:44:55,080
will perform the spool function every
5654
03:44:55,080 --> 03:44:57,479
two seconds
5655
03:44:57,479 --> 03:45:00,180
so at every two seconds this function
5656
03:45:00,180 --> 03:45:02,640
right here will get executed and what
5657
03:45:02,640 --> 03:45:04,739
this function does is it creates two
5658
03:45:04,739 --> 03:45:06,840
different malformed or malicious packets
5659
03:45:06,840 --> 03:45:09,840
which one of them the first one spoofs
5660
03:45:09,840 --> 03:45:12,359
the router while the second one spoofs
5661
03:45:12,359 --> 03:45:14,880
the target machine
5662
03:45:14,880 --> 03:45:16,920
then we send both of these packets and
5663
03:45:16,920 --> 03:45:19,140
we perform that action every two seconds
5664
03:45:19,140 --> 03:45:21,960
in case we want to close the program we
5665
03:45:21,960 --> 03:45:24,180
simply just keyboard interrupt it and it
5666
03:45:24,180 --> 03:45:27,000
will exit the program
5667
03:45:27,000 --> 03:45:28,680
so we tested it in the previous video
5668
03:45:28,680 --> 03:45:30,300
therefore there is no really need to
5669
03:45:30,300 --> 03:45:32,399
test it right now and that is the entire
5670
03:45:32,399 --> 03:45:35,399
Arps spoofer now keep in mind that you
5671
03:45:35,399 --> 03:45:37,140
should not delete this program as we are
5672
03:45:37,140 --> 03:45:39,779
going to use it throughout the course in
5673
03:45:39,779 --> 03:45:42,180
order to show you what is the real power
5674
03:45:42,180 --> 03:45:44,340
of this ARP spoofer once we get to the
5675
03:45:44,340 --> 03:45:46,800
password sniffers the password crackers
5676
03:45:46,800 --> 03:45:49,200
and so on and so on for now on let's
5677
03:45:49,200 --> 03:45:51,600
just be there and wait for us as a
5678
03:45:51,600 --> 03:45:53,520
project in the pie chart and then we're
5679
03:45:53,520 --> 03:45:55,920
going to get back to it as soon as we
5680
03:45:55,920 --> 03:45:58,200
need it again alright so that would be
5681
03:45:58,200 --> 03:46:00,060
about all for this section I hope you
5682
03:46:00,060 --> 03:46:02,340
enjoyed it and I will see you in the
5683
03:46:02,340 --> 03:46:05,520
next project bye
5684
03:46:05,520 --> 03:46:07,620
hello everyone and welcome to the
5685
03:46:07,620 --> 03:46:09,540
password sniffer project
5686
03:46:09,540 --> 03:46:12,060
since we finished our ARP spoofer the
5687
03:46:12,060 --> 03:46:13,920
best idea would be to continue with the
5688
03:46:13,920 --> 03:46:15,840
project that we can combine with our
5689
03:46:15,840 --> 03:46:18,300
Arps buffer in order to be able to do a
5690
03:46:18,300 --> 03:46:19,439
complete attack
5691
03:46:19,439 --> 03:46:21,600
we already know that our Arab spoofer
5692
03:46:21,600 --> 03:46:23,760
can create man in the middle that allows
5693
03:46:23,760 --> 03:46:25,260
us to save the packets from the target
5694
03:46:25,260 --> 03:46:28,020
machine that we specify and right now we
5695
03:46:28,020 --> 03:46:30,060
need a password sniffer that will be
5696
03:46:30,060 --> 03:46:32,640
able to extract usernames and passwords
5697
03:46:32,640 --> 03:46:35,520
from all the packets that flow by
5698
03:46:35,520 --> 03:46:37,739
therefore let's get this going hopefully
5699
03:46:37,739 --> 03:46:39,540
you're excited and let's create a new
5700
03:46:39,540 --> 03:46:40,620
project
5701
03:46:40,620 --> 03:46:44,100
go on file new project and password
5702
03:46:44,100 --> 03:46:45,720
sniffer
5703
03:46:45,720 --> 03:46:47,399
let's call it like that
5704
03:46:47,399 --> 03:46:49,080
we want to create it in a separate
5705
03:46:49,080 --> 03:46:51,380
window
5706
03:46:52,319 --> 03:46:54,180
creating the virtual environment as
5707
03:46:54,180 --> 03:46:56,520
usual and for this project we're going
5708
03:46:56,520 --> 03:46:58,140
to use some libraries that we haven't
5709
03:46:58,140 --> 03:47:00,000
encountered before
5710
03:47:00,000 --> 03:47:02,279
so let's import them straight away we're
5711
03:47:02,279 --> 03:47:05,460
going to create our file new python file
5712
03:47:05,460 --> 03:47:08,040
and let's call it pass
5713
03:47:08,040 --> 03:47:12,660
Dash sniffer dot py simple as that we
5714
03:47:12,660 --> 03:47:15,420
are going to need escapee Library
5715
03:47:15,420 --> 03:47:17,399
which we used before so nothing really
5716
03:47:17,399 --> 03:47:19,020
to explain right here
5717
03:47:19,020 --> 03:47:22,319
and we will also need the URL lib
5718
03:47:22,319 --> 03:47:24,500
Library
5719
03:47:28,739 --> 03:47:31,020
all right and the third library that
5720
03:47:31,020 --> 03:47:32,640
we're going to need is going to be the
5721
03:47:32,640 --> 03:47:36,300
re or the regex library and the regex
5722
03:47:36,300 --> 03:47:37,500
library is something that we are going
5723
03:47:37,500 --> 03:47:39,359
to need in order to extract the
5724
03:47:39,359 --> 03:47:41,640
usernames and passwords from the entire
5725
03:47:41,640 --> 03:47:43,500
packet alright
5726
03:47:43,500 --> 03:47:45,660
now our program will have two different
5727
03:47:45,660 --> 03:47:46,859
functions
5728
03:47:46,859 --> 03:47:48,960
one of the functions will parse the
5729
03:47:48,960 --> 03:47:51,180
packets that we Sniff and the second
5730
03:47:51,180 --> 03:47:53,279
function will try to extract the
5731
03:47:53,279 --> 03:47:56,640
username and password from those packets
5732
03:47:56,640 --> 03:47:58,439
but before we do any of that and before
5733
03:47:58,439 --> 03:48:00,840
we code those two functions we first of
5734
03:48:00,840 --> 03:48:02,700
all need to start sniffing for the
5735
03:48:02,700 --> 03:48:03,779
packets
5736
03:48:03,779 --> 03:48:05,880
now let's imagine that our arp's buffer
5737
03:48:05,880 --> 03:48:07,800
is running so what we would want to do
5738
03:48:07,800 --> 03:48:10,920
is we will want to try to sniff those
5739
03:48:10,920 --> 03:48:13,319
packets and this sniff function is
5740
03:48:13,319 --> 03:48:15,420
something that exists in KP so we don't
5741
03:48:15,420 --> 03:48:17,340
really need to code it we simply just
5742
03:48:17,340 --> 03:48:19,800
specify Sniff and it will gather all the
5743
03:48:19,800 --> 03:48:22,560
packets on the specified interface
5744
03:48:22,560 --> 03:48:25,560
sounds good right so since I said that
5745
03:48:25,560 --> 03:48:26,939
it will gather the packets on a
5746
03:48:26,939 --> 03:48:29,160
specified interface therefore we need to
5747
03:48:29,160 --> 03:48:31,140
specify the interface
5748
03:48:31,140 --> 03:48:33,960
we will select the iFace to be equal to
5749
03:48:33,960 --> 03:48:35,340
I face
5750
03:48:35,340 --> 03:48:38,220
and we can code up here I face to be
5751
03:48:38,220 --> 03:48:41,160
equal to your interface in my case that
5752
03:48:41,160 --> 03:48:42,779
is eth0
5753
03:48:42,779 --> 03:48:44,880
now in order to check out what is the
5754
03:48:44,880 --> 03:48:46,500
name of your interface you simply just
5755
03:48:46,500 --> 03:48:48,779
open up your terminal and you can type
5756
03:48:48,779 --> 03:48:50,880
ifconfig
5757
03:48:50,880 --> 03:48:55,279
the interface is the name right here
5758
03:48:55,620 --> 03:48:58,080
since I'm using ethernet cable on Kali
5759
03:48:58,080 --> 03:49:00,600
Linux and this is the actual interface
5760
03:49:00,600 --> 03:49:02,580
which I am using to connect to the
5761
03:49:02,580 --> 03:49:05,399
internet I will specify this name inside
5762
03:49:05,399 --> 03:49:06,660
of my program
5763
03:49:06,660 --> 03:49:09,060
if you are for example using a wireless
5764
03:49:09,060 --> 03:49:11,340
adapter you don't want to specify this
5765
03:49:11,340 --> 03:49:13,020
interface you want to specify the
5766
03:49:13,020 --> 03:49:15,060
wireless adapter which you are using to
5767
03:49:15,060 --> 03:49:16,620
connect to the internet
5768
03:49:16,620 --> 03:49:18,660
if you're simply just connecting over
5769
03:49:18,660 --> 03:49:20,939
the internet cable like me feel free to
5770
03:49:20,939 --> 03:49:23,640
specify the ethernet interface all right
5771
03:49:23,640 --> 03:49:25,979
simple as that let's close this
5772
03:49:25,979 --> 03:49:27,899
now that we got that out of the way
5773
03:49:27,899 --> 03:49:30,720
let's continue with our sniff function
5774
03:49:30,720 --> 03:49:33,180
the next parameter is going to be PRN
5775
03:49:33,180 --> 03:49:35,580
which simply means whatever we specify
5776
03:49:35,580 --> 03:49:37,920
after the equal sign
5777
03:49:37,920 --> 03:49:40,800
that function will be used in order to
5778
03:49:40,800 --> 03:49:43,260
parse the packets that we sniffed using
5779
03:49:43,260 --> 03:49:44,760
this sniff function
5780
03:49:44,760 --> 03:49:46,500
so we're going to create later on a
5781
03:49:46,500 --> 03:49:50,239
function called packet parser
5782
03:49:50,279 --> 03:49:52,140
and the third parameter and last
5783
03:49:52,140 --> 03:49:54,060
parameter is going to be stored to be
5784
03:49:54,060 --> 03:49:55,680
equal to zero so we don't want to store
5785
03:49:55,680 --> 03:49:57,779
anything we don't want to save it
5786
03:49:57,779 --> 03:50:00,000
anywhere we simply just want it to Flow
5787
03:50:00,000 --> 03:50:01,080
by
5788
03:50:01,080 --> 03:50:03,960
all right so as I mentioned before there
5789
03:50:03,960 --> 03:50:05,220
are two functions that we are going to
5790
03:50:05,220 --> 03:50:07,260
need the first one will be the packet
5791
03:50:07,260 --> 03:50:09,359
parser which we use to parse the packets
5792
03:50:09,359 --> 03:50:11,939
from our sniff function as we can see
5793
03:50:11,939 --> 03:50:13,200
right here
5794
03:50:13,200 --> 03:50:16,640
so packet parser
5795
03:50:16,680 --> 03:50:18,720
this packet parser will take one
5796
03:50:18,720 --> 03:50:20,220
parameter which will be the packet
5797
03:50:20,220 --> 03:50:22,800
itself or we can simply type it like
5798
03:50:22,800 --> 03:50:24,779
this packet
5799
03:50:24,779 --> 03:50:28,020
and the second function would be
5800
03:50:28,020 --> 03:50:33,840
Define get login pass
5801
03:50:34,260 --> 03:50:36,359
and this function will also take a
5802
03:50:36,359 --> 03:50:38,100
parameter which will be
5803
03:50:38,100 --> 03:50:40,140
Well for now on we're not we're going to
5804
03:50:40,140 --> 03:50:41,880
leave it without the parameter and we're
5805
03:50:41,880 --> 03:50:44,220
going to add it later on we created
5806
03:50:44,220 --> 03:50:46,260
these two functions all we're left to do
5807
03:50:46,260 --> 03:50:48,540
is run the code inside them
5808
03:50:48,540 --> 03:50:50,700
but let's not get ahead
5809
03:50:50,700 --> 03:50:52,500
we're just going to leave them for this
5810
03:50:52,500 --> 03:50:54,600
video and right here we're going to add
5811
03:50:54,600 --> 03:50:56,520
the accept statement
5812
03:50:56,520 --> 03:50:59,520
of course keyboard interrupt if we
5813
03:50:59,520 --> 03:51:01,380
interrupt the keyboard
5814
03:51:01,380 --> 03:51:05,520
then we can print for example exiting
5815
03:51:05,520 --> 03:51:09,060
and we can then sis or because you could
5816
03:51:09,060 --> 03:51:10,979
just exit the program since we don't
5817
03:51:10,979 --> 03:51:13,680
have the sys Library imported
5818
03:51:13,680 --> 03:51:16,200
and one more thing before we finish off
5819
03:51:16,200 --> 03:51:18,060
with this video is that we need to
5820
03:51:18,060 --> 03:51:20,040
install this KP Library
5821
03:51:20,040 --> 03:51:22,020
we know how to do that pip3 install
5822
03:51:22,020 --> 03:51:23,880
Skippy
5823
03:51:23,880 --> 03:51:26,220
and after this downloads we should be
5824
03:51:26,220 --> 03:51:28,500
good to go and we should be ready to
5825
03:51:28,500 --> 03:51:30,899
code these two functions in the next few
5826
03:51:30,899 --> 03:51:32,040
videos
5827
03:51:32,040 --> 03:51:33,660
so thank you for watching this
5828
03:51:33,660 --> 03:51:35,819
introductory video on password sniffer
5829
03:51:35,819 --> 03:51:37,979
and I will see you in the next lecture
5830
03:51:37,979 --> 03:51:40,200
bye
5831
03:51:40,200 --> 03:51:42,720
welcome back let's continue with our
5832
03:51:42,720 --> 03:51:44,100
password sniffer
5833
03:51:44,100 --> 03:51:46,200
so the first function out of these two
5834
03:51:46,200 --> 03:51:47,760
which we mentioned that we are going to
5835
03:51:47,760 --> 03:51:50,760
need is this one we want to first of all
5836
03:51:50,760 --> 03:51:54,000
parse the packets and filter them should
5837
03:51:54,000 --> 03:51:55,739
I say so we want to filter for the
5838
03:51:55,739 --> 03:51:57,960
specific packets that might contain the
5839
03:51:57,960 --> 03:51:59,939
username and password and then only
5840
03:51:59,939 --> 03:52:01,979
after this is done we're going to paste
5841
03:52:01,979 --> 03:52:04,620
the content of those packets into this
5842
03:52:04,620 --> 03:52:07,500
get login password function and in this
5843
03:52:07,500 --> 03:52:09,359
function we're going to extract the
5844
03:52:09,359 --> 03:52:12,420
username and password all right so let's
5845
03:52:12,420 --> 03:52:15,120
start off with packet parser
5846
03:52:15,120 --> 03:52:16,739
first thing that we need to specify
5847
03:52:16,739 --> 03:52:18,779
right here is we need to check for
5848
03:52:18,779 --> 03:52:22,140
whether this packet has the TCP layer
5849
03:52:22,140 --> 03:52:24,359
now we can simply just do that if we
5850
03:52:24,359 --> 03:52:26,460
specify if packet
5851
03:52:26,460 --> 03:52:29,700
dot has layer
5852
03:52:29,700 --> 03:52:32,819
and this is a function that exists in KP
5853
03:52:32,819 --> 03:52:35,160
we simply specify in the brackets which
5854
03:52:35,160 --> 03:52:37,080
layer we want to look for in our case
5855
03:52:37,080 --> 03:52:40,680
TCP all right so if packet has this
5856
03:52:40,680 --> 03:52:41,640
layer
5857
03:52:41,640 --> 03:52:43,439
then we're going to filter It Forward
5858
03:52:43,439 --> 03:52:45,540
there is another layer that you should
5859
03:52:45,540 --> 03:52:47,460
have and that is
5860
03:52:47,460 --> 03:52:50,100
packet dot has layer
5861
03:52:50,100 --> 03:52:51,540
Raw
5862
03:52:51,540 --> 03:52:54,899
and this raw layer is just a sub layer
5863
03:52:54,899 --> 03:52:58,500
of the TCP layer so if there is a raw
5864
03:52:58,500 --> 03:53:01,080
layer there is for sure going to be a
5865
03:53:01,080 --> 03:53:02,939
TCP layer
5866
03:53:02,939 --> 03:53:04,979
well in most cases
5867
03:53:04,979 --> 03:53:06,479
now another thing that we want to
5868
03:53:06,479 --> 03:53:10,080
specify right here is if it also has
5869
03:53:10,080 --> 03:53:13,340
the IP layer
5870
03:53:14,399 --> 03:53:16,200
now if these three statements are
5871
03:53:16,200 --> 03:53:18,359
satisfied then that is the packet that
5872
03:53:18,359 --> 03:53:20,399
we are looking for so we're going to
5873
03:53:20,399 --> 03:53:22,920
type right here two dots
5874
03:53:22,920 --> 03:53:25,380
and you might notice that right here
5875
03:53:25,380 --> 03:53:28,620
these names are red underlined well some
5876
03:53:28,620 --> 03:53:31,500
of them uh don't worry about that we're
5877
03:53:31,500 --> 03:53:33,720
going to worry about that later on it
5878
03:53:33,720 --> 03:53:35,580
will most likely even work without us
5879
03:53:35,580 --> 03:53:37,319
having to fix anything right here and
5880
03:53:37,319 --> 03:53:38,939
that is just some problem with the pie
5881
03:53:38,939 --> 03:53:40,920
charm itself so no need to worry about
5882
03:53:40,920 --> 03:53:42,600
that at the moment if there is anything
5883
03:53:42,600 --> 03:53:44,340
that we need to fix later on we are
5884
03:53:44,340 --> 03:53:46,739
going to fix it all right so now that we
5885
03:53:46,739 --> 03:53:48,960
got this statement right here
5886
03:53:48,960 --> 03:53:51,479
if that statement is fulfilled what we
5887
03:53:51,479 --> 03:53:53,580
want to do is we want to extract the
5888
03:53:53,580 --> 03:53:55,500
body of the packet
5889
03:53:55,500 --> 03:53:57,660
since in the body of the packet there is
5890
03:53:57,660 --> 03:53:59,700
going to be all the information that we
5891
03:53:59,700 --> 03:54:01,979
are looking for such as usernames and
5892
03:54:01,979 --> 03:54:04,500
passwords how can we do that well we can
5893
03:54:04,500 --> 03:54:06,359
simply just specify a variable which
5894
03:54:06,359 --> 03:54:08,640
will be called body and that variable
5895
03:54:08,640 --> 03:54:11,520
will be equal to the string
5896
03:54:11,520 --> 03:54:15,180
of the packet TCP part so we select it
5897
03:54:15,180 --> 03:54:17,160
like this in the square brackets and
5898
03:54:17,160 --> 03:54:19,620
then we want to select dot payload
5899
03:54:19,620 --> 03:54:22,260
all right so we're selecting the packet
5900
03:54:22,260 --> 03:54:25,199
taking the TCP part and inside of the
5901
03:54:25,199 --> 03:54:28,020
payload of the TCP layer there is going
5902
03:54:28,020 --> 03:54:30,779
to be a username and password in case
5903
03:54:30,779 --> 03:54:32,939
the target tried to log into some page
5904
03:54:32,939 --> 03:54:35,460
now what we want to do is we want to
5905
03:54:35,460 --> 03:54:38,100
send this body to our second function
5906
03:54:38,100 --> 03:54:40,620
which is going to be get login pass
5907
03:54:40,620 --> 03:54:44,040
so let's call the function get login
5908
03:54:44,040 --> 03:54:45,779
underscore pass
5909
03:54:45,779 --> 03:54:48,420
and we will pass the body straight to
5910
03:54:48,420 --> 03:54:49,739
that function
5911
03:54:49,739 --> 03:54:52,140
so let's go over this once again
5912
03:54:52,140 --> 03:54:55,020
we sniff on our interface which is eth0
5913
03:54:55,020 --> 03:54:57,660
then we check for each and every packet
5914
03:54:57,660 --> 03:55:00,779
if it has layer TCP if it has layer raw
5915
03:55:00,779 --> 03:55:03,840
and if it has layer IP if all of these
5916
03:55:03,840 --> 03:55:05,819
three conditions are met then we select
5917
03:55:05,819 --> 03:55:07,680
the body variable to be equal to the
5918
03:55:07,680 --> 03:55:10,020
payload of the TCP layer
5919
03:55:10,020 --> 03:55:13,260
once we select that we send this body to
5920
03:55:13,260 --> 03:55:15,300
our second function which is get login
5921
03:55:15,300 --> 03:55:16,739
pass
5922
03:55:16,739 --> 03:55:19,620
now inside of this function what we need
5923
03:55:19,620 --> 03:55:21,540
to do is we first of all need to need to
5924
03:55:21,540 --> 03:55:23,399
select two different variables first one
5925
03:55:23,399 --> 03:55:26,880
is going to be user to be equal to none
5926
03:55:26,880 --> 03:55:30,660
and password to be equal to none
5927
03:55:30,660 --> 03:55:33,120
now none simply means that we do not
5928
03:55:33,120 --> 03:55:35,040
have any value at the moment inside of
5929
03:55:35,040 --> 03:55:37,560
these two variables and hopefully at the
5930
03:55:37,560 --> 03:55:39,180
end of this function we should have the
5931
03:55:39,180 --> 03:55:41,880
username and password stored right here
5932
03:55:41,880 --> 03:55:44,520
so let's end our tutorial here and we
5933
03:55:44,520 --> 03:55:45,960
are going to continue in the next
5934
03:55:45,960 --> 03:55:48,120
lecture with the coding of our two
5935
03:55:48,120 --> 03:55:51,180
functions take care bye
5936
03:55:51,180 --> 03:55:53,760
welcome back this is our third tutorial
5937
03:55:53,760 --> 03:55:55,739
to our password sniffer
5938
03:55:55,739 --> 03:55:57,660
and you might notice that I added
5939
03:55:57,660 --> 03:55:59,399
something right here that we didn't have
5940
03:55:59,399 --> 03:56:01,560
in the previous video and those are
5941
03:56:01,560 --> 03:56:04,380
these two lists so I added the user's
5942
03:56:04,380 --> 03:56:07,500
fields and the passwords fields
5943
03:56:07,500 --> 03:56:09,960
these two lists are going to help us to
5944
03:56:09,960 --> 03:56:11,880
find for the usernames and passwords
5945
03:56:11,880 --> 03:56:14,760
inside of the body that we paste to this
5946
03:56:14,760 --> 03:56:15,720
function
5947
03:56:15,720 --> 03:56:18,000
so right here now that I mentioned body
5948
03:56:18,000 --> 03:56:20,399
I will paste it straight away since in
5949
03:56:20,399 --> 03:56:22,800
our packet parser function we do call it
5950
03:56:22,800 --> 03:56:25,560
as a parameter all right
5951
03:56:25,560 --> 03:56:27,960
so we're going to check for each and
5952
03:56:27,960 --> 03:56:30,540
every element from this list if it is
5953
03:56:30,540 --> 03:56:32,939
located inside of this body and if it is
5954
03:56:32,939 --> 03:56:35,220
we're going to print the username and
5955
03:56:35,220 --> 03:56:36,420
the password
5956
03:56:36,420 --> 03:56:38,520
now for you you don't really have to
5957
03:56:38,520 --> 03:56:40,920
type all of this if you don't want you
5958
03:56:40,920 --> 03:56:43,020
can go to the resources of this project
5959
03:56:43,020 --> 03:56:45,479
or at the end of this section and
5960
03:56:45,479 --> 03:56:47,520
download this program and simply just
5961
03:56:47,520 --> 03:56:50,100
copy and paste these two Fields all
5962
03:56:50,100 --> 03:56:51,239
right
5963
03:56:51,239 --> 03:56:53,880
so let's get straight into the coding
5964
03:56:53,880 --> 03:56:55,920
now that we have these two fields for
5965
03:56:55,920 --> 03:56:57,899
all the possible names for the usernames
5966
03:56:57,899 --> 03:57:00,720
and the passwords what we can do is we
5967
03:57:00,720 --> 03:57:02,640
can iterate over each and every element
5968
03:57:02,640 --> 03:57:06,239
so for example let's go over the user
5969
03:57:06,239 --> 03:57:07,560
Fields first
5970
03:57:07,560 --> 03:57:09,779
so far login
5971
03:57:09,779 --> 03:57:13,160
in user fields
5972
03:57:13,620 --> 03:57:17,060
we can simply just do
5973
03:57:17,399 --> 03:57:19,560
what we're going to do right here is
5974
03:57:19,560 --> 03:57:21,479
we're going to use regex in order to
5975
03:57:21,479 --> 03:57:24,420
extract the user names now I will first
5976
03:57:24,420 --> 03:57:25,859
type it right here and then I will
5977
03:57:25,859 --> 03:57:28,020
explain it to you so I'll create a
5978
03:57:28,020 --> 03:57:30,500
variable called login underscore R E
5979
03:57:30,500 --> 03:57:33,359
standing for regex and I'm going to call
5980
03:57:33,359 --> 03:57:35,160
the regex library with the search
5981
03:57:35,160 --> 03:57:36,960
function
5982
03:57:36,960 --> 03:57:39,540
in that function I'm going to specify
5983
03:57:39,540 --> 03:57:42,199
the pattern
5984
03:57:43,140 --> 03:57:46,800
which will be percent s equals open
5985
03:57:46,800 --> 03:57:50,340
square brackets close square brackets
5986
03:57:50,340 --> 03:57:53,300
upper sign
5987
03:57:54,899 --> 03:57:57,000
then this sign right here not really
5988
03:57:57,000 --> 03:57:58,979
sure how it is called and then at the
5989
03:57:58,979 --> 03:58:01,140
end we specify a plus
5990
03:58:01,140 --> 03:58:03,840
okay so this is our pattern and
5991
03:58:03,840 --> 03:58:06,779
wait for just a second I will explain it
5992
03:58:06,779 --> 03:58:08,819
we then type percent
5993
03:58:08,819 --> 03:58:10,800
login
5994
03:58:10,800 --> 03:58:16,080
and then comma body and then comma r e
5995
03:58:16,080 --> 03:58:18,420
dot ignore case
5996
03:58:18,420 --> 03:58:21,239
okay so before we continue I need to
5997
03:58:21,239 --> 03:58:23,460
explain this line a little bit better
5998
03:58:23,460 --> 03:58:25,500
so what we're doing right here is we're
5999
03:58:25,500 --> 03:58:28,560
creating login.re object
6000
03:58:28,560 --> 03:58:31,199
now we're calling the re Library which
6001
03:58:31,199 --> 03:58:33,359
is the regex library and on this Library
6002
03:58:33,359 --> 03:58:35,760
we are calling the search function what
6003
03:58:35,760 --> 03:58:38,040
this search function does is it takes a
6004
03:58:38,040 --> 03:58:40,140
pattern that we specify which is this
6005
03:58:40,140 --> 03:58:42,000
right here and to explain this pattern
6006
03:58:42,000 --> 03:58:44,100
you really need to know regex so if you
6007
03:58:44,100 --> 03:58:46,260
do know it that's great if you don't
6008
03:58:46,260 --> 03:58:48,720
know it well then I will leave some
6009
03:58:48,720 --> 03:58:50,520
resources in the description so you can
6010
03:58:50,520 --> 03:58:53,040
get more familiar with regex and its
6011
03:58:53,040 --> 03:58:55,920
patterns what basically this is is the
6012
03:58:55,920 --> 03:58:58,500
pattern which we are going to use in
6013
03:58:58,500 --> 03:59:00,960
order to try to get the usernames
6014
03:59:00,960 --> 03:59:03,120
the second parameter to this function is
6015
03:59:03,120 --> 03:59:06,420
the body and body simply means where are
6016
03:59:06,420 --> 03:59:07,979
we going to search for the username so
6017
03:59:07,979 --> 03:59:09,660
we're searching the usernames in body
6018
03:59:09,660 --> 03:59:11,939
and the last parameter which is ignore
6019
03:59:11,939 --> 03:59:13,500
case simply means that we don't care
6020
03:59:13,500 --> 03:59:15,600
about the uppercase and lowercase
6021
03:59:15,600 --> 03:59:17,520
letters okay
6022
03:59:17,520 --> 03:59:20,279
now this pattern right here this percent
6023
03:59:20,279 --> 03:59:22,560
as since that is the first thing will
6024
03:59:22,560 --> 03:59:25,260
get replaced with the login and keep in
6025
03:59:25,260 --> 03:59:27,660
mind the login is the iterable and it
6026
03:59:27,660 --> 03:59:30,720
will be each and every of these elements
6027
03:59:30,720 --> 03:59:32,880
so for this example let's take this
6028
03:59:32,880 --> 03:59:33,960
element
6029
03:59:33,960 --> 03:59:36,120
what we are looking for is something
6030
03:59:36,120 --> 03:59:40,140
like username equals and then something
6031
03:59:40,140 --> 03:59:41,580
right here
6032
03:59:41,580 --> 03:59:44,640
this pattern simply specifies something
6033
03:59:44,640 --> 03:59:47,279
like this if we find this inside of a
6034
03:59:47,279 --> 03:59:49,380
body that means that we successfully
6035
03:59:49,380 --> 03:59:51,479
found the username and we're going to
6036
03:59:51,479 --> 03:59:54,000
print this to the screen
6037
03:59:54,000 --> 03:59:57,060
okay so let's delete this
6038
03:59:57,060 --> 03:59:59,939
now that we got that out of the way
6039
03:59:59,939 --> 04:00:01,680
we now need to check whether there is
6040
04:00:01,680 --> 04:00:04,500
anything stored inside of this login
6041
04:00:04,500 --> 04:00:06,420
since if there is that means we found
6042
04:00:06,420 --> 04:00:11,520
the username so if login underscore re
6043
04:00:11,520 --> 04:00:14,040
then our user variable which we created
6044
04:00:14,040 --> 04:00:15,720
at the beginning of the program and set
6045
04:00:15,720 --> 04:00:18,479
the value of none to it is going to be
6046
04:00:18,479 --> 04:00:20,779
equal
6047
04:00:21,239 --> 04:00:25,080
to login underscore re dot group and
6048
04:00:25,080 --> 04:00:27,600
group are just the results that we got
6049
04:00:27,600 --> 04:00:30,359
from this function right here therefore
6050
04:00:30,359 --> 04:00:32,399
it will simply just store the username
6051
04:00:32,399 --> 04:00:34,260
inside of this variable
6052
04:00:34,260 --> 04:00:36,660
all right so the same thing we need to
6053
04:00:36,660 --> 04:00:39,180
perform for the passwords as well so
6054
04:00:39,180 --> 04:00:43,939
let's go right here for pass field
6055
04:00:43,939 --> 04:00:47,660
in pass fields
6056
04:00:48,600 --> 04:00:50,580
we're going to create an object once
6057
04:00:50,580 --> 04:00:53,699
again called pass underscore re and we
6058
04:00:53,699 --> 04:00:55,800
perform the exact same thing so I'm
6059
04:00:55,800 --> 04:00:58,939
going to copy this
6060
04:00:59,160 --> 04:01:01,439
so we don't have to type it twice and
6061
04:01:01,439 --> 04:01:04,439
paste it right here
6062
04:01:04,439 --> 04:01:06,720
well not there we don't want it there we
6063
04:01:06,720 --> 04:01:09,960
want it here okay good
6064
04:01:09,960 --> 04:01:12,479
now the pattern right here will remain
6065
04:01:12,479 --> 04:01:15,060
the same as for the usernames just in
6066
04:01:15,060 --> 04:01:16,800
our case what we are searching for is
6067
04:01:16,800 --> 04:01:20,399
something like this password equals and
6068
04:01:20,399 --> 04:01:23,100
then random password okay
6069
04:01:23,100 --> 04:01:26,100
so let's delete this and in order to
6070
04:01:26,100 --> 04:01:28,199
actually search for a password we need
6071
04:01:28,199 --> 04:01:30,060
to replace this login
6072
04:01:30,060 --> 04:01:32,040
with pass field
6073
04:01:32,040 --> 04:01:34,560
since we are iterating right now over
6074
04:01:34,560 --> 04:01:36,960
the second list which is the possible
6075
04:01:36,960 --> 04:01:40,020
names for the password field
6076
04:01:40,020 --> 04:01:41,220
okay
6077
04:01:41,220 --> 04:01:43,500
all of this will remain the same and now
6078
04:01:43,500 --> 04:01:45,899
we need to check whether we got this
6079
04:01:45,899 --> 04:01:48,739
so if
6080
04:01:48,779 --> 04:01:52,080
if pass underscore r e
6081
04:01:52,080 --> 04:01:54,300
then we are going to store in our pass
6082
04:01:54,300 --> 04:01:57,180
WD variable which is once again at the
6083
04:01:57,180 --> 04:01:59,160
beginning of this function and set to
6084
04:01:59,160 --> 04:02:00,420
none
6085
04:02:00,420 --> 04:02:02,279
we will store
6086
04:02:02,279 --> 04:02:06,720
as underscore re dot group
6087
04:02:06,720 --> 04:02:08,520
okay good
6088
04:02:08,520 --> 04:02:11,340
and now at the end
6089
04:02:11,340 --> 04:02:14,220
we need to return these two values so we
6090
04:02:14,220 --> 04:02:18,660
will specify if user and password
6091
04:02:18,660 --> 04:02:20,399
we will return
6092
04:02:20,399 --> 04:02:24,620
both username and password
6093
04:02:25,020 --> 04:02:28,140
all right so this is the entire get
6094
04:02:28,140 --> 04:02:30,720
login pass function and now we are ready
6095
04:02:30,720 --> 04:02:34,500
to go back to our packet parser function
6096
04:02:34,500 --> 04:02:36,720
now before we close this video I'm going
6097
04:02:36,720 --> 04:02:39,180
to just select the username comma
6098
04:02:39,180 --> 04:02:42,000
password to be equal to get login pass
6099
04:02:42,000 --> 04:02:44,939
with the body as a parameter since we
6100
04:02:44,939 --> 04:02:46,979
are returning the two values from this
6101
04:02:46,979 --> 04:02:48,120
function
6102
04:02:48,120 --> 04:02:49,920
therefore we need to set those two
6103
04:02:49,920 --> 04:02:52,560
values inside of these two values
6104
04:02:52,560 --> 04:02:54,840
user will be set inside of a username
6105
04:02:54,840 --> 04:02:57,300
and password will be set inside of a
6106
04:02:57,300 --> 04:02:59,340
password so in the next video we're
6107
04:02:59,340 --> 04:03:01,319
going to wrap up our program and we are
6108
04:03:01,319 --> 04:03:04,319
going to go for a first test of it all
6109
04:03:04,319 --> 04:03:06,060
right so thank you for watching this
6110
04:03:06,060 --> 04:03:08,220
tutorial and I will see you in the next
6111
04:03:08,220 --> 04:03:10,260
lecture bye
6112
04:03:10,260 --> 04:03:12,000
welcome back
6113
04:03:12,000 --> 04:03:14,460
so we've had quite a tough task in the
6114
04:03:14,460 --> 04:03:16,260
previous few videos but we managed to
6115
04:03:16,260 --> 04:03:19,260
get it all to work now it's time to wrap
6116
04:03:19,260 --> 04:03:21,239
up our program and run it for a first
6117
04:03:21,239 --> 04:03:22,319
test
6118
04:03:22,319 --> 04:03:24,660
so what we did for now is we returned
6119
04:03:24,660 --> 04:03:26,880
the username and password extracted it
6120
04:03:26,880 --> 04:03:29,040
from the body and stored it in these two
6121
04:03:29,040 --> 04:03:31,500
variables now what we need to do is we
6122
04:03:31,500 --> 04:03:33,840
need to print these two variables as a
6123
04:03:33,840 --> 04:03:37,739
result so right here after this we need
6124
04:03:37,739 --> 04:03:40,199
to check whether username and password
6125
04:03:40,199 --> 04:03:44,000
is not equal to none
6126
04:03:45,600 --> 04:03:49,260
oops seems like we cannot specify two of
6127
04:03:49,260 --> 04:03:50,819
these variables so we need to delete
6128
04:03:50,819 --> 04:03:54,840
this what we're going to do instead
6129
04:03:54,840 --> 04:03:56,819
is we are going to store this inside of
6130
04:03:56,819 --> 04:04:01,220
one variable let's call it like this
6131
04:04:06,060 --> 04:04:07,739
now the reason why we're storing it in
6132
04:04:07,739 --> 04:04:09,779
one variable is because we can use one
6133
04:04:09,779 --> 04:04:12,180
if statement later on even though we are
6134
04:04:12,180 --> 04:04:14,279
returning two values this will both be
6135
04:04:14,279 --> 04:04:17,520
stored inside of a user pass just as two
6136
04:04:17,520 --> 04:04:20,160
different elements all right so
6137
04:04:20,160 --> 04:04:23,760
after that we can check whether if user
6138
04:04:23,760 --> 04:04:27,479
underscore pass is not equal to none and
6139
04:04:27,479 --> 04:04:29,520
what this simply means since we set the
6140
04:04:29,520 --> 04:04:32,160
user and pass to be equal to none if we
6141
04:04:32,160 --> 04:04:33,960
don't manage to find any username and
6142
04:04:33,960 --> 04:04:36,060
password these two values will remain
6143
04:04:36,060 --> 04:04:38,640
none and they will be returned as none
6144
04:04:38,640 --> 04:04:40,979
at the end of the function therefore
6145
04:04:40,979 --> 04:04:43,020
right here we are checking if user and
6146
04:04:43,020 --> 04:04:45,000
password is not equal to none and we
6147
04:04:45,000 --> 04:04:46,800
specify that with this exclamation mark
6148
04:04:46,800 --> 04:04:48,720
and equal sign
6149
04:04:48,720 --> 04:04:51,199
then what we want to print
6150
04:04:51,199 --> 04:04:56,120
is parse dot unquote
6151
04:04:56,819 --> 04:04:58,800
and this is just a way for us to print
6152
04:04:58,800 --> 04:05:02,160
these two values so parse.unquote and we
6153
04:05:02,160 --> 04:05:04,380
will select the first element of the
6154
04:05:04,380 --> 04:05:06,859
user pass
6155
04:05:08,640 --> 04:05:10,859
and we need to select the second element
6156
04:05:10,859 --> 04:05:13,319
which would be the password as well so
6157
04:05:13,319 --> 04:05:16,680
parse dot unquote
6158
04:05:16,680 --> 04:05:20,040
user underscore pass
6159
04:05:20,040 --> 04:05:23,100
and the second element okay
6160
04:05:23,100 --> 04:05:25,739
so once again if these two values are
6161
04:05:25,739 --> 04:05:27,899
not equal to none we will print the
6162
04:05:27,899 --> 04:05:30,680
username and password
6163
04:05:30,720 --> 04:05:33,859
in any other case
6164
04:05:34,739 --> 04:05:37,140
and by in any other case I mean if we
6165
04:05:37,140 --> 04:05:39,140
encounter any other packet that doesn't
6166
04:05:39,140 --> 04:05:42,060
satisfy these three statements right
6167
04:05:42,060 --> 04:05:43,020
here
6168
04:05:43,020 --> 04:05:45,779
we're going to Simply pass and let that
6169
04:05:45,779 --> 04:05:48,060
packet go since it will probably not
6170
04:05:48,060 --> 04:05:51,540
store any username or any password
6171
04:05:51,540 --> 04:05:53,939
all right so this should be the entire
6172
04:05:53,939 --> 04:05:55,080
program
6173
04:05:55,080 --> 04:05:58,620
here it is let's see how it runs
6174
04:05:58,620 --> 04:06:01,080
if I open up the terminal
6175
04:06:01,080 --> 04:06:05,300
clear the screen and run it
6176
04:06:06,660 --> 04:06:09,359
you will see it did run successfully we
6177
04:06:09,359 --> 04:06:11,279
don't see anything right here nothing is
6178
04:06:11,279 --> 04:06:13,319
being printed so let's check out whether
6179
04:06:13,319 --> 04:06:15,779
we can get something to print right here
6180
04:06:15,779 --> 04:06:19,760
if we open up our Firefox
6181
04:06:20,160 --> 04:06:22,560
and I simply go to the
6182
04:06:22,560 --> 04:06:25,380
192.168.1.1
6183
04:06:25,380 --> 04:06:29,160
which is my router's login page and I go
6184
04:06:29,160 --> 04:06:32,580
for example type hello as a username and
6185
04:06:32,580 --> 04:06:36,620
world as a password and click on login
6186
04:06:36,779 --> 04:06:39,600
you will see right here we do get both
6187
04:06:39,600 --> 04:06:41,760
username and password now the password
6188
04:06:41,760 --> 04:06:44,040
is encrypted but that is because of my
6189
04:06:44,040 --> 04:06:46,739
router security therefore our program
6190
04:06:46,739 --> 04:06:48,899
successfully works
6191
04:06:48,899 --> 04:06:50,819
we do manage to get the username and
6192
04:06:50,819 --> 04:06:52,439
password now let's see on another
6193
04:06:52,439 --> 04:06:54,840
website as well let's go to our good old
6194
04:06:54,840 --> 04:06:58,199
test php.phoneweb.com
6195
04:07:03,000 --> 04:07:05,760
here if you go on the sign up we will
6196
04:07:05,760 --> 04:07:07,859
have a page where it will ask us for the
6197
04:07:07,859 --> 04:07:10,140
username and password so let's type the
6198
04:07:10,140 --> 04:07:12,000
username and password right here let's
6199
04:07:12,000 --> 04:07:16,260
go once again with hello and then world
6200
04:07:16,260 --> 04:07:18,000
click on login
6201
04:07:18,000 --> 04:07:22,140
and we get both hello and both World in
6202
04:07:22,140 --> 04:07:24,960
our terminal right here so our program
6203
04:07:24,960 --> 04:07:27,300
worked correctly
6204
04:07:27,300 --> 04:07:29,520
now in case you also want to get from
6205
04:07:29,520 --> 04:07:31,920
which website are these usernames and
6206
04:07:31,920 --> 04:07:33,479
passwords coming from which would be a
6207
04:07:33,479 --> 04:07:35,040
good idea
6208
04:07:35,040 --> 04:07:39,000
all you need to do is go down
6209
04:07:39,000 --> 04:07:42,300
in our packet parser function and if the
6210
04:07:42,300 --> 04:07:43,739
packet has these three statements
6211
04:07:43,739 --> 04:07:44,819
fulfilled
6212
04:07:44,819 --> 04:07:48,300
we also want to print packet
6213
04:07:48,300 --> 04:07:49,859
TCP
6214
04:07:49,859 --> 04:07:53,600
and then dot payload
6215
04:07:53,699 --> 04:07:56,640
all right so let's go and run it once
6216
04:07:56,640 --> 04:07:58,760
again
6217
04:07:59,100 --> 04:08:03,260
and go to Firefox and type
6218
04:08:04,439 --> 04:08:06,840
oh never mind we will be printing a
6219
04:08:06,840 --> 04:08:08,880
whole lot more packets than we need so
6220
04:08:08,880 --> 04:08:10,800
this actual statement
6221
04:08:10,800 --> 04:08:13,260
should go
6222
04:08:13,260 --> 04:08:14,880
here
6223
04:08:14,880 --> 04:08:17,819
and not here so we only want to print it
6224
04:08:17,819 --> 04:08:19,859
if the user and pass is not equal to
6225
04:08:19,859 --> 04:08:24,859
none so let's go once again and print it
6226
04:08:25,620 --> 04:08:27,479
now once we reload we are not getting
6227
04:08:27,479 --> 04:08:29,399
any random packets so let's type right
6228
04:08:29,399 --> 04:08:33,239
here admin and password will be password
6229
04:08:33,239 --> 04:08:36,420
click on OK we get the username to be
6230
04:08:36,420 --> 04:08:38,040
admin and the password to be password
6231
04:08:38,040 --> 04:08:41,279
and we also get the entire packet above
6232
04:08:41,279 --> 04:08:43,319
so now we can see
6233
04:08:43,319 --> 04:08:45,660
that the login is coming from this
6234
04:08:45,660 --> 04:08:47,340
website
6235
04:08:47,340 --> 04:08:49,140
we also see a bunch of other different
6236
04:08:49,140 --> 04:08:51,000
information which could be useful to us
6237
04:08:51,000 --> 04:08:52,979
but for now on we're only interested in
6238
04:08:52,979 --> 04:08:55,800
this host information and in these two
6239
04:08:55,800 --> 04:08:58,800
values which are username and password
6240
04:08:58,800 --> 04:09:00,239
all right
6241
04:09:00,239 --> 04:09:01,979
now that we are sure that our program
6242
04:09:01,979 --> 04:09:04,199
works and that we can sniff usernames
6243
04:09:04,199 --> 04:09:06,420
and passwords on different websites and
6244
04:09:06,420 --> 04:09:08,100
by the way keep in mind this will only
6245
04:09:08,100 --> 04:09:10,560
work on HTTP websites if you want to
6246
04:09:10,560 --> 04:09:12,420
sniff the information and passwords over
6247
04:09:12,420 --> 04:09:15,840
the https websites you will also need to
6248
04:09:15,840 --> 04:09:18,600
run a cell strip on the site
6249
04:09:18,600 --> 04:09:20,880
and that will only work for the S cell
6250
04:09:20,880 --> 04:09:22,680
connections and not for the TLs
6251
04:09:22,680 --> 04:09:25,260
encryption all right
6252
04:09:25,260 --> 04:09:26,340
but
6253
04:09:26,340 --> 04:09:28,680
let's put that on the side in the next
6254
04:09:28,680 --> 04:09:30,960
video we can combine it with our Arps
6255
04:09:30,960 --> 04:09:33,180
buffer and see how we can sniff the
6256
04:09:33,180 --> 04:09:35,100
usernames and passwords on a different
6257
04:09:35,100 --> 04:09:37,500
machine the same way we did right now in
6258
04:09:37,500 --> 04:09:39,840
Kali Linux just we're going to try to
6259
04:09:39,840 --> 04:09:41,699
sniff the usernames and passwords on
6260
04:09:41,699 --> 04:09:43,439
Windows 10 machine
6261
04:09:43,439 --> 04:09:45,300
so thank you for watching this lecture
6262
04:09:45,300 --> 04:09:49,020
and I will see you in the next video bye
6263
04:09:49,020 --> 04:09:51,600
welcome back and this is the first video
6264
04:09:51,600 --> 04:09:53,580
where we are going to test two of our
6265
04:09:53,580 --> 04:09:55,319
tools together
6266
04:09:55,319 --> 04:09:57,060
we're going to test our passwords to
6267
04:09:57,060 --> 04:09:59,340
infer that we coded in this project and
6268
04:09:59,340 --> 04:10:01,199
we're going to combine it with our Arps
6269
04:10:01,199 --> 04:10:02,880
buffer that we created in the previous
6270
04:10:02,880 --> 04:10:06,779
section so let's see how that will go
6271
04:10:06,779 --> 04:10:09,060
first what we need to do is open up our
6272
04:10:09,060 --> 04:10:11,760
terminal and I will go on to the actions
6273
04:10:11,760 --> 04:10:14,939
and split the terminal horizontally so
6274
04:10:14,939 --> 04:10:17,100
it will have two of these screens right
6275
04:10:17,100 --> 04:10:18,660
here
6276
04:10:18,660 --> 04:10:20,880
in the first screen I will navigate to
6277
04:10:20,880 --> 04:10:22,620
pycharm
6278
04:10:22,620 --> 04:10:24,180
and I will navigate to the password
6279
04:10:24,180 --> 04:10:26,880
sniffer project
6280
04:10:26,880 --> 04:10:29,279
and in the second screen I will navigate
6281
04:10:29,279 --> 04:10:31,739
once again to pycharm and to arp's
6282
04:10:31,739 --> 04:10:32,939
buffer project
6283
04:10:32,939 --> 04:10:34,319
all right
6284
04:10:34,319 --> 04:10:37,800
so if I type LS in the ARP spoofer
6285
04:10:37,800 --> 04:10:40,260
you will remember that our arp's buffer
6286
04:10:40,260 --> 04:10:42,359
code requires us to specify the target
6287
04:10:42,359 --> 04:10:44,880
IP address and the router's IP address
6288
04:10:44,880 --> 04:10:47,760
has two arguments to the command
6289
04:10:47,760 --> 04:10:50,279
so let's run the arbit hover right away
6290
04:10:50,279 --> 04:10:53,160
I will type python 3.
6291
04:10:53,160 --> 04:10:56,239
arp's buffer
6292
04:10:56,239 --> 04:10:59,100
192.168.1.1 and the IP address of my
6293
04:10:59,100 --> 04:11:03,540
Windows 10 machine is 192.168.1.2
6294
04:11:04,920 --> 04:11:08,100
run this and this will start working as
6295
04:11:08,100 --> 04:11:10,500
we can see it is not closing it is
6296
04:11:10,500 --> 04:11:13,439
sending two packets every two seconds
6297
04:11:13,439 --> 04:11:15,239
if you want to check whether it worked
6298
04:11:15,239 --> 04:11:18,000
we can simply just go to the CMD or the
6299
04:11:18,000 --> 04:11:20,520
command prompt in Windows and type ARP
6300
04:11:20,520 --> 04:11:23,699
Dash a and we will see that both of the
6301
04:11:23,699 --> 04:11:26,399
Cal Linux and router have the same Mac
6302
04:11:26,399 --> 04:11:28,620
address therefore our Arps proofing
6303
04:11:28,620 --> 04:11:29,760
worked
6304
04:11:29,760 --> 04:11:32,100
now let's see how this will help us to
6305
04:11:32,100 --> 04:11:33,899
actually sniff the password on Windows
6306
04:11:33,899 --> 04:11:34,979
10 machine
6307
04:11:34,979 --> 04:11:37,680
now if I go to my password slaver and I
6308
04:11:37,680 --> 04:11:40,199
simply just run it so python3
6309
04:11:40,199 --> 04:11:42,180
password sniffer
6310
04:11:42,180 --> 04:11:44,640
as we can see it seems to work correctly
6311
04:11:44,640 --> 04:11:48,060
all we are left to do right now is go on
6312
04:11:48,060 --> 04:11:50,340
Windows 10 to Google Chrome or any
6313
04:11:50,340 --> 04:11:52,920
search engine that you're using
6314
04:11:52,920 --> 04:11:55,560
wait for it to open up and once it opens
6315
04:11:55,560 --> 04:11:57,420
up let's first of all go to my router
6316
04:11:57,420 --> 04:11:58,920
right here
6317
04:11:58,920 --> 04:12:02,100
whoops it will not connect because you
6318
04:12:02,100 --> 04:12:04,680
remember we forgot one thing so let us
6319
04:12:04,680 --> 04:12:06,899
just close our apps buffer
6320
04:12:06,899 --> 04:12:09,660
for a second we actually have to forward
6321
04:12:09,660 --> 04:12:12,239
our packets first so let's do that with
6322
04:12:12,239 --> 04:12:14,580
the command echo1
6323
04:12:14,580 --> 04:12:16,920
two arrows to the right slash Brock
6324
04:12:16,920 --> 04:12:18,540
slash sys
6325
04:12:18,540 --> 04:12:21,540
slash net slash ipv4
6326
04:12:21,540 --> 04:12:25,739
and slash IP underscore forward once we
6327
04:12:25,739 --> 04:12:29,110
do that we can run our spofer once again
6328
04:12:29,110 --> 04:12:33,479
[Music]
6329
04:12:33,479 --> 04:12:35,939
okay so it is working let's go back to
6330
04:12:35,939 --> 04:12:38,279
our page and try to reload it here it is
6331
04:12:38,279 --> 04:12:41,580
and if we type some random username such
6332
04:12:41,580 --> 04:12:43,979
as for example admin and password to be
6333
04:12:43,979 --> 04:12:45,720
password
6334
04:12:45,720 --> 04:12:48,300
press on login and go back to our Cal
6335
04:12:48,300 --> 04:12:50,279
Linux machine we will get the full
6336
04:12:50,279 --> 04:12:52,439
packet printed out right here here is
6337
04:12:52,439 --> 04:12:54,420
the username and the password due to
6338
04:12:54,420 --> 04:12:56,520
security measures is actually set to be
6339
04:12:56,520 --> 04:12:58,680
encrypted and we can also see the actual
6340
04:12:58,680 --> 04:13:01,439
host or the website to which these two
6341
04:13:01,439 --> 04:13:03,840
Fields have been specified and in this
6342
04:13:03,840 --> 04:13:05,420
case it is
6343
04:13:05,420 --> 04:13:09,420
192.168.1.1 or our router now if we go
6344
04:13:09,420 --> 04:13:11,640
on to the different website which is
6345
04:13:11,640 --> 04:13:13,100
test
6346
04:13:13,100 --> 04:13:16,020
php.phoneweb.com and we go to the sign
6347
04:13:16,020 --> 04:13:18,840
up specify right here admin and then
6348
04:13:18,840 --> 04:13:20,760
password
6349
04:13:20,760 --> 04:13:23,520
click on login go back to our care Linux
6350
04:13:23,520 --> 04:13:26,160
machine we will also get that packet as
6351
04:13:26,160 --> 04:13:28,859
well okay so here it is username is
6352
04:13:28,859 --> 04:13:31,620
admin password is password in plain text
6353
04:13:31,620 --> 04:13:33,479
we can see it right here
6354
04:13:33,479 --> 04:13:36,239
and we can also see where are these
6355
04:13:36,239 --> 04:13:39,180
fields specified in our case they are
6356
04:13:39,180 --> 04:13:42,000
specified on this website right here
6357
04:13:42,000 --> 04:13:44,520
alright so our password safer works we
6358
04:13:44,520 --> 04:13:46,500
combined our two tools our password
6359
04:13:46,500 --> 04:13:48,779
sniffer and our arms buffer in order to
6360
04:13:48,779 --> 04:13:51,239
sniff the passwords from the HTTP
6361
04:13:51,239 --> 04:13:53,640
websites on the different machines on
6362
04:13:53,640 --> 04:13:56,340
our local network now if you want to do
6363
04:13:56,340 --> 04:13:58,680
this on multiple targets at once you can
6364
04:13:58,680 --> 04:14:00,779
either just upgrade our arf's buffer to
6365
04:14:00,779 --> 04:14:02,760
be able to spoof every machine on the
6366
04:14:02,760 --> 04:14:04,859
local area network or you can use a
6367
04:14:04,859 --> 04:14:07,260
different tool with combination with our
6368
04:14:07,260 --> 04:14:09,479
password sniffer so you can use a tool
6369
04:14:09,479 --> 04:14:12,600
called for example mitmf not really sure
6370
04:14:12,600 --> 04:14:15,120
if it is installed right here yeah you
6371
04:14:15,120 --> 04:14:18,060
can also use the mitm proxy but I would
6372
04:14:18,060 --> 04:14:20,520
advise you to go into the Firefox
6373
04:14:20,520 --> 04:14:22,620
if you want to use the real man in the
6374
04:14:22,620 --> 04:14:25,199
middle and ARP spoofing tool that comes
6375
04:14:25,199 --> 04:14:27,000
with bunch of different options that
6376
04:14:27,000 --> 04:14:28,800
will help you fully execute your attack
6377
04:14:28,800 --> 04:14:31,620
you simply just go and download a tool
6378
04:14:31,620 --> 04:14:34,680
called mitmf
6379
04:14:34,680 --> 04:14:36,120
you would simply just click on this
6380
04:14:36,120 --> 04:14:38,600
first link
6381
04:14:41,340 --> 04:14:44,100
go all the way down you would clone this
6382
04:14:44,100 --> 04:14:46,680
page with Git clone then you can go to
6383
04:14:46,680 --> 04:14:49,620
the installation instructions right here
6384
04:14:49,620 --> 04:14:51,840
and follow these instructions in these
6385
04:14:51,840 --> 04:14:54,180
commands in order to install mitmf
6386
04:14:54,180 --> 04:14:56,340
properly once you do that you can simply
6387
04:14:56,340 --> 04:14:58,020
just use the tool to perform ARP
6388
04:14:58,020 --> 04:15:00,600
spoofing and use our password sniffer in
6389
04:15:00,600 --> 04:15:02,699
order to sniff passwords on every
6390
04:15:02,699 --> 04:15:04,739
machine on local area network
6391
04:15:04,739 --> 04:15:07,140
okay so that would be about it for this
6392
04:15:07,140 --> 04:15:09,300
section we successfully saw how we can
6393
04:15:09,300 --> 04:15:11,399
combine these two tools and in the next
6394
04:15:11,399 --> 04:15:13,319
project we're also going to see another
6395
04:15:13,319 --> 04:15:15,300
tool that we will create that you can
6396
04:15:15,300 --> 04:15:17,220
either combine with our spoofer if you
6397
04:15:17,220 --> 04:15:19,560
like or you can simply just use it on
6398
04:15:19,560 --> 04:15:21,779
your own with another tool perhaps such
6399
04:15:21,779 --> 04:15:25,020
as mitmf or with the any other tool that
6400
04:15:25,020 --> 04:15:27,660
performs man in the middle attack as
6401
04:15:27,660 --> 04:15:30,120
well okay so thank you for watching this
6402
04:15:30,120 --> 04:15:32,160
section and I will see you in the next
6403
04:15:32,160 --> 04:15:35,460
project bye
448647
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.