Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,840 --> 00:00:08,220
After explaining what is social engineering toolkit and after explaining how effective is this tool
2
00:00:09,030 --> 00:00:15,600
and after showing you if you face any problem using social engineering toolkit in Linux How can you
3
00:00:15,600 --> 00:00:16,490
fix it.
4
00:00:16,530 --> 00:00:21,240
Now let's do some attacks using social engineering toolkit.
5
00:00:21,360 --> 00:00:30,970
So I'm going to go to my college Linux machine and we going to launch a program so you know
6
00:00:40,610 --> 00:00:42,620
and let me open a terminal
7
00:00:45,300 --> 00:00:52,570
and type set to get.
8
00:00:52,840 --> 00:01:01,060
Now many of them can be used using social engineering toolkit targeting immobile or a computer.
9
00:01:01,240 --> 00:01:06,700
In my second hacking course my previous As you can hack in from scratch to advance a technique course
10
00:01:07,240 --> 00:01:17,470
I explain how to use set hacking computers and this course we will focus more about compromising Android
11
00:01:17,470 --> 00:01:20,450
devices mobile phone or tablet.
12
00:01:20,620 --> 00:01:29,650
So I'm going to launch the tools by typing one and we're going start to his website attack victim number
13
00:01:29,680 --> 00:01:37,150
two and then we're going to choose a very simple attack which is a credential harvest attack number
14
00:01:37,150 --> 00:01:38,030
three.
15
00:01:38,050 --> 00:01:45,680
Now this attack can only create a fake Web site that will captures the username and password.
16
00:01:46,480 --> 00:01:48,050
So it's very easy.
17
00:01:48,190 --> 00:01:58,900
It will not be detected by any antivirus or any security software and it's quite easy to implement except
18
00:01:59,710 --> 00:02:05,530
it will need some social engineering skills.
19
00:02:05,740 --> 00:02:11,680
On a separate section in this course I'm going explains a different technique for social engineering.
20
00:02:11,710 --> 00:02:16,470
How can you spoof your email or fake an email and send the fake email.
21
00:02:16,600 --> 00:02:21,290
Or how can you spoof an assessment so how can you spoof the mobile number.
22
00:02:21,300 --> 00:02:30,160
So the tools that we have right now online it's very very helpful when it comes to spoofing or faking
23
00:02:31,480 --> 00:02:33,670
our real information.
24
00:02:33,670 --> 00:02:38,680
So let's focus on this section about the attacks and on the previous and on.
25
00:02:38,680 --> 00:02:47,080
And the separate section on this course we will be talking about the tools that you can use to create
26
00:02:47,080 --> 00:02:54,110
yourself to fake your identities so social engineer will be very convenient.
27
00:02:54,160 --> 00:02:56,970
So we'll talk about that in a separate section in this course.
28
00:02:56,980 --> 00:02:58,900
But now let's talk about that.
29
00:02:58,930 --> 00:03:04,000
So the first attack that we can explain this letter B number three which is a credential.
30
00:03:04,450 --> 00:03:10,090
And when you type credential harvest which is creating a fake Web site and this fake Web site will be
31
00:03:10,090 --> 00:03:13,880
hosted on this Kelly Linux machine.
32
00:03:13,930 --> 00:03:17,330
So it's important to know the IP of Siskin the next machine.
33
00:03:17,470 --> 00:03:25,720
And once you send it by email or by s.m.m was a victim and you click on the link and type username and
34
00:03:25,720 --> 00:03:26,140
password.
35
00:03:26,140 --> 00:03:28,670
It could be capturing a very very simple attack.
36
00:03:28,780 --> 00:03:30,610
We're going to take some advance that.
37
00:03:30,640 --> 00:03:34,440
But the concept is very simple and very easy to implement.
38
00:03:34,480 --> 00:03:40,720
You can create a hiccup site from the web template which is the major Web site like G-mail or Yahoo
39
00:03:40,720 --> 00:03:41,520
or some other.
40
00:03:41,740 --> 00:03:50,070
Or you can use site cloner which if you need to create a fake upside for a specific like bank or for
41
00:03:50,070 --> 00:03:51,810
a specific website.
42
00:03:51,810 --> 00:03:55,040
So you need to create an additional website
43
00:03:57,690 --> 00:04:04,550
or I'm sorry a copy from the site from any known website so you can you can to site cloner.
44
00:04:04,830 --> 00:04:10,320
And he will ask you what is seitan when you type in him he will create a similar one for him but for
45
00:04:10,320 --> 00:04:15,530
simplicity let's take number one which is the web template.
46
00:04:16,560 --> 00:04:20,360
So let me choose one and we're going to ask OK
47
00:04:23,550 --> 00:04:33,810
what is the IP address of your machine which is the supposed back I mean the username and password that
48
00:04:33,810 --> 00:04:36,830
will be sent from the victim to each IP address should be delivered.
49
00:04:36,960 --> 00:04:40,580
You should put here your IP.
50
00:04:40,680 --> 00:04:53,040
Now if you do that locally open as a term you can use the private IP to the terminal and you type IP
51
00:04:53,040 --> 00:04:57,360
config to check IP of your machine.
52
00:04:57,360 --> 00:05:05,810
I'm sorry I ifconfig config to check the IP of your local machine which in my case is one that's.
53
00:05:05,970 --> 00:05:10,110
This would be the IP used here and this would be IP that you need to send to the victim after doing
54
00:05:10,110 --> 00:05:11,180
some manipulation.
55
00:05:11,460 --> 00:05:18,590
If you do that remotely You need to use your public IP and you can have some different section to explains
56
00:05:18,590 --> 00:05:29,740
that I'm going to show you how to do that remotely but the IPs that you need to use what is my IP IPs
57
00:05:29,790 --> 00:05:37,440
that you need to use to to to to do this attack remotely not on the same network.
58
00:05:37,440 --> 00:05:44,870
Is your public IP sounds since in this phase we are doing that remotely and certainly locally.
59
00:05:44,880 --> 00:05:53,640
So I'm going to right here as the IP of my is it.
60
00:05:53,700 --> 00:06:02,320
So I use a private IP of my computer which is 1 9 2 8 1 6 8 1 2 1 0.
61
00:06:02,320 --> 00:06:09,420
See if you didn't need to do that remotely as I just mentioned it was a public IP but there is some
62
00:06:09,420 --> 00:06:14,580
network settings that we can explain later on during this course and.
63
00:06:14,640 --> 00:06:15,150
OK.
64
00:06:15,370 --> 00:06:15,880
OK.
65
00:06:16,020 --> 00:06:19,770
Which website would you like to create a fake one.
66
00:06:19,770 --> 00:06:23,400
So let's take a number to Google
67
00:06:26,070 --> 00:06:29,350
and it's creating a Google web site
68
00:06:33,520 --> 00:06:35,940
to start the process.
69
00:06:35,940 --> 00:06:37,250
Yes.
70
00:06:43,650 --> 00:06:47,750
And yeah I think he's up and running.
71
00:06:47,760 --> 00:06:56,470
Now what I can do I need to send to the victim is the IP that I just brought here as IP of my local
72
00:06:56,470 --> 00:06:57,860
machine.
73
00:06:57,880 --> 00:07:01,390
Of course it will not be sent as an IP as an IP.
74
00:07:01,390 --> 00:07:04,320
I mean I'm going to show you later on how can we change that.
75
00:07:04,450 --> 00:07:06,290
But we need to send it.
76
00:07:06,460 --> 00:07:08,670
We need to send them the IP.
77
00:07:09,220 --> 00:07:11,320
So let's do that together.
78
00:07:11,850 --> 00:07:23,020
When I open my men and send to the victim Zelenka IP as I told you it will beat you and it will be enhanced
79
00:07:23,020 --> 00:07:24,570
it will not be that easy.
80
00:07:25,090 --> 00:07:28,800
So I'm sending from my computer an e-mail.
81
00:07:28,870 --> 00:07:30,100
Let me compose
82
00:07:34,530 --> 00:07:38,360
and send to my email
83
00:07:56,240 --> 00:08:11,610
you go and subject for instant your mail is full.
84
00:08:12,610 --> 00:08:13,050
Then
85
00:08:20,690 --> 00:08:22,320
your mailbox
86
00:08:31,560 --> 00:08:32,770
is full.
87
00:08:36,180 --> 00:08:45,430
Of course you are getting this message all the time that you know you are out of storage and your mean
88
00:08:46,930 --> 00:08:50,500
books is.
89
00:08:51,430 --> 00:08:54,340
Please click
90
00:08:58,150 --> 00:09:00,400
below.
91
00:09:00,530 --> 00:09:11,550
Name it this will be much more convenient if you use it like a fake e-mail.
92
00:09:11,770 --> 00:09:18,530
And actually this will be explained in a different section where how can we spoof the e-mail.
93
00:09:18,820 --> 00:09:20,600
And then I need to put the IP here.
94
00:09:20,670 --> 00:09:39,170
GTP and that's poods IPO was the victim 1 9 2 1 6 8 8 1 8 1 0 3 M.T..
95
00:09:39,780 --> 00:09:40,320
So
96
00:09:44,970 --> 00:09:46,790
the idea should be clear.
97
00:09:46,800 --> 00:09:51,270
But later on you can see that we should not sends IPs this way because you know this is not the right
98
00:09:51,270 --> 00:09:55,170
way but you'll see later how to use that.
99
00:09:55,290 --> 00:09:57,770
Let's just test the concept.
100
00:09:57,900 --> 00:09:59,130
So I sent an in.
101
00:09:59,160 --> 00:10:05,430
Now let me go to my device and let's see it in
102
00:10:08,250 --> 00:10:10,290
a given few seconds.
103
00:10:10,560 --> 00:10:11,820
Here and go.
104
00:10:12,210 --> 00:10:16,650
And when I opened this e-mail and I click on the link
105
00:10:20,800 --> 00:10:24,780
key he would request me for the email and password.
106
00:10:24,780 --> 00:10:31,090
I'm going to type a b c at g mail.
107
00:10:33,310 --> 00:10:41,410
But come and let's put any password 4:44 in and sync and sign in.
108
00:10:41,580 --> 00:10:50,100
Now number one this would be directed to the Google website which is very good because he would think
109
00:10:50,110 --> 00:10:52,960
that maybe he wrote the wrong username and password.
110
00:10:53,190 --> 00:10:57,830
Why here we should be getting the user name and password.
111
00:10:59,110 --> 00:11:01,390
That has just been captured.
112
00:11:01,780 --> 00:11:07,980
So it is it should be here.
113
00:11:17,540 --> 00:11:18,880
Yeah it can go.
114
00:11:18,970 --> 00:11:25,570
This is the username and this is the password.
115
00:11:25,570 --> 00:11:34,540
So it's very simple and it's very easy to implement just as I told you if you use the right tools like
116
00:11:34,540 --> 00:11:40,140
using a website that fake your identity this will be explained in a separate chapter in this course.
117
00:11:40,150 --> 00:11:47,170
Or you can send that through and it's a mess using some software that fake hemis so it will be easy
118
00:11:47,170 --> 00:11:48,070
to complain.
119
00:11:48,350 --> 00:11:52,120
Regarding the IP that we should not use IP the same way it is.
120
00:11:52,120 --> 00:11:55,570
Most people will be using those shortened website.
121
00:11:55,840 --> 00:12:09,910
So if you go here and you go to this like a site like that bit dot NY.
122
00:12:10,280 --> 00:12:14,770
This is a Web site that allows you to change or to shorten it.
123
00:12:14,780 --> 00:12:20,120
It has been created for a good purpose which is if you have a very good read it can be shortened.
124
00:12:20,360 --> 00:12:27,080
But some people are using that in a bad way that for instance if I need to since I was a victim instead
125
00:12:27,080 --> 00:12:31,580
of sending the IP number which would be very suspicion I can do it this way.
126
00:12:31,580 --> 00:12:38,000
1 and 2 to 1 6 8 1 2 1 0 3 and I can type on
127
00:12:40,570 --> 00:12:49,400
shortend and we'll get a different tour and see this is who you are and that you can send to the victim.
128
00:12:50,030 --> 00:12:56,900
So we usually see this kind of you are in Twitter and Facebook and stuff like that to show you how you
129
00:12:56,900 --> 00:12:59,130
know how suspicions this is.
130
00:12:59,150 --> 00:13:06,980
So this was a credential harvest attacks that has for a scoop to capture the username and pass not necessarily
131
00:13:07,370 --> 00:13:15,650
Facebook or Holtman but you can use any web site that has a credential you can clone this website and
132
00:13:15,650 --> 00:13:17,090
send that into the victim.
133
00:13:17,090 --> 00:13:23,400
And you just need to convince them to click on this link next lecture you can see and select another
134
00:13:24,050 --> 00:13:26,120
attack so let's see how to do it.
12950
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.