Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:12,070 --> 00:00:14,860
Hey, guys, welcome back to another episode on How to Hack.
2
00:00:15,250 --> 00:00:18,460
So my name is Young and I'll be your trainer and facilitator today.
3
00:00:19,180 --> 00:00:24,670
So over here on the screen, as you can see on the left side, we have an mobile device running.
4
00:00:24,700 --> 00:00:26,660
And on the right side, we have colonics running.
5
00:00:26,680 --> 00:00:33,490
So colonics will be our hacker's box and the mobile device will be the targeted computer at a target,
6
00:00:33,490 --> 00:00:37,840
a device that will be going after to pull out all of those text messages.
7
00:00:38,530 --> 00:00:42,970
So what we are going to do now is on the right side, we have to create the payload.
8
00:00:42,970 --> 00:00:45,270
We have to create the app CAFO.
9
00:00:45,610 --> 00:00:49,800
So what you can see over here is that I have already created a command for you.
10
00:00:49,810 --> 00:00:53,880
So we just got to zoom in a little and I'll explain to you what all this means.
11
00:00:54,250 --> 00:00:55,390
So we're using MSF.
12
00:00:55,390 --> 00:01:00,760
Varnum So this is part of the battle supply framework and of course Desh stands for a platform.
13
00:01:00,760 --> 00:01:04,470
So we're using Android Media Preeta Reverse on a scale TCP.
14
00:01:04,810 --> 00:01:10,510
So a reverse made a British shell for us to get a reverse connection into the mobile device.
15
00:01:10,940 --> 00:01:12,190
And of course we have low.
16
00:01:12,190 --> 00:01:16,550
So Elmos is actually the IP address of the listener.
17
00:01:16,570 --> 00:01:23,200
So in this case, if I enter IP space ADR and I hit enter on that, I will be presented with the IP
18
00:01:23,200 --> 00:01:25,090
address of the colonics machine.
19
00:01:25,240 --> 00:01:29,830
So in this case we have one two one six eight zero one zero six.
20
00:01:30,370 --> 00:01:37,060
And of course for our case, we are going to create the APK file based on Delaporte all four four four
21
00:01:37,060 --> 00:01:37,380
four.
22
00:01:37,870 --> 00:01:42,170
So of course we will output the fall into dot hacker apk.
23
00:01:42,460 --> 00:01:48,430
So once you have this instruction ready, paste it onto your code, Linux box and the command problem
24
00:01:48,670 --> 00:01:51,420
or in the terminal and go ahead and hit enter on that.
25
00:01:51,430 --> 00:01:52,990
So I'll go ahead and enter on that.
26
00:01:53,560 --> 00:01:58,510
And of course I'll be prompted with the password because I'm using Sudo for super user so he'd enter
27
00:01:58,510 --> 00:02:01,670
on that and this would create epic payload.
28
00:02:01,840 --> 00:02:07,960
So what we are going to do is that we need to have this install into the device one installation onto
29
00:02:07,960 --> 00:02:13,720
the device, either as a corporate issue or a company issued device or two.
30
00:02:13,960 --> 00:02:21,040
It is true social engineering attacks or you could embed it as part of a different APK file, like your
31
00:02:21,700 --> 00:02:26,980
different kind of applications that you can then present it to the user in a user could download it,
32
00:02:26,980 --> 00:02:32,800
and from there on you will be able to get it running and you can have the reverse connection back to
33
00:02:32,800 --> 00:02:33,400
the device.
34
00:02:34,150 --> 00:02:38,830
So over here, as we can see, we have the payload size of ten thousand one hundred and eighty five
35
00:02:38,830 --> 00:02:39,280
bytes.
36
00:02:39,640 --> 00:02:44,830
So all you got to do is transfer to file so you can actually do a pseudo move, for example, and we
37
00:02:44,830 --> 00:02:49,650
can move the DOT hacker ABQ file Devar doped up HTML.
38
00:02:50,230 --> 00:02:55,600
So what we are doing this and why we're doing this is because we need a location to service to file
39
00:02:55,600 --> 00:03:00,730
so that people can access it so that a target computers can access it, they can download it and they
40
00:03:00,730 --> 00:03:02,110
can install it from there on.
41
00:03:02,920 --> 00:03:07,120
So in this case, we can go ahead and run the Apache Web server.
42
00:03:07,150 --> 00:03:09,200
So all you got to do is enter System CTL.
43
00:03:09,340 --> 00:03:12,190
So this is part of Linux system administration.
44
00:03:12,200 --> 00:03:18,460
So this is a good command, a good item to learn so that you can understand how you can control different
45
00:03:18,460 --> 00:03:22,480
kind of services, insight your different Linux boxes.
46
00:03:22,510 --> 00:03:25,900
So this is a highly sought after scale Linux administration.
47
00:03:26,320 --> 00:03:33,790
So we enter a system CTL followed by space and we can actually enter the status of Apache so we can
48
00:03:33,790 --> 00:03:35,110
go ahead and hit enter on debt.
49
00:03:35,140 --> 00:03:37,140
So it says that it is already running.
50
00:03:37,150 --> 00:03:42,130
So we have our Web application server running and on the left side we have the mobile device.
51
00:03:42,550 --> 00:03:46,030
So of course the app can be downloaded for many places.
52
00:03:46,210 --> 00:03:50,200
And I just created a YouTube post about the importance of social engineering.
53
00:03:50,200 --> 00:03:54,600
So social engineering is a domain that is usually overlooked.
54
00:03:54,610 --> 00:04:00,310
So there are a lot of importance for it because I've seen a lot of demonstration as well as real life
55
00:04:00,310 --> 00:04:08,320
cases where the hackers provide a macro Excel file like an Excel sheet or a wood document, and a user
56
00:04:08,320 --> 00:04:15,540
enable the macro scripts and continue running and debt took over the entire device very, very quickly.
57
00:04:15,850 --> 00:04:22,230
So those were the kind of attacks that we're seeing regularly do penetrate into very large companies.
58
00:04:22,240 --> 00:04:31,390
So this are the kind of tricks coupled with technological advancement in cyber attacks to actually launch
59
00:04:31,390 --> 00:04:33,280
those attacks against certain entities.
60
00:04:33,490 --> 00:04:33,880
All right.
61
00:04:34,480 --> 00:04:37,140
So now all we got to do is enter the IP address.
62
00:04:37,150 --> 00:04:43,870
So in this case, we have one two one six eight zero one zero six, followed by Hacker.
63
00:04:44,530 --> 00:04:50,650
And of course, we name our device over here from the output, as Hacker told APK so we can enter Heckel
64
00:04:51,070 --> 00:04:52,540
not a hit enter on debt.
65
00:04:53,080 --> 00:04:55,420
So it would say that we can download a false will be.
66
00:04:55,420 --> 00:04:56,920
Go ahead and download a file click.
67
00:04:56,920 --> 00:05:01,600
OK, so once the phone has been downloaded you can open it up and you can install it.
68
00:05:01,870 --> 00:05:06,180
So what I'm going to do now on the right side is I'm going to start up Matus white console.
69
00:05:06,550 --> 00:05:10,060
So again, if you think about some of the use cases for us to install.
70
00:05:10,180 --> 00:05:17,050
A software into the device, what a hackers are doing is that they're installing a lot of such software
71
00:05:17,230 --> 00:05:25,090
onto the mobile device before they actually ship it to the consumers, before they actually sell it
72
00:05:25,480 --> 00:05:29,730
to a different kind of platforms in order for users to use that phone.
73
00:05:29,740 --> 00:05:32,230
And when the users use the phone, they're clueless.
74
00:05:32,240 --> 00:05:38,200
You have no idea to this phone already has a virus or a backdoor install into the device.
75
00:05:38,320 --> 00:05:41,380
So this is the kind of tricks that hackers are really using.
76
00:05:41,560 --> 00:05:47,590
So like I mentioned earlier, coupling social engineering, as well as all this technical know house
77
00:05:47,740 --> 00:05:50,950
for these hackers to gain access to your credentials.
78
00:05:51,250 --> 00:05:51,670
All right.
79
00:05:52,600 --> 00:05:58,840
So moving forward, all I got to do is enter, use, exploit, multi handler and we can actually set
80
00:05:58,840 --> 00:06:03,250
the payload as Android meter reader reverse on a score.
81
00:06:04,210 --> 00:06:04,690
All right.
82
00:06:04,690 --> 00:06:10,070
And we can enter show options so we can SBL Hoess one two one six eight zero one zero six.
83
00:06:10,120 --> 00:06:12,600
So this is the IP address of the listener.
84
00:06:12,640 --> 00:06:14,770
This is the IP address of colonics in this case.
85
00:06:15,010 --> 00:06:16,030
So hit enter on that.
86
00:06:16,180 --> 00:06:18,630
And we have the airport as four four four four.
87
00:06:18,640 --> 00:06:20,200
So everything is set properly.
88
00:06:20,560 --> 00:06:24,220
So all we got to do right now is enter exploit to run the listener.
89
00:06:24,220 --> 00:06:28,720
So we're listening right now and we actually already have the software installed.
90
00:06:28,720 --> 00:06:35,440
So if I click onto the hacker apk and you can see that this is an installation update to the desisting
91
00:06:35,440 --> 00:06:36,220
application.
92
00:06:36,230 --> 00:06:39,060
So we have already installed the application.
93
00:06:39,310 --> 00:06:46,630
So all I got to do is go back into the mobile device and if I go into the application page, all I got
94
00:06:46,630 --> 00:06:48,170
to do is search for a main activity.
95
00:06:48,550 --> 00:06:53,860
So again, to naming the logos, the way the look and feel of the application can be modified.
96
00:06:53,860 --> 00:07:00,670
And we will discuss about how we can innovate such payloads into different kind of ABQ or different
97
00:07:00,670 --> 00:07:01,570
kind of applications.
98
00:07:01,600 --> 00:07:01,930
All right.
99
00:07:02,500 --> 00:07:08,740
So here I'm just going to go ahead and click on main activity and immediately we would have access into
100
00:07:08,740 --> 00:07:09,370
recession.
101
00:07:09,370 --> 00:07:15,790
And what you're seeing right now is that you would not be able to visually see any kind of differences
102
00:07:15,790 --> 00:07:16,350
on the phone.
103
00:07:16,540 --> 00:07:21,010
So the phone is still able to run normal and you can do stuff.
104
00:07:21,010 --> 00:07:22,840
The Internet you can do go to Google Maps.
105
00:07:23,080 --> 00:07:28,150
You can use many different of the features and functions as though your phone is as it is.
106
00:07:28,300 --> 00:07:32,500
But it has really been hacked by the hackers and hackers on the right side.
107
00:07:32,500 --> 00:07:36,070
Clinics have full control and access to the device.
108
00:07:36,110 --> 00:07:37,060
And why is that a case?
109
00:07:37,480 --> 00:07:40,870
So let us explain a little more about why this is the case.
110
00:07:41,020 --> 00:07:49,330
So if I actually go on to settings and I click onto the applications, so let us go into the application
111
00:07:49,330 --> 00:07:55,860
that has been installed in the device so we can review the mobile application permissions.
112
00:07:55,870 --> 00:08:00,350
So if I click on apps and over here we can see all the applications.
113
00:08:00,350 --> 00:08:03,540
So let us go into the application that we just installed.
114
00:08:04,570 --> 00:08:09,820
So it is called main activity and lets it enter and debt and we can look under permissions.
115
00:08:09,820 --> 00:08:12,120
So permissions is on a roll.
116
00:08:12,130 --> 00:08:18,610
So go ahead and click on that and we can see that this application has all these different accesses
117
00:08:18,880 --> 00:08:19,810
into the phone.
118
00:08:20,080 --> 00:08:27,130
So it has the camera access, it has the context access, location, microphone, phone, SMS and storage.
119
00:08:27,490 --> 00:08:34,810
So immense that even for mobile applications to install into your phone right now, the user, all the
120
00:08:34,810 --> 00:08:40,720
owner of the application, if they have all this app permissions, they will be able to see all of your
121
00:08:40,720 --> 00:08:41,140
data.
122
00:08:41,380 --> 00:08:46,400
They'll be able to pull out your contacts or SMS and all this important information.
123
00:08:47,050 --> 00:08:53,200
So going back into the hackers box, we can enter help and this will list out all the commands available
124
00:08:53,200 --> 00:08:57,780
for us to control or to execute into the mobile device.
125
00:08:58,060 --> 00:09:01,600
So in my case, for example, I can enter at on a score list.
126
00:09:01,810 --> 00:09:07,300
So this will show us all the applications that are already installed inside the device.
127
00:09:07,570 --> 00:09:14,800
And we can see, for example, if you manage to break into one of the Kopra devices owned by a an enterprise,
128
00:09:15,100 --> 00:09:20,980
then you realize that such application could be mirrored across all those different devices.
129
00:09:20,980 --> 00:09:25,300
And many large enterprises run thousands, tens of thousands of devices.
130
00:09:25,600 --> 00:09:30,820
So not just in terms of security controls and policies for your mobile devices, but what about your
131
00:09:30,820 --> 00:09:31,450
laptops?
132
00:09:31,450 --> 00:09:34,900
What your servers, what about your network devices and so on.
133
00:09:35,170 --> 00:09:41,970
So all these different kind of security policies have to have a strong effect across and across all
134
00:09:41,980 --> 00:09:46,660
these different devices that you run in order to secure them against many of these potential hack.
135
00:09:46,990 --> 00:09:50,640
So, of course, the main topic for today is dump on the score SMS.
136
00:09:50,650 --> 00:09:54,010
So with a very simple command, all you got to do is hit enter on that.
137
00:09:54,700 --> 00:10:01,030
And immediately you see that we have a file created onto our desktop over here on the left site and
138
00:10:01,030 --> 00:10:05,500
immediately we can just open it up and we can see all of the text messages.
139
00:10:05,500 --> 00:10:07,300
So go ahead and open it up.
140
00:10:08,290 --> 00:10:09,910
And over here we can see.
141
00:10:10,510 --> 00:10:17,290
Can transfer five hundred thousand US dollars for a cybersecurity project and let's go back into the
142
00:10:17,290 --> 00:10:23,860
mobile device and we can click under these messages and immediately you can see that there was a text
143
00:10:23,860 --> 00:10:30,130
message and outgoing text message can transfer five hundred thousand US dollars here for our cybersecurity
144
00:10:30,130 --> 00:10:30,590
project.
145
00:10:31,060 --> 00:10:32,770
So there are a lot more instructions.
146
00:10:32,770 --> 00:10:37,540
There's a lot more commands that we can do as part of this Android hacking series.
147
00:10:37,930 --> 00:10:39,280
So I'll do what I'll do.
148
00:10:39,310 --> 00:10:41,380
Stay tuned for more tutorials for you.
149
00:10:41,650 --> 00:10:45,190
So if you have learned something valuable in today's tutorial, we're going to like sharing.
150
00:10:45,190 --> 00:10:48,630
Subscribe to a channel so that you can be kept abreast of the latest cybersecurity.
151
00:10:49,090 --> 00:10:50,650
Thank you so much once again for watching.
16538
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.