Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:12,100 --> 00:00:14,110 Hi and welcome back to another episode on How to Hack. 2 00:00:14,500 --> 00:00:17,570 So today we'll be discussing about the use of ghost framework. 3 00:00:17,680 --> 00:00:20,090 So here I am at their page on GitHub dot com. 4 00:00:20,470 --> 00:00:21,760 So we have the ghost framework. 5 00:00:21,770 --> 00:00:27,490 So what he does is that it allows us to connect to Android, debark bridge and be able to do our command 6 00:00:27,490 --> 00:00:28,400 and control from there. 7 00:00:28,420 --> 00:00:30,280 So really great tool on that team. 8 00:00:30,430 --> 00:00:34,630 So over here, of course, we got a ghost framework and you can actually download a file directly, 9 00:00:34,870 --> 00:00:38,000 try to get clone or you can actually download a file from GitHub dot com. 10 00:00:38,470 --> 00:00:42,520 So once we're in over here, I go colonics running so I can actually open a new terminal. 11 00:00:42,520 --> 00:00:47,710 And of course, I can zoom in a little so it's easier for you to see and learn so I can enjoy less or 12 00:00:47,740 --> 00:00:49,180 change directly into ghosts. 13 00:00:49,480 --> 00:00:52,810 And I can enter the to see all the files and folders. 14 00:00:53,410 --> 00:00:55,170 So over here I already got the installed. 15 00:00:55,180 --> 00:00:56,320 Don't execute it. 16 00:00:56,350 --> 00:01:02,320 So all you got to do is use the plus X, so that would actually allow you to change the permission into 17 00:01:02,320 --> 00:01:03,610 executable for the install. 18 00:01:04,450 --> 00:01:10,360 So you go ahead and do that and enter slash installed on S.H. and that will begin the installation process 19 00:01:10,360 --> 00:01:15,140 of ghosts and it will start downloading all the dependencies required to run the ghost framework. 20 00:01:15,610 --> 00:01:21,160 So once you have the framework being in place and you've installed it completely into your call on Xbox, 21 00:01:21,520 --> 00:01:24,730 the next thing you can do is just go ahead, enter pseudo goes. 22 00:01:24,850 --> 00:01:29,290 So goes does require us to have super user privileges in order to run it. 23 00:01:29,950 --> 00:01:33,260 So go ahead and hit enter on that and enter a plea for your password. 24 00:01:33,280 --> 00:01:36,880 So again, whatever password you have set for colonics, go hit enter for that. 25 00:01:37,390 --> 00:01:39,700 So of course, the default one for Collie's call. 26 00:01:39,760 --> 00:01:44,790 So here we are in the ghost framework version five point zero and all you're going to do is enter help. 27 00:01:44,800 --> 00:01:49,540 So help would actually show us all the commands available as part of the framework. 28 00:01:49,810 --> 00:01:54,580 So, of course, in this case, we got clear, disconnect, connect, exit help and update after ghost 29 00:01:54,580 --> 00:01:55,030 framework. 30 00:01:55,540 --> 00:02:01,630 So, of course, there will a lot of questions previously about using Android, Rockbridge and how we 31 00:02:01,630 --> 00:02:03,650 were trying to get access into the system. 32 00:02:04,180 --> 00:02:09,340 So, again, I want to highlight on a previous video that we were doing on a cyber attack is that this 33 00:02:09,340 --> 00:02:14,320 is what we call the delivery mechanism, the delivery phase and in the delivery phase of many different 34 00:02:14,320 --> 00:02:18,130 options that we can use, we can use USB, we can use wireless. 35 00:02:18,130 --> 00:02:22,930 And of course, in this case, we're using Android debug breach or we could also begin using emulous 36 00:02:22,930 --> 00:02:28,330 payload so that when users click onto the payload Démocratie Excel all the ling fishing link that we 37 00:02:28,330 --> 00:02:30,810 use, we'll be able to gain access and do a machine. 38 00:02:31,000 --> 00:02:34,570 So Android debarked, which is just one of those delivery mechanisms. 39 00:02:35,080 --> 00:02:36,670 And of course, how can we highlight that? 40 00:02:36,880 --> 00:02:39,010 I can highlight that by going into Shodan. 41 00:02:39,010 --> 00:02:41,290 So Shodan is a Internet of Things crawler. 42 00:02:41,290 --> 00:02:48,010 So Krall's Judy Ho Internet trying to find out all this Internet of Things devices so your webcam rules, 43 00:02:48,370 --> 00:02:50,110 your Android devices. 44 00:02:50,110 --> 00:02:54,280 And of course, in this case, we're going to look for Android debark breach and it can also look for 45 00:02:54,280 --> 00:02:57,130 databases, Scotter Systems and so on. 46 00:02:57,320 --> 00:03:01,410 So great to I have an account here, so wonderful platform to to look at. 47 00:03:01,960 --> 00:03:06,100 So all you got to do is enter Android, debark breach and hit enter on debt. 48 00:03:06,100 --> 00:03:11,290 So that would show all the IP addresses that have Android Broadbridge available. 49 00:03:11,290 --> 00:03:13,780 Inside Shodan has quadrupled the whole Internet. 50 00:03:14,170 --> 00:03:20,020 So you click on Search on that and it would actually show all the IP addresses of the Android devices 51 00:03:20,140 --> 00:03:21,250 that we can connect into. 52 00:03:21,280 --> 00:03:23,980 So of course I am going to grill all this information. 53 00:03:24,340 --> 00:03:29,380 And of course this is where we go back into colonics and we can try to connect into the system. 54 00:03:29,380 --> 00:03:35,120 So really, really interesting way of trying to look at how we can control the Android devices through 55 00:03:35,170 --> 00:03:36,220 this delivery mechanism. 56 00:03:36,220 --> 00:03:37,540 So great way to think about it. 57 00:03:38,890 --> 00:03:40,900 So over here, we got a grilles framework. 58 00:03:40,900 --> 00:03:45,040 So we got to do is connect and follow the IP address of the Android device. 59 00:03:45,310 --> 00:03:48,030 So, of course, in my case, I actually have my own Android device running. 60 00:03:48,280 --> 00:03:51,830 So here is my own Android device and we are going to connect to it directly. 61 00:03:51,850 --> 00:03:57,220 So, again, if you manage to find all these Android devices onto the Internet, this is again, one 62 00:03:57,220 --> 00:03:59,610 of those matters that you can do your delivery mechanism. 63 00:04:00,250 --> 00:04:02,650 So go ahead and interconnect, followed by the IP address. 64 00:04:02,650 --> 00:04:08,920 So, of course, I have my IP address of my Android device as one or two one six eight one seven six. 65 00:04:09,190 --> 00:04:15,580 So again, I really encourage or discourage you to connect into any of these IP addresses available 66 00:04:15,580 --> 00:04:21,580 on the Internet via Android debark, because that is a huge gray area where you could be considered 67 00:04:21,580 --> 00:04:24,120 as trying to hack into IT devices. 68 00:04:25,030 --> 00:04:28,110 So once we connect to our own Android device, hit enter on that. 69 00:04:28,120 --> 00:04:30,790 And this would send a payload into the IP address. 70 00:04:30,790 --> 00:04:32,430 And now we are into the system. 71 00:04:32,440 --> 00:04:36,190 So we have complete control of the Android device in our account or help. 72 00:04:36,460 --> 00:04:38,700 So here we got a number of commands that we can use. 73 00:04:39,040 --> 00:04:40,180 So we got it passed. 74 00:04:40,180 --> 00:04:44,980 We got shall we get us hech open device, Rechelle upload local files. 75 00:04:44,980 --> 00:04:51,580 So a lot of different capabilities that we can actually use as part of the attack into Android devices 76 00:04:51,580 --> 00:04:52,830 through Android debark breech. 77 00:04:53,290 --> 00:04:58,870 So of course, one of the very easy ways to enter this infl so this would actually tell us more information 78 00:04:58,870 --> 00:05:00,390 about the system in question. 79 00:05:00,670 --> 00:05:05,770 So here is showing us a lot of information, a lot of details about the Android device, and this allows 80 00:05:05,890 --> 00:05:09,660 us to think about a potential exploit that we can use as part of. 81 00:05:09,790 --> 00:05:14,230 The supply framework that we have learned a lot, this whole YouTube channel and of course, the next 82 00:05:14,230 --> 00:05:19,300 commander we can also look at could also be on the net stat to find out what are some of the network 83 00:05:19,300 --> 00:05:21,730 sessions available as part of the Android device. 84 00:05:21,740 --> 00:05:26,950 So here we can see a lot of information and some of this information could be really sensitive information 85 00:05:26,950 --> 00:05:29,780 that we can see and find out a lot from from the system. 86 00:05:30,640 --> 00:05:33,130 So I hope you'll learn something valuable in today's tutorial. 87 00:05:33,130 --> 00:05:36,700 And if I have any questions, feel free to leave a comment below and I'll try my best to answer any 88 00:05:36,700 --> 00:05:37,300 of your questions. 89 00:05:37,310 --> 00:05:41,500 So we're going to like sharing subscribe to a channel so that you can be kept abreast of the latest 90 00:05:41,500 --> 00:05:42,290 cybersecurity story. 91 00:05:42,610 --> 00:05:44,020 Thank you so much once again for watching. 9965