Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,760 --> 00:00:07,060 Know before we dive into the course content I'd like to give you a teaser or a taste of what you'll 2 00:00:07,060 --> 00:00:10,160 be able to do by the end of the course. 3 00:00:10,270 --> 00:00:12,470 So this is going to be one example. 4 00:00:12,550 --> 00:00:17,800 That's based on one topic that's covered in one subsection of the course. 5 00:00:18,130 --> 00:00:21,180 So by the end of the Course you'll be able to do so much more. 6 00:00:21,340 --> 00:00:27,370 But I chose to make a teaser on this topic because first of all it's the last topic explained in the 7 00:00:27,370 --> 00:00:27,930 course. 8 00:00:28,080 --> 00:00:31,940 To have to go through the whole course to know how to do this. 9 00:00:32,020 --> 00:00:39,880 Also I think this topic can be used to make a really nice teaser now because this is a teaser lecture. 10 00:00:39,880 --> 00:00:45,160 I'm not going to explain the technical aspect of how am I doing this because I'm going to teach you 11 00:00:45,160 --> 00:00:51,270 how to do this as you go through the course for now just sit back and enjoy this lecture. 12 00:00:51,280 --> 00:00:56,110 And after this lecture we're going to dive into the course content where you learn how to do things 13 00:00:56,110 --> 00:00:58,390 like this and much much more. 14 00:00:58,420 --> 00:01:05,890 So we're going to try to hark into this Windows machine from this candy machine. 15 00:01:06,040 --> 00:01:12,490 Now this Windows machine is connected to the same network as this Callimachi And so this attack will 16 00:01:12,490 --> 00:01:19,000 work whether the windows and the Callimachi are connected to the same Wi-Fi network or if they're connected 17 00:01:19,000 --> 00:01:22,910 to the same ethernet or wired network. 18 00:01:22,960 --> 00:01:26,360 Now as you can see the Callimachi is full of weird text. 19 00:01:26,470 --> 00:01:29,750 That's because I've already executed all of the attack. 20 00:01:29,880 --> 00:01:32,590 So I'm listening for incoming connections here. 21 00:01:32,630 --> 00:01:36,090 I'm a piece spoofing the Windows machine here. 22 00:01:36,160 --> 00:01:40,050 I'm running the script that's doing all the magic in here. 23 00:01:40,540 --> 00:01:48,190 Basically the script that's running and this terminal tab in here can be used to convert any file that 24 00:01:48,220 --> 00:01:52,760 any person downloads to a trojan made out of that file. 25 00:01:52,990 --> 00:01:57,870 As long as the person is connected to the same network as us. 26 00:01:58,030 --> 00:02:01,800 Now this script is not something that we're just going to download and install. 27 00:02:01,840 --> 00:02:06,820 You're going to learn how to actually think and write scripts like this one. 28 00:02:06,820 --> 00:02:11,920 So throughout the course we're going to implement the script ourselves use in Python and man in the 29 00:02:11,920 --> 00:02:16,440 middle proxy so the script is already running. 30 00:02:16,480 --> 00:02:18,760 And let's go and see it in action. 31 00:02:18,820 --> 00:02:22,120 So let's say the target person wants to download Firefox. 32 00:02:22,120 --> 00:02:24,180 So we're just going to go to Firefox dot com 33 00:02:26,960 --> 00:02:28,630 we get Firefox Web site. 34 00:02:28,640 --> 00:02:32,270 Now keep in mind Firefox Web sites use TTP. 35 00:02:32,420 --> 00:02:36,690 So it's supposed to be secure against attacks like this one. 36 00:02:36,710 --> 00:02:43,550 Now the user is just going to go and download Firefox from the bottom that the Web site offers. 37 00:02:43,740 --> 00:02:46,980 And then the Firefox installer is going to get downloaded. 38 00:02:46,980 --> 00:02:52,840 As you can see here then I'm just going to go to my downloads to show you. 39 00:02:52,940 --> 00:02:56,110 You can see we have a file with an installer icon. 40 00:02:56,180 --> 00:02:58,310 It's called Firefox installer. 41 00:02:58,310 --> 00:03:01,650 If we double click this it's an X.. 42 00:03:01,730 --> 00:03:06,700 So it's asking me if I want to run this DXi I'm going to say yes I want to install Firefox. 43 00:03:07,070 --> 00:03:12,110 And as you can see we have the publisher Firefox which is all good. 44 00:03:12,320 --> 00:03:17,150 We're going to say yes please install this for me and then we're going to get the Firefox installer. 45 00:03:17,150 --> 00:03:19,100 So everything looks perfect. 46 00:03:19,190 --> 00:03:20,960 Nothing suspicious at all. 47 00:03:21,920 --> 00:03:27,210 If we go to the candy machine you'll see that we actually gained access to this computer. 48 00:03:27,440 --> 00:03:33,380 And now we actually have full control over this computer and I can do whatever I want with it so I can 49 00:03:33,380 --> 00:03:39,130 download upload files at the files install programs install viruses log. 50 00:03:39,140 --> 00:03:47,040 The key is or do anything I want I can even access the computer resources such as the mike or the webcam. 51 00:03:47,210 --> 00:03:53,720 So as you know I like to run the webcam in my teaser lectures just to convey the idea that I have full 52 00:03:53,720 --> 00:03:55,900 control over the computer. 53 00:03:56,030 --> 00:04:02,300 So I'm just going to do webcams Trium to open the web cam of the hacked computer. 54 00:04:02,540 --> 00:04:07,240 And as you can see you'll see me through the webcam of the windows computer. 55 00:04:07,250 --> 00:04:11,890 Now I'm going to close this and this is not all that I want to show you. 56 00:04:12,520 --> 00:04:18,670 Know this script will also work with other file types because they're going to understand how this works 57 00:04:18,670 --> 00:04:20,510 and how to implement it yourself. 58 00:04:20,560 --> 00:04:24,790 You're going to be able to adapt it to get it to work with any file type. 59 00:04:25,180 --> 00:04:33,900 So let me close this so I'm going to do Control-C exploit or sorry exit first to close this connection. 60 00:04:34,090 --> 00:04:37,210 So right now I close my connection with the hacked machine. 61 00:04:37,210 --> 00:04:39,430 I don't have control over it anymore. 62 00:04:39,820 --> 00:04:41,970 And I'm going to do exploit again. 63 00:04:42,460 --> 00:04:49,410 And now I'm going to go to the Windows machine and I'm going to close this and I'm going to try to download 64 00:04:49,560 --> 00:04:53,710 a PDA if I'm just going to try to open a normal PDA or file. 65 00:04:53,760 --> 00:04:57,250 So let's say the target wants to learn about network security. 66 00:04:57,300 --> 00:05:04,630 So they're going to look for network security PBF that's go to the first result in here I'm going to 67 00:05:04,630 --> 00:05:07,490 click on that. 68 00:05:07,780 --> 00:05:11,490 Now as you can see this got downloaded as a zip file. 69 00:05:11,980 --> 00:05:19,330 So if I go to my downloads you'll see I have a zip file called security I'm going to extract this here. 70 00:05:21,050 --> 00:05:26,220 And as you can see I have a PDA a book called security has a PDA icon. 71 00:05:26,450 --> 00:05:34,540 If we double click this we will get our book about network security or we can learn about the different 72 00:05:34,540 --> 00:05:36,690 aspects of network security. 73 00:05:37,120 --> 00:05:43,480 But if we go to the Callimachi And again you can see that we have full control over the machine we got 74 00:05:43,480 --> 00:05:45,770 an interpreter connection. 75 00:05:45,850 --> 00:05:51,280 Again just as an example I'm going to run the Web stream to show you that I got full control and I can 76 00:05:51,280 --> 00:05:52,520 access the webcam. 77 00:05:52,570 --> 00:05:58,340 And here we go access and the webcam through the hacked Windows machine. 78 00:05:58,350 --> 00:06:02,460 Now as I said this is just a taste of what you'll be able to do. 79 00:06:02,460 --> 00:06:05,880 This is not everything that's going to be covered in the course. 80 00:06:05,880 --> 00:06:12,180 This is only covered in one subsection of the course and you're going to understand exactly how to do 81 00:06:12,180 --> 00:06:16,440 this and how to write the tool that's used to run this attack. 82 00:06:16,440 --> 00:06:21,510 So you're going to be able to use the same knowledge to implement other man in the middle tools that 83 00:06:21,530 --> 00:06:23,810 run your own attack ideas. 84 00:06:24,900 --> 00:06:28,340 Throughout the course we're going to learn a lot more than just this. 85 00:06:28,500 --> 00:06:32,100 And with everything that you're going to learn you're going to learn it in details. 86 00:06:32,160 --> 00:06:37,470 And we're going to break it down into small components so that you understand how they work and you 87 00:06:37,470 --> 00:06:41,370 can combine them together to run your own attack ideas. 9209