Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,359 --> 00:00:02,580
hello everybody and welcome to this
2
00:00:02,580 --> 00:00:05,040
complete Python 3 hacking course
3
00:00:05,040 --> 00:00:07,080
now in this course we are going to code
4
00:00:07,080 --> 00:00:09,540
multiple projects each one of them will
5
00:00:09,540 --> 00:00:11,519
have its own purpose and you will have
6
00:00:11,519 --> 00:00:13,440
all of the code at the end of each
7
00:00:13,440 --> 00:00:15,299
project in the resources list to
8
00:00:15,299 --> 00:00:16,560
download
9
00:00:16,560 --> 00:00:18,539
and by the end of this course you should
10
00:00:18,539 --> 00:00:20,460
have a pretty good knowledge on how to
11
00:00:20,460 --> 00:00:22,800
create tools using Python 3 for your own
12
00:00:22,800 --> 00:00:25,019
penetration tests
13
00:00:25,019 --> 00:00:26,640
so as I mentioned this will gather
14
00:00:26,640 --> 00:00:28,439
different tools from different fields
15
00:00:28,439 --> 00:00:30,900
such as for example Port scanners back
16
00:00:30,900 --> 00:00:33,420
doors email Scrappers vulnerability
17
00:00:33,420 --> 00:00:35,820
scanners and many more
18
00:00:35,820 --> 00:00:38,160
I'm going to code as we go and explain
19
00:00:38,160 --> 00:00:40,379
everything line by line so you should
20
00:00:40,379 --> 00:00:42,420
have no problem understanding the code
21
00:00:42,420 --> 00:00:44,640
and just in case you don't like to code
22
00:00:44,640 --> 00:00:46,920
along you will have all of the programs
23
00:00:46,920 --> 00:00:49,200
available to download at the end of each
24
00:00:49,200 --> 00:00:51,600
project you can simply just download the
25
00:00:51,600 --> 00:00:54,120
code and follow along the tutorials as I
26
00:00:54,120 --> 00:00:57,000
explain without having to code anything
27
00:00:57,000 --> 00:00:58,260
okay
28
00:00:58,260 --> 00:01:00,899
now one important thing is if you have
29
00:01:00,899 --> 00:01:03,239
any questions regarding any program or
30
00:01:03,239 --> 00:01:04,979
if you have any proposals and you want
31
00:01:04,979 --> 00:01:06,840
me to add something to the course feel
32
00:01:06,840 --> 00:01:08,820
free to post in the Q a section and I
33
00:01:08,820 --> 00:01:11,220
will respond as soon as I can
34
00:01:11,220 --> 00:01:13,080
also if you don't understand anything
35
00:01:13,080 --> 00:01:15,119
make sure that you post in the Q a
36
00:01:15,119 --> 00:01:17,340
section or send me a private message and
37
00:01:17,340 --> 00:01:19,799
I will also respond there as well
38
00:01:19,799 --> 00:01:21,600
another thing to mention is that
39
00:01:21,600 --> 00:01:22,920
throughout the course there will be
40
00:01:22,920 --> 00:01:24,659
different articles and bonus lectures
41
00:01:24,659 --> 00:01:26,280
which will give you additional knowledge
42
00:01:26,280 --> 00:01:28,560
and for example if this course doesn't
43
00:01:28,560 --> 00:01:30,000
cover something such as for example
44
00:01:30,000 --> 00:01:32,280
installing Windows 7 virtual machine
45
00:01:32,280 --> 00:01:35,100
I'll make sure to leave a link to the
46
00:01:35,100 --> 00:01:36,780
tutorial where you can watch and follow
47
00:01:36,780 --> 00:01:38,520
along the tutorial in order to continue
48
00:01:38,520 --> 00:01:39,659
the course
49
00:01:39,659 --> 00:01:41,880
this course will be updated every month
50
00:01:41,880 --> 00:01:45,420
with new lectures with updated code and
51
00:01:45,420 --> 00:01:47,640
with your proposals if you tell me for
52
00:01:47,640 --> 00:01:48,900
example you want to see an updated
53
00:01:48,900 --> 00:01:50,759
keylogger I will make sure that they
54
00:01:50,759 --> 00:01:53,280
create it and put it inside of a course
55
00:01:53,280 --> 00:01:55,079
now in this course we are going to use
56
00:01:55,079 --> 00:01:57,119
Kali Linux as a virtual machine and
57
00:01:57,119 --> 00:01:58,380
don't worry I will lead you through the
58
00:01:58,380 --> 00:02:00,899
steps of installation in the
59
00:02:00,899 --> 00:02:02,880
introductory part of the course in case
60
00:02:02,880 --> 00:02:04,860
you're an advanced ethical hacker feel
61
00:02:04,860 --> 00:02:06,659
free to skip the introductory part and
62
00:02:06,659 --> 00:02:08,758
get straight into the coding lessons
63
00:02:08,758 --> 00:02:10,739
for all of you beginners I will teach
64
00:02:10,739 --> 00:02:12,480
you in the introductory video how you
65
00:02:12,480 --> 00:02:14,280
can create your own virtual machine and
66
00:02:14,280 --> 00:02:16,500
set up your own environment in order to
67
00:02:16,500 --> 00:02:18,360
start with this course
68
00:02:18,360 --> 00:02:20,700
another advice that I have is in case
69
00:02:20,700 --> 00:02:22,500
you don't have too much python knowledge
70
00:02:22,500 --> 00:02:24,420
feel free to also take a course on the
71
00:02:24,420 --> 00:02:26,700
side as we are not going to cover Python
72
00:02:26,700 --> 00:02:29,099
3 Basics we're going to get straight
73
00:02:29,099 --> 00:02:31,440
into coding different tools with python
74
00:02:31,440 --> 00:02:32,459
3.
75
00:02:32,459 --> 00:02:34,080
now even though I'm going to explain
76
00:02:34,080 --> 00:02:35,879
some of the basics throughout our code
77
00:02:35,879 --> 00:02:38,220
it would still be best for you if you
78
00:02:38,220 --> 00:02:39,959
would take a Python 3 separate course
79
00:02:39,959 --> 00:02:41,940
and I will also have some of my
80
00:02:41,940 --> 00:02:44,519
recommendations for Python 3 courses in
81
00:02:44,519 --> 00:02:46,860
the resources of this lecture so without
82
00:02:46,860 --> 00:02:49,080
further Ado thank you for enrolling and
83
00:02:49,080 --> 00:02:50,879
let's not make this any longer and let's
84
00:02:50,879 --> 00:02:53,160
get straight into the course
85
00:02:53,160 --> 00:02:55,019
hello everyone and welcome to the
86
00:02:55,019 --> 00:02:57,540
trailer of our course now in this short
87
00:02:57,540 --> 00:02:59,459
video I will give you a small teaser as
88
00:02:59,459 --> 00:03:01,200
to what you can expect after you finish
89
00:03:01,200 --> 00:03:03,720
this course it's always the best idea to
90
00:03:03,720 --> 00:03:05,459
show the students some of the things
91
00:03:05,459 --> 00:03:06,780
that you will be doing inside of the
92
00:03:06,780 --> 00:03:08,580
course and some of the things that they
93
00:03:08,580 --> 00:03:10,739
will learn and master at the end
94
00:03:10,739 --> 00:03:13,140
so for this teaser I decided to show you
95
00:03:13,140 --> 00:03:15,599
the back door but not just any back door
96
00:03:15,599 --> 00:03:17,879
I decided to show you a back door that
97
00:03:17,879 --> 00:03:19,319
we're going to run from two separate
98
00:03:19,319 --> 00:03:21,060
machines and we will establish two
99
00:03:21,060 --> 00:03:23,459
connections with Target systems we will
100
00:03:23,459 --> 00:03:25,019
be able to switch between both of these
101
00:03:25,019 --> 00:03:27,120
connections and execute commands on both
102
00:03:27,120 --> 00:03:28,620
of the systems
103
00:03:28,620 --> 00:03:30,720
let me show you what they mean now don't
104
00:03:30,720 --> 00:03:32,220
worry if you don't understand anything
105
00:03:32,220 --> 00:03:34,620
in this tutorial we're going to code all
106
00:03:34,620 --> 00:03:36,840
of this and I will explain it in the
107
00:03:36,840 --> 00:03:39,599
future projects for now on just sit back
108
00:03:39,599 --> 00:03:41,400
and enjoy the teaser
109
00:03:41,400 --> 00:03:43,980
here we have the Kali Linux machine from
110
00:03:43,980 --> 00:03:45,420
this cataly Linux machine I will use
111
00:03:45,420 --> 00:03:47,459
Python 3 to run a command the control
112
00:03:47,459 --> 00:03:49,200
center which is our program that we
113
00:03:49,200 --> 00:03:51,659
coded I will run it right here and it
114
00:03:51,659 --> 00:03:53,159
will tell us that it is waiting for the
115
00:03:53,159 --> 00:03:54,959
incoming connections
116
00:03:54,959 --> 00:03:57,540
okay so now if I go back to my Windows
117
00:03:57,540 --> 00:03:59,819
10 machine which is this one I will have
118
00:03:59,819 --> 00:04:02,519
this picture.jpg file which looks like a
119
00:04:02,519 --> 00:04:06,360
normal image but if we execute it
120
00:04:06,360 --> 00:04:08,340
it will also open up the image and
121
00:04:08,340 --> 00:04:10,500
nothing else if we see nothing else is
122
00:04:10,500 --> 00:04:12,659
being opened so everything looks
123
00:04:12,659 --> 00:04:15,180
normally but this actual file in the
124
00:04:15,180 --> 00:04:17,940
background opened up our back door which
125
00:04:17,940 --> 00:04:19,798
is also a program that we're going to
126
00:04:19,798 --> 00:04:20,519
code
127
00:04:20,519 --> 00:04:22,919
if you go to Kali Linux
128
00:04:22,919 --> 00:04:25,259
in just a few seconds we should see the
129
00:04:25,259 --> 00:04:28,500
connection from our Windows 10 machine
130
00:04:28,500 --> 00:04:30,300
while it is connecting to our Command
131
00:04:30,300 --> 00:04:33,360
control center oh here it is so we got
132
00:04:33,360 --> 00:04:34,940
the connection from
133
00:04:34,940 --> 00:04:37,199
192.168.1.2 which is the IP address of
134
00:04:37,199 --> 00:04:39,479
my windows 10. let's also run the same
135
00:04:39,479 --> 00:04:41,520
file from my Windows 10 virtual machine
136
00:04:41,520 --> 00:04:43,940
if I go right here double click on
137
00:04:43,940 --> 00:04:47,040
picture.jpg click on run it will open up
138
00:04:47,040 --> 00:04:49,020
an image and nothing else but it will
139
00:04:49,020 --> 00:04:52,440
also run in the background our back door
140
00:04:52,440 --> 00:04:54,419
let's go to our Cal Linux and see
141
00:04:54,419 --> 00:04:56,639
whether we receive the connection
142
00:04:56,639 --> 00:04:58,440
and here it is here's the connection
143
00:04:58,440 --> 00:05:00,479
from the Windows 7 machine so now we got
144
00:05:00,479 --> 00:05:03,000
two Targets connected to our commander
145
00:05:03,000 --> 00:05:05,100
control center we can check all the
146
00:05:05,100 --> 00:05:07,080
sessions that we have by typing targets
147
00:05:07,080 --> 00:05:09,660
command it will print us session zero
148
00:05:09,660 --> 00:05:11,880
with this IP address and session one
149
00:05:11,880 --> 00:05:14,520
with this IP address right here
150
00:05:14,520 --> 00:05:16,680
in order to access any of these sessions
151
00:05:16,680 --> 00:05:19,380
we can simply just specify session one
152
00:05:19,380 --> 00:05:21,900
which is our Windows 7 machine and type
153
00:05:21,900 --> 00:05:24,240
who am I and execute all of the commands
154
00:05:24,240 --> 00:05:26,520
such as ipconfig
155
00:05:26,520 --> 00:05:28,919
such as deer in order to check all the
156
00:05:28,919 --> 00:05:31,500
contents in that specific directory so
157
00:05:31,500 --> 00:05:34,259
here it is if we want to we can also set
158
00:05:34,259 --> 00:05:37,380
this session to the background
159
00:05:37,380 --> 00:05:39,539
and clear the screen and we can enter
160
00:05:39,539 --> 00:05:42,660
session 0 which is Windows 10 machine
161
00:05:42,660 --> 00:05:44,759
if I type who am I inside of a Windows
162
00:05:44,759 --> 00:05:46,620
10 machine I will see a different
163
00:05:46,620 --> 00:05:48,600
response than to Windows 7 which means
164
00:05:48,600 --> 00:05:50,580
we are on a different Target
165
00:05:50,580 --> 00:05:53,520
if I type ipconfig
166
00:05:53,520 --> 00:05:55,919
you will see a different IP address as
167
00:05:55,919 --> 00:05:57,780
well as there will give you a different
168
00:05:57,780 --> 00:06:00,539
output for that specific directory
169
00:06:00,539 --> 00:06:03,000
okay we can use the clear command inside
170
00:06:03,000 --> 00:06:04,860
of a shell in order to clear the screen
171
00:06:04,860 --> 00:06:07,199
in case we have multiple commands
172
00:06:07,199 --> 00:06:09,300
if I type the help command inside of a
173
00:06:09,300 --> 00:06:11,039
shell function it will give us all the
174
00:06:11,039 --> 00:06:13,139
available things that we can do with our
175
00:06:13,139 --> 00:06:14,580
Target
176
00:06:14,580 --> 00:06:16,560
we can change the directories using CD
177
00:06:16,560 --> 00:06:18,780
command we can upload files download
178
00:06:18,780 --> 00:06:21,419
files we can start our keylogger using
179
00:06:21,419 --> 00:06:23,400
the key log start so let's give it a try
180
00:06:23,400 --> 00:06:25,800
let's start our key logger let's type
181
00:06:25,800 --> 00:06:27,000
key log
182
00:06:27,000 --> 00:06:28,620
underscore start
183
00:06:28,620 --> 00:06:30,180
it will give us a message that the
184
00:06:30,180 --> 00:06:32,160
keylogger has been started so let's open
185
00:06:32,160 --> 00:06:34,380
up Notepad
186
00:06:34,380 --> 00:06:36,660
and start typing something inside of our
187
00:06:36,660 --> 00:06:39,780
Windows 10 notepad so if I type how is
188
00:06:39,780 --> 00:06:41,460
your day
189
00:06:41,460 --> 00:06:46,639
question mark can you see this message
190
00:06:46,740 --> 00:06:49,259
and we go back to our Calvin Linux
191
00:06:49,259 --> 00:06:50,699
machine and we take a look at the help
192
00:06:50,699 --> 00:06:52,800
command keylog underscore dump we'll
193
00:06:52,800 --> 00:06:54,840
print the keystrokes the target inputted
194
00:06:54,840 --> 00:06:57,060
so let's try it out key log underscore
195
00:06:57,060 --> 00:06:58,020
dump
196
00:06:58,020 --> 00:07:00,900
press enter and here we get notepad how
197
00:07:00,900 --> 00:07:03,300
is your date question mark can you see
198
00:07:03,300 --> 00:07:05,639
this message another question mark
199
00:07:05,639 --> 00:07:07,979
we can also stop the key logger by
200
00:07:07,979 --> 00:07:10,860
typing keylog underscore stop which will
201
00:07:10,860 --> 00:07:13,440
stop and self-destruct the keylogger
202
00:07:13,440 --> 00:07:15,840
file as it says right here
203
00:07:15,840 --> 00:07:17,639
if we want we can also create the
204
00:07:17,639 --> 00:07:19,020
persistence
205
00:07:19,020 --> 00:07:20,759
which will allow us to start our back
206
00:07:20,759 --> 00:07:22,979
door every time that the target restarts
207
00:07:22,979 --> 00:07:24,060
their machine
208
00:07:24,060 --> 00:07:25,620
so they only need to start the first
209
00:07:25,620 --> 00:07:28,259
time and every other time our backdoor
210
00:07:28,259 --> 00:07:29,880
will start on its own
211
00:07:29,880 --> 00:07:31,740
and another interesting command that we
212
00:07:31,740 --> 00:07:33,780
can do which is not specified right here
213
00:07:33,780 --> 00:07:36,419
is the screenshot command so if I type
214
00:07:36,419 --> 00:07:37,680
screenshot
215
00:07:37,680 --> 00:07:40,020
and before I press enter let me lower
216
00:07:40,020 --> 00:07:42,300
this so we can see everything
217
00:07:42,300 --> 00:07:45,300
if I type screenshot and press enter in
218
00:07:45,300 --> 00:07:47,039
just a few seconds we should have a
219
00:07:47,039 --> 00:07:49,259
screenshot of the target's desktop saved
220
00:07:49,259 --> 00:07:51,000
on our cataly Linux machine
221
00:07:51,000 --> 00:07:52,560
so let's see whether we saved it
222
00:07:52,560 --> 00:07:54,960
correctly if we go to the file
223
00:07:54,960 --> 00:07:57,300
here is the screenshot saved under the
224
00:07:57,300 --> 00:07:59,460
name screenshot 0.
225
00:07:59,460 --> 00:08:01,740
and here it is it is the exact same
226
00:08:01,740 --> 00:08:03,720
image that we saw before we pressed
227
00:08:03,720 --> 00:08:05,759
enter on the screenshot command so we
228
00:08:05,759 --> 00:08:07,440
successfully have the screenshot option
229
00:08:07,440 --> 00:08:10,020
in order to capture the target's desktop
230
00:08:10,020 --> 00:08:11,940
and that is just some of the options the
231
00:08:11,940 --> 00:08:14,340
power back door can do and this Vector
232
00:08:14,340 --> 00:08:15,780
is just one of the programs that we're
233
00:08:15,780 --> 00:08:18,660
going to code throughout this course
234
00:08:18,660 --> 00:08:20,819
so this is just a small teaser I showed
235
00:08:20,819 --> 00:08:22,319
you what we are going to do
236
00:08:22,319 --> 00:08:24,960
this is only a small portion of it or
237
00:08:24,960 --> 00:08:26,520
just a small portion of what our back
238
00:08:26,520 --> 00:08:28,860
door can do and we're going to see how
239
00:08:28,860 --> 00:08:31,259
we can code all of this inside of the
240
00:08:31,259 --> 00:08:33,419
future projects so thank you for
241
00:08:33,419 --> 00:08:35,279
watching and I will see you in the
242
00:08:35,279 --> 00:08:37,320
future lectures bye
243
00:08:37,320 --> 00:08:39,360
welcome everybody to the first lecture
244
00:08:39,360 --> 00:08:41,580
of our introduction section of our
245
00:08:41,580 --> 00:08:43,320
python hacking course
246
00:08:43,320 --> 00:08:45,480
so in this tutorial I'm going to show
247
00:08:45,480 --> 00:08:47,820
you where you can find and how you can
248
00:08:47,820 --> 00:08:49,920
download and install the virtualbox
249
00:08:49,920 --> 00:08:52,140
software that we're going to need in
250
00:08:52,140 --> 00:08:54,779
order to create our virtual machines
251
00:08:54,779 --> 00:08:57,000
okay now it is rather easy to install
252
00:08:57,000 --> 00:08:59,399
the software and as its name says we're
253
00:08:59,399 --> 00:09:01,080
going to need it in order to host the
254
00:09:01,080 --> 00:09:03,060
Cal Linux machine in which we are going
255
00:09:03,060 --> 00:09:05,519
to write our python code so let's get
256
00:09:05,519 --> 00:09:07,980
straight into how to download it so all
257
00:09:07,980 --> 00:09:09,779
you need to do is go to your Google home
258
00:09:09,779 --> 00:09:12,240
or Firefox whichever search engine
259
00:09:12,240 --> 00:09:14,640
you're using and navigate to the link
260
00:09:14,640 --> 00:09:17,220
virtualbox.org
261
00:09:17,220 --> 00:09:19,380
once you visit this link it will lead
262
00:09:19,380 --> 00:09:21,120
you to this page where it would tell you
263
00:09:21,120 --> 00:09:23,640
to download virtualbox 6.1 now it
264
00:09:23,640 --> 00:09:25,200
doesn't really matter which version you
265
00:09:25,200 --> 00:09:27,180
are going to download they're rather all
266
00:09:27,180 --> 00:09:29,220
the same so you can simply just click on
267
00:09:29,220 --> 00:09:31,440
the newest one which in my case at the
268
00:09:31,440 --> 00:09:34,380
moment is 6.1 click on download
269
00:09:34,380 --> 00:09:36,120
and it will lead you to this page where
270
00:09:36,120 --> 00:09:38,160
it will ask you for which type of host
271
00:09:38,160 --> 00:09:40,620
you want to download the virtualbox
272
00:09:40,620 --> 00:09:42,600
and right here under the virtualbox
273
00:09:42,600 --> 00:09:45,120
platform packages you can choose Windows
274
00:09:45,120 --> 00:09:47,760
hosts or sex hosts Linux distributions
275
00:09:47,760 --> 00:09:49,800
and Solaris hosts
276
00:09:49,800 --> 00:09:51,540
since I am running Windows 10
277
00:09:51,540 --> 00:09:54,480
environment on my main PC I'm going to
278
00:09:54,480 --> 00:09:57,240
navigate to the windows hosts and just
279
00:09:57,240 --> 00:09:58,860
like that it should start downloading
280
00:09:58,860 --> 00:10:01,920
the virtualbox installer file onto my
281
00:10:01,920 --> 00:10:04,260
machine as we can see right here it is
282
00:10:04,260 --> 00:10:07,140
not that larger file it is 108 megabytes
283
00:10:07,140 --> 00:10:09,360
large so as soon as it downloads you can
284
00:10:09,360 --> 00:10:10,980
simply just run it and install
285
00:10:10,980 --> 00:10:12,660
virtualbox
286
00:10:12,660 --> 00:10:14,580
the process of installation virtualbox
287
00:10:14,580 --> 00:10:16,800
is rather easy but I'm still going to
288
00:10:16,800 --> 00:10:19,440
guide you through the steps as to how to
289
00:10:19,440 --> 00:10:21,420
install virtualbox
290
00:10:21,420 --> 00:10:23,820
so as we can see right here there's not
291
00:10:23,820 --> 00:10:25,740
much time left
292
00:10:25,740 --> 00:10:28,260
okay so here it is
293
00:10:28,260 --> 00:10:30,060
let's open this up
294
00:10:30,060 --> 00:10:32,220
showing folder
295
00:10:32,220 --> 00:10:34,320
I will paste it onto my desktop right
296
00:10:34,320 --> 00:10:35,399
here
297
00:10:35,399 --> 00:10:39,440
and all you need to do is run the file
298
00:10:41,100 --> 00:10:43,080
we get a pop-up window which says
299
00:10:43,080 --> 00:10:45,980
preparing to install
300
00:10:47,519 --> 00:10:49,560
and here is the welcome window to the
301
00:10:49,560 --> 00:10:51,959
fertile box we want to click next right
302
00:10:51,959 --> 00:10:53,579
here
303
00:10:53,579 --> 00:10:56,220
next here as well
304
00:10:56,220 --> 00:10:58,620
and under the custom setup you can
305
00:10:58,620 --> 00:11:00,180
choose which options you want to leave
306
00:11:00,180 --> 00:11:02,459
unchecked and which options you want to
307
00:11:02,459 --> 00:11:04,680
uncheck so for example I will leave all
308
00:11:04,680 --> 00:11:07,079
four checked as I do one start menu
309
00:11:07,079 --> 00:11:09,779
entries and I also want shortcut on my
310
00:11:09,779 --> 00:11:11,339
desktop so I'm just going to click on
311
00:11:11,339 --> 00:11:13,200
next right here
312
00:11:13,200 --> 00:11:15,120
and this is a warning that usually comes
313
00:11:15,120 --> 00:11:16,740
up once you install virtualbox which
314
00:11:16,740 --> 00:11:18,480
tells you that during the installation
315
00:11:18,480 --> 00:11:19,920
of virtualbox you might actually
316
00:11:19,920 --> 00:11:21,920
temporarily disconnect from the internet
317
00:11:21,920 --> 00:11:24,240
even though that never really happened
318
00:11:24,240 --> 00:11:26,640
to me it might be the best idea in case
319
00:11:26,640 --> 00:11:28,500
you're downloading something to actually
320
00:11:28,500 --> 00:11:30,600
wait for that to finish before you
321
00:11:30,600 --> 00:11:33,120
actually click on the yes to proceed the
322
00:11:33,120 --> 00:11:34,920
installation since I am not doing
323
00:11:34,920 --> 00:11:36,600
anything at the moment I am simply just
324
00:11:36,600 --> 00:11:38,160
going to click here yes
325
00:11:38,160 --> 00:11:41,640
and click here on install
326
00:11:41,640 --> 00:11:43,560
and as it says right here this may take
327
00:11:43,560 --> 00:11:45,660
several minutes usually it is around two
328
00:11:45,660 --> 00:11:48,120
to three minutes it will ask us for the
329
00:11:48,120 --> 00:11:50,100
administrator password we are going to
330
00:11:50,100 --> 00:11:51,899
click here yes since I don't really have
331
00:11:51,899 --> 00:11:53,820
a password to type in and it should
332
00:11:53,820 --> 00:11:56,040
start installing virtualbox on my
333
00:11:56,040 --> 00:11:57,720
machine
334
00:11:57,720 --> 00:11:59,820
now you might notice that I already do
335
00:11:59,820 --> 00:12:02,760
have virtualbox but this is 6.0 version
336
00:12:02,760 --> 00:12:04,920
and this version is actually going to be
337
00:12:04,920 --> 00:12:08,459
updated to the newest one which is 6.1
338
00:12:08,459 --> 00:12:10,320
so I'm just going to wait for this to
339
00:12:10,320 --> 00:12:12,959
finish and I will get back to you right
340
00:12:12,959 --> 00:12:15,180
away okay so the installation has
341
00:12:15,180 --> 00:12:16,620
finished and I'm just going to click
342
00:12:16,620 --> 00:12:19,440
right here finish and it should
343
00:12:19,440 --> 00:12:23,120
automatically start my virtualbox
344
00:12:23,640 --> 00:12:27,540
and here it is now your window might be
345
00:12:27,540 --> 00:12:29,160
a little bit different because I already
346
00:12:29,160 --> 00:12:31,079
have some machines installed right here
347
00:12:31,079 --> 00:12:33,180
and you should not see any of these
348
00:12:33,180 --> 00:12:35,339
cataly Linux machines or Ubuntu machines
349
00:12:35,339 --> 00:12:38,820
ovas machines on your screen this should
350
00:12:38,820 --> 00:12:41,279
all be empty you should see these
351
00:12:41,279 --> 00:12:43,620
buttons right here which new stands for
352
00:12:43,620 --> 00:12:45,540
basically creating a new virtual machine
353
00:12:45,540 --> 00:12:47,639
which we're going to take a look at how
354
00:12:47,639 --> 00:12:50,100
to do in the next video for now on WE
355
00:12:50,100 --> 00:12:52,680
successfully install Oracle virtualbox
356
00:12:52,680 --> 00:12:54,959
and in the next video we're going to see
357
00:12:54,959 --> 00:12:57,540
how we can install Kali Linux as our
358
00:12:57,540 --> 00:13:00,420
operating system on the virtual machine
359
00:13:00,420 --> 00:13:02,760
okay so thank you for watching this
360
00:13:02,760 --> 00:13:04,980
tutorial and I will see you in the next
361
00:13:04,980 --> 00:13:07,139
lecture bye
362
00:13:07,139 --> 00:13:09,360
welcome back everyone since in the
363
00:13:09,360 --> 00:13:11,100
previous video we successfully installed
364
00:13:11,100 --> 00:13:13,500
virtualbox right now we want to see
365
00:13:13,500 --> 00:13:15,660
where we can download Kali Linux which
366
00:13:15,660 --> 00:13:17,940
version should we download and how we
367
00:13:17,940 --> 00:13:20,820
can create a virtual machine okay so
368
00:13:20,820 --> 00:13:23,040
right now if you go to your Google home
369
00:13:23,040 --> 00:13:25,680
and navigate to the official Cal Linux
370
00:13:25,680 --> 00:13:28,380
website which is the link kelly.org
371
00:13:28,380 --> 00:13:31,440
downloads you should see this page which
372
00:13:31,440 --> 00:13:33,360
will give you the latest version of Kali
373
00:13:33,360 --> 00:13:34,320
Linux
374
00:13:34,320 --> 00:13:38,120
in this case at the current time this is
375
00:13:38,120 --> 00:13:41,519
2020.1 a and it is the size of 2
376
00:13:41,519 --> 00:13:42,839
gigabytes
377
00:13:42,839 --> 00:13:44,579
now as I mentioned this is the newest
378
00:13:44,579 --> 00:13:46,920
version possible but I will not be using
379
00:13:46,920 --> 00:13:48,720
this version in the course
380
00:13:48,720 --> 00:13:50,820
the reason for that is it seems to be a
381
00:13:50,820 --> 00:13:52,860
little bit laggy on my PC but if you
382
00:13:52,860 --> 00:13:54,600
want to use the newest version and it
383
00:13:54,600 --> 00:13:56,459
works perfectly for you feel free to
384
00:13:56,459 --> 00:13:57,839
download it it doesn't really matter
385
00:13:57,839 --> 00:14:00,540
regarding the course content so in order
386
00:14:00,540 --> 00:14:02,220
to download it you simply just click on
387
00:14:02,220 --> 00:14:04,620
Cal Linux 64-bit and it should start
388
00:14:04,620 --> 00:14:06,899
downloading it over http
389
00:14:06,899 --> 00:14:08,820
and you also have the option to download
390
00:14:08,820 --> 00:14:11,579
it over torrent if you'd like
391
00:14:11,579 --> 00:14:13,800
now for those of you that also do not
392
00:14:13,800 --> 00:14:15,720
like the newest version you can simply
393
00:14:15,720 --> 00:14:18,260
just go to another page which is
394
00:14:18,260 --> 00:14:20,760
old.kelly.org which will have all of the
395
00:14:20,760 --> 00:14:22,740
previous Kali Linux versions and their
396
00:14:22,740 --> 00:14:25,200
release dates so you can download any
397
00:14:25,200 --> 00:14:27,779
version you like in my case I will just
398
00:14:27,779 --> 00:14:29,519
use the version before the newest one
399
00:14:29,519 --> 00:14:33,060
which is 2019.4 you simply just click on
400
00:14:33,060 --> 00:14:36,660
the Kali 2019.4
401
00:14:37,440 --> 00:14:38,940
and it should lead you to this page
402
00:14:38,940 --> 00:14:41,399
where you can download the ISO file for
403
00:14:41,399 --> 00:14:44,240
the Cal Linux 2019.4 version
404
00:14:44,240 --> 00:14:48,660
464-bit and 32-bit machine okay
405
00:14:48,660 --> 00:14:50,339
so I would simply just download Cal
406
00:14:50,339 --> 00:14:54,060
Linux 2019.4 and use this ISO file in
407
00:14:54,060 --> 00:14:55,980
order to continue the installation if
408
00:14:55,980 --> 00:14:58,019
you want to use the newest version well
409
00:14:58,019 --> 00:14:59,639
then you download this scale Linux
410
00:14:59,639 --> 00:15:02,699
64-bit or Cal Linux 32-bit depending on
411
00:15:02,699 --> 00:15:04,320
your machine but you are most likely
412
00:15:04,320 --> 00:15:07,620
going to have a 64-bit machine
413
00:15:07,620 --> 00:15:10,139
so once you click on it as we can see in
414
00:15:10,139 --> 00:15:11,579
just a few seconds it should start
415
00:15:11,579 --> 00:15:13,860
downloading it but I'm not going to wait
416
00:15:13,860 --> 00:15:15,899
for this because I already have the ISO
417
00:15:15,899 --> 00:15:17,459
file downloaded so I will just cancel
418
00:15:17,459 --> 00:15:19,139
this installation
419
00:15:19,139 --> 00:15:21,959
I will navigate to my virtualbox and
420
00:15:21,959 --> 00:15:24,420
let's see how we can use the ISO file in
421
00:15:24,420 --> 00:15:26,760
combination with virtualbox to create a
422
00:15:26,760 --> 00:15:28,560
calorie Linux virtual machine
423
00:15:28,560 --> 00:15:30,420
also you might have noticed that I
424
00:15:30,420 --> 00:15:32,279
already have a couple Cal Linux machines
425
00:15:32,279 --> 00:15:34,500
installed right here I'm going to use
426
00:15:34,500 --> 00:15:36,899
this one for the actual course but I
427
00:15:36,899 --> 00:15:38,399
will show you how you can proceed with
428
00:15:38,399 --> 00:15:40,079
the installation of the newest version
429
00:15:40,079 --> 00:15:43,620
since it just came out and it has some
430
00:15:43,620 --> 00:15:45,120
different options during the
431
00:15:45,120 --> 00:15:46,800
installation that you might get confused
432
00:15:46,800 --> 00:15:49,380
with so let's cover that as well you
433
00:15:49,380 --> 00:15:50,820
simply just click on the new button
434
00:15:50,820 --> 00:15:52,380
which will create a new virtual machine
435
00:15:52,380 --> 00:15:54,779
it should pop up with this window where
436
00:15:54,779 --> 00:15:56,279
it will ask you for the name and
437
00:15:56,279 --> 00:15:57,959
operating system
438
00:15:57,959 --> 00:16:00,180
you can name it anything you want I will
439
00:16:00,180 --> 00:16:02,399
name it Neil Kelly
440
00:16:02,399 --> 00:16:04,560
set the type of the operating system to
441
00:16:04,560 --> 00:16:07,320
be Linux and the version to be Debian
442
00:16:07,320 --> 00:16:10,139
64-bit in case you downloaded the 64-bit
443
00:16:10,139 --> 00:16:11,820
version of cat Linux
444
00:16:11,820 --> 00:16:13,620
now the reason we use Debian is because
445
00:16:13,620 --> 00:16:16,920
Square Enix is Debian based therefore we
446
00:16:16,920 --> 00:16:18,660
choose this option
447
00:16:18,660 --> 00:16:20,940
click here on next and here it will ask
448
00:16:20,940 --> 00:16:22,800
you for the memory size or the RAM
449
00:16:22,800 --> 00:16:24,720
memory that you want to allocate to your
450
00:16:24,720 --> 00:16:25,980
virtual machine
451
00:16:25,980 --> 00:16:28,079
I would advise you not to go below the
452
00:16:28,079 --> 00:16:30,600
one gigabyte of ram but you can also go
453
00:16:30,600 --> 00:16:33,899
up to the 4 5 maybe even 8 gigabytes of
454
00:16:33,899 --> 00:16:36,180
RAM depending on your actual machine
455
00:16:36,180 --> 00:16:38,459
okay so I will just leave it on one
456
00:16:38,459 --> 00:16:39,779
gigabyte
457
00:16:39,779 --> 00:16:42,420
uh we want to leave the option create a
458
00:16:42,420 --> 00:16:45,480
virtual hard disk now click on create
459
00:16:45,480 --> 00:16:47,699
also leave it on virtualbox disk image
460
00:16:47,699 --> 00:16:49,980
click on next and we want to set
461
00:16:49,980 --> 00:16:52,560
dynamically allocated
462
00:16:52,560 --> 00:16:54,899
here you allocate the amount of memory
463
00:16:54,899 --> 00:16:56,940
you want to give from your hard disk to
464
00:16:56,940 --> 00:16:58,980
the virtual machine and you should not
465
00:16:58,980 --> 00:17:01,680
go below 20 Gigabytes especially in the
466
00:17:01,680 --> 00:17:03,060
newest version which allows you to
467
00:17:03,060 --> 00:17:04,439
download an install bunch of different
468
00:17:04,439 --> 00:17:07,079
softwares used for ethical hacking so
469
00:17:07,079 --> 00:17:08,220
I'm just going to leave it on 20
470
00:17:08,220 --> 00:17:10,380
Gigabytes and click on create
471
00:17:10,380 --> 00:17:12,780
and we can see the new Cali has been
472
00:17:12,780 --> 00:17:13,919
added
473
00:17:13,919 --> 00:17:15,780
now before we proceed with the
474
00:17:15,780 --> 00:17:17,819
installation of the cataly Linux in the
475
00:17:17,819 --> 00:17:19,679
next video we need to change a few of
476
00:17:19,679 --> 00:17:22,140
the settings inside of this machine
477
00:17:22,140 --> 00:17:24,240
so select your machine that you just
478
00:17:24,240 --> 00:17:27,480
created click on settings and under the
479
00:17:27,480 --> 00:17:29,640
storage settings you want to navigate to
480
00:17:29,640 --> 00:17:32,460
the controller IDE delete this empty
481
00:17:32,460 --> 00:17:34,559
part by right clicking on it and
482
00:17:34,559 --> 00:17:36,840
clicking remove attachment
483
00:17:36,840 --> 00:17:39,059
click on remove and then you want to
484
00:17:39,059 --> 00:17:42,059
click on this circle with a plus
485
00:17:42,059 --> 00:17:44,400
added the version of Cal Linux that you
486
00:17:44,400 --> 00:17:46,340
downloaded in this case I have the
487
00:17:46,340 --> 00:17:50,700
2019.4 and 2020.1 a and I'm just going
488
00:17:50,700 --> 00:17:53,100
to show you for the purpose of this
489
00:17:53,100 --> 00:17:56,100
tutorial the 2020.1 a
490
00:17:56,100 --> 00:17:57,960
click on choose
491
00:17:57,960 --> 00:18:00,059
now another thing that you might want to
492
00:18:00,059 --> 00:18:01,919
consider in case you cannot see them
493
00:18:01,919 --> 00:18:05,280
right here you can go on to the ad
494
00:18:05,280 --> 00:18:07,260
and simply just find the ISO file that
495
00:18:07,260 --> 00:18:09,120
you downloaded inside of your PC
496
00:18:09,120 --> 00:18:10,860
wherever you saved it
497
00:18:10,860 --> 00:18:12,240
okay
498
00:18:12,240 --> 00:18:14,820
so let's click on cancel
499
00:18:14,820 --> 00:18:16,860
and also another thing that you want to
500
00:18:16,860 --> 00:18:19,980
change is under the network settings you
501
00:18:19,980 --> 00:18:21,960
want to go to the attach to and click on
502
00:18:21,960 --> 00:18:24,240
bridged adapter
503
00:18:24,240 --> 00:18:26,400
also make sure that you leave it on the
504
00:18:26,400 --> 00:18:28,620
ethernet cable connection since wireless
505
00:18:28,620 --> 00:18:30,960
adapters know to actually present
506
00:18:30,960 --> 00:18:33,360
problem inside the Linux and most of
507
00:18:33,360 --> 00:18:35,820
them aren't even supported therefore you
508
00:18:35,820 --> 00:18:37,440
might actually have problem connected to
509
00:18:37,440 --> 00:18:39,179
the internet if you connect over
510
00:18:39,179 --> 00:18:41,820
wireless adapter that's why it is always
511
00:18:41,820 --> 00:18:44,760
the best idea to use ethernet cable
512
00:18:44,760 --> 00:18:46,860
okay so once you finish all of that
513
00:18:46,860 --> 00:18:49,679
click on OK and your new Cal Linux
514
00:18:49,679 --> 00:18:51,960
machine is ready for the installation
515
00:18:51,960 --> 00:18:54,000
so we're going to continue with that in
516
00:18:54,000 --> 00:18:55,740
the next video we're going to pass
517
00:18:55,740 --> 00:18:57,840
through all of the steps and then we are
518
00:18:57,840 --> 00:18:59,700
ready to jump into the coding sections
519
00:18:59,700 --> 00:19:01,440
of this course
520
00:19:01,440 --> 00:19:03,960
now keep in mind that even after the
521
00:19:03,960 --> 00:19:05,340
installation there are a few things that
522
00:19:05,340 --> 00:19:07,260
you should do with Cal Linux I'll make
523
00:19:07,260 --> 00:19:09,960
sure to leave all of the links below so
524
00:19:09,960 --> 00:19:11,700
we don't waste time explaining the
525
00:19:11,700 --> 00:19:13,320
catalytics and explaining the command
526
00:19:13,320 --> 00:19:16,559
line and instead we can just focus on
527
00:19:16,559 --> 00:19:19,260
the coding parts of the course okay so
528
00:19:19,260 --> 00:19:20,940
thank you for watching this tutorial and
529
00:19:20,940 --> 00:19:24,780
I will see you in the next lecture bye
530
00:19:24,780 --> 00:19:27,900
welcome back in this tutorial we're
531
00:19:27,900 --> 00:19:29,520
going to continue with the installation
532
00:19:29,520 --> 00:19:31,919
of Cal Linux so we successfully managed
533
00:19:31,919 --> 00:19:33,900
to set up all of the options inside of
534
00:19:33,900 --> 00:19:36,000
our virtualbox and right now we are
535
00:19:36,000 --> 00:19:38,039
ready to start our machine and install
536
00:19:38,039 --> 00:19:40,500
the operating system I'm going to lead
537
00:19:40,500 --> 00:19:42,780
you through all of the steps needed to
538
00:19:42,780 --> 00:19:45,179
take in order to install Cal Linux and
539
00:19:45,179 --> 00:19:47,220
then in the next video we are ready to
540
00:19:47,220 --> 00:19:50,640
start hacking using python okay so all
541
00:19:50,640 --> 00:19:52,200
you need to do right now is click on the
542
00:19:52,200 --> 00:19:54,299
start button while you select your
543
00:19:54,299 --> 00:19:57,140
cataly Linux machine
544
00:19:58,919 --> 00:20:01,140
as we can see this is the first window
545
00:20:01,140 --> 00:20:03,120
that we will encounter let me just
546
00:20:03,120 --> 00:20:05,340
enlarge my screen it will ask us for
547
00:20:05,340 --> 00:20:07,679
different types of options such as if we
548
00:20:07,679 --> 00:20:09,960
want the graphical install or the usual
549
00:20:09,960 --> 00:20:12,120
install it doesn't really matter we can
550
00:20:12,120 --> 00:20:13,380
simply just go with the graphical
551
00:20:13,380 --> 00:20:15,780
install and install the cat Linux like
552
00:20:15,780 --> 00:20:18,020
that
553
00:20:19,200 --> 00:20:21,299
okay so here's the next option that pops
554
00:20:21,299 --> 00:20:23,400
up it will ask us to select the language
555
00:20:23,400 --> 00:20:25,799
I will leave it in English
556
00:20:25,799 --> 00:20:28,080
the location it doesn't really matter I
557
00:20:28,080 --> 00:20:30,240
could just leave it on United States if
558
00:20:30,240 --> 00:20:31,799
you like to you can select your own
559
00:20:31,799 --> 00:20:34,320
location click on continue
560
00:20:34,320 --> 00:20:36,299
and here it asks us which type of
561
00:20:36,299 --> 00:20:38,160
keyboard configuration we want to use I
562
00:20:38,160 --> 00:20:40,380
will leave it on American English click
563
00:20:40,380 --> 00:20:42,720
on continue
564
00:20:42,720 --> 00:20:44,520
now while this is installing another
565
00:20:44,520 --> 00:20:46,620
thing I want to mention is another
566
00:20:46,620 --> 00:20:48,059
reason why I don't really like the
567
00:20:48,059 --> 00:20:50,340
newest version because it will ask you
568
00:20:50,340 --> 00:20:53,760
to actually have a new user and not use
569
00:20:53,760 --> 00:20:55,559
the root account in order to complete
570
00:20:55,559 --> 00:20:57,840
your actions inside the Cal Linux and
571
00:20:57,840 --> 00:20:59,460
that is also another thing why I prefer
572
00:20:59,460 --> 00:21:01,080
the older versions because you can
573
00:21:01,080 --> 00:21:03,780
simply just use root account to perform
574
00:21:03,780 --> 00:21:06,299
anything you'd like now keep in mind
575
00:21:06,299 --> 00:21:08,160
that using root account can cause some
576
00:21:08,160 --> 00:21:10,559
security breaches but since we're using
577
00:21:10,559 --> 00:21:12,360
a virtual machine this is just for the
578
00:21:12,360 --> 00:21:14,220
learning purposes it doesn't really
579
00:21:14,220 --> 00:21:17,580
matter that's why I chose the 2019.4
580
00:21:17,580 --> 00:21:20,280
version of Cal Linux which I find better
581
00:21:20,280 --> 00:21:23,520
and more suitable for this course but
582
00:21:23,520 --> 00:21:25,380
right now here is the next option that
583
00:21:25,380 --> 00:21:27,000
pops up which is the configuration of
584
00:21:27,000 --> 00:21:31,500
network the hostname we can call it test
585
00:21:31,500 --> 00:21:33,360
the domain name we can simply just
586
00:21:33,360 --> 00:21:35,460
delete and leave on empty because we
587
00:21:35,460 --> 00:21:37,919
don't really need it at the moment and
588
00:21:37,919 --> 00:21:39,179
here is the option that they talked
589
00:21:39,179 --> 00:21:41,820
about it will ask us to set up users and
590
00:21:41,820 --> 00:21:43,860
passwords and this option didn't exist
591
00:21:43,860 --> 00:21:46,280
in the previous versions only in
592
00:21:46,280 --> 00:21:48,840
2020.18 version which is the one where
593
00:21:48,840 --> 00:21:51,000
Instinct at the moment so you will have
594
00:21:51,000 --> 00:21:52,919
to create a new user in this case I will
595
00:21:52,919 --> 00:21:55,320
just call it test
596
00:21:55,320 --> 00:21:57,720
username for your account will also be
597
00:21:57,720 --> 00:22:00,659
test and here we choose a password for
598
00:22:00,659 --> 00:22:02,580
the new user here you can type any
599
00:22:02,580 --> 00:22:04,559
password you like I'm going to type test
600
00:22:04,559 --> 00:22:06,720
one two three four
601
00:22:06,720 --> 00:22:10,380
and also test one two three four
602
00:22:10,380 --> 00:22:13,460
and click on continue
603
00:22:13,679 --> 00:22:16,020
configuring the clock I will select
604
00:22:16,020 --> 00:22:18,620
Eastern
605
00:22:20,640 --> 00:22:23,400
the partitioning of disks we want to
606
00:22:23,400 --> 00:22:26,340
select the option guided use entire disk
607
00:22:26,340 --> 00:22:28,320
select the hard disk you created during
608
00:22:28,320 --> 00:22:31,620
the previous video and click on continue
609
00:22:31,620 --> 00:22:34,260
and here we want to set all files in one
610
00:22:34,260 --> 00:22:36,240
partition as it does even say in the
611
00:22:36,240 --> 00:22:39,000
brackets recommended for new users click
612
00:22:39,000 --> 00:22:40,200
on continue
613
00:22:40,200 --> 00:22:42,600
click finish partitioning and write
614
00:22:42,600 --> 00:22:44,460
changes to disk we want to select yes
615
00:22:44,460 --> 00:22:47,480
and click on continue
616
00:22:48,000 --> 00:22:49,679
now this will start the installation
617
00:22:49,679 --> 00:22:51,720
which will get interrupted with maybe
618
00:22:51,720 --> 00:22:54,720
one two questions keep in mind that this
619
00:22:54,720 --> 00:22:57,179
will take some time to actually install
620
00:22:57,179 --> 00:23:01,020
especially the newest version uh it did
621
00:23:01,020 --> 00:23:03,600
take me around 45 minutes to an hour to
622
00:23:03,600 --> 00:23:05,299
actually finish all of the installations
623
00:23:05,299 --> 00:23:08,159
and once it finishes that you should be
624
00:23:08,159 --> 00:23:11,880
ready to use your catalytics machine
625
00:23:11,880 --> 00:23:13,679
now we're just going to leave it right
626
00:23:13,679 --> 00:23:16,140
here and if we get any pop-up question
627
00:23:16,140 --> 00:23:20,280
I'm going to get back to you right away
628
00:23:20,280 --> 00:23:21,960
okay so here is the first pop-up
629
00:23:21,960 --> 00:23:24,120
question it is the configuration of the
630
00:23:24,120 --> 00:23:26,100
package manager here you simply just
631
00:23:26,100 --> 00:23:28,200
want to click on continue and leave this
632
00:23:28,200 --> 00:23:30,679
blank
633
00:23:31,200 --> 00:23:33,000
all right so here is another question
634
00:23:33,000 --> 00:23:35,340
and this is actually the newest feature
635
00:23:35,340 --> 00:23:39,179
of the Cal Linux 2020.1 a which allows
636
00:23:39,179 --> 00:23:41,640
us to actually install desired tools and
637
00:23:41,640 --> 00:23:43,679
not install everything that we might
638
00:23:43,679 --> 00:23:46,380
never use but even though I would still
639
00:23:46,380 --> 00:23:48,299
advise you to actually select everything
640
00:23:48,299 --> 00:23:50,700
or at least select the most important
641
00:23:50,700 --> 00:23:52,919
tools for Cal Linux especially if you
642
00:23:52,919 --> 00:23:55,679
plan on using it later on even after the
643
00:23:55,679 --> 00:23:56,460
course
644
00:23:56,460 --> 00:23:58,919
now for our course it really doesn't
645
00:23:58,919 --> 00:24:01,020
matter what you select right here as we
646
00:24:01,020 --> 00:24:02,760
are simply just going to use Python 3
647
00:24:02,760 --> 00:24:05,400
during our lectures
648
00:24:05,400 --> 00:24:07,740
so right here you can use spacebar to
649
00:24:07,740 --> 00:24:10,620
select different things such as Cali
650
00:24:10,620 --> 00:24:12,720
desktop environment where you can select
651
00:24:12,720 --> 00:24:14,880
everything if you want
652
00:24:14,880 --> 00:24:16,799
it doesn't really matter just once you
653
00:24:16,799 --> 00:24:20,179
select everything that you need
654
00:24:21,179 --> 00:24:24,559
you can click on continue
655
00:24:25,260 --> 00:24:27,360
and this installation right here will
656
00:24:27,360 --> 00:24:29,400
take some time there will be another
657
00:24:29,400 --> 00:24:31,380
pop-up question which will ask you
658
00:24:31,380 --> 00:24:33,299
something along the lines whether you
659
00:24:33,299 --> 00:24:35,400
want to install the grab about loader to
660
00:24:35,400 --> 00:24:37,440
the master boot record where you want to
661
00:24:37,440 --> 00:24:39,120
select yes
662
00:24:39,120 --> 00:24:41,580
and after that I believe there will be
663
00:24:41,580 --> 00:24:43,980
no more pop-ups and you should have the
664
00:24:43,980 --> 00:24:46,440
installation complete and your Cal Linux
665
00:24:46,440 --> 00:24:48,539
will be ready to use
666
00:24:48,539 --> 00:24:50,159
so that would be about it for this
667
00:24:50,159 --> 00:24:52,440
installation tutorial I will leave some
668
00:24:52,440 --> 00:24:55,440
links in the resources of the lecture
669
00:24:55,440 --> 00:24:58,200
where you can get familiar with the Cal
670
00:24:58,200 --> 00:25:00,480
Linux a little bit more and where you
671
00:25:00,480 --> 00:25:03,120
can perform top 10 things that everyone
672
00:25:03,120 --> 00:25:05,520
should do after installing catalytics
673
00:25:05,520 --> 00:25:07,919
okay so that would be about it for this
674
00:25:07,919 --> 00:25:10,260
tutorial and in the next lecture we're
675
00:25:10,260 --> 00:25:12,240
finally going to see how we can download
676
00:25:12,240 --> 00:25:14,580
and install pycharm which we are going
677
00:25:14,580 --> 00:25:17,700
to use for creating our programs
678
00:25:17,700 --> 00:25:21,120
hope I see you there and take care bye
679
00:25:21,120 --> 00:25:23,640
welcome back now that we got our
680
00:25:23,640 --> 00:25:26,159
catalytics setup and ready all we are
681
00:25:26,159 --> 00:25:28,260
left to do before we can start coding is
682
00:25:28,260 --> 00:25:30,539
install the pycharm
683
00:25:30,539 --> 00:25:32,520
now what is pycharm you might be asking
684
00:25:32,520 --> 00:25:34,140
well pycharm is an integrated
685
00:25:34,140 --> 00:25:35,820
development environment used for
686
00:25:35,820 --> 00:25:38,159
computer programming especially aimed
687
00:25:38,159 --> 00:25:40,679
for python programmers it is also a
688
00:25:40,679 --> 00:25:42,179
cross-platform so you can get it for
689
00:25:42,179 --> 00:25:44,640
Windows Mac OS and Linux systems if
690
00:25:44,640 --> 00:25:45,840
you'd like
691
00:25:45,840 --> 00:25:47,340
now let's see how we can actually
692
00:25:47,340 --> 00:25:48,539
download it
693
00:25:48,539 --> 00:25:50,460
first of all we need to open up our
694
00:25:50,460 --> 00:25:52,679
Firefox and depending on which version
695
00:25:52,679 --> 00:25:54,960
of Cal Linux you are running it might be
696
00:25:54,960 --> 00:25:56,760
located on the left side of the screen
697
00:25:56,760 --> 00:25:58,799
right here in case you're using the
698
00:25:58,799 --> 00:26:01,080
newest version and in case you're using
699
00:26:01,080 --> 00:26:04,559
the 2019.4 version like I am you simply
700
00:26:04,559 --> 00:26:06,900
just go to this icon right here type in
701
00:26:06,900 --> 00:26:08,220
Firefox
702
00:26:08,220 --> 00:26:10,320
and click enter
703
00:26:10,320 --> 00:26:12,720
it will open up the Firefox for you and
704
00:26:12,720 --> 00:26:14,220
then we can navigate to the Google
705
00:26:14,220 --> 00:26:17,960
search bar and type pie chart
706
00:26:18,740 --> 00:26:23,120
click on the first link that pops up
707
00:26:23,940 --> 00:26:27,500
and then click on download
708
00:26:28,559 --> 00:26:30,419
you will see that it will automatically
709
00:26:30,419 --> 00:26:32,279
realize that we are running Linux
710
00:26:32,279 --> 00:26:34,260
systems and we'll get two different
711
00:26:34,260 --> 00:26:36,900
versions available for download we get
712
00:26:36,900 --> 00:26:38,460
the professional version and the
713
00:26:38,460 --> 00:26:40,380
community version now since the
714
00:26:40,380 --> 00:26:42,120
community version is free and open
715
00:26:42,120 --> 00:26:44,400
source we're going to download that one
716
00:26:44,400 --> 00:26:47,100
instead of the professional version
717
00:26:47,100 --> 00:26:49,380
in just a few seconds this pop-up window
718
00:26:49,380 --> 00:26:51,419
should come up and it will ask us
719
00:26:51,419 --> 00:26:53,460
whether we want to open the file or save
720
00:26:53,460 --> 00:26:55,919
the file in this case we want to save
721
00:26:55,919 --> 00:26:58,260
the file click here on OK
722
00:26:58,260 --> 00:27:00,419
and right here under this Arrow if you
723
00:27:00,419 --> 00:27:02,220
click on it you will see that it has
724
00:27:02,220 --> 00:27:04,500
started downloading pycharm on our Cal
725
00:27:04,500 --> 00:27:06,900
Linux machine
726
00:27:06,900 --> 00:27:08,700
now while this is downloading I just
727
00:27:08,700 --> 00:27:11,580
want to mention one thing so I will just
728
00:27:11,580 --> 00:27:13,380
lower this
729
00:27:13,380 --> 00:27:15,480
and I will open up the terminal which is
730
00:27:15,480 --> 00:27:18,000
this icon right here
731
00:27:18,000 --> 00:27:20,100
in case you are using the newest version
732
00:27:20,100 --> 00:27:23,340
you will not be a root account inside of
733
00:27:23,340 --> 00:27:25,140
the terminal you will simply just be a
734
00:27:25,140 --> 00:27:26,700
user that you created during the
735
00:27:26,700 --> 00:27:28,740
installation which is showed in the
736
00:27:28,740 --> 00:27:30,659
previous few videos
737
00:27:30,659 --> 00:27:33,600
if you're using the the 2019.4 version
738
00:27:33,600 --> 00:27:35,460
like I am you will not have a problem
739
00:27:35,460 --> 00:27:37,380
with root account as you will simply
740
00:27:37,380 --> 00:27:39,360
just be the root account every time you
741
00:27:39,360 --> 00:27:41,940
log in as we can see right here
742
00:27:41,940 --> 00:27:45,000
now let me just zoom this in so we can
743
00:27:45,000 --> 00:27:48,440
see everything a little bit better
744
00:27:48,779 --> 00:27:52,500
okay so it's good now uh therefore some
745
00:27:52,500 --> 00:27:54,539
of the commands that we run will require
746
00:27:54,539 --> 00:27:57,299
root privileges and I just want to show
747
00:27:57,299 --> 00:27:59,159
you how you can run them for example
748
00:27:59,159 --> 00:28:02,279
let's say the command who am I
749
00:28:02,279 --> 00:28:04,860
requires root privileges now it doesn't
750
00:28:04,860 --> 00:28:06,900
but let's say it does
751
00:28:06,900 --> 00:28:08,940
if you're using a simple user account
752
00:28:08,940 --> 00:28:11,340
and not a root account in order to run
753
00:28:11,340 --> 00:28:13,500
the who am I command and not get the
754
00:28:13,500 --> 00:28:15,539
access denied error you can simply just
755
00:28:15,539 --> 00:28:19,760
type sudo who am I
756
00:28:20,580 --> 00:28:22,980
now on the newest version of Cal Linux
757
00:28:22,980 --> 00:28:25,440
it will ask you for the password of your
758
00:28:25,440 --> 00:28:27,299
own account you simply just type it in
759
00:28:27,299 --> 00:28:29,700
and it will execute this command and
760
00:28:29,700 --> 00:28:32,039
give you the output okay
761
00:28:32,039 --> 00:28:34,200
so I just wanted to mention that in case
762
00:28:34,200 --> 00:28:36,059
you run into some errors where you
763
00:28:36,059 --> 00:28:38,400
require root privileges in order to run
764
00:28:38,400 --> 00:28:42,240
and now let's see if our download has
765
00:28:42,240 --> 00:28:44,640
finished we have 73 more Megabytes left
766
00:28:44,640 --> 00:28:46,559
so I'm just going to wait for this to
767
00:28:46,559 --> 00:28:48,360
finish and then we will proceed with the
768
00:28:48,360 --> 00:28:50,159
installation
769
00:28:50,159 --> 00:28:52,260
okay so it is finished we want to click
770
00:28:52,260 --> 00:28:54,240
on this icon right here which will open
771
00:28:54,240 --> 00:28:56,400
up the folder where our pytarm is
772
00:28:56,400 --> 00:29:00,179
located we can close the Firefox as we
773
00:29:00,179 --> 00:29:02,820
no longer need it and right here we can
774
00:29:02,820 --> 00:29:05,039
see that the pycharm is located in the
775
00:29:05,039 --> 00:29:07,500
slash root slash downloads directory
776
00:29:07,500 --> 00:29:09,720
now on the new catalytics it might be
777
00:29:09,720 --> 00:29:12,360
slash the name of your account and then
778
00:29:12,360 --> 00:29:13,799
slash downloads
779
00:29:13,799 --> 00:29:15,840
so let's navigate inside of our terminal
780
00:29:15,840 --> 00:29:18,899
to that directory slash root
781
00:29:18,899 --> 00:29:21,240
slash downloads
782
00:29:21,240 --> 00:29:24,299
type LS and we can see pycharm is right
783
00:29:24,299 --> 00:29:25,559
here
784
00:29:25,559 --> 00:29:27,360
now you might notice that it has the
785
00:29:27,360 --> 00:29:30,240
extension of dot star.gc which simply
786
00:29:30,240 --> 00:29:31,980
just means that this is a packed file
787
00:29:31,980 --> 00:29:34,140
and we have to unpack it before we
788
00:29:34,140 --> 00:29:37,200
actually run anything from it in order
789
00:29:37,200 --> 00:29:38,880
to unpack this you could simply just
790
00:29:38,880 --> 00:29:42,140
type the command tar and then Dash
791
00:29:42,140 --> 00:29:45,840
xzf and then the name of the file
792
00:29:45,840 --> 00:29:48,600
you can simply just type py and then tap
793
00:29:48,600 --> 00:29:50,520
in order to auto complete the name so
794
00:29:50,520 --> 00:29:52,140
you don't have to bother typing all of
795
00:29:52,140 --> 00:29:53,700
this by yourself
796
00:29:53,700 --> 00:29:56,279
press here enter and in just a few
797
00:29:56,279 --> 00:30:00,020
seconds this should be unpacked
798
00:30:00,240 --> 00:30:03,299
okay so here it is once we type LS once
799
00:30:03,299 --> 00:30:05,220
again now we will have another director
800
00:30:05,220 --> 00:30:07,260
which will be the unpacked python
801
00:30:07,260 --> 00:30:08,399
directory
802
00:30:08,399 --> 00:30:11,159
so let's navigate to there using the ecd
803
00:30:11,159 --> 00:30:12,120
command
804
00:30:12,120 --> 00:30:14,940
type LS and we will see bunch of files
805
00:30:14,940 --> 00:30:16,860
and directories inside of this pycharm
806
00:30:16,860 --> 00:30:19,020
directory we want to go to the bin
807
00:30:19,020 --> 00:30:21,779
directory type LS once again
808
00:30:21,779 --> 00:30:24,539
and inside of this pin directory we want
809
00:30:24,539 --> 00:30:28,320
to run this pycharm.sh file now you
810
00:30:28,320 --> 00:30:29,820
might notice that this is a DOT sh
811
00:30:29,820 --> 00:30:32,100
extension therefore we need to run it
812
00:30:32,100 --> 00:30:34,980
using bash we simply just type in bash
813
00:30:34,980 --> 00:30:38,520
and then pycharm.sh
814
00:30:38,520 --> 00:30:40,260
now this is another command that might
815
00:30:40,260 --> 00:30:42,120
require root privileges in order to run
816
00:30:42,120 --> 00:30:43,799
so in case you are using the newest
817
00:30:43,799 --> 00:30:45,299
version of Cal Linux and you are not
818
00:30:45,299 --> 00:30:47,580
root account you simply just type sudo
819
00:30:47,580 --> 00:30:50,940
and then bash pycharm.sh type in the
820
00:30:50,940 --> 00:30:52,799
password and this should execute with no
821
00:30:52,799 --> 00:30:53,880
problems
822
00:30:53,880 --> 00:30:56,960
so let's run this
823
00:30:57,899 --> 00:31:00,899
it will run the pycharm.sh program and
824
00:31:00,899 --> 00:31:03,059
it should start pycharm for us
825
00:31:03,059 --> 00:31:06,299
here it is we got pycharm opened up and
826
00:31:06,299 --> 00:31:07,740
before we actually click on create new
827
00:31:07,740 --> 00:31:09,960
project we want to go down here under
828
00:31:09,960 --> 00:31:11,940
the configure
829
00:31:11,940 --> 00:31:15,720
and click on create desktop entry
830
00:31:15,720 --> 00:31:17,640
we want to check create the entry for
831
00:31:17,640 --> 00:31:20,880
all users and click on OK
832
00:31:20,880 --> 00:31:23,039
once we do that we can simply just click
833
00:31:23,039 --> 00:31:25,200
on create new project
834
00:31:25,200 --> 00:31:28,440
call it test since this is the test
835
00:31:28,440 --> 00:31:30,000
project and we're not going to code
836
00:31:30,000 --> 00:31:32,640
anything inside of this project and it
837
00:31:32,640 --> 00:31:35,580
should load up this window right here it
838
00:31:35,580 --> 00:31:37,200
will create the virtual environment for
839
00:31:37,200 --> 00:31:39,240
you it will give you some tips for the
840
00:31:39,240 --> 00:31:41,640
programming and also for the pycharm
841
00:31:41,640 --> 00:31:44,940
which we are not really interested in
842
00:31:44,940 --> 00:31:46,740
and when everything is done and
843
00:31:46,740 --> 00:31:48,299
everything is loaded up we should be
844
00:31:48,299 --> 00:31:50,580
ready to code so let's click on close
845
00:31:50,580 --> 00:31:54,120
right here let's enlarge this to so this
846
00:31:54,120 --> 00:31:56,399
is how pycharm looks like now in order
847
00:31:56,399 --> 00:31:58,799
to create a file and start coding you
848
00:31:58,799 --> 00:32:01,440
can go to the test right click on it
849
00:32:01,440 --> 00:32:05,159
click on new and then python file let's
850
00:32:05,159 --> 00:32:09,000
call it test Dot py
851
00:32:09,000 --> 00:32:11,460
and it will let you code Python program
852
00:32:11,460 --> 00:32:13,020
right here
853
00:32:13,020 --> 00:32:16,940
so you can simply just type print
854
00:32:16,980 --> 00:32:19,559
hello world
855
00:32:19,559 --> 00:32:21,960
and then go under run
856
00:32:21,960 --> 00:32:23,820
the program
857
00:32:23,820 --> 00:32:25,559
from the test
858
00:32:25,559 --> 00:32:27,899
and here it is the output which says
859
00:32:27,899 --> 00:32:29,520
hello world
860
00:32:29,520 --> 00:32:31,620
now if you install python for the first
861
00:32:31,620 --> 00:32:33,899
time these letters right here might be
862
00:32:33,899 --> 00:32:36,240
too small for you let's see how we can
863
00:32:36,240 --> 00:32:38,760
increase the font of these letters so
864
00:32:38,760 --> 00:32:40,559
you can go on to the file
865
00:32:40,559 --> 00:32:44,100
go to the settings
866
00:32:44,100 --> 00:32:46,140
under the settings you want to go to the
867
00:32:46,140 --> 00:32:47,279
editor
868
00:32:47,279 --> 00:32:49,679
click on font
869
00:32:49,679 --> 00:32:51,480
and under the font you can change
870
00:32:51,480 --> 00:32:54,120
whichever font you like so let's say 22
871
00:32:54,120 --> 00:32:57,720
click on OK and the letters are now
872
00:32:57,720 --> 00:32:59,220
larger
873
00:32:59,220 --> 00:33:01,620
so now that we got the pycharm ready in
874
00:33:01,620 --> 00:33:03,299
the next section we're going to start
875
00:33:03,299 --> 00:33:05,640
off with our first project which is
876
00:33:05,640 --> 00:33:09,120
going to be a port scanner in Python 3
877
00:33:09,120 --> 00:33:12,120
okay so that would be about it for this
878
00:33:12,120 --> 00:33:14,220
tutorial thank you for watching and
879
00:33:14,220 --> 00:33:16,200
let's get straight into the hacking in
880
00:33:16,200 --> 00:33:19,679
the next section take care bye
881
00:33:19,679 --> 00:33:22,559
hello everybody and welcome to our first
882
00:33:22,559 --> 00:33:24,720
project where we are going to code our
883
00:33:24,720 --> 00:33:27,539
own port scanner using python 3.
884
00:33:27,539 --> 00:33:29,279
so in the previous section we introduced
885
00:33:29,279 --> 00:33:31,380
ourselves to Cal Linux we installed
886
00:33:31,380 --> 00:33:33,600
pycharm and now we are ready to start
887
00:33:33,600 --> 00:33:35,760
writing our code
888
00:33:35,760 --> 00:33:38,340
before we start let's first explain what
889
00:33:38,340 --> 00:33:40,799
is the purpose of a port scanner but it
890
00:33:40,799 --> 00:33:42,899
will do and how are we going to create
891
00:33:42,899 --> 00:33:44,220
it
892
00:33:44,220 --> 00:33:46,860
well first of all a port scanner is a
893
00:33:46,860 --> 00:33:48,960
program that allows you to scan Target
894
00:33:48,960 --> 00:33:51,779
machine and discover whether it has some
895
00:33:51,779 --> 00:33:55,500
open or closed ports for example we all
896
00:33:55,500 --> 00:33:57,840
know that the port 80 is used in order
897
00:33:57,840 --> 00:34:00,779
to serve HTTP and in order to serve a
898
00:34:00,779 --> 00:34:02,340
website page
899
00:34:02,340 --> 00:34:03,960
now how would you actually discover
900
00:34:03,960 --> 00:34:06,720
whether Port 80 is open without visiting
901
00:34:06,720 --> 00:34:07,740
that page
902
00:34:07,740 --> 00:34:10,918
well using our Port scanner we can see
903
00:34:10,918 --> 00:34:12,839
whether we can connect to that Port 80
904
00:34:12,839 --> 00:34:15,480
or whether we cannot if we can connect
905
00:34:15,480 --> 00:34:17,580
that means that the port is open and it
906
00:34:17,580 --> 00:34:19,500
is most likely hosting a web page there
907
00:34:19,500 --> 00:34:22,320
and if we cannot connect that means that
908
00:34:22,320 --> 00:34:25,139
the port is closed simple as that
909
00:34:25,139 --> 00:34:27,418
so that will be the Baseline and the
910
00:34:27,418 --> 00:34:29,940
base part of our program
911
00:34:29,940 --> 00:34:32,399
now let's open a new project and to do
912
00:34:32,399 --> 00:34:34,859
that we can go right here onto file and
913
00:34:34,859 --> 00:34:37,859
then new project here we can call it
914
00:34:37,859 --> 00:34:39,659
Port scanner
915
00:34:39,659 --> 00:34:42,659
click on create it will ask you whether
916
00:34:42,659 --> 00:34:44,639
you want to open the new project in this
917
00:34:44,639 --> 00:34:46,800
window or in another window I will
918
00:34:46,800 --> 00:34:48,300
simply just select this window right
919
00:34:48,300 --> 00:34:49,980
here
920
00:34:49,980 --> 00:34:51,899
it will create the virtual environment
921
00:34:51,899 --> 00:34:54,300
for this project and then we can start
922
00:34:54,300 --> 00:34:55,560
coding
923
00:34:55,560 --> 00:34:58,560
now here it is the port scanner we will
924
00:34:58,560 --> 00:35:00,359
click on new
925
00:35:00,359 --> 00:35:03,359
and then python file and we will call it
926
00:35:03,359 --> 00:35:06,480
port scanner.py
927
00:35:06,480 --> 00:35:10,440
okay python file we created it let me
928
00:35:10,440 --> 00:35:12,480
just enlarge a little bit more the font
929
00:35:12,480 --> 00:35:13,980
size
930
00:35:13,980 --> 00:35:17,040
so once again to the editor font
931
00:35:17,040 --> 00:35:21,720
and right here let's go 24 apply and now
932
00:35:21,720 --> 00:35:24,119
we are ready to go now for this project
933
00:35:24,119 --> 00:35:25,680
we are going to need two different
934
00:35:25,680 --> 00:35:28,260
python libraries we're going to need to
935
00:35:28,260 --> 00:35:31,020
import the socket Library
936
00:35:31,020 --> 00:35:34,020
and we're also going to need to import
937
00:35:34,020 --> 00:35:36,440
a library called
938
00:35:36,440 --> 00:35:39,300
ipy and we're going to import it like
939
00:35:39,300 --> 00:35:42,300
this from ipy
940
00:35:42,300 --> 00:35:44,640
import IP
941
00:35:44,640 --> 00:35:47,160
now right away
942
00:35:47,160 --> 00:35:50,700
you might notice that the ipy and IP are
943
00:35:50,700 --> 00:35:53,400
both red underlined this means that the
944
00:35:53,400 --> 00:35:55,440
pi charm cannot recognize this library
945
00:35:55,440 --> 00:35:58,260
and cannot find it
946
00:35:58,260 --> 00:36:00,599
so before we actually start using it we
947
00:36:00,599 --> 00:36:02,940
need to download it first
948
00:36:02,940 --> 00:36:04,680
now there are a few ways we can actually
949
00:36:04,680 --> 00:36:07,020
download it you can download it using a
950
00:36:07,020 --> 00:36:09,119
regular terminal which we are going to
951
00:36:09,119 --> 00:36:11,700
do as a first try
952
00:36:11,700 --> 00:36:14,940
right here so I will just
953
00:36:14,940 --> 00:36:16,859
put it like this so we can see
954
00:36:16,859 --> 00:36:18,240
everything
955
00:36:18,240 --> 00:36:20,700
now in order to install a desired
956
00:36:20,700 --> 00:36:23,099
Library using the terminal you have to
957
00:36:23,099 --> 00:36:26,339
use a command called pip3 install
958
00:36:26,339 --> 00:36:29,160
now pip3 is a byte of Python 3 and it is
959
00:36:29,160 --> 00:36:31,140
used to actually install Python 3
960
00:36:31,140 --> 00:36:33,240
libraries that are missing and that you
961
00:36:33,240 --> 00:36:36,000
need in order to run your program
962
00:36:36,000 --> 00:36:38,640
okay now if you're using a new Cal Linux
963
00:36:38,640 --> 00:36:40,500
you most likely won't have pip3
964
00:36:40,500 --> 00:36:43,380
installed and in order to install it you
965
00:36:43,380 --> 00:36:45,560
simply just typed apt install
966
00:36:45,560 --> 00:36:47,940
python3 Dash pip
967
00:36:47,940 --> 00:36:50,940
press here enter and it will install it
968
00:36:50,940 --> 00:36:53,280
for you for me it is already been
969
00:36:53,280 --> 00:36:55,800
installed so we can continue right away
970
00:36:55,800 --> 00:36:58,200
let me clear the screen and launch this
971
00:36:58,200 --> 00:37:00,480
a little bit just in case you cannot see
972
00:37:00,480 --> 00:37:03,240
what I'm typing
973
00:37:03,240 --> 00:37:04,920
and let's get the library that we're
974
00:37:04,920 --> 00:37:06,960
missing so pip3
975
00:37:06,960 --> 00:37:12,260
install ipy press your enter
976
00:37:14,040 --> 00:37:16,740
and it will say requirement already
977
00:37:16,740 --> 00:37:18,359
satisfied
978
00:37:18,359 --> 00:37:20,760
now this might seem confusing because
979
00:37:20,760 --> 00:37:23,160
two minutes ago I just told you that we
980
00:37:23,160 --> 00:37:25,380
are missing this library that we cannot
981
00:37:25,380 --> 00:37:26,400
find it
982
00:37:26,400 --> 00:37:28,680
and here inside the terminal it says
983
00:37:28,680 --> 00:37:30,420
that the requirement has already been
984
00:37:30,420 --> 00:37:32,460
satisfied and that we already have this
985
00:37:32,460 --> 00:37:34,980
library at this location
986
00:37:34,980 --> 00:37:37,200
well that is another part of the pie
987
00:37:37,200 --> 00:37:38,780
charm that you need to understand
988
00:37:38,780 --> 00:37:40,859
pycharm simply creates a virtual
989
00:37:40,859 --> 00:37:42,900
environment every time you create a new
990
00:37:42,900 --> 00:37:46,140
project that means that the library that
991
00:37:46,140 --> 00:37:48,119
you have installed inside of your Cal
992
00:37:48,119 --> 00:37:50,160
Linux doesn't necessarily have to be
993
00:37:50,160 --> 00:37:52,619
installed inside of your pycharm program
994
00:37:52,619 --> 00:37:55,980
therefore this ipy library has not been
995
00:37:55,980 --> 00:37:57,900
installed inside of this virtual
996
00:37:57,900 --> 00:38:00,180
environment so where can we install it
997
00:38:00,180 --> 00:38:04,440
well you can go here on Terminal and you
998
00:38:04,440 --> 00:38:06,240
will see right away that before the root
999
00:38:06,240 --> 00:38:09,000
Cali and then the actual directory we
1000
00:38:09,000 --> 00:38:11,940
have this VNV inside of brackets which
1001
00:38:11,940 --> 00:38:13,800
stands for virtual environment
1002
00:38:13,800 --> 00:38:15,540
so right here if we type the same
1003
00:38:15,540 --> 00:38:18,440
command which is pip3 installed and then
1004
00:38:18,440 --> 00:38:21,599
ipy press here enter
1005
00:38:21,599 --> 00:38:23,640
you can see that right now it is
1006
00:38:23,640 --> 00:38:25,560
successfully downloading it and it has
1007
00:38:25,560 --> 00:38:27,540
downloaded it inside of our virtual
1008
00:38:27,540 --> 00:38:30,300
environment right now if we lower this
1009
00:38:30,300 --> 00:38:33,119
go right here you can see that this is
1010
00:38:33,119 --> 00:38:35,400
no longer red underlined and now we have
1011
00:38:35,400 --> 00:38:37,859
both of our libraries ready to use
1012
00:38:37,859 --> 00:38:40,079
so I just wanted to show you that
1013
00:38:40,079 --> 00:38:41,760
because it is really important and we
1014
00:38:41,760 --> 00:38:43,200
will be switching between libraries
1015
00:38:43,200 --> 00:38:45,300
throughout the entire course so it is
1016
00:38:45,300 --> 00:38:46,800
important for you to understand the
1017
00:38:46,800 --> 00:38:48,200
meaning of a virtual environment
1018
00:38:48,200 --> 00:38:50,700
therefore once you next time try to
1019
00:38:50,700 --> 00:38:52,200
install a desired library that is
1020
00:38:52,200 --> 00:38:54,240
missing from Pine charm don't use
1021
00:38:54,240 --> 00:38:56,640
calendar next terminal like this you
1022
00:38:56,640 --> 00:38:58,740
simply just go down here and inside of
1023
00:38:58,740 --> 00:39:00,420
this python project you can install the
1024
00:39:00,420 --> 00:39:02,460
desired library inside of the virtual
1025
00:39:02,460 --> 00:39:03,540
environment
1026
00:39:03,540 --> 00:39:05,460
so now that we imported the desired
1027
00:39:05,460 --> 00:39:07,560
libraries in the next video we can start
1028
00:39:07,560 --> 00:39:10,200
finally coding our Port scanner
1029
00:39:10,200 --> 00:39:12,900
see you there bye welcome back everybody
1030
00:39:12,900 --> 00:39:15,839
let's continue with our Port scanner so
1031
00:39:15,839 --> 00:39:17,820
what we did by now is we imported two
1032
00:39:17,820 --> 00:39:19,380
libraries that we need in order for our
1033
00:39:19,380 --> 00:39:21,660
program to work let's get straight into
1034
00:39:21,660 --> 00:39:23,880
coding the main program
1035
00:39:23,880 --> 00:39:26,640
okay so first thing let's think about it
1036
00:39:26,640 --> 00:39:28,859
what we need to logically do in order to
1037
00:39:28,859 --> 00:39:30,839
discover where the report is open or
1038
00:39:30,839 --> 00:39:31,740
closed
1039
00:39:31,740 --> 00:39:33,599
well we need to establish a connection
1040
00:39:33,599 --> 00:39:36,599
with the target machine and then we need
1041
00:39:36,599 --> 00:39:38,520
to try to connect to the specific Port
1042
00:39:38,520 --> 00:39:41,160
if we manage to connect the port is open
1043
00:39:41,160 --> 00:39:43,500
if we don't manage to connect the port
1044
00:39:43,500 --> 00:39:44,640
is closed
1045
00:39:44,640 --> 00:39:46,260
now there is another thing that can
1046
00:39:46,260 --> 00:39:47,880
happen and that is that the port is
1047
00:39:47,880 --> 00:39:49,500
filtered but we are not going to cover
1048
00:39:49,500 --> 00:39:52,380
that at the moment so first of all let's
1049
00:39:52,380 --> 00:39:54,660
see how we can establish the connection
1050
00:39:54,660 --> 00:39:57,380
here is where we use the socket Library
1051
00:39:57,380 --> 00:39:59,700
socket Library allows us to establish
1052
00:39:59,700 --> 00:40:03,180
the connection over internet so how can
1053
00:40:03,180 --> 00:40:05,820
we do that well it's rather easy and
1054
00:40:05,820 --> 00:40:07,140
it's something that we will use
1055
00:40:07,140 --> 00:40:09,599
throughout this course a lot it's a same
1056
00:40:09,599 --> 00:40:11,760
shim of a few different lines of code
1057
00:40:11,760 --> 00:40:13,619
that will allow us to connect to the
1058
00:40:13,619 --> 00:40:15,119
Target machine
1059
00:40:15,119 --> 00:40:17,820
so in the first line we will Define a
1060
00:40:17,820 --> 00:40:19,680
socket descriptor
1061
00:40:19,680 --> 00:40:22,079
we do that by specifying the name and
1062
00:40:22,079 --> 00:40:25,440
then equals socket.socket
1063
00:40:25,440 --> 00:40:27,240
just like this we Define the socket
1064
00:40:27,240 --> 00:40:28,740
descriptor and you can name this
1065
00:40:28,740 --> 00:40:30,240
anything you want it doesn't have to be
1066
00:40:30,240 --> 00:40:32,940
named sock it can be named s but for the
1067
00:40:32,940 --> 00:40:34,380
purpose of this tutorial we're going to
1068
00:40:34,380 --> 00:40:36,960
leave it on sock as soon as we do that
1069
00:40:36,960 --> 00:40:38,700
we can try to connect to the Target
1070
00:40:38,700 --> 00:40:39,839
machine
1071
00:40:39,839 --> 00:40:42,720
so sock.connect
1072
00:40:42,720 --> 00:40:45,119
and inside the disconnect function we
1073
00:40:45,119 --> 00:40:47,040
need to specify two open and two close
1074
00:40:47,040 --> 00:40:49,320
brackets and there we need to specify
1075
00:40:49,320 --> 00:40:51,180
the IP address
1076
00:40:51,180 --> 00:40:54,180
and the port that we want to connect to
1077
00:40:54,180 --> 00:40:56,940
all right now you will see right away
1078
00:40:56,940 --> 00:40:59,700
that once again this IP address and this
1079
00:40:59,700 --> 00:41:02,579
port is underlined red that means that
1080
00:41:02,579 --> 00:41:05,160
this is not defined so we need to Define
1081
00:41:05,160 --> 00:41:08,400
what IP address is and what port is
1082
00:41:08,400 --> 00:41:10,500
what we're going to do is we're simply
1083
00:41:10,500 --> 00:41:11,940
just going to create a variable which
1084
00:41:11,940 --> 00:41:13,920
will be called IP address
1085
00:41:13,920 --> 00:41:16,560
and we're going to set this variable to
1086
00:41:16,560 --> 00:41:18,540
be equal to whatever the user of this
1087
00:41:18,540 --> 00:41:20,640
program inputs during the running of the
1088
00:41:20,640 --> 00:41:22,020
program
1089
00:41:22,020 --> 00:41:23,579
now what they mean by that is we're
1090
00:41:23,579 --> 00:41:25,500
going to use the input function which
1091
00:41:25,500 --> 00:41:27,900
allows us to add the runtime specify the
1092
00:41:27,900 --> 00:41:30,180
IP address that we want to scan
1093
00:41:30,180 --> 00:41:31,980
so we're going to prompt to the user of
1094
00:41:31,980 --> 00:41:33,359
this program
1095
00:41:33,359 --> 00:41:35,099
something like this
1096
00:41:35,099 --> 00:41:39,079
enter Target to scan
1097
00:41:39,300 --> 00:41:41,660
okay
1098
00:41:42,240 --> 00:41:44,520
now that we have that we also need to
1099
00:41:44,520 --> 00:41:46,560
define the port
1100
00:41:46,560 --> 00:41:50,460
and let's say the port will be port 80.
1101
00:41:50,460 --> 00:41:52,320
it will be a simple integer so we're
1102
00:41:52,320 --> 00:41:54,480
going to select it like this and now our
1103
00:41:54,480 --> 00:41:56,099
code is good to go
1104
00:41:56,099 --> 00:41:58,800
all we are left to do is we're left to
1105
00:41:58,800 --> 00:42:00,240
wrap this inside of a try and accept
1106
00:42:00,240 --> 00:42:02,400
Rule and this try and accept rule
1107
00:42:02,400 --> 00:42:03,960
basically means that we are going to try
1108
00:42:03,960 --> 00:42:06,960
this and in case that doesn't work we're
1109
00:42:06,960 --> 00:42:09,359
going to try something else which will
1110
00:42:09,359 --> 00:42:12,480
be under this except part so try and
1111
00:42:12,480 --> 00:42:14,820
then sock dot connect we are trying to
1112
00:42:14,820 --> 00:42:17,160
connect to the port and if we don't
1113
00:42:17,160 --> 00:42:19,079
manage to connect we're going to print
1114
00:42:19,079 --> 00:42:21,680
to the screen
1115
00:42:21,960 --> 00:42:25,040
that's the port
1116
00:42:25,640 --> 00:42:27,839
is closed
1117
00:42:27,839 --> 00:42:31,040
and one can simply just specify Port 80
1118
00:42:31,040 --> 00:42:34,380
is closed because we are scanning that
1119
00:42:34,380 --> 00:42:35,220
port
1120
00:42:35,220 --> 00:42:38,280
if we do manage to connect we can print
1121
00:42:38,280 --> 00:42:43,800
Port 80 is open okay so this is the base
1122
00:42:43,800 --> 00:42:46,200
part of the program let's see whether
1123
00:42:46,200 --> 00:42:49,140
this works now in order to test this and
1124
00:42:49,140 --> 00:42:51,000
see whether it works I'm going to pick a
1125
00:42:51,000 --> 00:42:52,619
random IP address which in this case
1126
00:42:52,619 --> 00:42:55,140
will be the IP address of my laptop and
1127
00:42:55,140 --> 00:42:56,460
in your case you can simply just scan
1128
00:42:56,460 --> 00:42:58,619
any website on the internet for example
1129
00:42:58,619 --> 00:43:02,700
let's say we go to Firefox
1130
00:43:02,700 --> 00:43:05,280
and we can visit any website we want now
1131
00:43:05,280 --> 00:43:07,680
keep in mind once we actually manage to
1132
00:43:07,680 --> 00:43:09,240
visit the website that means that the
1133
00:43:09,240 --> 00:43:11,160
port 80 is open because we are loading
1134
00:43:11,160 --> 00:43:14,760
the web page so let's go to this one
1135
00:43:14,760 --> 00:43:17,880
you can choose any you like I'm going to
1136
00:43:17,880 --> 00:43:20,599
scan this one
1137
00:43:21,180 --> 00:43:23,700
okay so let's copy this
1138
00:43:23,700 --> 00:43:26,099
this is the name of the website
1139
00:43:26,099 --> 00:43:28,079
let's go right here inside of our
1140
00:43:28,079 --> 00:43:30,180
terminal and let's try to run the
1141
00:43:30,180 --> 00:43:32,880
program Python 3 and then the name of
1142
00:43:32,880 --> 00:43:36,180
the program which in our case oops
1143
00:43:36,180 --> 00:43:40,160
in our case it is
1144
00:43:40,440 --> 00:43:44,400
Python 3 or scanner.py
1145
00:43:44,400 --> 00:43:46,560
it will ask us to enter the target to
1146
00:43:46,560 --> 00:43:48,780
scan now you will notice if you specify
1147
00:43:48,780 --> 00:43:51,000
like this so we paste the name of the
1148
00:43:51,000 --> 00:43:53,400
website and we click here enter it will
1149
00:43:53,400 --> 00:43:55,920
tell you that the port 80 is closed
1150
00:43:55,920 --> 00:43:58,380
now why does it tell that is the port 80
1151
00:43:58,380 --> 00:44:01,200
really closed well not really since we
1152
00:44:01,200 --> 00:44:03,480
actually managed to open it right here
1153
00:44:03,480 --> 00:44:06,240
on our Firefox therefore something is
1154
00:44:06,240 --> 00:44:07,680
wrong with our program
1155
00:44:07,680 --> 00:44:09,900
well we cannot really specify the link
1156
00:44:09,900 --> 00:44:11,520
to the actual website so how can we
1157
00:44:11,520 --> 00:44:13,260
discover the IP address to this website
1158
00:44:13,260 --> 00:44:15,119
well we can use something called
1159
00:44:15,119 --> 00:44:17,160
nslookup
1160
00:44:17,160 --> 00:44:20,520
and we specify the actual link
1161
00:44:20,520 --> 00:44:22,800
press here enter
1162
00:44:22,800 --> 00:44:25,440
and what this will do whoops it says
1163
00:44:25,440 --> 00:44:30,359
cannot find let's just try like this
1164
00:44:30,359 --> 00:44:33,660
without the http www and then the name
1165
00:44:33,660 --> 00:44:36,380
of the website
1166
00:44:36,480 --> 00:44:39,480
okay so here it is now we are able to
1167
00:44:39,480 --> 00:44:41,640
retrieve the IP address to this specific
1168
00:44:41,640 --> 00:44:43,079
website
1169
00:44:43,079 --> 00:44:45,420
what if we copy this IP address and go
1170
00:44:45,420 --> 00:44:48,300
with this so copy
1171
00:44:48,300 --> 00:44:50,700
and let's clear the screen and run our
1172
00:44:50,700 --> 00:44:53,520
Port scanner once again enter Target to
1173
00:44:53,520 --> 00:44:56,640
scan we paste this and now we get the
1174
00:44:56,640 --> 00:44:59,339
correct result it says Port 80 is open
1175
00:44:59,339 --> 00:45:02,280
okay so for now on what we did we
1176
00:45:02,280 --> 00:45:04,319
created two simple variables one will
1177
00:45:04,319 --> 00:45:06,240
host the IP address that we input during
1178
00:45:06,240 --> 00:45:08,040
the running of the program and the other
1179
00:45:08,040 --> 00:45:10,980
one will host the port number 80. so we
1180
00:45:10,980 --> 00:45:12,420
are not inputting this we are not
1181
00:45:12,420 --> 00:45:14,099
changing this this will simply just
1182
00:45:14,099 --> 00:45:15,900
stick to 80 for now
1183
00:45:15,900 --> 00:45:18,720
then we try to connect and if we manage
1184
00:45:18,720 --> 00:45:20,640
to connect we print that the port 80 is
1185
00:45:20,640 --> 00:45:22,980
open if we don't manage to connect we
1186
00:45:22,980 --> 00:45:25,200
print Port 80 is closed
1187
00:45:25,200 --> 00:45:27,359
okay so good for now we discovered that
1188
00:45:27,359 --> 00:45:29,700
the port 80 is open on this specific
1189
00:45:29,700 --> 00:45:31,560
website that we scanned
1190
00:45:31,560 --> 00:45:33,180
but this is not really what we want
1191
00:45:33,180 --> 00:45:35,940
right we want to actually scan multiple
1192
00:45:35,940 --> 00:45:39,000
targets we want to scan all ports or as
1193
00:45:39,000 --> 00:45:41,339
many number of ports as we like we want
1194
00:45:41,339 --> 00:45:43,260
to print which port is open which Port
1195
00:45:43,260 --> 00:45:44,640
is closed
1196
00:45:44,640 --> 00:45:47,520
and ideally we also want to connect to
1197
00:45:47,520 --> 00:45:49,740
that port and see which software is it
1198
00:45:49,740 --> 00:45:51,780
running on that open port
1199
00:45:51,780 --> 00:45:53,940
now that word scanner would be a really
1200
00:45:53,940 --> 00:45:54,960
good one
1201
00:45:54,960 --> 00:45:56,940
so let's see in the next few videos how
1202
00:45:56,940 --> 00:45:59,520
we can Implement all of that we would
1203
00:45:59,520 --> 00:46:01,800
also like to change this program to also
1204
00:46:01,800 --> 00:46:04,140
accept the links and not just the IP
1205
00:46:04,140 --> 00:46:06,300
addresses so you saw previously we
1206
00:46:06,300 --> 00:46:07,980
couldn't really specify the link it gave
1207
00:46:07,980 --> 00:46:10,319
us the wrong result because it cannot
1208
00:46:10,319 --> 00:46:12,060
really connect to a link inside of this
1209
00:46:12,060 --> 00:46:14,280
program but we also want to make sure
1210
00:46:14,280 --> 00:46:16,200
that once the user of this program
1211
00:46:16,200 --> 00:46:18,960
specifies a link such as www.google.com
1212
00:46:18,960 --> 00:46:21,720
it will also manage to discover open and
1213
00:46:21,720 --> 00:46:24,000
close ports so we're going to see how we
1214
00:46:24,000 --> 00:46:25,740
can perform all of that in the next few
1215
00:46:25,740 --> 00:46:26,880
lectures
1216
00:46:26,880 --> 00:46:29,339
for now on we created the base part and
1217
00:46:29,339 --> 00:46:31,079
we are ready to continue coding on
1218
00:46:31,079 --> 00:46:33,180
alright so hope I see you in the next
1219
00:46:33,180 --> 00:46:34,800
tutorial bye
1220
00:46:34,800 --> 00:46:36,839
all right welcome back let's continue
1221
00:46:36,839 --> 00:46:39,420
with our Port scanner what we did by now
1222
00:46:39,420 --> 00:46:41,040
as you can see from the previous video
1223
00:46:41,040 --> 00:46:43,380
we only discovered that the port 80 is
1224
00:46:43,380 --> 00:46:45,660
open on the website that we scanned
1225
00:46:45,660 --> 00:46:47,819
so what we need to do now is we need to
1226
00:46:47,819 --> 00:46:50,579
wrap this code inside the function
1227
00:46:50,579 --> 00:46:52,140
and let me show you why we are doing
1228
00:46:52,140 --> 00:46:54,839
that if I simply Define a function which
1229
00:46:54,839 --> 00:46:58,440
will be called scan underscore port
1230
00:46:58,440 --> 00:47:00,060
and for those of you who don't know to
1231
00:47:00,060 --> 00:47:01,680
define a function you simply just type
1232
00:47:01,680 --> 00:47:03,839
Def and then the function name
1233
00:47:03,839 --> 00:47:06,839
this function will take two parameters
1234
00:47:06,839 --> 00:47:08,940
which will be the IP address
1235
00:47:08,940 --> 00:47:10,619
which were defined at the beginning of
1236
00:47:10,619 --> 00:47:14,940
the program and it will also be report
1237
00:47:14,940 --> 00:47:16,200
okay
1238
00:47:16,200 --> 00:47:18,960
we specify two dots and now we need to
1239
00:47:18,960 --> 00:47:20,880
tap all of this code in
1240
00:47:20,880 --> 00:47:23,819
so it can belong to the function that we
1241
00:47:23,819 --> 00:47:25,380
created
1242
00:47:25,380 --> 00:47:28,500
okay so here it is what this function
1243
00:47:28,500 --> 00:47:30,720
will do is it will scan the port and it
1244
00:47:30,720 --> 00:47:34,319
will define whether it is open or closed
1245
00:47:34,319 --> 00:47:36,900
now another thing that we want to do is
1246
00:47:36,900 --> 00:47:39,060
we don't really want the ports to be
1247
00:47:39,060 --> 00:47:41,280
already predetermined for example let's
1248
00:47:41,280 --> 00:47:42,960
say that the user of this program wants
1249
00:47:42,960 --> 00:47:45,540
to scan Port 22 which is the SSH Port
1250
00:47:45,540 --> 00:47:47,880
well we want to allow them to actually
1251
00:47:47,880 --> 00:47:50,220
do that so we need to remove this port
1252
00:47:50,220 --> 00:47:52,859
equals 18.
1253
00:47:52,859 --> 00:47:55,020
and also from these comments right here
1254
00:47:55,020 --> 00:47:56,880
we want to type
1255
00:47:56,880 --> 00:47:58,859
port
1256
00:47:58,859 --> 00:48:00,900
and then we are going to type it like
1257
00:48:00,900 --> 00:48:03,180
this
1258
00:48:03,180 --> 00:48:05,060
Plus
1259
00:48:05,060 --> 00:48:08,640
string from the port and the reason why
1260
00:48:08,640 --> 00:48:10,859
we are using the string function onto
1261
00:48:10,859 --> 00:48:13,020
this port variable is because the port
1262
00:48:13,020 --> 00:48:15,500
variable will hold an integer value
1263
00:48:15,500 --> 00:48:18,000
therefore once we actually try to print
1264
00:48:18,000 --> 00:48:21,060
it we will get an error if we try to
1265
00:48:21,060 --> 00:48:23,099
print an integer value so we need to
1266
00:48:23,099 --> 00:48:24,960
convert it first to string using this
1267
00:48:24,960 --> 00:48:27,780
Str function and then we can print this
1268
00:48:27,780 --> 00:48:30,359
so for example if the for if the port is
1269
00:48:30,359 --> 00:48:34,619
number 23 this will print Port 23 is
1270
00:48:34,619 --> 00:48:35,520
open
1271
00:48:35,520 --> 00:48:39,500
we also need to do the same right here
1272
00:48:40,380 --> 00:48:43,880
string from Port
1273
00:48:44,400 --> 00:48:48,119
okay so Port 23 is closed and now let's
1274
00:48:48,119 --> 00:48:50,400
test our function but let's add a little
1275
00:48:50,400 --> 00:48:52,260
bit of a Twist to it so what we want to
1276
00:48:52,260 --> 00:48:55,500
do is we want to scan first 10 ports on
1277
00:48:55,500 --> 00:48:57,060
our website
1278
00:48:57,060 --> 00:49:00,359
all right so how can we do that well we
1279
00:49:00,359 --> 00:49:04,200
don't have a port specified at all so we
1280
00:49:04,200 --> 00:49:06,660
need to iterate over numbers 1 through
1281
00:49:06,660 --> 00:49:09,660
10 and then specify for each number that
1282
00:49:09,660 --> 00:49:12,480
the port is equal that exact number
1283
00:49:12,480 --> 00:49:14,460
let me show you what they mean so right
1284
00:49:14,460 --> 00:49:17,880
here if I go all the way down and below
1285
00:49:17,880 --> 00:49:20,819
the function I specify
1286
00:49:20,819 --> 00:49:22,980
for Port
1287
00:49:22,980 --> 00:49:24,900
in range
1288
00:49:24,900 --> 00:49:27,480
one to ten
1289
00:49:27,480 --> 00:49:31,859
I want to perform a function scan oops
1290
00:49:31,859 --> 00:49:36,119
underscore port on the IP address
1291
00:49:36,119 --> 00:49:38,940
with the port number
1292
00:49:38,940 --> 00:49:41,760
so what this will do is it will go for
1293
00:49:41,760 --> 00:49:44,339
port in range from 1 to 10 so first of
1294
00:49:44,339 --> 00:49:46,319
all Port would be number one we want to
1295
00:49:46,319 --> 00:49:48,960
scan the IP address with the port equal
1296
00:49:48,960 --> 00:49:51,480
to one then it will perform this task
1297
00:49:51,480 --> 00:49:52,800
right here
1298
00:49:52,800 --> 00:49:54,540
then it will go back
1299
00:49:54,540 --> 00:49:56,700
change the port variable to be equal to
1300
00:49:56,700 --> 00:49:59,520
2 and then it will perform the same task
1301
00:49:59,520 --> 00:50:01,920
just with the port number equal to 2.
1302
00:50:01,920 --> 00:50:03,780
also what we want to do is we want to
1303
00:50:03,780 --> 00:50:06,300
copy this
1304
00:50:06,300 --> 00:50:09,240
copy then we can delete it
1305
00:50:09,240 --> 00:50:12,020
and we can paste it below the function
1306
00:50:12,020 --> 00:50:13,980
right here
1307
00:50:13,980 --> 00:50:17,520
okay now let's see whether this works
1308
00:50:17,520 --> 00:50:19,740
so once again for this feel free to scan
1309
00:50:19,740 --> 00:50:22,380
any website you want I will simply just
1310
00:50:22,380 --> 00:50:24,480
go with the same website that we used in
1311
00:50:24,480 --> 00:50:27,000
the previous video and once again in
1312
00:50:27,000 --> 00:50:28,920
order to discover the IP address of the
1313
00:50:28,920 --> 00:50:31,380
link We simply just type nslookup
1314
00:50:31,380 --> 00:50:33,660
and then
1315
00:50:33,660 --> 00:50:37,980
the link to the actual website copy IP
1316
00:50:37,980 --> 00:50:40,220
address
1317
00:50:40,740 --> 00:50:42,900
copy
1318
00:50:42,900 --> 00:50:46,640
and then let's run the program
1319
00:50:48,180 --> 00:50:51,240
enter Target to scan we select the IP
1320
00:50:51,240 --> 00:50:54,260
address here it is
1321
00:50:54,780 --> 00:50:58,160
and now it is scanning first 10 ports
1322
00:50:58,160 --> 00:51:02,040
now right away you can notice that it's
1323
00:51:02,040 --> 00:51:03,839
not really printing anything it is
1324
00:51:03,839 --> 00:51:06,900
actually going rather slow and it is
1325
00:51:06,900 --> 00:51:08,819
still not even finished with the first
1326
00:51:08,819 --> 00:51:10,920
Port now we don't really want this we
1327
00:51:10,920 --> 00:51:13,619
want our Port scanner to work faster so
1328
00:51:13,619 --> 00:51:15,359
how can we fix this well first of all
1329
00:51:15,359 --> 00:51:18,800
Ctrl C onto the program
1330
00:51:18,960 --> 00:51:22,500
right here and then inside of our scan
1331
00:51:22,500 --> 00:51:24,300
Port function we need to add another
1332
00:51:24,300 --> 00:51:26,220
line
1333
00:51:26,220 --> 00:51:29,059
which will be
1334
00:51:29,760 --> 00:51:31,859
sock dot set
1335
00:51:31,859 --> 00:51:34,140
timeout and we want to set the timeout
1336
00:51:34,140 --> 00:51:37,079
to be equal to 0.5 seconds
1337
00:51:37,079 --> 00:51:39,660
now keep in mind also that the accuracy
1338
00:51:39,660 --> 00:51:41,940
of the scan will depend on the length of
1339
00:51:41,940 --> 00:51:44,280
the timeout so some ports will take a
1340
00:51:44,280 --> 00:51:46,619
longer to connect to and some ports will
1341
00:51:46,619 --> 00:51:48,180
take less to connect to if you simply
1342
00:51:48,180 --> 00:51:50,099
just leave it without timeout the
1343
00:51:50,099 --> 00:51:52,020
accuracy will be the highest the lower
1344
00:51:52,020 --> 00:51:55,079
the timeout the smaller the accuracy but
1345
00:51:55,079 --> 00:51:57,300
this is a price that we want to pay in
1346
00:51:57,300 --> 00:52:00,059
order to actually scan the target faster
1347
00:52:00,059 --> 00:52:02,339
so let's see whether this worked so
1348
00:52:02,339 --> 00:52:04,440
Python 3 Port scanner
1349
00:52:04,440 --> 00:52:06,720
we paste the IP address and we can see
1350
00:52:06,720 --> 00:52:09,780
Port 1 is closed and all of the 10 ports
1351
00:52:09,780 --> 00:52:12,300
are closed on our website
1352
00:52:12,300 --> 00:52:15,540
so we scan ports 1 through 10.
1353
00:52:15,540 --> 00:52:18,240
okay now this is probably correct for
1354
00:52:18,240 --> 00:52:19,800
the website that I'm scanning but how
1355
00:52:19,800 --> 00:52:21,599
can we check that well in the previous
1356
00:52:21,599 --> 00:52:23,400
video I scanned the exact same website
1357
00:52:23,400 --> 00:52:26,640
and I scan the port 80. so how can I
1358
00:52:26,640 --> 00:52:28,800
check whether this is working correctly
1359
00:52:28,800 --> 00:52:31,559
well instead of the range 1 through 10 I
1360
00:52:31,559 --> 00:52:34,520
will simply just type
1361
00:52:34,920 --> 00:52:36,960
75
1362
00:52:36,960 --> 00:52:39,599
through 85
1363
00:52:39,599 --> 00:52:41,940
and most likely all of the ports will be
1364
00:52:41,940 --> 00:52:44,940
closed except the port 80. so let's see
1365
00:52:44,940 --> 00:52:47,839
how this works Python 3 Port scanner
1366
00:52:47,839 --> 00:52:50,280
paste the IP address
1367
00:52:50,280 --> 00:52:52,800
all the ports are closed and we have one
1368
00:52:52,800 --> 00:52:57,420
port open and that is port 80. okay so
1369
00:52:57,420 --> 00:52:59,940
our program seems to work really well
1370
00:52:59,940 --> 00:53:01,980
okay so we discovered that we need to
1371
00:53:01,980 --> 00:53:03,960
set the timeout in order to actually
1372
00:53:03,960 --> 00:53:06,119
scan ports faster
1373
00:53:06,119 --> 00:53:10,140
we lose the accuracy but we gain on time
1374
00:53:10,140 --> 00:53:12,420
in the next video we're going to take a
1375
00:53:12,420 --> 00:53:15,599
look at how we can convert the link to
1376
00:53:15,599 --> 00:53:17,400
an actual IP address
1377
00:53:17,400 --> 00:53:19,319
for example we're going to take a look
1378
00:53:19,319 --> 00:53:21,240
at how we can convert our link of a
1379
00:53:21,240 --> 00:53:23,579
website to an IP address inside of our
1380
00:53:23,579 --> 00:53:25,500
program so whether the user of this
1381
00:53:25,500 --> 00:53:27,480
program specifies a link or an IP
1382
00:53:27,480 --> 00:53:29,760
address this will still work
1383
00:53:29,760 --> 00:53:31,500
okay so I hope I see you in the next
1384
00:53:31,500 --> 00:53:34,800
video and take care bye
1385
00:53:34,800 --> 00:53:36,780
welcome back everyone let's continue
1386
00:53:36,780 --> 00:53:39,599
with our Port scanner so what we did by
1387
00:53:39,599 --> 00:53:41,700
now is we simply just created this
1388
00:53:41,700 --> 00:53:43,440
function which allows us to scan the
1389
00:53:43,440 --> 00:53:46,200
ports and we also saw how we can use for
1390
00:53:46,200 --> 00:53:48,300
Loop in order to iterate over a certain
1391
00:53:48,300 --> 00:53:50,640
amount of ports and scan each and every
1392
00:53:50,640 --> 00:53:51,900
one of them
1393
00:53:51,900 --> 00:53:53,760
but right now let's see how we can
1394
00:53:53,760 --> 00:53:56,099
Implement a function that will allow the
1395
00:53:56,099 --> 00:53:58,440
user of this program to specify the
1396
00:53:58,440 --> 00:54:00,480
domain name as well as the IP address if
1397
00:54:00,480 --> 00:54:01,619
they like
1398
00:54:01,619 --> 00:54:05,339
well here is where our ipy library comes
1399
00:54:05,339 --> 00:54:06,420
in help
1400
00:54:06,420 --> 00:54:08,579
so you will notice that this is still
1401
00:54:08,579 --> 00:54:10,859
gray that means that we haven't used it
1402
00:54:10,859 --> 00:54:13,140
inside of our code and that will change
1403
00:54:13,140 --> 00:54:13,920
now
1404
00:54:13,920 --> 00:54:15,240
so
1405
00:54:15,240 --> 00:54:17,760
we'll simply just create a function up
1406
00:54:17,760 --> 00:54:20,339
here which will be called let's say
1407
00:54:20,339 --> 00:54:22,740
check underscore IP
1408
00:54:22,740 --> 00:54:24,420
and this function will take one
1409
00:54:24,420 --> 00:54:26,400
parameter which we will specify inside
1410
00:54:26,400 --> 00:54:28,200
of these brackets and that parameter
1411
00:54:28,200 --> 00:54:31,859
will be the IP address okay
1412
00:54:31,859 --> 00:54:33,900
now before we code any of this function
1413
00:54:33,900 --> 00:54:36,839
we need to specify all the way down
1414
00:54:36,839 --> 00:54:38,760
what we are going to provide to this
1415
00:54:38,760 --> 00:54:41,099
function and by that I mean which
1416
00:54:41,099 --> 00:54:43,760
parameter are we going to send well
1417
00:54:43,760 --> 00:54:46,079
logically in our case we're going to
1418
00:54:46,079 --> 00:54:48,960
send the IP address parameter keep in
1419
00:54:48,960 --> 00:54:50,579
mind that this IP address variable
1420
00:54:50,579 --> 00:54:53,520
doesn't have to store the IP address it
1421
00:54:53,520 --> 00:54:56,700
can also store the domain name
1422
00:54:56,700 --> 00:54:59,520
so what we need to do is we need to
1423
00:54:59,520 --> 00:55:01,680
simply just after the user specifies the
1424
00:55:01,680 --> 00:55:03,599
target we'll simply just call the
1425
00:55:03,599 --> 00:55:06,839
function check underscore IP and we will
1426
00:55:06,839 --> 00:55:09,420
paste the IP address
1427
00:55:09,420 --> 00:55:12,680
inside of that function
1428
00:55:13,380 --> 00:55:16,079
then we are going to store all of this
1429
00:55:16,079 --> 00:55:20,000
inside of a converted
1430
00:55:20,520 --> 00:55:23,520
underscore IP and you will see in just a
1431
00:55:23,520 --> 00:55:26,220
second why we are doing this so right
1432
00:55:26,220 --> 00:55:28,800
here we are going to scan the converted
1433
00:55:28,800 --> 00:55:31,400
IP address
1434
00:55:32,760 --> 00:55:36,000
and the port number
1435
00:55:36,000 --> 00:55:39,180
okay so let's code function above so
1436
00:55:39,180 --> 00:55:40,680
obviously we need to use this library
1437
00:55:40,680 --> 00:55:43,500
right here and this actual Library comes
1438
00:55:43,500 --> 00:55:45,300
with a specific function which is simply
1439
00:55:45,300 --> 00:55:47,640
called ipfunction okay
1440
00:55:47,640 --> 00:55:51,300
so if I go to my Google home and I have
1441
00:55:51,300 --> 00:55:53,460
a page opened right here which is
1442
00:55:53,460 --> 00:55:55,559
basically the documentation of the ipy
1443
00:55:55,559 --> 00:55:57,599
library we can see that they use right
1444
00:55:57,599 --> 00:55:59,579
here this IP function in order to
1445
00:55:59,579 --> 00:56:02,460
convert an IP address to the IP format
1446
00:56:02,460 --> 00:56:04,920
so in order for our function to work we
1447
00:56:04,920 --> 00:56:06,720
need to specify inside of the brackets
1448
00:56:06,720 --> 00:56:09,240
the IP address which is the parameter of
1449
00:56:09,240 --> 00:56:11,099
our function
1450
00:56:11,099 --> 00:56:13,380
if it manages to convert the IP address
1451
00:56:13,380 --> 00:56:15,420
that means that this works successfully
1452
00:56:15,420 --> 00:56:17,819
and that the user actually specified the
1453
00:56:17,819 --> 00:56:20,339
actual IP address to the Target if it
1454
00:56:20,339 --> 00:56:22,559
gets an value error that means that the
1455
00:56:22,559 --> 00:56:24,480
user specify the domain name
1456
00:56:24,480 --> 00:56:27,359
so let's write that right here and in
1457
00:56:27,359 --> 00:56:28,800
case you don't understand we are going
1458
00:56:28,800 --> 00:56:31,079
to test this so don't worry we're going
1459
00:56:31,079 --> 00:56:34,200
to try to convert the IP address
1460
00:56:34,200 --> 00:56:36,240
and if it manages we are going to return
1461
00:56:36,240 --> 00:56:38,940
simply what we sent to the function
1462
00:56:38,940 --> 00:56:40,500
which is the IP
1463
00:56:40,500 --> 00:56:42,839
and in case it doesn't work we are going
1464
00:56:42,839 --> 00:56:46,380
to get the value error
1465
00:56:46,380 --> 00:56:48,240
which means that the user most likely
1466
00:56:48,240 --> 00:56:50,400
specified the domain name and therefore
1467
00:56:50,400 --> 00:56:53,040
we're going to return a function which
1468
00:56:53,040 --> 00:56:54,960
belongs to the socket Library which
1469
00:56:54,960 --> 00:56:57,599
allows us to convert the actual hostname
1470
00:56:57,599 --> 00:57:00,300
to the IP address so all we need to do
1471
00:57:00,300 --> 00:57:02,280
is specify that function and call it
1472
00:57:02,280 --> 00:57:04,920
upon our IP address and we can do that
1473
00:57:04,920 --> 00:57:08,099
by simply specifying return socket dot
1474
00:57:08,099 --> 00:57:10,680
get host by name
1475
00:57:10,680 --> 00:57:13,200
and here we specify the hostname or in
1476
00:57:13,200 --> 00:57:15,960
our case the IP which we paste it to our
1477
00:57:15,960 --> 00:57:19,079
function okay so this is our internal
1478
00:57:19,079 --> 00:57:21,300
function now let's see inside of a
1479
00:57:21,300 --> 00:57:23,599
terminal
1480
00:57:23,760 --> 00:57:27,000
and let's open up our python 3.
1481
00:57:27,000 --> 00:57:31,140
and here we can import IP oops let me
1482
00:57:31,140 --> 00:57:34,319
just do it like this first of all I will
1483
00:57:34,319 --> 00:57:37,579
enlarge this so we can see it better
1484
00:57:37,579 --> 00:57:41,940
open Python 3 import or
1485
00:57:41,940 --> 00:57:44,400
from ipy
1486
00:57:44,400 --> 00:57:46,680
import IP
1487
00:57:46,680 --> 00:57:49,140
and now let's say we have a variable
1488
00:57:49,140 --> 00:57:51,359
called IP address
1489
00:57:51,359 --> 00:57:53,720
and it will be
1490
00:57:53,720 --> 00:57:57,240
192.168.1.1 okay and now if I simply
1491
00:57:57,240 --> 00:58:00,300
just call converted IP
1492
00:58:00,300 --> 00:58:01,800
equals
1493
00:58:01,800 --> 00:58:06,200
IP from IP address
1494
00:58:07,920 --> 00:58:12,020
and I print the converted IP
1495
00:58:12,359 --> 00:58:14,520
you will see it will still be the same
1496
00:58:14,520 --> 00:58:16,859
IP address so it really didn't change
1497
00:58:16,859 --> 00:58:19,319
anything therefore right here if it
1498
00:58:19,319 --> 00:58:21,180
manages to do that we're simply just
1499
00:58:21,180 --> 00:58:23,220
returning the IP address that we pasted
1500
00:58:23,220 --> 00:58:25,500
inside of this function and we are not
1501
00:58:25,500 --> 00:58:27,300
making any changes to it
1502
00:58:27,300 --> 00:58:29,880
but that is only the case if this user
1503
00:58:29,880 --> 00:58:32,220
specifies the IP address if the user
1504
00:58:32,220 --> 00:58:33,780
specifies the domain name so let's
1505
00:58:33,780 --> 00:58:35,579
create a variable called domain name
1506
00:58:35,579 --> 00:58:38,700
equals and then let's say
1507
00:58:38,700 --> 00:58:41,700
google.com
1508
00:58:42,240 --> 00:58:44,700
and we try the same thing so converted
1509
00:58:44,700 --> 00:58:46,440
IP
1510
00:58:46,440 --> 00:58:49,380
equals IP
1511
00:58:49,380 --> 00:58:52,799
from the domain name
1512
00:58:52,799 --> 00:58:55,140
and you will see we will get an error
1513
00:58:55,140 --> 00:58:57,839
and it will be the value error
1514
00:58:57,839 --> 00:59:00,299
so that is the case right here
1515
00:59:00,299 --> 00:59:02,160
then we are going to perform the get
1516
00:59:02,160 --> 00:59:04,140
host by name which will retrieve the IP
1517
00:59:04,140 --> 00:59:06,359
address of the google.com and then we
1518
00:59:06,359 --> 00:59:08,400
will return the IP address inside of our
1519
00:59:08,400 --> 00:59:10,020
scan Port function
1520
00:59:10,020 --> 00:59:11,880
so that is all there is for this
1521
00:59:11,880 --> 00:59:14,339
function now let's see whether this
1522
00:59:14,339 --> 00:59:16,260
works
1523
00:59:16,260 --> 00:59:19,200
okay so let's run the program Python 3
1524
00:59:19,200 --> 00:59:21,839
and then Port scanner
1525
00:59:21,839 --> 00:59:26,339
enter Target to scan let's say we enter
1526
00:59:26,339 --> 00:59:28,440
let's say the same website as before
1527
00:59:28,440 --> 00:59:30,599
let's not change it right now and
1528
00:59:30,599 --> 00:59:32,900
instead of the IP address we now enter
1529
00:59:32,900 --> 00:59:34,980
the domain name
1530
00:59:34,980 --> 00:59:37,740
we're going to leave this to run and
1531
00:59:37,740 --> 00:59:39,299
here we can see that it works
1532
00:59:39,299 --> 00:59:41,040
successfully as it did manage to find
1533
00:59:41,040 --> 00:59:43,740
the port 80 open we will get the same
1534
00:59:43,740 --> 00:59:46,200
result even if we scanned with an IP
1535
00:59:46,200 --> 00:59:48,359
address so right now we can specify both
1536
00:59:48,359 --> 00:59:50,819
the domain name and IP address so that
1537
00:59:50,819 --> 00:59:51,839
is good
1538
00:59:51,839 --> 00:59:53,400
now in the next video we're going to
1539
00:59:53,400 --> 00:59:54,900
take a look at how we can specify
1540
00:59:54,900 --> 00:59:56,760
multiple targets and scan multiple
1541
00:59:56,760 --> 00:59:58,319
targets at once
1542
00:59:58,319 --> 01:00:00,119
so we don't have to run our program over
1543
01:00:00,119 --> 01:00:02,160
and over again we can do the same thing
1544
01:00:02,160 --> 01:00:04,140
just by specifying multiple targets
1545
01:00:04,140 --> 01:00:05,700
inside of our program
1546
01:00:05,700 --> 01:00:08,040
and it will scan them one by one
1547
01:00:08,040 --> 01:00:10,140
so we're going to take a look at that in
1548
01:00:10,140 --> 01:00:11,700
the next tutorial hope you enjoyed this
1549
01:00:11,700 --> 01:00:13,980
small lecture and I will see you in the
1550
01:00:13,980 --> 01:00:16,079
next one bye
1551
01:00:16,079 --> 01:00:17,880
welcome back everybody and let's
1552
01:00:17,880 --> 01:00:20,160
continue with our Port scanner so we
1553
01:00:20,160 --> 01:00:21,900
managed to create a function that will
1554
01:00:21,900 --> 01:00:24,000
convert the domain name into an IP
1555
01:00:24,000 --> 01:00:26,040
address and now we want to be able to
1556
01:00:26,040 --> 01:00:28,020
specify multiple targets for our program
1557
01:00:28,020 --> 01:00:29,579
to scan
1558
01:00:29,579 --> 01:00:32,400
okay so how we can do that well it is
1559
01:00:32,400 --> 01:00:34,740
rather easy we're going to implement a
1560
01:00:34,740 --> 01:00:36,420
little bit of changes down here at the
1561
01:00:36,420 --> 01:00:38,700
bottom of our program so here you will
1562
01:00:38,700 --> 01:00:41,160
notice that we have the variable called
1563
01:00:41,160 --> 01:00:42,480
IP address
1564
01:00:42,480 --> 01:00:45,240
now it says enter Target to scan
1565
01:00:45,240 --> 01:00:47,220
well we could simply just do something
1566
01:00:47,220 --> 01:00:49,740
like this and specify to the user of
1567
01:00:49,740 --> 01:00:51,540
this program that they can also enter
1568
01:00:51,540 --> 01:00:55,140
multiple targets by typing Target slash
1569
01:00:55,140 --> 01:00:56,339
S
1570
01:00:56,339 --> 01:00:58,740
and also we're going to specify to the
1571
01:00:58,740 --> 01:01:01,020
user
1572
01:01:01,020 --> 01:01:04,940
split multiple targets
1573
01:01:05,099 --> 01:01:06,540
with
1574
01:01:06,540 --> 01:01:07,920
comma
1575
01:01:07,920 --> 01:01:12,660
okay so simple as that let us make this
1576
01:01:12,660 --> 01:01:14,579
a little bit better but this is just the
1577
01:01:14,579 --> 01:01:16,500
part where we prompt the user how they
1578
01:01:16,500 --> 01:01:19,079
can specify multiple targets now we need
1579
01:01:19,079 --> 01:01:21,119
to actually split these targets and scan
1580
01:01:21,119 --> 01:01:23,280
each one of them one by one
1581
01:01:23,280 --> 01:01:26,040
so how can we do that well first thing
1582
01:01:26,040 --> 01:01:27,780
we're going to do is so we don't get
1583
01:01:27,780 --> 01:01:29,579
confused we are going to rename this
1584
01:01:29,579 --> 01:01:33,599
into targets variable
1585
01:01:33,599 --> 01:01:35,579
and then what we're going to do we're
1586
01:01:35,579 --> 01:01:38,520
going to delete this line for now
1587
01:01:38,520 --> 01:01:42,119
we're going to specify if and then
1588
01:01:42,119 --> 01:01:44,400
comma
1589
01:01:44,400 --> 01:01:46,260
in targets
1590
01:01:46,260 --> 01:01:48,420
if there is command targets logically
1591
01:01:48,420 --> 01:01:50,220
that means that the user of this program
1592
01:01:50,220 --> 01:01:53,099
specified multiple targets to scan if
1593
01:01:53,099 --> 01:01:55,140
there is not comma inside of the targets
1594
01:01:55,140 --> 01:01:56,940
variable that means that the user only
1595
01:01:56,940 --> 01:01:59,579
specified one target to scan so we're
1596
01:01:59,579 --> 01:02:01,619
going to lead by that logic
1597
01:02:01,619 --> 01:02:05,700
so if comma is in targets then for IP
1598
01:02:05,700 --> 01:02:07,619
address
1599
01:02:07,619 --> 01:02:09,240
and we're going to call it simply just
1600
01:02:09,240 --> 01:02:11,160
IP underscore add
1601
01:02:11,160 --> 01:02:13,500
in targets
1602
01:02:13,500 --> 01:02:15,059
and we're going to call the function
1603
01:02:15,059 --> 01:02:16,920
called split
1604
01:02:16,920 --> 01:02:18,720
and what this function does is basically
1605
01:02:18,720 --> 01:02:21,480
it will split the string
1606
01:02:21,480 --> 01:02:23,520
with the character that we specify
1607
01:02:23,520 --> 01:02:25,559
inside of the brackets so we want to
1608
01:02:25,559 --> 01:02:28,319
split at every comma if we split at
1609
01:02:28,319 --> 01:02:29,760
every comma that means we're going to
1610
01:02:29,760 --> 01:02:32,400
split all of the IP addresses one by one
1611
01:02:32,400 --> 01:02:35,280
therefore we're specify right here for
1612
01:02:35,280 --> 01:02:38,040
IP address in targets.split we want to
1613
01:02:38,040 --> 01:02:42,480
scan each and every IP address so scan
1614
01:02:42,480 --> 01:02:43,920
port
1615
01:02:43,920 --> 01:02:46,500
IP address
1616
01:02:46,500 --> 01:02:48,960
and then
1617
01:02:48,960 --> 01:02:50,880
so we want to scan each and every Target
1618
01:02:50,880 --> 01:02:53,700
from this list and in order to do that
1619
01:02:53,700 --> 01:02:56,280
we're going to create a function which
1620
01:02:56,280 --> 01:02:59,339
is going to be called scan now I know we
1621
01:02:59,339 --> 01:03:01,859
do have a scan Port function but we're
1622
01:03:01,859 --> 01:03:03,480
going to use this function in order to
1623
01:03:03,480 --> 01:03:06,900
scan one single port one by one
1624
01:03:06,900 --> 01:03:08,640
and we're going to call this scan
1625
01:03:08,640 --> 01:03:10,619
function in order to scan each and every
1626
01:03:10,619 --> 01:03:12,900
Target and also convert the domain name
1627
01:03:12,900 --> 01:03:16,140
into an IP address if needed so all that
1628
01:03:16,140 --> 01:03:17,940
this function will take as a parameter
1629
01:03:17,940 --> 01:03:21,359
will be the IP address which we'll get
1630
01:03:21,359 --> 01:03:25,020
from this for Loop right here okay we
1631
01:03:25,020 --> 01:03:27,480
also want to strip it from any
1632
01:03:27,480 --> 01:03:30,540
unnecessary empty spaces in case there
1633
01:03:30,540 --> 01:03:31,559
are some
1634
01:03:31,559 --> 01:03:34,020
and right now all we need to do is code
1635
01:03:34,020 --> 01:03:38,059
this function let's go all the way up
1636
01:03:38,640 --> 01:03:41,579
and call the scan function onto the
1637
01:03:41,579 --> 01:03:45,180
target so this will be one single Target
1638
01:03:45,180 --> 01:03:47,280
and first we need to do is to get back
1639
01:03:47,280 --> 01:03:49,319
the line that we deleted before which is
1640
01:03:49,319 --> 01:03:51,540
the conversion of the IP address so
1641
01:03:51,540 --> 01:03:55,020
converted underscore IP
1642
01:03:55,020 --> 01:03:57,299
will be equal
1643
01:03:57,299 --> 01:04:00,359
to check IP which is our function that
1644
01:04:00,359 --> 01:04:02,700
we coded in the previous lecture and we
1645
01:04:02,700 --> 01:04:04,799
need to check the IP address
1646
01:04:04,799 --> 01:04:07,260
from the target which is our parameter
1647
01:04:07,260 --> 01:04:09,359
inside of the function
1648
01:04:09,359 --> 01:04:12,660
okay and now we will print just so we
1649
01:04:12,660 --> 01:04:14,400
know what we're doing we're going to
1650
01:04:14,400 --> 01:04:16,020
print
1651
01:04:16,020 --> 01:04:18,960
first of all new line character
1652
01:04:18,960 --> 01:04:22,060
which is backslash n
1653
01:04:22,060 --> 01:04:23,220
[Music]
1654
01:04:23,220 --> 01:04:24,660
Plus
1655
01:04:24,660 --> 01:04:26,880
and let's make some type of a smiley
1656
01:04:26,880 --> 01:04:28,740
right here which will look something
1657
01:04:28,740 --> 01:04:30,960
like this so
1658
01:04:30,960 --> 01:04:35,720
and let's print scanning Target
1659
01:04:36,180 --> 01:04:38,880
we also want to specify which Target are
1660
01:04:38,880 --> 01:04:40,559
we scanning in case there are multiple
1661
01:04:40,559 --> 01:04:43,500
ones so we'll specify the string of the
1662
01:04:43,500 --> 01:04:45,420
target which will be either the domain
1663
01:04:45,420 --> 01:04:47,880
name or the IP address
1664
01:04:47,880 --> 01:04:50,579
if we specify plus the string of the
1665
01:04:50,579 --> 01:04:53,880
converted IP it will only specify the IP
1666
01:04:53,880 --> 01:04:55,799
address since it will already be
1667
01:04:55,799 --> 01:04:58,380
converted from the domain name
1668
01:04:58,380 --> 01:05:00,000
but we don't want that we want to
1669
01:05:00,000 --> 01:05:01,920
specify plus the string of Target which
1670
01:05:01,920 --> 01:05:03,359
will be the names that the user
1671
01:05:03,359 --> 01:05:06,660
specified to the program and then we
1672
01:05:06,660 --> 01:05:09,839
need to copy this part from Below which
1673
01:05:09,839 --> 01:05:12,540
is four port in range
1674
01:05:12,540 --> 01:05:15,119
scan each and every port
1675
01:05:15,119 --> 01:05:17,700
let's copy this we no longer need it
1676
01:05:17,700 --> 01:05:20,700
right here we can delete it from here
1677
01:05:20,700 --> 01:05:23,040
and we can move it inside of our scan
1678
01:05:23,040 --> 01:05:25,520
function
1679
01:05:25,680 --> 01:05:27,480
so right here
1680
01:05:27,480 --> 01:05:30,000
let me just tap this properly and we're
1681
01:05:30,000 --> 01:05:33,420
going to change a few things if we need
1682
01:05:33,420 --> 01:05:37,380
so for porting range 75 to 85 we can
1683
01:05:37,380 --> 01:05:39,900
change that right away for example from
1684
01:05:39,900 --> 01:05:43,200
Port 1 to Port 100 and you can keep this
1685
01:05:43,200 --> 01:05:46,520
number as low or as high as you want
1686
01:05:46,520 --> 01:05:48,839
just for the purposes of this tutorial
1687
01:05:48,839 --> 01:05:50,700
we're going to leave it on only scanning
1688
01:05:50,700 --> 01:05:53,640
100 ports since most of the ports that
1689
01:05:53,640 --> 01:05:55,260
we want to see whether they're open or
1690
01:05:55,260 --> 01:05:58,079
closed will be in the first 100 ports
1691
01:05:58,079 --> 01:05:59,460
okay
1692
01:05:59,460 --> 01:06:01,740
and then we will call the scan Port
1693
01:06:01,740 --> 01:06:04,500
function onto the port number and also
1694
01:06:04,500 --> 01:06:06,960
onto the converted IP which we converted
1695
01:06:06,960 --> 01:06:09,480
in the first line of our function
1696
01:06:09,480 --> 01:06:12,359
okay so everything makes sense now
1697
01:06:12,359 --> 01:06:13,740
another thing that we need to change
1698
01:06:13,740 --> 01:06:15,780
down here
1699
01:06:15,780 --> 01:06:18,540
since we specified if comma in targets
1700
01:06:18,540 --> 01:06:20,700
that means that the actual user
1701
01:06:20,700 --> 01:06:23,040
specified multiple targets to scan but
1702
01:06:23,040 --> 01:06:25,260
what if they specify only one target
1703
01:06:25,260 --> 01:06:27,660
well then nothing of this will get
1704
01:06:27,660 --> 01:06:30,839
executed and we will not really scan any
1705
01:06:30,839 --> 01:06:32,819
Target throughout our program it will
1706
01:06:32,819 --> 01:06:34,680
simply just exit the program without
1707
01:06:34,680 --> 01:06:36,420
scanning the target
1708
01:06:36,420 --> 01:06:38,819
so we need to add an else statement
1709
01:06:38,819 --> 01:06:39,960
right here
1710
01:06:39,960 --> 01:06:43,680
so if command targets else
1711
01:06:43,680 --> 01:06:47,339
we want to scan the targets simple as
1712
01:06:47,339 --> 01:06:49,859
that because in this case the targets
1713
01:06:49,859 --> 01:06:51,900
will be just one IP address or one
1714
01:06:51,900 --> 01:06:54,480
domain name then it will jump from that
1715
01:06:54,480 --> 01:06:56,520
function to the scan function which will
1716
01:06:56,520 --> 01:06:58,680
convert that IP address and it will
1717
01:06:58,680 --> 01:07:01,440
perform this scan Port function onto the
1718
01:07:01,440 --> 01:07:03,900
first 100 ports
1719
01:07:03,900 --> 01:07:06,420
okay so everything makes sense now let's
1720
01:07:06,420 --> 01:07:08,520
see whether we have an error inside of
1721
01:07:08,520 --> 01:07:10,680
our program or if everything works
1722
01:07:10,680 --> 01:07:13,200
perfectly okay so let's see how we can
1723
01:07:13,200 --> 01:07:16,140
run it let's open up our terminal
1724
01:07:16,140 --> 01:07:18,240
and navigate
1725
01:07:18,240 --> 01:07:20,520
and first I will enlarge this so we can
1726
01:07:20,520 --> 01:07:22,079
see everything
1727
01:07:22,079 --> 01:07:24,359
and we need to navigate to our pycharm
1728
01:07:24,359 --> 01:07:26,400
directory it will usually be in the
1729
01:07:26,400 --> 01:07:28,319
slash root directory so here it is
1730
01:07:28,319 --> 01:07:31,559
pycharm projects I will CD to that
1731
01:07:31,559 --> 01:07:33,720
directory type LS
1732
01:07:33,720 --> 01:07:35,460
we have the test directory which we
1733
01:07:35,460 --> 01:07:37,619
created once we install the pycharm and
1734
01:07:37,619 --> 01:07:40,079
we have our Port scanner directory or
1735
01:07:40,079 --> 01:07:42,359
our Port scanner project so let's change
1736
01:07:42,359 --> 01:07:44,160
the directory to the port scanner type
1737
01:07:44,160 --> 01:07:46,559
LS once again and here is our port
1738
01:07:46,559 --> 01:07:48,180
scanner.py
1739
01:07:48,180 --> 01:07:50,220
I will clear the screen and I will run
1740
01:07:50,220 --> 01:07:51,900
the program
1741
01:07:51,900 --> 01:07:54,299
first of all let's try it with one
1742
01:07:54,299 --> 01:07:55,559
target
1743
01:07:55,559 --> 01:07:57,180
so
1744
01:07:57,180 --> 01:07:59,099
let's switch it up a little bit I will
1745
01:07:59,099 --> 01:08:01,920
use my actual router IP address in order
1746
01:08:01,920 --> 01:08:04,020
to perform test of this program so I
1747
01:08:04,020 --> 01:08:07,319
will type 182.168.1.1
1748
01:08:07,440 --> 01:08:09,480
press here enter and you will see it
1749
01:08:09,480 --> 01:08:10,799
will perform the scan really fast
1750
01:08:10,799 --> 01:08:12,500
because my router is close to me
1751
01:08:12,500 --> 01:08:15,599
therefore we can see most of the ports
1752
01:08:15,599 --> 01:08:19,020
are closed we have the port 22 open for
1753
01:08:19,020 --> 01:08:21,600
23 open
1754
01:08:21,600 --> 01:08:25,080
let's see which ones are also open port
1755
01:08:25,080 --> 01:08:29,580
53 open for the DNS and Port 80 open all
1756
01:08:29,580 --> 01:08:32,698
the other ports are closed okay
1757
01:08:32,698 --> 01:08:36,120
so right away we can notice that this is
1758
01:08:36,120 --> 01:08:38,640
not really that good to look at we don't
1759
01:08:38,640 --> 01:08:40,259
really want to print the closed ports as
1760
01:08:40,259 --> 01:08:41,819
there is too much happening right here
1761
01:08:41,819 --> 01:08:43,560
especially if you scan more than 100
1762
01:08:43,560 --> 01:08:45,719
ports it will be really hard to find all
1763
01:08:45,719 --> 01:08:47,640
of the open ones so let's see what we
1764
01:08:47,640 --> 01:08:49,859
can do inside of our program in order to
1765
01:08:49,859 --> 01:08:52,920
print only the open ports okay so right
1766
01:08:52,920 --> 01:08:54,540
here whoops
1767
01:08:54,540 --> 01:08:56,819
need to go right here inside our code
1768
01:08:56,819 --> 01:08:59,759
and in the scan Port function is our
1769
01:08:59,759 --> 01:09:01,920
print statements for default open and
1770
01:09:01,920 --> 01:09:05,040
Port closed so what we can do is instead
1771
01:09:05,040 --> 01:09:07,500
of Printing Port is closed we can delete
1772
01:09:07,500 --> 01:09:09,920
this
1773
01:09:13,319 --> 01:09:16,198
and we can simply specify pass
1774
01:09:16,198 --> 01:09:17,939
now what this will do is it will not
1775
01:09:17,939 --> 01:09:20,219
perform anything it will not print any
1776
01:09:20,219 --> 01:09:23,160
statements it will simply just pass in
1777
01:09:23,160 --> 01:09:26,399
case the port is closed okay simple as
1778
01:09:26,399 --> 01:09:30,719
that let's test it once again Python 3
1779
01:09:30,719 --> 01:09:34,380
Port scanner.py specify the IP address
1780
01:09:34,380 --> 01:09:36,600
of my router once again and this is a
1781
01:09:36,600 --> 01:09:38,580
lot better we can see scanning Target
1782
01:09:38,580 --> 01:09:41,279
and then the actual IP address of my
1783
01:09:41,279 --> 01:09:44,279
router and then which ports are open and
1784
01:09:44,279 --> 01:09:46,500
it is the exact same four ports that we
1785
01:09:46,500 --> 01:09:48,238
saw before
1786
01:09:48,238 --> 01:09:50,580
let's try another Target let's specify
1787
01:09:50,580 --> 01:09:52,560
actually two Targets now
1788
01:09:52,560 --> 01:09:55,140
if I run the program
1789
01:09:55,140 --> 01:09:57,900
and for this test you can specify the
1790
01:09:57,900 --> 01:10:00,060
same Target as I will which will be an
1791
01:10:00,060 --> 01:10:01,320
actual domain name
1792
01:10:01,320 --> 01:10:06,420
which is called test PHP Dot oneweb.com
1793
01:10:06,420 --> 01:10:08,520
okay
1794
01:10:08,520 --> 01:10:11,100
so let's specify this Target and also
1795
01:10:11,100 --> 01:10:13,380
you can specify any other random IP
1796
01:10:13,380 --> 01:10:15,600
address or domain name if you want in
1797
01:10:15,600 --> 01:10:17,280
this case I will specify once again my
1798
01:10:17,280 --> 01:10:19,920
router so we have a mixture of the
1799
01:10:19,920 --> 01:10:22,260
domain name and the IP address so we can
1800
01:10:22,260 --> 01:10:24,239
see whether this will work properly if I
1801
01:10:24,239 --> 01:10:27,239
press enter it will first start off with
1802
01:10:27,239 --> 01:10:29,580
this domain name right here and it will
1803
01:10:29,580 --> 01:10:32,040
scan for the open ports and then it will
1804
01:10:32,040 --> 01:10:34,380
proceed to the IP address of my router
1805
01:10:34,380 --> 01:10:37,020
and scan the open ports for that router
1806
01:10:37,020 --> 01:10:38,040
as well
1807
01:10:38,040 --> 01:10:40,679
so we can see on the first link it found
1808
01:10:40,679 --> 01:10:45,719
four ports open for 21 22 53 and 80 and
1809
01:10:45,719 --> 01:10:47,940
on my router the same four ports as
1810
01:10:47,940 --> 01:10:48,900
before
1811
01:10:48,900 --> 01:10:51,540
program works correctly
1812
01:10:51,540 --> 01:10:53,159
we're almost close to finishing our
1813
01:10:53,159 --> 01:10:55,440
program but there is one more thing that
1814
01:10:55,440 --> 01:10:57,780
we actually want to do we want to also
1815
01:10:57,780 --> 01:11:00,179
print which service is running on an
1816
01:11:00,179 --> 01:11:01,739
open port
1817
01:11:01,739 --> 01:11:04,260
for example let's say we want to
1818
01:11:04,260 --> 01:11:06,239
discover whether Port 80 is running
1819
01:11:06,239 --> 01:11:08,640
Apache 2 or some other version of a web
1820
01:11:08,640 --> 01:11:10,140
server
1821
01:11:10,140 --> 01:11:12,600
well we can do that by simply grabbing
1822
01:11:12,600 --> 01:11:15,600
the banner on an open port and more
1823
01:11:15,600 --> 01:11:17,460
about that in the next lecture for now
1824
01:11:17,460 --> 01:11:19,500
on we are glad that we can scan multiple
1825
01:11:19,500 --> 01:11:21,480
targets whether they are specified as a
1826
01:11:21,480 --> 01:11:24,360
domain name or as an IP address we can
1827
01:11:24,360 --> 01:11:27,060
split them by comma we can also scan one
1828
01:11:27,060 --> 01:11:29,699
target if we want and we also print only
1829
01:11:29,699 --> 01:11:31,380
open ports as we are not really
1830
01:11:31,380 --> 01:11:34,380
interested in the closed ports okay so
1831
01:11:34,380 --> 01:11:36,060
thank you for watching this lecture and
1832
01:11:36,060 --> 01:11:39,300
I will see you in the next one bye
1833
01:11:39,300 --> 01:11:41,699
welcome back everybody and let's finally
1834
01:11:41,699 --> 01:11:44,760
finish our Port scanner as I mentioned
1835
01:11:44,760 --> 01:11:46,679
in the previous video we're only left to
1836
01:11:46,679 --> 01:11:48,900
do one small thing before our Port
1837
01:11:48,900 --> 01:11:51,719
scanner is complete and ready to use and
1838
01:11:51,719 --> 01:11:53,460
that is to perform the banner grabbing
1839
01:11:53,460 --> 01:11:55,980
on the open ports to discover which
1840
01:11:55,980 --> 01:11:57,960
services and which softwares are running
1841
01:11:57,960 --> 01:12:00,780
on those open ports which can give us
1842
01:12:00,780 --> 01:12:02,760
even more detail and information that we
1843
01:12:02,760 --> 01:12:06,239
can use in our future attack okay so
1844
01:12:06,239 --> 01:12:07,679
what we need to do
1845
01:12:07,679 --> 01:12:10,500
is let's first of all think how we can
1846
01:12:10,500 --> 01:12:12,060
actually grab the banner from an open
1847
01:12:12,060 --> 01:12:14,640
port well logically we need to connect
1848
01:12:14,640 --> 01:12:17,520
to that Port we need to try to receive
1849
01:12:17,520 --> 01:12:20,040
something from that open port and then
1850
01:12:20,040 --> 01:12:22,260
read that information that we received
1851
01:12:22,260 --> 01:12:23,640
from that port
1852
01:12:23,640 --> 01:12:25,739
so we already performed half of that job
1853
01:12:25,739 --> 01:12:28,260
we connect to that Port right here at
1854
01:12:28,260 --> 01:12:29,400
this line
1855
01:12:29,400 --> 01:12:31,620
so all we're left to do after it is
1856
01:12:31,620 --> 01:12:33,960
check whether that Port retrieves some
1857
01:12:33,960 --> 01:12:36,000
information or send some information
1858
01:12:36,000 --> 01:12:39,540
back to us once we connect okay so how
1859
01:12:39,540 --> 01:12:41,699
can we do that well right after the
1860
01:12:41,699 --> 01:12:44,520
connect function we can try to retrieve
1861
01:12:44,520 --> 01:12:45,960
the information
1862
01:12:45,960 --> 01:12:47,699
we're going to use a specific function
1863
01:12:47,699 --> 01:12:49,739
to do that and we will store the result
1864
01:12:49,739 --> 01:12:51,780
of that function inside of our variable
1865
01:12:51,780 --> 01:12:54,600
which we will name Banner so Banner will
1866
01:12:54,600 --> 01:12:56,219
be equal
1867
01:12:56,219 --> 01:12:58,679
uh to the function which will be called
1868
01:12:58,679 --> 01:13:01,440
get banner and that function will take
1869
01:13:01,440 --> 01:13:04,980
as a parameter the socket object
1870
01:13:04,980 --> 01:13:06,840
so we're pasting our socket object
1871
01:13:06,840 --> 01:13:08,880
inside of this function so we can use it
1872
01:13:08,880 --> 01:13:11,400
inside of it and then we will retrieve
1873
01:13:11,400 --> 01:13:13,500
the actual Banner if we manage to get it
1874
01:13:13,500 --> 01:13:15,600
to the banner variable
1875
01:13:15,600 --> 01:13:18,060
all right so let's first of all code
1876
01:13:18,060 --> 01:13:20,460
that function we can do it right here
1877
01:13:20,460 --> 01:13:22,140
between the scan port and check
1878
01:13:22,140 --> 01:13:25,020
ipfunction and we will call it as we
1879
01:13:25,020 --> 01:13:27,719
already said get Banner
1880
01:13:27,719 --> 01:13:29,520
this function will take the socket
1881
01:13:29,520 --> 01:13:31,140
object as a parameter which we already
1882
01:13:31,140 --> 01:13:33,840
pasted inside of our scan Port function
1883
01:13:33,840 --> 01:13:36,480
and all we need to return from this is
1884
01:13:36,480 --> 01:13:39,540
we need to return the socket object and
1885
01:13:39,540 --> 01:13:41,820
then dot receive which is the function
1886
01:13:41,820 --> 01:13:44,460
that receives the data from this open
1887
01:13:44,460 --> 01:13:45,900
port
1888
01:13:45,900 --> 01:13:47,940
we can also specify inside of the
1889
01:13:47,940 --> 01:13:50,040
brackets which amount of bytes we want
1890
01:13:50,040 --> 01:13:52,320
to receive and usually this number is
1891
01:13:52,320 --> 01:13:56,280
specified as 1024 bytes as we don't
1892
01:13:56,280 --> 01:13:58,260
really need more in order to get and
1893
01:13:58,260 --> 01:14:00,840
print the banner okay so this is the
1894
01:14:00,840 --> 01:14:03,600
entire function the entire get Banner
1895
01:14:03,600 --> 01:14:05,580
function now we need to perform some
1896
01:14:05,580 --> 01:14:07,560
modifications right here inside of our
1897
01:14:07,560 --> 01:14:08,580
program
1898
01:14:08,580 --> 01:14:12,719
so we have the function right here
1899
01:14:12,719 --> 01:14:15,360
and we try right here to store the
1900
01:14:15,360 --> 01:14:18,659
banner inside this variable okay
1901
01:14:18,659 --> 01:14:21,420
now if we do manage to store it we're
1902
01:14:21,420 --> 01:14:22,920
going to print
1903
01:14:22,920 --> 01:14:25,679
port and then the string of the port is
1904
01:14:25,679 --> 01:14:26,940
open
1905
01:14:26,940 --> 01:14:28,920
but let's change it up so it looks a
1906
01:14:28,920 --> 01:14:30,659
little bit better so we're going to
1907
01:14:30,659 --> 01:14:33,480
delete all of this and print the exact
1908
01:14:33,480 --> 01:14:36,000
same thing just with the Bender attached
1909
01:14:36,000 --> 01:14:37,800
so we're going to print something like
1910
01:14:37,800 --> 01:14:39,960
this let's add the plus sign which means
1911
01:14:39,960 --> 01:14:43,679
that the port is open so open port
1912
01:14:43,679 --> 01:14:47,460
and then space we will add the string of
1913
01:14:47,460 --> 01:14:50,100
the port number that we are scanning
1914
01:14:50,100 --> 01:14:53,040
so plus the string of port
1915
01:14:53,040 --> 01:14:55,320
and then the next thing we want to do is
1916
01:14:55,320 --> 01:14:58,140
plus and we want to add the banner let's
1917
01:14:58,140 --> 01:15:00,540
separate it with two dots
1918
01:15:00,540 --> 01:15:04,620
and then add or concat the string from
1919
01:15:04,620 --> 01:15:06,000
the banner
1920
01:15:06,000 --> 01:15:10,140
to our open port number so we are going
1921
01:15:10,140 --> 01:15:12,300
to leave it like this
1922
01:15:12,300 --> 01:15:15,060
let me just see another thing that we
1923
01:15:15,060 --> 01:15:17,100
need to add is another accept statement
1924
01:15:17,100 --> 01:15:19,679
right here so accept in case we cannot
1925
01:15:19,679 --> 01:15:21,780
get the banner we're only going to print
1926
01:15:21,780 --> 01:15:24,780
open port and we're not going to print
1927
01:15:24,780 --> 01:15:26,640
any type of banner as we didn't really
1928
01:15:26,640 --> 01:15:30,620
manage to retrieve it so open port
1929
01:15:31,500 --> 01:15:35,100
plus the string of port and that is all
1930
01:15:35,100 --> 01:15:36,719
we need to do right here
1931
01:15:36,719 --> 01:15:40,320
now let's see whether this will work
1932
01:15:40,320 --> 01:15:42,360
if we open the terminal
1933
01:15:42,360 --> 01:15:44,340
right here
1934
01:15:44,340 --> 01:15:45,900
and large
1935
01:15:45,900 --> 01:15:48,120
the letter so we can see everything and
1936
01:15:48,120 --> 01:15:50,100
navigate to pycharm projects and then
1937
01:15:50,100 --> 01:15:52,199
Port scanner
1938
01:15:52,199 --> 01:15:54,659
then we try to run the port scanner and
1939
01:15:54,659 --> 01:15:56,280
specify
1940
01:15:56,280 --> 01:15:58,020
same two websites as in the previous
1941
01:15:58,020 --> 01:16:02,520
video so test PHP Dot oneweb.com
1942
01:16:02,520 --> 01:16:05,100
let's first of all try with this one
1943
01:16:05,100 --> 01:16:07,380
it will scan the Target and we can see
1944
01:16:07,380 --> 01:16:09,780
right here we do manage to retrieve some
1945
01:16:09,780 --> 01:16:12,960
of the banners from two different open
1946
01:16:12,960 --> 01:16:14,280
ports
1947
01:16:14,280 --> 01:16:16,380
so here it is we got the banner for the
1948
01:16:16,380 --> 01:16:18,719
open port 21 and now we know the
1949
01:16:18,719 --> 01:16:20,760
diversion of the software running on the
1950
01:16:20,760 --> 01:16:23,640
open port 21 which is the FTP Port is
1951
01:16:23,640 --> 01:16:25,400
pro ftpd
1952
01:16:25,400 --> 01:16:28,800
1.3.3 e server and what we can do with
1953
01:16:28,800 --> 01:16:30,840
this information we can simply just copy
1954
01:16:30,840 --> 01:16:32,940
this paste it inside of a Google and see
1955
01:16:32,940 --> 01:16:34,920
whether there is any type of exploit for
1956
01:16:34,920 --> 01:16:37,980
this specific version of the FTP server
1957
01:16:37,980 --> 01:16:40,140
we can also perform the same thing for
1958
01:16:40,140 --> 01:16:43,679
the SSH which is on Port 22 we see that
1959
01:16:43,679 --> 01:16:47,880
the version is SSH 2.1 open SSH 5.3 P1
1960
01:16:47,880 --> 01:16:50,940
Debian Ubuntu then we can copy this and
1961
01:16:50,940 --> 01:16:54,300
try to find it on Google for some and
1962
01:16:54,300 --> 01:16:55,980
try to find some vulnerabilities for
1963
01:16:55,980 --> 01:16:57,300
this version in Google
1964
01:16:57,300 --> 01:16:58,980
simple as that
1965
01:16:58,980 --> 01:17:01,260
but let's make our actual output a
1966
01:17:01,260 --> 01:17:02,880
little bit prettier we don't really want
1967
01:17:02,880 --> 01:17:05,640
it to print this B and then the
1968
01:17:05,640 --> 01:17:08,040
apostrophe and we also don't want it to
1969
01:17:08,040 --> 01:17:10,560
print the slash r or the backslash R
1970
01:17:10,560 --> 01:17:12,840
backslash n which seem to just stand for
1971
01:17:12,840 --> 01:17:15,900
the new line character okay so let's see
1972
01:17:15,900 --> 01:17:18,300
how we can get rid of that well in the
1973
01:17:18,300 --> 01:17:20,580
part where we are printing the banner if
1974
01:17:20,580 --> 01:17:22,679
we take a look at the hour output we can
1975
01:17:22,679 --> 01:17:24,540
see that the banner output starts with b
1976
01:17:24,540 --> 01:17:26,520
and then apostrophe
1977
01:17:26,520 --> 01:17:28,199
that is because we haven't really
1978
01:17:28,199 --> 01:17:30,900
decoded our Banner
1979
01:17:30,900 --> 01:17:34,199
once it actually receives the message or
1980
01:17:34,199 --> 01:17:37,560
receives this 1024 bytes those 1024
1981
01:17:37,560 --> 01:17:40,080
bytes will be encoded by default
1982
01:17:40,080 --> 01:17:42,420
in order for us to remove that b and the
1983
01:17:42,420 --> 01:17:44,640
apostrophe we can simply just type
1984
01:17:44,640 --> 01:17:46,920
Banner dot decode
1985
01:17:46,920 --> 01:17:49,080
which is a function which will remove
1986
01:17:49,080 --> 01:17:51,480
that and we also want to strip the new
1987
01:17:51,480 --> 01:17:53,219
line character so how we can do that
1988
01:17:53,219 --> 01:17:55,080
well we can add another function to this
1989
01:17:55,080 --> 01:17:58,679
Banner which is dot strip
1990
01:17:58,679 --> 01:18:02,100
and right here we can specify
1991
01:18:02,100 --> 01:18:03,900
backslash n
1992
01:18:03,900 --> 01:18:06,300
for example let's see whether this
1993
01:18:06,300 --> 01:18:09,300
worked if I go right here
1994
01:18:09,300 --> 01:18:14,159
and type same website test PHP
1995
01:18:14,159 --> 01:18:17,940
Dot oneweb.com
1996
01:18:18,900 --> 01:18:21,060
here it is now we got the prettier
1997
01:18:21,060 --> 01:18:24,000
output if you compare this one
1998
01:18:24,000 --> 01:18:26,219
with this one you will notice we no
1999
01:18:26,219 --> 01:18:28,860
longer get this B apostrophe and this
2000
01:18:28,860 --> 01:18:32,100
backslash R and backslash n
2001
01:18:32,100 --> 01:18:34,440
all right so great our Port scanner
2002
01:18:34,440 --> 01:18:36,659
works let's also test it to see whether
2003
01:18:36,659 --> 01:18:39,179
it works on multiple targets so I will
2004
01:18:39,179 --> 01:18:40,380
clear the screen
2005
01:18:40,380 --> 01:18:42,960
run my port scanner
2006
01:18:42,960 --> 01:18:45,420
specify for example three targets which
2007
01:18:45,420 --> 01:18:47,340
one of them will be this one which we
2008
01:18:47,340 --> 01:18:49,440
used in the first lectures of our Port
2009
01:18:49,440 --> 01:18:51,960
scanner then we can use the IP address
2010
01:18:51,960 --> 01:18:53,400
on my router
2011
01:18:53,400 --> 01:18:56,719
and then we can use the same test PHP
2012
01:18:56,719 --> 01:19:00,719
Dot oneweb.com
2013
01:19:01,260 --> 01:19:04,260
it will go and scan one by one first of
2014
01:19:04,260 --> 01:19:06,360
all it will start with this IP address
2015
01:19:06,360 --> 01:19:08,580
right here if it manages to find open
2016
01:19:08,580 --> 01:19:11,040
ports it will print them out if it also
2017
01:19:11,040 --> 01:19:12,780
manages to grab the banner it will also
2018
01:19:12,780 --> 01:19:15,239
print that out it will also print the
2019
01:19:15,239 --> 01:19:17,159
banner out as well next to the open port
2020
01:19:17,159 --> 01:19:19,320
then it will proceed to the next two
2021
01:19:19,320 --> 01:19:21,659
Targets and perform the exact same task
2022
01:19:21,659 --> 01:19:23,460
on both of them
2023
01:19:23,460 --> 01:19:25,739
now you might notice that some targets
2024
01:19:25,739 --> 01:19:27,780
will go slower in scanning and some
2025
01:19:27,780 --> 01:19:29,760
targets will go faster and that is
2026
01:19:29,760 --> 01:19:32,400
pretty much normal keep in mind that
2027
01:19:32,400 --> 01:19:34,260
this part right here which is the socket
2028
01:19:34,260 --> 01:19:36,840
dot set timeout is crucial in order to
2029
01:19:36,840 --> 01:19:39,900
get more or less accurate scan
2030
01:19:39,900 --> 01:19:42,480
if we simply just remove this line then
2031
01:19:42,480 --> 01:19:44,280
some actual targets might be scanning
2032
01:19:44,280 --> 01:19:47,100
for hours depending on the distance and
2033
01:19:47,100 --> 01:19:48,960
the open ports that they have and also
2034
01:19:48,960 --> 01:19:50,300
the services that they are running
2035
01:19:50,300 --> 01:19:52,440
sometimes it might take longer to
2036
01:19:52,440 --> 01:19:54,120
connect to those ports and so on and so
2037
01:19:54,120 --> 01:19:56,400
on therefore it is always good to set a
2038
01:19:56,400 --> 01:19:58,260
timeout so you don't have to wait an
2039
01:19:58,260 --> 01:20:01,080
entire day for your scan to finish
2040
01:20:01,080 --> 01:20:03,659
but by lowering this timeout you will
2041
01:20:03,659 --> 01:20:06,420
also lose the accuracy of your scan for
2042
01:20:06,420 --> 01:20:08,580
example let's say we have a port that
2043
01:20:08,580 --> 01:20:10,320
takes one second to connect to and you
2044
01:20:10,320 --> 01:20:12,840
set the timeout 0.5 seconds
2045
01:20:12,840 --> 01:20:15,960
well then after 0.5 seconds it will
2046
01:20:15,960 --> 01:20:18,000
determine that this port is closed even
2047
01:20:18,000 --> 01:20:19,920
though it is not it just takes longer to
2048
01:20:19,920 --> 01:20:22,560
connect to therefore you will lose the
2049
01:20:22,560 --> 01:20:24,420
accuracy and you will not know that that
2050
01:20:24,420 --> 01:20:26,040
port is open
2051
01:20:26,040 --> 01:20:27,900
so this part right here which is the
2052
01:20:27,900 --> 01:20:30,120
timeout is completely up to you you can
2053
01:20:30,120 --> 01:20:31,980
change it to whichever time you want
2054
01:20:31,980 --> 01:20:35,040
let's go back to our scan and we can see
2055
01:20:35,040 --> 01:20:37,260
all three scans have finished on the
2056
01:20:37,260 --> 01:20:39,420
first Target we only found one open port
2057
01:20:39,420 --> 01:20:41,520
we didn't manage to retrieve any Banner
2058
01:20:41,520 --> 01:20:44,520
for it on my router we found four open
2059
01:20:44,520 --> 01:20:47,520
ports and Port 22 sent the banner back
2060
01:20:47,520 --> 01:20:49,500
to us and now we know which version of
2061
01:20:49,500 --> 01:20:51,120
software it is running
2062
01:20:51,120 --> 01:20:53,520
and the target number three we already
2063
01:20:53,520 --> 01:20:56,280
scanned and we got the exact same result
2064
01:20:56,280 --> 01:20:59,940
okay so our Port scanner is complete it
2065
01:20:59,940 --> 01:21:01,980
can scan multiple targets it retrieves
2066
01:21:01,980 --> 01:21:03,120
the banners
2067
01:21:03,120 --> 01:21:05,040
and now we are ready to use it for our
2068
01:21:05,040 --> 01:21:07,860
penetration testing okay so in the next
2069
01:21:07,860 --> 01:21:10,320
video we're going to go really fast over
2070
01:21:10,320 --> 01:21:12,120
this code so we can explain it once
2071
01:21:12,120 --> 01:21:13,800
again for those of you that have some
2072
01:21:13,800 --> 01:21:15,840
inconvenience or if there is something
2073
01:21:15,840 --> 01:21:17,280
that you do not understand I will simply
2074
01:21:17,280 --> 01:21:19,500
just go fast through that code and then
2075
01:21:19,500 --> 01:21:21,360
we're going to see how we can also
2076
01:21:21,360 --> 01:21:24,179
import our Port scanner into another
2077
01:21:24,179 --> 01:21:26,820
Python program if we want to
2078
01:21:26,820 --> 01:21:29,040
after that video we're going to proceed
2079
01:21:29,040 --> 01:21:31,980
to our next project okay so thank you
2080
01:21:31,980 --> 01:21:33,540
for watching this video and I will see
2081
01:21:33,540 --> 01:21:36,239
you in the next one bye welcome back
2082
01:21:36,239 --> 01:21:38,340
everyone and this is the last video to
2083
01:21:38,340 --> 01:21:40,440
our Port scanner project
2084
01:21:40,440 --> 01:21:42,480
right now what we're going to do is we
2085
01:21:42,480 --> 01:21:45,060
are going to first of all recap what we
2086
01:21:45,060 --> 01:21:47,159
did inside of this program
2087
01:21:47,159 --> 01:21:48,780
so we're just going to go to the program
2088
01:21:48,780 --> 01:21:50,520
code real fast and explain what
2089
01:21:50,520 --> 01:21:52,560
everything is doing once again
2090
01:21:52,560 --> 01:21:54,719
and then I will show you how you can use
2091
01:21:54,719 --> 01:21:57,000
this program and import it inside of
2092
01:21:57,000 --> 01:21:59,520
another program so you can use it all
2093
01:21:59,520 --> 01:22:01,860
right so first of all let's navigate all
2094
01:22:01,860 --> 01:22:03,480
the way down to the beginning of the
2095
01:22:03,480 --> 01:22:06,000
program here as you can see we prompt
2096
01:22:06,000 --> 01:22:08,040
the user to input the Target or multiple
2097
01:22:08,040 --> 01:22:09,960
targets we then check whether they
2098
01:22:09,960 --> 01:22:12,360
specified one target or multiple targets
2099
01:22:12,360 --> 01:22:14,699
if we find comma inside of this variable
2100
01:22:14,699 --> 01:22:16,679
that means they specified multiple
2101
01:22:16,679 --> 01:22:19,320
targets therefore we will split all of
2102
01:22:19,320 --> 01:22:21,600
those targets and for each and every IP
2103
01:22:21,600 --> 01:22:23,820
address inside of this variable we will
2104
01:22:23,820 --> 01:22:27,120
perform the scanning of that IP address
2105
01:22:27,120 --> 01:22:29,460
in any other case that means if we
2106
01:22:29,460 --> 01:22:31,440
didn't find comma that means they only
2107
01:22:31,440 --> 01:22:33,420
specified one target therefore we are
2108
01:22:33,420 --> 01:22:36,360
going to perform the scan function onto
2109
01:22:36,360 --> 01:22:38,400
the targets variable as it is only
2110
01:22:38,400 --> 01:22:41,100
storing one IP address or one domain
2111
01:22:41,100 --> 01:22:42,780
name okay
2112
01:22:42,780 --> 01:22:44,760
then once we navigate to the scan
2113
01:22:44,760 --> 01:22:46,140
function
2114
01:22:46,140 --> 01:22:48,480
here we first take the converted IP
2115
01:22:48,480 --> 01:22:50,640
variable and then we perform the check
2116
01:22:50,640 --> 01:22:53,580
IP function onto the specified Target if
2117
01:22:53,580 --> 01:22:55,620
the specified Target is simply IP
2118
01:22:55,620 --> 01:22:57,480
address we will return that IP address
2119
01:22:57,480 --> 01:22:59,520
and it will be stored inside of the
2120
01:22:59,520 --> 01:23:02,520
converted IP in case the target is an
2121
01:23:02,520 --> 01:23:04,980
actual domain name therefore we're going
2122
01:23:04,980 --> 01:23:07,020
to perform this socket get host by name
2123
01:23:07,020 --> 01:23:09,120
method which allows us to convert the
2124
01:23:09,120 --> 01:23:11,940
domain name into an IP address
2125
01:23:11,940 --> 01:23:13,320
okay
2126
01:23:13,320 --> 01:23:16,080
right after we convert the IB address we
2127
01:23:16,080 --> 01:23:19,560
scan for 100 ports now this number keep
2128
01:23:19,560 --> 01:23:21,360
in mind can be changed for example you
2129
01:23:21,360 --> 01:23:23,880
can scan for first 500 ports if you'd
2130
01:23:23,880 --> 01:23:26,340
like it doesn't have to be 100 this is a
2131
01:23:26,340 --> 01:23:28,620
number that you can change now another
2132
01:23:28,620 --> 01:23:30,179
thing that you might want to implement
2133
01:23:30,179 --> 01:23:32,340
in this program if you want is you can
2134
01:23:32,340 --> 01:23:34,380
also prompt to the user for how many
2135
01:23:34,380 --> 01:23:36,360
ports they want to scan
2136
01:23:36,360 --> 01:23:38,520
how we would do that but we will simply
2137
01:23:38,520 --> 01:23:40,560
do that by specifying something like
2138
01:23:40,560 --> 01:23:42,719
this you go to the beginning of the
2139
01:23:42,719 --> 01:23:44,820
program and there you can simply type
2140
01:23:44,820 --> 01:23:48,060
Port num let's say we call the variable
2141
01:23:48,060 --> 01:23:51,980
like that and then input
2142
01:23:53,340 --> 01:23:54,600
enter
2143
01:23:54,600 --> 01:23:58,920
number of ports that you want
2144
01:23:58,920 --> 01:24:00,480
can
2145
01:24:00,480 --> 01:24:02,520
then the user would enter the number of
2146
01:24:02,520 --> 01:24:03,659
ports
2147
01:24:03,659 --> 01:24:06,780
oops let's not leave this to to be
2148
01:24:06,780 --> 01:24:09,480
Capital let's leave it like this so
2149
01:24:09,480 --> 01:24:11,159
enter number of ports that you want to
2150
01:24:11,159 --> 01:24:13,199
scan then you would take this actual
2151
01:24:13,199 --> 01:24:15,540
variable and you will also paste it into
2152
01:24:15,540 --> 01:24:17,520
the scan function
2153
01:24:17,520 --> 01:24:19,679
once you do that if you go back to the
2154
01:24:19,679 --> 01:24:22,020
scan function right here you would
2155
01:24:22,020 --> 01:24:25,140
simply have something like portnum
2156
01:24:25,140 --> 01:24:28,440
as a parameter and then you would have
2157
01:24:28,440 --> 01:24:30,840
for porting range one through port
2158
01:24:30,840 --> 01:24:33,060
number so you wouldn't have 500 you
2159
01:24:33,060 --> 01:24:36,120
would have something like Port num
2160
01:24:36,120 --> 01:24:37,860
so simple as that
2161
01:24:37,860 --> 01:24:39,420
but we're not going to leave it like
2162
01:24:39,420 --> 01:24:41,699
this let's just leave it as the way it
2163
01:24:41,699 --> 01:24:44,040
was before this is just something that
2164
01:24:44,040 --> 01:24:45,960
you can Implement and leave it in the
2165
01:24:45,960 --> 01:24:48,780
program if you want in this case we are
2166
01:24:48,780 --> 01:24:50,760
not going to use that since it is not
2167
01:24:50,760 --> 01:24:53,040
necessary we simply just always want to
2168
01:24:53,040 --> 01:24:56,159
scan for first 500 ports
2169
01:24:56,159 --> 01:24:59,420
so I will delete this
2170
01:24:59,940 --> 01:25:02,040
also keep in mind if you leave that
2171
01:25:02,040 --> 01:25:03,840
option you also need to specify the port
2172
01:25:03,840 --> 01:25:06,179
number inside of this line right here
2173
01:25:06,179 --> 01:25:08,340
and also inside of this line right here
2174
01:25:08,340 --> 01:25:10,440
as a second parameter to the function
2175
01:25:10,440 --> 01:25:13,920
okay so once we get to this for Loop we
2176
01:25:13,920 --> 01:25:15,900
scan for each and every port between the
2177
01:25:15,900 --> 01:25:18,540
range of 1 and 500 and we do that by
2178
01:25:18,540 --> 01:25:20,820
using the scan Port function
2179
01:25:20,820 --> 01:25:22,500
so let's go to the scan board function
2180
01:25:22,500 --> 01:25:24,480
and this is the main part of the program
2181
01:25:24,480 --> 01:25:27,000
here we create the socket object we set
2182
01:25:27,000 --> 01:25:28,980
the timeout so we don't actually waste
2183
01:25:28,980 --> 01:25:31,080
too much of our time trying to figure
2184
01:25:31,080 --> 01:25:32,760
out whether a port is closed or open
2185
01:25:32,760 --> 01:25:35,760
keep in mind that the accuracy of the
2186
01:25:35,760 --> 01:25:37,739
scan will depend on the amount of the
2187
01:25:37,739 --> 01:25:40,020
timeout that you set the lower the
2188
01:25:40,020 --> 01:25:42,000
timeout the lesser the accuracy the
2189
01:25:42,000 --> 01:25:43,860
harder the timeout the bigger the
2190
01:25:43,860 --> 01:25:46,620
accuracy okay so then we perform the
2191
01:25:46,620 --> 01:25:48,719
connect function onto the target IP
2192
01:25:48,719 --> 01:25:50,760
address and the port number
2193
01:25:50,760 --> 01:25:52,739
right after it if we manage to connect
2194
01:25:52,739 --> 01:25:54,900
we will simply just try to get banner
2195
01:25:54,900 --> 01:25:57,239
and figure out which software is the
2196
01:25:57,239 --> 01:25:58,860
target running on that specific open
2197
01:25:58,860 --> 01:26:00,840
port if we don't manage to get the
2198
01:26:00,840 --> 01:26:02,639
Bender we will simply just print open
2199
01:26:02,639 --> 01:26:04,679
port without the banner and if we do
2200
01:26:04,679 --> 01:26:06,659
manage to get it we'll print open port
2201
01:26:06,659 --> 01:26:09,239
then the port number and we will attach
2202
01:26:09,239 --> 01:26:13,500
the banner right after the two dots okay
2203
01:26:13,500 --> 01:26:15,659
in any other case if we don't manage to
2204
01:26:15,659 --> 01:26:17,580
connect we will simply just pass and not
2205
01:26:17,580 --> 01:26:19,320
print anything because we are not really
2206
01:26:19,320 --> 01:26:21,420
interested in printing which ports are
2207
01:26:21,420 --> 01:26:23,699
closed we're only interested in printing
2208
01:26:23,699 --> 01:26:27,000
the open ports okay so this is basically
2209
01:26:27,000 --> 01:26:29,219
the whole idea of this port scanner
2210
01:26:29,219 --> 01:26:31,139
project and now let's see how we can
2211
01:26:31,139 --> 01:26:33,540
actually use this program and import it
2212
01:26:33,540 --> 01:26:36,300
into another program okay so how can we
2213
01:26:36,300 --> 01:26:38,219
do that well first of all what we need
2214
01:26:38,219 --> 01:26:40,380
to do is we need to create another file
2215
01:26:40,380 --> 01:26:42,900
so I'm just going to go right click on
2216
01:26:42,900 --> 01:26:45,739
the port scanner
2217
01:26:46,500 --> 01:26:49,260
then go to the new and then python file
2218
01:26:49,260 --> 01:26:53,940
and let's call this file ipscan.py
2219
01:26:54,659 --> 01:26:56,699
it will automatically add it right here
2220
01:26:56,699 --> 01:26:59,340
so you will have two tabs one for
2221
01:26:59,340 --> 01:27:01,440
default scanner and one for the IP scan
2222
01:27:01,440 --> 01:27:04,199
and now we want to import this program
2223
01:27:04,199 --> 01:27:06,000
now one thing before you actually do
2224
01:27:06,000 --> 01:27:07,620
that is you need to make sure that both
2225
01:27:07,620 --> 01:27:09,719
of these files are in the same directory
2226
01:27:09,719 --> 01:27:12,120
in my case they are both in the port
2227
01:27:12,120 --> 01:27:14,159
scanner project therefore they are in
2228
01:27:14,159 --> 01:27:16,679
the same directory so I can proceed
2229
01:27:16,679 --> 01:27:18,960
now the next thing that we need to take
2230
01:27:18,960 --> 01:27:20,760
a look at is the name of our Port
2231
01:27:20,760 --> 01:27:23,520
scanner so it is named portscanner.py
2232
01:27:23,520 --> 01:27:25,139
now in order to actually import this
2233
01:27:25,139 --> 01:27:26,940
file into another file in the same
2234
01:27:26,940 --> 01:27:29,040
directory we simply just type the
2235
01:27:29,040 --> 01:27:31,440
command import and then the name of the
2236
01:27:31,440 --> 01:27:33,360
program that we want to import in our
2237
01:27:33,360 --> 01:27:35,520
case it is Port scanner
2238
01:27:35,520 --> 01:27:38,760
so let's type it right here for scanner
2239
01:27:38,760 --> 01:27:40,560
and you will see that pycharm already
2240
01:27:40,560 --> 01:27:43,500
recognizes it therefore we successfully
2241
01:27:43,500 --> 01:27:45,540
managed to import our Port scanner
2242
01:27:45,540 --> 01:27:47,400
program
2243
01:27:47,400 --> 01:27:49,560
now how can we perform the same task
2244
01:27:49,560 --> 01:27:51,320
that we did right here
2245
01:27:51,320 --> 01:27:55,500
just without typing all of this code
2246
01:27:55,500 --> 01:27:57,600
well we can simply just call these
2247
01:27:57,600 --> 01:28:00,540
functions from our second program and
2248
01:28:00,540 --> 01:28:03,960
use them independently Okay so
2249
01:28:03,960 --> 01:28:05,940
the use of this importing is basically
2250
01:28:05,940 --> 01:28:08,159
if anyone else wants to use our Port
2251
01:28:08,159 --> 01:28:10,320
scanner they can simply just import it
2252
01:28:10,320 --> 01:28:12,000
and use the functions from that program
2253
01:28:12,000 --> 01:28:14,580
into their own program
2254
01:28:14,580 --> 01:28:16,380
so what we're going to specify right
2255
01:28:16,380 --> 01:28:19,020
here first is the IP address to for
2256
01:28:19,020 --> 01:28:20,280
example be
2257
01:28:20,280 --> 01:28:24,600
test PHP Dot oneweb.com
2258
01:28:24,600 --> 01:28:26,400
this is the domain name that we use to
2259
01:28:26,400 --> 01:28:28,920
test with our Port scanner before so
2260
01:28:28,920 --> 01:28:31,199
nothing new right here and all we need
2261
01:28:31,199 --> 01:28:33,360
to do to actually run this port scanner
2262
01:28:33,360 --> 01:28:35,580
inside of a different program is to call
2263
01:28:35,580 --> 01:28:38,340
the scan function
2264
01:28:38,340 --> 01:28:40,440
now at first you might be asking well
2265
01:28:40,440 --> 01:28:42,000
why are we calling the scan function
2266
01:28:42,000 --> 01:28:44,400
well basically you will notice that by
2267
01:28:44,400 --> 01:28:46,860
calling this scan function all of the
2268
01:28:46,860 --> 01:28:49,320
other functions get called as well
2269
01:28:49,320 --> 01:28:51,659
for example inside with the scan
2270
01:28:51,659 --> 01:28:54,060
function we first call the check IP
2271
01:28:54,060 --> 01:28:56,460
function in order to check for the IP
2272
01:28:56,460 --> 01:28:58,620
address then we call the scan Port
2273
01:28:58,620 --> 01:29:00,900
function which will scan each and every
2274
01:29:00,900 --> 01:29:03,000
port that we specify inside of this for
2275
01:29:03,000 --> 01:29:05,040
Loop and inside of the scan Port
2276
01:29:05,040 --> 01:29:07,739
function the get Banner function gets
2277
01:29:07,739 --> 01:29:10,139
called in order to print the banner so
2278
01:29:10,139 --> 01:29:11,760
we don't need to call specifically all
2279
01:29:11,760 --> 01:29:13,380
of these functions we can simply just
2280
01:29:13,380 --> 01:29:16,020
call the scan function
2281
01:29:16,020 --> 01:29:18,780
okay so how can we do that well in order
2282
01:29:18,780 --> 01:29:20,100
to call a function from a different
2283
01:29:20,100 --> 01:29:22,260
program we first of all need to specify
2284
01:29:22,260 --> 01:29:24,780
the program name just the same way that
2285
01:29:24,780 --> 01:29:26,400
you would specify a method from a
2286
01:29:26,400 --> 01:29:28,679
different library for example right here
2287
01:29:28,679 --> 01:29:32,040
we use socket library and we called a
2288
01:29:32,040 --> 01:29:34,139
method or a function
2289
01:29:34,139 --> 01:29:36,060
and we call the function from that
2290
01:29:36,060 --> 01:29:38,340
specific library but before we had to
2291
01:29:38,340 --> 01:29:40,980
specify the library name same way goes
2292
01:29:40,980 --> 01:29:42,840
here we first need to specify Port
2293
01:29:42,840 --> 01:29:46,920
scanner and then Dot and then scan
2294
01:29:46,920 --> 01:29:49,020
you remember that this can function
2295
01:29:49,020 --> 01:29:50,880
takes one argument which will be the
2296
01:29:50,880 --> 01:29:53,100
target as the pycharm already tells us
2297
01:29:53,100 --> 01:29:56,280
right here and our Target will be the IP
2298
01:29:56,280 --> 01:29:58,139
address
2299
01:29:58,139 --> 01:30:00,300
and believe it or not but this is the
2300
01:30:00,300 --> 01:30:01,620
entire program
2301
01:30:01,620 --> 01:30:04,199
just by using these three lines we can
2302
01:30:04,199 --> 01:30:06,300
perform the same thing that we did
2303
01:30:06,300 --> 01:30:10,400
inside of our Port scanner project
2304
01:30:10,560 --> 01:30:12,480
so this is the power of importing
2305
01:30:12,480 --> 01:30:14,520
libraries you can see that anyone who
2306
01:30:14,520 --> 01:30:16,380
wants to use this can simply just write
2307
01:30:16,380 --> 01:30:18,420
three lines and they will perform the
2308
01:30:18,420 --> 01:30:20,880
same task that we performed by coding
2309
01:30:20,880 --> 01:30:23,100
the entire Port scanner
2310
01:30:23,100 --> 01:30:24,780
but there is another thing that we need
2311
01:30:24,780 --> 01:30:26,820
to take a look at before we actually try
2312
01:30:26,820 --> 01:30:29,340
to run the IP scan you might notice this
2313
01:30:29,340 --> 01:30:30,840
part right here
2314
01:30:30,840 --> 01:30:33,060
well we didn't really want to run this
2315
01:30:33,060 --> 01:30:35,340
since first of all we're calling this
2316
01:30:35,340 --> 01:30:38,340
can function already inside of our
2317
01:30:38,340 --> 01:30:40,860
ipscan program therefore we don't really
2318
01:30:40,860 --> 01:30:44,460
want to call it twice and we would
2319
01:30:44,460 --> 01:30:46,139
actually call it because by importing
2320
01:30:46,139 --> 01:30:48,900
the port scanner into our ipscan we're
2321
01:30:48,900 --> 01:30:51,960
also calling this part of the code
2322
01:30:51,960 --> 01:30:54,300
importing a library simply means that we
2323
01:30:54,300 --> 01:30:55,920
are going to paste the entire Port
2324
01:30:55,920 --> 01:30:58,679
scanner code into our ipscan function
2325
01:30:58,679 --> 01:31:01,139
therefore this part of the code will
2326
01:31:01,139 --> 01:31:02,520
also get ran
2327
01:31:02,520 --> 01:31:04,500
so how can we make sure that this part
2328
01:31:04,500 --> 01:31:07,739
of the code doesn't get ran well simply
2329
01:31:07,739 --> 01:31:10,020
we can type
2330
01:31:10,020 --> 01:31:13,800
if underscore underscore name underscore
2331
01:31:13,800 --> 01:31:16,739
underscore equals equals and then open
2332
01:31:16,739 --> 01:31:19,739
double quotes underscore underscore main
2333
01:31:19,739 --> 01:31:21,840
underscore underscore
2334
01:31:21,840 --> 01:31:24,300
if this is equal to Main
2335
01:31:24,300 --> 01:31:26,639
then we're going to run this part of
2336
01:31:26,639 --> 01:31:27,900
code
2337
01:31:27,900 --> 01:31:30,600
so let's tap all of these lines in so
2338
01:31:30,600 --> 01:31:33,719
they belong to this if statement
2339
01:31:33,719 --> 01:31:36,300
and now this part of program will only
2340
01:31:36,300 --> 01:31:40,199
get ran if we run the port scanner
2341
01:31:40,199 --> 01:31:42,420
this line basically means that the
2342
01:31:42,420 --> 01:31:44,520
actual python will recognize whether
2343
01:31:44,520 --> 01:31:46,920
this program is being ran as a main
2344
01:31:46,920 --> 01:31:49,980
program or it is being imported into a
2345
01:31:49,980 --> 01:31:52,320
different program and ran from there in
2346
01:31:52,320 --> 01:31:54,000
case it is being important in different
2347
01:31:54,000 --> 01:31:55,980
program like in this case right here
2348
01:31:55,980 --> 01:31:59,400
then it will not run this part of the
2349
01:31:59,400 --> 01:32:00,300
code
2350
01:32:00,300 --> 01:32:02,280
if it is not imported into a different
2351
01:32:02,280 --> 01:32:04,380
program and if we simply just try to run
2352
01:32:04,380 --> 01:32:06,719
the port scanner itself then this part
2353
01:32:06,719 --> 01:32:09,179
of the code will actually run and that
2354
01:32:09,179 --> 01:32:12,120
is the meaning of this line right here
2355
01:32:12,120 --> 01:32:14,699
you can simply just remember this as if
2356
01:32:14,699 --> 01:32:16,739
this is the main program then run this
2357
01:32:16,739 --> 01:32:19,440
part of the code okay so right now let's
2358
01:32:19,440 --> 01:32:22,800
test our ipscan.py
2359
01:32:22,800 --> 01:32:25,500
let's open the terminal
2360
01:32:25,500 --> 01:32:30,600
and let's type Python 3 ipscan.py
2361
01:32:31,139 --> 01:32:33,719
you can see it is scanning the target it
2362
01:32:33,719 --> 01:32:36,360
already found the two ports open and it
2363
01:32:36,360 --> 01:32:38,699
will scan for first 500 ports as we
2364
01:32:38,699 --> 01:32:40,500
specified and changed the number from
2365
01:32:40,500 --> 01:32:43,440
100 to 500 you can see we are also
2366
01:32:43,440 --> 01:32:45,120
getting some banners from these open
2367
01:32:45,120 --> 01:32:50,360
ports we got open port 106 open port 110
2368
01:32:50,360 --> 01:32:53,580
143 we can see here is a long Banner
2369
01:32:53,580 --> 01:32:55,679
from that Port not really sure what this
2370
01:32:55,679 --> 01:32:57,000
is
2371
01:32:57,000 --> 01:32:59,100
we also discover another open port which
2372
01:32:59,100 --> 01:33:02,340
is Port 465 and therefore our program
2373
01:33:02,340 --> 01:33:04,800
closes as it reached the 500 ports
2374
01:33:04,800 --> 01:33:05,520
number
2375
01:33:05,520 --> 01:33:07,679
okay so it actually does work now
2376
01:33:07,679 --> 01:33:09,179
another thing that you should keep in
2377
01:33:09,179 --> 01:33:11,159
mind is that you will need to actually
2378
01:33:11,159 --> 01:33:14,580
code this part of the code into this IP
2379
01:33:14,580 --> 01:33:17,159
scan because for example if a user
2380
01:33:17,159 --> 01:33:19,320
specifies comma and then an IP address
2381
01:33:19,320 --> 01:33:22,320
this will not work because we do not
2382
01:33:22,320 --> 01:33:24,659
have this part and this if statement
2383
01:33:24,659 --> 01:33:27,120
right here therefore it will not be able
2384
01:33:27,120 --> 01:33:30,600
to scan because of this comma right here
2385
01:33:30,600 --> 01:33:32,400
so if you want to be able to scan
2386
01:33:32,400 --> 01:33:34,320
multiple targets from your ipscan
2387
01:33:34,320 --> 01:33:36,420
program make sure that you implement
2388
01:33:36,420 --> 01:33:40,560
this if statement into the IP scan but
2389
01:33:40,560 --> 01:33:41,940
we are not going to do that at the
2390
01:33:41,940 --> 01:33:43,620
moment there is no need for that we
2391
01:33:43,620 --> 01:33:45,239
already did that in the port scanner
2392
01:33:45,239 --> 01:33:47,760
program and I will leave that up to you
2393
01:33:47,760 --> 01:33:50,940
okay so with this we actually finish our
2394
01:33:50,940 --> 01:33:52,380
first project which will be the port
2395
01:33:52,380 --> 01:33:55,080
scanner and in the next project we're
2396
01:33:55,080 --> 01:33:56,639
going to take a look at how we can
2397
01:33:56,639 --> 01:33:58,620
create the vulnerability scanner which
2398
01:33:58,620 --> 01:34:01,020
will be based on this port scanner that
2399
01:34:01,020 --> 01:34:03,120
we just created so make sure not to
2400
01:34:03,120 --> 01:34:04,980
delete this program as we are going to
2401
01:34:04,980 --> 01:34:07,139
need it you also know that you will have
2402
01:34:07,139 --> 01:34:09,300
all of these actual programs in the
2403
01:34:09,300 --> 01:34:11,219
resources at the end of each project
2404
01:34:11,219 --> 01:34:13,199
okay so you can simply just download
2405
01:34:13,199 --> 01:34:16,260
them if you don't want to code them I
2406
01:34:16,260 --> 01:34:18,239
hope you enjoyed this lecture and I will
2407
01:34:18,239 --> 01:34:20,280
see you in the vulnerability scanner
2408
01:34:20,280 --> 01:34:22,800
project take care and bye welcome
2409
01:34:22,800 --> 01:34:25,380
everybody to our second project of this
2410
01:34:25,380 --> 01:34:27,360
course which would be a vulnerability
2411
01:34:27,360 --> 01:34:30,420
scanner all right so what we did by now
2412
01:34:30,420 --> 01:34:32,940
is we created our Port scanner which
2413
01:34:32,940 --> 01:34:34,920
managed to scan multiple targets as well
2414
01:34:34,920 --> 01:34:37,139
as one Target and also discover which
2415
01:34:37,139 --> 01:34:39,659
ports were open and closed and we also
2416
01:34:39,659 --> 01:34:40,920
managed to discover some of the
2417
01:34:40,920 --> 01:34:43,440
softwares running on those open ports
2418
01:34:43,440 --> 01:34:45,780
all right right now we want to advance
2419
01:34:45,780 --> 01:34:47,760
our game and create a vulnerability
2420
01:34:47,760 --> 01:34:49,560
scanner which will be able to detect
2421
01:34:49,560 --> 01:34:52,080
which of those softwares are potentially
2422
01:34:52,080 --> 01:34:54,780
vulnerable to some type of the attack
2423
01:34:54,780 --> 01:34:56,580
so there are a few approaches that we
2424
01:34:56,580 --> 01:34:59,159
can do in order to create this I picked
2425
01:34:59,159 --> 01:35:01,679
one which is going to be based on our
2426
01:35:01,679 --> 01:35:03,600
Port scanner meaning that we are first
2427
01:35:03,600 --> 01:35:06,060
going to import our Port scanner we are
2428
01:35:06,060 --> 01:35:08,460
going to scan for the open ports then we
2429
01:35:08,460 --> 01:35:10,380
are going to create a list of vulnerable
2430
01:35:10,380 --> 01:35:13,980
softwares in a txt file which then we're
2431
01:35:13,980 --> 01:35:16,080
going to also import into our program
2432
01:35:16,080 --> 01:35:18,179
and then we are going to compare the
2433
01:35:18,179 --> 01:35:20,280
softwares on the open ports with the
2434
01:35:20,280 --> 01:35:23,040
softwares named in the list or in our
2435
01:35:23,040 --> 01:35:25,860
txt file and if they do match that means
2436
01:35:25,860 --> 01:35:27,600
that we discover the loadable software
2437
01:35:27,600 --> 01:35:30,960
which can be exploited all right now you
2438
01:35:30,960 --> 01:35:32,400
can actually download some of these
2439
01:35:32,400 --> 01:35:34,080
vulnerable software's list over the
2440
01:35:34,080 --> 01:35:36,360
Internet or for the purposes of this
2441
01:35:36,360 --> 01:35:38,219
tutorial you can simply just create a
2442
01:35:38,219 --> 01:35:40,260
small list of a few softwares like I
2443
01:35:40,260 --> 01:35:42,780
will in order to test our program but
2444
01:35:42,780 --> 01:35:44,760
before we do any of that let us open up
2445
01:35:44,760 --> 01:35:47,460
our pycharm and create our new project
2446
01:35:47,460 --> 01:35:51,060
all right so I will open up my pycharm
2447
01:35:51,060 --> 01:35:53,940
by going here and typing pycharm
2448
01:35:53,940 --> 01:35:56,580
here it is it loaded fully and by
2449
01:35:56,580 --> 01:35:58,380
default it will open up our previous
2450
01:35:58,380 --> 01:36:00,360
project which will be the port scanner
2451
01:36:00,360 --> 01:36:02,340
project but we do not want to continue
2452
01:36:02,340 --> 01:36:05,040
coding inside of that project we want to
2453
01:36:05,040 --> 01:36:06,840
create a new one and then we are going
2454
01:36:06,840 --> 01:36:09,060
to copy paste the port scanner into that
2455
01:36:09,060 --> 01:36:10,500
new project
2456
01:36:10,500 --> 01:36:12,960
all right so let's wait for it to reopen
2457
01:36:12,960 --> 01:36:14,940
all of the files from the port scanner
2458
01:36:14,940 --> 01:36:15,840
project
2459
01:36:15,840 --> 01:36:18,480
okay so here it is now let's go on to
2460
01:36:18,480 --> 01:36:20,159
the file right here
2461
01:36:20,159 --> 01:36:23,480
click on the new project
2462
01:36:23,940 --> 01:36:26,100
under the create new project in the
2463
01:36:26,100 --> 01:36:28,440
location we can create a name for our
2464
01:36:28,440 --> 01:36:30,320
new project which would be
2465
01:36:30,320 --> 01:36:32,760
vulnerability or let's just type phone
2466
01:36:32,760 --> 01:36:34,739
scanner it doesn't really matter you can
2467
01:36:34,739 --> 01:36:37,139
call it anything you want and then click
2468
01:36:37,139 --> 01:36:39,360
on create it will ask you whether you
2469
01:36:39,360 --> 01:36:41,400
want to open the project inside of this
2470
01:36:41,400 --> 01:36:43,260
window or whether you want to create a
2471
01:36:43,260 --> 01:36:45,120
new window for it we can simply just
2472
01:36:45,120 --> 01:36:47,400
create this window
2473
01:36:47,400 --> 01:36:50,639
and it will open up the new project we
2474
01:36:50,639 --> 01:36:53,520
just created all right so here it is
2475
01:36:53,520 --> 01:36:54,900
it's creating all the dependencies
2476
01:36:54,900 --> 01:36:57,120
needed and right now what we're going to
2477
01:36:57,120 --> 01:37:00,540
do we're going to open up our terminal
2478
01:37:00,540 --> 01:37:02,340
we are going to navigate to our Port
2479
01:37:02,340 --> 01:37:04,800
scanner project using our terminal and
2480
01:37:04,800 --> 01:37:06,719
then we'll copy our Port scanner to the
2481
01:37:06,719 --> 01:37:09,840
vulnerability scanner right so let's go
2482
01:37:09,840 --> 01:37:13,080
to the pycharm projects if I type LS
2483
01:37:13,080 --> 01:37:16,020
here are both of these then we want to
2484
01:37:16,020 --> 01:37:18,060
navigate to the port scanner type LS
2485
01:37:18,060 --> 01:37:20,420
once again and we want to copy the port
2486
01:37:20,420 --> 01:37:23,580
scanner.py into the portability scanner
2487
01:37:23,580 --> 01:37:26,760
directory all right so CP port
2488
01:37:26,760 --> 01:37:30,780
scanner.py to the root pycharm and then
2489
01:37:30,780 --> 01:37:33,060
vulnerability scanner
2490
01:37:33,060 --> 01:37:36,120
press enter and in just a few seconds we
2491
01:37:36,120 --> 01:37:38,699
should see our Port scanner right here
2492
01:37:38,699 --> 01:37:43,159
okay so here it is let's open it up
2493
01:37:45,000 --> 01:37:47,040
and here is our program
2494
01:37:47,040 --> 01:37:49,020
now as I mentioned previously we are
2495
01:37:49,020 --> 01:37:50,820
going to base our vulnerability scanner
2496
01:37:50,820 --> 01:37:53,699
onto the sports scanner right here but
2497
01:37:53,699 --> 01:37:55,739
we're not going to code it right in this
2498
01:37:55,739 --> 01:37:57,120
program we're simply just going to
2499
01:37:57,120 --> 01:37:59,639
import our Port scanner as I showed you
2500
01:37:59,639 --> 01:38:01,380
in the previous video how you can do
2501
01:38:01,380 --> 01:38:03,179
that and we're going to perform some
2502
01:38:03,179 --> 01:38:05,340
small modifications to this program
2503
01:38:05,340 --> 01:38:07,260
right here for example we want to make
2504
01:38:07,260 --> 01:38:10,020
this program a class so we're going to
2505
01:38:10,020 --> 01:38:11,820
delete some of the functions right here
2506
01:38:11,820 --> 01:38:13,920
we're going to modify this part of the
2507
01:38:13,920 --> 01:38:15,960
program and we're going to create this
2508
01:38:15,960 --> 01:38:19,440
to be one giant class all right but more
2509
01:38:19,440 --> 01:38:21,540
about that in the next tutorial for now
2510
01:38:21,540 --> 01:38:23,760
on we just simply copy this we created
2511
01:38:23,760 --> 01:38:25,920
our new project and in the next video we
2512
01:38:25,920 --> 01:38:27,480
are ready to start coding our
2513
01:38:27,480 --> 01:38:30,840
vulnerability scanner alright so see you
2514
01:38:30,840 --> 01:38:33,300
there and take care bye
2515
01:38:33,300 --> 01:38:34,980
welcome back everybody
2516
01:38:34,980 --> 01:38:36,840
so for now we haven't really done
2517
01:38:36,840 --> 01:38:39,540
anything yet but we did import our Port
2518
01:38:39,540 --> 01:38:41,699
scanner and now we are ready to start
2519
01:38:41,699 --> 01:38:44,219
coding the main part of the program so
2520
01:38:44,219 --> 01:38:45,840
let's go to the vulnerability scanner
2521
01:38:45,840 --> 01:38:48,000
right here right click on it click on
2522
01:38:48,000 --> 01:38:50,639
the new and click on python file so all
2523
01:38:50,639 --> 01:38:52,320
of this stuff we already learned we know
2524
01:38:52,320 --> 01:38:54,540
how to do it and let's create a program
2525
01:38:54,540 --> 01:38:56,239
which will be called
2526
01:38:56,239 --> 01:38:59,040
wolfscan.py now first thing that we want
2527
01:38:59,040 --> 01:39:01,560
to do is of course to import our Port
2528
01:39:01,560 --> 01:39:04,040
scanner
2529
01:39:04,860 --> 01:39:06,840
which makes sure that it is in the same
2530
01:39:06,840 --> 01:39:09,000
directory that is important
2531
01:39:09,000 --> 01:39:10,980
and that is actually going to be the
2532
01:39:10,980 --> 01:39:12,360
only library that we are going to need
2533
01:39:12,360 --> 01:39:14,460
since these two libraries which are
2534
01:39:14,460 --> 01:39:16,139
going to be the socket library and the
2535
01:39:16,139 --> 01:39:18,900
ipy library are already imported inside
2536
01:39:18,900 --> 01:39:22,260
of this port scanner program all right
2537
01:39:22,260 --> 01:39:24,480
now you might notice once again that
2538
01:39:24,480 --> 01:39:26,699
this ipy is actually red underlined
2539
01:39:26,699 --> 01:39:28,620
which means that this Library does not
2540
01:39:28,620 --> 01:39:30,420
exist inside the default virtual
2541
01:39:30,420 --> 01:39:33,120
environment and we already talked about
2542
01:39:33,120 --> 01:39:35,460
this before you need to actually pip3
2543
01:39:35,460 --> 01:39:37,320
install it inside of this virtual
2544
01:39:37,320 --> 01:39:38,900
environment so let's do that right away
2545
01:39:38,900 --> 01:39:42,239
using our terminal make sure that you're
2546
01:39:42,239 --> 01:39:44,760
using terminal inside of the pycharm and
2547
01:39:44,760 --> 01:39:49,380
simply just type pip3 install ipy
2548
01:39:50,239 --> 01:39:53,280
it will install the library for you and
2549
01:39:53,280 --> 01:39:55,260
as soon as it is finished you should no
2550
01:39:55,260 --> 01:39:57,960
longer have this red underlined all
2551
01:39:57,960 --> 01:40:01,100
right so let's see
2552
01:40:01,739 --> 01:40:04,320
here it is it is gone now and now we
2553
01:40:04,320 --> 01:40:06,179
have all of the libraries needed to
2554
01:40:06,179 --> 01:40:08,699
complete our project all right so let's
2555
01:40:08,699 --> 01:40:10,320
go back to our main part of the program
2556
01:40:10,320 --> 01:40:13,020
we imported our Port scanner and now
2557
01:40:13,020 --> 01:40:14,639
let's think about all of the things that
2558
01:40:14,639 --> 01:40:16,139
we need in order to complete this
2559
01:40:16,139 --> 01:40:18,900
project so first of all of course we
2560
01:40:18,900 --> 01:40:20,760
need the target if we are going to scan
2561
01:40:20,760 --> 01:40:22,679
so we want to prompt the user of this
2562
01:40:22,679 --> 01:40:25,440
program for the target's IP address so
2563
01:40:25,440 --> 01:40:28,920
let's call it targets IP equals input
2564
01:40:28,920 --> 01:40:31,620
and we're going to actually ask the user
2565
01:40:31,620 --> 01:40:33,900
for the input of this
2566
01:40:33,900 --> 01:40:37,020
so let's type it like this and then we
2567
01:40:37,020 --> 01:40:42,120
can add a star sign enter Target to scan
2568
01:40:42,120 --> 01:40:46,020
for vulnerable open ports
2569
01:40:46,020 --> 01:40:49,080
okay so this will be the target's IP
2570
01:40:49,080 --> 01:40:51,060
once again we also want to make sure
2571
01:40:51,060 --> 01:40:53,460
that this can be both IP address and the
2572
01:40:53,460 --> 01:40:55,380
actual domain name but we don't need to
2573
01:40:55,380 --> 01:40:57,179
worry about that as that part of the
2574
01:40:57,179 --> 01:40:59,760
code is already located inside of our
2575
01:40:59,760 --> 01:41:02,699
Port scanner that we imported so no need
2576
01:41:02,699 --> 01:41:05,159
to code it once again let's just go to
2577
01:41:05,159 --> 01:41:07,500
the next line and also let's ask for the
2578
01:41:07,500 --> 01:41:09,659
user for the number of ports that they
2579
01:41:09,659 --> 01:41:12,360
want to scan now we didn't use it in our
2580
01:41:12,360 --> 01:41:14,580
Port scanner so why not use it right
2581
01:41:14,580 --> 01:41:16,440
here let's say they want to scan 100
2582
01:41:16,440 --> 01:41:18,659
ports and a different user wants to scan
2583
01:41:18,659 --> 01:41:21,420
200 ports let's add that as an available
2584
01:41:21,420 --> 01:41:24,480
option as well so port number
2585
01:41:24,480 --> 01:41:27,780
will be equal to the input
2586
01:41:27,780 --> 01:41:30,540
and in the second line we prompt the
2587
01:41:30,540 --> 01:41:33,679
user for the amount
2588
01:41:34,020 --> 01:41:36,900
of ports
2589
01:41:36,900 --> 01:41:38,820
you want
2590
01:41:38,820 --> 01:41:40,619
scan
2591
01:41:40,619 --> 01:41:42,780
and let's also notify them inside of the
2592
01:41:42,780 --> 01:41:45,060
brackets that 500 will mean
2593
01:41:45,060 --> 01:41:49,500
first 500 ports okay so in case they get
2594
01:41:49,500 --> 01:41:51,719
confused they know what they need to
2595
01:41:51,719 --> 01:41:54,659
specify all right now another important
2596
01:41:54,659 --> 01:41:56,340
thing that we need to do about this line
2597
01:41:56,340 --> 01:41:58,440
is we need to make sure that this port
2598
01:41:58,440 --> 01:42:01,380
number is an integer value for example
2599
01:42:01,380 --> 01:42:04,260
if the user specifies number 100 it will
2600
01:42:04,260 --> 01:42:06,420
be stored inside of this port number but
2601
01:42:06,420 --> 01:42:08,820
it will be stored as a string and not as
2602
01:42:08,820 --> 01:42:10,980
an integer therefore we need to wrap
2603
01:42:10,980 --> 01:42:13,219
this entire part
2604
01:42:13,219 --> 01:42:16,199
inside of an integer function and this
2605
01:42:16,199 --> 01:42:18,000
integer function simply just converts
2606
01:42:18,000 --> 01:42:20,400
whatever is inside of the brackets into
2607
01:42:20,400 --> 01:42:22,020
an integer value
2608
01:42:22,020 --> 01:42:24,300
keep in mind that you will get an error
2609
01:42:24,300 --> 01:42:26,820
in case the actual user of this program
2610
01:42:26,820 --> 01:42:29,520
specifies a string for example they type
2611
01:42:29,520 --> 01:42:32,639
the word tree well that word will not
2612
01:42:32,639 --> 01:42:34,860
get converted to an integer because that
2613
01:42:34,860 --> 01:42:36,840
is not possible therefore this will only
2614
01:42:36,840 --> 01:42:39,600
work if the user specifies the actual
2615
01:42:39,600 --> 01:42:42,300
number which should be the case as we
2616
01:42:42,300 --> 01:42:44,219
are indeed asking for a number therefore
2617
01:42:44,219 --> 01:42:46,860
we want to convert it to integer so our
2618
01:42:46,860 --> 01:42:49,380
program can continue executing alright
2619
01:42:49,380 --> 01:42:51,000
so now that we got these two things out
2620
01:42:51,000 --> 01:42:53,159
of the way there is a third and last
2621
01:42:53,159 --> 01:42:54,900
thing that we need to ask the user
2622
01:42:54,900 --> 01:42:56,580
before we actually start running the
2623
01:42:56,580 --> 01:42:58,560
main part of the program and that is
2624
01:42:58,560 --> 01:43:01,139
going to be the actual file from which
2625
01:43:01,139 --> 01:43:03,360
we're going to read vulnerable softwares
2626
01:43:03,360 --> 01:43:05,940
so for this program to run we need a
2627
01:43:05,940 --> 01:43:08,100
file as I mentioned at the beginning of
2628
01:43:08,100 --> 01:43:09,780
this section we need a file that is
2629
01:43:09,780 --> 01:43:11,940
going to store vulnerable software names
2630
01:43:11,940 --> 01:43:14,340
that then we're going to compare with
2631
01:43:14,340 --> 01:43:16,679
the softwares running on open ports so
2632
01:43:16,679 --> 01:43:18,420
we're going to call that
2633
01:43:18,420 --> 01:43:22,619
for example wool underscore file and it
2634
01:43:22,619 --> 01:43:24,060
will be equal
2635
01:43:24,060 --> 01:43:27,199
to the input
2636
01:43:30,239 --> 01:43:33,540
oops let's add the double quotes
2637
01:43:33,540 --> 01:43:36,659
so to the input
2638
01:43:36,659 --> 01:43:39,179
and then we prompt the user enter path
2639
01:43:39,179 --> 01:43:42,199
to the file
2640
01:43:42,480 --> 01:43:45,679
with vulnerable
2641
01:43:46,380 --> 01:43:48,420
softwares
2642
01:43:48,420 --> 01:43:50,460
okay so now that we finished everything
2643
01:43:50,460 --> 01:43:52,860
these are three things that we need in
2644
01:43:52,860 --> 01:43:54,480
order to run this program
2645
01:43:54,480 --> 01:43:56,880
let's print also the new line character
2646
01:43:56,880 --> 01:43:59,600
so right after this
2647
01:43:59,600 --> 01:44:03,540
we can have a little bit better View and
2648
01:44:03,540 --> 01:44:05,760
now we want to use the port scanner onto
2649
01:44:05,760 --> 01:44:08,100
our program all right so we're simply
2650
01:44:08,100 --> 01:44:09,659
just going to call the function Port
2651
01:44:09,659 --> 01:44:10,860
scanner
2652
01:44:10,860 --> 01:44:13,800
dot scan
2653
01:44:13,800 --> 01:44:17,040
onto the targets IP
2654
01:44:17,040 --> 01:44:18,659
okay now
2655
01:44:18,659 --> 01:44:20,820
if you think about this a little bit you
2656
01:44:20,820 --> 01:44:22,500
will notice that this will not actually
2657
01:44:22,500 --> 01:44:25,440
work now why this will not work well
2658
01:44:25,440 --> 01:44:27,360
there are a few problems with our Port
2659
01:44:27,360 --> 01:44:30,540
scanner not with the port scanner itself
2660
01:44:30,540 --> 01:44:33,179
but with the way that we imported it and
2661
01:44:33,179 --> 01:44:34,800
that we are going to use it inside of
2662
01:44:34,800 --> 01:44:37,260
our vulnerability scanner so first of
2663
01:44:37,260 --> 01:44:39,360
all we got a problem with this port
2664
01:44:39,360 --> 01:44:41,460
number variable
2665
01:44:41,460 --> 01:44:44,100
we cannot really paste it into our scan
2666
01:44:44,100 --> 01:44:46,800
function as our scan function only takes
2667
01:44:46,800 --> 01:44:48,420
one parameter so that is the first
2668
01:44:48,420 --> 01:44:51,239
problem as we don't really have a way to
2669
01:44:51,239 --> 01:44:53,520
actually tell the port scanner that we
2670
01:44:53,520 --> 01:44:55,619
want to use this exact amount of ports
2671
01:44:55,619 --> 01:44:57,600
so that is the part that we also need to
2672
01:44:57,600 --> 01:44:59,880
edit inside of a report scanner
2673
01:44:59,880 --> 01:45:01,920
now another thing that we want to do is
2674
01:45:01,920 --> 01:45:04,139
we want to convert this entire actual
2675
01:45:04,139 --> 01:45:06,600
Port scanner into a class
2676
01:45:06,600 --> 01:45:08,580
and we also want to get rid of some of
2677
01:45:08,580 --> 01:45:10,380
the functions that we don't need
2678
01:45:10,380 --> 01:45:13,020
and also we want to get rid of this part
2679
01:45:13,020 --> 01:45:14,460
of the program
2680
01:45:14,460 --> 01:45:16,139
since there is a lot to do with this
2681
01:45:16,139 --> 01:45:17,580
port scanner we are going to leave that
2682
01:45:17,580 --> 01:45:19,440
for the next tutorial so in the next
2683
01:45:19,440 --> 01:45:21,179
tutorial we're going to cover this port
2684
01:45:21,179 --> 01:45:23,219
scanner and convert it to the best
2685
01:45:23,219 --> 01:45:25,199
possible way for us to use it inside of
2686
01:45:25,199 --> 01:45:27,179
our vulnerability scanner and then we're
2687
01:45:27,179 --> 01:45:29,820
going to continue from there alright so
2688
01:45:29,820 --> 01:45:32,100
for now we simply just prompted the user
2689
01:45:32,100 --> 01:45:34,380
for the needed things and in the next
2690
01:45:34,380 --> 01:45:35,760
video we're going to cover the port
2691
01:45:35,760 --> 01:45:38,280
scanner and how we can convert it the
2692
01:45:38,280 --> 01:45:39,719
best way possible
2693
01:45:39,719 --> 01:45:42,719
see you there and take care bye hello
2694
01:45:42,719 --> 01:45:44,580
everybody and welcome to this tutorial
2695
01:45:44,580 --> 01:45:46,619
and right now let's cover the port
2696
01:45:46,619 --> 01:45:48,840
scanner conversion to a class
2697
01:45:48,840 --> 01:45:51,060
all right so anyone who's actually
2698
01:45:51,060 --> 01:45:53,699
covered and learned python before knows
2699
01:45:53,699 --> 01:45:55,560
what classes are and knows why they are
2700
01:45:55,560 --> 01:45:58,500
important and in this case in our case
2701
01:45:58,500 --> 01:46:00,420
we want to make sure that we converted
2702
01:46:00,420 --> 01:46:03,119
class for the better usage inside of
2703
01:46:03,119 --> 01:46:05,520
this vulnerability scanner project
2704
01:46:05,520 --> 01:46:07,380
all right so first thing that we are
2705
01:46:07,380 --> 01:46:08,340
going to do
2706
01:46:08,340 --> 01:46:10,320
is we're going to create the class at
2707
01:46:10,320 --> 01:46:12,780
the top of this program we're going to
2708
01:46:12,780 --> 01:46:15,300
create it with the keyword class and
2709
01:46:15,300 --> 01:46:17,340
then we're going to call it let's say
2710
01:46:17,340 --> 01:46:20,119
port scan
2711
01:46:20,580 --> 01:46:23,159
open and close brackets and add two dots
2712
01:46:23,159 --> 01:46:24,920
and this is how we can create a class
2713
01:46:24,920 --> 01:46:27,360
now all of these functions that we have
2714
01:46:27,360 --> 01:46:29,520
below we want to make sure that they
2715
01:46:29,520 --> 01:46:32,179
belong to our port scan class
2716
01:46:32,179 --> 01:46:35,520
so what we can do is we can tap each and
2717
01:46:35,520 --> 01:46:37,619
every line so let's do it one by one
2718
01:46:37,619 --> 01:46:40,020
like this and you will see that some of
2719
01:46:40,020 --> 01:46:41,940
these actual keywords will start
2720
01:46:41,940 --> 01:46:44,580
changing colors as they start belonging
2721
01:46:44,580 --> 01:46:47,219
to our port scan class all right so
2722
01:46:47,219 --> 01:46:50,600
let's do it like this
2723
01:46:53,159 --> 01:46:56,100
all of it should be tapped once so let's
2724
01:46:56,100 --> 01:46:58,800
go like this and the scan port at the
2725
01:46:58,800 --> 01:47:00,920
end
2726
01:47:09,719 --> 01:47:13,139
okay so here it is now this part of the
2727
01:47:13,139 --> 01:47:14,699
program you might be asking what we're
2728
01:47:14,699 --> 01:47:16,860
going to do with this well in this case
2729
01:47:16,860 --> 01:47:18,960
we don't need it so we can simply just
2730
01:47:18,960 --> 01:47:20,520
delete that
2731
01:47:20,520 --> 01:47:23,520
all we need are our class with these
2732
01:47:23,520 --> 01:47:25,800
functions right here let me just create
2733
01:47:25,800 --> 01:47:27,780
space between each of these functions so
2734
01:47:27,780 --> 01:47:29,639
we can see each and every one of them a
2735
01:47:29,639 --> 01:47:32,639
little bit better and now let's see what
2736
01:47:32,639 --> 01:47:34,619
we need to do in order to get this to
2737
01:47:34,619 --> 01:47:37,080
work well first of all we are missing a
2738
01:47:37,080 --> 01:47:38,820
function that every class needs and that
2739
01:47:38,820 --> 01:47:41,580
is the init function this init function
2740
01:47:41,580 --> 01:47:43,920
will be coded at the top of the class so
2741
01:47:43,920 --> 01:47:46,739
right below the initiation of the class
2742
01:47:46,739 --> 01:47:48,420
itself we're going to type def
2743
01:47:48,420 --> 01:47:51,540
underscore underscore init underscore
2744
01:47:51,540 --> 01:47:52,739
underscore
2745
01:47:52,739 --> 01:47:55,320
all right and you will notice that by
2746
01:47:55,320 --> 01:47:57,600
default if I open and close brackets it
2747
01:47:57,600 --> 01:47:59,639
will add this self argument as a
2748
01:47:59,639 --> 01:48:02,219
parameter to this init function or init
2749
01:48:02,219 --> 01:48:04,739
method right here and this self-argument
2750
01:48:04,739 --> 01:48:07,080
basically means that it is belonging to
2751
01:48:07,080 --> 01:48:08,940
this class and what we're going to
2752
01:48:08,940 --> 01:48:11,639
Define inside of this init method is all
2753
01:48:11,639 --> 01:48:14,159
of the stuff well all of the parameters
2754
01:48:14,159 --> 01:48:16,619
that are going to define the object to
2755
01:48:16,619 --> 01:48:18,900
our class for example we want to define
2756
01:48:18,900 --> 01:48:21,300
the target parameter and the port number
2757
01:48:21,300 --> 01:48:24,119
parameter that is an actual attribute to
2758
01:48:24,119 --> 01:48:27,179
our class which defines our object all
2759
01:48:27,179 --> 01:48:30,119
right so next to the self argument we
2760
01:48:30,119 --> 01:48:32,639
need to define those two attributes so
2761
01:48:32,639 --> 01:48:34,800
the first one we can call Target
2762
01:48:34,800 --> 01:48:36,780
and the second one which is the new one
2763
01:48:36,780 --> 01:48:40,560
will be called Port underscore number
2764
01:48:40,560 --> 01:48:44,100
all right so simple as that and in order
2765
01:48:44,100 --> 01:48:45,780
to Define them inside of the init
2766
01:48:45,780 --> 01:48:48,239
function we simply just type self.target
2767
01:48:48,239 --> 01:48:51,900
will be equal to Target and self dot
2768
01:48:51,900 --> 01:48:53,280
port number
2769
01:48:53,280 --> 01:48:56,280
will be equal to port number
2770
01:48:56,280 --> 01:48:57,900
and this is just a python way to
2771
01:48:57,900 --> 01:49:00,000
actually Define them so nothing really
2772
01:49:00,000 --> 01:49:02,219
important there let me just delete this
2773
01:49:02,219 --> 01:49:04,199
empty space and now that we have our
2774
01:49:04,199 --> 01:49:07,020
init function we need to add this self
2775
01:49:07,020 --> 01:49:10,500
argument or self parameter to each and
2776
01:49:10,500 --> 01:49:12,420
every function that belongs to this
2777
01:49:12,420 --> 01:49:13,560
class
2778
01:49:13,560 --> 01:49:15,480
so we're simply just going to go right
2779
01:49:15,480 --> 01:49:18,480
here and type self
2780
01:49:18,480 --> 01:49:22,760
we're also going to type self right here
2781
01:49:25,320 --> 01:49:28,580
self right here
2782
01:49:29,880 --> 01:49:34,219
and South right here
2783
01:49:36,719 --> 01:49:39,239
and another very important thing that we
2784
01:49:39,239 --> 01:49:41,880
should consider is that we don't need
2785
01:49:41,880 --> 01:49:44,820
any of these other parameters outside of
2786
01:49:44,820 --> 01:49:46,440
the self parameter
2787
01:49:46,440 --> 01:49:49,560
and why is that well once you define
2788
01:49:49,560 --> 01:49:52,320
those attributes that we need inside of
2789
01:49:52,320 --> 01:49:54,060
this init method right here
2790
01:49:54,060 --> 01:49:56,219
we can access these variables throughout
2791
01:49:56,219 --> 01:49:59,219
each and every function in our class
2792
01:49:59,219 --> 01:50:01,380
so we don't need to paste them as
2793
01:50:01,380 --> 01:50:03,300
parameters let us just delete everything
2794
01:50:03,300 --> 01:50:05,880
but the cell parameter from each and
2795
01:50:05,880 --> 01:50:08,420
every class
2796
01:50:10,619 --> 01:50:14,060
and right here as well
2797
01:50:14,580 --> 01:50:16,560
make sure you do not delete it from the
2798
01:50:16,560 --> 01:50:19,199
init methods so let's leave it like this
2799
01:50:19,199 --> 01:50:21,239
so now that we fixed all of the methods
2800
01:50:21,239 --> 01:50:23,940
let's restructure our program a little
2801
01:50:23,940 --> 01:50:26,639
bit so I will start off with this scan
2802
01:50:26,639 --> 01:50:28,440
Port function
2803
01:50:28,440 --> 01:50:30,360
all right so what we're going to do with
2804
01:50:30,360 --> 01:50:32,580
this scan Port function besides it's
2805
01:50:32,580 --> 01:50:34,679
doing the usual stuff that it did inside
2806
01:50:34,679 --> 01:50:37,320
of our Port scanner uh project we're
2807
01:50:37,320 --> 01:50:40,800
going to add the converted IP
2808
01:50:40,800 --> 01:50:43,619
into the scan Port function instead of
2809
01:50:43,619 --> 01:50:45,239
the scan function
2810
01:50:45,239 --> 01:50:47,280
so we're going to delete it from the
2811
01:50:47,280 --> 01:50:51,179
scan function first let's go right here
2812
01:50:51,179 --> 01:50:53,639
we also are not interested into printing
2813
01:50:53,639 --> 01:50:55,800
anymore since printing we are going to
2814
01:50:55,800 --> 01:50:57,480
do in the main program which is going to
2815
01:50:57,480 --> 01:50:59,820
be the vulnerability scanner so our scan
2816
01:50:59,820 --> 01:51:01,739
function will be left with just these
2817
01:51:01,739 --> 01:51:03,659
two lines of code while the conversion
2818
01:51:03,659 --> 01:51:05,580
of the IP address will be moved right
2819
01:51:05,580 --> 01:51:07,739
here into the scan Port function
2820
01:51:07,739 --> 01:51:10,020
so we're going to call the check IP
2821
01:51:10,020 --> 01:51:12,440
function
2822
01:51:14,340 --> 01:51:16,920
and you will notice right away that some
2823
01:51:16,920 --> 01:51:19,139
of the stuff inside of our class is
2824
01:51:19,139 --> 01:51:21,600
actually red underlined and by some of
2825
01:51:21,600 --> 01:51:23,460
the stuff I mean a lot of things such as
2826
01:51:23,460 --> 01:51:25,619
for example these check IPS underlined
2827
01:51:25,619 --> 01:51:28,500
these two variables are underlined these
2828
01:51:28,500 --> 01:51:30,420
get Banner is underlined the port is
2829
01:51:30,420 --> 01:51:32,580
underlined so all this stuff are
2830
01:51:32,580 --> 01:51:34,860
underlined which means that they are not
2831
01:51:34,860 --> 01:51:38,100
recognized by the pie charm well why is
2832
01:51:38,100 --> 01:51:38,820
that
2833
01:51:38,820 --> 01:51:41,159
let's start off first with the functions
2834
01:51:41,159 --> 01:51:43,860
themselves as to why they are underlined
2835
01:51:43,860 --> 01:51:45,960
once you create a class you need to
2836
01:51:45,960 --> 01:51:47,820
actually rename those functions when you
2837
01:51:47,820 --> 01:51:49,920
call them inside of the class you need
2838
01:51:49,920 --> 01:51:52,679
to add the self argument before
2839
01:51:52,679 --> 01:51:55,860
so for example if I type self dot check
2840
01:51:55,860 --> 01:51:58,560
IP you will notice that it will no
2841
01:51:58,560 --> 01:52:00,960
longer be a red underlined and this will
2842
01:52:00,960 --> 01:52:03,719
get recognized by the pycharm this is
2843
01:52:03,719 --> 01:52:05,520
just a way to call different methods
2844
01:52:05,520 --> 01:52:07,860
from the class itself so the class can
2845
01:52:07,860 --> 01:52:10,800
recognize that this check IP belongs to
2846
01:52:10,800 --> 01:52:13,980
its own methods and therefore it knows
2847
01:52:13,980 --> 01:52:17,040
which actual method to call
2848
01:52:17,040 --> 01:52:19,199
same goes with this get Banner function
2849
01:52:19,199 --> 01:52:21,840
right here which we can simply just add
2850
01:52:21,840 --> 01:52:24,780
self.get banner and it will stop being
2851
01:52:24,780 --> 01:52:26,760
read underline
2852
01:52:26,760 --> 01:52:28,500
let's see whether we have another
2853
01:52:28,500 --> 01:52:30,719
function which is red underline here it
2854
01:52:30,719 --> 01:52:33,300
is scan Port if I simply just type self
2855
01:52:33,300 --> 01:52:36,920
Dot scanport
2856
01:52:37,380 --> 01:52:40,380
we can see it works successfully
2857
01:52:40,380 --> 01:52:42,239
now but what are we going to do with
2858
01:52:42,239 --> 01:52:44,520
these actual variables which are red
2859
01:52:44,520 --> 01:52:47,340
underlined well first of all we don't
2860
01:52:47,340 --> 01:52:49,380
really need this IP address variable
2861
01:52:49,380 --> 01:52:51,659
anymore as we are actually getting the
2862
01:52:51,659 --> 01:52:53,460
IP address from our main part of the
2863
01:52:53,460 --> 01:52:54,840
program which is going to be the
2864
01:52:54,840 --> 01:52:57,420
target's ipv variable right here and
2865
01:52:57,420 --> 01:52:58,860
then we're going to paste it into our
2866
01:52:58,860 --> 01:53:01,440
class which will then get stored inside
2867
01:53:01,440 --> 01:53:04,020
of the cell.target variable which then
2868
01:53:04,020 --> 01:53:06,719
we can use throughout our class so let's
2869
01:53:06,719 --> 01:53:09,000
change it everywhere we can first of all
2870
01:53:09,000 --> 01:53:11,400
we're going to change it in the check IP
2871
01:53:11,400 --> 01:53:14,159
method so we're no longer checking the
2872
01:53:14,159 --> 01:53:16,199
IP from the IP we're checking the
2873
01:53:16,199 --> 01:53:19,199
eyepiece from the self the Target and
2874
01:53:19,199 --> 01:53:21,000
make sure that throughout of this class
2875
01:53:21,000 --> 01:53:22,920
you also use the self-argument when
2876
01:53:22,920 --> 01:53:25,679
specifying the variable name so we're
2877
01:53:25,679 --> 01:53:28,020
trying the ipfunction from self.target
2878
01:53:28,020 --> 01:53:30,540
and in case it works we're returning
2879
01:53:30,540 --> 01:53:32,280
self.target
2880
01:53:32,280 --> 01:53:34,800
in case it doesn't work we want to
2881
01:53:34,800 --> 01:53:37,440
return the get host by name from the
2882
01:53:37,440 --> 01:53:40,080
cell.target once again keep in mind that
2883
01:53:40,080 --> 01:53:42,659
this will store the IP address from our
2884
01:53:42,659 --> 01:53:44,340
Target machine
2885
01:53:44,340 --> 01:53:47,340
goes right here to the scan Port we
2886
01:53:47,340 --> 01:53:49,260
don't really need this converted IP
2887
01:53:49,260 --> 01:53:52,320
anymore and why won't we need it well we
2888
01:53:52,320 --> 01:53:53,639
don't need it because as you can see
2889
01:53:53,639 --> 01:53:56,280
this scan Port function doesn't take the
2890
01:53:56,280 --> 01:53:57,960
IP address as a parameter anymore
2891
01:53:57,960 --> 01:54:00,719
therefore this is red underlined so we
2892
01:54:00,719 --> 01:54:02,760
can simply delete it
2893
01:54:02,760 --> 01:54:06,179
but what with this port number well we
2894
01:54:06,179 --> 01:54:08,040
actually need to send this port as a
2895
01:54:08,040 --> 01:54:10,440
parameter because we are inside this for
2896
01:54:10,440 --> 01:54:12,840
Loop therefore this port will change
2897
01:54:12,840 --> 01:54:15,360
through each iteration and we need to
2898
01:54:15,360 --> 01:54:18,000
specify to this method right here which
2899
01:54:18,000 --> 01:54:21,000
iteration is it currently at so we need
2900
01:54:21,000 --> 01:54:22,440
to send the port as an argument
2901
01:54:22,440 --> 01:54:24,540
therefore we're going to go to the scan
2902
01:54:24,540 --> 01:54:25,500
port
2903
01:54:25,500 --> 01:54:27,780
and next to the self we're going to add
2904
01:54:27,780 --> 01:54:30,360
Port as a parameter and you will see
2905
01:54:30,360 --> 01:54:33,540
right here at these three spots the red
2906
01:54:33,540 --> 01:54:36,420
underline will go away as this port now
2907
01:54:36,420 --> 01:54:39,480
exists in this program and the last part
2908
01:54:39,480 --> 01:54:41,940
which thread underlined is this IP
2909
01:54:41,940 --> 01:54:43,679
address right here
2910
01:54:43,679 --> 01:54:46,199
once again we don't really need this IP
2911
01:54:46,199 --> 01:54:49,380
address anymore we have self.target and
2912
01:54:49,380 --> 01:54:50,940
right here since at the beginning of
2913
01:54:50,940 --> 01:54:53,280
this try statement we converted the IP
2914
01:54:53,280 --> 01:54:55,500
we don't need to specify cell.target
2915
01:54:55,500 --> 01:54:58,820
right here we can specify converted IP
2916
01:54:58,820 --> 01:55:01,500
all right since this will be the IP
2917
01:55:01,500 --> 01:55:03,540
address whether the target was specified
2918
01:55:03,540 --> 01:55:06,540
as a domain or simply as an IP address
2919
01:55:06,540 --> 01:55:08,100
all right
2920
01:55:08,100 --> 01:55:09,840
another thing that we want to make sure
2921
01:55:09,840 --> 01:55:11,820
is that we don't have unnecessary
2922
01:55:11,820 --> 01:55:14,100
functions that can be put inside of a
2923
01:55:14,100 --> 01:55:16,139
different functions for example this get
2924
01:55:16,139 --> 01:55:18,600
Banner can also be put inside of this
2925
01:55:18,600 --> 01:55:21,000
scan Port function therefore we don't
2926
01:55:21,000 --> 01:55:23,880
really need this method right here
2927
01:55:23,880 --> 01:55:26,159
so we can simply just delete the get
2928
01:55:26,159 --> 01:55:28,380
Banner
2929
01:55:28,380 --> 01:55:31,619
and we can put it right here
2930
01:55:31,619 --> 01:55:33,960
as you will see this will get flagged as
2931
01:55:33,960 --> 01:55:35,840
get Banner doesn't exist anymore
2932
01:55:35,840 --> 01:55:38,400
therefore instead of trying to call this
2933
01:55:38,400 --> 01:55:40,500
function what we're going to do
2934
01:55:40,500 --> 01:55:42,119
is we're going to write the get better
2935
01:55:42,119 --> 01:55:46,500
function code instead right here so suck
2936
01:55:46,500 --> 01:55:49,080
dot receive
2937
01:55:49,080 --> 01:55:52,800
we want to receive 1024 bytes
2938
01:55:52,800 --> 01:55:54,600
and we're simply just using the sock
2939
01:55:54,600 --> 01:55:57,119
object that we created right here so no
2940
01:55:57,119 --> 01:55:59,400
worries about that we don't need to name
2941
01:55:59,400 --> 01:56:01,860
it anything differently we also want to
2942
01:56:01,860 --> 01:56:05,060
decode the response
2943
01:56:05,880 --> 01:56:07,679
and the reason why we're decoding the
2944
01:56:07,679 --> 01:56:09,960
response is so we didn't really have to
2945
01:56:09,960 --> 01:56:12,659
do it later on right here
2946
01:56:12,659 --> 01:56:15,179
so once we decode the response we then
2947
01:56:15,179 --> 01:56:17,460
want to strip it
2948
01:56:17,460 --> 01:56:19,860
from any unnecessary characters such as
2949
01:56:19,860 --> 01:56:22,260
for example backslash n and also we want
2950
01:56:22,260 --> 01:56:25,820
to strip it from backslash r
2951
01:56:26,340 --> 01:56:28,260
and the reason why we are performing
2952
01:56:28,260 --> 01:56:29,659
this stripping part
2953
01:56:29,659 --> 01:56:32,400
is because especially in this program
2954
01:56:32,400 --> 01:56:34,380
right here in our vulnerability scanner
2955
01:56:34,380 --> 01:56:36,600
it is important to strip everything that
2956
01:56:36,600 --> 01:56:39,119
we don't need from the response as this
2957
01:56:39,119 --> 01:56:40,920
Banner variable will store the most
2958
01:56:40,920 --> 01:56:42,840
important and crucial part to our
2959
01:56:42,840 --> 01:56:45,179
vulnerability scanner as inside of this
2960
01:56:45,179 --> 01:56:46,860
program we are going to compare this
2961
01:56:46,860 --> 01:56:50,699
Bender variable with the actual content
2962
01:56:50,699 --> 01:56:53,100
from this vulnerability file in order if
2963
01:56:53,100 --> 01:56:55,560
they match so for example if we have the
2964
01:56:55,560 --> 01:56:57,719
same Banner in a vulnerability file and
2965
01:56:57,719 --> 01:56:59,760
the same Banner gets retrieved into this
2966
01:56:59,760 --> 01:57:02,100
variable and imagine that we do not
2967
01:57:02,100 --> 01:57:04,440
strip these actual characters from it
2968
01:57:04,440 --> 01:57:06,659
well our program will not really find
2969
01:57:06,659 --> 01:57:09,000
the match as they will be different only
2970
01:57:09,000 --> 01:57:10,800
by this character
2971
01:57:10,800 --> 01:57:12,780
so that's why we're stripping it as the
2972
01:57:12,780 --> 01:57:14,940
new line character is not important to
2973
01:57:14,940 --> 01:57:18,800
us all right so simple as that
2974
01:57:18,800 --> 01:57:21,960
the next thing we actually don't need is
2975
01:57:21,960 --> 01:57:23,699
these print statements right here we
2976
01:57:23,699 --> 01:57:26,219
needed them inside of our Port scanner
2977
01:57:26,219 --> 01:57:27,540
project but we don't need them anymore
2978
01:57:27,540 --> 01:57:29,340
as we are not really interested in
2979
01:57:29,340 --> 01:57:31,020
printing which ports are closed and
2980
01:57:31,020 --> 01:57:32,880
which ports are open
2981
01:57:32,880 --> 01:57:35,880
since this is not a port scanner
2982
01:57:35,880 --> 01:57:38,219
but however there is another problem
2983
01:57:38,219 --> 01:57:41,460
that will occur and that is that this
2984
01:57:41,460 --> 01:57:44,400
Banner can only store one Banner at a
2985
01:57:44,400 --> 01:57:45,420
time
2986
01:57:45,420 --> 01:57:47,760
but we need to retrieve multiple banners
2987
01:57:47,760 --> 01:57:50,159
if we find multiple ports open on the
2988
01:57:50,159 --> 01:57:51,840
targets and if we also manage to
2989
01:57:51,840 --> 01:57:53,460
retrieve multiple bandits from those
2990
01:57:53,460 --> 01:57:54,719
open ports
2991
01:57:54,719 --> 01:57:56,639
so we will need to store multiple
2992
01:57:56,639 --> 01:57:59,340
banners and not just one so how can we
2993
01:57:59,340 --> 01:58:01,260
fix that well
2994
01:58:01,260 --> 01:58:03,360
we can actually easily fix that we can
2995
01:58:03,360 --> 01:58:04,619
simply just add
2996
01:58:04,619 --> 01:58:07,199
a list which will be at the beginning of
2997
01:58:07,199 --> 01:58:09,360
our class right here we're going to call
2998
01:58:09,360 --> 01:58:11,520
it banners and in order to define a list
2999
01:58:11,520 --> 01:58:13,619
we specify these square brackets right
3000
01:58:13,619 --> 01:58:15,900
here by specifying open and close square
3001
01:58:15,900 --> 01:58:18,119
brackets we initiate that this Benders
3002
01:58:18,119 --> 01:58:20,580
list will be empty for now and then
3003
01:58:20,580 --> 01:58:22,380
every time we actually manage to
3004
01:58:22,380 --> 01:58:24,659
retrieve the banner right here
3005
01:58:24,659 --> 01:58:27,540
with this line we can then right after
3006
01:58:27,540 --> 01:58:30,480
it below append
3007
01:58:30,480 --> 01:58:33,599
the actual Banner to the banners list
3008
01:58:33,599 --> 01:58:35,940
just like this and you will notice that
3009
01:58:35,940 --> 01:58:38,340
this Banner is that these banners is red
3010
01:58:38,340 --> 01:58:40,080
underlined that means that we need to
3011
01:58:40,080 --> 01:58:43,560
add the self dot banners argument right
3012
01:58:43,560 --> 01:58:46,560
here and everything will work correctly
3013
01:58:46,560 --> 01:58:48,840
and in case we don't manage to retrieve
3014
01:58:48,840 --> 01:58:50,580
the banner we're simply just going to
3015
01:58:50,580 --> 01:58:54,480
pass for now all right and at the end we
3016
01:58:54,480 --> 01:58:56,099
can simply just close the connection
3017
01:58:56,099 --> 01:58:58,500
with sock.close
3018
01:58:58,500 --> 01:59:01,440
so simple as that let me see if
3019
01:59:01,440 --> 01:59:02,520
everything
3020
01:59:02,520 --> 01:59:05,340
is correct for now everything seems to
3021
01:59:05,340 --> 01:59:06,900
be good
3022
01:59:06,900 --> 01:59:09,900
our get check IP function is good our
3023
01:59:09,900 --> 01:59:11,580
scan is good
3024
01:59:11,580 --> 01:59:13,679
but don't worry
3025
01:59:13,679 --> 01:59:15,540
there is another thing that we actually
3026
01:59:15,540 --> 01:59:17,940
have to do which is going to be to
3027
01:59:17,940 --> 01:59:20,159
create another list which is going to be
3028
01:59:20,159 --> 01:59:23,940
the open ports list
3029
01:59:23,940 --> 01:59:25,800
now you might be asking why are we
3030
01:59:25,800 --> 01:59:27,540
actually doing this
3031
01:59:27,540 --> 01:59:29,639
and this is more easily showed than
3032
01:59:29,639 --> 01:59:31,560
explain but I will try to explain it
3033
01:59:31,560 --> 01:59:33,599
anyway right now and once we run the
3034
01:59:33,599 --> 01:59:35,099
program you will get it while we need
3035
01:59:35,099 --> 01:59:37,560
this open ports list for now on let me
3036
01:59:37,560 --> 01:59:40,020
just try to explain it well once we
3037
01:59:40,020 --> 01:59:41,940
actually created this class right here
3038
01:59:41,940 --> 01:59:44,460
with these three methods you notice that
3039
01:59:44,460 --> 01:59:46,500
we also had to create this banners list
3040
01:59:46,500 --> 01:59:48,659
right here in order to store multiple
3041
01:59:48,659 --> 01:59:49,860
banners
3042
01:59:49,860 --> 01:59:51,599
once you actually get to actually
3043
01:59:51,599 --> 01:59:54,179
printing those banners and open ports
3044
01:59:54,179 --> 01:59:56,400
into our vulnerability scanner we want
3045
01:59:56,400 --> 01:59:58,860
to make sure that each open port will
3046
01:59:58,860 --> 02:00:01,199
match to each banner and since we
3047
02:00:01,199 --> 02:00:03,480
removed all of the print statements we
3048
02:00:03,480 --> 02:00:05,699
cannot really print open port one by one
3049
02:00:05,699 --> 02:00:08,340
we have to store all of the open ports
3050
02:00:08,340 --> 02:00:09,900
somewhere and all of the banners
3051
02:00:09,900 --> 02:00:12,119
somewhere and then we have to print them
3052
02:00:12,119 --> 02:00:15,360
each element one by one that's why we
3053
02:00:15,360 --> 02:00:17,880
also need the open port list that we
3054
02:00:17,880 --> 02:00:20,159
created right here and after each time
3055
02:00:20,159 --> 02:00:22,199
we managed to connect to a port we will
3056
02:00:22,199 --> 02:00:25,260
add that port to the open ports list so
3057
02:00:25,260 --> 02:00:28,560
self dot open ports and then dot append
3058
02:00:28,560 --> 02:00:30,420
the same way we are adding the banners
3059
02:00:30,420 --> 02:00:33,119
we're also going to add open ports and
3060
02:00:33,119 --> 02:00:34,800
we're simply just going to specify right
3061
02:00:34,800 --> 02:00:37,080
here Port all right
3062
02:00:37,080 --> 02:00:41,639
now that is not the end of our problems
3063
02:00:41,639 --> 02:00:43,739
you will notice once we actually had
3064
02:00:43,739 --> 02:00:46,800
Port scanner projects that we had more
3065
02:00:46,800 --> 02:00:49,560
open ports than more panels retrieved
3066
02:00:49,560 --> 02:00:51,659
for example some of the ports that were
3067
02:00:51,659 --> 02:00:54,239
open and that we tagged as open weren't
3068
02:00:54,239 --> 02:00:56,940
sending us any Banner therefore we just
3069
02:00:56,940 --> 02:00:59,820
didn't have Banner for that open port
3070
02:00:59,820 --> 02:01:01,500
and that could present us a problem
3071
02:01:01,500 --> 02:01:04,739
because if we have 10 open ports for
3072
02:01:04,739 --> 02:01:06,780
example and we retrieve only three
3073
02:01:06,780 --> 02:01:09,840
banners then in one list which will be
3074
02:01:09,840 --> 02:01:11,639
the open ports list we will have 10
3075
02:01:11,639 --> 02:01:14,159
elements or 10 ports and in the banners
3076
02:01:14,159 --> 02:01:16,980
list we will have three elements and
3077
02:01:16,980 --> 02:01:18,659
therefore once we want to print each
3078
02:01:18,659 --> 02:01:21,239
element one by one for example the
3079
02:01:21,239 --> 02:01:23,820
element one from the open ports should
3080
02:01:23,820 --> 02:01:26,219
correspond to the element 1 from banners
3081
02:01:26,219 --> 02:01:29,219
and so on and so on it will get confused
3082
02:01:29,219 --> 02:01:31,500
in some of the open ports which don't
3083
02:01:31,500 --> 02:01:33,960
have banners will get banners and it
3084
02:01:33,960 --> 02:01:36,540
will all get mixed up and it will not be
3085
02:01:36,540 --> 02:01:38,760
correct therefore we want to make sure
3086
02:01:38,760 --> 02:01:40,980
that the open port list has the exact
3087
02:01:40,980 --> 02:01:43,619
same amount of elements as the Banner's
3088
02:01:43,619 --> 02:01:47,520
list has so each element can respond to
3089
02:01:47,520 --> 02:01:50,460
each element from the different list
3090
02:01:50,460 --> 02:01:52,500
how can we do that since we are
3091
02:01:52,500 --> 02:01:54,060
obviously going to have less banners
3092
02:01:54,060 --> 02:01:56,460
than open ports well we can fix that
3093
02:01:56,460 --> 02:01:58,800
just by instead of the pass statement
3094
02:01:58,800 --> 02:02:01,139
right here under the accept we can also
3095
02:02:01,139 --> 02:02:03,360
pen to the banners list
3096
02:02:03,360 --> 02:02:05,760
so for each open port we're going to
3097
02:02:05,760 --> 02:02:08,699
append anyway even if it manages to
3098
02:02:08,699 --> 02:02:10,320
retrieve the banner we are going to
3099
02:02:10,320 --> 02:02:12,119
append and if it doesn't manage to
3100
02:02:12,119 --> 02:02:13,920
retrieve the banner we're also going to
3101
02:02:13,920 --> 02:02:17,760
append so self.banners dot append but in
3102
02:02:17,760 --> 02:02:19,139
this case we are simply just going to
3103
02:02:19,139 --> 02:02:21,719
append empty space we're not going to
3104
02:02:21,719 --> 02:02:24,540
append any string or anything else it
3105
02:02:24,540 --> 02:02:26,520
will simply just be there so an element
3106
02:02:26,520 --> 02:02:30,060
can get added to the banners list all
3107
02:02:30,060 --> 02:02:32,580
right so we simply change this so we can
3108
02:02:32,580 --> 02:02:34,920
have the same amount of elements in both
3109
02:02:34,920 --> 02:02:37,800
banners and open ports
3110
02:02:37,800 --> 02:02:39,780
and with this we successfully
3111
02:02:39,780 --> 02:02:42,599
transformed our Port scanner into an
3112
02:02:42,599 --> 02:02:44,580
actual class that we can use inside of
3113
02:02:44,580 --> 02:02:47,159
our vulnerability scanner project and in
3114
02:02:47,159 --> 02:02:49,260
the next video we're going to see how we
3115
02:02:49,260 --> 02:02:50,820
can call this class from our
3116
02:02:50,820 --> 02:02:53,460
vulnerability scanner okay so thank you
3117
02:02:53,460 --> 02:02:55,199
for watching this tutorial and I will
3118
02:02:55,199 --> 02:02:58,560
see you in the next one bye
3119
02:02:58,560 --> 02:03:01,320
welcome back everybody let's see now how
3120
02:03:01,320 --> 02:03:03,239
we can actually call our Port scanner
3121
02:03:03,239 --> 02:03:06,060
class into our vulnerability scanner
3122
02:03:06,060 --> 02:03:09,119
program all right so we have everything
3123
02:03:09,119 --> 02:03:11,280
ready right here we switched everything
3124
02:03:11,280 --> 02:03:13,860
that we needed to we also added some of
3125
02:03:13,860 --> 02:03:15,719
the lists some of the specific
3126
02:03:15,719 --> 02:03:18,239
attributes to this class we changed some
3127
02:03:18,239 --> 02:03:20,340
of the functions as well as deleted the
3128
02:03:20,340 --> 02:03:23,820
get Banner method from this class and we
3129
02:03:23,820 --> 02:03:25,800
also added the conversion of IP address
3130
02:03:25,800 --> 02:03:28,800
into the scan Port method all right
3131
02:03:28,800 --> 02:03:31,080
so now that what we need to do is we
3132
02:03:31,080 --> 02:03:32,760
need to see how we can create an object
3133
02:03:32,760 --> 02:03:34,800
that will belong to this class and how
3134
02:03:34,800 --> 02:03:36,179
we can use it inside of our
3135
02:03:36,179 --> 02:03:38,460
vulnerability scanner program
3136
02:03:38,460 --> 02:03:40,860
well right away I can tell you that this
3137
02:03:40,860 --> 02:03:42,840
will not work because with this we're
3138
02:03:42,840 --> 02:03:44,699
simply specifying the name of the file
3139
02:03:44,699 --> 02:03:48,239
that we imported and then the function
3140
02:03:48,239 --> 02:03:51,119
but this function no longer exists as a
3141
02:03:51,119 --> 02:03:52,500
separate function inside of the port
3142
02:03:52,500 --> 02:03:55,739
scanner that function is now the actual
3143
02:03:55,739 --> 02:03:58,679
method to the port scan class
3144
02:03:58,679 --> 02:04:00,840
so in order to actually call that we
3145
02:04:00,840 --> 02:04:02,580
first of all need to create an object
3146
02:04:02,580 --> 02:04:04,679
that will belong to that class
3147
02:04:04,679 --> 02:04:06,719
and we can simply call that object
3148
02:04:06,719 --> 02:04:09,420
Target so simple as that Target will be
3149
02:04:09,420 --> 02:04:12,119
our object and in order to initiate that
3150
02:04:12,119 --> 02:04:13,920
object to belong to the portskin class
3151
02:04:13,920 --> 02:04:16,260
we first of all need to specify the port
3152
02:04:16,260 --> 02:04:17,940
scanner which is the file that we are
3153
02:04:17,940 --> 02:04:20,219
using the class from and then the name
3154
02:04:20,219 --> 02:04:22,260
of the class itself
3155
02:04:22,260 --> 02:04:24,840
now you will notice that if I specify
3156
02:04:24,840 --> 02:04:27,540
the open and close brackets pycharm will
3157
02:04:27,540 --> 02:04:30,000
suggest right away that this port scan
3158
02:04:30,000 --> 02:04:33,179
class takes two parameters
3159
02:04:33,179 --> 02:04:35,460
the first parameter will be the target's
3160
02:04:35,460 --> 02:04:38,520
IP address and the number of ports that
3161
02:04:38,520 --> 02:04:40,139
we want to scan for the vulnerable
3162
02:04:40,139 --> 02:04:41,219
software
3163
02:04:41,219 --> 02:04:43,440
now why does it say these two parameters
3164
02:04:43,440 --> 02:04:45,659
well inside of our Port scanner class
3165
02:04:45,659 --> 02:04:47,280
you will notice that we have two
3166
02:04:47,280 --> 02:04:50,400
variables inside of our init method and
3167
02:04:50,400 --> 02:04:52,199
these two variables are exactly what we
3168
02:04:52,199 --> 02:04:54,900
need to specify to our object so we need
3169
02:04:54,900 --> 02:04:56,639
to know the target's IP address as well
3170
02:04:56,639 --> 02:04:59,400
as the number of ports so let's specify
3171
02:04:59,400 --> 02:05:01,500
that we already prompted to the user for
3172
02:05:01,500 --> 02:05:03,599
these two values therefore we can simply
3173
02:05:03,599 --> 02:05:06,540
just specify right here targets AP and
3174
02:05:06,540 --> 02:05:10,560
then comma port number all right and we
3175
02:05:10,560 --> 02:05:12,659
successfully created the object to our
3176
02:05:12,659 --> 02:05:14,159
port scan class
3177
02:05:14,159 --> 02:05:16,440
right now in order to initiate the scan
3178
02:05:16,440 --> 02:05:19,020
itself so we can scan for the open ports
3179
02:05:19,020 --> 02:05:20,520
and retrieve the Banners To those open
3180
02:05:20,520 --> 02:05:22,860
ports we need to initiate the method
3181
02:05:22,860 --> 02:05:24,300
from this class
3182
02:05:24,300 --> 02:05:26,340
and how do we do that we need to
3183
02:05:26,340 --> 02:05:29,219
initiate the method onto our object from
3184
02:05:29,219 --> 02:05:31,320
the port scanner class
3185
02:05:31,320 --> 02:05:33,300
so how can we do that but first of all
3186
02:05:33,300 --> 02:05:34,980
we need to check which method we need to
3187
02:05:34,980 --> 02:05:37,800
initiate and ideally we want to initiate
3188
02:05:37,800 --> 02:05:40,020
one method which will call all of the
3189
02:05:40,020 --> 02:05:42,360
other methods as well and in our case
3190
02:05:42,360 --> 02:05:45,239
that method would be this can function
3191
02:05:45,239 --> 02:05:48,179
as scan method called the scan Port
3192
02:05:48,179 --> 02:05:51,000
method and the scan Port method calls
3193
02:05:51,000 --> 02:05:53,340
the check IP method as well as checks
3194
02:05:53,340 --> 02:05:55,139
for the banners and adds them to the
3195
02:05:55,139 --> 02:05:55,980
list
3196
02:05:55,980 --> 02:05:59,159
so we need to type right here Target dot
3197
02:05:59,159 --> 02:06:00,960
scan
3198
02:06:00,960 --> 02:06:04,080
and simply we just these two lines we
3199
02:06:04,080 --> 02:06:06,599
perform the entire scan for open ports
3200
02:06:06,599 --> 02:06:10,139
and softwares on our Target's IP address
3201
02:06:10,139 --> 02:06:12,239
all we're left to do right now is
3202
02:06:12,239 --> 02:06:14,400
compare those banners that we retrieved
3203
02:06:14,400 --> 02:06:16,739
from the open ports with the banners
3204
02:06:16,739 --> 02:06:18,599
that we will have in a separate file
3205
02:06:18,599 --> 02:06:20,099
that we're just going that we're going
3206
02:06:20,099 --> 02:06:22,500
to create in just a second and if we
3207
02:06:22,500 --> 02:06:25,560
find a match that means that we found a
3208
02:06:25,560 --> 02:06:27,300
vulnerable software
3209
02:06:27,300 --> 02:06:30,239
all right so first of all we need to
3210
02:06:30,239 --> 02:06:32,280
perform something and that will be the
3211
02:06:32,280 --> 02:06:34,619
scanning of a Target and then we're
3212
02:06:34,619 --> 02:06:36,599
going to add two or three banners to the
3213
02:06:36,599 --> 02:06:38,460
actual txt file which then we're going
3214
02:06:38,460 --> 02:06:39,420
to use
3215
02:06:39,420 --> 02:06:41,280
well let me just show you it is easier
3216
02:06:41,280 --> 02:06:43,080
if I just show you first of all I will
3217
02:06:43,080 --> 02:06:45,659
enlarge this Zoom this in
3218
02:06:45,659 --> 02:06:47,699
and I will navigate to our pychon
3219
02:06:47,699 --> 02:06:49,739
projects as well as the port scanner
3220
02:06:49,739 --> 02:06:52,920
project and here if I simply just python
3221
02:06:52,920 --> 02:06:55,800
the port scanner.py
3222
02:06:55,800 --> 02:06:59,900
and let's say we test this website test
3223
02:06:59,900 --> 02:07:03,360
php.oneweb.com press your enter it will
3224
02:07:03,360 --> 02:07:05,099
scan for the open ports and we will
3225
02:07:05,099 --> 02:07:07,080
retrieve some banners from it
3226
02:07:07,080 --> 02:07:09,119
then we're going to copy these banners
3227
02:07:09,119 --> 02:07:11,940
and add them into a txt file which then
3228
02:07:11,940 --> 02:07:14,219
we will use inside of this program
3229
02:07:14,219 --> 02:07:16,320
so let's say we want to copy first two
3230
02:07:16,320 --> 02:07:18,540
banners all right we're just going to
3231
02:07:18,540 --> 02:07:21,420
wait for a few seconds for this scan to
3232
02:07:21,420 --> 02:07:24,179
finish and keep in mind we are using the
3233
02:07:24,179 --> 02:07:26,040
port scanner tool that we created so you
3234
02:07:26,040 --> 02:07:28,199
can see it can be sometimes useful
3235
02:07:28,199 --> 02:07:30,719
especially when you try to gather more
3236
02:07:30,719 --> 02:07:32,960
information about the targets machine
3237
02:07:32,960 --> 02:07:35,280
alright so here it is it has finished
3238
02:07:35,280 --> 02:07:38,400
now let's copy this
3239
02:07:38,400 --> 02:07:40,440
we don't need that IP address we're
3240
02:07:40,440 --> 02:07:42,360
going to copy this
3241
02:07:42,360 --> 02:07:44,940
then right here under the volt scanner
3242
02:07:44,940 --> 02:07:46,980
we're going to click on new but instead
3243
02:07:46,980 --> 02:07:48,719
of new python file we simply just want
3244
02:07:48,719 --> 02:07:50,880
to create new file it will be called
3245
02:07:50,880 --> 02:07:54,119
let's say Vol underscore file or no
3246
02:07:54,119 --> 02:07:55,500
let's not call it like the actual
3247
02:07:55,500 --> 02:07:59,880
variable uh wallbanners.txt
3248
02:07:59,880 --> 02:08:01,560
let's call it just like that and then
3249
02:08:01,560 --> 02:08:03,719
right here we're going to paste this as
3250
02:08:03,719 --> 02:08:05,219
a first Banner
3251
02:08:05,219 --> 02:08:07,679
and as a second Banner we are going to
3252
02:08:07,679 --> 02:08:09,000
paste
3253
02:08:09,000 --> 02:08:12,659
let's say this copy selection
3254
02:08:12,659 --> 02:08:15,900
and paste it right here all right so
3255
02:08:15,900 --> 02:08:19,619
here it is we got two banners ready
3256
02:08:19,619 --> 02:08:21,719
and now let's see if we managed to find
3257
02:08:21,719 --> 02:08:24,599
these two matches with our vulnerability
3258
02:08:24,599 --> 02:08:28,080
scanner okay so first of all what we
3259
02:08:28,080 --> 02:08:29,820
need to do in order to compare the
3260
02:08:29,820 --> 02:08:32,159
banners with the banners from the file
3261
02:08:32,159 --> 02:08:34,739
we need to open that file first so how
3262
02:08:34,739 --> 02:08:36,599
can we do that well in Python we do it
3263
02:08:36,599 --> 02:08:41,239
with this statement so with open
3264
02:08:41,340 --> 02:08:43,920
and then open and close brackets and
3265
02:08:43,920 --> 02:08:45,780
first parameter to this open function
3266
02:08:45,780 --> 02:08:48,060
would be the file name which is stored
3267
02:08:48,060 --> 02:08:50,760
inside of this wall file variable so
3268
02:08:50,760 --> 02:08:54,900
with open wall underscore file
3269
02:08:54,900 --> 02:08:56,699
and the second parameter would be how
3270
02:08:56,699 --> 02:08:58,380
you want to actually open it in our case
3271
02:08:58,380 --> 02:09:00,480
we want to open that file for reading so
3272
02:09:00,480 --> 02:09:02,520
we want to read from it you also have
3273
02:09:02,520 --> 02:09:04,320
the write and append option but in this
3274
02:09:04,320 --> 02:09:06,360
case we're going to open the file for
3275
02:09:06,360 --> 02:09:08,159
reading which we specified just by
3276
02:09:08,159 --> 02:09:10,860
simply typing smaller case r
3277
02:09:10,860 --> 02:09:13,020
and then we specify
3278
02:09:13,020 --> 02:09:15,719
as and then the name of the file object
3279
02:09:15,719 --> 02:09:18,060
as file let's call it like that so with
3280
02:09:18,060 --> 02:09:20,099
open vulnerability file for reading as
3281
02:09:20,099 --> 02:09:21,300
filed
3282
02:09:21,300 --> 02:09:24,420
then we need to perform the comparison
3283
02:09:24,420 --> 02:09:26,940
of these banners what we're going to do
3284
02:09:26,940 --> 02:09:28,920
first is we're going to add a count
3285
02:09:28,920 --> 02:09:32,159
variable which will be equal to 0 and
3286
02:09:32,159 --> 02:09:33,780
then we're going to take a look at all
3287
02:09:33,780 --> 02:09:35,699
of the banners that we gathered during
3288
02:09:35,699 --> 02:09:38,460
our scan all right so how can we do that
3289
02:09:38,460 --> 02:09:40,800
we can access those vendors by simply
3290
02:09:40,800 --> 02:09:44,460
typing Target dot banners
3291
02:09:44,460 --> 02:09:47,099
how can we do that well since we created
3292
02:09:47,099 --> 02:09:48,780
this object right here
3293
02:09:48,780 --> 02:09:51,540
this object besides these two variables
3294
02:09:51,540 --> 02:09:54,719
also has these two variables right here
3295
02:09:54,719 --> 02:09:57,239
or these two lists should I say so we
3296
02:09:57,239 --> 02:09:59,340
can also access them as well if we want
3297
02:09:59,340 --> 02:10:01,199
to using our object
3298
02:10:01,199 --> 02:10:04,260
so Target banners and what we want to do
3299
02:10:04,260 --> 02:10:06,659
with that is we want to iterate over it
3300
02:10:06,659 --> 02:10:08,340
so for Banner
3301
02:10:08,340 --> 02:10:12,000
in target.banners
3302
02:10:12,719 --> 02:10:14,639
we first of all want to navigate to the
3303
02:10:14,639 --> 02:10:16,980
beginning of our ball banners.txt file
3304
02:10:16,980 --> 02:10:20,400
and we can do that using file.seek zero
3305
02:10:20,400 --> 02:10:22,679
and the reason why we need this line is
3306
02:10:22,679 --> 02:10:25,080
because in case we remove this
3307
02:10:25,080 --> 02:10:27,960
it will only find the first result and
3308
02:10:27,960 --> 02:10:29,520
it will not manage to find the second
3309
02:10:29,520 --> 02:10:31,860
result because it will take the first
3310
02:10:31,860 --> 02:10:34,320
Banner then it will iterate over all of
3311
02:10:34,320 --> 02:10:36,540
the banners inside of this list and if
3312
02:10:36,540 --> 02:10:39,000
it finds it it will be stuck at the end
3313
02:10:39,000 --> 02:10:41,460
of the actual file and it will not get
3314
02:10:41,460 --> 02:10:43,380
back to read it from the beginning for
3315
02:10:43,380 --> 02:10:45,840
the next Banner it will just read it
3316
02:10:45,840 --> 02:10:47,820
from where it stopped that's why after
3317
02:10:47,820 --> 02:10:50,159
every Banner we need to actually seek to
3318
02:10:50,159 --> 02:10:52,320
the beginning of this file which we do
3319
02:10:52,320 --> 02:10:55,440
using file.seek zero zero means simply
3320
02:10:55,440 --> 02:10:57,540
return to the beginning and read all
3321
02:10:57,540 --> 02:10:59,699
over again
3322
02:10:59,699 --> 02:11:02,400
and now we need to iterate once again so
3323
02:11:02,400 --> 02:11:04,139
four line
3324
02:11:04,139 --> 02:11:07,920
in file.readlines
3325
02:11:08,520 --> 02:11:09,960
and you will notice that we actually
3326
02:11:09,960 --> 02:11:11,880
have two functions right here one is
3327
02:11:11,880 --> 02:11:14,880
read line and one is read lines if you
3328
02:11:14,880 --> 02:11:17,400
use Redline it will only read one
3329
02:11:17,400 --> 02:11:19,500
characters one by one so we don't really
3330
02:11:19,500 --> 02:11:21,599
want that we want to use read line so it
3331
02:11:21,599 --> 02:11:23,639
actually leads line by line
3332
02:11:23,639 --> 02:11:25,500
so let's just type it right here for
3333
02:11:25,500 --> 02:11:28,560
line in file dot read lines
3334
02:11:28,560 --> 02:11:30,480
and since this is a function we need to
3335
02:11:30,480 --> 02:11:33,239
open and close brackets
3336
02:11:33,239 --> 02:11:36,060
and now we can compare the banners if
3337
02:11:36,060 --> 02:11:38,460
line dot strip we want to strip it from
3338
02:11:38,460 --> 02:11:40,080
anything that might cause some problems
3339
02:11:40,080 --> 02:11:42,659
in matching these two banners and keep
3340
02:11:42,659 --> 02:11:44,520
in mind that this line is simply just
3341
02:11:44,520 --> 02:11:47,219
aligned from the dxt file for example it
3342
02:11:47,219 --> 02:11:50,040
can be this and then we need to compare
3343
02:11:50,040 --> 02:11:52,619
that with the banners from this list
3344
02:11:52,619 --> 02:11:55,739
right here so ifline.strip
3345
02:11:55,739 --> 02:11:57,719
in Banner
3346
02:11:57,719 --> 02:11:59,760
in Banner that we are currently reading
3347
02:11:59,760 --> 02:12:01,739
from this list
3348
02:12:01,739 --> 02:12:04,139
so if line.strips in better
3349
02:12:04,139 --> 02:12:06,599
and then here we want to print
3350
02:12:06,599 --> 02:12:08,940
let's print it like this
3351
02:12:08,940 --> 02:12:11,880
so open single quote
3352
02:12:11,880 --> 02:12:13,860
two exclamation marks and let's print in
3353
02:12:13,860 --> 02:12:18,360
capital letters for example vulnerable
3354
02:12:18,780 --> 02:12:20,940
Banner
3355
02:12:20,940 --> 02:12:22,260
and then
3356
02:12:22,260 --> 02:12:24,239
let's also add double quotes to our
3357
02:12:24,239 --> 02:12:26,639
actual string so we can add it between
3358
02:12:26,639 --> 02:12:30,659
the banner plus the banner itself Plus
3359
02:12:30,659 --> 02:12:33,239
and then single quotes double quotes at
3360
02:12:33,239 --> 02:12:36,060
the beginning and then on Port
3361
02:12:36,060 --> 02:12:40,040
and let's print it like this
3362
02:12:41,280 --> 02:12:44,639
plus the string
3363
02:12:44,639 --> 02:12:46,739
and here want to actually print the port
3364
02:12:46,739 --> 02:12:48,780
number corresponding to that specific
3365
02:12:48,780 --> 02:12:51,239
Banner so how can we do that
3366
02:12:51,239 --> 02:12:52,980
well that is why we need this count
3367
02:12:52,980 --> 02:12:55,380
variable since discount variable will
3368
02:12:55,380 --> 02:12:57,540
keep a track of each element that we'd
3369
02:12:57,540 --> 02:12:59,340
pass by by scanning each and every
3370
02:12:59,340 --> 02:13:01,619
Banner so each and every Banner will
3371
02:13:01,619 --> 02:13:04,320
correspond to the exact same number of
3372
02:13:04,320 --> 02:13:07,560
elements inside of this open ports list
3373
02:13:07,560 --> 02:13:09,900
right here so for example if the count
3374
02:13:09,900 --> 02:13:12,599
variable came to number three that means
3375
02:13:12,599 --> 02:13:14,579
we are scanning third banner and that
3376
02:13:14,579 --> 02:13:17,460
third Banner will be corresponding to
3377
02:13:17,460 --> 02:13:20,280
the third element of the open ports list
3378
02:13:20,280 --> 02:13:22,800
which will be the actual port number to
3379
02:13:22,800 --> 02:13:25,199
that specific better so in order to
3380
02:13:25,199 --> 02:13:27,300
access that list we need to type the
3381
02:13:27,300 --> 02:13:29,760
target object Dot
3382
02:13:29,760 --> 02:13:33,000
open ports we can access it the same way
3383
02:13:33,000 --> 02:13:35,099
that we access the banners so dot open
3384
02:13:35,099 --> 02:13:37,619
ports and here we need to specify which
3385
02:13:37,619 --> 02:13:39,179
element are we looking for and we
3386
02:13:39,179 --> 02:13:40,920
specify that in the square brackets
3387
02:13:40,920 --> 02:13:42,000
right here
3388
02:13:42,000 --> 02:13:46,079
so then we add right here count
3389
02:13:46,079 --> 02:13:48,900
so simple as that
3390
02:13:48,900 --> 02:13:52,079
for some reason we are getting these red
3391
02:13:52,079 --> 02:13:53,520
lines
3392
02:13:53,520 --> 02:13:56,540
in for example line dot strip port
3393
02:13:56,540 --> 02:13:59,520
scanner.port scan
3394
02:13:59,520 --> 02:14:02,840
and why is that
3395
02:14:03,239 --> 02:14:05,520
well let's just finish this
3396
02:14:05,520 --> 02:14:07,860
so we don't forget the last line which
3397
02:14:07,860 --> 02:14:09,659
will be to actually increase the count
3398
02:14:09,659 --> 02:14:12,000
variable by one and you need to keep in
3399
02:14:12,000 --> 02:14:13,560
mind where are you actually increasing
3400
02:14:13,560 --> 02:14:15,719
it inside of each Loop well you want to
3401
02:14:15,719 --> 02:14:17,520
increase it inside of this Loop but you
3402
02:14:17,520 --> 02:14:19,679
don't want to increase it inside of this
3403
02:14:19,679 --> 02:14:21,900
Loop so you want to increase it after
3404
02:14:21,900 --> 02:14:24,300
you pass every Banner you increase the
3405
02:14:24,300 --> 02:14:26,219
element by one because you proceed to
3406
02:14:26,219 --> 02:14:28,199
the next Banner in the list therefore we
3407
02:14:28,199 --> 02:14:31,320
want to increase it right here so count
3408
02:14:31,320 --> 02:14:35,060
plus equals 1.
3409
02:14:36,300 --> 02:14:38,579
okay so everything seems to be working
3410
02:14:38,579 --> 02:14:41,699
correctly we just seem to have bunch of
3411
02:14:41,699 --> 02:14:43,980
Errors right here but let's try to run
3412
02:14:43,980 --> 02:14:46,139
the program so we can see
3413
02:14:46,139 --> 02:14:48,360
what type of errors are those so we'll
3414
02:14:48,360 --> 02:14:50,040
scan Dot py
3415
02:14:50,040 --> 02:14:54,139
and it says right here invalid syntax
3416
02:14:54,139 --> 02:14:57,540
let's see where that is invalid syntax
3417
02:14:57,540 --> 02:14:59,820
inside of the profile
3418
02:14:59,820 --> 02:15:02,639
okay so we have a bracket extra so let's
3419
02:15:02,639 --> 02:15:06,800
delete this try it once again
3420
02:15:07,320 --> 02:15:09,719
oh no we actually do not have a bracket
3421
02:15:09,719 --> 02:15:11,520
extra
3422
02:15:11,520 --> 02:15:13,920
we're not even fixing the correct part
3423
02:15:13,920 --> 02:15:16,800
it is inside this wall file yeah we have
3424
02:15:16,800 --> 02:15:18,960
an extra square bracket right here so
3425
02:15:18,960 --> 02:15:21,060
let's delete that and if I run it once
3426
02:15:21,060 --> 02:15:21,840
again
3427
02:15:21,840 --> 02:15:24,239
I know we can notice that we no longer
3428
02:15:24,239 --> 02:15:26,940
have any errors so this extra bracket
3429
02:15:26,940 --> 02:15:29,159
right here created as the problem throat
3430
02:15:29,159 --> 02:15:31,260
the entire program so now that we fixed
3431
02:15:31,260 --> 02:15:34,020
it this should work enter Target to scan
3432
02:15:34,020 --> 02:15:36,719
for vulnerable open ports let's type
3433
02:15:36,719 --> 02:15:40,320
uh test php.1 web
3434
02:15:40,320 --> 02:15:41,699
.com
3435
02:15:41,699 --> 02:15:44,159
we want to scan for first 100 boards
3436
02:15:44,159 --> 02:15:46,020
because both of the vulnerable softwares
3437
02:15:46,020 --> 02:15:48,420
are located inside of the first 100
3438
02:15:48,420 --> 02:15:51,060
ports and we want to enter the path to
3439
02:15:51,060 --> 02:15:52,560
the file with vulnerable softwares while
3440
02:15:52,560 --> 02:15:54,780
in our case since the actual file is
3441
02:15:54,780 --> 02:15:56,579
inside the same directory as our program
3442
02:15:56,579 --> 02:15:58,920
we don't need to specify the path we can
3443
02:15:58,920 --> 02:16:01,260
simply just passify the file name but if
3444
02:16:01,260 --> 02:16:03,300
this file was in another directory you
3445
02:16:03,300 --> 02:16:04,980
would need to specify the full path to
3446
02:16:04,980 --> 02:16:06,420
the directory
3447
02:16:06,420 --> 02:16:10,440
in our case wallbanners.txt
3448
02:16:10,920 --> 02:16:13,560
press here enter and now we wait for it
3449
02:16:13,560 --> 02:16:15,840
to perform the scan first of the first
3450
02:16:15,840 --> 02:16:18,239
100 ports then it will go to this
3451
02:16:18,239 --> 02:16:20,520
iteration right here with opening of the
3452
02:16:20,520 --> 02:16:22,320
file and then comparing the banners and
3453
02:16:22,320 --> 02:16:24,540
if it manages to find the banner that
3454
02:16:24,540 --> 02:16:27,300
matches in both of the banners list and
3455
02:16:27,300 --> 02:16:30,119
the actual file that we open then it
3456
02:16:30,119 --> 02:16:31,739
will print native vulnerable software
3457
02:16:31,739 --> 02:16:34,558
has been found alright so let's see
3458
02:16:34,558 --> 02:16:36,780
right here it might take a few seconds
3459
02:16:36,780 --> 02:16:38,519
to finish
3460
02:16:38,519 --> 02:16:40,978
and here it is we found two vulnerable
3461
02:16:40,978 --> 02:16:42,599
banners as it prints right here
3462
02:16:42,599 --> 02:16:46,080
vulnerable Banner with this name right
3463
02:16:46,080 --> 02:16:49,439
here on Port 21 and vulnerable Banner
3464
02:16:49,439 --> 02:16:53,280
with this name on Port 22. alright so
3465
02:16:53,280 --> 02:16:55,799
good we managed to find vulnerable
3466
02:16:55,799 --> 02:16:57,959
banners and now we can simply just
3467
02:16:57,959 --> 02:17:00,898
proceed to exploit the target with these
3468
02:17:00,898 --> 02:17:04,799
two vulnerabilities all right so that
3469
02:17:04,799 --> 02:17:06,299
would be about it for this vulnerability
3470
02:17:06,299 --> 02:17:07,799
scanner as you can see it is not really
3471
02:17:07,799 --> 02:17:10,620
that big of a project it is mostly based
3472
02:17:10,620 --> 02:17:12,540
on our Port scanner we simply just
3473
02:17:12,540 --> 02:17:15,718
compare the actual banners from the file
3474
02:17:15,718 --> 02:17:18,420
and the scan itself and then we print it
3475
02:17:18,420 --> 02:17:21,780
out alright so once again this is
3476
02:17:21,780 --> 02:17:23,218
something that you can download from the
3477
02:17:23,218 --> 02:17:25,558
Internet or you can simply just create
3478
02:17:25,558 --> 02:17:28,080
it by yourself just by adding multiple
3479
02:17:28,080 --> 02:17:29,820
vulnerable banners to this list and then
3480
02:17:29,820 --> 02:17:32,218
creating your own list
3481
02:17:32,218 --> 02:17:35,040
and then you can use this program in
3482
02:17:35,040 --> 02:17:37,978
order to scan the Target in the next
3483
02:17:37,978 --> 02:17:39,959
video we are going to perform the recap
3484
02:17:39,959 --> 02:17:42,299
of this actual project we're going to
3485
02:17:42,299 --> 02:17:44,040
see once again how this program works
3486
02:17:44,040 --> 02:17:46,019
briefly explain it once again in case
3487
02:17:46,019 --> 02:17:47,218
there is something that you missed or
3488
02:17:47,218 --> 02:17:49,320
did not understand and then we are going
3489
02:17:49,320 --> 02:17:52,679
to proceed to our next project thank you
3490
02:17:52,679 --> 02:17:54,058
for watching and see you in the next
3491
02:17:54,058 --> 02:17:57,179
lecture bye welcome back let's perform a
3492
02:17:57,179 --> 02:18:00,058
recap on our vulnerability scanner all
3493
02:18:00,058 --> 02:18:01,978
right so let's go step by step so the
3494
02:18:01,978 --> 02:18:04,080
first thing that we did is we imported
3495
02:18:04,080 --> 02:18:06,718
our Port scanner that we coded in the
3496
02:18:06,718 --> 02:18:08,040
previous project
3497
02:18:08,040 --> 02:18:10,439
now in order for this port scanner to
3498
02:18:10,439 --> 02:18:11,638
work we perform some of the
3499
02:18:11,638 --> 02:18:14,099
modifications to the code Itself by
3500
02:18:14,099 --> 02:18:16,558
adding the actual port scan class which
3501
02:18:16,558 --> 02:18:18,359
will have these multiple methods and
3502
02:18:18,359 --> 02:18:20,580
each one of them will perform a separate
3503
02:18:20,580 --> 02:18:21,898
task
3504
02:18:21,898 --> 02:18:23,398
we also performed some little
3505
02:18:23,398 --> 02:18:25,859
modifications to the actual parameters
3506
02:18:25,859 --> 02:18:28,138
themselves and also deleted the get
3507
02:18:28,138 --> 02:18:30,660
Banner function and we put it inside of
3508
02:18:30,660 --> 02:18:33,120
the scan Port function we also removed
3509
02:18:33,120 --> 02:18:34,740
all the print statements as we do not
3510
02:18:34,740 --> 02:18:36,540
need them and we added two different
3511
02:18:36,540 --> 02:18:39,000
lists which is the banners list and the
3512
02:18:39,000 --> 02:18:41,340
open ports list in order to be able to
3513
02:18:41,340 --> 02:18:44,040
print the banners and open ports inside
3514
02:18:44,040 --> 02:18:47,280
of our vulnerability scanner after that
3515
02:18:47,280 --> 02:18:49,019
we then created these three variables
3516
02:18:49,019 --> 02:18:50,398
which will store all of the needed
3517
02:18:50,398 --> 02:18:52,260
information for our Port scanner to run
3518
02:18:52,260 --> 02:18:54,898
if we initiated an object right after it
3519
02:18:54,898 --> 02:18:56,939
which will belong to the class port scan
3520
02:18:56,939 --> 02:18:59,398
we then initiated the scan Itself by
3521
02:18:59,398 --> 02:19:01,019
calling the scan method from the port
3522
02:19:01,019 --> 02:19:02,340
scan class
3523
02:19:02,340 --> 02:19:04,799
after the scan has finished we now know
3524
02:19:04,799 --> 02:19:07,558
that after this line in our open ports
3525
02:19:07,558 --> 02:19:09,840
list right here and in our banners list
3526
02:19:09,840 --> 02:19:12,058
later here we have all of the results
3527
02:19:12,058 --> 02:19:13,320
ready
3528
02:19:13,320 --> 02:19:16,019
so then after the scan we open the file
3529
02:19:16,019 --> 02:19:18,299
which contains the vulnerable softwares
3530
02:19:18,299 --> 02:19:20,099
on an open port
3531
02:19:20,099 --> 02:19:22,439
as soon as we open the file we created
3532
02:19:22,439 --> 02:19:23,939
the count variable which is really
3533
02:19:23,939 --> 02:19:25,859
important in order to keep the track of
3534
02:19:25,859 --> 02:19:28,679
elements in the banners and open ports
3535
02:19:28,679 --> 02:19:29,519
as well
3536
02:19:29,519 --> 02:19:32,099
after every Banner that we scanned we
3537
02:19:32,099 --> 02:19:33,959
increase the count variable by 1 and
3538
02:19:33,959 --> 02:19:36,420
proceed to the next banner and then we
3539
02:19:36,420 --> 02:19:39,179
compare the line with the banner itself
3540
02:19:39,179 --> 02:19:41,218
and if there is any part that matches
3541
02:19:41,218 --> 02:19:43,799
with the banner we will print it as a
3542
02:19:43,799 --> 02:19:45,780
vulnerable Banner as well as specify
3543
02:19:45,780 --> 02:19:49,320
which Port this software is running on
3544
02:19:49,320 --> 02:19:52,920
all right so now that we recapped all of
3545
02:19:52,920 --> 02:19:54,960
the things that we did let's perform one
3546
02:19:54,960 --> 02:19:57,660
final test to see whether it works if I
3547
02:19:57,660 --> 02:19:58,859
clear this
3548
02:19:58,859 --> 02:20:03,420
Python 3 and then ballscan.py
3549
02:20:03,420 --> 02:20:05,460
let's perform the same test once again
3550
02:20:05,460 --> 02:20:08,720
mobile web.com
3551
02:20:08,760 --> 02:20:12,840
first 100 ports and wall banners
3552
02:20:12,840 --> 02:20:15,540
.txt now you might be asking the reason
3553
02:20:15,540 --> 02:20:17,880
why we are performing these Recaps after
3554
02:20:17,880 --> 02:20:20,040
every project well it is in case you
3555
02:20:20,040 --> 02:20:21,240
missed something or didn't understand
3556
02:20:21,240 --> 02:20:23,280
something so we just go over the code
3557
02:20:23,280 --> 02:20:27,240
one more time in short term and it will
3558
02:20:27,240 --> 02:20:28,800
also help you to remember everything
3559
02:20:28,800 --> 02:20:31,439
better and to fully understand the
3560
02:20:31,439 --> 02:20:34,380
program once it is fully coded and once
3561
02:20:34,380 --> 02:20:36,660
it is working as well as we can see we
3562
02:20:36,660 --> 02:20:38,399
got the exact same result as in the
3563
02:20:38,399 --> 02:20:39,960
previous video and we managed to find
3564
02:20:39,960 --> 02:20:42,420
both of the vulnerable banners which is
3565
02:20:42,420 --> 02:20:43,439
good
3566
02:20:43,439 --> 02:20:47,359
now if I try to for example scan my
3567
02:20:47,359 --> 02:20:49,680
router's IP address
3568
02:20:49,680 --> 02:20:51,300
100
3569
02:20:51,300 --> 02:20:54,359
world banners.txt
3570
02:20:54,359 --> 02:20:56,340
it will scan my router and you will see
3571
02:20:56,340 --> 02:20:58,319
it will not find any vulnerable
3572
02:20:58,319 --> 02:21:00,720
softwares as there is not any open port
3573
02:21:00,720 --> 02:21:03,180
on my router which is running one of
3574
02:21:03,180 --> 02:21:06,000
these two softwares all right so that
3575
02:21:06,000 --> 02:21:07,560
would be about it for this project I
3576
02:21:07,560 --> 02:21:09,540
hope you enjoyed it and in the next
3577
02:21:09,540 --> 02:21:11,520
video we're going to see how we can
3578
02:21:11,520 --> 02:21:13,380
still gain access to the Target machine
3579
02:21:13,380 --> 02:21:15,660
even if we don't find a vulnerable
3580
02:21:15,660 --> 02:21:17,760
software running on an open port and we
3581
02:21:17,760 --> 02:21:19,800
don't know how to exploit it we're going
3582
02:21:19,800 --> 02:21:21,300
to take a look at some of the different
3583
02:21:21,300 --> 02:21:23,819
things that we can do in order to enter
3584
02:21:23,819 --> 02:21:25,740
the targets machine such as for example
3585
02:21:25,740 --> 02:21:28,500
performing the SSH brute force and
3586
02:21:28,500 --> 02:21:31,500
gaining the SSH access to the Target
3587
02:21:31,500 --> 02:21:33,120
so we're going to see how we can do that
3588
02:21:33,120 --> 02:21:35,580
in our next project and after that many
3589
02:21:35,580 --> 02:21:37,140
more projects to go so thank you for
3590
02:21:37,140 --> 02:21:39,180
watching this tutorial and I will see
3591
02:21:39,180 --> 02:21:42,000
you in the next lecture bye hello
3592
02:21:42,000 --> 02:21:44,460
everyone and this is our bonus video for
3593
02:21:44,460 --> 02:21:47,580
the SSH Brute Force section and in this
3594
02:21:47,580 --> 02:21:49,140
video I will demonstrate how you can
3595
02:21:49,140 --> 02:21:51,479
install met exploitable as a virtual
3596
02:21:51,479 --> 02:21:52,620
machine
3597
02:21:52,620 --> 02:21:54,120
alright so there are a few things that
3598
02:21:54,120 --> 02:21:55,740
you need to do first of all you need to
3599
02:21:55,740 --> 02:21:57,720
open up your Google Chrome and type in
3600
02:21:57,720 --> 02:22:00,060
the metasploitable name inside of your
3601
02:22:00,060 --> 02:22:01,020
search bar
3602
02:22:01,020 --> 02:22:02,760
then you should navigate to the first
3603
02:22:02,760 --> 02:22:04,680
link which will be the sourceforce.net
3604
02:22:04,680 --> 02:22:07,680
metasploitable download click on it and
3605
02:22:07,680 --> 02:22:09,479
simply click on this green download
3606
02:22:09,479 --> 02:22:12,000
button it will start downloading this
3607
02:22:12,000 --> 02:22:14,520
ZIP file which is around 800 megabytes
3608
02:22:14,520 --> 02:22:17,460
large and once it has finished then you
3609
02:22:17,460 --> 02:22:19,620
can extract it to the desktop
3610
02:22:19,620 --> 02:22:21,780
or simply just move it to the desktop
3611
02:22:21,780 --> 02:22:25,280
create a new folder
3612
02:22:25,740 --> 02:22:27,359
call that folder for example
3613
02:22:27,359 --> 02:22:30,359
metasploitable
3614
02:22:30,960 --> 02:22:35,359
paste this ZIP file into that folder
3615
02:22:35,399 --> 02:22:37,800
then we want to extract all of the files
3616
02:22:37,800 --> 02:22:41,280
inside of this folder that we created
3617
02:22:41,280 --> 02:22:43,140
now this will take a few seconds to
3618
02:22:43,140 --> 02:22:45,560
finish and we should receive the
3619
02:22:45,560 --> 02:22:47,819
metasploitable.vmdk file which then we
3620
02:22:47,819 --> 02:22:49,740
will use in order to create our virtual
3621
02:22:49,740 --> 02:22:51,479
machine with all the vulnerable
3622
02:22:51,479 --> 02:22:53,819
softwares now the only thing we need
3623
02:22:53,819 --> 02:22:55,859
from this virtual machine is the SSH
3624
02:22:55,859 --> 02:22:58,920
client so once again if you have any SSH
3625
02:22:58,920 --> 02:23:01,380
service running on any other machine you
3626
02:23:01,380 --> 02:23:02,640
don't really need to do this you can
3627
02:23:02,640 --> 02:23:05,460
perform the SSH brute force on any SSH
3628
02:23:05,460 --> 02:23:08,220
machine that you managed to find and of
3629
02:23:08,220 --> 02:23:09,660
course that you have the permission to
3630
02:23:09,660 --> 02:23:12,899
test on alright so this is fist we got
3631
02:23:12,899 --> 02:23:15,180
this file right here and you will see a
3632
02:23:15,180 --> 02:23:16,620
couple of files in which we are
3633
02:23:16,620 --> 02:23:18,600
interested in this metasploitable file
3634
02:23:18,600 --> 02:23:22,260
which is dot vmdk it is the size of 1.79
3635
02:23:22,260 --> 02:23:25,319
gigabytes and right now we need to open
3636
02:23:25,319 --> 02:23:27,000
up our virtualbox
3637
02:23:27,000 --> 02:23:29,640
click on new
3638
02:23:29,640 --> 02:23:31,920
put in a name for your virtual machine
3639
02:23:31,920 --> 02:23:35,340
for example let's call it Metasploit
3640
02:23:35,340 --> 02:23:37,620
and make sure that under the type you
3641
02:23:37,620 --> 02:23:39,780
set Linux and under the version you set
3642
02:23:39,780 --> 02:23:42,840
all the way down other Linux 64-bit
3643
02:23:42,840 --> 02:23:44,540
click on next
3644
02:23:44,540 --> 02:23:47,100
512 megabytes is more than enough for
3645
02:23:47,100 --> 02:23:49,260
this machine so click on next and
3646
02:23:49,260 --> 02:23:51,000
instead of going with the create a
3647
02:23:51,000 --> 02:23:52,920
virtual hard disk now as we did with the
3648
02:23:52,920 --> 02:23:55,080
color Linux machine we want to go to the
3649
02:23:55,080 --> 02:23:57,180
use an existing virtual hard disk file
3650
02:23:57,180 --> 02:24:00,120
click on this and right here click on
3651
02:24:00,120 --> 02:24:02,520
this icon where it will open this video
3652
02:24:02,520 --> 02:24:04,500
where you can simply just find your
3653
02:24:04,500 --> 02:24:08,220
metasploitable vmdk file and use it as
3654
02:24:08,220 --> 02:24:10,319
your hard disk since I don't have it
3655
02:24:10,319 --> 02:24:12,960
right here I want to go to the ad
3656
02:24:12,960 --> 02:24:15,540
then I want to navigate to the desktop
3657
02:24:15,540 --> 02:24:18,240
2D met exploitable and then this file
3658
02:24:18,240 --> 02:24:20,060
and here it is the
3659
02:24:20,060 --> 02:24:24,140
metasploitable.vndk click on open
3660
02:24:24,300 --> 02:24:27,780
try to find it right here here it is I
3661
02:24:27,780 --> 02:24:30,000
will simply just double click on it it
3662
02:24:30,000 --> 02:24:32,100
will automatically set it right here and
3663
02:24:32,100 --> 02:24:33,960
I will click on create
3664
02:24:33,960 --> 02:24:36,120
as soon as that has finished we also
3665
02:24:36,120 --> 02:24:37,979
want to set the network settings that we
3666
02:24:37,979 --> 02:24:40,380
used in the Cal Linux we also want to
3667
02:24:40,380 --> 02:24:42,359
set it in the metasploitable as well so
3668
02:24:42,359 --> 02:24:44,340
go to the bridge adapter and set the
3669
02:24:44,340 --> 02:24:46,620
ethernet cable connection and once again
3670
02:24:46,620 --> 02:24:48,780
make sure cable connected is checked
3671
02:24:48,780 --> 02:24:52,020
click on OK and now you can start the
3672
02:24:52,020 --> 02:24:54,300
machine so I will simply just click on
3673
02:24:54,300 --> 02:24:56,939
start and you will notice that this
3674
02:24:56,939 --> 02:24:58,800
actual machine doesn't take too long to
3675
02:24:58,800 --> 02:25:01,560
install it will take just two or three
3676
02:25:01,560 --> 02:25:03,840
minutes possibly and then we are ready
3677
02:25:03,840 --> 02:25:07,140
to proceed with our brute forcer for the
3678
02:25:07,140 --> 02:25:10,020
SSH service all right so it says
3679
02:25:10,020 --> 02:25:12,180
starting up right here
3680
02:25:12,180 --> 02:25:14,100
it will automatically download and
3681
02:25:14,100 --> 02:25:15,780
install all of this stuff and all the
3682
02:25:15,780 --> 02:25:17,460
softwares that it needs so we don't
3683
02:25:17,460 --> 02:25:19,620
really have to do anything all we need
3684
02:25:19,620 --> 02:25:22,080
to do is to log into the machine once it
3685
02:25:22,080 --> 02:25:24,300
has finished installing everything all
3686
02:25:24,300 --> 02:25:25,979
right so we are going to wait for that
3687
02:25:25,979 --> 02:25:28,200
to finish and here it is it is already
3688
02:25:28,200 --> 02:25:31,380
over it is asking us for the login and
3689
02:25:31,380 --> 02:25:33,720
you will notice that above the actual
3690
02:25:33,720 --> 02:25:35,939
login it tells us that the username and
3691
02:25:35,939 --> 02:25:39,479
password is msf admin and msf admin so
3692
02:25:39,479 --> 02:25:41,760
let's go right here and type rsf admin
3693
02:25:41,760 --> 02:25:46,260
and as a password as well msf admin
3694
02:25:46,260 --> 02:25:48,600
clear the screen since this is just a
3695
02:25:48,600 --> 02:25:50,399
command line machine and if I type
3696
02:25:50,399 --> 02:25:53,160
ifconfig I make sure that we are in the
3697
02:25:53,160 --> 02:25:55,380
same local area network with the IP
3698
02:25:55,380 --> 02:25:56,780
address of
3699
02:25:56,780 --> 02:25:59,819
192.168.1.3 and this is basically it we
3700
02:25:59,819 --> 02:26:01,680
successfully downloaded and installed
3701
02:26:01,680 --> 02:26:04,020
metasploitable virtual machine
3702
02:26:04,020 --> 02:26:05,580
so thank you for watching this tutorial
3703
02:26:05,580 --> 02:26:07,800
and I will see you in the next lecture
3704
02:26:07,800 --> 02:26:09,180
bye
3705
02:26:09,180 --> 02:26:11,340
hello everybody and welcome to our third
3706
02:26:11,340 --> 02:26:13,500
project which is going to be the SSH
3707
02:26:13,500 --> 02:26:16,680
brute forcer so for now on we managed to
3708
02:26:16,680 --> 02:26:18,780
scan the open ports to determine which
3709
02:26:18,780 --> 02:26:20,939
ones were closed which ones were open we
3710
02:26:20,939 --> 02:26:22,740
also managed to scan for the softwares
3711
02:26:22,740 --> 02:26:24,720
running on those open ports and now
3712
02:26:24,720 --> 02:26:27,000
let's imagine an example that we didn't
3713
02:26:27,000 --> 02:26:28,680
really manage to find any vulnerable
3714
02:26:28,680 --> 02:26:30,780
software running on those open ports
3715
02:26:30,780 --> 02:26:32,760
well now we have to turn to different
3716
02:26:32,760 --> 02:26:35,220
approaches such as for example trying to
3717
02:26:35,220 --> 02:26:37,140
gain access through some of those
3718
02:26:37,140 --> 02:26:39,420
Services running all those open ports
3719
02:26:39,420 --> 02:26:41,460
and we're going to take a look at the
3720
02:26:41,460 --> 02:26:43,260
first one which is going to be the SSH
3721
02:26:43,260 --> 02:26:46,620
Brute Force now what is an SSH
3722
02:26:46,620 --> 02:26:48,720
well sh is a way that you can
3723
02:26:48,720 --> 02:26:50,460
communicate and control the target
3724
02:26:50,460 --> 02:26:53,100
machine over the Internet just by
3725
02:26:53,100 --> 02:26:55,560
performing the SSH connection to that
3726
02:26:55,560 --> 02:26:56,819
specific machine
3727
02:26:56,819 --> 02:26:59,280
now of course it is a secure protocol
3728
02:26:59,280 --> 02:27:01,260
therefore we would need the username and
3729
02:27:01,260 --> 02:27:03,540
password in order to gain access to that
3730
02:27:03,540 --> 02:27:06,120
specific machine over the SSH protocol
3731
02:27:06,120 --> 02:27:08,280
now for the purposes of this project
3732
02:27:08,280 --> 02:27:10,140
we're going to use a virtual machine
3733
02:27:10,140 --> 02:27:13,140
which is called metasploitable now I
3734
02:27:13,140 --> 02:27:15,120
downloaded it and already installed it
3735
02:27:15,120 --> 02:27:18,420
here it is and in case you don't know
3736
02:27:18,420 --> 02:27:21,060
how to do that I created a bonus video
3737
02:27:21,060 --> 02:27:22,740
which is going to be at the last section
3738
02:27:22,740 --> 02:27:25,080
of this course and there you should see
3739
02:27:25,080 --> 02:27:27,540
the bonus video which simply just shows
3740
02:27:27,540 --> 02:27:29,420
you how to download and install
3741
02:27:29,420 --> 02:27:32,100
metasploitable now I will assume that
3742
02:27:32,100 --> 02:27:34,319
you already have it and that you watch
3743
02:27:34,319 --> 02:27:35,880
that video so I will simply just start
3744
02:27:35,880 --> 02:27:38,359
this machine
3745
02:27:38,819 --> 02:27:40,800
and first of all we're going to take a
3746
02:27:40,800 --> 02:27:42,359
look at how we can simply just connect
3747
02:27:42,359 --> 02:27:45,300
over the SSH using our terminal and then
3748
02:27:45,300 --> 02:27:47,100
we're going to try to implement all of
3749
02:27:47,100 --> 02:27:50,399
that into our SSH Brute Force program
3750
02:27:50,399 --> 02:27:52,260
now there will be two versions of this
3751
02:27:52,260 --> 02:27:54,540
program one will be a regular sh brute
3752
02:27:54,540 --> 02:27:56,819
force and the other one will be the SSH
3753
02:27:56,819 --> 02:28:00,060
brute forcer with threading library now
3754
02:28:00,060 --> 02:28:02,399
the reason why we do that is because if
3755
02:28:02,399 --> 02:28:04,200
you use a Threading library in order to
3756
02:28:04,200 --> 02:28:05,819
perform brute forcing it will
3757
02:28:05,819 --> 02:28:08,040
automatically be faster than simply just
3758
02:28:08,040 --> 02:28:10,620
using one thread in order to perform the
3759
02:28:10,620 --> 02:28:12,120
Brute Force
3760
02:28:12,120 --> 02:28:14,520
but let's not bother ourselves with that
3761
02:28:14,520 --> 02:28:16,800
right now let's see how we can connect
3762
02:28:16,800 --> 02:28:19,740
to the SSH using our terminal so our
3763
02:28:19,740 --> 02:28:22,439
machine is up and running we log in
3764
02:28:22,439 --> 02:28:25,800
using the msf admin as a username and
3765
02:28:25,800 --> 02:28:29,700
msf admin as a password and here it is
3766
02:28:29,700 --> 02:28:32,340
everything works correctly if I type
3767
02:28:32,340 --> 02:28:34,500
ifconfig I will check my IP address
3768
02:28:34,500 --> 02:28:36,500
which is going to be
3769
02:28:36,500 --> 02:28:39,300
192.168.1.3 so I need to remember that
3770
02:28:39,300 --> 02:28:42,240
open up my terminal let me enlarge all
3771
02:28:42,240 --> 02:28:43,740
of this in
3772
02:28:43,740 --> 02:28:46,319
and now try to connect to that IP
3773
02:28:46,319 --> 02:28:49,020
address using as Sage protocol so SSH
3774
02:28:49,020 --> 02:28:51,260
and then
3775
02:28:51,260 --> 02:28:54,720
192.168.1.3 press here enter and here
3776
02:28:54,720 --> 02:28:56,399
are some of the stuff that happens once
3777
02:28:56,399 --> 02:28:58,439
you try to connect over the sh the
3778
02:28:58,439 --> 02:29:00,600
authenticity of the host can be
3779
02:29:00,600 --> 02:29:03,359
established as a key fingerprint is and
3780
02:29:03,359 --> 02:29:05,280
then this one are sure you want to
3781
02:29:05,280 --> 02:29:07,979
continue connecting we want to type here
3782
02:29:07,979 --> 02:29:10,020
yes
3783
02:29:10,020 --> 02:29:12,060
and it will tell us that it permanently
3784
02:29:12,060 --> 02:29:14,580
added the RSA to the list of known hosts
3785
02:29:14,580 --> 02:29:16,920
now this is just some regular stuff that
3786
02:29:16,920 --> 02:29:18,359
happens once you try to actually connect
3787
02:29:18,359 --> 02:29:21,120
to the sh and we're going to have to
3788
02:29:21,120 --> 02:29:22,620
implement some of these things in our
3789
02:29:22,620 --> 02:29:24,660
program as well so keep in mind for that
3790
02:29:24,660 --> 02:29:27,899
right now and it will ask us to connect
3791
02:29:27,899 --> 02:29:29,760
to the root account which we don't
3792
02:29:29,760 --> 02:29:32,040
really want so I'm just going to click
3793
02:29:32,040 --> 02:29:34,500
exit right here
3794
02:29:34,500 --> 02:29:37,800
I will control C and then I will SSH msf
3795
02:29:37,800 --> 02:29:42,000
admin and then add 192.168.1.3
3796
02:29:43,680 --> 02:29:46,740
okay and the password will be msf admin
3797
02:29:46,740 --> 02:29:49,380
if I'm not mistaken and here it is we
3798
02:29:49,380 --> 02:29:50,939
successfully managed to connect to the
3799
02:29:50,939 --> 02:29:53,700
msf admin account on the multiploitable
3800
02:29:53,700 --> 02:29:56,580
virtual machine using the SSH from our
3801
02:29:56,580 --> 02:29:59,340
terminal all right and now if I type
3802
02:29:59,340 --> 02:30:01,740
5config in this terminal you will see
3803
02:30:01,740 --> 02:30:04,380
that we get the exact same IP address as
3804
02:30:04,380 --> 02:30:06,600
we got when I typed ifconfig inside our
3805
02:30:06,600 --> 02:30:07,859
metasploitable
3806
02:30:07,859 --> 02:30:09,660
so we basically got something like a
3807
02:30:09,660 --> 02:30:12,240
reverse shell running and we can execute
3808
02:30:12,240 --> 02:30:14,760
any commands we want and we can do
3809
02:30:14,760 --> 02:30:16,560
anything onto our met exploitable
3810
02:30:16,560 --> 02:30:19,020
machine so let me exit this since we are
3811
02:30:19,020 --> 02:30:20,640
not really interested in doing this over
3812
02:30:20,640 --> 02:30:22,880
terminal and let's start the new project
3813
02:30:22,880 --> 02:30:26,399
on SSH brute forcer
3814
02:30:26,399 --> 02:30:28,340
now of course I showed you an example
3815
02:30:28,340 --> 02:30:31,439
let me just open up my pycharm now of
3816
02:30:31,439 --> 02:30:33,660
course I showed you an example in which
3817
02:30:33,660 --> 02:30:35,340
we actually know the password to the
3818
02:30:35,340 --> 02:30:38,160
Target and in our program we want to
3819
02:30:38,160 --> 02:30:39,540
make sure that we do not know the
3820
02:30:39,540 --> 02:30:41,280
password and we will try multiple
3821
02:30:41,280 --> 02:30:43,500
passwords until we actually find the
3822
02:30:43,500 --> 02:30:46,439
correct one okay and then once we find
3823
02:30:46,439 --> 02:30:48,479
the correct one we will print it to the
3824
02:30:48,479 --> 02:30:51,300
screen found password and we will print
3825
02:30:51,300 --> 02:30:53,340
the username and the password for that
3826
02:30:53,340 --> 02:30:55,620
specific account
3827
02:30:55,620 --> 02:30:58,140
Now by default we will probably open up
3828
02:30:58,140 --> 02:30:59,819
our previous project which is going to
3829
02:30:59,819 --> 02:31:01,920
be the vulnerability scanner yeah here
3830
02:31:01,920 --> 02:31:05,040
it is but we want to as usual create a
3831
02:31:05,040 --> 02:31:07,560
new project which we will call the SSH
3832
02:31:07,560 --> 02:31:10,080
brute forcer so let's wait for all of
3833
02:31:10,080 --> 02:31:11,819
this to load up
3834
02:31:11,819 --> 02:31:14,280
okay so it loaded up let's go to the
3835
02:31:14,280 --> 02:31:15,600
file
3836
02:31:15,600 --> 02:31:18,500
new project
3837
02:31:19,439 --> 02:31:22,200
let's name the project to be SSH Brute
3838
02:31:22,200 --> 02:31:23,700
Force
3839
02:31:23,700 --> 02:31:26,460
click on create we want to create and
3840
02:31:26,460 --> 02:31:28,200
open the new project inside of this
3841
02:31:28,200 --> 02:31:30,380
window
3842
02:31:32,520 --> 02:31:34,560
let's wait for it to create the virtual
3843
02:31:34,560 --> 02:31:35,880
environment for us and all the
3844
02:31:35,880 --> 02:31:37,439
dependencies
3845
02:31:37,439 --> 02:31:39,420
and now we can simply just create our
3846
02:31:39,420 --> 02:31:43,140
python file by right clicking new python
3847
02:31:43,140 --> 02:31:48,180
file and let's call it SSH brute.py
3848
02:31:48,420 --> 02:31:50,460
easy to remember so
3849
02:31:50,460 --> 02:31:52,200
all we are going to do in this video
3850
02:31:52,200 --> 02:31:53,880
before we end it is we're going to
3851
02:31:53,880 --> 02:31:56,160
import the needed libraries for this
3852
02:31:56,160 --> 02:31:58,620
program to work
3853
02:31:58,620 --> 02:32:01,140
now let's type the import command and
3854
02:32:01,140 --> 02:32:03,359
the first library and the most important
3855
02:32:03,359 --> 02:32:05,399
library for this actual project is going
3856
02:32:05,399 --> 02:32:07,260
to be the paramico
3857
02:32:07,260 --> 02:32:09,960
Library we will use this library in
3858
02:32:09,960 --> 02:32:12,000
order to automate the process of
3859
02:32:12,000 --> 02:32:14,580
connecting to our SSH client so this
3860
02:32:14,580 --> 02:32:16,560
library has already pre-made functions
3861
02:32:16,560 --> 02:32:18,600
that we can use in order to make this
3862
02:32:18,600 --> 02:32:21,060
process shorter all right then we're
3863
02:32:21,060 --> 02:32:23,760
going to need assist Library the OS
3864
02:32:23,760 --> 02:32:25,859
Library
3865
02:32:25,859 --> 02:32:28,080
the socket library of course every time
3866
02:32:28,080 --> 02:32:30,720
we actually try to perform some some
3867
02:32:30,720 --> 02:32:32,939
tasks over the Internet we will most
3868
02:32:32,939 --> 02:32:35,160
likely use the socket library and we are
3869
02:32:35,160 --> 02:32:38,939
also going to use the term color Library
3870
02:32:38,939 --> 02:32:40,979
now you will notice that out of these
3871
02:32:40,979 --> 02:32:42,899
file libraries two are actually red
3872
02:32:42,899 --> 02:32:44,700
underlined which means we do not have
3873
02:32:44,700 --> 02:32:46,620
them installed inside our virtual
3874
02:32:46,620 --> 02:32:48,540
environment so let's install them we
3875
02:32:48,540 --> 02:32:51,000
already know how to do that we will open
3876
02:32:51,000 --> 02:32:53,160
up our terminal inside our pycharm and
3877
02:32:53,160 --> 02:32:55,560
type pip3 install and first let's go
3878
02:32:55,560 --> 02:32:58,020
with the paramico since paramico is
3879
02:32:58,020 --> 02:32:59,760
essential for this program to work while
3880
02:32:59,760 --> 02:33:01,979
as term color we don't really need but
3881
02:33:01,979 --> 02:33:04,920
it will make our program look nicer and
3882
02:33:04,920 --> 02:33:06,660
we can see it successfully installed
3883
02:33:06,660 --> 02:33:10,140
paramico and now let's pip3 install term
3884
02:33:10,140 --> 02:33:13,439
color alright so paper is return color
3885
02:33:13,439 --> 02:33:15,840
and this will finish in just a second
3886
02:33:15,840 --> 02:33:17,220
here it is
3887
02:33:17,220 --> 02:33:20,040
if I exit this terminal and go back to
3888
02:33:20,040 --> 02:33:21,120
my program
3889
02:33:21,120 --> 02:33:23,100
for some reason this is still red
3890
02:33:23,100 --> 02:33:24,780
underline not really sure why let's
3891
02:33:24,780 --> 02:33:27,060
start typing something maybe it will go
3892
02:33:27,060 --> 02:33:27,960
away
3893
02:33:27,960 --> 02:33:29,760
print
3894
02:33:29,760 --> 02:33:32,819
yeah it went away great so everything is
3895
02:33:32,819 --> 02:33:34,920
imported successfully and in the next
3896
02:33:34,920 --> 02:33:38,280
video we can start off with our brute
3897
02:33:38,280 --> 02:33:40,200
forcer hope I see you in the next
3898
02:33:40,200 --> 02:33:43,380
lecture and take care bye welcome back
3899
02:33:43,380 --> 02:33:45,420
everyone and let's continue with the
3900
02:33:45,420 --> 02:33:47,819
coding of our brute forcer you will
3901
02:33:47,819 --> 02:33:49,920
notice right away that we're going to
3902
02:33:49,920 --> 02:33:52,200
start it rather the same as our
3903
02:33:52,200 --> 02:33:54,120
vulnerability scanner by prompting the
3904
02:33:54,120 --> 02:33:55,979
users to input three different things
3905
02:33:55,979 --> 02:33:57,600
that we are going to store into three
3906
02:33:57,600 --> 02:33:59,340
different variables and use throughout
3907
02:33:59,340 --> 02:34:00,420
our program
3908
02:34:00,420 --> 02:34:02,399
now two of those three things are going
3909
02:34:02,399 --> 02:34:04,080
to be the exact same as in our
3910
02:34:04,080 --> 02:34:06,300
vulnerability scanner and the third one
3911
02:34:06,300 --> 02:34:08,460
is going to be the username for the sh
3912
02:34:08,460 --> 02:34:11,100
account so first thing we're going to
3913
02:34:11,100 --> 02:34:13,500
prompt the user is to enter the host so
3914
02:34:13,500 --> 02:34:15,780
the actual IP address to the Target that
3915
02:34:15,780 --> 02:34:17,880
they want to connect to so we're going
3916
02:34:17,880 --> 02:34:21,180
to type it right here input
3917
02:34:21,180 --> 02:34:24,080
and let's add
3918
02:34:24,120 --> 02:34:25,560
plus sign
3919
02:34:25,560 --> 02:34:29,040
and then Target address
3920
02:34:29,040 --> 02:34:31,020
so the user can specify the target
3921
02:34:31,020 --> 02:34:32,040
address
3922
02:34:32,040 --> 02:34:33,899
the second thing that we are going to
3923
02:34:33,899 --> 02:34:35,880
need is going to be the username for the
3924
02:34:35,880 --> 02:34:37,260
account that we are trying to Brute
3925
02:34:37,260 --> 02:34:39,600
Force which in our case if you're using
3926
02:34:39,600 --> 02:34:41,399
that exploitable as I am is going to be
3927
02:34:41,399 --> 02:34:44,160
msf admin all right so we're going to
3928
02:34:44,160 --> 02:34:46,020
input
3929
02:34:46,020 --> 02:34:48,060
right here
3930
02:34:48,060 --> 02:34:50,640
at the plus sign once again and Sh
3931
02:34:50,640 --> 02:34:52,859
username
3932
02:34:52,859 --> 02:34:54,420
and the last thing that we want to
3933
02:34:54,420 --> 02:34:57,359
prompt to the user is to input the file
3934
02:34:57,359 --> 02:34:59,700
or the file name from which we are going
3935
02:34:59,700 --> 02:35:01,319
to read the passwords
3936
02:35:01,319 --> 02:35:04,859
all right so input file let's call it
3937
02:35:04,859 --> 02:35:09,000
like that and we're going to type input
3938
02:35:09,000 --> 02:35:12,859
single quotes plus sign and then
3939
02:35:12,859 --> 02:35:15,840
passwords file
3940
02:35:15,840 --> 02:35:18,660
alright so simple as that once the user
3941
02:35:18,660 --> 02:35:21,000
specifies all of these three things we
3942
02:35:21,000 --> 02:35:22,859
are ready to start running our program
3943
02:35:22,859 --> 02:35:24,720
the first thing that we're going to take
3944
02:35:24,720 --> 02:35:26,460
a look at is whether the username
3945
02:35:26,460 --> 02:35:28,380
specified the actual password file
3946
02:35:28,380 --> 02:35:30,960
correctly and we're going to do that
3947
02:35:30,960 --> 02:35:33,540
using the OS Library so we're going to
3948
02:35:33,540 --> 02:35:35,520
see whether this file actually exists if
3949
02:35:35,520 --> 02:35:37,260
it doesn't exist
3950
02:35:37,260 --> 02:35:39,840
we're going to print to the user file
3951
02:35:39,840 --> 02:35:42,720
doesn't exist okay so now in order to
3952
02:35:42,720 --> 02:35:44,160
actually do that we're going to use an
3953
02:35:44,160 --> 02:35:47,160
if statement and we're going to call the
3954
02:35:47,160 --> 02:35:50,399
OS library with the path and Dot exists
3955
02:35:50,399 --> 02:35:51,680
now this
3956
02:35:51,680 --> 02:35:53,640
os.path.exists will check for a
3957
02:35:53,640 --> 02:35:56,160
specified path whether that path simply
3958
02:35:56,160 --> 02:35:58,439
exists or not basically it performs the
3959
02:35:58,439 --> 02:36:01,020
same thing as its name says so
3960
02:36:01,020 --> 02:36:04,020
os.path.exists
3961
02:36:04,080 --> 02:36:06,479
and in the brackets we specify the
3962
02:36:06,479 --> 02:36:08,580
actual path to the file so in our case
3963
02:36:08,580 --> 02:36:11,340
that will be input file
3964
02:36:11,340 --> 02:36:14,460
and if it equals equals to false since
3965
02:36:14,460 --> 02:36:16,260
this actual function will return true
3966
02:36:16,260 --> 02:36:18,899
and false true if the file exists and
3967
02:36:18,899 --> 02:36:21,240
false if it doesn't exist so in this
3968
02:36:21,240 --> 02:36:23,040
case if it doesn't exist we're going to
3969
02:36:23,040 --> 02:36:25,340
print
3970
02:36:28,859 --> 02:36:33,120
that file doesn't exist and we also want
3971
02:36:33,120 --> 02:36:34,859
to make sure that we already here slash
3972
02:36:34,859 --> 02:36:37,920
path in case the user specifies path and
3973
02:36:37,920 --> 02:36:39,540
not just the file name
3974
02:36:39,540 --> 02:36:41,819
and then we're going to use the sys
3975
02:36:41,819 --> 02:36:43,920
library in order to exit the program
3976
02:36:43,920 --> 02:36:47,040
with number one so sys.exits in case
3977
02:36:47,040 --> 02:36:49,020
that file doesn't exist so the user can
3978
02:36:49,020 --> 02:36:51,120
actually rerun the program and specify
3979
02:36:51,120 --> 02:36:53,640
the correct file right now that we did
3980
02:36:53,640 --> 02:36:55,800
all of this we need to actually proceed
3981
02:36:55,800 --> 02:36:58,319
with the main part of the program which
3982
02:36:58,319 --> 02:36:59,939
is going to be the comparison of the
3983
02:36:59,939 --> 02:37:02,460
passwords with the SSH client so in
3984
02:37:02,460 --> 02:37:04,140
order to do that we're going to have to
3985
02:37:04,140 --> 02:37:06,780
open file first and to open this
3986
02:37:06,780 --> 02:37:08,520
password file we simply just use the
3987
02:37:08,520 --> 02:37:09,899
same thing as from the vulnerability
3988
02:37:09,899 --> 02:37:12,300
scanner which is the statement with open
3989
02:37:12,300 --> 02:37:15,120
and then we specify the file name in our
3990
02:37:15,120 --> 02:37:17,280
case it is stored inside the input file
3991
02:37:17,280 --> 02:37:19,620
variable and then we open it up for
3992
02:37:19,620 --> 02:37:22,140
reading once we do that we simply create
3993
02:37:22,140 --> 02:37:24,720
the file descriptor name which is going
3994
02:37:24,720 --> 02:37:27,899
to be just file and then we check
3995
02:37:27,899 --> 02:37:30,960
all the passwords line by line so for
3996
02:37:30,960 --> 02:37:32,220
each line
3997
02:37:32,220 --> 02:37:35,280
in file.redlines and keep in mind that
3998
02:37:35,280 --> 02:37:38,220
you need to use readline with s and
3999
02:37:38,220 --> 02:37:40,500
there is also read line but read line
4000
02:37:40,500 --> 02:37:42,960
will only read character one by one and
4001
02:37:42,960 --> 02:37:44,760
we want to make sure we use read line so
4002
02:37:44,760 --> 02:37:47,460
we read line by line all right
4003
02:37:47,460 --> 02:37:49,920
once it reads the line that line will be
4004
02:37:49,920 --> 02:37:52,260
a password and we're going to set it so
4005
02:37:52,260 --> 02:37:54,180
password equals
4006
02:37:54,180 --> 02:37:57,120
line and that line we want to strip out
4007
02:37:57,120 --> 02:37:59,340
any character that we don't need for
4008
02:37:59,340 --> 02:38:01,439
example the new line character we don't
4009
02:38:01,439 --> 02:38:03,420
really need it inside of the string so
4010
02:38:03,420 --> 02:38:04,920
we're going to strip any unnecessary
4011
02:38:04,920 --> 02:38:06,780
thing and store it in a new variable
4012
02:38:06,780 --> 02:38:08,580
that we just created which is going to
4013
02:38:08,580 --> 02:38:11,640
be called password all right once we
4014
02:38:11,640 --> 02:38:14,100
have the password ready to test then we
4015
02:38:14,100 --> 02:38:16,020
can simply just try to connect with that
4016
02:38:16,020 --> 02:38:18,060
password
4017
02:38:18,060 --> 02:38:20,100
and in order to do that we're going to
4018
02:38:20,100 --> 02:38:23,580
use a function SSH underscore whoops SSH
4019
02:38:23,580 --> 02:38:25,979
underscore connect
4020
02:38:25,979 --> 02:38:29,340
with this specified password now you
4021
02:38:29,340 --> 02:38:31,979
might notice right away that this is red
4022
02:38:31,979 --> 02:38:34,380
underline and the reason why this thread
4023
02:38:34,380 --> 02:38:36,240
underline is because this function
4024
02:38:36,240 --> 02:38:38,160
doesn't even exist
4025
02:38:38,160 --> 02:38:39,899
now you might be asking why are we using
4026
02:38:39,899 --> 02:38:41,520
it if it doesn't exist well we're going
4027
02:38:41,520 --> 02:38:43,740
to code it in the next video and inside
4028
02:38:43,740 --> 02:38:45,540
of this function we're going to use the
4029
02:38:45,540 --> 02:38:47,580
paramico library in order to automate
4030
02:38:47,580 --> 02:38:50,399
the SSH connection to the Target all
4031
02:38:50,399 --> 02:38:52,260
right so that would be about it for this
4032
02:38:52,260 --> 02:38:54,780
tutorial and I will see you in the next
4033
02:38:54,780 --> 02:38:57,840
lecture bye welcome back everyone and
4034
02:38:57,840 --> 02:38:59,700
right now we are ready to start coding
4035
02:38:59,700 --> 02:39:02,460
our sh connect function in the previous
4036
02:39:02,460 --> 02:39:04,979
video we coded all of this so this is
4037
02:39:04,979 --> 02:39:06,479
just the base part of the program where
4038
02:39:06,479 --> 02:39:09,000
we ask for some uh imported information
4039
02:39:09,000 --> 02:39:10,740
then we check whether that information
4040
02:39:10,740 --> 02:39:13,800
is correct and then we continue with the
4041
02:39:13,800 --> 02:39:15,899
actual brute forcing right now we are
4042
02:39:15,899 --> 02:39:17,520
going to call the sh connect function
4043
02:39:17,520 --> 02:39:19,560
and let's do it at the beginning of the
4044
02:39:19,560 --> 02:39:21,240
program we're going to Define it first
4045
02:39:21,240 --> 02:39:23,750
Define SSH underscore connect
4046
02:39:23,750 --> 02:39:25,140
[Music]
4047
02:39:25,140 --> 02:39:27,060
and this function will actually take two
4048
02:39:27,060 --> 02:39:29,340
parameters one of them is going to be
4049
02:39:29,340 --> 02:39:31,560
the password which we specified right
4050
02:39:31,560 --> 02:39:33,359
here and the other one we're going to
4051
02:39:33,359 --> 02:39:35,520
actually declare right here in the
4052
02:39:35,520 --> 02:39:37,020
brackets and we're going to call it code
4053
02:39:37,020 --> 02:39:40,200
to be equal to zero what this means when
4054
02:39:40,200 --> 02:39:42,000
you simply specify code to be equal to
4055
02:39:42,000 --> 02:39:44,580
zero is in case we don't really specify
4056
02:39:44,580 --> 02:39:46,680
anything as a second parameter right
4057
02:39:46,680 --> 02:39:48,600
here in this line that means that this
4058
02:39:48,600 --> 02:39:50,460
code parameter will automatically be set
4059
02:39:50,460 --> 02:39:53,100
to zero all right and we want it like
4060
02:39:53,100 --> 02:39:55,500
that so let's add two dots right here
4061
02:39:55,500 --> 02:39:57,180
and start coding the part of the
4062
02:39:57,180 --> 02:39:58,979
function first of all we need to create
4063
02:39:58,979 --> 02:40:00,660
a variable which is going to be called
4064
02:40:00,660 --> 02:40:03,600
SSH and that variable will be equal to
4065
02:40:03,600 --> 02:40:05,060
parametical
4066
02:40:05,060 --> 02:40:07,560
dot sh client
4067
02:40:07,560 --> 02:40:09,720
so we're going to use this sh client
4068
02:40:09,720 --> 02:40:11,100
function in order to declare this
4069
02:40:11,100 --> 02:40:12,000
variable
4070
02:40:12,000 --> 02:40:13,680
and then we're going to use this
4071
02:40:13,680 --> 02:40:14,640
variable
4072
02:40:14,640 --> 02:40:18,479
to set missing host key policy so this
4073
02:40:18,479 --> 02:40:20,460
is a long function as you can see you
4074
02:40:20,460 --> 02:40:22,260
can simply just tab it to auto complete
4075
02:40:22,260 --> 02:40:24,720
it once the pycharm outputs it as a
4076
02:40:24,720 --> 02:40:26,399
possible function to use so we're going
4077
02:40:26,399 --> 02:40:28,939
to type as Sage set musicowski policy
4078
02:40:28,939 --> 02:40:31,620
and right here we need to specify
4079
02:40:31,620 --> 02:40:33,120
paramico
4080
02:40:33,120 --> 02:40:36,780
dot Auto add
4081
02:40:36,780 --> 02:40:40,560
policy and this is also function so this
4082
02:40:40,560 --> 02:40:42,479
is just some basic two lines that we
4083
02:40:42,479 --> 02:40:44,640
need to set before we try to connect to
4084
02:40:44,640 --> 02:40:48,899
the SSH client and right after it comes
4085
02:40:48,899 --> 02:40:50,880
the connect part which we will try with
4086
02:40:50,880 --> 02:40:54,560
the try and accept statement
4087
02:40:56,340 --> 02:40:58,260
similar thing that we did with our Port
4088
02:40:58,260 --> 02:40:59,760
scanner we're going to do right here
4089
02:40:59,760 --> 02:41:01,620
we're going to try to connect inside
4090
02:41:01,620 --> 02:41:03,780
this try statement and in the accept
4091
02:41:03,780 --> 02:41:05,819
statement we're going to print that the
4092
02:41:05,819 --> 02:41:08,700
password was incorrect all right so
4093
02:41:08,700 --> 02:41:10,920
right here in the try statement we're
4094
02:41:10,920 --> 02:41:14,760
going to type SSH dot connect
4095
02:41:14,760 --> 02:41:17,760
we're going to connect onto the host and
4096
02:41:17,760 --> 02:41:19,439
keep in mind that the host is this
4097
02:41:19,439 --> 02:41:21,479
variable right here which stores the IP
4098
02:41:21,479 --> 02:41:23,580
address that the user specifies
4099
02:41:23,580 --> 02:41:27,060
we want to connect over the port 22
4100
02:41:27,060 --> 02:41:29,460
because the port 22 is a regular port
4101
02:41:29,460 --> 02:41:31,140
for the SSH
4102
02:41:31,140 --> 02:41:33,960
we want to set the username to be equal
4103
02:41:33,960 --> 02:41:35,399
to username
4104
02:41:35,399 --> 02:41:37,620
which once again is this variable right
4105
02:41:37,620 --> 02:41:38,520
here
4106
02:41:38,520 --> 02:41:40,680
and we want to set the last thing which
4107
02:41:40,680 --> 02:41:42,899
is going to be the password to be equal
4108
02:41:42,899 --> 02:41:44,520
to password
4109
02:41:44,520 --> 02:41:47,340
which we pasted right here as a
4110
02:41:47,340 --> 02:41:48,359
parameter
4111
02:41:48,359 --> 02:41:51,300
so it is going to get stored from here
4112
02:41:51,300 --> 02:41:54,000
to here all right so this connect
4113
02:41:54,000 --> 02:41:56,340
function that comes with the parameter
4114
02:41:56,340 --> 02:41:59,640
library has four parameters the IP
4115
02:41:59,640 --> 02:42:02,280
address the port number the username and
4116
02:42:02,280 --> 02:42:04,800
the password and this is all that we are
4117
02:42:04,800 --> 02:42:06,000
going to do right here in the try
4118
02:42:06,000 --> 02:42:08,280
statement in the accept statement we're
4119
02:42:08,280 --> 02:42:10,200
going to check for an error which is
4120
02:42:10,200 --> 02:42:13,460
going to be called paramico
4121
02:42:13,460 --> 02:42:16,380
authentication exception which simply
4122
02:42:16,380 --> 02:42:18,840
just stands for if the password is was
4123
02:42:18,840 --> 02:42:20,760
incorrect we're going to perform this
4124
02:42:20,760 --> 02:42:22,319
part of the code so if the
4125
02:42:22,319 --> 02:42:23,939
authentication didn't manage to go
4126
02:42:23,939 --> 02:42:25,979
through that means we specified the
4127
02:42:25,979 --> 02:42:28,140
incorrect password and therefore we're
4128
02:42:28,140 --> 02:42:30,300
going to set the code parameter which
4129
02:42:30,300 --> 02:42:32,100
remember is the second parameter to our
4130
02:42:32,100 --> 02:42:35,960
function to be equal to one
4131
02:42:36,060 --> 02:42:38,160
and in the last case which is going to
4132
02:42:38,160 --> 02:42:40,560
be another accept statement we're going
4133
02:42:40,560 --> 02:42:42,240
to set right here
4134
02:42:42,240 --> 02:42:43,800
accept
4135
02:42:43,800 --> 02:42:46,439
socket error
4136
02:42:46,439 --> 02:42:48,720
as e
4137
02:42:48,720 --> 02:42:50,939
we're going to set the code to be equal
4138
02:42:50,939 --> 02:42:52,620
to 2.
4139
02:42:52,620 --> 02:42:54,660
and before I explain this try and except
4140
02:42:54,660 --> 02:42:56,160
once again let me just type here as
4141
02:42:56,160 --> 02:42:59,340
sage.close once we finish everything and
4142
02:42:59,340 --> 02:43:01,800
we want to return the code from this
4143
02:43:01,800 --> 02:43:03,060
function
4144
02:43:03,060 --> 02:43:05,160
so let's go through it once again we
4145
02:43:05,160 --> 02:43:07,800
declare the sh client we add the auto
4146
02:43:07,800 --> 02:43:10,080
add policy these are two standard lines
4147
02:43:10,080 --> 02:43:12,240
before we try to connect then we try to
4148
02:43:12,240 --> 02:43:14,280
connect to the Target if we manage to
4149
02:43:14,280 --> 02:43:16,319
connect with the password then the
4150
02:43:16,319 --> 02:43:17,939
second parameter which is called will
4151
02:43:17,939 --> 02:43:20,819
remain zero if we specify wrong password
4152
02:43:20,819 --> 02:43:23,580
the code will be changed to 1 and if
4153
02:43:23,580 --> 02:43:25,140
there is any error during the connection
4154
02:43:25,140 --> 02:43:27,240
for example we cannot connect to the
4155
02:43:27,240 --> 02:43:29,520
Target because it is offline then the
4156
02:43:29,520 --> 02:43:33,479
code will be 2. therefore once we return
4157
02:43:33,479 --> 02:43:36,060
the code and we check it then we will
4158
02:43:36,060 --> 02:43:38,399
know which password is correct and which
4159
02:43:38,399 --> 02:43:40,859
password isn't correct all right so
4160
02:43:40,859 --> 02:43:42,600
we're going to finish that in the next
4161
02:43:42,600 --> 02:43:45,120
tutorial for now on we got our function
4162
02:43:45,120 --> 02:43:47,520
ready and before I finish off this
4163
02:43:47,520 --> 02:43:50,280
lecture I will just add right here that
4164
02:43:50,280 --> 02:43:53,280
the response is going to be equal to sh
4165
02:43:53,280 --> 02:43:55,439
connect with the password
4166
02:43:55,439 --> 02:43:57,720
the reason for that is since we are
4167
02:43:57,720 --> 02:43:59,939
returning the code from our function we
4168
02:43:59,939 --> 02:44:01,680
want to store the result inside of a
4169
02:44:01,680 --> 02:44:03,600
response variable therefore this
4170
02:44:03,600 --> 02:44:05,880
response variable will contain the value
4171
02:44:05,880 --> 02:44:10,319
of the code whether it is 0 1 or 2 all
4172
02:44:10,319 --> 02:44:12,180
right so simple as that and let's
4173
02:44:12,180 --> 02:44:14,220
continue in the next tutorial hope I see
4174
02:44:14,220 --> 02:44:16,740
you there and take care bye
4175
02:44:16,740 --> 02:44:19,319
welcome back let's wrap up our program
4176
02:44:19,319 --> 02:44:21,479
and run it for a test
4177
02:44:21,479 --> 02:44:23,460
so there are a few things that we
4178
02:44:23,460 --> 02:44:25,020
actually need to finish before we do
4179
02:44:25,020 --> 02:44:27,600
that for now on we got the main part of
4180
02:44:27,600 --> 02:44:28,979
the program ready which is the connect
4181
02:44:28,979 --> 02:44:31,319
function we used up all of these four
4182
02:44:31,319 --> 02:44:33,660
libraries and we are just now going to
4183
02:44:33,660 --> 02:44:36,359
use the term color Library as well and
4184
02:44:36,359 --> 02:44:38,880
we also managed to open the file read
4185
02:44:38,880 --> 02:44:41,220
the password from the file and now we
4186
02:44:41,220 --> 02:44:43,439
need to compare the actual code that we
4187
02:44:43,439 --> 02:44:46,140
return from the response
4188
02:44:46,140 --> 02:44:48,540
and see whether that password is correct
4189
02:44:48,540 --> 02:44:52,140
or not all right so the last line is US
4190
02:44:52,140 --> 02:44:54,479
returning the code and storing it in the
4191
02:44:54,479 --> 02:44:56,700
response variable so let's think about
4192
02:44:56,700 --> 02:44:59,700
what we need to do after it well we need
4193
02:44:59,700 --> 02:45:02,580
to compare the actual response with 0 1
4194
02:45:02,580 --> 02:45:05,040
and 2 simple as that
4195
02:45:05,040 --> 02:45:07,380
so in the try statement we are first of
4196
02:45:07,380 --> 02:45:10,560
all going to compare if response equals
4197
02:45:10,560 --> 02:45:13,740
equals to zero that means let's check it
4198
02:45:13,740 --> 02:45:17,460
out first but zero means well since 0 is
4199
02:45:17,460 --> 02:45:19,680
a parameter that is already set by
4200
02:45:19,680 --> 02:45:22,260
default or the code is parameter that is
4201
02:45:22,260 --> 02:45:23,880
already set by default to be equal to
4202
02:45:23,880 --> 02:45:26,520
zero and we do not change it if we
4203
02:45:26,520 --> 02:45:28,680
manage to connect that means that 0
4204
02:45:28,680 --> 02:45:31,680
equals successful connection so we're
4205
02:45:31,680 --> 02:45:35,180
going to print found password
4206
02:45:37,439 --> 02:45:41,100
let's print it like this so inside we
4207
02:45:41,100 --> 02:45:42,840
are going to add the plus sign
4208
02:45:42,840 --> 02:45:44,040
found
4209
02:45:44,040 --> 02:45:46,560
password
4210
02:45:46,560 --> 02:45:49,020
two dots and then let's add the password
4211
02:45:49,020 --> 02:45:51,720
as a string
4212
02:45:51,720 --> 02:45:54,840
and let's also add for which account we
4213
02:45:54,840 --> 02:45:56,340
managed to find the password so for
4214
02:45:56,340 --> 02:45:58,700
account
4215
02:45:58,800 --> 02:46:01,319
and then let's also add Plus
4216
02:46:01,319 --> 02:46:03,660
username all right
4217
02:46:03,660 --> 02:46:06,120
and let me just move this a little bit
4218
02:46:06,120 --> 02:46:08,520
to the side so everything can fit inside
4219
02:46:08,520 --> 02:46:11,580
of our screen and now there is the part
4220
02:46:11,580 --> 02:46:13,920
where we can use term card library and
4221
02:46:13,920 --> 02:46:15,899
what term color Library allows us to do
4222
02:46:15,899 --> 02:46:18,180
is to print the statements in different
4223
02:46:18,180 --> 02:46:19,319
colors
4224
02:46:19,319 --> 02:46:21,420
that's what I meant when I mentioned
4225
02:46:21,420 --> 02:46:22,859
that it is not needed inside of this
4226
02:46:22,859 --> 02:46:24,479
program but it will make it look a
4227
02:46:24,479 --> 02:46:26,700
little bit prettier so inside of the
4228
02:46:26,700 --> 02:46:28,439
print statement we're going to Define
4229
02:46:28,439 --> 02:46:30,180
term color
4230
02:46:30,180 --> 02:46:32,939
and then dot colored which is the actual
4231
02:46:32,939 --> 02:46:34,620
function that we need to use
4232
02:46:34,620 --> 02:46:38,460
open up two brackets right here
4233
02:46:38,460 --> 02:46:40,680
and in the first bracket we're going to
4234
02:46:40,680 --> 02:46:43,200
type the actual print statement which is
4235
02:46:43,200 --> 02:46:44,700
this thing
4236
02:46:44,700 --> 02:46:47,040
let us go to the site
4237
02:46:47,040 --> 02:46:49,800
so here we close the first bracket then
4238
02:46:49,800 --> 02:46:52,319
we need to add the comma and in between
4239
02:46:52,319 --> 02:46:54,300
the single quotes here we specify in
4240
02:46:54,300 --> 02:46:56,460
which color we want to print let's say
4241
02:46:56,460 --> 02:46:58,800
we want to print in green color
4242
02:46:58,800 --> 02:47:00,960
as we successfully managed to connect so
4243
02:47:00,960 --> 02:47:02,880
it will be green and then we need to
4244
02:47:02,880 --> 02:47:04,859
close the first bracket which is going
4245
02:47:04,859 --> 02:47:06,540
to be the bracket to the term color
4246
02:47:06,540 --> 02:47:08,819
function and now the second bracket
4247
02:47:08,819 --> 02:47:10,500
which is going to be the bracket to the
4248
02:47:10,500 --> 02:47:12,120
print statement
4249
02:47:12,120 --> 02:47:14,220
so let's check if we have the right
4250
02:47:14,220 --> 02:47:16,920
amount of brackets one bracket two
4251
02:47:16,920 --> 02:47:19,620
bracket three brackets and three close
4252
02:47:19,620 --> 02:47:21,660
brackets all right so everything seems
4253
02:47:21,660 --> 02:47:22,800
to be good
4254
02:47:22,800 --> 02:47:26,160
now let's go down here if we manage to
4255
02:47:26,160 --> 02:47:28,260
find the password let me just move this
4256
02:47:28,260 --> 02:47:31,399
so we can see entire code
4257
02:47:35,880 --> 02:47:38,160
if we manage to find the password
4258
02:47:38,160 --> 02:47:40,680
then we can break out of this program
4259
02:47:40,680 --> 02:47:42,899
since we don't really need to test
4260
02:47:42,899 --> 02:47:45,720
anymore we managed to find it in case we
4261
02:47:45,720 --> 02:47:46,800
don't manage
4262
02:47:46,800 --> 02:47:49,680
which will be the else if statement or
4263
02:47:49,680 --> 02:47:54,060
else if response equals equals to one
4264
02:47:54,060 --> 02:47:57,720
then we will simply just print incorrect
4265
02:47:57,720 --> 02:48:00,780
login and we're going to add the
4266
02:48:00,780 --> 02:48:03,240
password so we can see which password is
4267
02:48:03,240 --> 02:48:06,660
incorrect and the last case which is if
4268
02:48:06,660 --> 02:48:08,100
the response
4269
02:48:08,100 --> 02:48:10,200
is equal to 2
4270
02:48:10,200 --> 02:48:14,340
then we're going to print simply just
4271
02:48:14,340 --> 02:48:17,100
let's print it like this
4272
02:48:17,100 --> 02:48:20,880
and let's print can't connect
4273
02:48:20,880 --> 02:48:22,859
as an error so we didn't manage to
4274
02:48:22,859 --> 02:48:24,899
connect possibly the target is offline
4275
02:48:24,899 --> 02:48:27,540
and after it we want to see us exit the
4276
02:48:27,540 --> 02:48:29,520
program since we didn't manage to
4277
02:48:29,520 --> 02:48:31,020
connect there is nothing really more to
4278
02:48:31,020 --> 02:48:34,260
test right here and after it as the
4279
02:48:34,260 --> 02:48:36,540
accept statement we want to print any
4280
02:48:36,540 --> 02:48:38,880
other exception in case there is some
4281
02:48:38,880 --> 02:48:40,500
exception that we didn't cover such as
4282
02:48:40,500 --> 02:48:43,080
connection wrong password or didn't
4283
02:48:43,080 --> 02:48:45,000
manage to connect we want to print it
4284
02:48:45,000 --> 02:48:47,819
right here so accept exception
4285
02:48:47,819 --> 02:48:49,859
as e
4286
02:48:49,859 --> 02:48:53,220
we want to print that exception so print
4287
02:48:53,220 --> 02:48:57,060
e and then we can pass
4288
02:48:57,060 --> 02:48:59,399
since this actual exception can occur
4289
02:48:59,399 --> 02:49:01,740
only in one password therefore we don't
4290
02:49:01,740 --> 02:49:03,180
really want to break out of the program
4291
02:49:03,180 --> 02:49:05,760
we want to print that exception and
4292
02:49:05,760 --> 02:49:08,580
possibly go on to the next password okay
4293
02:49:08,580 --> 02:49:10,800
so this is the entire program
4294
02:49:10,800 --> 02:49:12,840
let's see if there is anything that we
4295
02:49:12,840 --> 02:49:15,359
didn't code let's delete this empty
4296
02:49:15,359 --> 02:49:17,880
space right here we used up all the
4297
02:49:17,880 --> 02:49:20,399
libraries that's been imported this is
4298
02:49:20,399 --> 02:49:22,080
the part of the program well we'll check
4299
02:49:22,080 --> 02:49:25,260
for the password and this is the actual
4300
02:49:25,260 --> 02:49:27,120
connection part of the program alright
4301
02:49:27,120 --> 02:49:29,399
so let's test it up we're going to open
4302
02:49:29,399 --> 02:49:31,140
up our terminal
4303
02:49:31,140 --> 02:49:33,300
enlarge everything so we can see it
4304
02:49:33,300 --> 02:49:34,979
better
4305
02:49:34,979 --> 02:49:37,020
and before we actually test it you might
4306
02:49:37,020 --> 02:49:39,060
notice that we're missing one thing and
4307
02:49:39,060 --> 02:49:41,580
that thing is going to be the passwords
4308
02:49:41,580 --> 02:49:44,640
list now once again for this for the
4309
02:49:44,640 --> 02:49:46,200
purposes of this tutorial I'm going to
4310
02:49:46,200 --> 02:49:48,120
create a small password list with around
4311
02:49:48,120 --> 02:49:50,640
10 passwords but if you were to perform
4312
02:49:50,640 --> 02:49:52,859
a real life attack you would actually
4313
02:49:52,859 --> 02:49:55,080
use a lot bigger password with possibly
4314
02:49:55,080 --> 02:49:57,000
tens of thousands or hundreds of
4315
02:49:57,000 --> 02:49:59,760
thousand passwords and see which one is
4316
02:49:59,760 --> 02:50:02,160
correct if you manage to find it
4317
02:50:02,160 --> 02:50:04,140
now of course in the bonus videos I will
4318
02:50:04,140 --> 02:50:05,520
leave a video where I will show you
4319
02:50:05,520 --> 02:50:07,319
where you can actually download some of
4320
02:50:07,319 --> 02:50:08,819
the bigger password lists that are used
4321
02:50:08,819 --> 02:50:10,859
for real life attacks but right now
4322
02:50:10,859 --> 02:50:12,479
we're going to test it on a small
4323
02:50:12,479 --> 02:50:14,520
password list that we're going to create
4324
02:50:14,520 --> 02:50:18,560
so let's go right here right click
4325
02:50:20,220 --> 02:50:23,580
right click right here new and we want
4326
02:50:23,580 --> 02:50:26,040
well we don't want that we want to go
4327
02:50:26,040 --> 02:50:29,520
once again a new new file just a regular
4328
02:50:29,520 --> 02:50:33,420
file and let's call it passwords.txt
4329
02:50:33,420 --> 02:50:35,640
and let's add some random passwords such
4330
02:50:35,640 --> 02:50:38,899
as for example hello world
4331
02:50:39,300 --> 02:50:40,859
one two three
4332
02:50:40,859 --> 02:50:44,220
five four three two one password one two
4333
02:50:44,220 --> 02:50:45,960
three
4334
02:50:45,960 --> 02:50:50,060
let's type in another password
4335
02:50:50,520 --> 02:50:54,359
test four three two one let's add a real
4336
02:50:54,359 --> 02:50:56,160
password right now so we can see whether
4337
02:50:56,160 --> 02:50:58,920
it works which is msf admin and let's
4338
02:50:58,920 --> 02:51:01,920
add two more passwords so so root and
4339
02:51:01,920 --> 02:51:05,160
root one two three why not so we have
4340
02:51:05,160 --> 02:51:06,240
around
4341
02:51:06,240 --> 02:51:08,340
nine passwords so let's add one more so
4342
02:51:08,340 --> 02:51:10,380
we can Circle it to ten one two three
4343
02:51:10,380 --> 02:51:13,620
four five six seven eight nine and this
4344
02:51:13,620 --> 02:51:15,899
is our password list all right so let's
4345
02:51:15,899 --> 02:51:17,340
test our program
4346
02:51:17,340 --> 02:51:19,740
we have our terminal open
4347
02:51:19,740 --> 02:51:22,620
we zoomed everything in now let's go to
4348
02:51:22,620 --> 02:51:25,800
the pie charm let's go to the
4349
02:51:25,800 --> 02:51:29,939
sh brute force and right here we want to
4350
02:51:29,939 --> 02:51:33,600
run the sh blue.py so Python 3 SSH root
4351
02:51:33,600 --> 02:51:35,100
Dot py
4352
02:51:35,100 --> 02:51:37,859
we have somewhere invalid syntax so
4353
02:51:37,859 --> 02:51:39,920
let's see where that is file.redlines
4354
02:51:39,920 --> 02:51:42,660
this is somewhere down here
4355
02:51:42,660 --> 02:51:45,479
four line in file.readlines and at the
4356
02:51:45,479 --> 02:51:47,160
end of the fourth statement we need to
4357
02:51:47,160 --> 02:51:50,040
specify two dots therefore this didn't
4358
02:51:50,040 --> 02:51:53,780
work let's test it once again
4359
02:51:54,240 --> 02:51:57,080
Target address we specify
4360
02:51:57,080 --> 02:51:59,939
192.168.1.3 and once again in order to
4361
02:51:59,939 --> 02:52:01,680
check out the IP address of your target
4362
02:52:01,680 --> 02:52:03,359
machine
4363
02:52:03,359 --> 02:52:06,660
you simply just type ifconfig inside of
4364
02:52:06,660 --> 02:52:08,399
your met exploitable and you will get
4365
02:52:08,399 --> 02:52:12,319
the inet address right here which is
4366
02:52:12,319 --> 02:52:15,000
192.168.1.3 in my case in your case it
4367
02:52:15,000 --> 02:52:16,620
will most likely be something different
4368
02:52:16,620 --> 02:52:18,960
so don't specify the same thing right
4369
02:52:18,960 --> 02:52:21,359
here okay so now that specify this press
4370
02:52:21,359 --> 02:52:23,819
enter the SSH username for the Met
4371
02:52:23,819 --> 02:52:27,180
splitable is msf admin now you can
4372
02:52:27,180 --> 02:52:29,040
perform this attack if you want to
4373
02:52:29,040 --> 02:52:31,560
practice after this on a root account on
4374
02:52:31,560 --> 02:52:33,840
metasploitable with a big password list
4375
02:52:33,840 --> 02:52:35,880
that you can download online and see
4376
02:52:35,880 --> 02:52:37,979
whether you can crack the root as Sage
4377
02:52:37,979 --> 02:52:40,439
account on the met exploitable so asset
4378
02:52:40,439 --> 02:52:42,899
username msf admin and passwords file
4379
02:52:42,899 --> 02:52:45,140
will be
4380
02:52:45,140 --> 02:52:48,180
passwords.txt press here enter
4381
02:52:48,180 --> 02:52:50,939
and let's see whether this will work as
4382
02:52:50,939 --> 02:52:53,939
you can see first password is incorrect
4383
02:52:53,939 --> 02:52:56,220
second password incorrect third and
4384
02:52:56,220 --> 02:52:58,800
fourth are also Incorrect and let's see
4385
02:52:58,800 --> 02:53:00,420
what happens once we get to the msf
4386
02:53:00,420 --> 02:53:02,520
admin
4387
02:53:02,520 --> 02:53:05,520
and here it is found password msf admin
4388
02:53:05,520 --> 02:53:07,740
for account msf admin
4389
02:53:07,740 --> 02:53:09,479
then it exited out of the program
4390
02:53:09,479 --> 02:53:11,520
because there is no point in testing out
4391
02:53:11,520 --> 02:53:13,080
other passwords
4392
02:53:13,080 --> 02:53:15,180
so all we need to do in order to fix
4393
02:53:15,180 --> 02:53:16,620
this
4394
02:53:16,620 --> 02:53:18,479
so it can look a little bit prettier is
4395
02:53:18,479 --> 02:53:20,220
we want to
4396
02:53:20,220 --> 02:53:24,300
print right here right after the
4397
02:53:24,300 --> 02:53:26,399
input file we want to print the new line
4398
02:53:26,399 --> 02:53:28,620
character so we can differentiate the
4399
02:53:28,620 --> 02:53:31,140
input parameters that we specify from
4400
02:53:31,140 --> 02:53:33,540
the actual passwords that it tests so
4401
02:53:33,540 --> 02:53:36,060
print backslash n
4402
02:53:36,060 --> 02:53:38,520
and let's run it once again right here
4403
02:53:38,520 --> 02:53:40,880
clear
4404
02:53:40,920 --> 02:53:43,920
182.168.1.3
4405
02:53:43,979 --> 02:53:48,540
msf admin and passwords.txt
4406
02:53:48,540 --> 02:53:51,479
here it is new line character is there
4407
02:53:51,479 --> 02:53:53,460
and it will perform the exact same task
4408
02:53:53,460 --> 02:53:56,040
as it did previously now you might
4409
02:53:56,040 --> 02:53:57,720
notice that this is going a little bit
4410
02:53:57,720 --> 02:54:00,120
slow and that is something that we will
4411
02:54:00,120 --> 02:54:02,580
fix in the next video as we're going to
4412
02:54:02,580 --> 02:54:04,740
see how we can import threading library
4413
02:54:04,740 --> 02:54:07,500
inside of this program to make it Brute
4414
02:54:07,500 --> 02:54:09,779
Force the passwords faster because in
4415
02:54:09,779 --> 02:54:12,000
real life attacks if you for example had
4416
02:54:12,000 --> 02:54:15,060
100 000 passwords this would take a long
4417
02:54:15,060 --> 02:54:17,939
time to actually brute force and you
4418
02:54:17,939 --> 02:54:19,680
don't really want to sit for a week
4419
02:54:19,680 --> 02:54:22,080
waiting for a hundred thousand passwords
4420
02:54:22,080 --> 02:54:24,300
to finish you want to finish it as fast
4421
02:54:24,300 --> 02:54:26,160
as possible so we're going to take a
4422
02:54:26,160 --> 02:54:28,319
look at that in the next tutorial I hope
4423
02:54:28,319 --> 02:54:29,880
you enjoyed this one
4424
02:54:29,880 --> 02:54:32,399
and I will see you in the threading part
4425
02:54:32,399 --> 02:54:35,160
of this section take care bye welcome
4426
02:54:35,160 --> 02:54:36,840
everyone to this lecture where we are
4427
02:54:36,840 --> 02:54:39,180
going to take a look at the code of how
4428
02:54:39,180 --> 02:54:42,060
we can make our SSH brute forcer work
4429
02:54:42,060 --> 02:54:45,359
faster by using thread Library
4430
02:54:45,359 --> 02:54:47,819
all right so here is the code and the
4431
02:54:47,819 --> 02:54:49,380
reason why we are not going to code it
4432
02:54:49,380 --> 02:54:51,779
ourselves is because it is rather
4433
02:54:51,779 --> 02:54:53,819
similar to the first program that we
4434
02:54:53,819 --> 02:54:56,700
coded in the previous few videos there
4435
02:54:56,700 --> 02:54:59,580
are just some minor changes as well as
4436
02:54:59,580 --> 02:55:01,560
adding some libraries that we're going
4437
02:55:01,560 --> 02:55:03,720
to need so let's start off from the
4438
02:55:03,720 --> 02:55:05,880
beginning well first of all there are
4439
02:55:05,880 --> 02:55:07,680
two different libraries that we had to
4440
02:55:07,680 --> 02:55:11,279
import next to these four those two are
4441
02:55:11,279 --> 02:55:14,460
time library and threading Library both
4442
02:55:14,460 --> 02:55:16,140
of these libraries belong to the default
4443
02:55:16,140 --> 02:55:18,840
python libraries so there is no need for
4444
02:55:18,840 --> 02:55:20,760
you to actually install them in your
4445
02:55:20,760 --> 02:55:22,859
virtual environment as they are already
4446
02:55:22,859 --> 02:55:23,939
there
4447
02:55:23,939 --> 02:55:25,800
right after it at the beginning of the
4448
02:55:25,800 --> 02:55:28,500
program we declare a stop flag variable
4449
02:55:28,500 --> 02:55:30,540
and this variable is going to be of use
4450
02:55:30,540 --> 02:55:32,520
to us once we get to the actual
4451
02:55:32,520 --> 02:55:35,340
threading part so for now on WE simply
4452
02:55:35,340 --> 02:55:37,080
just declare a variable and it will be
4453
02:55:37,080 --> 02:55:40,140
an integer value of zero in our sh
4454
02:55:40,140 --> 02:55:42,779
connect function we make a few minor
4455
02:55:42,779 --> 02:55:45,060
changes such as for example we declared
4456
02:55:45,060 --> 02:55:46,800
that we are going to use the global stop
4457
02:55:46,800 --> 02:55:49,500
flag variable inside of this function
4458
02:55:49,500 --> 02:55:51,660
then we perform the same two things that
4459
02:55:51,660 --> 02:55:54,359
we performed in the regular brute forcer
4460
02:55:54,359 --> 02:55:57,359
after it we try to connect and if we
4461
02:55:57,359 --> 02:55:59,460
manage to connect then we set the stop
4462
02:55:59,460 --> 02:56:01,979
flag to be equal to 1.
4463
02:56:01,979 --> 02:56:04,020
then after it we print that the password
4464
02:56:04,020 --> 02:56:06,240
was found and in any other case we'll
4465
02:56:06,240 --> 02:56:08,880
print incorrect login and we will close
4466
02:56:08,880 --> 02:56:11,700
the sh connection now let's get to the
4467
02:56:11,700 --> 02:56:13,500
part where we actually set the stop flag
4468
02:56:13,500 --> 02:56:15,660
variable to be equal to one why do we do
4469
02:56:15,660 --> 02:56:19,560
that well if we go all the way down
4470
02:56:19,560 --> 02:56:21,479
all these things are the same as in the
4471
02:56:21,479 --> 02:56:23,700
previous program right here I just added
4472
02:56:23,700 --> 02:56:25,439
a print statement that says starting
4473
02:56:25,439 --> 02:56:27,840
threaded sh Brute Force
4474
02:56:27,840 --> 02:56:29,880
and Below there we open the file for
4475
02:56:29,880 --> 02:56:31,859
passwords and if we go to the
4476
02:56:31,859 --> 02:56:34,020
passwords.txt file you will notice that
4477
02:56:34,020 --> 02:56:36,000
I added a few more passwords right here
4478
02:56:36,000 --> 02:56:38,040
around 150.
4479
02:56:38,040 --> 02:56:40,260
so we can see how fast it will Brute
4480
02:56:40,260 --> 02:56:42,840
Force the correct password is somewhere
4481
02:56:42,840 --> 02:56:45,240
around here and let's continue with the
4482
02:56:45,240 --> 02:56:48,300
program so we go into the for Loop and
4483
02:56:48,300 --> 02:56:50,700
we read password by password or line by
4484
02:56:50,700 --> 02:56:53,340
line and if stop flag is equal to zero
4485
02:56:53,340 --> 02:56:55,800
then we will join all threads and exit
4486
02:56:55,800 --> 02:56:57,300
the program
4487
02:56:57,300 --> 02:56:59,399
and the threads that we create are
4488
02:56:59,399 --> 02:57:02,399
actually down here okay so let's
4489
02:57:02,399 --> 02:57:04,620
not pay attention to this part of the
4490
02:57:04,620 --> 02:57:06,979
code at the moment so for each password
4491
02:57:06,979 --> 02:57:09,840
we perform the strip function onto that
4492
02:57:09,840 --> 02:57:11,760
password so we can get rid of all the
4493
02:57:11,760 --> 02:57:14,700
unnecessary characters then we create a
4494
02:57:14,700 --> 02:57:16,560
thread object which is going to be
4495
02:57:16,560 --> 02:57:20,100
called T we perform the actual thread
4496
02:57:20,100 --> 02:57:22,380
object and the thread function onto the
4497
02:57:22,380 --> 02:57:24,420
SSH connect function and that is the
4498
02:57:24,420 --> 02:57:26,520
first parameter to this thread function
4499
02:57:26,520 --> 02:57:29,160
so the target is the actual function
4500
02:57:29,160 --> 02:57:30,960
that you're going to perform the thread
4501
02:57:30,960 --> 02:57:33,660
on and the args are the arguments to
4502
02:57:33,660 --> 02:57:35,939
that function so in our case that is
4503
02:57:35,939 --> 02:57:37,800
just one argument which is the password
4504
02:57:37,800 --> 02:57:40,979
parameter and this comma right here has
4505
02:57:40,979 --> 02:57:42,899
to be there even though we don't have a
4506
02:57:42,899 --> 02:57:45,120
second parameter otherwise this will not
4507
02:57:45,120 --> 02:57:47,279
work so we have to add it right here
4508
02:57:47,279 --> 02:57:49,500
right after we create the thread object
4509
02:57:49,500 --> 02:57:51,600
and we call it onto the target of SSH
4510
02:57:51,600 --> 02:57:53,220
connect with the arguments of password
4511
02:57:53,220 --> 02:57:56,399
then we can start that thread and we can
4512
02:57:56,399 --> 02:57:59,580
sleep for 0.5 seconds after every time
4513
02:57:59,580 --> 02:58:01,979
we start a thread all right
4514
02:58:01,979 --> 02:58:03,899
so what this will do is it will start to
4515
02:58:03,899 --> 02:58:05,939
thread each time a new password is being
4516
02:58:05,939 --> 02:58:08,520
read from the file and each password
4517
02:58:08,520 --> 02:58:11,580
will have its own thread and in case the
4518
02:58:11,580 --> 02:58:14,279
stop flag gets switched to 1 well that
4519
02:58:14,279 --> 02:58:15,899
means that some of those threads
4520
02:58:15,899 --> 02:58:17,399
actually manage to find the correct
4521
02:58:17,399 --> 02:58:19,560
password as they manage to connect to
4522
02:58:19,560 --> 02:58:21,960
the Target therefore we set the flag to
4523
02:58:21,960 --> 02:58:24,300
be equal to 1 and once the flag is set
4524
02:58:24,300 --> 02:58:26,460
to 1 that means that we can close the
4525
02:58:26,460 --> 02:58:28,439
program since we found the correct
4526
02:58:28,439 --> 02:58:30,720
password therefore we perform the T dot
4527
02:58:30,720 --> 02:58:32,460
join function which will join all the
4528
02:58:32,460 --> 02:58:34,680
threads that running and then we can
4529
02:58:34,680 --> 02:58:36,479
exit the program
4530
02:58:36,479 --> 02:58:39,300
and that is the entire program that runs
4531
02:58:39,300 --> 02:58:41,939
on threads so let's see whether it is
4532
02:58:41,939 --> 02:58:43,920
faster than the previous one
4533
02:58:43,920 --> 02:58:49,580
first I'm going to go and enlarge this
4534
02:58:50,160 --> 02:58:52,680
then I will navigate to the pycharm and
4535
02:58:52,680 --> 02:58:54,899
then as Sage brute force and first we
4536
02:58:54,899 --> 02:58:56,819
will run the previous program
4537
02:58:56,819 --> 02:58:59,220
so the previous program had no threading
4538
02:58:59,220 --> 02:59:01,439
library and let's see how that one will
4539
02:59:01,439 --> 02:59:04,939
do so the target address is
4540
02:59:04,939 --> 02:59:08,100
192.168.1.3 in my case the SSH username
4541
02:59:08,100 --> 02:59:11,460
is msf admin and the passwords file is
4542
02:59:11,460 --> 02:59:12,660
password
4543
02:59:12,660 --> 02:59:18,080
or passwords.txt press here enter
4544
02:59:18,540 --> 02:59:21,420
it will start running we can see we got
4545
02:59:21,420 --> 02:59:24,840
some incorrect logins
4546
02:59:24,840 --> 02:59:26,939
and you can see each password takes
4547
02:59:26,939 --> 02:59:30,240
around one second to finish therefore
4548
02:59:30,240 --> 02:59:33,120
this is going rather slow so let's just
4549
02:59:33,120 --> 02:59:35,340
Ctrl CD so we don't wait for the correct
4550
02:59:35,340 --> 02:59:37,260
password
4551
02:59:37,260 --> 02:59:40,560
and if we run the second program which
4552
02:59:40,560 --> 02:59:43,920
is our threaded brute forcer
4553
02:59:43,920 --> 02:59:47,720
and type in the same information
4554
02:59:50,760 --> 02:59:53,460
it will start our threaded brute forcer
4555
02:59:53,460 --> 02:59:56,100
and you will see that the passwords go a
4556
02:59:56,100 --> 02:59:58,439
lot faster than before
4557
02:59:58,439 --> 03:00:00,300
as you can see we already managed to
4558
03:00:00,300 --> 03:00:03,300
cover more than 20 passwords and here it
4559
03:00:03,300 --> 03:00:06,060
is here is the correct password and few
4560
03:00:06,060 --> 03:00:08,760
seconds after that it closes the program
4561
03:00:08,760 --> 03:00:11,340
now the reason why it goes for few more
4562
03:00:11,340 --> 03:00:13,080
passwords after finding the correct
4563
03:00:13,080 --> 03:00:14,880
password is because all of these
4564
03:00:14,880 --> 03:00:17,700
passwords were separate threads that for
4565
03:00:17,700 --> 03:00:20,100
ran before this one has finished
4566
03:00:20,100 --> 03:00:22,260
therefore it had to finish these ones
4567
03:00:22,260 --> 03:00:24,720
first and then exit program
4568
03:00:24,720 --> 03:00:26,700
and you can see how many passwords we
4569
03:00:26,700 --> 03:00:29,399
managed to actually cover in just a
4570
03:00:29,399 --> 03:00:31,560
matter of a second or two and it also
4571
03:00:31,560 --> 03:00:34,560
managed to find the correct password
4572
03:00:34,560 --> 03:00:36,600
now the reason why incorrect passwords
4573
03:00:36,600 --> 03:00:38,640
are printed in Red is because I also
4574
03:00:38,640 --> 03:00:40,439
added a print statement
4575
03:00:40,439 --> 03:00:43,920
somewhere around here which says that we
4576
03:00:43,920 --> 03:00:46,260
print the incorrect password in red
4577
03:00:46,260 --> 03:00:48,600
color by using term color.colored
4578
03:00:48,600 --> 03:00:50,819
function which we already covered before
4579
03:00:50,819 --> 03:00:54,060
that's basically it for this sh brute
4580
03:00:54,060 --> 03:00:56,220
forcer I hope you enjoyed this section
4581
03:00:56,220 --> 03:00:58,920
as well as the previous two and this was
4582
03:00:58,920 --> 03:01:01,560
also some type of a recap video to this
4583
03:01:01,560 --> 03:01:03,120
Brute Force so therefore we are not
4584
03:01:03,120 --> 03:01:05,160
going to do a recap video as a next
4585
03:01:05,160 --> 03:01:06,899
lecture we are going to go straight into
4586
03:01:06,899 --> 03:01:09,300
the next project so hope you enjoyed
4587
03:01:09,300 --> 03:01:11,220
this one once again and I will see you
4588
03:01:11,220 --> 03:01:14,460
in the next tutorial bye
4589
03:01:14,460 --> 03:01:17,160
hello everyone and Welcome to our next
4590
03:01:17,160 --> 03:01:18,960
project which is going to be a project
4591
03:01:18,960 --> 03:01:21,899
on our spoofing now this is going to be
4592
03:01:21,899 --> 03:01:24,000
a little bit of harder project than the
4593
03:01:24,000 --> 03:01:26,100
previous View that we did since we're
4594
03:01:26,100 --> 03:01:27,779
going to interact with different packets
4595
03:01:27,779 --> 03:01:30,120
and different internet protocols inside
4596
03:01:30,120 --> 03:01:32,460
of this section we're also going to
4597
03:01:32,460 --> 03:01:34,680
introduce a new library which is a
4598
03:01:34,680 --> 03:01:36,600
massive Library called scapi which
4599
03:01:36,600 --> 03:01:38,580
allows us to modify send and receive
4600
03:01:38,580 --> 03:01:41,540
different packets and responses alright
4601
03:01:41,540 --> 03:01:44,040
now for those of you that are not
4602
03:01:44,040 --> 03:01:46,140
familiar with networking with Arps
4603
03:01:46,140 --> 03:01:48,720
poofing or with our packets in general I
4604
03:01:48,720 --> 03:01:50,160
will make sure to leave some of the
4605
03:01:50,160 --> 03:01:52,560
resources links so you can read more
4606
03:01:52,560 --> 03:01:54,359
about the Arps spoofing and understand
4607
03:01:54,359 --> 03:01:56,399
it a whole lot better
4608
03:01:56,399 --> 03:01:58,260
in this project we're going to create
4609
03:01:58,260 --> 03:02:01,020
two programs first one is going to be
4610
03:02:01,020 --> 03:02:03,540
the Manual Arts proofing so we're going
4611
03:02:03,540 --> 03:02:05,700
to go through the entire process of Arps
4612
03:02:05,700 --> 03:02:07,979
moving line by line we're going to see
4613
03:02:07,979 --> 03:02:10,680
the responses how it happens what we
4614
03:02:10,680 --> 03:02:12,060
need to specify in order for our
4615
03:02:12,060 --> 03:02:14,460
spoofing to happen and then we are going
4616
03:02:14,460 --> 03:02:16,140
to create a second program which is
4617
03:02:16,140 --> 03:02:18,420
going to automate that entire process
4618
03:02:18,420 --> 03:02:20,700
the reason why we are first performing
4619
03:02:20,700 --> 03:02:22,800
the manual a lot of spoofing is so we
4620
03:02:22,800 --> 03:02:24,660
can understand everything a little bit
4621
03:02:24,660 --> 03:02:26,939
better all right
4622
03:02:26,939 --> 03:02:29,640
now let's explain our spoofing briefly
4623
03:02:29,640 --> 03:02:31,439
well let's imagine we have three
4624
03:02:31,439 --> 03:02:33,540
machines on the network the first one is
4625
03:02:33,540 --> 03:02:35,399
router which is routing the connections
4626
03:02:35,399 --> 03:02:38,819
the second two are two different laptops
4627
03:02:38,819 --> 03:02:41,100
one of them is the target laptop and one
4628
03:02:41,100 --> 03:02:43,080
of them is the attacker laptop
4629
03:02:43,080 --> 03:02:45,779
now the attacker machine sends the ARP
4630
03:02:45,779 --> 03:02:47,880
packets which tell the router and tell
4631
03:02:47,880 --> 03:02:50,220
the machine that their connection should
4632
03:02:50,220 --> 03:02:53,160
go over the attacker's machine
4633
03:02:53,160 --> 03:02:55,740
how do they do that well simply the
4634
03:02:55,740 --> 03:02:57,779
attacker sends the router a packet which
4635
03:02:57,779 --> 03:02:59,640
tells the router hey I am the target
4636
03:02:59,640 --> 03:03:01,859
machine you can send the packets to me
4637
03:03:01,859 --> 03:03:04,200
instead of the real Target machine
4638
03:03:04,200 --> 03:03:06,060
then what we do with those packets we
4639
03:03:06,060 --> 03:03:08,160
read them and then we can forward them
4640
03:03:08,160 --> 03:03:10,140
to the actual Target machine so the
4641
03:03:10,140 --> 03:03:11,580
target will have no idea that anything
4642
03:03:11,580 --> 03:03:14,040
is happening since the packets are
4643
03:03:14,040 --> 03:03:16,680
arriving at the destination
4644
03:03:16,680 --> 03:03:18,960
if we do the opposite to the Target so
4645
03:03:18,960 --> 03:03:20,760
we send the arc package to the Target
4646
03:03:20,760 --> 03:03:23,640
which tell the target machine hey I am
4647
03:03:23,640 --> 03:03:25,800
the router please send the packets to me
4648
03:03:25,800 --> 03:03:27,180
and then
4649
03:03:27,180 --> 03:03:28,800
the packets that were supposed to go
4650
03:03:28,800 --> 03:03:30,899
from the target machine to the router go
4651
03:03:30,899 --> 03:03:32,880
first to our machine and then we forward
4652
03:03:32,880 --> 03:03:35,760
them to the router and therefore we are
4653
03:03:35,760 --> 03:03:37,859
the man in the middle there by ours
4654
03:03:37,859 --> 03:03:41,040
proofing the correction all right so
4655
03:03:41,040 --> 03:03:43,380
another thing to keep in mind is that
4656
03:03:43,380 --> 03:03:46,140
this will not work on all networks it
4657
03:03:46,140 --> 03:03:48,120
will only work of some networks where
4658
03:03:48,120 --> 03:03:50,580
our spoofing is still possible there are
4659
03:03:50,580 --> 03:03:52,200
a bunch of different networks in the
4660
03:03:52,200 --> 03:03:54,540
world that have security measures that
4661
03:03:54,540 --> 03:03:56,399
prevent ARB spoofing
4662
03:03:56,399 --> 03:03:59,040
but there is even more of them that do
4663
03:03:59,040 --> 03:04:01,979
not prevent ARP spoofing
4664
03:04:01,979 --> 03:04:03,779
so that's why we are covering this
4665
03:04:03,779 --> 03:04:06,300
project let's start with creating the
4666
03:04:06,300 --> 03:04:09,359
project inside of a pycharm here it is I
4667
03:04:09,359 --> 03:04:11,520
already went on file and the new project
4668
03:04:11,520 --> 03:04:13,220
so I will simply just type right here
4669
03:04:13,220 --> 03:04:16,760
Arps buffer
4670
03:04:16,859 --> 03:04:19,200
click on create we want to create on
4671
03:04:19,200 --> 03:04:21,560
this window
4672
03:04:24,720 --> 03:04:26,580
and we're going to start off by
4673
03:04:26,580 --> 03:04:29,340
importing the libraries that we need
4674
03:04:29,340 --> 03:04:31,979
for the first program which is going to
4675
03:04:31,979 --> 03:04:34,200
be us going line by line and checking
4676
03:04:34,200 --> 03:04:37,620
out how arp's proofing Works we're only
4677
03:04:37,620 --> 03:04:39,240
going to need one library and that is
4678
03:04:39,240 --> 03:04:42,720
going to be this KP Library so first of
4679
03:04:42,720 --> 03:04:44,840
all
4680
03:04:44,939 --> 03:04:47,880
I will go right here and click on new
4681
03:04:47,880 --> 03:04:50,399
python file and we will call this first
4682
03:04:50,399 --> 03:04:53,640
program malicious ARP packet and we can
4683
03:04:53,640 --> 03:04:56,939
shorten that by simply typing Mal art
4684
03:04:56,939 --> 03:05:00,660
dot py simple as that and all we need to
4685
03:05:00,660 --> 03:05:04,200
do is type fromskp.all
4686
03:05:04,200 --> 03:05:05,819
import
4687
03:05:05,819 --> 03:05:08,399
and Then star sign and the Star Sign
4688
03:05:08,399 --> 03:05:10,500
simply implicates that we are importing
4689
03:05:10,500 --> 03:05:12,960
everything from kp.all but you can
4690
03:05:12,960 --> 03:05:14,880
notice that the Escape is actually red
4691
03:05:14,880 --> 03:05:17,100
underlying therefore we need to install
4692
03:05:17,100 --> 03:05:20,580
it first so let's open up our terminal
4693
03:05:20,580 --> 03:05:27,120
53 oops pip 3 installed escapee
4694
03:05:27,779 --> 03:05:30,180
it will collect the library and in no
4695
03:05:30,180 --> 03:05:32,160
time we should have it up and running
4696
03:05:32,160 --> 03:05:35,700
here it is if we go right here in just a
4697
03:05:35,700 --> 03:05:39,720
few seconds this red line will go away
4698
03:05:39,720 --> 03:05:42,899
all right so let's experiment with skp a
4699
03:05:42,899 --> 03:05:44,279
little bit
4700
03:05:44,279 --> 03:05:47,520
so if I go and open up my terminal right
4701
03:05:47,520 --> 03:05:48,540
here
4702
03:05:48,540 --> 03:05:50,399
and before we actually code anything
4703
03:05:50,399 --> 03:05:52,920
inside of pycharm Let Us open up our
4704
03:05:52,920 --> 03:05:54,359
terminal
4705
03:05:54,359 --> 03:05:57,540
zoom in our terminal
4706
03:05:57,540 --> 03:06:00,600
and run scapey now you will notice that
4707
03:06:00,600 --> 03:06:02,640
you can simply just run scapey instead
4708
03:06:02,640 --> 03:06:04,979
of python in your terminal and it will
4709
03:06:04,979 --> 03:06:08,460
open a platform or a framework that
4710
03:06:08,460 --> 03:06:12,120
allows you to only execute commands
4711
03:06:12,120 --> 03:06:14,520
all right so here it is I will enlarge
4712
03:06:14,520 --> 03:06:17,340
this so we can see everything better in
4713
03:06:17,340 --> 03:06:18,960
case you don't have scaping installed
4714
03:06:18,960 --> 03:06:21,300
simply you can install it by using pip3
4715
03:06:21,300 --> 03:06:24,000
as we showed in pie chart
4716
03:06:24,000 --> 03:06:26,700
now what Skippy allows us to do is it
4717
03:06:26,700 --> 03:06:28,920
allows us to create different types of
4718
03:06:28,920 --> 03:06:32,279
packets for example we have TCP packets
4719
03:06:32,279 --> 03:06:34,680
UDP packets we can also create icmp
4720
03:06:34,680 --> 03:06:37,260
packets and in our case in this section
4721
03:06:37,260 --> 03:06:39,840
we are going to use our packets
4722
03:06:39,840 --> 03:06:42,359
so if I simply just type LS
4723
03:06:42,359 --> 03:06:45,300
and in brackets I specify arp
4724
03:06:45,300 --> 03:06:47,100
you will notice that first of all this
4725
03:06:47,100 --> 03:06:49,500
LS is the same as the ls command inside
4726
03:06:49,500 --> 03:06:51,840
of a terminal it will simply just list
4727
03:06:51,840 --> 03:06:54,180
all of the different fields that the r
4728
03:06:54,180 --> 03:06:55,920
packet has
4729
03:06:55,920 --> 03:06:57,899
so we have all of those fields that we
4730
03:06:57,899 --> 03:07:00,180
need to specify inside of an ARP packet
4731
03:07:00,180 --> 03:07:02,580
before we actually try to send it
4732
03:07:02,580 --> 03:07:04,399
we have pdst
4733
03:07:04,399 --> 03:07:09,899
hwdst B source and HW source and op and
4734
03:07:09,899 --> 03:07:11,939
these five fields are the most important
4735
03:07:11,939 --> 03:07:15,420
to us for this section this P DSD is
4736
03:07:15,420 --> 03:07:17,460
actually the destination to which we are
4737
03:07:17,460 --> 03:07:20,580
sending the packet the hwdst destination
4738
03:07:20,580 --> 03:07:22,740
Mac address which we are sending the
4739
03:07:22,740 --> 03:07:25,200
packet the P source is our own IP
4740
03:07:25,200 --> 03:07:28,319
address and the HW source is our own Mac
4741
03:07:28,319 --> 03:07:29,220
address
4742
03:07:29,220 --> 03:07:33,240
the op field is simply set to either one
4743
03:07:33,240 --> 03:07:34,800
or two
4744
03:07:34,800 --> 03:07:36,779
and the reason for that is because there
4745
03:07:36,779 --> 03:07:39,540
are two types of our packets if op is
4746
03:07:39,540 --> 03:07:41,279
set to one that means we are sending the
4747
03:07:41,279 --> 03:07:45,180
ARP request and if op is set to 2 that
4748
03:07:45,180 --> 03:07:47,880
means we are sending the ARP response
4749
03:07:47,880 --> 03:07:50,580
and the request is simply us asking for
4750
03:07:50,580 --> 03:07:53,580
example at which Mac address and IP
4751
03:07:53,580 --> 03:07:55,979
address is the router and the response
4752
03:07:55,979 --> 03:07:57,960
would be if someone asks for our own Mac
4753
03:07:57,960 --> 03:07:59,520
address over the broadcast we would
4754
03:07:59,520 --> 03:08:02,819
simply reply K that IP address is at
4755
03:08:02,819 --> 03:08:05,100
this Mac address and that is the ARP
4756
03:08:05,100 --> 03:08:06,899
response all right
4757
03:08:06,899 --> 03:08:09,000
but even though if you don't understand
4758
03:08:09,000 --> 03:08:10,560
you will understand it too the process
4759
03:08:10,560 --> 03:08:13,080
of coding now in order to create a
4760
03:08:13,080 --> 03:08:15,120
packet inside of scapey we can define
4761
03:08:15,120 --> 03:08:18,479
something like packet equals and then
4762
03:08:18,479 --> 03:08:21,120
ARP specifying which packet we want and
4763
03:08:21,120 --> 03:08:23,340
inside of the brackets we specify all of
4764
03:08:23,340 --> 03:08:25,200
these options that we need
4765
03:08:25,200 --> 03:08:27,600
for example I can simply specify P
4766
03:08:27,600 --> 03:08:30,720
destination equals and then let's say
4767
03:08:30,720 --> 03:08:34,740
the IP address of my router
4768
03:08:34,740 --> 03:08:37,979
and if I just type packet.show
4769
03:08:37,979 --> 03:08:40,620
you will see all of the fields for my
4770
03:08:40,620 --> 03:08:43,020
packet most of them will be set
4771
03:08:43,020 --> 03:08:44,340
automatically
4772
03:08:44,340 --> 03:08:47,040
you will notice that the HW source and P
4773
03:08:47,040 --> 03:08:49,260
Source are set automatically and this is
4774
03:08:49,260 --> 03:08:51,420
the MAC address of our Cal Linux machine
4775
03:08:51,420 --> 03:08:53,700
and the IP address of our Cal Linux
4776
03:08:53,700 --> 03:08:55,560
machine
4777
03:08:55,560 --> 03:08:58,140
the op is set to who has which means
4778
03:08:58,140 --> 03:09:00,660
this is a request if we try to change it
4779
03:09:00,660 --> 03:09:02,700
for example packets
4780
03:09:02,700 --> 03:09:05,640
dot op equals to
4781
03:09:05,640 --> 03:09:08,880
and then we type once again packet.show
4782
03:09:08,880 --> 03:09:10,500
we got
4783
03:09:10,500 --> 03:09:14,040
changed op value which is now is at so
4784
03:09:14,040 --> 03:09:16,920
this means we are sending a response all
4785
03:09:16,920 --> 03:09:20,580
right the packet type is is ipv4 and you
4786
03:09:20,580 --> 03:09:23,760
can see the HW type is 0x1
4787
03:09:23,760 --> 03:09:26,640
and all these values are set except the
4788
03:09:26,640 --> 03:09:28,979
hardware destination or the MAC address
4789
03:09:28,979 --> 03:09:31,200
of the actual Target that we want to get
4790
03:09:31,200 --> 03:09:33,240
the MAC address from
4791
03:09:33,240 --> 03:09:35,220
alright so this is just small intro to
4792
03:09:35,220 --> 03:09:37,200
the art packets and in the next video
4793
03:09:37,200 --> 03:09:39,300
we're going to implement this in our
4794
03:09:39,300 --> 03:09:42,840
pycharm and send our first malicious Arc
4795
03:09:42,840 --> 03:09:45,180
packet thank you for watching and take
4796
03:09:45,180 --> 03:09:46,800
care bye
4797
03:09:46,800 --> 03:09:48,300
welcome back
4798
03:09:48,300 --> 03:09:51,180
let's see how arp's pooping really works
4799
03:09:51,180 --> 03:09:53,100
alright so
4800
03:09:53,100 --> 03:09:55,620
now that we Import in our library the
4801
03:09:55,620 --> 03:09:57,540
first thing and the first step in order
4802
03:09:57,540 --> 03:09:59,640
to actually perform the Arts proofing is
4803
03:09:59,640 --> 03:10:02,760
to create the malicious packet
4804
03:10:02,760 --> 03:10:04,500
so how can we do that
4805
03:10:04,500 --> 03:10:06,420
well first of all we need to figure out
4806
03:10:06,420 --> 03:10:09,359
which machines are we trying to attack
4807
03:10:09,359 --> 03:10:12,420
in this case I will try to attack my
4808
03:10:12,420 --> 03:10:15,300
Windows 10 main PC so this environment
4809
03:10:15,300 --> 03:10:16,560
right here
4810
03:10:16,560 --> 03:10:19,020
now you can also try to attack Windows
4811
03:10:19,020 --> 03:10:20,939
machine but it can also be a Linux
4812
03:10:20,939 --> 03:10:22,680
machine if you'd like
4813
03:10:22,680 --> 03:10:24,899
all right so the first thing that we
4814
03:10:24,899 --> 03:10:27,660
need to do is to pretend that we do not
4815
03:10:27,660 --> 03:10:30,000
know how to communicate with our Target
4816
03:10:30,000 --> 03:10:32,640
machine therefore we need to find out
4817
03:10:32,640 --> 03:10:35,460
its Mac address first how can we do that
4818
03:10:35,460 --> 03:10:37,979
well we can simply just send an ARP
4819
03:10:37,979 --> 03:10:40,500
request through the broadcast Mac
4820
03:10:40,500 --> 03:10:42,300
address which means that every machine
4821
03:10:42,300 --> 03:10:44,399
on this local area network will receive
4822
03:10:44,399 --> 03:10:47,160
the request and possibly send a reply
4823
03:10:47,160 --> 03:10:49,500
so how can we do that well first of all
4824
03:10:49,500 --> 03:10:52,560
we need to create a packet
4825
03:10:52,560 --> 03:10:54,240
which is going to cover the broadcast
4826
03:10:54,240 --> 03:10:56,220
Mac address
4827
03:10:56,220 --> 03:10:58,380
we can set the broadcast Mac address
4828
03:10:58,380 --> 03:11:00,840
inside of the adder layer of the packet
4829
03:11:00,840 --> 03:11:03,060
so we will simply just create the editor
4830
03:11:03,060 --> 03:11:06,720
packet with the destination of
4831
03:11:06,720 --> 03:11:09,359
the broadcast Mac address which we all
4832
03:11:09,359 --> 03:11:13,740
know to be FF ffff and this now we
4833
03:11:13,740 --> 03:11:16,920
specify six times all right now if we go
4834
03:11:16,920 --> 03:11:18,960
to the escapee right here from our
4835
03:11:18,960 --> 03:11:21,899
terminal and we type LS on the adder
4836
03:11:21,899 --> 03:11:24,000
packet we can see it only has three
4837
03:11:24,000 --> 03:11:26,819
fields which is the type the source and
4838
03:11:26,819 --> 03:11:28,859
the destination
4839
03:11:28,859 --> 03:11:31,140
if I create a packet which is going to
4840
03:11:31,140 --> 03:11:33,779
be equal to enter with the destination
4841
03:11:33,779 --> 03:11:35,640
that we just specified of the broadcast
4842
03:11:35,640 --> 03:11:38,540
Mac address
4843
03:11:38,880 --> 03:11:41,640
and print packet.show
4844
03:11:41,640 --> 03:11:43,380
you will see that the source will
4845
03:11:43,380 --> 03:11:45,540
automatically be set to the MAC address
4846
03:11:45,540 --> 03:11:48,000
of my Kali Linux machine
4847
03:11:48,000 --> 03:11:50,760
and the type will be set as well as we
4848
03:11:50,760 --> 03:11:52,859
can see right here the destination is
4849
03:11:52,859 --> 03:11:55,560
set to the broadcast Mac address
4850
03:11:55,560 --> 03:11:57,720
but if we want to we can actually add
4851
03:11:57,720 --> 03:12:00,600
the r player to this Adder layer in
4852
03:12:00,600 --> 03:12:02,520
order to create a full packet and that
4853
03:12:02,520 --> 03:12:04,800
is what we're going to do
4854
03:12:04,800 --> 03:12:07,020
so what I'm going to do
4855
03:12:07,020 --> 03:12:09,240
is before even coding it in the pie
4856
03:12:09,240 --> 03:12:11,100
charm I'm going to restart scapey right
4857
03:12:11,100 --> 03:12:13,439
here and demonstrate the creation of
4858
03:12:13,439 --> 03:12:15,840
packet first because we have a visuals
4859
03:12:15,840 --> 03:12:17,520
right here therefore we can understand
4860
03:12:17,520 --> 03:12:19,740
it a whole lot better let's create a
4861
03:12:19,740 --> 03:12:21,899
broadcast packet that we already typed
4862
03:12:21,899 --> 03:12:24,740
in the pi term
4863
03:12:24,960 --> 03:12:27,420
that will have the other layer with the
4864
03:12:27,420 --> 03:12:30,300
destination to be equal to the broadcast
4865
03:12:30,300 --> 03:12:32,640
since we are sending out a request to
4866
03:12:32,640 --> 03:12:35,279
everyone and hopefully getting a reply
4867
03:12:35,279 --> 03:12:37,740
from someone who knows where our Windows
4868
03:12:37,740 --> 03:12:40,560
10 machine is located all right
4869
03:12:40,560 --> 03:12:43,319
now after we do that we need to also add
4870
03:12:43,319 --> 03:12:46,020
the r player so let's just create our
4871
03:12:46,020 --> 03:12:48,479
player right here
4872
03:12:48,479 --> 03:12:51,000
to be equal to the arp
4873
03:12:51,000 --> 03:12:53,399
and here all we need to do is specify
4874
03:12:53,399 --> 03:12:56,220
the IP address of our Target machine so
4875
03:12:56,220 --> 03:12:58,140
I'm going to check the IP address of my
4876
03:12:58,140 --> 03:13:00,300
Windows 10 machine right here
4877
03:13:00,300 --> 03:13:02,580
by opening up the command prompt and
4878
03:13:02,580 --> 03:13:05,040
typing ipconfig
4879
03:13:05,040 --> 03:13:07,200
press your enter and we can see that the
4880
03:13:07,200 --> 03:13:09,840
IP address of my Windows 10 machine is
4881
03:13:09,840 --> 03:13:12,840
192.168.1.2
4882
03:13:12,840 --> 03:13:14,580
so that is what we need to specify
4883
03:13:14,580 --> 03:13:17,640
inside of our R player we are interested
4884
03:13:17,640 --> 03:13:19,620
at the destination so we will specify
4885
03:13:19,620 --> 03:13:21,660
pdst
4886
03:13:21,660 --> 03:13:25,140
to be equal to the IP address of Windows
4887
03:13:25,140 --> 03:13:27,899
10 machine all right so we got that
4888
03:13:27,899 --> 03:13:29,279
ready
4889
03:13:29,279 --> 03:13:32,700
let me enlarge this a little bit more
4890
03:13:32,700 --> 03:13:36,359
and now if I simply just type R player
4891
03:13:36,359 --> 03:13:38,279
dot show
4892
03:13:38,279 --> 03:13:40,620
will have all of the fields filled
4893
03:13:40,620 --> 03:13:42,960
automatically by default
4894
03:13:42,960 --> 03:13:45,420
our IP address is there and our Mac
4895
03:13:45,420 --> 03:13:48,420
address is there as well the op is also
4896
03:13:48,420 --> 03:13:50,880
said to be an ARP request now in order
4897
03:13:50,880 --> 03:13:52,500
to actually combine these two packets
4898
03:13:52,500 --> 03:13:54,840
all we need to do is create another
4899
03:13:54,840 --> 03:13:56,819
variable which will be called entire
4900
03:13:56,819 --> 03:13:59,540
packet
4901
03:14:00,720 --> 03:14:03,180
and this entire packet will be equal to
4902
03:14:03,180 --> 03:14:04,859
broadcast
4903
03:14:04,859 --> 03:14:08,640
slash ARP layer
4904
03:14:08,640 --> 03:14:10,800
and that is how we can combine these two
4905
03:14:10,800 --> 03:14:11,700
packets
4906
03:14:11,700 --> 03:14:13,620
let me just show you right here so you
4907
03:14:13,620 --> 03:14:15,180
can understand it better if I type
4908
03:14:15,180 --> 03:14:18,359
entire packet dot show
4909
03:14:18,359 --> 03:14:20,640
you will see right now we have two
4910
03:14:20,640 --> 03:14:23,580
layers to our entire packet
4911
03:14:23,580 --> 03:14:25,920
the ethernet layer which we set the
4912
03:14:25,920 --> 03:14:27,600
destination to be the broadcast Mac
4913
03:14:27,600 --> 03:14:30,540
address and the r player which we set
4914
03:14:30,540 --> 03:14:33,300
the IP destination to be the IP address
4915
03:14:33,300 --> 03:14:36,180
of our Windows 10 machine
4916
03:14:36,180 --> 03:14:39,060
now we can send out this packet alright
4917
03:14:39,060 --> 03:14:42,120
so how can we do that
4918
03:14:42,120 --> 03:14:44,819
well we can use a function which is
4919
03:14:44,819 --> 03:14:47,100
called SRP
4920
03:14:47,100 --> 03:14:49,200
and this function allows us to send the
4921
03:14:49,200 --> 03:14:51,899
entire packet we can also specify the
4922
03:14:51,899 --> 03:14:54,540
timeout to be equal to 2 seconds and we
4923
03:14:54,540 --> 03:14:56,819
want to set the verbose to be equal to
4924
03:14:56,819 --> 03:14:58,620
true
4925
03:14:58,620 --> 03:14:59,899
now
4926
03:14:59,899 --> 03:15:03,240
this actual function will retrieve two
4927
03:15:03,240 --> 03:15:06,180
lists the first list will be the
4928
03:15:06,180 --> 03:15:08,279
answered responses and the second list
4929
03:15:08,279 --> 03:15:11,760
would be the unanswered machines all
4930
03:15:11,760 --> 03:15:14,340
right so in order to actually print that
4931
03:15:14,340 --> 03:15:16,200
list afterwards we first of all need to
4932
03:15:16,200 --> 03:15:18,120
store it and let's call the variable
4933
03:15:18,120 --> 03:15:21,120
answer and since I just mentioned that
4934
03:15:21,120 --> 03:15:23,040
it retrieves two lists we want to pick
4935
03:15:23,040 --> 03:15:26,640
the first list by specifying this 0
4936
03:15:26,640 --> 03:15:29,279
inside of square brackets since the
4937
03:15:29,279 --> 03:15:32,340
first list are answered responses if I
4938
03:15:32,340 --> 03:15:34,319
press here enter
4939
03:15:34,319 --> 03:15:36,720
it will tell us that it received one
4940
03:15:36,720 --> 03:15:39,120
package got one answers and remaining
4941
03:15:39,120 --> 03:15:40,740
zero packets so everything worked
4942
03:15:40,740 --> 03:15:45,620
properly if I type here print answer
4943
03:15:46,680 --> 03:15:48,779
it will tell you the results which means
4944
03:15:48,779 --> 03:15:51,120
that we got other response it was not a
4945
03:15:51,120 --> 03:15:54,060
TCP answer or UDP or icmp it was under
4946
03:15:54,060 --> 03:15:56,399
the other and by other it means we got
4947
03:15:56,399 --> 03:15:59,100
the ARP response which is good now in
4948
03:15:59,100 --> 03:16:00,960
order to print this response we can
4949
03:16:00,960 --> 03:16:04,260
simply just type print answer
4950
03:16:04,260 --> 03:16:07,439
and select the first element
4951
03:16:07,439 --> 03:16:10,200
and you will see our packet right here
4952
03:16:10,200 --> 03:16:13,140
now if we take a look at this packet we
4953
03:16:13,140 --> 03:16:15,899
will see that this is our own packet
4954
03:16:15,899 --> 03:16:17,819
that we sent since we have the ethernet
4955
03:16:17,819 --> 03:16:19,880
set for the destination to the broadcast
4956
03:16:19,880 --> 03:16:23,340
and the r player set to have the IP
4957
03:16:23,340 --> 03:16:26,160
destination to the Windows 10 machine
4958
03:16:26,160 --> 03:16:28,740
and this right here
4959
03:16:28,740 --> 03:16:31,859
would be the response that we got as we
4960
03:16:31,859 --> 03:16:34,200
can see the destination Mac address is
4961
03:16:34,200 --> 03:16:36,660
the MAC address of our own Kali Linux
4962
03:16:36,660 --> 03:16:37,740
machine
4963
03:16:37,740 --> 03:16:40,800
the source is the MAC address from our
4964
03:16:40,800 --> 03:16:43,439
Windows 10 machine since our Windows 10
4965
03:16:43,439 --> 03:16:45,300
machine sent this packet back to us
4966
03:16:45,300 --> 03:16:48,720
telling us that this is its own Mac
4967
03:16:48,720 --> 03:16:49,859
address
4968
03:16:49,859 --> 03:16:52,560
we can also see it right here where the
4969
03:16:52,560 --> 03:16:55,080
HW source is the MAC address of Windows
4970
03:16:55,080 --> 03:16:58,620
10 machine the P source is the source IP
4971
03:16:58,620 --> 03:17:00,660
address of Windows 10 machine and this
4972
03:17:00,660 --> 03:17:03,120
is where the Windows 10 machine sent the
4973
03:17:03,120 --> 03:17:05,819
packet to which is our Cal Linux machine
4974
03:17:05,819 --> 03:17:08,640
therefore we received it now what we
4975
03:17:08,640 --> 03:17:11,040
want to get out of this entire packet is
4976
03:17:11,040 --> 03:17:14,279
this Mac address right here
4977
03:17:14,279 --> 03:17:17,160
so how we can do that well we can simply
4978
03:17:17,160 --> 03:17:19,920
just print let's print something like
4979
03:17:19,920 --> 03:17:21,359
this answer
4980
03:17:21,359 --> 03:17:23,760
and since this has bunch of elements we
4981
03:17:23,760 --> 03:17:27,060
will select the first one which is this
4982
03:17:27,060 --> 03:17:30,240
and then we can select
4983
03:17:30,240 --> 03:17:32,640
the second element
4984
03:17:32,640 --> 03:17:37,760
under the number one if we print it
4985
03:17:38,359 --> 03:17:41,279
Python 3 makes no sense
4986
03:17:41,279 --> 03:17:46,819
wait if I just type print dot show
4987
03:17:46,819 --> 03:17:50,640
here it is bound method we only get the
4988
03:17:50,640 --> 03:17:53,220
response now as we can see right here we
4989
03:17:53,220 --> 03:17:55,920
no longer get this part and all we want
4990
03:17:55,920 --> 03:17:58,859
to select from this response is the HW
4991
03:17:58,859 --> 03:18:01,439
source which is this right here since
4992
03:18:01,439 --> 03:18:03,779
this is the MAC address of the Windows
4993
03:18:03,779 --> 03:18:06,840
10 machine so let's select it if we type
4994
03:18:06,840 --> 03:18:10,500
here Target Mac address
4995
03:18:10,500 --> 03:18:13,680
we can set it to be equal to
4996
03:18:13,680 --> 03:18:15,540
answer
4997
03:18:15,540 --> 03:18:19,140
first element which is the packet that
4998
03:18:19,140 --> 03:18:21,000
we sent and the packet that we received
4999
03:18:21,000 --> 03:18:23,340
but since we only want the packet that
5000
03:18:23,340 --> 03:18:25,160
we received we set the second element
5001
03:18:25,160 --> 03:18:28,200
and that is this part right here and
5002
03:18:28,200 --> 03:18:30,540
from the second element we want to get
5003
03:18:30,540 --> 03:18:34,680
the HW source which is the MAC address
5004
03:18:34,680 --> 03:18:36,720
of the Windows 10 machine
5005
03:18:36,720 --> 03:18:38,700
if I press here enter
5006
03:18:38,700 --> 03:18:42,800
and we print the target Mac address
5007
03:18:45,300 --> 03:18:47,819
we get just the MAC address of Windows
5008
03:18:47,819 --> 03:18:50,279
10 machine alright great how cool is
5009
03:18:50,279 --> 03:18:52,200
that we successfully retrieved the MAC
5010
03:18:52,200 --> 03:18:54,600
address of Windows 10 Machine by sending
5011
03:18:54,600 --> 03:18:56,819
the art packet and getting the ARP
5012
03:18:56,819 --> 03:18:59,340
response back to us
5013
03:18:59,340 --> 03:19:01,800
now it is time to get to the hacking
5014
03:19:01,800 --> 03:19:04,620
stuff this was all just small networking
5015
03:19:04,620 --> 03:19:07,319
right now we want to create a malformed
5016
03:19:07,319 --> 03:19:09,600
or unalicious art packet and send it
5017
03:19:09,600 --> 03:19:11,160
once again
5018
03:19:11,160 --> 03:19:12,960
how can we do that
5019
03:19:12,960 --> 03:19:15,060
well first we need to craft the packet
5020
03:19:15,060 --> 03:19:18,000
all right so we already know how to do
5021
03:19:18,000 --> 03:19:19,740
that let's create a variable called
5022
03:19:19,740 --> 03:19:23,279
packet and this packet variable will be
5023
03:19:23,279 --> 03:19:26,300
equal to the art packet
5024
03:19:26,300 --> 03:19:28,680
first since this is a malicious packet
5025
03:19:28,680 --> 03:19:30,660
let's see what we want this packet to do
5026
03:19:30,660 --> 03:19:32,939
well we want this packet to tell the
5027
03:19:32,939 --> 03:19:35,340
Windows 10 machine that our Kali Linux
5028
03:19:35,340 --> 03:19:38,340
machine is a router so it sends all of
5029
03:19:38,340 --> 03:19:40,800
its packets to us first of all we need
5030
03:19:40,800 --> 03:19:43,560
to set the op value to be equal to 2
5031
03:19:43,560 --> 03:19:46,620
since we want our packet to be the art
5032
03:19:46,620 --> 03:19:49,319
response we are telling the Windows 10
5033
03:19:49,319 --> 03:19:51,000
machine that we are the router we are
5034
03:19:51,000 --> 03:19:52,859
not requesting anything therefore we
5035
03:19:52,859 --> 03:19:55,920
will set the op to be equal to 2.
5036
03:19:55,920 --> 03:19:57,960
the next thing we want to set is the
5037
03:19:57,960 --> 03:19:59,880
hardware destination or the MAC address
5038
03:19:59,880 --> 03:20:02,399
of our Windows 10 machine and this is
5039
03:20:02,399 --> 03:20:04,979
why we needed Mac address that we
5040
03:20:04,979 --> 03:20:07,439
received from this packet right here we
5041
03:20:07,439 --> 03:20:08,880
got it in the Target Mac address
5042
03:20:08,880 --> 03:20:11,220
variable so you can either specify the
5043
03:20:11,220 --> 03:20:13,620
MAC address itself or you can specify
5044
03:20:13,620 --> 03:20:15,960
Target Mac address
5045
03:20:15,960 --> 03:20:17,399
all right
5046
03:20:17,399 --> 03:20:19,080
the next thing that we need to specify
5047
03:20:19,080 --> 03:20:21,240
is the P destination
5048
03:20:21,240 --> 03:20:23,220
which is the IP address to our Target
5049
03:20:23,220 --> 03:20:28,140
machine in my case that is 192.168.1.2
5050
03:20:29,640 --> 03:20:31,200
and the last thing that we need to
5051
03:20:31,200 --> 03:20:33,479
specify is the P source
5052
03:20:33,479 --> 03:20:37,260
if I specify psrc equals here we
5053
03:20:37,260 --> 03:20:39,240
specified the machine that we want to
5054
03:20:39,240 --> 03:20:42,000
impersonate in our case we want to be
5055
03:20:42,000 --> 03:20:44,100
the router therefore I will specify my
5056
03:20:44,100 --> 03:20:46,700
router's IP address which is
5057
03:20:46,700 --> 03:20:49,319
192.168.1.1 in case you don't know what
5058
03:20:49,319 --> 03:20:51,359
your router's IP address is you can
5059
03:20:51,359 --> 03:20:53,399
simply just go open up your terminal and
5060
03:20:53,399 --> 03:20:56,939
type in netstat dash NR
5061
03:20:56,939 --> 03:21:00,000
under the Gateway you will see your
5062
03:21:00,000 --> 03:21:02,760
router's IP address all right so let's
5063
03:21:02,760 --> 03:21:04,740
close this
5064
03:21:04,740 --> 03:21:07,620
now that we have everything ready once
5065
03:21:07,620 --> 03:21:09,439
again we are sending the op equals to
5066
03:21:09,439 --> 03:21:11,700
because we are saying that we are
5067
03:21:11,700 --> 03:21:14,340
Gateway so this is a response let's
5068
03:21:14,340 --> 03:21:17,279
press here enter if I just type packet
5069
03:21:17,279 --> 03:21:19,560
dot show
5070
03:21:19,560 --> 03:21:23,460
here is the contents of our packet we
5071
03:21:23,460 --> 03:21:25,920
got everything ready to go
5072
03:21:25,920 --> 03:21:27,899
but before we actually send out this
5073
03:21:27,899 --> 03:21:30,540
packet let's see what are the ARP tables
5074
03:21:30,540 --> 03:21:32,580
on our Windows 10 machine so how can we
5075
03:21:32,580 --> 03:21:34,979
do that well open up your command prompt
5076
03:21:34,979 --> 03:21:38,160
once again I will clear the screen and
5077
03:21:38,160 --> 03:21:41,040
if you type ARP Dash a
5078
03:21:41,040 --> 03:21:43,500
you will see the ARP table on our
5079
03:21:43,500 --> 03:21:45,840
Windows 10 machine we can see that the
5080
03:21:45,840 --> 03:21:47,939
router's IP address is at this Mac
5081
03:21:47,939 --> 03:21:49,319
address right here
5082
03:21:49,319 --> 03:21:52,380
the Kali Linux IP address is at this Mac
5083
03:21:52,380 --> 03:21:54,660
address right here
5084
03:21:54,660 --> 03:21:56,279
you will notice once we send the
5085
03:21:56,279 --> 03:21:58,920
malicious packet that these two IP
5086
03:21:58,920 --> 03:22:01,080
addresses which is the router's IP
5087
03:22:01,080 --> 03:22:03,300
address and the Cal Linux IP address
5088
03:22:03,300 --> 03:22:06,779
will have the same Mac addresses that
5089
03:22:06,779 --> 03:22:08,700
means that we successfully spoofed the
5090
03:22:08,700 --> 03:22:11,760
Windows 10 machine into thinking
5091
03:22:11,760 --> 03:22:15,000
that we are the router and then it will
5092
03:22:15,000 --> 03:22:16,740
send all of its packets to our Mac
5093
03:22:16,740 --> 03:22:18,840
address instead of the router's MAC
5094
03:22:18,840 --> 03:22:19,620
address
5095
03:22:19,620 --> 03:22:21,899
so let's see if this will work
5096
03:22:21,899 --> 03:22:23,640
in order to send this packet we will
5097
03:22:23,640 --> 03:22:25,979
simply just use the send function we
5098
03:22:25,979 --> 03:22:28,979
will specify packet and then
5099
03:22:28,979 --> 03:22:31,680
verbose equals false since we don't need
5100
03:22:31,680 --> 03:22:34,439
to see anything we send the packet and
5101
03:22:34,439 --> 03:22:36,479
let's go to our Command Prompt and run
5102
03:22:36,479 --> 03:22:39,680
the same command once again
5103
03:22:39,720 --> 03:22:42,420
and here it is we successfully spoofed
5104
03:22:42,420 --> 03:22:44,700
the Windows 10 machine
5105
03:22:44,700 --> 03:22:47,240
now we got the
5106
03:22:47,240 --> 03:22:50,660
192.168.1.1 which is our router and
5107
03:22:50,660 --> 03:22:52,680
192.168.1.4 which is scale Linux machine
5108
03:22:52,680 --> 03:22:57,260
to have the same Mac address
5109
03:22:57,960 --> 03:23:00,420
how cool is that we successfully spoofed
5110
03:23:00,420 --> 03:23:01,979
the Windows 10 machine
5111
03:23:01,979 --> 03:23:03,960
and this is what's called the ARP
5112
03:23:03,960 --> 03:23:05,220
spoofing
5113
03:23:05,220 --> 03:23:07,800
now if you don't run this packet in a
5114
03:23:07,800 --> 03:23:10,200
while loop this will most likely get
5115
03:23:10,200 --> 03:23:12,479
reset after a few seconds or minutes so
5116
03:23:12,479 --> 03:23:15,000
let's see if we still have it yeah it
5117
03:23:15,000 --> 03:23:16,859
already got reset back as you can see
5118
03:23:16,859 --> 03:23:19,560
the router is already set back to its
5119
03:23:19,560 --> 03:23:22,140
own real Mac address but if we send this
5120
03:23:22,140 --> 03:23:23,520
once again
5121
03:23:23,520 --> 03:23:26,939
and type the ARP Dashay once again
5122
03:23:26,939 --> 03:23:30,239
we spoke the router one more time
5123
03:23:30,239 --> 03:23:32,220
Okay so
5124
03:23:32,220 --> 03:23:34,200
we're going to see in the next video how
5125
03:23:34,200 --> 03:23:36,479
we can do this in a while loop and how
5126
03:23:36,479 --> 03:23:38,040
we can create a program that will
5127
03:23:38,040 --> 03:23:40,140
automate this entire process
5128
03:23:40,140 --> 03:23:42,060
so thank you for watching and I will see
5129
03:23:42,060 --> 03:23:44,939
you in the next tutorial bye
5130
03:23:44,939 --> 03:23:47,700
welcome back we are ready for our final
5131
03:23:47,700 --> 03:23:50,520
project of this section let's create the
5132
03:23:50,520 --> 03:23:52,800
ARP spoofer which will automate the
5133
03:23:52,800 --> 03:23:55,020
entire process and run it in a while
5134
03:23:55,020 --> 03:23:56,580
loop
5135
03:23:56,580 --> 03:23:58,140
since we already did this in the
5136
03:23:58,140 --> 03:24:00,540
previous video in using KP in our
5137
03:24:00,540 --> 03:24:02,160
terminal we don't really need it right
5138
03:24:02,160 --> 03:24:03,300
here
5139
03:24:03,300 --> 03:24:07,399
we can simply just create a new file
5140
03:24:08,460 --> 03:24:12,899
which we can call ARP spoofer
5141
03:24:12,899 --> 03:24:14,399
Dot py
5142
03:24:14,399 --> 03:24:15,720
all right
5143
03:24:15,720 --> 03:24:17,580
we need the same library that we
5144
03:24:17,580 --> 03:24:20,939
imported before so import
5145
03:24:20,939 --> 03:24:23,100
so we're going to import scapi like this
5146
03:24:23,100 --> 03:24:26,040
import kp.org
5147
03:24:26,040 --> 03:24:28,500
escapee
5148
03:24:28,500 --> 03:24:32,819
we also want to import the sys Library
5149
03:24:32,819 --> 03:24:35,819
and we want to import the time Library
5150
03:24:35,819 --> 03:24:37,800
all right so these are the three
5151
03:24:37,800 --> 03:24:39,840
libraries that we are going to need as
5152
03:24:39,840 --> 03:24:42,060
you can see we have all three of them so
5153
03:24:42,060 --> 03:24:44,220
we need to install any additional
5154
03:24:44,220 --> 03:24:45,600
libraries
5155
03:24:45,600 --> 03:24:47,880
now the first thing that we want to
5156
03:24:47,880 --> 03:24:50,100
prompt to the user is for the target's
5157
03:24:50,100 --> 03:24:54,420
IP address and router's IP address
5158
03:24:54,420 --> 03:24:56,279
now before we actually even code
5159
03:24:56,279 --> 03:24:58,859
anything let's discuss what we want this
5160
03:24:58,859 --> 03:25:01,140
program to do in the previous video we
5161
03:25:01,140 --> 03:25:03,000
showed how we actually sent a malicious
5162
03:25:03,000 --> 03:25:05,279
packet to Windows 10 machine telling
5163
03:25:05,279 --> 03:25:08,160
them that we are the router now we need
5164
03:25:08,160 --> 03:25:10,800
to do that two times so we need to send
5165
03:25:10,800 --> 03:25:12,359
the malicious packet to Windows 10
5166
03:25:12,359 --> 03:25:14,939
machine telling the Windows 10 that we
5167
03:25:14,939 --> 03:25:16,920
are the router and we also need to send
5168
03:25:16,920 --> 03:25:18,479
the malicious packet to the router
5169
03:25:18,479 --> 03:25:20,399
telling the router that we are Windows
5170
03:25:20,399 --> 03:25:21,899
10 machine
5171
03:25:21,899 --> 03:25:24,300
and then we can forward the packets from
5172
03:25:24,300 --> 03:25:25,979
one machine to another
5173
03:25:25,979 --> 03:25:27,779
and vice versa
5174
03:25:27,779 --> 03:25:29,520
if you think about it it should be
5175
03:25:29,520 --> 03:25:31,979
rather easy so let's start with it we
5176
03:25:31,979 --> 03:25:33,660
first of all need to prompt the user of
5177
03:25:33,660 --> 03:25:36,420
this program to specify the target's IP
5178
03:25:36,420 --> 03:25:39,600
address and the router's IP address
5179
03:25:39,600 --> 03:25:41,340
all right so let's start with the target
5180
03:25:41,340 --> 03:25:42,899
IP
5181
03:25:42,899 --> 03:25:45,060
and since we imported assist Library we
5182
03:25:45,060 --> 03:25:47,040
can simply just specify that the target
5183
03:25:47,040 --> 03:25:52,279
IP will be equal to the sys dot arc V
5184
03:25:52,380 --> 03:25:55,140
which is number two and this basically
5185
03:25:55,140 --> 03:25:56,880
means that we are going to read the
5186
03:25:56,880 --> 03:25:59,819
targets IP and the router's IP from the
5187
03:25:59,819 --> 03:26:01,380
command line once the user of this
5188
03:26:01,380 --> 03:26:03,960
program runs it let me just give you a
5189
03:26:03,960 --> 03:26:06,660
quick look if so you can understand it
5190
03:26:06,660 --> 03:26:09,000
uh
5191
03:26:09,000 --> 03:26:11,340
for example this program will be ran
5192
03:26:11,340 --> 03:26:13,979
something like this so Python 3 ARP
5193
03:26:13,979 --> 03:26:15,060
spoofer
5194
03:26:15,060 --> 03:26:19,020
oops Dot py and then after it we would
5195
03:26:19,020 --> 03:26:20,660
specify
5196
03:26:20,660 --> 03:26:23,479
192.168.1.1 and
5197
03:26:23,479 --> 03:26:26,399
192.168.1.2 so the first argument will
5198
03:26:26,399 --> 03:26:27,660
be
5199
03:26:27,660 --> 03:26:30,120
the IP address of our router and the
5200
03:26:30,120 --> 03:26:31,739
second argument will be the IP address
5201
03:26:31,739 --> 03:26:34,560
from our Target machine and then we're
5202
03:26:34,560 --> 03:26:37,800
going to read the IP addresses from the
5203
03:26:37,800 --> 03:26:40,020
command line and store it into these
5204
03:26:40,020 --> 03:26:42,779
variables so the target IB will be the
5205
03:26:42,779 --> 03:26:44,939
second parameter or in this case the
5206
03:26:44,939 --> 03:26:47,220
third parameter since counting of
5207
03:26:47,220 --> 03:26:49,739
elements starts from 0 and the zero
5208
03:26:49,739 --> 03:26:52,380
element is the actual name of the
5209
03:26:52,380 --> 03:26:55,319
program all right and we are left with
5210
03:26:55,319 --> 03:27:00,000
the router IP to be equal to sys.org V
5211
03:27:00,000 --> 03:27:02,580
first element or the second element in
5212
03:27:02,580 --> 03:27:05,100
this case which will be the
5213
03:27:05,100 --> 03:27:07,859
IP address of the router all right so
5214
03:27:07,859 --> 03:27:09,779
we're going to read these two from the
5215
03:27:09,779 --> 03:27:10,920
command
5216
03:27:10,920 --> 03:27:14,040
then we're storing it right here and the
5217
03:27:14,040 --> 03:27:15,600
next thing that we want to do with these
5218
03:27:15,600 --> 03:27:17,700
two information since this is the only
5219
03:27:17,700 --> 03:27:19,739
thing that we are going to get from the
5220
03:27:19,739 --> 03:27:21,899
user of this program we want to get the
5221
03:27:21,899 --> 03:27:25,979
Mac addresses for these two Targets
5222
03:27:25,979 --> 03:27:28,319
so how can we do that well let's simply
5223
03:27:28,319 --> 03:27:32,460
specify another variable called Target
5224
03:27:32,460 --> 03:27:35,580
Mac and that variable will be equal to
5225
03:27:35,580 --> 03:27:38,819
get MAC address
5226
03:27:38,819 --> 03:27:42,920
from the targets IP
5227
03:27:43,800 --> 03:27:45,239
then you will see that this is red
5228
03:27:45,239 --> 03:27:47,100
underlined that means this function does
5229
03:27:47,100 --> 03:27:48,840
not exist therefore we are going to have
5230
03:27:48,840 --> 03:27:51,840
to code it and don't worry about it we
5231
03:27:51,840 --> 03:27:53,580
already kind of coded this function in
5232
03:27:53,580 --> 03:27:55,319
the previous video once we saw the
5233
03:27:55,319 --> 03:27:57,060
process of getting the MAC address of
5234
03:27:57,060 --> 03:27:59,220
our Windows 10 machine all we need to do
5235
03:27:59,220 --> 03:28:01,979
is the same the exact same thing just
5236
03:28:01,979 --> 03:28:03,660
now we need to do it with both Windows
5237
03:28:03,660 --> 03:28:05,700
10 machine and the router
5238
03:28:05,700 --> 03:28:08,220
so let's type it right here router Mac
5239
03:28:08,220 --> 03:28:09,779
equals
5240
03:28:09,779 --> 03:28:13,580
get MAC address
5241
03:28:14,819 --> 03:28:18,380
from the routers
5242
03:28:18,899 --> 03:28:20,460
IP
5243
03:28:20,460 --> 03:28:22,200
and we need to make sure that all of
5244
03:28:22,200 --> 03:28:24,060
these variables are strings as we are
5245
03:28:24,060 --> 03:28:25,500
going to use them so we're just going to
5246
03:28:25,500 --> 03:28:28,319
wrap them just in case inside of a
5247
03:28:28,319 --> 03:28:29,220
string
5248
03:28:29,220 --> 03:28:31,800
function
5249
03:28:31,800 --> 03:28:34,920
all right so string
5250
03:28:34,920 --> 03:28:36,660
we also want to make sure that the IP
5251
03:28:36,660 --> 03:28:39,620
addresses are strings
5252
03:28:39,859 --> 03:28:43,859
just in case let's wrap this so we have
5253
03:28:43,859 --> 03:28:46,020
everything set to go
5254
03:28:46,020 --> 03:28:48,180
now what we need to do is we need to
5255
03:28:48,180 --> 03:28:51,380
code the get MAC address function
5256
03:28:51,380 --> 03:28:54,960
so let's code it right here
5257
03:28:54,960 --> 03:28:57,600
let's define it first so Define get MAC
5258
03:28:57,600 --> 03:28:59,700
address
5259
03:28:59,700 --> 03:29:02,279
let's lower this in for just a second so
5260
03:29:02,279 --> 03:29:04,620
we can see the program better and since
5261
03:29:04,620 --> 03:29:06,600
we already noticed right here this
5262
03:29:06,600 --> 03:29:08,880
function will take a parameter the IP
5263
03:29:08,880 --> 03:29:10,979
address
5264
03:29:10,979 --> 03:29:12,840
whether it is the IP address of the
5265
03:29:12,840 --> 03:29:14,540
Target or the router it doesn't matter
5266
03:29:14,540 --> 03:29:18,540
the function will perform the same so if
5267
03:29:18,540 --> 03:29:20,220
we remember from the previous video what
5268
03:29:20,220 --> 03:29:23,100
we first did is we created the broadcast
5269
03:29:23,100 --> 03:29:25,760
layer
5270
03:29:26,520 --> 03:29:31,279
that will be equal to KP dot ather
5271
03:29:31,859 --> 03:29:33,600
with the destination
5272
03:29:33,600 --> 03:29:37,160
to the broadcast Mac address
5273
03:29:37,680 --> 03:29:40,140
alright so this is the first layer and
5274
03:29:40,140 --> 03:29:42,300
the second layer you already know is the
5275
03:29:42,300 --> 03:29:43,739
ARP layer
5276
03:29:43,739 --> 03:29:47,399
this will be equal to kp.arp
5277
03:29:47,399 --> 03:29:50,279
and the P destination has to be set to
5278
03:29:50,279 --> 03:29:53,220
the IP address of this actual function
5279
03:29:53,220 --> 03:29:55,800
so in this case it will be the targets
5280
03:29:55,800 --> 03:29:59,760
IP and in this case the router's IP
5281
03:29:59,760 --> 03:30:02,279
basically once again we are sending the
5282
03:30:02,279 --> 03:30:04,200
broadcast Mac address so we're sending
5283
03:30:04,200 --> 03:30:06,779
to the entire network asking what is the
5284
03:30:06,779 --> 03:30:09,120
MAC address of this IP address right
5285
03:30:09,120 --> 03:30:09,960
here
5286
03:30:09,960 --> 03:30:11,340
all right
5287
03:30:11,340 --> 03:30:13,680
we already know that the other fields of
5288
03:30:13,680 --> 03:30:15,120
the r packet will get filled
5289
03:30:15,120 --> 03:30:16,620
automatically so we don't need to
5290
03:30:16,620 --> 03:30:18,960
specify them by default if you remember
5291
03:30:18,960 --> 03:30:21,479
the op parameter of this art packet will
5292
03:30:21,479 --> 03:30:23,520
be set to 1 which means it is by default
5293
03:30:23,520 --> 03:30:25,260
a request so we don't have to set that
5294
03:30:25,260 --> 03:30:26,279
as well
5295
03:30:26,279 --> 03:30:29,160
and right now let's create a packet a
5296
03:30:29,160 --> 03:30:34,560
final packet which we can call get Mac
5297
03:30:34,560 --> 03:30:36,239
packet
5298
03:30:36,239 --> 03:30:37,800
just so we can understand everything
5299
03:30:37,800 --> 03:30:40,439
better once we read the program code
5300
03:30:40,439 --> 03:30:42,600
and this get Mac packet will be the
5301
03:30:42,600 --> 03:30:46,979
broadcast layer slash ARP layer
5302
03:30:46,979 --> 03:30:48,359
all right
5303
03:30:48,359 --> 03:30:50,340
all we will have to do is send this
5304
03:30:50,340 --> 03:30:53,700
packet and retrieve the MAC address
5305
03:30:53,700 --> 03:30:55,920
if you remember we will store this
5306
03:30:55,920 --> 03:30:58,560
inside of our answer variable and then
5307
03:30:58,560 --> 03:31:00,840
we will perform the SRP function which
5308
03:31:00,840 --> 03:31:03,600
sends and retrieves the response
5309
03:31:03,600 --> 03:31:06,000
we will perform that on the get Mac
5310
03:31:06,000 --> 03:31:08,540
packet
5311
03:31:09,060 --> 03:31:12,600
with the timeout of two seconds
5312
03:31:12,600 --> 03:31:14,520
we want to set different post to be
5313
03:31:14,520 --> 03:31:16,319
equal to false
5314
03:31:16,319 --> 03:31:19,140
and we want to grab the first element of
5315
03:31:19,140 --> 03:31:21,060
this list which is going to be the list
5316
03:31:21,060 --> 03:31:22,920
with answers
5317
03:31:22,920 --> 03:31:25,560
all right and then from that list with
5318
03:31:25,560 --> 03:31:28,020
answers we want to return the MAC
5319
03:31:28,020 --> 03:31:31,439
address of the specified Target so we
5320
03:31:31,439 --> 03:31:33,899
are returning the answer this answer
5321
03:31:33,899 --> 03:31:36,660
variable will also have a bunch of lists
5322
03:31:36,660 --> 03:31:38,580
so we need to set right here that we
5323
03:31:38,580 --> 03:31:40,979
want the first list
5324
03:31:40,979 --> 03:31:43,319
then from the first list we want the
5325
03:31:43,319 --> 03:31:45,899
response which is going to have the MAC
5326
03:31:45,899 --> 03:31:48,120
address of the Target and therefore we
5327
03:31:48,120 --> 03:31:51,960
want to get it with HW SRC so we are
5328
03:31:51,960 --> 03:31:53,760
returning the MAC address of the target
5329
03:31:53,760 --> 03:31:55,319
machine
5330
03:31:55,319 --> 03:31:57,239
alright so before we continue anything
5331
03:31:57,239 --> 03:32:01,340
let's see whether this works
5332
03:32:01,439 --> 03:32:05,540
at the end we're going to print
5333
03:32:05,580 --> 03:32:09,000
the router Mac
5334
03:32:09,000 --> 03:32:11,899
and we want to print
5335
03:32:11,899 --> 03:32:14,819
the target Mac
5336
03:32:14,819 --> 03:32:17,580
so let's run the program we already know
5337
03:32:17,580 --> 03:32:20,220
that we have to run it like this so keep
5338
03:32:20,220 --> 03:32:22,080
in mind that you do not reverse these
5339
03:32:22,080 --> 03:32:23,760
two IP addresses the first IP address
5340
03:32:23,760 --> 03:32:26,340
that should go is the router's IP which
5341
03:32:26,340 --> 03:32:28,859
we can see right here since this is the
5342
03:32:28,859 --> 03:32:31,439
element 2 and this is the element 3 and
5343
03:32:31,439 --> 03:32:34,200
the second argument is the target's IP
5344
03:32:34,200 --> 03:32:36,239
so if I run this
5345
03:32:36,239 --> 03:32:38,819
we get both of the Mac addresses printed
5346
03:32:38,819 --> 03:32:41,819
out at the screen so we successfully get
5347
03:32:41,819 --> 03:32:44,160
the Mac addresses to our router and
5348
03:32:44,160 --> 03:32:45,479
Target machine
5349
03:32:45,479 --> 03:32:46,920
good
5350
03:32:46,920 --> 03:32:49,439
in the next video we can code this poof
5351
03:32:49,439 --> 03:32:51,540
part which is going to actually send the
5352
03:32:51,540 --> 03:32:54,479
malicious packet and create our spoofing
5353
03:32:54,479 --> 03:32:56,700
between these two Targets so thank you
5354
03:32:56,700 --> 03:32:58,500
for watching this lecture and I will see
5355
03:32:58,500 --> 03:33:01,680
you in the next video bye
5356
03:33:01,680 --> 03:33:04,200
welcome back so for now on half of the
5357
03:33:04,200 --> 03:33:06,479
program is done good we managed to get
5358
03:33:06,479 --> 03:33:08,640
Mac addresses from our Target and our
5359
03:33:08,640 --> 03:33:11,220
router now it's time to actually perform
5360
03:33:11,220 --> 03:33:13,439
the hacking stuff and spoke these two
5361
03:33:13,439 --> 03:33:14,640
Targets
5362
03:33:14,640 --> 03:33:17,460
alright so let's do it now that we got
5363
03:33:17,460 --> 03:33:19,260
the Mac addresses let's see what's next
5364
03:33:19,260 --> 03:33:21,420
step first of all I'm going to delete
5365
03:33:21,420 --> 03:33:23,580
these two print statements as we don't
5366
03:33:23,580 --> 03:33:25,080
really need them
5367
03:33:25,080 --> 03:33:26,760
at the moment
5368
03:33:26,760 --> 03:33:29,660
lower this
5369
03:33:29,939 --> 03:33:32,760
and now if you remember we need to enter
5370
03:33:32,760 --> 03:33:34,979
a while loop in order for our spoofing
5371
03:33:34,979 --> 03:33:37,620
to last longer
5372
03:33:37,620 --> 03:33:39,479
so what we are going to do is I'm going
5373
03:33:39,479 --> 03:33:41,880
to type the try and accept statement
5374
03:33:41,880 --> 03:33:43,380
right here
5375
03:33:43,380 --> 03:33:45,660
and in this try statement we'll simply
5376
03:33:45,660 --> 03:33:48,000
just try to spoof the targets so while
5377
03:33:48,000 --> 03:33:50,300
true
5378
03:33:50,460 --> 03:33:53,819
we want to spoof
5379
03:33:53,819 --> 03:33:55,680
and we will see in just a second what
5380
03:33:55,680 --> 03:33:58,800
parameters will this pull function take
5381
03:33:58,800 --> 03:34:01,739
and in the accept statement we want to
5382
03:34:01,739 --> 03:34:02,939
accept
5383
03:34:02,939 --> 03:34:05,520
keyboard Interruption and the re the
5384
03:34:05,520 --> 03:34:07,080
reason why we're specifying the keyboard
5385
03:34:07,080 --> 03:34:09,120
interrupt is because if you take a
5386
03:34:09,120 --> 03:34:10,859
closer look this is a while true Loop
5387
03:34:10,859 --> 03:34:13,140
and while true Loop are infinite Loops
5388
03:34:13,140 --> 03:34:15,300
that means this false proof for the
5389
03:34:15,300 --> 03:34:17,460
infinite amount of time therefore we
5390
03:34:17,460 --> 03:34:19,500
want to make sure that at any time that
5391
03:34:19,500 --> 03:34:21,420
we want to stop the program we'll simply
5392
03:34:21,420 --> 03:34:23,100
just keyboard interrupt and it will
5393
03:34:23,100 --> 03:34:25,319
close the spoofing
5394
03:34:25,319 --> 03:34:28,880
so I will print right here
5395
03:34:29,160 --> 03:34:33,000
closing arp's buffer
5396
03:34:33,000 --> 03:34:35,640
and then we can simply exit the program
5397
03:34:35,640 --> 03:34:37,020
all right
5398
03:34:37,020 --> 03:34:39,300
so now let's get back to this both
5399
03:34:39,300 --> 03:34:41,580
function it is read underlined of course
5400
03:34:41,580 --> 03:34:43,680
because it doesn't exist therefore we
5401
03:34:43,680 --> 03:34:45,660
will have to code it but before we do
5402
03:34:45,660 --> 03:34:47,340
that let's take a look at what
5403
03:34:47,340 --> 03:34:50,040
parameters this function should take
5404
03:34:50,040 --> 03:34:51,479
well
5405
03:34:51,479 --> 03:34:53,880
it actually has to take all of these
5406
03:34:53,880 --> 03:34:56,399
four parameters right here since we want
5407
03:34:56,399 --> 03:34:58,620
to spoof both to the targets and for
5408
03:34:58,620 --> 03:35:00,600
each of the target we need its own Mac
5409
03:35:00,600 --> 03:35:03,239
address and its own IP address therefore
5410
03:35:03,239 --> 03:35:05,220
we need to send all of these four
5411
03:35:05,220 --> 03:35:08,640
variables into this spool function
5412
03:35:08,640 --> 03:35:11,640
let's keep a track of in which order we
5413
03:35:11,640 --> 03:35:13,080
are sending them so we're first of all
5414
03:35:13,080 --> 03:35:15,739
going to send
5415
03:35:15,779 --> 03:35:18,960
router IP
5416
03:35:18,960 --> 03:35:22,319
then we will send Target IP
5417
03:35:22,319 --> 03:35:25,080
then we'll send router Mac and the last
5418
03:35:25,080 --> 03:35:28,800
thing we need to send is the target Mac
5419
03:35:28,800 --> 03:35:31,500
so we are sending these four variables
5420
03:35:31,500 --> 03:35:34,620
and right here we will code the function
5421
03:35:34,620 --> 03:35:36,600
itself
5422
03:35:36,600 --> 03:35:38,760
and keep in mind that we need to specify
5423
03:35:38,760 --> 03:35:41,520
the exact same order of these variables
5424
03:35:41,520 --> 03:35:43,800
so we don't get error when running the
5425
03:35:43,800 --> 03:35:45,000
program
5426
03:35:45,000 --> 03:35:47,640
the next one is Target IP
5427
03:35:47,640 --> 03:35:50,040
after it comes the router Mac
5428
03:35:50,040 --> 03:35:54,000
and lastly the target Mac here it is now
5429
03:35:54,000 --> 03:35:55,739
let's see what we need to code right
5430
03:35:55,739 --> 03:35:56,939
here
5431
03:35:56,939 --> 03:35:59,340
in the first video of this section once
5432
03:35:59,340 --> 03:36:01,859
we created the first malicious packet we
5433
03:36:01,859 --> 03:36:04,560
created it using an OP equals tool which
5434
03:36:04,560 --> 03:36:06,479
is a response which is good it should be
5435
03:36:06,479 --> 03:36:08,399
like that and we're going to do the same
5436
03:36:08,399 --> 03:36:11,040
thing right here just right now instead
5437
03:36:11,040 --> 03:36:12,960
of one packet we're going to create two
5438
03:36:12,960 --> 03:36:15,120
packets one will be sent to the router
5439
03:36:15,120 --> 03:36:16,739
and the other one will be sent to the
5440
03:36:16,739 --> 03:36:19,200
Windows 10 machine spoofing them both at
5441
03:36:19,200 --> 03:36:20,340
the same time
5442
03:36:20,340 --> 03:36:22,260
so let's create a variable which will be
5443
03:36:22,260 --> 03:36:24,120
called packet one
5444
03:36:24,120 --> 03:36:27,300
the packet one will be a packet that we
5445
03:36:27,300 --> 03:36:30,239
will determine to go to the router
5446
03:36:30,239 --> 03:36:32,279
so how can we do that we'll we'll simply
5447
03:36:32,279 --> 03:36:35,399
create escape.arp packet as usual
5448
03:36:35,399 --> 03:36:38,040
we send the op to be equal to 2 since
5449
03:36:38,040 --> 03:36:41,160
this is a response and in order to to
5450
03:36:41,160 --> 03:36:43,439
navigate this packet to router we simply
5451
03:36:43,439 --> 03:36:45,300
send the hardware destination to be
5452
03:36:45,300 --> 03:36:47,640
equal to router Mac
5453
03:36:47,640 --> 03:36:49,500
we also need to send the P destination
5454
03:36:49,500 --> 03:36:53,420
to be equal to router IP
5455
03:36:53,580 --> 03:36:56,160
right here and another thing that we
5456
03:36:56,160 --> 03:36:58,680
need is going to be the P source
5457
03:36:58,680 --> 03:37:01,800
now before I actually type this B Source
5458
03:37:01,800 --> 03:37:03,899
I will create packet2
5459
03:37:03,899 --> 03:37:05,939
which is going to be navigated to the
5460
03:37:05,939 --> 03:37:07,260
Windows 10 machine
5461
03:37:07,260 --> 03:37:09,660
or to your own Target machine which is
5462
03:37:09,660 --> 03:37:12,239
not router
5463
03:37:12,239 --> 03:37:15,979
op has to be equal to two
5464
03:37:16,739 --> 03:37:19,200
Hardware destination has to be equal to
5465
03:37:19,200 --> 03:37:20,819
Target Mac
5466
03:37:20,819 --> 03:37:22,920
NDP destination has to be equal to
5467
03:37:22,920 --> 03:37:24,540
Target IP
5468
03:37:24,540 --> 03:37:26,939
and P Source once again we're going to
5469
03:37:26,939 --> 03:37:29,160
leave empty right here
5470
03:37:29,160 --> 03:37:30,840
and the reason why we are leaving it
5471
03:37:30,840 --> 03:37:32,760
empty what do you think what should be
5472
03:37:32,760 --> 03:37:36,120
the P Source or the packet source
5473
03:37:36,120 --> 03:37:38,819
in the first packet
5474
03:37:38,819 --> 03:37:40,979
keep in mind that the P source is the IP
5475
03:37:40,979 --> 03:37:42,960
address of the machine that is sending
5476
03:37:42,960 --> 03:37:45,239
this packet so in our case that will be
5477
03:37:45,239 --> 03:37:47,279
the IP address of the cataly Linux
5478
03:37:47,279 --> 03:37:48,420
machine
5479
03:37:48,420 --> 03:37:50,279
but we're not going to specify the IP
5480
03:37:50,279 --> 03:37:51,840
address of the Cal Linux machine because
5481
03:37:51,840 --> 03:37:54,120
then it would just be a regular packet
5482
03:37:54,120 --> 03:37:55,620
we want to create a malicious packet
5483
03:37:55,620 --> 03:37:56,880
that will be able to spoof the
5484
03:37:56,880 --> 03:37:57,899
connection
5485
03:37:57,899 --> 03:38:00,359
so what we need to specify right here is
5486
03:38:00,359 --> 03:38:02,460
the target's IP
5487
03:38:02,460 --> 03:38:04,439
we want to send this packet to the
5488
03:38:04,439 --> 03:38:07,319
router and make it seem as it came from
5489
03:38:07,319 --> 03:38:08,939
the Windows 10 machine
5490
03:38:08,939 --> 03:38:10,920
the same thing goes with the packet 2.
5491
03:38:10,920 --> 03:38:12,540
we want to send this packet to the
5492
03:38:12,540 --> 03:38:15,300
Windows 10 machine and make it seem like
5493
03:38:15,300 --> 03:38:17,700
it came from the router therefore in the
5494
03:38:17,700 --> 03:38:20,700
packet 2 we are specifying router IP
5495
03:38:20,700 --> 03:38:24,239
simple as that
5496
03:38:24,239 --> 03:38:26,939
all we are left to do right now is send
5497
03:38:26,939 --> 03:38:28,979
these two packets
5498
03:38:28,979 --> 03:38:31,739
so how can we do that well using the
5499
03:38:31,739 --> 03:38:35,420
send function so kp.send
5500
03:38:35,880 --> 03:38:38,580
we will first send back F1
5501
03:38:38,580 --> 03:38:41,580
and then scapit.send
5502
03:38:41,580 --> 03:38:43,560
packet two
5503
03:38:43,560 --> 03:38:46,260
all right simple as that and our program
5504
03:38:46,260 --> 03:38:49,859
is almost done all we are left to add is
5505
03:38:49,859 --> 03:38:52,439
right here under the while true Loop
5506
03:38:52,439 --> 03:38:54,600
below this pull function we want to add
5507
03:38:54,600 --> 03:38:57,600
a small timeout so it doesn't spoof too
5508
03:38:57,600 --> 03:39:00,420
fast we want to add time.sleep
5509
03:39:00,420 --> 03:39:03,600
let's sleep for 2 seconds between each
5510
03:39:03,600 --> 03:39:06,120
and every packet that we send so we will
5511
03:39:06,120 --> 03:39:07,920
send the ARP response the malicious art
5512
03:39:07,920 --> 03:39:10,380
response every two seconds and we will
5513
03:39:10,380 --> 03:39:12,840
keep the ARP tables updated with the
5514
03:39:12,840 --> 03:39:15,359
incorrect Mac addresses to the router
5515
03:39:15,359 --> 03:39:17,399
and Windows 10 machine
5516
03:39:17,399 --> 03:39:20,399
so our program should be finished now
5517
03:39:20,399 --> 03:39:24,120
Let's test it and see how it works if I
5518
03:39:24,120 --> 03:39:26,580
open up my terminal right here
5519
03:39:26,580 --> 03:39:29,460
clear the screen and type python Arps
5520
03:39:29,460 --> 03:39:33,200
and then I specify
5521
03:39:33,200 --> 03:39:36,000
192.168.1.1 so first goes the router's
5522
03:39:36,000 --> 03:39:39,420
IP address and then 182.168.1
5523
03:39:39,420 --> 03:39:42,300
.2 this is the Windows 10 IP address
5524
03:39:42,300 --> 03:39:44,880
before we run it let's check once again
5525
03:39:44,880 --> 03:39:49,380
the arc tables of this target machine
5526
03:39:49,380 --> 03:39:52,859
let's also open a browser so we can see
5527
03:39:52,859 --> 03:39:55,260
that we can connect to the internet
5528
03:39:55,260 --> 03:39:57,660
okay so here is the browser and every
5529
03:39:57,660 --> 03:39:59,580
time we actually open this browser our
5530
03:39:59,580 --> 03:40:01,560
connection goes through the router
5531
03:40:01,560 --> 03:40:03,720
through this Mac address and then it
5532
03:40:03,720 --> 03:40:06,239
retrieves this page back to us and right
5533
03:40:06,239 --> 03:40:08,520
now we're going to try to make this
5534
03:40:08,520 --> 03:40:10,920
browser open the page while going
5535
03:40:10,920 --> 03:40:13,319
through our Linux machine
5536
03:40:13,319 --> 03:40:16,819
so let's run the program
5537
03:40:18,060 --> 03:40:20,760
it will print right here send one packet
5538
03:40:20,760 --> 03:40:22,500
these are the packets that are being
5539
03:40:22,500 --> 03:40:25,080
sent each and every two seconds as we
5540
03:40:25,080 --> 03:40:27,540
specified right here now let's check the
5541
03:40:27,540 --> 03:40:31,020
arc tables on our Windows 10 machine
5542
03:40:31,020 --> 03:40:33,180
and we can see we successfully spoofed
5543
03:40:33,180 --> 03:40:35,819
the MAC address of the router now the
5544
03:40:35,819 --> 03:40:37,620
Windows 10 machine thinks that the
5545
03:40:37,620 --> 03:40:40,260
router is our Linux machine and sends
5546
03:40:40,260 --> 03:40:42,300
all the packets to us
5547
03:40:42,300 --> 03:40:44,760
same goes with the router the router is
5548
03:40:44,760 --> 03:40:46,920
also spoofed and sends all the packets
5549
03:40:46,920 --> 03:40:48,479
that should go to the Windows 10 machine
5550
03:40:48,479 --> 03:40:51,000
to our Cal Linux machine
5551
03:40:51,000 --> 03:40:53,520
now if we try to go
5552
03:40:53,520 --> 03:40:55,620
and open
5553
03:40:55,620 --> 03:40:57,720
some page
5554
03:40:57,720 --> 03:41:00,359
I clicked on a random website you will
5555
03:41:00,359 --> 03:41:04,260
notice that it will load pretty long
5556
03:41:04,260 --> 03:41:06,960
matter of fact in just a few seconds it
5557
03:41:06,960 --> 03:41:08,819
will say that the actual connection
5558
03:41:08,819 --> 03:41:11,100
cannot be established and it will not
5559
03:41:11,100 --> 03:41:12,779
open this page
5560
03:41:12,779 --> 03:41:15,359
now why is that well let me click X
5561
03:41:15,359 --> 03:41:16,620
right here
5562
03:41:16,620 --> 03:41:19,620
if we close this program right here
5563
03:41:19,620 --> 03:41:22,200
there is one thing that we forgot to do
5564
03:41:22,200 --> 03:41:24,359
we successfully spoofed both of the
5565
03:41:24,359 --> 03:41:27,060
targets but now we perform more of
5566
03:41:27,060 --> 03:41:29,580
something like a Dos attack on both of
5567
03:41:29,580 --> 03:41:31,200
these targets as they cannot connect to
5568
03:41:31,200 --> 03:41:32,640
the internet anymore
5569
03:41:32,640 --> 03:41:34,739
that is because we are not forwarding
5570
03:41:34,739 --> 03:41:38,040
packets from one target to another
5571
03:41:38,040 --> 03:41:39,899
in order to be able to forward the
5572
03:41:39,899 --> 03:41:41,520
packets we need to run the command
5573
03:41:41,520 --> 03:41:43,500
inside of our terminal
5574
03:41:43,500 --> 03:41:46,500
which is Echo 1
5575
03:41:46,500 --> 03:41:49,200
and then these two arrows to write at
5576
03:41:49,200 --> 03:41:51,779
this location so slash proc slash sys
5577
03:41:51,779 --> 03:41:54,600
slash net
5578
03:41:54,600 --> 03:41:59,880
slash ipv4 and slash IP forward
5579
03:41:59,880 --> 03:42:01,739
press here enter
5580
03:42:01,739 --> 03:42:05,720
and if I run the program once again
5581
03:42:07,680 --> 03:42:11,040
and try to load the website
5582
03:42:11,040 --> 03:42:14,399
now it loads successfully
5583
03:42:14,399 --> 03:42:17,399
we can load every website that we want
5584
03:42:17,399 --> 03:42:19,140
if you want to we can also go to
5585
03:42:19,140 --> 03:42:21,800
facebook.com
5586
03:42:24,899 --> 03:42:26,939
it will load all the pages without any
5587
03:42:26,939 --> 03:42:28,859
problem and on the Windows 10 machine
5588
03:42:28,859 --> 03:42:31,140
you will not notice anything out of
5589
03:42:31,140 --> 03:42:33,300
order you will most likely never know
5590
03:42:33,300 --> 03:42:35,460
that you have been R spoofed and that
5591
03:42:35,460 --> 03:42:37,399
someone can read all of your information
5592
03:42:37,399 --> 03:42:39,420
the only way that you can actually
5593
03:42:39,420 --> 03:42:41,640
notice that if you simply just go to
5594
03:42:41,640 --> 03:42:43,500
your command prompt and type the command
5595
03:42:43,500 --> 03:42:45,540
arp-8
5596
03:42:45,540 --> 03:42:48,060
and you notice that two different IP
5597
03:42:48,060 --> 03:42:50,399
addresses have same Mac address this is
5598
03:42:50,399 --> 03:42:52,439
a good indication that at the moment you
5599
03:42:52,439 --> 03:42:55,319
are being arp spoofed all right so we
5600
03:42:55,319 --> 03:42:57,479
can see our arp's buffer works correctly
5601
03:42:57,479 --> 03:42:59,399
now all the packets are going through
5602
03:42:59,399 --> 03:43:01,319
our own machine and we can read them if
5603
03:43:01,319 --> 03:43:03,840
we want to but more about that in the
5604
03:43:03,840 --> 03:43:06,300
later sections when we code our own
5605
03:43:06,300 --> 03:43:08,399
password sniffer then we are going to
5606
03:43:08,399 --> 03:43:10,739
combine our arp's buffer right here with
5607
03:43:10,739 --> 03:43:12,899
the password sniffer and we're going to
5608
03:43:12,899 --> 03:43:15,600
see how these two tools will combine in
5609
03:43:15,600 --> 03:43:17,640
order for us to sniff the passwords that
5610
03:43:17,640 --> 03:43:20,100
some more types in their browser alright
5611
03:43:20,100 --> 03:43:21,479
so that would be about it for this
5612
03:43:21,479 --> 03:43:23,880
section in the next video of course we
5613
03:43:23,880 --> 03:43:26,040
are going to perform a small recap onto
5614
03:43:26,040 --> 03:43:28,319
this program and then we will proceed to
5615
03:43:28,319 --> 03:43:29,640
the next project
5616
03:43:29,640 --> 03:43:33,000
thank you for watching and take care bye
5617
03:43:33,000 --> 03:43:35,399
welcome back and before we finish off
5618
03:43:35,399 --> 03:43:37,859
with this section let us do a recap on
5619
03:43:37,859 --> 03:43:39,300
our ARP Stover
5620
03:43:39,300 --> 03:43:41,160
so we'll start off from the beginning of
5621
03:43:41,160 --> 03:43:42,180
the program
5622
03:43:42,180 --> 03:43:44,760
we first prompt the user from 40 Target
5623
03:43:44,760 --> 03:43:47,340
IP and the router IP which they provide
5624
03:43:47,340 --> 03:43:49,920
us with the command itself so the
5625
03:43:49,920 --> 03:43:52,680
command goes Python 3 arp's buffer then
5626
03:43:52,680 --> 03:43:54,540
the IP address of the router and then
5627
03:43:54,540 --> 03:43:57,120
the IP address of the target machine
5628
03:43:57,120 --> 03:43:59,100
then with these information that we
5629
03:43:59,100 --> 03:44:01,920
gather from the command itself we
5630
03:44:01,920 --> 03:44:03,899
proceed to perform our own function
5631
03:44:03,899 --> 03:44:06,420
which is get MAC address function using
5632
03:44:06,420 --> 03:44:08,819
these information to get the target Mac
5633
03:44:08,819 --> 03:44:11,460
address and the router Mac address so we
5634
03:44:11,460 --> 03:44:13,500
use this function right here which is
5635
03:44:13,500 --> 03:44:15,060
get MAC address
5636
03:44:15,060 --> 03:44:17,700
we craft our own packet that will
5637
03:44:17,700 --> 03:44:19,800
consist of the broadcast layer which
5638
03:44:19,800 --> 03:44:21,720
will be the ethernet layer containing
5639
03:44:21,720 --> 03:44:23,399
the broadcast Mac address as the
5640
03:44:23,399 --> 03:44:24,479
destination
5641
03:44:24,479 --> 03:44:26,520
the second layer will be the r player
5642
03:44:26,520 --> 03:44:28,920
which will contain the IP address of the
5643
03:44:28,920 --> 03:44:31,920
target machine as the destination IP
5644
03:44:31,920 --> 03:44:34,920
then we craft that packet by adding both
5645
03:44:34,920 --> 03:44:36,960
of these layers together and then we
5646
03:44:36,960 --> 03:44:39,420
send the packet from the response of the
5647
03:44:39,420 --> 03:44:42,359
packet We Gather the MAC address of that
5648
03:44:42,359 --> 03:44:43,560
machine
5649
03:44:43,560 --> 03:44:45,779
right after we do that for both the
5650
03:44:45,779 --> 03:44:47,580
target Mac and the router Mac address
5651
03:44:47,580 --> 03:44:50,220
then we proceed to go into the while
5652
03:44:50,220 --> 03:44:52,800
true Loop or the infinite Loop which
5653
03:44:52,800 --> 03:44:55,080
will perform the spool function every
5654
03:44:55,080 --> 03:44:57,479
two seconds
5655
03:44:57,479 --> 03:45:00,180
so at every two seconds this function
5656
03:45:00,180 --> 03:45:02,640
right here will get executed and what
5657
03:45:02,640 --> 03:45:04,739
this function does is it creates two
5658
03:45:04,739 --> 03:45:06,840
different malformed or malicious packets
5659
03:45:06,840 --> 03:45:09,840
which one of them the first one spoofs
5660
03:45:09,840 --> 03:45:12,359
the router while the second one spoofs
5661
03:45:12,359 --> 03:45:14,880
the target machine
5662
03:45:14,880 --> 03:45:16,920
then we send both of these packets and
5663
03:45:16,920 --> 03:45:19,140
we perform that action every two seconds
5664
03:45:19,140 --> 03:45:21,960
in case we want to close the program we
5665
03:45:21,960 --> 03:45:24,180
simply just keyboard interrupt it and it
5666
03:45:24,180 --> 03:45:27,000
will exit the program
5667
03:45:27,000 --> 03:45:28,680
so we tested it in the previous video
5668
03:45:28,680 --> 03:45:30,300
therefore there is no really need to
5669
03:45:30,300 --> 03:45:32,399
test it right now and that is the entire
5670
03:45:32,399 --> 03:45:35,399
Arps spoofer now keep in mind that you
5671
03:45:35,399 --> 03:45:37,140
should not delete this program as we are
5672
03:45:37,140 --> 03:45:39,779
going to use it throughout the course in
5673
03:45:39,779 --> 03:45:42,180
order to show you what is the real power
5674
03:45:42,180 --> 03:45:44,340
of this ARP spoofer once we get to the
5675
03:45:44,340 --> 03:45:46,800
password sniffers the password crackers
5676
03:45:46,800 --> 03:45:49,200
and so on and so on for now on let's
5677
03:45:49,200 --> 03:45:51,600
just be there and wait for us as a
5678
03:45:51,600 --> 03:45:53,520
project in the pie chart and then we're
5679
03:45:53,520 --> 03:45:55,920
going to get back to it as soon as we
5680
03:45:55,920 --> 03:45:58,200
need it again alright so that would be
5681
03:45:58,200 --> 03:46:00,060
about all for this section I hope you
5682
03:46:00,060 --> 03:46:02,340
enjoyed it and I will see you in the
5683
03:46:02,340 --> 03:46:05,520
next project bye
5684
03:46:05,520 --> 03:46:07,620
hello everyone and welcome to the
5685
03:46:07,620 --> 03:46:09,540
password sniffer project
5686
03:46:09,540 --> 03:46:12,060
since we finished our ARP spoofer the
5687
03:46:12,060 --> 03:46:13,920
best idea would be to continue with the
5688
03:46:13,920 --> 03:46:15,840
project that we can combine with our
5689
03:46:15,840 --> 03:46:18,300
Arps buffer in order to be able to do a
5690
03:46:18,300 --> 03:46:19,439
complete attack
5691
03:46:19,439 --> 03:46:21,600
we already know that our Arab spoofer
5692
03:46:21,600 --> 03:46:23,760
can create man in the middle that allows
5693
03:46:23,760 --> 03:46:25,260
us to save the packets from the target
5694
03:46:25,260 --> 03:46:28,020
machine that we specify and right now we
5695
03:46:28,020 --> 03:46:30,060
need a password sniffer that will be
5696
03:46:30,060 --> 03:46:32,640
able to extract usernames and passwords
5697
03:46:32,640 --> 03:46:35,520
from all the packets that flow by
5698
03:46:35,520 --> 03:46:37,739
therefore let's get this going hopefully
5699
03:46:37,739 --> 03:46:39,540
you're excited and let's create a new
5700
03:46:39,540 --> 03:46:40,620
project
5701
03:46:40,620 --> 03:46:44,100
go on file new project and password
5702
03:46:44,100 --> 03:46:45,720
sniffer
5703
03:46:45,720 --> 03:46:47,399
let's call it like that
5704
03:46:47,399 --> 03:46:49,080
we want to create it in a separate
5705
03:46:49,080 --> 03:46:51,380
window
5706
03:46:52,319 --> 03:46:54,180
creating the virtual environment as
5707
03:46:54,180 --> 03:46:56,520
usual and for this project we're going
5708
03:46:56,520 --> 03:46:58,140
to use some libraries that we haven't
5709
03:46:58,140 --> 03:47:00,000
encountered before
5710
03:47:00,000 --> 03:47:02,279
so let's import them straight away we're
5711
03:47:02,279 --> 03:47:05,460
going to create our file new python file
5712
03:47:05,460 --> 03:47:08,040
and let's call it pass
5713
03:47:08,040 --> 03:47:12,660
Dash sniffer dot py simple as that we
5714
03:47:12,660 --> 03:47:15,420
are going to need escapee Library
5715
03:47:15,420 --> 03:47:17,399
which we used before so nothing really
5716
03:47:17,399 --> 03:47:19,020
to explain right here
5717
03:47:19,020 --> 03:47:22,319
and we will also need the URL lib
5718
03:47:22,319 --> 03:47:24,500
Library
5719
03:47:28,739 --> 03:47:31,020
all right and the third library that
5720
03:47:31,020 --> 03:47:32,640
we're going to need is going to be the
5721
03:47:32,640 --> 03:47:36,300
re or the regex library and the regex
5722
03:47:36,300 --> 03:47:37,500
library is something that we are going
5723
03:47:37,500 --> 03:47:39,359
to need in order to extract the
5724
03:47:39,359 --> 03:47:41,640
usernames and passwords from the entire
5725
03:47:41,640 --> 03:47:43,500
packet alright
5726
03:47:43,500 --> 03:47:45,660
now our program will have two different
5727
03:47:45,660 --> 03:47:46,859
functions
5728
03:47:46,859 --> 03:47:48,960
one of the functions will parse the
5729
03:47:48,960 --> 03:47:51,180
packets that we Sniff and the second
5730
03:47:51,180 --> 03:47:53,279
function will try to extract the
5731
03:47:53,279 --> 03:47:56,640
username and password from those packets
5732
03:47:56,640 --> 03:47:58,439
but before we do any of that and before
5733
03:47:58,439 --> 03:48:00,840
we code those two functions we first of
5734
03:48:00,840 --> 03:48:02,700
all need to start sniffing for the
5735
03:48:02,700 --> 03:48:03,779
packets
5736
03:48:03,779 --> 03:48:05,880
now let's imagine that our arp's buffer
5737
03:48:05,880 --> 03:48:07,800
is running so what we would want to do
5738
03:48:07,800 --> 03:48:10,920
is we will want to try to sniff those
5739
03:48:10,920 --> 03:48:13,319
packets and this sniff function is
5740
03:48:13,319 --> 03:48:15,420
something that exists in KP so we don't
5741
03:48:15,420 --> 03:48:17,340
really need to code it we simply just
5742
03:48:17,340 --> 03:48:19,800
specify Sniff and it will gather all the
5743
03:48:19,800 --> 03:48:22,560
packets on the specified interface
5744
03:48:22,560 --> 03:48:25,560
sounds good right so since I said that
5745
03:48:25,560 --> 03:48:26,939
it will gather the packets on a
5746
03:48:26,939 --> 03:48:29,160
specified interface therefore we need to
5747
03:48:29,160 --> 03:48:31,140
specify the interface
5748
03:48:31,140 --> 03:48:33,960
we will select the iFace to be equal to
5749
03:48:33,960 --> 03:48:35,340
I face
5750
03:48:35,340 --> 03:48:38,220
and we can code up here I face to be
5751
03:48:38,220 --> 03:48:41,160
equal to your interface in my case that
5752
03:48:41,160 --> 03:48:42,779
is eth0
5753
03:48:42,779 --> 03:48:44,880
now in order to check out what is the
5754
03:48:44,880 --> 03:48:46,500
name of your interface you simply just
5755
03:48:46,500 --> 03:48:48,779
open up your terminal and you can type
5756
03:48:48,779 --> 03:48:50,880
ifconfig
5757
03:48:50,880 --> 03:48:55,279
the interface is the name right here
5758
03:48:55,620 --> 03:48:58,080
since I'm using ethernet cable on Kali
5759
03:48:58,080 --> 03:49:00,600
Linux and this is the actual interface
5760
03:49:00,600 --> 03:49:02,580
which I am using to connect to the
5761
03:49:02,580 --> 03:49:05,399
internet I will specify this name inside
5762
03:49:05,399 --> 03:49:06,660
of my program
5763
03:49:06,660 --> 03:49:09,060
if you are for example using a wireless
5764
03:49:09,060 --> 03:49:11,340
adapter you don't want to specify this
5765
03:49:11,340 --> 03:49:13,020
interface you want to specify the
5766
03:49:13,020 --> 03:49:15,060
wireless adapter which you are using to
5767
03:49:15,060 --> 03:49:16,620
connect to the internet
5768
03:49:16,620 --> 03:49:18,660
if you're simply just connecting over
5769
03:49:18,660 --> 03:49:20,939
the internet cable like me feel free to
5770
03:49:20,939 --> 03:49:23,640
specify the ethernet interface all right
5771
03:49:23,640 --> 03:49:25,979
simple as that let's close this
5772
03:49:25,979 --> 03:49:27,899
now that we got that out of the way
5773
03:49:27,899 --> 03:49:30,720
let's continue with our sniff function
5774
03:49:30,720 --> 03:49:33,180
the next parameter is going to be PRN
5775
03:49:33,180 --> 03:49:35,580
which simply means whatever we specify
5776
03:49:35,580 --> 03:49:37,920
after the equal sign
5777
03:49:37,920 --> 03:49:40,800
that function will be used in order to
5778
03:49:40,800 --> 03:49:43,260
parse the packets that we sniffed using
5779
03:49:43,260 --> 03:49:44,760
this sniff function
5780
03:49:44,760 --> 03:49:46,500
so we're going to create later on a
5781
03:49:46,500 --> 03:49:50,239
function called packet parser
5782
03:49:50,279 --> 03:49:52,140
and the third parameter and last
5783
03:49:52,140 --> 03:49:54,060
parameter is going to be stored to be
5784
03:49:54,060 --> 03:49:55,680
equal to zero so we don't want to store
5785
03:49:55,680 --> 03:49:57,779
anything we don't want to save it
5786
03:49:57,779 --> 03:50:00,000
anywhere we simply just want it to Flow
5787
03:50:00,000 --> 03:50:01,080
by
5788
03:50:01,080 --> 03:50:03,960
all right so as I mentioned before there
5789
03:50:03,960 --> 03:50:05,220
are two functions that we are going to
5790
03:50:05,220 --> 03:50:07,260
need the first one will be the packet
5791
03:50:07,260 --> 03:50:09,359
parser which we use to parse the packets
5792
03:50:09,359 --> 03:50:11,939
from our sniff function as we can see
5793
03:50:11,939 --> 03:50:13,200
right here
5794
03:50:13,200 --> 03:50:16,640
so packet parser
5795
03:50:16,680 --> 03:50:18,720
this packet parser will take one
5796
03:50:18,720 --> 03:50:20,220
parameter which will be the packet
5797
03:50:20,220 --> 03:50:22,800
itself or we can simply type it like
5798
03:50:22,800 --> 03:50:24,779
this packet
5799
03:50:24,779 --> 03:50:28,020
and the second function would be
5800
03:50:28,020 --> 03:50:33,840
Define get login pass
5801
03:50:34,260 --> 03:50:36,359
and this function will also take a
5802
03:50:36,359 --> 03:50:38,100
parameter which will be
5803
03:50:38,100 --> 03:50:40,140
Well for now on we're not we're going to
5804
03:50:40,140 --> 03:50:41,880
leave it without the parameter and we're
5805
03:50:41,880 --> 03:50:44,220
going to add it later on we created
5806
03:50:44,220 --> 03:50:46,260
these two functions all we're left to do
5807
03:50:46,260 --> 03:50:48,540
is run the code inside them
5808
03:50:48,540 --> 03:50:50,700
but let's not get ahead
5809
03:50:50,700 --> 03:50:52,500
we're just going to leave them for this
5810
03:50:52,500 --> 03:50:54,600
video and right here we're going to add
5811
03:50:54,600 --> 03:50:56,520
the accept statement
5812
03:50:56,520 --> 03:50:59,520
of course keyboard interrupt if we
5813
03:50:59,520 --> 03:51:01,380
interrupt the keyboard
5814
03:51:01,380 --> 03:51:05,520
then we can print for example exiting
5815
03:51:05,520 --> 03:51:09,060
and we can then sis or because you could
5816
03:51:09,060 --> 03:51:10,979
just exit the program since we don't
5817
03:51:10,979 --> 03:51:13,680
have the sys Library imported
5818
03:51:13,680 --> 03:51:16,200
and one more thing before we finish off
5819
03:51:16,200 --> 03:51:18,060
with this video is that we need to
5820
03:51:18,060 --> 03:51:20,040
install this KP Library
5821
03:51:20,040 --> 03:51:22,020
we know how to do that pip3 install
5822
03:51:22,020 --> 03:51:23,880
Skippy
5823
03:51:23,880 --> 03:51:26,220
and after this downloads we should be
5824
03:51:26,220 --> 03:51:28,500
good to go and we should be ready to
5825
03:51:28,500 --> 03:51:30,899
code these two functions in the next few
5826
03:51:30,899 --> 03:51:32,040
videos
5827
03:51:32,040 --> 03:51:33,660
so thank you for watching this
5828
03:51:33,660 --> 03:51:35,819
introductory video on password sniffer
5829
03:51:35,819 --> 03:51:37,979
and I will see you in the next lecture
5830
03:51:37,979 --> 03:51:40,200
bye
5831
03:51:40,200 --> 03:51:42,720
welcome back let's continue with our
5832
03:51:42,720 --> 03:51:44,100
password sniffer
5833
03:51:44,100 --> 03:51:46,200
so the first function out of these two
5834
03:51:46,200 --> 03:51:47,760
which we mentioned that we are going to
5835
03:51:47,760 --> 03:51:50,760
need is this one we want to first of all
5836
03:51:50,760 --> 03:51:54,000
parse the packets and filter them should
5837
03:51:54,000 --> 03:51:55,739
I say so we want to filter for the
5838
03:51:55,739 --> 03:51:57,960
specific packets that might contain the
5839
03:51:57,960 --> 03:51:59,939
username and password and then only
5840
03:51:59,939 --> 03:52:01,979
after this is done we're going to paste
5841
03:52:01,979 --> 03:52:04,620
the content of those packets into this
5842
03:52:04,620 --> 03:52:07,500
get login password function and in this
5843
03:52:07,500 --> 03:52:09,359
function we're going to extract the
5844
03:52:09,359 --> 03:52:12,420
username and password all right so let's
5845
03:52:12,420 --> 03:52:15,120
start off with packet parser
5846
03:52:15,120 --> 03:52:16,739
first thing that we need to specify
5847
03:52:16,739 --> 03:52:18,779
right here is we need to check for
5848
03:52:18,779 --> 03:52:22,140
whether this packet has the TCP layer
5849
03:52:22,140 --> 03:52:24,359
now we can simply just do that if we
5850
03:52:24,359 --> 03:52:26,460
specify if packet
5851
03:52:26,460 --> 03:52:29,700
dot has layer
5852
03:52:29,700 --> 03:52:32,819
and this is a function that exists in KP
5853
03:52:32,819 --> 03:52:35,160
we simply specify in the brackets which
5854
03:52:35,160 --> 03:52:37,080
layer we want to look for in our case
5855
03:52:37,080 --> 03:52:40,680
TCP all right so if packet has this
5856
03:52:40,680 --> 03:52:41,640
layer
5857
03:52:41,640 --> 03:52:43,439
then we're going to filter It Forward
5858
03:52:43,439 --> 03:52:45,540
there is another layer that you should
5859
03:52:45,540 --> 03:52:47,460
have and that is
5860
03:52:47,460 --> 03:52:50,100
packet dot has layer
5861
03:52:50,100 --> 03:52:51,540
Raw
5862
03:52:51,540 --> 03:52:54,899
and this raw layer is just a sub layer
5863
03:52:54,899 --> 03:52:58,500
of the TCP layer so if there is a raw
5864
03:52:58,500 --> 03:53:01,080
layer there is for sure going to be a
5865
03:53:01,080 --> 03:53:02,939
TCP layer
5866
03:53:02,939 --> 03:53:04,979
well in most cases
5867
03:53:04,979 --> 03:53:06,479
now another thing that we want to
5868
03:53:06,479 --> 03:53:10,080
specify right here is if it also has
5869
03:53:10,080 --> 03:53:13,340
the IP layer
5870
03:53:14,399 --> 03:53:16,200
now if these three statements are
5871
03:53:16,200 --> 03:53:18,359
satisfied then that is the packet that
5872
03:53:18,359 --> 03:53:20,399
we are looking for so we're going to
5873
03:53:20,399 --> 03:53:22,920
type right here two dots
5874
03:53:22,920 --> 03:53:25,380
and you might notice that right here
5875
03:53:25,380 --> 03:53:28,620
these names are red underlined well some
5876
03:53:28,620 --> 03:53:31,500
of them uh don't worry about that we're
5877
03:53:31,500 --> 03:53:33,720
going to worry about that later on it
5878
03:53:33,720 --> 03:53:35,580
will most likely even work without us
5879
03:53:35,580 --> 03:53:37,319
having to fix anything right here and
5880
03:53:37,319 --> 03:53:38,939
that is just some problem with the pie
5881
03:53:38,939 --> 03:53:40,920
charm itself so no need to worry about
5882
03:53:40,920 --> 03:53:42,600
that at the moment if there is anything
5883
03:53:42,600 --> 03:53:44,340
that we need to fix later on we are
5884
03:53:44,340 --> 03:53:46,739
going to fix it all right so now that we
5885
03:53:46,739 --> 03:53:48,960
got this statement right here
5886
03:53:48,960 --> 03:53:51,479
if that statement is fulfilled what we
5887
03:53:51,479 --> 03:53:53,580
want to do is we want to extract the
5888
03:53:53,580 --> 03:53:55,500
body of the packet
5889
03:53:55,500 --> 03:53:57,660
since in the body of the packet there is
5890
03:53:57,660 --> 03:53:59,700
going to be all the information that we
5891
03:53:59,700 --> 03:54:01,979
are looking for such as usernames and
5892
03:54:01,979 --> 03:54:04,500
passwords how can we do that well we can
5893
03:54:04,500 --> 03:54:06,359
simply just specify a variable which
5894
03:54:06,359 --> 03:54:08,640
will be called body and that variable
5895
03:54:08,640 --> 03:54:11,520
will be equal to the string
5896
03:54:11,520 --> 03:54:15,180
of the packet TCP part so we select it
5897
03:54:15,180 --> 03:54:17,160
like this in the square brackets and
5898
03:54:17,160 --> 03:54:19,620
then we want to select dot payload
5899
03:54:19,620 --> 03:54:22,260
all right so we're selecting the packet
5900
03:54:22,260 --> 03:54:25,199
taking the TCP part and inside of the
5901
03:54:25,199 --> 03:54:28,020
payload of the TCP layer there is going
5902
03:54:28,020 --> 03:54:30,779
to be a username and password in case
5903
03:54:30,779 --> 03:54:32,939
the target tried to log into some page
5904
03:54:32,939 --> 03:54:35,460
now what we want to do is we want to
5905
03:54:35,460 --> 03:54:38,100
send this body to our second function
5906
03:54:38,100 --> 03:54:40,620
which is going to be get login pass
5907
03:54:40,620 --> 03:54:44,040
so let's call the function get login
5908
03:54:44,040 --> 03:54:45,779
underscore pass
5909
03:54:45,779 --> 03:54:48,420
and we will pass the body straight to
5910
03:54:48,420 --> 03:54:49,739
that function
5911
03:54:49,739 --> 03:54:52,140
so let's go over this once again
5912
03:54:52,140 --> 03:54:55,020
we sniff on our interface which is eth0
5913
03:54:55,020 --> 03:54:57,660
then we check for each and every packet
5914
03:54:57,660 --> 03:55:00,779
if it has layer TCP if it has layer raw
5915
03:55:00,779 --> 03:55:03,840
and if it has layer IP if all of these
5916
03:55:03,840 --> 03:55:05,819
three conditions are met then we select
5917
03:55:05,819 --> 03:55:07,680
the body variable to be equal to the
5918
03:55:07,680 --> 03:55:10,020
payload of the TCP layer
5919
03:55:10,020 --> 03:55:13,260
once we select that we send this body to
5920
03:55:13,260 --> 03:55:15,300
our second function which is get login
5921
03:55:15,300 --> 03:55:16,739
pass
5922
03:55:16,739 --> 03:55:19,620
now inside of this function what we need
5923
03:55:19,620 --> 03:55:21,540
to do is we first of all need to need to
5924
03:55:21,540 --> 03:55:23,399
select two different variables first one
5925
03:55:23,399 --> 03:55:26,880
is going to be user to be equal to none
5926
03:55:26,880 --> 03:55:30,660
and password to be equal to none
5927
03:55:30,660 --> 03:55:33,120
now none simply means that we do not
5928
03:55:33,120 --> 03:55:35,040
have any value at the moment inside of
5929
03:55:35,040 --> 03:55:37,560
these two variables and hopefully at the
5930
03:55:37,560 --> 03:55:39,180
end of this function we should have the
5931
03:55:39,180 --> 03:55:41,880
username and password stored right here
5932
03:55:41,880 --> 03:55:44,520
so let's end our tutorial here and we
5933
03:55:44,520 --> 03:55:45,960
are going to continue in the next
5934
03:55:45,960 --> 03:55:48,120
lecture with the coding of our two
5935
03:55:48,120 --> 03:55:51,180
functions take care bye
5936
03:55:51,180 --> 03:55:53,760
welcome back this is our third tutorial
5937
03:55:53,760 --> 03:55:55,739
to our password sniffer
5938
03:55:55,739 --> 03:55:57,660
and you might notice that I added
5939
03:55:57,660 --> 03:55:59,399
something right here that we didn't have
5940
03:55:59,399 --> 03:56:01,560
in the previous video and those are
5941
03:56:01,560 --> 03:56:04,380
these two lists so I added the user's
5942
03:56:04,380 --> 03:56:07,500
fields and the passwords fields
5943
03:56:07,500 --> 03:56:09,960
these two lists are going to help us to
5944
03:56:09,960 --> 03:56:11,880
find for the usernames and passwords
5945
03:56:11,880 --> 03:56:14,760
inside of the body that we paste to this
5946
03:56:14,760 --> 03:56:15,720
function
5947
03:56:15,720 --> 03:56:18,000
so right here now that I mentioned body
5948
03:56:18,000 --> 03:56:20,399
I will paste it straight away since in
5949
03:56:20,399 --> 03:56:22,800
our packet parser function we do call it
5950
03:56:22,800 --> 03:56:25,560
as a parameter all right
5951
03:56:25,560 --> 03:56:27,960
so we're going to check for each and
5952
03:56:27,960 --> 03:56:30,540
every element from this list if it is
5953
03:56:30,540 --> 03:56:32,939
located inside of this body and if it is
5954
03:56:32,939 --> 03:56:35,220
we're going to print the username and
5955
03:56:35,220 --> 03:56:36,420
the password
5956
03:56:36,420 --> 03:56:38,520
now for you you don't really have to
5957
03:56:38,520 --> 03:56:40,920
type all of this if you don't want you
5958
03:56:40,920 --> 03:56:43,020
can go to the resources of this project
5959
03:56:43,020 --> 03:56:45,479
or at the end of this section and
5960
03:56:45,479 --> 03:56:47,520
download this program and simply just
5961
03:56:47,520 --> 03:56:50,100
copy and paste these two Fields all
5962
03:56:50,100 --> 03:56:51,239
right
5963
03:56:51,239 --> 03:56:53,880
so let's get straight into the coding
5964
03:56:53,880 --> 03:56:55,920
now that we have these two fields for
5965
03:56:55,920 --> 03:56:57,899
all the possible names for the usernames
5966
03:56:57,899 --> 03:57:00,720
and the passwords what we can do is we
5967
03:57:00,720 --> 03:57:02,640
can iterate over each and every element
5968
03:57:02,640 --> 03:57:06,239
so for example let's go over the user
5969
03:57:06,239 --> 03:57:07,560
Fields first
5970
03:57:07,560 --> 03:57:09,779
so far login
5971
03:57:09,779 --> 03:57:13,160
in user fields
5972
03:57:13,620 --> 03:57:17,060
we can simply just do
5973
03:57:17,399 --> 03:57:19,560
what we're going to do right here is
5974
03:57:19,560 --> 03:57:21,479
we're going to use regex in order to
5975
03:57:21,479 --> 03:57:24,420
extract the user names now I will first
5976
03:57:24,420 --> 03:57:25,859
type it right here and then I will
5977
03:57:25,859 --> 03:57:28,020
explain it to you so I'll create a
5978
03:57:28,020 --> 03:57:30,500
variable called login underscore R E
5979
03:57:30,500 --> 03:57:33,359
standing for regex and I'm going to call
5980
03:57:33,359 --> 03:57:35,160
the regex library with the search
5981
03:57:35,160 --> 03:57:36,960
function
5982
03:57:36,960 --> 03:57:39,540
in that function I'm going to specify
5983
03:57:39,540 --> 03:57:42,199
the pattern
5984
03:57:43,140 --> 03:57:46,800
which will be percent s equals open
5985
03:57:46,800 --> 03:57:50,340
square brackets close square brackets
5986
03:57:50,340 --> 03:57:53,300
upper sign
5987
03:57:54,899 --> 03:57:57,000
then this sign right here not really
5988
03:57:57,000 --> 03:57:58,979
sure how it is called and then at the
5989
03:57:58,979 --> 03:58:01,140
end we specify a plus
5990
03:58:01,140 --> 03:58:03,840
okay so this is our pattern and
5991
03:58:03,840 --> 03:58:06,779
wait for just a second I will explain it
5992
03:58:06,779 --> 03:58:08,819
we then type percent
5993
03:58:08,819 --> 03:58:10,800
login
5994
03:58:10,800 --> 03:58:16,080
and then comma body and then comma r e
5995
03:58:16,080 --> 03:58:18,420
dot ignore case
5996
03:58:18,420 --> 03:58:21,239
okay so before we continue I need to
5997
03:58:21,239 --> 03:58:23,460
explain this line a little bit better
5998
03:58:23,460 --> 03:58:25,500
so what we're doing right here is we're
5999
03:58:25,500 --> 03:58:28,560
creating login.re object
6000
03:58:28,560 --> 03:58:31,199
now we're calling the re Library which
6001
03:58:31,199 --> 03:58:33,359
is the regex library and on this Library
6002
03:58:33,359 --> 03:58:35,760
we are calling the search function what
6003
03:58:35,760 --> 03:58:38,040
this search function does is it takes a
6004
03:58:38,040 --> 03:58:40,140
pattern that we specify which is this
6005
03:58:40,140 --> 03:58:42,000
right here and to explain this pattern
6006
03:58:42,000 --> 03:58:44,100
you really need to know regex so if you
6007
03:58:44,100 --> 03:58:46,260
do know it that's great if you don't
6008
03:58:46,260 --> 03:58:48,720
know it well then I will leave some
6009
03:58:48,720 --> 03:58:50,520
resources in the description so you can
6010
03:58:50,520 --> 03:58:53,040
get more familiar with regex and its
6011
03:58:53,040 --> 03:58:55,920
patterns what basically this is is the
6012
03:58:55,920 --> 03:58:58,500
pattern which we are going to use in
6013
03:58:58,500 --> 03:59:00,960
order to try to get the usernames
6014
03:59:00,960 --> 03:59:03,120
the second parameter to this function is
6015
03:59:03,120 --> 03:59:06,420
the body and body simply means where are
6016
03:59:06,420 --> 03:59:07,979
we going to search for the username so
6017
03:59:07,979 --> 03:59:09,660
we're searching the usernames in body
6018
03:59:09,660 --> 03:59:11,939
and the last parameter which is ignore
6019
03:59:11,939 --> 03:59:13,500
case simply means that we don't care
6020
03:59:13,500 --> 03:59:15,600
about the uppercase and lowercase
6021
03:59:15,600 --> 03:59:17,520
letters okay
6022
03:59:17,520 --> 03:59:20,279
now this pattern right here this percent
6023
03:59:20,279 --> 03:59:22,560
as since that is the first thing will
6024
03:59:22,560 --> 03:59:25,260
get replaced with the login and keep in
6025
03:59:25,260 --> 03:59:27,660
mind the login is the iterable and it
6026
03:59:27,660 --> 03:59:30,720
will be each and every of these elements
6027
03:59:30,720 --> 03:59:32,880
so for this example let's take this
6028
03:59:32,880 --> 03:59:33,960
element
6029
03:59:33,960 --> 03:59:36,120
what we are looking for is something
6030
03:59:36,120 --> 03:59:40,140
like username equals and then something
6031
03:59:40,140 --> 03:59:41,580
right here
6032
03:59:41,580 --> 03:59:44,640
this pattern simply specifies something
6033
03:59:44,640 --> 03:59:47,279
like this if we find this inside of a
6034
03:59:47,279 --> 03:59:49,380
body that means that we successfully
6035
03:59:49,380 --> 03:59:51,479
found the username and we're going to
6036
03:59:51,479 --> 03:59:54,000
print this to the screen
6037
03:59:54,000 --> 03:59:57,060
okay so let's delete this
6038
03:59:57,060 --> 03:59:59,939
now that we got that out of the way
6039
03:59:59,939 --> 04:00:01,680
we now need to check whether there is
6040
04:00:01,680 --> 04:00:04,500
anything stored inside of this login
6041
04:00:04,500 --> 04:00:06,420
since if there is that means we found
6042
04:00:06,420 --> 04:00:11,520
the username so if login underscore re
6043
04:00:11,520 --> 04:00:14,040
then our user variable which we created
6044
04:00:14,040 --> 04:00:15,720
at the beginning of the program and set
6045
04:00:15,720 --> 04:00:18,479
the value of none to it is going to be
6046
04:00:18,479 --> 04:00:20,779
equal
6047
04:00:21,239 --> 04:00:25,080
to login underscore re dot group and
6048
04:00:25,080 --> 04:00:27,600
group are just the results that we got
6049
04:00:27,600 --> 04:00:30,359
from this function right here therefore
6050
04:00:30,359 --> 04:00:32,399
it will simply just store the username
6051
04:00:32,399 --> 04:00:34,260
inside of this variable
6052
04:00:34,260 --> 04:00:36,660
all right so the same thing we need to
6053
04:00:36,660 --> 04:00:39,180
perform for the passwords as well so
6054
04:00:39,180 --> 04:00:43,939
let's go right here for pass field
6055
04:00:43,939 --> 04:00:47,660
in pass fields
6056
04:00:48,600 --> 04:00:50,580
we're going to create an object once
6057
04:00:50,580 --> 04:00:53,699
again called pass underscore re and we
6058
04:00:53,699 --> 04:00:55,800
perform the exact same thing so I'm
6059
04:00:55,800 --> 04:00:58,939
going to copy this
6060
04:00:59,160 --> 04:01:01,439
so we don't have to type it twice and
6061
04:01:01,439 --> 04:01:04,439
paste it right here
6062
04:01:04,439 --> 04:01:06,720
well not there we don't want it there we
6063
04:01:06,720 --> 04:01:09,960
want it here okay good
6064
04:01:09,960 --> 04:01:12,479
now the pattern right here will remain
6065
04:01:12,479 --> 04:01:15,060
the same as for the usernames just in
6066
04:01:15,060 --> 04:01:16,800
our case what we are searching for is
6067
04:01:16,800 --> 04:01:20,399
something like this password equals and
6068
04:01:20,399 --> 04:01:23,100
then random password okay
6069
04:01:23,100 --> 04:01:26,100
so let's delete this and in order to
6070
04:01:26,100 --> 04:01:28,199
actually search for a password we need
6071
04:01:28,199 --> 04:01:30,060
to replace this login
6072
04:01:30,060 --> 04:01:32,040
with pass field
6073
04:01:32,040 --> 04:01:34,560
since we are iterating right now over
6074
04:01:34,560 --> 04:01:36,960
the second list which is the possible
6075
04:01:36,960 --> 04:01:40,020
names for the password field
6076
04:01:40,020 --> 04:01:41,220
okay
6077
04:01:41,220 --> 04:01:43,500
all of this will remain the same and now
6078
04:01:43,500 --> 04:01:45,899
we need to check whether we got this
6079
04:01:45,899 --> 04:01:48,739
so if
6080
04:01:48,779 --> 04:01:52,080
if pass underscore r e
6081
04:01:52,080 --> 04:01:54,300
then we are going to store in our pass
6082
04:01:54,300 --> 04:01:57,180
WD variable which is once again at the
6083
04:01:57,180 --> 04:01:59,160
beginning of this function and set to
6084
04:01:59,160 --> 04:02:00,420
none
6085
04:02:00,420 --> 04:02:02,279
we will store
6086
04:02:02,279 --> 04:02:06,720
as underscore re dot group
6087
04:02:06,720 --> 04:02:08,520
okay good
6088
04:02:08,520 --> 04:02:11,340
and now at the end
6089
04:02:11,340 --> 04:02:14,220
we need to return these two values so we
6090
04:02:14,220 --> 04:02:18,660
will specify if user and password
6091
04:02:18,660 --> 04:02:20,399
we will return
6092
04:02:20,399 --> 04:02:24,620
both username and password
6093
04:02:25,020 --> 04:02:28,140
all right so this is the entire get
6094
04:02:28,140 --> 04:02:30,720
login pass function and now we are ready
6095
04:02:30,720 --> 04:02:34,500
to go back to our packet parser function
6096
04:02:34,500 --> 04:02:36,720
now before we close this video I'm going
6097
04:02:36,720 --> 04:02:39,180
to just select the username comma
6098
04:02:39,180 --> 04:02:42,000
password to be equal to get login pass
6099
04:02:42,000 --> 04:02:44,939
with the body as a parameter since we
6100
04:02:44,939 --> 04:02:46,979
are returning the two values from this
6101
04:02:46,979 --> 04:02:48,120
function
6102
04:02:48,120 --> 04:02:49,920
therefore we need to set those two
6103
04:02:49,920 --> 04:02:52,560
values inside of these two values
6104
04:02:52,560 --> 04:02:54,840
user will be set inside of a username
6105
04:02:54,840 --> 04:02:57,300
and password will be set inside of a
6106
04:02:57,300 --> 04:02:59,340
password so in the next video we're
6107
04:02:59,340 --> 04:03:01,319
going to wrap up our program and we are
6108
04:03:01,319 --> 04:03:04,319
going to go for a first test of it all
6109
04:03:04,319 --> 04:03:06,060
right so thank you for watching this
6110
04:03:06,060 --> 04:03:08,220
tutorial and I will see you in the next
6111
04:03:08,220 --> 04:03:10,260
lecture bye
6112
04:03:10,260 --> 04:03:12,000
welcome back
6113
04:03:12,000 --> 04:03:14,460
so we've had quite a tough task in the
6114
04:03:14,460 --> 04:03:16,260
previous few videos but we managed to
6115
04:03:16,260 --> 04:03:19,260
get it all to work now it's time to wrap
6116
04:03:19,260 --> 04:03:21,239
up our program and run it for a first
6117
04:03:21,239 --> 04:03:22,319
test
6118
04:03:22,319 --> 04:03:24,660
so what we did for now is we returned
6119
04:03:24,660 --> 04:03:26,880
the username and password extracted it
6120
04:03:26,880 --> 04:03:29,040
from the body and stored it in these two
6121
04:03:29,040 --> 04:03:31,500
variables now what we need to do is we
6122
04:03:31,500 --> 04:03:33,840
need to print these two variables as a
6123
04:03:33,840 --> 04:03:37,739
result so right here after this we need
6124
04:03:37,739 --> 04:03:40,199
to check whether username and password
6125
04:03:40,199 --> 04:03:44,000
is not equal to none
6126
04:03:45,600 --> 04:03:49,260
oops seems like we cannot specify two of
6127
04:03:49,260 --> 04:03:50,819
these variables so we need to delete
6128
04:03:50,819 --> 04:03:54,840
this what we're going to do instead
6129
04:03:54,840 --> 04:03:56,819
is we are going to store this inside of
6130
04:03:56,819 --> 04:04:01,220
one variable let's call it like this
6131
04:04:06,060 --> 04:04:07,739
now the reason why we're storing it in
6132
04:04:07,739 --> 04:04:09,779
one variable is because we can use one
6133
04:04:09,779 --> 04:04:12,180
if statement later on even though we are
6134
04:04:12,180 --> 04:04:14,279
returning two values this will both be
6135
04:04:14,279 --> 04:04:17,520
stored inside of a user pass just as two
6136
04:04:17,520 --> 04:04:20,160
different elements all right so
6137
04:04:20,160 --> 04:04:23,760
after that we can check whether if user
6138
04:04:23,760 --> 04:04:27,479
underscore pass is not equal to none and
6139
04:04:27,479 --> 04:04:29,520
what this simply means since we set the
6140
04:04:29,520 --> 04:04:32,160
user and pass to be equal to none if we
6141
04:04:32,160 --> 04:04:33,960
don't manage to find any username and
6142
04:04:33,960 --> 04:04:36,060
password these two values will remain
6143
04:04:36,060 --> 04:04:38,640
none and they will be returned as none
6144
04:04:38,640 --> 04:04:40,979
at the end of the function therefore
6145
04:04:40,979 --> 04:04:43,020
right here we are checking if user and
6146
04:04:43,020 --> 04:04:45,000
password is not equal to none and we
6147
04:04:45,000 --> 04:04:46,800
specify that with this exclamation mark
6148
04:04:46,800 --> 04:04:48,720
and equal sign
6149
04:04:48,720 --> 04:04:51,199
then what we want to print
6150
04:04:51,199 --> 04:04:56,120
is parse dot unquote
6151
04:04:56,819 --> 04:04:58,800
and this is just a way for us to print
6152
04:04:58,800 --> 04:05:02,160
these two values so parse.unquote and we
6153
04:05:02,160 --> 04:05:04,380
will select the first element of the
6154
04:05:04,380 --> 04:05:06,859
user pass
6155
04:05:08,640 --> 04:05:10,859
and we need to select the second element
6156
04:05:10,859 --> 04:05:13,319
which would be the password as well so
6157
04:05:13,319 --> 04:05:16,680
parse dot unquote
6158
04:05:16,680 --> 04:05:20,040
user underscore pass
6159
04:05:20,040 --> 04:05:23,100
and the second element okay
6160
04:05:23,100 --> 04:05:25,739
so once again if these two values are
6161
04:05:25,739 --> 04:05:27,899
not equal to none we will print the
6162
04:05:27,899 --> 04:05:30,680
username and password
6163
04:05:30,720 --> 04:05:33,859
in any other case
6164
04:05:34,739 --> 04:05:37,140
and by in any other case I mean if we
6165
04:05:37,140 --> 04:05:39,140
encounter any other packet that doesn't
6166
04:05:39,140 --> 04:05:42,060
satisfy these three statements right
6167
04:05:42,060 --> 04:05:43,020
here
6168
04:05:43,020 --> 04:05:45,779
we're going to Simply pass and let that
6169
04:05:45,779 --> 04:05:48,060
packet go since it will probably not
6170
04:05:48,060 --> 04:05:51,540
store any username or any password
6171
04:05:51,540 --> 04:05:53,939
all right so this should be the entire
6172
04:05:53,939 --> 04:05:55,080
program
6173
04:05:55,080 --> 04:05:58,620
here it is let's see how it runs
6174
04:05:58,620 --> 04:06:01,080
if I open up the terminal
6175
04:06:01,080 --> 04:06:05,300
clear the screen and run it
6176
04:06:06,660 --> 04:06:09,359
you will see it did run successfully we
6177
04:06:09,359 --> 04:06:11,279
don't see anything right here nothing is
6178
04:06:11,279 --> 04:06:13,319
being printed so let's check out whether
6179
04:06:13,319 --> 04:06:15,779
we can get something to print right here
6180
04:06:15,779 --> 04:06:19,760
if we open up our Firefox
6181
04:06:20,160 --> 04:06:22,560
and I simply go to the
6182
04:06:22,560 --> 04:06:25,380
192.168.1.1
6183
04:06:25,380 --> 04:06:29,160
which is my router's login page and I go
6184
04:06:29,160 --> 04:06:32,580
for example type hello as a username and
6185
04:06:32,580 --> 04:06:36,620
world as a password and click on login
6186
04:06:36,779 --> 04:06:39,600
you will see right here we do get both
6187
04:06:39,600 --> 04:06:41,760
username and password now the password
6188
04:06:41,760 --> 04:06:44,040
is encrypted but that is because of my
6189
04:06:44,040 --> 04:06:46,739
router security therefore our program
6190
04:06:46,739 --> 04:06:48,899
successfully works
6191
04:06:48,899 --> 04:06:50,819
we do manage to get the username and
6192
04:06:50,819 --> 04:06:52,439
password now let's see on another
6193
04:06:52,439 --> 04:06:54,840
website as well let's go to our good old
6194
04:06:54,840 --> 04:06:58,199
test php.phoneweb.com
6195
04:07:03,000 --> 04:07:05,760
here if you go on the sign up we will
6196
04:07:05,760 --> 04:07:07,859
have a page where it will ask us for the
6197
04:07:07,859 --> 04:07:10,140
username and password so let's type the
6198
04:07:10,140 --> 04:07:12,000
username and password right here let's
6199
04:07:12,000 --> 04:07:16,260
go once again with hello and then world
6200
04:07:16,260 --> 04:07:18,000
click on login
6201
04:07:18,000 --> 04:07:22,140
and we get both hello and both World in
6202
04:07:22,140 --> 04:07:24,960
our terminal right here so our program
6203
04:07:24,960 --> 04:07:27,300
worked correctly
6204
04:07:27,300 --> 04:07:29,520
now in case you also want to get from
6205
04:07:29,520 --> 04:07:31,920
which website are these usernames and
6206
04:07:31,920 --> 04:07:33,479
passwords coming from which would be a
6207
04:07:33,479 --> 04:07:35,040
good idea
6208
04:07:35,040 --> 04:07:39,000
all you need to do is go down
6209
04:07:39,000 --> 04:07:42,300
in our packet parser function and if the
6210
04:07:42,300 --> 04:07:43,739
packet has these three statements
6211
04:07:43,739 --> 04:07:44,819
fulfilled
6212
04:07:44,819 --> 04:07:48,300
we also want to print packet
6213
04:07:48,300 --> 04:07:49,859
TCP
6214
04:07:49,859 --> 04:07:53,600
and then dot payload
6215
04:07:53,699 --> 04:07:56,640
all right so let's go and run it once
6216
04:07:56,640 --> 04:07:58,760
again
6217
04:07:59,100 --> 04:08:03,260
and go to Firefox and type
6218
04:08:04,439 --> 04:08:06,840
oh never mind we will be printing a
6219
04:08:06,840 --> 04:08:08,880
whole lot more packets than we need so
6220
04:08:08,880 --> 04:08:10,800
this actual statement
6221
04:08:10,800 --> 04:08:13,260
should go
6222
04:08:13,260 --> 04:08:14,880
here
6223
04:08:14,880 --> 04:08:17,819
and not here so we only want to print it
6224
04:08:17,819 --> 04:08:19,859
if the user and pass is not equal to
6225
04:08:19,859 --> 04:08:24,859
none so let's go once again and print it
6226
04:08:25,620 --> 04:08:27,479
now once we reload we are not getting
6227
04:08:27,479 --> 04:08:29,399
any random packets so let's type right
6228
04:08:29,399 --> 04:08:33,239
here admin and password will be password
6229
04:08:33,239 --> 04:08:36,420
click on OK we get the username to be
6230
04:08:36,420 --> 04:08:38,040
admin and the password to be password
6231
04:08:38,040 --> 04:08:41,279
and we also get the entire packet above
6232
04:08:41,279 --> 04:08:43,319
so now we can see
6233
04:08:43,319 --> 04:08:45,660
that the login is coming from this
6234
04:08:45,660 --> 04:08:47,340
website
6235
04:08:47,340 --> 04:08:49,140
we also see a bunch of other different
6236
04:08:49,140 --> 04:08:51,000
information which could be useful to us
6237
04:08:51,000 --> 04:08:52,979
but for now on we're only interested in
6238
04:08:52,979 --> 04:08:55,800
this host information and in these two
6239
04:08:55,800 --> 04:08:58,800
values which are username and password
6240
04:08:58,800 --> 04:09:00,239
all right
6241
04:09:00,239 --> 04:09:01,979
now that we are sure that our program
6242
04:09:01,979 --> 04:09:04,199
works and that we can sniff usernames
6243
04:09:04,199 --> 04:09:06,420
and passwords on different websites and
6244
04:09:06,420 --> 04:09:08,100
by the way keep in mind this will only
6245
04:09:08,100 --> 04:09:10,560
work on HTTP websites if you want to
6246
04:09:10,560 --> 04:09:12,420
sniff the information and passwords over
6247
04:09:12,420 --> 04:09:15,840
the https websites you will also need to
6248
04:09:15,840 --> 04:09:18,600
run a cell strip on the site
6249
04:09:18,600 --> 04:09:20,880
and that will only work for the S cell
6250
04:09:20,880 --> 04:09:22,680
connections and not for the TLs
6251
04:09:22,680 --> 04:09:25,260
encryption all right
6252
04:09:25,260 --> 04:09:26,340
but
6253
04:09:26,340 --> 04:09:28,680
let's put that on the side in the next
6254
04:09:28,680 --> 04:09:30,960
video we can combine it with our Arps
6255
04:09:30,960 --> 04:09:33,180
buffer and see how we can sniff the
6256
04:09:33,180 --> 04:09:35,100
usernames and passwords on a different
6257
04:09:35,100 --> 04:09:37,500
machine the same way we did right now in
6258
04:09:37,500 --> 04:09:39,840
Kali Linux just we're going to try to
6259
04:09:39,840 --> 04:09:41,699
sniff the usernames and passwords on
6260
04:09:41,699 --> 04:09:43,439
Windows 10 machine
6261
04:09:43,439 --> 04:09:45,300
so thank you for watching this lecture
6262
04:09:45,300 --> 04:09:49,020
and I will see you in the next video bye
6263
04:09:49,020 --> 04:09:51,600
welcome back and this is the first video
6264
04:09:51,600 --> 04:09:53,580
where we are going to test two of our
6265
04:09:53,580 --> 04:09:55,319
tools together
6266
04:09:55,319 --> 04:09:57,060
we're going to test our passwords to
6267
04:09:57,060 --> 04:09:59,340
infer that we coded in this project and
6268
04:09:59,340 --> 04:10:01,199
we're going to combine it with our Arps
6269
04:10:01,199 --> 04:10:02,880
buffer that we created in the previous
6270
04:10:02,880 --> 04:10:06,779
section so let's see how that will go
6271
04:10:06,779 --> 04:10:09,060
first what we need to do is open up our
6272
04:10:09,060 --> 04:10:11,760
terminal and I will go on to the actions
6273
04:10:11,760 --> 04:10:14,939
and split the terminal horizontally so
6274
04:10:14,939 --> 04:10:17,100
it will have two of these screens right
6275
04:10:17,100 --> 04:10:18,660
here
6276
04:10:18,660 --> 04:10:20,880
in the first screen I will navigate to
6277
04:10:20,880 --> 04:10:22,620
pycharm
6278
04:10:22,620 --> 04:10:24,180
and I will navigate to the password
6279
04:10:24,180 --> 04:10:26,880
sniffer project
6280
04:10:26,880 --> 04:10:29,279
and in the second screen I will navigate
6281
04:10:29,279 --> 04:10:31,739
once again to pycharm and to arp's
6282
04:10:31,739 --> 04:10:32,939
buffer project
6283
04:10:32,939 --> 04:10:34,319
all right
6284
04:10:34,319 --> 04:10:37,800
so if I type LS in the ARP spoofer
6285
04:10:37,800 --> 04:10:40,260
you will remember that our arp's buffer
6286
04:10:40,260 --> 04:10:42,359
code requires us to specify the target
6287
04:10:42,359 --> 04:10:44,880
IP address and the router's IP address
6288
04:10:44,880 --> 04:10:47,760
has two arguments to the command
6289
04:10:47,760 --> 04:10:50,279
so let's run the arbit hover right away
6290
04:10:50,279 --> 04:10:53,160
I will type python 3.
6291
04:10:53,160 --> 04:10:56,239
arp's buffer
6292
04:10:56,239 --> 04:10:59,100
192.168.1.1 and the IP address of my
6293
04:10:59,100 --> 04:11:03,540
Windows 10 machine is 192.168.1.2
6294
04:11:04,920 --> 04:11:08,100
run this and this will start working as
6295
04:11:08,100 --> 04:11:10,500
we can see it is not closing it is
6296
04:11:10,500 --> 04:11:13,439
sending two packets every two seconds
6297
04:11:13,439 --> 04:11:15,239
if you want to check whether it worked
6298
04:11:15,239 --> 04:11:18,000
we can simply just go to the CMD or the
6299
04:11:18,000 --> 04:11:20,520
command prompt in Windows and type ARP
6300
04:11:20,520 --> 04:11:23,699
Dash a and we will see that both of the
6301
04:11:23,699 --> 04:11:26,399
Cal Linux and router have the same Mac
6302
04:11:26,399 --> 04:11:28,620
address therefore our Arps proofing
6303
04:11:28,620 --> 04:11:29,760
worked
6304
04:11:29,760 --> 04:11:32,100
now let's see how this will help us to
6305
04:11:32,100 --> 04:11:33,899
actually sniff the password on Windows
6306
04:11:33,899 --> 04:11:34,979
10 machine
6307
04:11:34,979 --> 04:11:37,680
now if I go to my password slaver and I
6308
04:11:37,680 --> 04:11:40,199
simply just run it so python3
6309
04:11:40,199 --> 04:11:42,180
password sniffer
6310
04:11:42,180 --> 04:11:44,640
as we can see it seems to work correctly
6311
04:11:44,640 --> 04:11:48,060
all we are left to do right now is go on
6312
04:11:48,060 --> 04:11:50,340
Windows 10 to Google Chrome or any
6313
04:11:50,340 --> 04:11:52,920
search engine that you're using
6314
04:11:52,920 --> 04:11:55,560
wait for it to open up and once it opens
6315
04:11:55,560 --> 04:11:57,420
up let's first of all go to my router
6316
04:11:57,420 --> 04:11:58,920
right here
6317
04:11:58,920 --> 04:12:02,100
whoops it will not connect because you
6318
04:12:02,100 --> 04:12:04,680
remember we forgot one thing so let us
6319
04:12:04,680 --> 04:12:06,899
just close our apps buffer
6320
04:12:06,899 --> 04:12:09,660
for a second we actually have to forward
6321
04:12:09,660 --> 04:12:12,239
our packets first so let's do that with
6322
04:12:12,239 --> 04:12:14,580
the command echo1
6323
04:12:14,580 --> 04:12:16,920
two arrows to the right slash Brock
6324
04:12:16,920 --> 04:12:18,540
slash sys
6325
04:12:18,540 --> 04:12:21,540
slash net slash ipv4
6326
04:12:21,540 --> 04:12:25,739
and slash IP underscore forward once we
6327
04:12:25,739 --> 04:12:29,110
do that we can run our spofer once again
6328
04:12:29,110 --> 04:12:33,479
[Music]
6329
04:12:33,479 --> 04:12:35,939
okay so it is working let's go back to
6330
04:12:35,939 --> 04:12:38,279
our page and try to reload it here it is
6331
04:12:38,279 --> 04:12:41,580
and if we type some random username such
6332
04:12:41,580 --> 04:12:43,979
as for example admin and password to be
6333
04:12:43,979 --> 04:12:45,720
password
6334
04:12:45,720 --> 04:12:48,300
press on login and go back to our Cal
6335
04:12:48,300 --> 04:12:50,279
Linux machine we will get the full
6336
04:12:50,279 --> 04:12:52,439
packet printed out right here here is
6337
04:12:52,439 --> 04:12:54,420
the username and the password due to
6338
04:12:54,420 --> 04:12:56,520
security measures is actually set to be
6339
04:12:56,520 --> 04:12:58,680
encrypted and we can also see the actual
6340
04:12:58,680 --> 04:13:01,439
host or the website to which these two
6341
04:13:01,439 --> 04:13:03,840
Fields have been specified and in this
6342
04:13:03,840 --> 04:13:05,420
case it is
6343
04:13:05,420 --> 04:13:09,420
192.168.1.1 or our router now if we go
6344
04:13:09,420 --> 04:13:11,640
on to the different website which is
6345
04:13:11,640 --> 04:13:13,100
test
6346
04:13:13,100 --> 04:13:16,020
php.phoneweb.com and we go to the sign
6347
04:13:16,020 --> 04:13:18,840
up specify right here admin and then
6348
04:13:18,840 --> 04:13:20,760
password
6349
04:13:20,760 --> 04:13:23,520
click on login go back to our care Linux
6350
04:13:23,520 --> 04:13:26,160
machine we will also get that packet as
6351
04:13:26,160 --> 04:13:28,859
well okay so here it is username is
6352
04:13:28,859 --> 04:13:31,620
admin password is password in plain text
6353
04:13:31,620 --> 04:13:33,479
we can see it right here
6354
04:13:33,479 --> 04:13:36,239
and we can also see where are these
6355
04:13:36,239 --> 04:13:39,180
fields specified in our case they are
6356
04:13:39,180 --> 04:13:42,000
specified on this website right here
6357
04:13:42,000 --> 04:13:44,520
alright so our password safer works we
6358
04:13:44,520 --> 04:13:46,500
combined our two tools our password
6359
04:13:46,500 --> 04:13:48,779
sniffer and our arms buffer in order to
6360
04:13:48,779 --> 04:13:51,239
sniff the passwords from the HTTP
6361
04:13:51,239 --> 04:13:53,640
websites on the different machines on
6362
04:13:53,640 --> 04:13:56,340
our local network now if you want to do
6363
04:13:56,340 --> 04:13:58,680
this on multiple targets at once you can
6364
04:13:58,680 --> 04:14:00,779
either just upgrade our arf's buffer to
6365
04:14:00,779 --> 04:14:02,760
be able to spoof every machine on the
6366
04:14:02,760 --> 04:14:04,859
local area network or you can use a
6367
04:14:04,859 --> 04:14:07,260
different tool with combination with our
6368
04:14:07,260 --> 04:14:09,479
password sniffer so you can use a tool
6369
04:14:09,479 --> 04:14:12,600
called for example mitmf not really sure
6370
04:14:12,600 --> 04:14:15,120
if it is installed right here yeah you
6371
04:14:15,120 --> 04:14:18,060
can also use the mitm proxy but I would
6372
04:14:18,060 --> 04:14:20,520
advise you to go into the Firefox
6373
04:14:20,520 --> 04:14:22,620
if you want to use the real man in the
6374
04:14:22,620 --> 04:14:25,199
middle and ARP spoofing tool that comes
6375
04:14:25,199 --> 04:14:27,000
with bunch of different options that
6376
04:14:27,000 --> 04:14:28,800
will help you fully execute your attack
6377
04:14:28,800 --> 04:14:31,620
you simply just go and download a tool
6378
04:14:31,620 --> 04:14:34,680
called mitmf
6379
04:14:34,680 --> 04:14:36,120
you would simply just click on this
6380
04:14:36,120 --> 04:14:38,600
first link
6381
04:14:41,340 --> 04:14:44,100
go all the way down you would clone this
6382
04:14:44,100 --> 04:14:46,680
page with Git clone then you can go to
6383
04:14:46,680 --> 04:14:49,620
the installation instructions right here
6384
04:14:49,620 --> 04:14:51,840
and follow these instructions in these
6385
04:14:51,840 --> 04:14:54,180
commands in order to install mitmf
6386
04:14:54,180 --> 04:14:56,340
properly once you do that you can simply
6387
04:14:56,340 --> 04:14:58,020
just use the tool to perform ARP
6388
04:14:58,020 --> 04:15:00,600
spoofing and use our password sniffer in
6389
04:15:00,600 --> 04:15:02,699
order to sniff passwords on every
6390
04:15:02,699 --> 04:15:04,739
machine on local area network
6391
04:15:04,739 --> 04:15:07,140
okay so that would be about it for this
6392
04:15:07,140 --> 04:15:09,300
section we successfully saw how we can
6393
04:15:09,300 --> 04:15:11,399
combine these two tools and in the next
6394
04:15:11,399 --> 04:15:13,319
project we're also going to see another
6395
04:15:13,319 --> 04:15:15,300
tool that we will create that you can
6396
04:15:15,300 --> 04:15:17,220
either combine with our spoofer if you
6397
04:15:17,220 --> 04:15:19,560
like or you can simply just use it on
6398
04:15:19,560 --> 04:15:21,779
your own with another tool perhaps such
6399
04:15:21,779 --> 04:15:25,020
as mitmf or with the any other tool that
6400
04:15:25,020 --> 04:15:27,660
performs man in the middle attack as
6401
04:15:27,660 --> 04:15:30,120
well okay so thank you for watching this
6402
04:15:30,120 --> 04:15:32,160
section and I will see you in the next
6403
04:15:32,160 --> 04:15:35,460
project bye
448647
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.