subtitlecat.com

All language subtitles for [English (auto-generated)] The Complete Python Hacking Course Beginner To Advance 2023 & [DownSub.com]

Afrikaans

Albanian

Amharic

Arabic

Armenian

Azerbaijani

Basque

Belarusian

Bengali

Bosnian

Bulgarian

Catalan

Cebuano

Chichewa

Chinese (Simplified)

Chinese (Traditional)

Corsican

Croatian

Czech

Danish

Dutch

English

Esperanto

Estonian

Filipino

Finnish

French

Frisian

Galician

Georgian

German

Greek

Gujarati

Haitian Creole

Hausa

Hawaiian

Hebrew

Hindi

Hmong

Hungarian

Icelandic

Igbo

Indonesian

Irish

Italian

Japanese

Javanese

Kannada

Kazakh

Khmer

Korean

Kurdish (Kurmanji)

Kyrgyz

Lao

Latin

Latvian

Lithuanian

Luxembourgish

Macedonian

Malagasy

Malay

Malayalam

Maltese

Maori

Marathi

Mongolian

Myanmar (Burmese) Download

Nepali

Norwegian

Pashto

Persian

Polish

Portuguese

Punjabi

Romanian

Russian

Samoan

Scots Gaelic

Serbian

Sesotho

Shona

Sindhi

Sinhala

Slovak

Slovenian

Somali

Spanish

Sundanese

Swahili

Swedish

Tajik

Tamil

Telugu

Thai

Turkish

Ukrainian

Urdu

Uzbek

Vietnamese

Welsh

Xhosa

Yiddish

Yoruba

Zulu

Odia (Oriya)

Kinyarwanda

Turkmen

Tatar

Uyghur

Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,359 --> 00:00:02,580 hello everybody and welcome to this 2 00:00:02,580 --> 00:00:05,040 complete Python 3 hacking course 3 00:00:05,040 --> 00:00:07,080 now in this course we are going to code 4 00:00:07,080 --> 00:00:09,540 multiple projects each one of them will 5 00:00:09,540 --> 00:00:11,519 have its own purpose and you will have 6 00:00:11,519 --> 00:00:13,440 all of the code at the end of each 7 00:00:13,440 --> 00:00:15,299 project in the resources list to 8 00:00:15,299 --> 00:00:16,560 download 9 00:00:16,560 --> 00:00:18,539 and by the end of this course you should 10 00:00:18,539 --> 00:00:20,460 have a pretty good knowledge on how to 11 00:00:20,460 --> 00:00:22,800 create tools using Python 3 for your own 12 00:00:22,800 --> 00:00:25,019 penetration tests 13 00:00:25,019 --> 00:00:26,640 so as I mentioned this will gather 14 00:00:26,640 --> 00:00:28,439 different tools from different fields 15 00:00:28,439 --> 00:00:30,900 such as for example Port scanners back 16 00:00:30,900 --> 00:00:33,420 doors email Scrappers vulnerability 17 00:00:33,420 --> 00:00:35,820 scanners and many more 18 00:00:35,820 --> 00:00:38,160 I'm going to code as we go and explain 19 00:00:38,160 --> 00:00:40,379 everything line by line so you should 20 00:00:40,379 --> 00:00:42,420 have no problem understanding the code 21 00:00:42,420 --> 00:00:44,640 and just in case you don't like to code 22 00:00:44,640 --> 00:00:46,920 along you will have all of the programs 23 00:00:46,920 --> 00:00:49,200 available to download at the end of each 24 00:00:49,200 --> 00:00:51,600 project you can simply just download the 25 00:00:51,600 --> 00:00:54,120 code and follow along the tutorials as I 26 00:00:54,120 --> 00:00:57,000 explain without having to code anything 27 00:00:57,000 --> 00:00:58,260 okay 28 00:00:58,260 --> 00:01:00,899 now one important thing is if you have 29 00:01:00,899 --> 00:01:03,239 any questions regarding any program or 30 00:01:03,239 --> 00:01:04,979 if you have any proposals and you want 31 00:01:04,979 --> 00:01:06,840 me to add something to the course feel 32 00:01:06,840 --> 00:01:08,820 free to post in the Q a section and I 33 00:01:08,820 --> 00:01:11,220 will respond as soon as I can 34 00:01:11,220 --> 00:01:13,080 also if you don't understand anything 35 00:01:13,080 --> 00:01:15,119 make sure that you post in the Q a 36 00:01:15,119 --> 00:01:17,340 section or send me a private message and 37 00:01:17,340 --> 00:01:19,799 I will also respond there as well 38 00:01:19,799 --> 00:01:21,600 another thing to mention is that 39 00:01:21,600 --> 00:01:22,920 throughout the course there will be 40 00:01:22,920 --> 00:01:24,659 different articles and bonus lectures 41 00:01:24,659 --> 00:01:26,280 which will give you additional knowledge 42 00:01:26,280 --> 00:01:28,560 and for example if this course doesn't 43 00:01:28,560 --> 00:01:30,000 cover something such as for example 44 00:01:30,000 --> 00:01:32,280 installing Windows 7 virtual machine 45 00:01:32,280 --> 00:01:35,100 I'll make sure to leave a link to the 46 00:01:35,100 --> 00:01:36,780 tutorial where you can watch and follow 47 00:01:36,780 --> 00:01:38,520 along the tutorial in order to continue 48 00:01:38,520 --> 00:01:39,659 the course 49 00:01:39,659 --> 00:01:41,880 this course will be updated every month 50 00:01:41,880 --> 00:01:45,420 with new lectures with updated code and 51 00:01:45,420 --> 00:01:47,640 with your proposals if you tell me for 52 00:01:47,640 --> 00:01:48,900 example you want to see an updated 53 00:01:48,900 --> 00:01:50,759 keylogger I will make sure that they 54 00:01:50,759 --> 00:01:53,280 create it and put it inside of a course 55 00:01:53,280 --> 00:01:55,079 now in this course we are going to use 56 00:01:55,079 --> 00:01:57,119 Kali Linux as a virtual machine and 57 00:01:57,119 --> 00:01:58,380 don't worry I will lead you through the 58 00:01:58,380 --> 00:02:00,899 steps of installation in the 59 00:02:00,899 --> 00:02:02,880 introductory part of the course in case 60 00:02:02,880 --> 00:02:04,860 you're an advanced ethical hacker feel 61 00:02:04,860 --> 00:02:06,659 free to skip the introductory part and 62 00:02:06,659 --> 00:02:08,758 get straight into the coding lessons 63 00:02:08,758 --> 00:02:10,739 for all of you beginners I will teach 64 00:02:10,739 --> 00:02:12,480 you in the introductory video how you 65 00:02:12,480 --> 00:02:14,280 can create your own virtual machine and 66 00:02:14,280 --> 00:02:16,500 set up your own environment in order to 67 00:02:16,500 --> 00:02:18,360 start with this course 68 00:02:18,360 --> 00:02:20,700 another advice that I have is in case 69 00:02:20,700 --> 00:02:22,500 you don't have too much python knowledge 70 00:02:22,500 --> 00:02:24,420 feel free to also take a course on the 71 00:02:24,420 --> 00:02:26,700 side as we are not going to cover Python 72 00:02:26,700 --> 00:02:29,099 3 Basics we're going to get straight 73 00:02:29,099 --> 00:02:31,440 into coding different tools with python 74 00:02:31,440 --> 00:02:32,459 3. 75 00:02:32,459 --> 00:02:34,080 now even though I'm going to explain 76 00:02:34,080 --> 00:02:35,879 some of the basics throughout our code 77 00:02:35,879 --> 00:02:38,220 it would still be best for you if you 78 00:02:38,220 --> 00:02:39,959 would take a Python 3 separate course 79 00:02:39,959 --> 00:02:41,940 and I will also have some of my 80 00:02:41,940 --> 00:02:44,519 recommendations for Python 3 courses in 81 00:02:44,519 --> 00:02:46,860 the resources of this lecture so without 82 00:02:46,860 --> 00:02:49,080 further Ado thank you for enrolling and 83 00:02:49,080 --> 00:02:50,879 let's not make this any longer and let's 84 00:02:50,879 --> 00:02:53,160 get straight into the course 85 00:02:53,160 --> 00:02:55,019 hello everyone and welcome to the 86 00:02:55,019 --> 00:02:57,540 trailer of our course now in this short 87 00:02:57,540 --> 00:02:59,459 video I will give you a small teaser as 88 00:02:59,459 --> 00:03:01,200 to what you can expect after you finish 89 00:03:01,200 --> 00:03:03,720 this course it's always the best idea to 90 00:03:03,720 --> 00:03:05,459 show the students some of the things 91 00:03:05,459 --> 00:03:06,780 that you will be doing inside of the 92 00:03:06,780 --> 00:03:08,580 course and some of the things that they 93 00:03:08,580 --> 00:03:10,739 will learn and master at the end 94 00:03:10,739 --> 00:03:13,140 so for this teaser I decided to show you 95 00:03:13,140 --> 00:03:15,599 the back door but not just any back door 96 00:03:15,599 --> 00:03:17,879 I decided to show you a back door that 97 00:03:17,879 --> 00:03:19,319 we're going to run from two separate 98 00:03:19,319 --> 00:03:21,060 machines and we will establish two 99 00:03:21,060 --> 00:03:23,459 connections with Target systems we will 100 00:03:23,459 --> 00:03:25,019 be able to switch between both of these 101 00:03:25,019 --> 00:03:27,120 connections and execute commands on both 102 00:03:27,120 --> 00:03:28,620 of the systems 103 00:03:28,620 --> 00:03:30,720 let me show you what they mean now don't 104 00:03:30,720 --> 00:03:32,220 worry if you don't understand anything 105 00:03:32,220 --> 00:03:34,620 in this tutorial we're going to code all 106 00:03:34,620 --> 00:03:36,840 of this and I will explain it in the 107 00:03:36,840 --> 00:03:39,599 future projects for now on just sit back 108 00:03:39,599 --> 00:03:41,400 and enjoy the teaser 109 00:03:41,400 --> 00:03:43,980 here we have the Kali Linux machine from 110 00:03:43,980 --> 00:03:45,420 this cataly Linux machine I will use 111 00:03:45,420 --> 00:03:47,459 Python 3 to run a command the control 112 00:03:47,459 --> 00:03:49,200 center which is our program that we 113 00:03:49,200 --> 00:03:51,659 coded I will run it right here and it 114 00:03:51,659 --> 00:03:53,159 will tell us that it is waiting for the 115 00:03:53,159 --> 00:03:54,959 incoming connections 116 00:03:54,959 --> 00:03:57,540 okay so now if I go back to my Windows 117 00:03:57,540 --> 00:03:59,819 10 machine which is this one I will have 118 00:03:59,819 --> 00:04:02,519 this picture.jpg file which looks like a 119 00:04:02,519 --> 00:04:06,360 normal image but if we execute it 120 00:04:06,360 --> 00:04:08,340 it will also open up the image and 121 00:04:08,340 --> 00:04:10,500 nothing else if we see nothing else is 122 00:04:10,500 --> 00:04:12,659 being opened so everything looks 123 00:04:12,659 --> 00:04:15,180 normally but this actual file in the 124 00:04:15,180 --> 00:04:17,940 background opened up our back door which 125 00:04:17,940 --> 00:04:19,798 is also a program that we're going to 126 00:04:19,798 --> 00:04:20,519 code 127 00:04:20,519 --> 00:04:22,919 if you go to Kali Linux 128 00:04:22,919 --> 00:04:25,259 in just a few seconds we should see the 129 00:04:25,259 --> 00:04:28,500 connection from our Windows 10 machine 130 00:04:28,500 --> 00:04:30,300 while it is connecting to our Command 131 00:04:30,300 --> 00:04:33,360 control center oh here it is so we got 132 00:04:33,360 --> 00:04:34,940 the connection from 133 00:04:34,940 --> 00:04:37,199 192.168.1.2 which is the IP address of 134 00:04:37,199 --> 00:04:39,479 my windows 10. let's also run the same 135 00:04:39,479 --> 00:04:41,520 file from my Windows 10 virtual machine 136 00:04:41,520 --> 00:04:43,940 if I go right here double click on 137 00:04:43,940 --> 00:04:47,040 picture.jpg click on run it will open up 138 00:04:47,040 --> 00:04:49,020 an image and nothing else but it will 139 00:04:49,020 --> 00:04:52,440 also run in the background our back door 140 00:04:52,440 --> 00:04:54,419 let's go to our Cal Linux and see 141 00:04:54,419 --> 00:04:56,639 whether we receive the connection 142 00:04:56,639 --> 00:04:58,440 and here it is here's the connection 143 00:04:58,440 --> 00:05:00,479 from the Windows 7 machine so now we got 144 00:05:00,479 --> 00:05:03,000 two Targets connected to our commander 145 00:05:03,000 --> 00:05:05,100 control center we can check all the 146 00:05:05,100 --> 00:05:07,080 sessions that we have by typing targets 147 00:05:07,080 --> 00:05:09,660 command it will print us session zero 148 00:05:09,660 --> 00:05:11,880 with this IP address and session one 149 00:05:11,880 --> 00:05:14,520 with this IP address right here 150 00:05:14,520 --> 00:05:16,680 in order to access any of these sessions 151 00:05:16,680 --> 00:05:19,380 we can simply just specify session one 152 00:05:19,380 --> 00:05:21,900 which is our Windows 7 machine and type 153 00:05:21,900 --> 00:05:24,240 who am I and execute all of the commands 154 00:05:24,240 --> 00:05:26,520 such as ipconfig 155 00:05:26,520 --> 00:05:28,919 such as deer in order to check all the 156 00:05:28,919 --> 00:05:31,500 contents in that specific directory so 157 00:05:31,500 --> 00:05:34,259 here it is if we want to we can also set 158 00:05:34,259 --> 00:05:37,380 this session to the background 159 00:05:37,380 --> 00:05:39,539 and clear the screen and we can enter 160 00:05:39,539 --> 00:05:42,660 session 0 which is Windows 10 machine 161 00:05:42,660 --> 00:05:44,759 if I type who am I inside of a Windows 162 00:05:44,759 --> 00:05:46,620 10 machine I will see a different 163 00:05:46,620 --> 00:05:48,600 response than to Windows 7 which means 164 00:05:48,600 --> 00:05:50,580 we are on a different Target 165 00:05:50,580 --> 00:05:53,520 if I type ipconfig 166 00:05:53,520 --> 00:05:55,919 you will see a different IP address as 167 00:05:55,919 --> 00:05:57,780 well as there will give you a different 168 00:05:57,780 --> 00:06:00,539 output for that specific directory 169 00:06:00,539 --> 00:06:03,000 okay we can use the clear command inside 170 00:06:03,000 --> 00:06:04,860 of a shell in order to clear the screen 171 00:06:04,860 --> 00:06:07,199 in case we have multiple commands 172 00:06:07,199 --> 00:06:09,300 if I type the help command inside of a 173 00:06:09,300 --> 00:06:11,039 shell function it will give us all the 174 00:06:11,039 --> 00:06:13,139 available things that we can do with our 175 00:06:13,139 --> 00:06:14,580 Target 176 00:06:14,580 --> 00:06:16,560 we can change the directories using CD 177 00:06:16,560 --> 00:06:18,780 command we can upload files download 178 00:06:18,780 --> 00:06:21,419 files we can start our keylogger using 179 00:06:21,419 --> 00:06:23,400 the key log start so let's give it a try 180 00:06:23,400 --> 00:06:25,800 let's start our key logger let's type 181 00:06:25,800 --> 00:06:27,000 key log 182 00:06:27,000 --> 00:06:28,620 underscore start 183 00:06:28,620 --> 00:06:30,180 it will give us a message that the 184 00:06:30,180 --> 00:06:32,160 keylogger has been started so let's open 185 00:06:32,160 --> 00:06:34,380 up Notepad 186 00:06:34,380 --> 00:06:36,660 and start typing something inside of our 187 00:06:36,660 --> 00:06:39,780 Windows 10 notepad so if I type how is 188 00:06:39,780 --> 00:06:41,460 your day 189 00:06:41,460 --> 00:06:46,639 question mark can you see this message 190 00:06:46,740 --> 00:06:49,259 and we go back to our Calvin Linux 191 00:06:49,259 --> 00:06:50,699 machine and we take a look at the help 192 00:06:50,699 --> 00:06:52,800 command keylog underscore dump we'll 193 00:06:52,800 --> 00:06:54,840 print the keystrokes the target inputted 194 00:06:54,840 --> 00:06:57,060 so let's try it out key log underscore 195 00:06:57,060 --> 00:06:58,020 dump 196 00:06:58,020 --> 00:07:00,900 press enter and here we get notepad how 197 00:07:00,900 --> 00:07:03,300 is your date question mark can you see 198 00:07:03,300 --> 00:07:05,639 this message another question mark 199 00:07:05,639 --> 00:07:07,979 we can also stop the key logger by 200 00:07:07,979 --> 00:07:10,860 typing keylog underscore stop which will 201 00:07:10,860 --> 00:07:13,440 stop and self-destruct the keylogger 202 00:07:13,440 --> 00:07:15,840 file as it says right here 203 00:07:15,840 --> 00:07:17,639 if we want we can also create the 204 00:07:17,639 --> 00:07:19,020 persistence 205 00:07:19,020 --> 00:07:20,759 which will allow us to start our back 206 00:07:20,759 --> 00:07:22,979 door every time that the target restarts 207 00:07:22,979 --> 00:07:24,060 their machine 208 00:07:24,060 --> 00:07:25,620 so they only need to start the first 209 00:07:25,620 --> 00:07:28,259 time and every other time our backdoor 210 00:07:28,259 --> 00:07:29,880 will start on its own 211 00:07:29,880 --> 00:07:31,740 and another interesting command that we 212 00:07:31,740 --> 00:07:33,780 can do which is not specified right here 213 00:07:33,780 --> 00:07:36,419 is the screenshot command so if I type 214 00:07:36,419 --> 00:07:37,680 screenshot 215 00:07:37,680 --> 00:07:40,020 and before I press enter let me lower 216 00:07:40,020 --> 00:07:42,300 this so we can see everything 217 00:07:42,300 --> 00:07:45,300 if I type screenshot and press enter in 218 00:07:45,300 --> 00:07:47,039 just a few seconds we should have a 219 00:07:47,039 --> 00:07:49,259 screenshot of the target's desktop saved 220 00:07:49,259 --> 00:07:51,000 on our cataly Linux machine 221 00:07:51,000 --> 00:07:52,560 so let's see whether we saved it 222 00:07:52,560 --> 00:07:54,960 correctly if we go to the file 223 00:07:54,960 --> 00:07:57,300 here is the screenshot saved under the 224 00:07:57,300 --> 00:07:59,460 name screenshot 0. 225 00:07:59,460 --> 00:08:01,740 and here it is it is the exact same 226 00:08:01,740 --> 00:08:03,720 image that we saw before we pressed 227 00:08:03,720 --> 00:08:05,759 enter on the screenshot command so we 228 00:08:05,759 --> 00:08:07,440 successfully have the screenshot option 229 00:08:07,440 --> 00:08:10,020 in order to capture the target's desktop 230 00:08:10,020 --> 00:08:11,940 and that is just some of the options the 231 00:08:11,940 --> 00:08:14,340 power back door can do and this Vector 232 00:08:14,340 --> 00:08:15,780 is just one of the programs that we're 233 00:08:15,780 --> 00:08:18,660 going to code throughout this course 234 00:08:18,660 --> 00:08:20,819 so this is just a small teaser I showed 235 00:08:20,819 --> 00:08:22,319 you what we are going to do 236 00:08:22,319 --> 00:08:24,960 this is only a small portion of it or 237 00:08:24,960 --> 00:08:26,520 just a small portion of what our back 238 00:08:26,520 --> 00:08:28,860 door can do and we're going to see how 239 00:08:28,860 --> 00:08:31,259 we can code all of this inside of the 240 00:08:31,259 --> 00:08:33,419 future projects so thank you for 241 00:08:33,419 --> 00:08:35,279 watching and I will see you in the 242 00:08:35,279 --> 00:08:37,320 future lectures bye 243 00:08:37,320 --> 00:08:39,360 welcome everybody to the first lecture 244 00:08:39,360 --> 00:08:41,580 of our introduction section of our 245 00:08:41,580 --> 00:08:43,320 python hacking course 246 00:08:43,320 --> 00:08:45,480 so in this tutorial I'm going to show 247 00:08:45,480 --> 00:08:47,820 you where you can find and how you can 248 00:08:47,820 --> 00:08:49,920 download and install the virtualbox 249 00:08:49,920 --> 00:08:52,140 software that we're going to need in 250 00:08:52,140 --> 00:08:54,779 order to create our virtual machines 251 00:08:54,779 --> 00:08:57,000 okay now it is rather easy to install 252 00:08:57,000 --> 00:08:59,399 the software and as its name says we're 253 00:08:59,399 --> 00:09:01,080 going to need it in order to host the 254 00:09:01,080 --> 00:09:03,060 Cal Linux machine in which we are going 255 00:09:03,060 --> 00:09:05,519 to write our python code so let's get 256 00:09:05,519 --> 00:09:07,980 straight into how to download it so all 257 00:09:07,980 --> 00:09:09,779 you need to do is go to your Google home 258 00:09:09,779 --> 00:09:12,240 or Firefox whichever search engine 259 00:09:12,240 --> 00:09:14,640 you're using and navigate to the link 260 00:09:14,640 --> 00:09:17,220 virtualbox.org 261 00:09:17,220 --> 00:09:19,380 once you visit this link it will lead 262 00:09:19,380 --> 00:09:21,120 you to this page where it would tell you 263 00:09:21,120 --> 00:09:23,640 to download virtualbox 6.1 now it 264 00:09:23,640 --> 00:09:25,200 doesn't really matter which version you 265 00:09:25,200 --> 00:09:27,180 are going to download they're rather all 266 00:09:27,180 --> 00:09:29,220 the same so you can simply just click on 267 00:09:29,220 --> 00:09:31,440 the newest one which in my case at the 268 00:09:31,440 --> 00:09:34,380 moment is 6.1 click on download 269 00:09:34,380 --> 00:09:36,120 and it will lead you to this page where 270 00:09:36,120 --> 00:09:38,160 it will ask you for which type of host 271 00:09:38,160 --> 00:09:40,620 you want to download the virtualbox 272 00:09:40,620 --> 00:09:42,600 and right here under the virtualbox 273 00:09:42,600 --> 00:09:45,120 platform packages you can choose Windows 274 00:09:45,120 --> 00:09:47,760 hosts or sex hosts Linux distributions 275 00:09:47,760 --> 00:09:49,800 and Solaris hosts 276 00:09:49,800 --> 00:09:51,540 since I am running Windows 10 277 00:09:51,540 --> 00:09:54,480 environment on my main PC I'm going to 278 00:09:54,480 --> 00:09:57,240 navigate to the windows hosts and just 279 00:09:57,240 --> 00:09:58,860 like that it should start downloading 280 00:09:58,860 --> 00:10:01,920 the virtualbox installer file onto my 281 00:10:01,920 --> 00:10:04,260 machine as we can see right here it is 282 00:10:04,260 --> 00:10:07,140 not that larger file it is 108 megabytes 283 00:10:07,140 --> 00:10:09,360 large so as soon as it downloads you can 284 00:10:09,360 --> 00:10:10,980 simply just run it and install 285 00:10:10,980 --> 00:10:12,660 virtualbox 286 00:10:12,660 --> 00:10:14,580 the process of installation virtualbox 287 00:10:14,580 --> 00:10:16,800 is rather easy but I'm still going to 288 00:10:16,800 --> 00:10:19,440 guide you through the steps as to how to 289 00:10:19,440 --> 00:10:21,420 install virtualbox 290 00:10:21,420 --> 00:10:23,820 so as we can see right here there's not 291 00:10:23,820 --> 00:10:25,740 much time left 292 00:10:25,740 --> 00:10:28,260 okay so here it is 293 00:10:28,260 --> 00:10:30,060 let's open this up 294 00:10:30,060 --> 00:10:32,220 showing folder 295 00:10:32,220 --> 00:10:34,320 I will paste it onto my desktop right 296 00:10:34,320 --> 00:10:35,399 here 297 00:10:35,399 --> 00:10:39,440 and all you need to do is run the file 298 00:10:41,100 --> 00:10:43,080 we get a pop-up window which says 299 00:10:43,080 --> 00:10:45,980 preparing to install 300 00:10:47,519 --> 00:10:49,560 and here is the welcome window to the 301 00:10:49,560 --> 00:10:51,959 fertile box we want to click next right 302 00:10:51,959 --> 00:10:53,579 here 303 00:10:53,579 --> 00:10:56,220 next here as well 304 00:10:56,220 --> 00:10:58,620 and under the custom setup you can 305 00:10:58,620 --> 00:11:00,180 choose which options you want to leave 306 00:11:00,180 --> 00:11:02,459 unchecked and which options you want to 307 00:11:02,459 --> 00:11:04,680 uncheck so for example I will leave all 308 00:11:04,680 --> 00:11:07,079 four checked as I do one start menu 309 00:11:07,079 --> 00:11:09,779 entries and I also want shortcut on my 310 00:11:09,779 --> 00:11:11,339 desktop so I'm just going to click on 311 00:11:11,339 --> 00:11:13,200 next right here 312 00:11:13,200 --> 00:11:15,120 and this is a warning that usually comes 313 00:11:15,120 --> 00:11:16,740 up once you install virtualbox which 314 00:11:16,740 --> 00:11:18,480 tells you that during the installation 315 00:11:18,480 --> 00:11:19,920 of virtualbox you might actually 316 00:11:19,920 --> 00:11:21,920 temporarily disconnect from the internet 317 00:11:21,920 --> 00:11:24,240 even though that never really happened 318 00:11:24,240 --> 00:11:26,640 to me it might be the best idea in case 319 00:11:26,640 --> 00:11:28,500 you're downloading something to actually 320 00:11:28,500 --> 00:11:30,600 wait for that to finish before you 321 00:11:30,600 --> 00:11:33,120 actually click on the yes to proceed the 322 00:11:33,120 --> 00:11:34,920 installation since I am not doing 323 00:11:34,920 --> 00:11:36,600 anything at the moment I am simply just 324 00:11:36,600 --> 00:11:38,160 going to click here yes 325 00:11:38,160 --> 00:11:41,640 and click here on install 326 00:11:41,640 --> 00:11:43,560 and as it says right here this may take 327 00:11:43,560 --> 00:11:45,660 several minutes usually it is around two 328 00:11:45,660 --> 00:11:48,120 to three minutes it will ask us for the 329 00:11:48,120 --> 00:11:50,100 administrator password we are going to 330 00:11:50,100 --> 00:11:51,899 click here yes since I don't really have 331 00:11:51,899 --> 00:11:53,820 a password to type in and it should 332 00:11:53,820 --> 00:11:56,040 start installing virtualbox on my 333 00:11:56,040 --> 00:11:57,720 machine 334 00:11:57,720 --> 00:11:59,820 now you might notice that I already do 335 00:11:59,820 --> 00:12:02,760 have virtualbox but this is 6.0 version 336 00:12:02,760 --> 00:12:04,920 and this version is actually going to be 337 00:12:04,920 --> 00:12:08,459 updated to the newest one which is 6.1 338 00:12:08,459 --> 00:12:10,320 so I'm just going to wait for this to 339 00:12:10,320 --> 00:12:12,959 finish and I will get back to you right 340 00:12:12,959 --> 00:12:15,180 away okay so the installation has 341 00:12:15,180 --> 00:12:16,620 finished and I'm just going to click 342 00:12:16,620 --> 00:12:19,440 right here finish and it should 343 00:12:19,440 --> 00:12:23,120 automatically start my virtualbox 344 00:12:23,640 --> 00:12:27,540 and here it is now your window might be 345 00:12:27,540 --> 00:12:29,160 a little bit different because I already 346 00:12:29,160 --> 00:12:31,079 have some machines installed right here 347 00:12:31,079 --> 00:12:33,180 and you should not see any of these 348 00:12:33,180 --> 00:12:35,339 cataly Linux machines or Ubuntu machines 349 00:12:35,339 --> 00:12:38,820 ovas machines on your screen this should 350 00:12:38,820 --> 00:12:41,279 all be empty you should see these 351 00:12:41,279 --> 00:12:43,620 buttons right here which new stands for 352 00:12:43,620 --> 00:12:45,540 basically creating a new virtual machine 353 00:12:45,540 --> 00:12:47,639 which we're going to take a look at how 354 00:12:47,639 --> 00:12:50,100 to do in the next video for now on WE 355 00:12:50,100 --> 00:12:52,680 successfully install Oracle virtualbox 356 00:12:52,680 --> 00:12:54,959 and in the next video we're going to see 357 00:12:54,959 --> 00:12:57,540 how we can install Kali Linux as our 358 00:12:57,540 --> 00:13:00,420 operating system on the virtual machine 359 00:13:00,420 --> 00:13:02,760 okay so thank you for watching this 360 00:13:02,760 --> 00:13:04,980 tutorial and I will see you in the next 361 00:13:04,980 --> 00:13:07,139 lecture bye 362 00:13:07,139 --> 00:13:09,360 welcome back everyone since in the 363 00:13:09,360 --> 00:13:11,100 previous video we successfully installed 364 00:13:11,100 --> 00:13:13,500 virtualbox right now we want to see 365 00:13:13,500 --> 00:13:15,660 where we can download Kali Linux which 366 00:13:15,660 --> 00:13:17,940 version should we download and how we 367 00:13:17,940 --> 00:13:20,820 can create a virtual machine okay so 368 00:13:20,820 --> 00:13:23,040 right now if you go to your Google home 369 00:13:23,040 --> 00:13:25,680 and navigate to the official Cal Linux 370 00:13:25,680 --> 00:13:28,380 website which is the link kelly.org 371 00:13:28,380 --> 00:13:31,440 downloads you should see this page which 372 00:13:31,440 --> 00:13:33,360 will give you the latest version of Kali 373 00:13:33,360 --> 00:13:34,320 Linux 374 00:13:34,320 --> 00:13:38,120 in this case at the current time this is 375 00:13:38,120 --> 00:13:41,519 2020.1 a and it is the size of 2 376 00:13:41,519 --> 00:13:42,839 gigabytes 377 00:13:42,839 --> 00:13:44,579 now as I mentioned this is the newest 378 00:13:44,579 --> 00:13:46,920 version possible but I will not be using 379 00:13:46,920 --> 00:13:48,720 this version in the course 380 00:13:48,720 --> 00:13:50,820 the reason for that is it seems to be a 381 00:13:50,820 --> 00:13:52,860 little bit laggy on my PC but if you 382 00:13:52,860 --> 00:13:54,600 want to use the newest version and it 383 00:13:54,600 --> 00:13:56,459 works perfectly for you feel free to 384 00:13:56,459 --> 00:13:57,839 download it it doesn't really matter 385 00:13:57,839 --> 00:14:00,540 regarding the course content so in order 386 00:14:00,540 --> 00:14:02,220 to download it you simply just click on 387 00:14:02,220 --> 00:14:04,620 Cal Linux 64-bit and it should start 388 00:14:04,620 --> 00:14:06,899 downloading it over http 389 00:14:06,899 --> 00:14:08,820 and you also have the option to download 390 00:14:08,820 --> 00:14:11,579 it over torrent if you'd like 391 00:14:11,579 --> 00:14:13,800 now for those of you that also do not 392 00:14:13,800 --> 00:14:15,720 like the newest version you can simply 393 00:14:15,720 --> 00:14:18,260 just go to another page which is 394 00:14:18,260 --> 00:14:20,760 old.kelly.org which will have all of the 395 00:14:20,760 --> 00:14:22,740 previous Kali Linux versions and their 396 00:14:22,740 --> 00:14:25,200 release dates so you can download any 397 00:14:25,200 --> 00:14:27,779 version you like in my case I will just 398 00:14:27,779 --> 00:14:29,519 use the version before the newest one 399 00:14:29,519 --> 00:14:33,060 which is 2019.4 you simply just click on 400 00:14:33,060 --> 00:14:36,660 the Kali 2019.4 401 00:14:37,440 --> 00:14:38,940 and it should lead you to this page 402 00:14:38,940 --> 00:14:41,399 where you can download the ISO file for 403 00:14:41,399 --> 00:14:44,240 the Cal Linux 2019.4 version 404 00:14:44,240 --> 00:14:48,660 464-bit and 32-bit machine okay 405 00:14:48,660 --> 00:14:50,339 so I would simply just download Cal 406 00:14:50,339 --> 00:14:54,060 Linux 2019.4 and use this ISO file in 407 00:14:54,060 --> 00:14:55,980 order to continue the installation if 408 00:14:55,980 --> 00:14:58,019 you want to use the newest version well 409 00:14:58,019 --> 00:14:59,639 then you download this scale Linux 410 00:14:59,639 --> 00:15:02,699 64-bit or Cal Linux 32-bit depending on 411 00:15:02,699 --> 00:15:04,320 your machine but you are most likely 412 00:15:04,320 --> 00:15:07,620 going to have a 64-bit machine 413 00:15:07,620 --> 00:15:10,139 so once you click on it as we can see in 414 00:15:10,139 --> 00:15:11,579 just a few seconds it should start 415 00:15:11,579 --> 00:15:13,860 downloading it but I'm not going to wait 416 00:15:13,860 --> 00:15:15,899 for this because I already have the ISO 417 00:15:15,899 --> 00:15:17,459 file downloaded so I will just cancel 418 00:15:17,459 --> 00:15:19,139 this installation 419 00:15:19,139 --> 00:15:21,959 I will navigate to my virtualbox and 420 00:15:21,959 --> 00:15:24,420 let's see how we can use the ISO file in 421 00:15:24,420 --> 00:15:26,760 combination with virtualbox to create a 422 00:15:26,760 --> 00:15:28,560 calorie Linux virtual machine 423 00:15:28,560 --> 00:15:30,420 also you might have noticed that I 424 00:15:30,420 --> 00:15:32,279 already have a couple Cal Linux machines 425 00:15:32,279 --> 00:15:34,500 installed right here I'm going to use 426 00:15:34,500 --> 00:15:36,899 this one for the actual course but I 427 00:15:36,899 --> 00:15:38,399 will show you how you can proceed with 428 00:15:38,399 --> 00:15:40,079 the installation of the newest version 429 00:15:40,079 --> 00:15:43,620 since it just came out and it has some 430 00:15:43,620 --> 00:15:45,120 different options during the 431 00:15:45,120 --> 00:15:46,800 installation that you might get confused 432 00:15:46,800 --> 00:15:49,380 with so let's cover that as well you 433 00:15:49,380 --> 00:15:50,820 simply just click on the new button 434 00:15:50,820 --> 00:15:52,380 which will create a new virtual machine 435 00:15:52,380 --> 00:15:54,779 it should pop up with this window where 436 00:15:54,779 --> 00:15:56,279 it will ask you for the name and 437 00:15:56,279 --> 00:15:57,959 operating system 438 00:15:57,959 --> 00:16:00,180 you can name it anything you want I will 439 00:16:00,180 --> 00:16:02,399 name it Neil Kelly 440 00:16:02,399 --> 00:16:04,560 set the type of the operating system to 441 00:16:04,560 --> 00:16:07,320 be Linux and the version to be Debian 442 00:16:07,320 --> 00:16:10,139 64-bit in case you downloaded the 64-bit 443 00:16:10,139 --> 00:16:11,820 version of cat Linux 444 00:16:11,820 --> 00:16:13,620 now the reason we use Debian is because 445 00:16:13,620 --> 00:16:16,920 Square Enix is Debian based therefore we 446 00:16:16,920 --> 00:16:18,660 choose this option 447 00:16:18,660 --> 00:16:20,940 click here on next and here it will ask 448 00:16:20,940 --> 00:16:22,800 you for the memory size or the RAM 449 00:16:22,800 --> 00:16:24,720 memory that you want to allocate to your 450 00:16:24,720 --> 00:16:25,980 virtual machine 451 00:16:25,980 --> 00:16:28,079 I would advise you not to go below the 452 00:16:28,079 --> 00:16:30,600 one gigabyte of ram but you can also go 453 00:16:30,600 --> 00:16:33,899 up to the 4 5 maybe even 8 gigabytes of 454 00:16:33,899 --> 00:16:36,180 RAM depending on your actual machine 455 00:16:36,180 --> 00:16:38,459 okay so I will just leave it on one 456 00:16:38,459 --> 00:16:39,779 gigabyte 457 00:16:39,779 --> 00:16:42,420 uh we want to leave the option create a 458 00:16:42,420 --> 00:16:45,480 virtual hard disk now click on create 459 00:16:45,480 --> 00:16:47,699 also leave it on virtualbox disk image 460 00:16:47,699 --> 00:16:49,980 click on next and we want to set 461 00:16:49,980 --> 00:16:52,560 dynamically allocated 462 00:16:52,560 --> 00:16:54,899 here you allocate the amount of memory 463 00:16:54,899 --> 00:16:56,940 you want to give from your hard disk to 464 00:16:56,940 --> 00:16:58,980 the virtual machine and you should not 465 00:16:58,980 --> 00:17:01,680 go below 20 Gigabytes especially in the 466 00:17:01,680 --> 00:17:03,060 newest version which allows you to 467 00:17:03,060 --> 00:17:04,439 download an install bunch of different 468 00:17:04,439 --> 00:17:07,079 softwares used for ethical hacking so 469 00:17:07,079 --> 00:17:08,220 I'm just going to leave it on 20 470 00:17:08,220 --> 00:17:10,380 Gigabytes and click on create 471 00:17:10,380 --> 00:17:12,780 and we can see the new Cali has been 472 00:17:12,780 --> 00:17:13,919 added 473 00:17:13,919 --> 00:17:15,780 now before we proceed with the 474 00:17:15,780 --> 00:17:17,819 installation of the cataly Linux in the 475 00:17:17,819 --> 00:17:19,679 next video we need to change a few of 476 00:17:19,679 --> 00:17:22,140 the settings inside of this machine 477 00:17:22,140 --> 00:17:24,240 so select your machine that you just 478 00:17:24,240 --> 00:17:27,480 created click on settings and under the 479 00:17:27,480 --> 00:17:29,640 storage settings you want to navigate to 480 00:17:29,640 --> 00:17:32,460 the controller IDE delete this empty 481 00:17:32,460 --> 00:17:34,559 part by right clicking on it and 482 00:17:34,559 --> 00:17:36,840 clicking remove attachment 483 00:17:36,840 --> 00:17:39,059 click on remove and then you want to 484 00:17:39,059 --> 00:17:42,059 click on this circle with a plus 485 00:17:42,059 --> 00:17:44,400 added the version of Cal Linux that you 486 00:17:44,400 --> 00:17:46,340 downloaded in this case I have the 487 00:17:46,340 --> 00:17:50,700 2019.4 and 2020.1 a and I'm just going 488 00:17:50,700 --> 00:17:53,100 to show you for the purpose of this 489 00:17:53,100 --> 00:17:56,100 tutorial the 2020.1 a 490 00:17:56,100 --> 00:17:57,960 click on choose 491 00:17:57,960 --> 00:18:00,059 now another thing that you might want to 492 00:18:00,059 --> 00:18:01,919 consider in case you cannot see them 493 00:18:01,919 --> 00:18:05,280 right here you can go on to the ad 494 00:18:05,280 --> 00:18:07,260 and simply just find the ISO file that 495 00:18:07,260 --> 00:18:09,120 you downloaded inside of your PC 496 00:18:09,120 --> 00:18:10,860 wherever you saved it 497 00:18:10,860 --> 00:18:12,240 okay 498 00:18:12,240 --> 00:18:14,820 so let's click on cancel 499 00:18:14,820 --> 00:18:16,860 and also another thing that you want to 500 00:18:16,860 --> 00:18:19,980 change is under the network settings you 501 00:18:19,980 --> 00:18:21,960 want to go to the attach to and click on 502 00:18:21,960 --> 00:18:24,240 bridged adapter 503 00:18:24,240 --> 00:18:26,400 also make sure that you leave it on the 504 00:18:26,400 --> 00:18:28,620 ethernet cable connection since wireless 505 00:18:28,620 --> 00:18:30,960 adapters know to actually present 506 00:18:30,960 --> 00:18:33,360 problem inside the Linux and most of 507 00:18:33,360 --> 00:18:35,820 them aren't even supported therefore you 508 00:18:35,820 --> 00:18:37,440 might actually have problem connected to 509 00:18:37,440 --> 00:18:39,179 the internet if you connect over 510 00:18:39,179 --> 00:18:41,820 wireless adapter that's why it is always 511 00:18:41,820 --> 00:18:44,760 the best idea to use ethernet cable 512 00:18:44,760 --> 00:18:46,860 okay so once you finish all of that 513 00:18:46,860 --> 00:18:49,679 click on OK and your new Cal Linux 514 00:18:49,679 --> 00:18:51,960 machine is ready for the installation 515 00:18:51,960 --> 00:18:54,000 so we're going to continue with that in 516 00:18:54,000 --> 00:18:55,740 the next video we're going to pass 517 00:18:55,740 --> 00:18:57,840 through all of the steps and then we are 518 00:18:57,840 --> 00:18:59,700 ready to jump into the coding sections 519 00:18:59,700 --> 00:19:01,440 of this course 520 00:19:01,440 --> 00:19:03,960 now keep in mind that even after the 521 00:19:03,960 --> 00:19:05,340 installation there are a few things that 522 00:19:05,340 --> 00:19:07,260 you should do with Cal Linux I'll make 523 00:19:07,260 --> 00:19:09,960 sure to leave all of the links below so 524 00:19:09,960 --> 00:19:11,700 we don't waste time explaining the 525 00:19:11,700 --> 00:19:13,320 catalytics and explaining the command 526 00:19:13,320 --> 00:19:16,559 line and instead we can just focus on 527 00:19:16,559 --> 00:19:19,260 the coding parts of the course okay so 528 00:19:19,260 --> 00:19:20,940 thank you for watching this tutorial and 529 00:19:20,940 --> 00:19:24,780 I will see you in the next lecture bye 530 00:19:24,780 --> 00:19:27,900 welcome back in this tutorial we're 531 00:19:27,900 --> 00:19:29,520 going to continue with the installation 532 00:19:29,520 --> 00:19:31,919 of Cal Linux so we successfully managed 533 00:19:31,919 --> 00:19:33,900 to set up all of the options inside of 534 00:19:33,900 --> 00:19:36,000 our virtualbox and right now we are 535 00:19:36,000 --> 00:19:38,039 ready to start our machine and install 536 00:19:38,039 --> 00:19:40,500 the operating system I'm going to lead 537 00:19:40,500 --> 00:19:42,780 you through all of the steps needed to 538 00:19:42,780 --> 00:19:45,179 take in order to install Cal Linux and 539 00:19:45,179 --> 00:19:47,220 then in the next video we are ready to 540 00:19:47,220 --> 00:19:50,640 start hacking using python okay so all 541 00:19:50,640 --> 00:19:52,200 you need to do right now is click on the 542 00:19:52,200 --> 00:19:54,299 start button while you select your 543 00:19:54,299 --> 00:19:57,140 cataly Linux machine 544 00:19:58,919 --> 00:20:01,140 as we can see this is the first window 545 00:20:01,140 --> 00:20:03,120 that we will encounter let me just 546 00:20:03,120 --> 00:20:05,340 enlarge my screen it will ask us for 547 00:20:05,340 --> 00:20:07,679 different types of options such as if we 548 00:20:07,679 --> 00:20:09,960 want the graphical install or the usual 549 00:20:09,960 --> 00:20:12,120 install it doesn't really matter we can 550 00:20:12,120 --> 00:20:13,380 simply just go with the graphical 551 00:20:13,380 --> 00:20:15,780 install and install the cat Linux like 552 00:20:15,780 --> 00:20:18,020 that 553 00:20:19,200 --> 00:20:21,299 okay so here's the next option that pops 554 00:20:21,299 --> 00:20:23,400 up it will ask us to select the language 555 00:20:23,400 --> 00:20:25,799 I will leave it in English 556 00:20:25,799 --> 00:20:28,080 the location it doesn't really matter I 557 00:20:28,080 --> 00:20:30,240 could just leave it on United States if 558 00:20:30,240 --> 00:20:31,799 you like to you can select your own 559 00:20:31,799 --> 00:20:34,320 location click on continue 560 00:20:34,320 --> 00:20:36,299 and here it asks us which type of 561 00:20:36,299 --> 00:20:38,160 keyboard configuration we want to use I 562 00:20:38,160 --> 00:20:40,380 will leave it on American English click 563 00:20:40,380 --> 00:20:42,720 on continue 564 00:20:42,720 --> 00:20:44,520 now while this is installing another 565 00:20:44,520 --> 00:20:46,620 thing I want to mention is another 566 00:20:46,620 --> 00:20:48,059 reason why I don't really like the 567 00:20:48,059 --> 00:20:50,340 newest version because it will ask you 568 00:20:50,340 --> 00:20:53,760 to actually have a new user and not use 569 00:20:53,760 --> 00:20:55,559 the root account in order to complete 570 00:20:55,559 --> 00:20:57,840 your actions inside the Cal Linux and 571 00:20:57,840 --> 00:20:59,460 that is also another thing why I prefer 572 00:20:59,460 --> 00:21:01,080 the older versions because you can 573 00:21:01,080 --> 00:21:03,780 simply just use root account to perform 574 00:21:03,780 --> 00:21:06,299 anything you'd like now keep in mind 575 00:21:06,299 --> 00:21:08,160 that using root account can cause some 576 00:21:08,160 --> 00:21:10,559 security breaches but since we're using 577 00:21:10,559 --> 00:21:12,360 a virtual machine this is just for the 578 00:21:12,360 --> 00:21:14,220 learning purposes it doesn't really 579 00:21:14,220 --> 00:21:17,580 matter that's why I chose the 2019.4 580 00:21:17,580 --> 00:21:20,280 version of Cal Linux which I find better 581 00:21:20,280 --> 00:21:23,520 and more suitable for this course but 582 00:21:23,520 --> 00:21:25,380 right now here is the next option that 583 00:21:25,380 --> 00:21:27,000 pops up which is the configuration of 584 00:21:27,000 --> 00:21:31,500 network the hostname we can call it test 585 00:21:31,500 --> 00:21:33,360 the domain name we can simply just 586 00:21:33,360 --> 00:21:35,460 delete and leave on empty because we 587 00:21:35,460 --> 00:21:37,919 don't really need it at the moment and 588 00:21:37,919 --> 00:21:39,179 here is the option that they talked 589 00:21:39,179 --> 00:21:41,820 about it will ask us to set up users and 590 00:21:41,820 --> 00:21:43,860 passwords and this option didn't exist 591 00:21:43,860 --> 00:21:46,280 in the previous versions only in 592 00:21:46,280 --> 00:21:48,840 2020.18 version which is the one where 593 00:21:48,840 --> 00:21:51,000 Instinct at the moment so you will have 594 00:21:51,000 --> 00:21:52,919 to create a new user in this case I will 595 00:21:52,919 --> 00:21:55,320 just call it test 596 00:21:55,320 --> 00:21:57,720 username for your account will also be 597 00:21:57,720 --> 00:22:00,659 test and here we choose a password for 598 00:22:00,659 --> 00:22:02,580 the new user here you can type any 599 00:22:02,580 --> 00:22:04,559 password you like I'm going to type test 600 00:22:04,559 --> 00:22:06,720 one two three four 601 00:22:06,720 --> 00:22:10,380 and also test one two three four 602 00:22:10,380 --> 00:22:13,460 and click on continue 603 00:22:13,679 --> 00:22:16,020 configuring the clock I will select 604 00:22:16,020 --> 00:22:18,620 Eastern 605 00:22:20,640 --> 00:22:23,400 the partitioning of disks we want to 606 00:22:23,400 --> 00:22:26,340 select the option guided use entire disk 607 00:22:26,340 --> 00:22:28,320 select the hard disk you created during 608 00:22:28,320 --> 00:22:31,620 the previous video and click on continue 609 00:22:31,620 --> 00:22:34,260 and here we want to set all files in one 610 00:22:34,260 --> 00:22:36,240 partition as it does even say in the 611 00:22:36,240 --> 00:22:39,000 brackets recommended for new users click 612 00:22:39,000 --> 00:22:40,200 on continue 613 00:22:40,200 --> 00:22:42,600 click finish partitioning and write 614 00:22:42,600 --> 00:22:44,460 changes to disk we want to select yes 615 00:22:44,460 --> 00:22:47,480 and click on continue 616 00:22:48,000 --> 00:22:49,679 now this will start the installation 617 00:22:49,679 --> 00:22:51,720 which will get interrupted with maybe 618 00:22:51,720 --> 00:22:54,720 one two questions keep in mind that this 619 00:22:54,720 --> 00:22:57,179 will take some time to actually install 620 00:22:57,179 --> 00:23:01,020 especially the newest version uh it did 621 00:23:01,020 --> 00:23:03,600 take me around 45 minutes to an hour to 622 00:23:03,600 --> 00:23:05,299 actually finish all of the installations 623 00:23:05,299 --> 00:23:08,159 and once it finishes that you should be 624 00:23:08,159 --> 00:23:11,880 ready to use your catalytics machine 625 00:23:11,880 --> 00:23:13,679 now we're just going to leave it right 626 00:23:13,679 --> 00:23:16,140 here and if we get any pop-up question 627 00:23:16,140 --> 00:23:20,280 I'm going to get back to you right away 628 00:23:20,280 --> 00:23:21,960 okay so here is the first pop-up 629 00:23:21,960 --> 00:23:24,120 question it is the configuration of the 630 00:23:24,120 --> 00:23:26,100 package manager here you simply just 631 00:23:26,100 --> 00:23:28,200 want to click on continue and leave this 632 00:23:28,200 --> 00:23:30,679 blank 633 00:23:31,200 --> 00:23:33,000 all right so here is another question 634 00:23:33,000 --> 00:23:35,340 and this is actually the newest feature 635 00:23:35,340 --> 00:23:39,179 of the Cal Linux 2020.1 a which allows 636 00:23:39,179 --> 00:23:41,640 us to actually install desired tools and 637 00:23:41,640 --> 00:23:43,679 not install everything that we might 638 00:23:43,679 --> 00:23:46,380 never use but even though I would still 639 00:23:46,380 --> 00:23:48,299 advise you to actually select everything 640 00:23:48,299 --> 00:23:50,700 or at least select the most important 641 00:23:50,700 --> 00:23:52,919 tools for Cal Linux especially if you 642 00:23:52,919 --> 00:23:55,679 plan on using it later on even after the 643 00:23:55,679 --> 00:23:56,460 course 644 00:23:56,460 --> 00:23:58,919 now for our course it really doesn't 645 00:23:58,919 --> 00:24:01,020 matter what you select right here as we 646 00:24:01,020 --> 00:24:02,760 are simply just going to use Python 3 647 00:24:02,760 --> 00:24:05,400 during our lectures 648 00:24:05,400 --> 00:24:07,740 so right here you can use spacebar to 649 00:24:07,740 --> 00:24:10,620 select different things such as Cali 650 00:24:10,620 --> 00:24:12,720 desktop environment where you can select 651 00:24:12,720 --> 00:24:14,880 everything if you want 652 00:24:14,880 --> 00:24:16,799 it doesn't really matter just once you 653 00:24:16,799 --> 00:24:20,179 select everything that you need 654 00:24:21,179 --> 00:24:24,559 you can click on continue 655 00:24:25,260 --> 00:24:27,360 and this installation right here will 656 00:24:27,360 --> 00:24:29,400 take some time there will be another 657 00:24:29,400 --> 00:24:31,380 pop-up question which will ask you 658 00:24:31,380 --> 00:24:33,299 something along the lines whether you 659 00:24:33,299 --> 00:24:35,400 want to install the grab about loader to 660 00:24:35,400 --> 00:24:37,440 the master boot record where you want to 661 00:24:37,440 --> 00:24:39,120 select yes 662 00:24:39,120 --> 00:24:41,580 and after that I believe there will be 663 00:24:41,580 --> 00:24:43,980 no more pop-ups and you should have the 664 00:24:43,980 --> 00:24:46,440 installation complete and your Cal Linux 665 00:24:46,440 --> 00:24:48,539 will be ready to use 666 00:24:48,539 --> 00:24:50,159 so that would be about it for this 667 00:24:50,159 --> 00:24:52,440 installation tutorial I will leave some 668 00:24:52,440 --> 00:24:55,440 links in the resources of the lecture 669 00:24:55,440 --> 00:24:58,200 where you can get familiar with the Cal 670 00:24:58,200 --> 00:25:00,480 Linux a little bit more and where you 671 00:25:00,480 --> 00:25:03,120 can perform top 10 things that everyone 672 00:25:03,120 --> 00:25:05,520 should do after installing catalytics 673 00:25:05,520 --> 00:25:07,919 okay so that would be about it for this 674 00:25:07,919 --> 00:25:10,260 tutorial and in the next lecture we're 675 00:25:10,260 --> 00:25:12,240 finally going to see how we can download 676 00:25:12,240 --> 00:25:14,580 and install pycharm which we are going 677 00:25:14,580 --> 00:25:17,700 to use for creating our programs 678 00:25:17,700 --> 00:25:21,120 hope I see you there and take care bye 679 00:25:21,120 --> 00:25:23,640 welcome back now that we got our 680 00:25:23,640 --> 00:25:26,159 catalytics setup and ready all we are 681 00:25:26,159 --> 00:25:28,260 left to do before we can start coding is 682 00:25:28,260 --> 00:25:30,539 install the pycharm 683 00:25:30,539 --> 00:25:32,520 now what is pycharm you might be asking 684 00:25:32,520 --> 00:25:34,140 well pycharm is an integrated 685 00:25:34,140 --> 00:25:35,820 development environment used for 686 00:25:35,820 --> 00:25:38,159 computer programming especially aimed 687 00:25:38,159 --> 00:25:40,679 for python programmers it is also a 688 00:25:40,679 --> 00:25:42,179 cross-platform so you can get it for 689 00:25:42,179 --> 00:25:44,640 Windows Mac OS and Linux systems if 690 00:25:44,640 --> 00:25:45,840 you'd like 691 00:25:45,840 --> 00:25:47,340 now let's see how we can actually 692 00:25:47,340 --> 00:25:48,539 download it 693 00:25:48,539 --> 00:25:50,460 first of all we need to open up our 694 00:25:50,460 --> 00:25:52,679 Firefox and depending on which version 695 00:25:52,679 --> 00:25:54,960 of Cal Linux you are running it might be 696 00:25:54,960 --> 00:25:56,760 located on the left side of the screen 697 00:25:56,760 --> 00:25:58,799 right here in case you're using the 698 00:25:58,799 --> 00:26:01,080 newest version and in case you're using 699 00:26:01,080 --> 00:26:04,559 the 2019.4 version like I am you simply 700 00:26:04,559 --> 00:26:06,900 just go to this icon right here type in 701 00:26:06,900 --> 00:26:08,220 Firefox 702 00:26:08,220 --> 00:26:10,320 and click enter 703 00:26:10,320 --> 00:26:12,720 it will open up the Firefox for you and 704 00:26:12,720 --> 00:26:14,220 then we can navigate to the Google 705 00:26:14,220 --> 00:26:17,960 search bar and type pie chart 706 00:26:18,740 --> 00:26:23,120 click on the first link that pops up 707 00:26:23,940 --> 00:26:27,500 and then click on download 708 00:26:28,559 --> 00:26:30,419 you will see that it will automatically 709 00:26:30,419 --> 00:26:32,279 realize that we are running Linux 710 00:26:32,279 --> 00:26:34,260 systems and we'll get two different 711 00:26:34,260 --> 00:26:36,900 versions available for download we get 712 00:26:36,900 --> 00:26:38,460 the professional version and the 713 00:26:38,460 --> 00:26:40,380 community version now since the 714 00:26:40,380 --> 00:26:42,120 community version is free and open 715 00:26:42,120 --> 00:26:44,400 source we're going to download that one 716 00:26:44,400 --> 00:26:47,100 instead of the professional version 717 00:26:47,100 --> 00:26:49,380 in just a few seconds this pop-up window 718 00:26:49,380 --> 00:26:51,419 should come up and it will ask us 719 00:26:51,419 --> 00:26:53,460 whether we want to open the file or save 720 00:26:53,460 --> 00:26:55,919 the file in this case we want to save 721 00:26:55,919 --> 00:26:58,260 the file click here on OK 722 00:26:58,260 --> 00:27:00,419 and right here under this Arrow if you 723 00:27:00,419 --> 00:27:02,220 click on it you will see that it has 724 00:27:02,220 --> 00:27:04,500 started downloading pycharm on our Cal 725 00:27:04,500 --> 00:27:06,900 Linux machine 726 00:27:06,900 --> 00:27:08,700 now while this is downloading I just 727 00:27:08,700 --> 00:27:11,580 want to mention one thing so I will just 728 00:27:11,580 --> 00:27:13,380 lower this 729 00:27:13,380 --> 00:27:15,480 and I will open up the terminal which is 730 00:27:15,480 --> 00:27:18,000 this icon right here 731 00:27:18,000 --> 00:27:20,100 in case you are using the newest version 732 00:27:20,100 --> 00:27:23,340 you will not be a root account inside of 733 00:27:23,340 --> 00:27:25,140 the terminal you will simply just be a 734 00:27:25,140 --> 00:27:26,700 user that you created during the 735 00:27:26,700 --> 00:27:28,740 installation which is showed in the 736 00:27:28,740 --> 00:27:30,659 previous few videos 737 00:27:30,659 --> 00:27:33,600 if you're using the the 2019.4 version 738 00:27:33,600 --> 00:27:35,460 like I am you will not have a problem 739 00:27:35,460 --> 00:27:37,380 with root account as you will simply 740 00:27:37,380 --> 00:27:39,360 just be the root account every time you 741 00:27:39,360 --> 00:27:41,940 log in as we can see right here 742 00:27:41,940 --> 00:27:45,000 now let me just zoom this in so we can 743 00:27:45,000 --> 00:27:48,440 see everything a little bit better 744 00:27:48,779 --> 00:27:52,500 okay so it's good now uh therefore some 745 00:27:52,500 --> 00:27:54,539 of the commands that we run will require 746 00:27:54,539 --> 00:27:57,299 root privileges and I just want to show 747 00:27:57,299 --> 00:27:59,159 you how you can run them for example 748 00:27:59,159 --> 00:28:02,279 let's say the command who am I 749 00:28:02,279 --> 00:28:04,860 requires root privileges now it doesn't 750 00:28:04,860 --> 00:28:06,900 but let's say it does 751 00:28:06,900 --> 00:28:08,940 if you're using a simple user account 752 00:28:08,940 --> 00:28:11,340 and not a root account in order to run 753 00:28:11,340 --> 00:28:13,500 the who am I command and not get the 754 00:28:13,500 --> 00:28:15,539 access denied error you can simply just 755 00:28:15,539 --> 00:28:19,760 type sudo who am I 756 00:28:20,580 --> 00:28:22,980 now on the newest version of Cal Linux 757 00:28:22,980 --> 00:28:25,440 it will ask you for the password of your 758 00:28:25,440 --> 00:28:27,299 own account you simply just type it in 759 00:28:27,299 --> 00:28:29,700 and it will execute this command and 760 00:28:29,700 --> 00:28:32,039 give you the output okay 761 00:28:32,039 --> 00:28:34,200 so I just wanted to mention that in case 762 00:28:34,200 --> 00:28:36,059 you run into some errors where you 763 00:28:36,059 --> 00:28:38,400 require root privileges in order to run 764 00:28:38,400 --> 00:28:42,240 and now let's see if our download has 765 00:28:42,240 --> 00:28:44,640 finished we have 73 more Megabytes left 766 00:28:44,640 --> 00:28:46,559 so I'm just going to wait for this to 767 00:28:46,559 --> 00:28:48,360 finish and then we will proceed with the 768 00:28:48,360 --> 00:28:50,159 installation 769 00:28:50,159 --> 00:28:52,260 okay so it is finished we want to click 770 00:28:52,260 --> 00:28:54,240 on this icon right here which will open 771 00:28:54,240 --> 00:28:56,400 up the folder where our pytarm is 772 00:28:56,400 --> 00:29:00,179 located we can close the Firefox as we 773 00:29:00,179 --> 00:29:02,820 no longer need it and right here we can 774 00:29:02,820 --> 00:29:05,039 see that the pycharm is located in the 775 00:29:05,039 --> 00:29:07,500 slash root slash downloads directory 776 00:29:07,500 --> 00:29:09,720 now on the new catalytics it might be 777 00:29:09,720 --> 00:29:12,360 slash the name of your account and then 778 00:29:12,360 --> 00:29:13,799 slash downloads 779 00:29:13,799 --> 00:29:15,840 so let's navigate inside of our terminal 780 00:29:15,840 --> 00:29:18,899 to that directory slash root 781 00:29:18,899 --> 00:29:21,240 slash downloads 782 00:29:21,240 --> 00:29:24,299 type LS and we can see pycharm is right 783 00:29:24,299 --> 00:29:25,559 here 784 00:29:25,559 --> 00:29:27,360 now you might notice that it has the 785 00:29:27,360 --> 00:29:30,240 extension of dot star.gc which simply 786 00:29:30,240 --> 00:29:31,980 just means that this is a packed file 787 00:29:31,980 --> 00:29:34,140 and we have to unpack it before we 788 00:29:34,140 --> 00:29:37,200 actually run anything from it in order 789 00:29:37,200 --> 00:29:38,880 to unpack this you could simply just 790 00:29:38,880 --> 00:29:42,140 type the command tar and then Dash 791 00:29:42,140 --> 00:29:45,840 xzf and then the name of the file 792 00:29:45,840 --> 00:29:48,600 you can simply just type py and then tap 793 00:29:48,600 --> 00:29:50,520 in order to auto complete the name so 794 00:29:50,520 --> 00:29:52,140 you don't have to bother typing all of 795 00:29:52,140 --> 00:29:53,700 this by yourself 796 00:29:53,700 --> 00:29:56,279 press here enter and in just a few 797 00:29:56,279 --> 00:30:00,020 seconds this should be unpacked 798 00:30:00,240 --> 00:30:03,299 okay so here it is once we type LS once 799 00:30:03,299 --> 00:30:05,220 again now we will have another director 800 00:30:05,220 --> 00:30:07,260 which will be the unpacked python 801 00:30:07,260 --> 00:30:08,399 directory 802 00:30:08,399 --> 00:30:11,159 so let's navigate to there using the ecd 803 00:30:11,159 --> 00:30:12,120 command 804 00:30:12,120 --> 00:30:14,940 type LS and we will see bunch of files 805 00:30:14,940 --> 00:30:16,860 and directories inside of this pycharm 806 00:30:16,860 --> 00:30:19,020 directory we want to go to the bin 807 00:30:19,020 --> 00:30:21,779 directory type LS once again 808 00:30:21,779 --> 00:30:24,539 and inside of this pin directory we want 809 00:30:24,539 --> 00:30:28,320 to run this pycharm.sh file now you 810 00:30:28,320 --> 00:30:29,820 might notice that this is a DOT sh 811 00:30:29,820 --> 00:30:32,100 extension therefore we need to run it 812 00:30:32,100 --> 00:30:34,980 using bash we simply just type in bash 813 00:30:34,980 --> 00:30:38,520 and then pycharm.sh 814 00:30:38,520 --> 00:30:40,260 now this is another command that might 815 00:30:40,260 --> 00:30:42,120 require root privileges in order to run 816 00:30:42,120 --> 00:30:43,799 so in case you are using the newest 817 00:30:43,799 --> 00:30:45,299 version of Cal Linux and you are not 818 00:30:45,299 --> 00:30:47,580 root account you simply just type sudo 819 00:30:47,580 --> 00:30:50,940 and then bash pycharm.sh type in the 820 00:30:50,940 --> 00:30:52,799 password and this should execute with no 821 00:30:52,799 --> 00:30:53,880 problems 822 00:30:53,880 --> 00:30:56,960 so let's run this 823 00:30:57,899 --> 00:31:00,899 it will run the pycharm.sh program and 824 00:31:00,899 --> 00:31:03,059 it should start pycharm for us 825 00:31:03,059 --> 00:31:06,299 here it is we got pycharm opened up and 826 00:31:06,299 --> 00:31:07,740 before we actually click on create new 827 00:31:07,740 --> 00:31:09,960 project we want to go down here under 828 00:31:09,960 --> 00:31:11,940 the configure 829 00:31:11,940 --> 00:31:15,720 and click on create desktop entry 830 00:31:15,720 --> 00:31:17,640 we want to check create the entry for 831 00:31:17,640 --> 00:31:20,880 all users and click on OK 832 00:31:20,880 --> 00:31:23,039 once we do that we can simply just click 833 00:31:23,039 --> 00:31:25,200 on create new project 834 00:31:25,200 --> 00:31:28,440 call it test since this is the test 835 00:31:28,440 --> 00:31:30,000 project and we're not going to code 836 00:31:30,000 --> 00:31:32,640 anything inside of this project and it 837 00:31:32,640 --> 00:31:35,580 should load up this window right here it 838 00:31:35,580 --> 00:31:37,200 will create the virtual environment for 839 00:31:37,200 --> 00:31:39,240 you it will give you some tips for the 840 00:31:39,240 --> 00:31:41,640 programming and also for the pycharm 841 00:31:41,640 --> 00:31:44,940 which we are not really interested in 842 00:31:44,940 --> 00:31:46,740 and when everything is done and 843 00:31:46,740 --> 00:31:48,299 everything is loaded up we should be 844 00:31:48,299 --> 00:31:50,580 ready to code so let's click on close 845 00:31:50,580 --> 00:31:54,120 right here let's enlarge this to so this 846 00:31:54,120 --> 00:31:56,399 is how pycharm looks like now in order 847 00:31:56,399 --> 00:31:58,799 to create a file and start coding you 848 00:31:58,799 --> 00:32:01,440 can go to the test right click on it 849 00:32:01,440 --> 00:32:05,159 click on new and then python file let's 850 00:32:05,159 --> 00:32:09,000 call it test Dot py 851 00:32:09,000 --> 00:32:11,460 and it will let you code Python program 852 00:32:11,460 --> 00:32:13,020 right here 853 00:32:13,020 --> 00:32:16,940 so you can simply just type print 854 00:32:16,980 --> 00:32:19,559 hello world 855 00:32:19,559 --> 00:32:21,960 and then go under run 856 00:32:21,960 --> 00:32:23,820 the program 857 00:32:23,820 --> 00:32:25,559 from the test 858 00:32:25,559 --> 00:32:27,899 and here it is the output which says 859 00:32:27,899 --> 00:32:29,520 hello world 860 00:32:29,520 --> 00:32:31,620 now if you install python for the first 861 00:32:31,620 --> 00:32:33,899 time these letters right here might be 862 00:32:33,899 --> 00:32:36,240 too small for you let's see how we can 863 00:32:36,240 --> 00:32:38,760 increase the font of these letters so 864 00:32:38,760 --> 00:32:40,559 you can go on to the file 865 00:32:40,559 --> 00:32:44,100 go to the settings 866 00:32:44,100 --> 00:32:46,140 under the settings you want to go to the 867 00:32:46,140 --> 00:32:47,279 editor 868 00:32:47,279 --> 00:32:49,679 click on font 869 00:32:49,679 --> 00:32:51,480 and under the font you can change 870 00:32:51,480 --> 00:32:54,120 whichever font you like so let's say 22 871 00:32:54,120 --> 00:32:57,720 click on OK and the letters are now 872 00:32:57,720 --> 00:32:59,220 larger 873 00:32:59,220 --> 00:33:01,620 so now that we got the pycharm ready in 874 00:33:01,620 --> 00:33:03,299 the next section we're going to start 875 00:33:03,299 --> 00:33:05,640 off with our first project which is 876 00:33:05,640 --> 00:33:09,120 going to be a port scanner in Python 3 877 00:33:09,120 --> 00:33:12,120 okay so that would be about it for this 878 00:33:12,120 --> 00:33:14,220 tutorial thank you for watching and 879 00:33:14,220 --> 00:33:16,200 let's get straight into the hacking in 880 00:33:16,200 --> 00:33:19,679 the next section take care bye 881 00:33:19,679 --> 00:33:22,559 hello everybody and welcome to our first 882 00:33:22,559 --> 00:33:24,720 project where we are going to code our 883 00:33:24,720 --> 00:33:27,539 own port scanner using python 3. 884 00:33:27,539 --> 00:33:29,279 so in the previous section we introduced 885 00:33:29,279 --> 00:33:31,380 ourselves to Cal Linux we installed 886 00:33:31,380 --> 00:33:33,600 pycharm and now we are ready to start 887 00:33:33,600 --> 00:33:35,760 writing our code 888 00:33:35,760 --> 00:33:38,340 before we start let's first explain what 889 00:33:38,340 --> 00:33:40,799 is the purpose of a port scanner but it 890 00:33:40,799 --> 00:33:42,899 will do and how are we going to create 891 00:33:42,899 --> 00:33:44,220 it 892 00:33:44,220 --> 00:33:46,860 well first of all a port scanner is a 893 00:33:46,860 --> 00:33:48,960 program that allows you to scan Target 894 00:33:48,960 --> 00:33:51,779 machine and discover whether it has some 895 00:33:51,779 --> 00:33:55,500 open or closed ports for example we all 896 00:33:55,500 --> 00:33:57,840 know that the port 80 is used in order 897 00:33:57,840 --> 00:34:00,779 to serve HTTP and in order to serve a 898 00:34:00,779 --> 00:34:02,340 website page 899 00:34:02,340 --> 00:34:03,960 now how would you actually discover 900 00:34:03,960 --> 00:34:06,720 whether Port 80 is open without visiting 901 00:34:06,720 --> 00:34:07,740 that page 902 00:34:07,740 --> 00:34:10,918 well using our Port scanner we can see 903 00:34:10,918 --> 00:34:12,839 whether we can connect to that Port 80 904 00:34:12,839 --> 00:34:15,480 or whether we cannot if we can connect 905 00:34:15,480 --> 00:34:17,580 that means that the port is open and it 906 00:34:17,580 --> 00:34:19,500 is most likely hosting a web page there 907 00:34:19,500 --> 00:34:22,320 and if we cannot connect that means that 908 00:34:22,320 --> 00:34:25,139 the port is closed simple as that 909 00:34:25,139 --> 00:34:27,418 so that will be the Baseline and the 910 00:34:27,418 --> 00:34:29,940 base part of our program 911 00:34:29,940 --> 00:34:32,399 now let's open a new project and to do 912 00:34:32,399 --> 00:34:34,859 that we can go right here onto file and 913 00:34:34,859 --> 00:34:37,859 then new project here we can call it 914 00:34:37,859 --> 00:34:39,659 Port scanner 915 00:34:39,659 --> 00:34:42,659 click on create it will ask you whether 916 00:34:42,659 --> 00:34:44,639 you want to open the new project in this 917 00:34:44,639 --> 00:34:46,800 window or in another window I will 918 00:34:46,800 --> 00:34:48,300 simply just select this window right 919 00:34:48,300 --> 00:34:49,980 here 920 00:34:49,980 --> 00:34:51,899 it will create the virtual environment 921 00:34:51,899 --> 00:34:54,300 for this project and then we can start 922 00:34:54,300 --> 00:34:55,560 coding 923 00:34:55,560 --> 00:34:58,560 now here it is the port scanner we will 924 00:34:58,560 --> 00:35:00,359 click on new 925 00:35:00,359 --> 00:35:03,359 and then python file and we will call it 926 00:35:03,359 --> 00:35:06,480 port scanner.py 927 00:35:06,480 --> 00:35:10,440 okay python file we created it let me 928 00:35:10,440 --> 00:35:12,480 just enlarge a little bit more the font 929 00:35:12,480 --> 00:35:13,980 size 930 00:35:13,980 --> 00:35:17,040 so once again to the editor font 931 00:35:17,040 --> 00:35:21,720 and right here let's go 24 apply and now 932 00:35:21,720 --> 00:35:24,119 we are ready to go now for this project 933 00:35:24,119 --> 00:35:25,680 we are going to need two different 934 00:35:25,680 --> 00:35:28,260 python libraries we're going to need to 935 00:35:28,260 --> 00:35:31,020 import the socket Library 936 00:35:31,020 --> 00:35:34,020 and we're also going to need to import 937 00:35:34,020 --> 00:35:36,440 a library called 938 00:35:36,440 --> 00:35:39,300 ipy and we're going to import it like 939 00:35:39,300 --> 00:35:42,300 this from ipy 940 00:35:42,300 --> 00:35:44,640 import IP 941 00:35:44,640 --> 00:35:47,160 now right away 942 00:35:47,160 --> 00:35:50,700 you might notice that the ipy and IP are 943 00:35:50,700 --> 00:35:53,400 both red underlined this means that the 944 00:35:53,400 --> 00:35:55,440 pi charm cannot recognize this library 945 00:35:55,440 --> 00:35:58,260 and cannot find it 946 00:35:58,260 --> 00:36:00,599 so before we actually start using it we 947 00:36:00,599 --> 00:36:02,940 need to download it first 948 00:36:02,940 --> 00:36:04,680 now there are a few ways we can actually 949 00:36:04,680 --> 00:36:07,020 download it you can download it using a 950 00:36:07,020 --> 00:36:09,119 regular terminal which we are going to 951 00:36:09,119 --> 00:36:11,700 do as a first try 952 00:36:11,700 --> 00:36:14,940 right here so I will just 953 00:36:14,940 --> 00:36:16,859 put it like this so we can see 954 00:36:16,859 --> 00:36:18,240 everything 955 00:36:18,240 --> 00:36:20,700 now in order to install a desired 956 00:36:20,700 --> 00:36:23,099 Library using the terminal you have to 957 00:36:23,099 --> 00:36:26,339 use a command called pip3 install 958 00:36:26,339 --> 00:36:29,160 now pip3 is a byte of Python 3 and it is 959 00:36:29,160 --> 00:36:31,140 used to actually install Python 3 960 00:36:31,140 --> 00:36:33,240 libraries that are missing and that you 961 00:36:33,240 --> 00:36:36,000 need in order to run your program 962 00:36:36,000 --> 00:36:38,640 okay now if you're using a new Cal Linux 963 00:36:38,640 --> 00:36:40,500 you most likely won't have pip3 964 00:36:40,500 --> 00:36:43,380 installed and in order to install it you 965 00:36:43,380 --> 00:36:45,560 simply just typed apt install 966 00:36:45,560 --> 00:36:47,940 python3 Dash pip 967 00:36:47,940 --> 00:36:50,940 press here enter and it will install it 968 00:36:50,940 --> 00:36:53,280 for you for me it is already been 969 00:36:53,280 --> 00:36:55,800 installed so we can continue right away 970 00:36:55,800 --> 00:36:58,200 let me clear the screen and launch this 971 00:36:58,200 --> 00:37:00,480 a little bit just in case you cannot see 972 00:37:00,480 --> 00:37:03,240 what I'm typing 973 00:37:03,240 --> 00:37:04,920 and let's get the library that we're 974 00:37:04,920 --> 00:37:06,960 missing so pip3 975 00:37:06,960 --> 00:37:12,260 install ipy press your enter 976 00:37:14,040 --> 00:37:16,740 and it will say requirement already 977 00:37:16,740 --> 00:37:18,359 satisfied 978 00:37:18,359 --> 00:37:20,760 now this might seem confusing because 979 00:37:20,760 --> 00:37:23,160 two minutes ago I just told you that we 980 00:37:23,160 --> 00:37:25,380 are missing this library that we cannot 981 00:37:25,380 --> 00:37:26,400 find it 982 00:37:26,400 --> 00:37:28,680 and here inside the terminal it says 983 00:37:28,680 --> 00:37:30,420 that the requirement has already been 984 00:37:30,420 --> 00:37:32,460 satisfied and that we already have this 985 00:37:32,460 --> 00:37:34,980 library at this location 986 00:37:34,980 --> 00:37:37,200 well that is another part of the pie 987 00:37:37,200 --> 00:37:38,780 charm that you need to understand 988 00:37:38,780 --> 00:37:40,859 pycharm simply creates a virtual 989 00:37:40,859 --> 00:37:42,900 environment every time you create a new 990 00:37:42,900 --> 00:37:46,140 project that means that the library that 991 00:37:46,140 --> 00:37:48,119 you have installed inside of your Cal 992 00:37:48,119 --> 00:37:50,160 Linux doesn't necessarily have to be 993 00:37:50,160 --> 00:37:52,619 installed inside of your pycharm program 994 00:37:52,619 --> 00:37:55,980 therefore this ipy library has not been 995 00:37:55,980 --> 00:37:57,900 installed inside of this virtual 996 00:37:57,900 --> 00:38:00,180 environment so where can we install it 997 00:38:00,180 --> 00:38:04,440 well you can go here on Terminal and you 998 00:38:04,440 --> 00:38:06,240 will see right away that before the root 999 00:38:06,240 --> 00:38:09,000 Cali and then the actual directory we 1000 00:38:09,000 --> 00:38:11,940 have this VNV inside of brackets which 1001 00:38:11,940 --> 00:38:13,800 stands for virtual environment 1002 00:38:13,800 --> 00:38:15,540 so right here if we type the same 1003 00:38:15,540 --> 00:38:18,440 command which is pip3 installed and then 1004 00:38:18,440 --> 00:38:21,599 ipy press here enter 1005 00:38:21,599 --> 00:38:23,640 you can see that right now it is 1006 00:38:23,640 --> 00:38:25,560 successfully downloading it and it has 1007 00:38:25,560 --> 00:38:27,540 downloaded it inside of our virtual 1008 00:38:27,540 --> 00:38:30,300 environment right now if we lower this 1009 00:38:30,300 --> 00:38:33,119 go right here you can see that this is 1010 00:38:33,119 --> 00:38:35,400 no longer red underlined and now we have 1011 00:38:35,400 --> 00:38:37,859 both of our libraries ready to use 1012 00:38:37,859 --> 00:38:40,079 so I just wanted to show you that 1013 00:38:40,079 --> 00:38:41,760 because it is really important and we 1014 00:38:41,760 --> 00:38:43,200 will be switching between libraries 1015 00:38:43,200 --> 00:38:45,300 throughout the entire course so it is 1016 00:38:45,300 --> 00:38:46,800 important for you to understand the 1017 00:38:46,800 --> 00:38:48,200 meaning of a virtual environment 1018 00:38:48,200 --> 00:38:50,700 therefore once you next time try to 1019 00:38:50,700 --> 00:38:52,200 install a desired library that is 1020 00:38:52,200 --> 00:38:54,240 missing from Pine charm don't use 1021 00:38:54,240 --> 00:38:56,640 calendar next terminal like this you 1022 00:38:56,640 --> 00:38:58,740 simply just go down here and inside of 1023 00:38:58,740 --> 00:39:00,420 this python project you can install the 1024 00:39:00,420 --> 00:39:02,460 desired library inside of the virtual 1025 00:39:02,460 --> 00:39:03,540 environment 1026 00:39:03,540 --> 00:39:05,460 so now that we imported the desired 1027 00:39:05,460 --> 00:39:07,560 libraries in the next video we can start 1028 00:39:07,560 --> 00:39:10,200 finally coding our Port scanner 1029 00:39:10,200 --> 00:39:12,900 see you there bye welcome back everybody 1030 00:39:12,900 --> 00:39:15,839 let's continue with our Port scanner so 1031 00:39:15,839 --> 00:39:17,820 what we did by now is we imported two 1032 00:39:17,820 --> 00:39:19,380 libraries that we need in order for our 1033 00:39:19,380 --> 00:39:21,660 program to work let's get straight into 1034 00:39:21,660 --> 00:39:23,880 coding the main program 1035 00:39:23,880 --> 00:39:26,640 okay so first thing let's think about it 1036 00:39:26,640 --> 00:39:28,859 what we need to logically do in order to 1037 00:39:28,859 --> 00:39:30,839 discover where the report is open or 1038 00:39:30,839 --> 00:39:31,740 closed 1039 00:39:31,740 --> 00:39:33,599 well we need to establish a connection 1040 00:39:33,599 --> 00:39:36,599 with the target machine and then we need 1041 00:39:36,599 --> 00:39:38,520 to try to connect to the specific Port 1042 00:39:38,520 --> 00:39:41,160 if we manage to connect the port is open 1043 00:39:41,160 --> 00:39:43,500 if we don't manage to connect the port 1044 00:39:43,500 --> 00:39:44,640 is closed 1045 00:39:44,640 --> 00:39:46,260 now there is another thing that can 1046 00:39:46,260 --> 00:39:47,880 happen and that is that the port is 1047 00:39:47,880 --> 00:39:49,500 filtered but we are not going to cover 1048 00:39:49,500 --> 00:39:52,380 that at the moment so first of all let's 1049 00:39:52,380 --> 00:39:54,660 see how we can establish the connection 1050 00:39:54,660 --> 00:39:57,380 here is where we use the socket Library 1051 00:39:57,380 --> 00:39:59,700 socket Library allows us to establish 1052 00:39:59,700 --> 00:40:03,180 the connection over internet so how can 1053 00:40:03,180 --> 00:40:05,820 we do that well it's rather easy and 1054 00:40:05,820 --> 00:40:07,140 it's something that we will use 1055 00:40:07,140 --> 00:40:09,599 throughout this course a lot it's a same 1056 00:40:09,599 --> 00:40:11,760 shim of a few different lines of code 1057 00:40:11,760 --> 00:40:13,619 that will allow us to connect to the 1058 00:40:13,619 --> 00:40:15,119 Target machine 1059 00:40:15,119 --> 00:40:17,820 so in the first line we will Define a 1060 00:40:17,820 --> 00:40:19,680 socket descriptor 1061 00:40:19,680 --> 00:40:22,079 we do that by specifying the name and 1062 00:40:22,079 --> 00:40:25,440 then equals socket.socket 1063 00:40:25,440 --> 00:40:27,240 just like this we Define the socket 1064 00:40:27,240 --> 00:40:28,740 descriptor and you can name this 1065 00:40:28,740 --> 00:40:30,240 anything you want it doesn't have to be 1066 00:40:30,240 --> 00:40:32,940 named sock it can be named s but for the 1067 00:40:32,940 --> 00:40:34,380 purpose of this tutorial we're going to 1068 00:40:34,380 --> 00:40:36,960 leave it on sock as soon as we do that 1069 00:40:36,960 --> 00:40:38,700 we can try to connect to the Target 1070 00:40:38,700 --> 00:40:39,839 machine 1071 00:40:39,839 --> 00:40:42,720 so sock.connect 1072 00:40:42,720 --> 00:40:45,119 and inside the disconnect function we 1073 00:40:45,119 --> 00:40:47,040 need to specify two open and two close 1074 00:40:47,040 --> 00:40:49,320 brackets and there we need to specify 1075 00:40:49,320 --> 00:40:51,180 the IP address 1076 00:40:51,180 --> 00:40:54,180 and the port that we want to connect to 1077 00:40:54,180 --> 00:40:56,940 all right now you will see right away 1078 00:40:56,940 --> 00:40:59,700 that once again this IP address and this 1079 00:40:59,700 --> 00:41:02,579 port is underlined red that means that 1080 00:41:02,579 --> 00:41:05,160 this is not defined so we need to Define 1081 00:41:05,160 --> 00:41:08,400 what IP address is and what port is 1082 00:41:08,400 --> 00:41:10,500 what we're going to do is we're simply 1083 00:41:10,500 --> 00:41:11,940 just going to create a variable which 1084 00:41:11,940 --> 00:41:13,920 will be called IP address 1085 00:41:13,920 --> 00:41:16,560 and we're going to set this variable to 1086 00:41:16,560 --> 00:41:18,540 be equal to whatever the user of this 1087 00:41:18,540 --> 00:41:20,640 program inputs during the running of the 1088 00:41:20,640 --> 00:41:22,020 program 1089 00:41:22,020 --> 00:41:23,579 now what they mean by that is we're 1090 00:41:23,579 --> 00:41:25,500 going to use the input function which 1091 00:41:25,500 --> 00:41:27,900 allows us to add the runtime specify the 1092 00:41:27,900 --> 00:41:30,180 IP address that we want to scan 1093 00:41:30,180 --> 00:41:31,980 so we're going to prompt to the user of 1094 00:41:31,980 --> 00:41:33,359 this program 1095 00:41:33,359 --> 00:41:35,099 something like this 1096 00:41:35,099 --> 00:41:39,079 enter Target to scan 1097 00:41:39,300 --> 00:41:41,660 okay 1098 00:41:42,240 --> 00:41:44,520 now that we have that we also need to 1099 00:41:44,520 --> 00:41:46,560 define the port 1100 00:41:46,560 --> 00:41:50,460 and let's say the port will be port 80. 1101 00:41:50,460 --> 00:41:52,320 it will be a simple integer so we're 1102 00:41:52,320 --> 00:41:54,480 going to select it like this and now our 1103 00:41:54,480 --> 00:41:56,099 code is good to go 1104 00:41:56,099 --> 00:41:58,800 all we are left to do is we're left to 1105 00:41:58,800 --> 00:42:00,240 wrap this inside of a try and accept 1106 00:42:00,240 --> 00:42:02,400 Rule and this try and accept rule 1107 00:42:02,400 --> 00:42:03,960 basically means that we are going to try 1108 00:42:03,960 --> 00:42:06,960 this and in case that doesn't work we're 1109 00:42:06,960 --> 00:42:09,359 going to try something else which will 1110 00:42:09,359 --> 00:42:12,480 be under this except part so try and 1111 00:42:12,480 --> 00:42:14,820 then sock dot connect we are trying to 1112 00:42:14,820 --> 00:42:17,160 connect to the port and if we don't 1113 00:42:17,160 --> 00:42:19,079 manage to connect we're going to print 1114 00:42:19,079 --> 00:42:21,680 to the screen 1115 00:42:21,960 --> 00:42:25,040 that's the port 1116 00:42:25,640 --> 00:42:27,839 is closed 1117 00:42:27,839 --> 00:42:31,040 and one can simply just specify Port 80 1118 00:42:31,040 --> 00:42:34,380 is closed because we are scanning that 1119 00:42:34,380 --> 00:42:35,220 port 1120 00:42:35,220 --> 00:42:38,280 if we do manage to connect we can print 1121 00:42:38,280 --> 00:42:43,800 Port 80 is open okay so this is the base 1122 00:42:43,800 --> 00:42:46,200 part of the program let's see whether 1123 00:42:46,200 --> 00:42:49,140 this works now in order to test this and 1124 00:42:49,140 --> 00:42:51,000 see whether it works I'm going to pick a 1125 00:42:51,000 --> 00:42:52,619 random IP address which in this case 1126 00:42:52,619 --> 00:42:55,140 will be the IP address of my laptop and 1127 00:42:55,140 --> 00:42:56,460 in your case you can simply just scan 1128 00:42:56,460 --> 00:42:58,619 any website on the internet for example 1129 00:42:58,619 --> 00:43:02,700 let's say we go to Firefox 1130 00:43:02,700 --> 00:43:05,280 and we can visit any website we want now 1131 00:43:05,280 --> 00:43:07,680 keep in mind once we actually manage to 1132 00:43:07,680 --> 00:43:09,240 visit the website that means that the 1133 00:43:09,240 --> 00:43:11,160 port 80 is open because we are loading 1134 00:43:11,160 --> 00:43:14,760 the web page so let's go to this one 1135 00:43:14,760 --> 00:43:17,880 you can choose any you like I'm going to 1136 00:43:17,880 --> 00:43:20,599 scan this one 1137 00:43:21,180 --> 00:43:23,700 okay so let's copy this 1138 00:43:23,700 --> 00:43:26,099 this is the name of the website 1139 00:43:26,099 --> 00:43:28,079 let's go right here inside of our 1140 00:43:28,079 --> 00:43:30,180 terminal and let's try to run the 1141 00:43:30,180 --> 00:43:32,880 program Python 3 and then the name of 1142 00:43:32,880 --> 00:43:36,180 the program which in our case oops 1143 00:43:36,180 --> 00:43:40,160 in our case it is 1144 00:43:40,440 --> 00:43:44,400 Python 3 or scanner.py 1145 00:43:44,400 --> 00:43:46,560 it will ask us to enter the target to 1146 00:43:46,560 --> 00:43:48,780 scan now you will notice if you specify 1147 00:43:48,780 --> 00:43:51,000 like this so we paste the name of the 1148 00:43:51,000 --> 00:43:53,400 website and we click here enter it will 1149 00:43:53,400 --> 00:43:55,920 tell you that the port 80 is closed 1150 00:43:55,920 --> 00:43:58,380 now why does it tell that is the port 80 1151 00:43:58,380 --> 00:44:01,200 really closed well not really since we 1152 00:44:01,200 --> 00:44:03,480 actually managed to open it right here 1153 00:44:03,480 --> 00:44:06,240 on our Firefox therefore something is 1154 00:44:06,240 --> 00:44:07,680 wrong with our program 1155 00:44:07,680 --> 00:44:09,900 well we cannot really specify the link 1156 00:44:09,900 --> 00:44:11,520 to the actual website so how can we 1157 00:44:11,520 --> 00:44:13,260 discover the IP address to this website 1158 00:44:13,260 --> 00:44:15,119 well we can use something called 1159 00:44:15,119 --> 00:44:17,160 nslookup 1160 00:44:17,160 --> 00:44:20,520 and we specify the actual link 1161 00:44:20,520 --> 00:44:22,800 press here enter 1162 00:44:22,800 --> 00:44:25,440 and what this will do whoops it says 1163 00:44:25,440 --> 00:44:30,359 cannot find let's just try like this 1164 00:44:30,359 --> 00:44:33,660 without the http www and then the name 1165 00:44:33,660 --> 00:44:36,380 of the website 1166 00:44:36,480 --> 00:44:39,480 okay so here it is now we are able to 1167 00:44:39,480 --> 00:44:41,640 retrieve the IP address to this specific 1168 00:44:41,640 --> 00:44:43,079 website 1169 00:44:43,079 --> 00:44:45,420 what if we copy this IP address and go 1170 00:44:45,420 --> 00:44:48,300 with this so copy 1171 00:44:48,300 --> 00:44:50,700 and let's clear the screen and run our 1172 00:44:50,700 --> 00:44:53,520 Port scanner once again enter Target to 1173 00:44:53,520 --> 00:44:56,640 scan we paste this and now we get the 1174 00:44:56,640 --> 00:44:59,339 correct result it says Port 80 is open 1175 00:44:59,339 --> 00:45:02,280 okay so for now on what we did we 1176 00:45:02,280 --> 00:45:04,319 created two simple variables one will 1177 00:45:04,319 --> 00:45:06,240 host the IP address that we input during 1178 00:45:06,240 --> 00:45:08,040 the running of the program and the other 1179 00:45:08,040 --> 00:45:10,980 one will host the port number 80. so we 1180 00:45:10,980 --> 00:45:12,420 are not inputting this we are not 1181 00:45:12,420 --> 00:45:14,099 changing this this will simply just 1182 00:45:14,099 --> 00:45:15,900 stick to 80 for now 1183 00:45:15,900 --> 00:45:18,720 then we try to connect and if we manage 1184 00:45:18,720 --> 00:45:20,640 to connect we print that the port 80 is 1185 00:45:20,640 --> 00:45:22,980 open if we don't manage to connect we 1186 00:45:22,980 --> 00:45:25,200 print Port 80 is closed 1187 00:45:25,200 --> 00:45:27,359 okay so good for now we discovered that 1188 00:45:27,359 --> 00:45:29,700 the port 80 is open on this specific 1189 00:45:29,700 --> 00:45:31,560 website that we scanned 1190 00:45:31,560 --> 00:45:33,180 but this is not really what we want 1191 00:45:33,180 --> 00:45:35,940 right we want to actually scan multiple 1192 00:45:35,940 --> 00:45:39,000 targets we want to scan all ports or as 1193 00:45:39,000 --> 00:45:41,339 many number of ports as we like we want 1194 00:45:41,339 --> 00:45:43,260 to print which port is open which Port 1195 00:45:43,260 --> 00:45:44,640 is closed 1196 00:45:44,640 --> 00:45:47,520 and ideally we also want to connect to 1197 00:45:47,520 --> 00:45:49,740 that port and see which software is it 1198 00:45:49,740 --> 00:45:51,780 running on that open port 1199 00:45:51,780 --> 00:45:53,940 now that word scanner would be a really 1200 00:45:53,940 --> 00:45:54,960 good one 1201 00:45:54,960 --> 00:45:56,940 so let's see in the next few videos how 1202 00:45:56,940 --> 00:45:59,520 we can Implement all of that we would 1203 00:45:59,520 --> 00:46:01,800 also like to change this program to also 1204 00:46:01,800 --> 00:46:04,140 accept the links and not just the IP 1205 00:46:04,140 --> 00:46:06,300 addresses so you saw previously we 1206 00:46:06,300 --> 00:46:07,980 couldn't really specify the link it gave 1207 00:46:07,980 --> 00:46:10,319 us the wrong result because it cannot 1208 00:46:10,319 --> 00:46:12,060 really connect to a link inside of this 1209 00:46:12,060 --> 00:46:14,280 program but we also want to make sure 1210 00:46:14,280 --> 00:46:16,200 that once the user of this program 1211 00:46:16,200 --> 00:46:18,960 specifies a link such as www.google.com 1212 00:46:18,960 --> 00:46:21,720 it will also manage to discover open and 1213 00:46:21,720 --> 00:46:24,000 close ports so we're going to see how we 1214 00:46:24,000 --> 00:46:25,740 can perform all of that in the next few 1215 00:46:25,740 --> 00:46:26,880 lectures 1216 00:46:26,880 --> 00:46:29,339 for now on we created the base part and 1217 00:46:29,339 --> 00:46:31,079 we are ready to continue coding on 1218 00:46:31,079 --> 00:46:33,180 alright so hope I see you in the next 1219 00:46:33,180 --> 00:46:34,800 tutorial bye 1220 00:46:34,800 --> 00:46:36,839 all right welcome back let's continue 1221 00:46:36,839 --> 00:46:39,420 with our Port scanner what we did by now 1222 00:46:39,420 --> 00:46:41,040 as you can see from the previous video 1223 00:46:41,040 --> 00:46:43,380 we only discovered that the port 80 is 1224 00:46:43,380 --> 00:46:45,660 open on the website that we scanned 1225 00:46:45,660 --> 00:46:47,819 so what we need to do now is we need to 1226 00:46:47,819 --> 00:46:50,579 wrap this code inside the function 1227 00:46:50,579 --> 00:46:52,140 and let me show you why we are doing 1228 00:46:52,140 --> 00:46:54,839 that if I simply Define a function which 1229 00:46:54,839 --> 00:46:58,440 will be called scan underscore port 1230 00:46:58,440 --> 00:47:00,060 and for those of you who don't know to 1231 00:47:00,060 --> 00:47:01,680 define a function you simply just type 1232 00:47:01,680 --> 00:47:03,839 Def and then the function name 1233 00:47:03,839 --> 00:47:06,839 this function will take two parameters 1234 00:47:06,839 --> 00:47:08,940 which will be the IP address 1235 00:47:08,940 --> 00:47:10,619 which were defined at the beginning of 1236 00:47:10,619 --> 00:47:14,940 the program and it will also be report 1237 00:47:14,940 --> 00:47:16,200 okay 1238 00:47:16,200 --> 00:47:18,960 we specify two dots and now we need to 1239 00:47:18,960 --> 00:47:20,880 tap all of this code in 1240 00:47:20,880 --> 00:47:23,819 so it can belong to the function that we 1241 00:47:23,819 --> 00:47:25,380 created 1242 00:47:25,380 --> 00:47:28,500 okay so here it is what this function 1243 00:47:28,500 --> 00:47:30,720 will do is it will scan the port and it 1244 00:47:30,720 --> 00:47:34,319 will define whether it is open or closed 1245 00:47:34,319 --> 00:47:36,900 now another thing that we want to do is 1246 00:47:36,900 --> 00:47:39,060 we don't really want the ports to be 1247 00:47:39,060 --> 00:47:41,280 already predetermined for example let's 1248 00:47:41,280 --> 00:47:42,960 say that the user of this program wants 1249 00:47:42,960 --> 00:47:45,540 to scan Port 22 which is the SSH Port 1250 00:47:45,540 --> 00:47:47,880 well we want to allow them to actually 1251 00:47:47,880 --> 00:47:50,220 do that so we need to remove this port 1252 00:47:50,220 --> 00:47:52,859 equals 18. 1253 00:47:52,859 --> 00:47:55,020 and also from these comments right here 1254 00:47:55,020 --> 00:47:56,880 we want to type 1255 00:47:56,880 --> 00:47:58,859 port 1256 00:47:58,859 --> 00:48:00,900 and then we are going to type it like 1257 00:48:00,900 --> 00:48:03,180 this 1258 00:48:03,180 --> 00:48:05,060 Plus 1259 00:48:05,060 --> 00:48:08,640 string from the port and the reason why 1260 00:48:08,640 --> 00:48:10,859 we are using the string function onto 1261 00:48:10,859 --> 00:48:13,020 this port variable is because the port 1262 00:48:13,020 --> 00:48:15,500 variable will hold an integer value 1263 00:48:15,500 --> 00:48:18,000 therefore once we actually try to print 1264 00:48:18,000 --> 00:48:21,060 it we will get an error if we try to 1265 00:48:21,060 --> 00:48:23,099 print an integer value so we need to 1266 00:48:23,099 --> 00:48:24,960 convert it first to string using this 1267 00:48:24,960 --> 00:48:27,780 Str function and then we can print this 1268 00:48:27,780 --> 00:48:30,359 so for example if the for if the port is 1269 00:48:30,359 --> 00:48:34,619 number 23 this will print Port 23 is 1270 00:48:34,619 --> 00:48:35,520 open 1271 00:48:35,520 --> 00:48:39,500 we also need to do the same right here 1272 00:48:40,380 --> 00:48:43,880 string from Port 1273 00:48:44,400 --> 00:48:48,119 okay so Port 23 is closed and now let's 1274 00:48:48,119 --> 00:48:50,400 test our function but let's add a little 1275 00:48:50,400 --> 00:48:52,260 bit of a Twist to it so what we want to 1276 00:48:52,260 --> 00:48:55,500 do is we want to scan first 10 ports on 1277 00:48:55,500 --> 00:48:57,060 our website 1278 00:48:57,060 --> 00:49:00,359 all right so how can we do that well we 1279 00:49:00,359 --> 00:49:04,200 don't have a port specified at all so we 1280 00:49:04,200 --> 00:49:06,660 need to iterate over numbers 1 through 1281 00:49:06,660 --> 00:49:09,660 10 and then specify for each number that 1282 00:49:09,660 --> 00:49:12,480 the port is equal that exact number 1283 00:49:12,480 --> 00:49:14,460 let me show you what they mean so right 1284 00:49:14,460 --> 00:49:17,880 here if I go all the way down and below 1285 00:49:17,880 --> 00:49:20,819 the function I specify 1286 00:49:20,819 --> 00:49:22,980 for Port 1287 00:49:22,980 --> 00:49:24,900 in range 1288 00:49:24,900 --> 00:49:27,480 one to ten 1289 00:49:27,480 --> 00:49:31,859 I want to perform a function scan oops 1290 00:49:31,859 --> 00:49:36,119 underscore port on the IP address 1291 00:49:36,119 --> 00:49:38,940 with the port number 1292 00:49:38,940 --> 00:49:41,760 so what this will do is it will go for 1293 00:49:41,760 --> 00:49:44,339 port in range from 1 to 10 so first of 1294 00:49:44,339 --> 00:49:46,319 all Port would be number one we want to 1295 00:49:46,319 --> 00:49:48,960 scan the IP address with the port equal 1296 00:49:48,960 --> 00:49:51,480 to one then it will perform this task 1297 00:49:51,480 --> 00:49:52,800 right here 1298 00:49:52,800 --> 00:49:54,540 then it will go back 1299 00:49:54,540 --> 00:49:56,700 change the port variable to be equal to 1300 00:49:56,700 --> 00:49:59,520 2 and then it will perform the same task 1301 00:49:59,520 --> 00:50:01,920 just with the port number equal to 2. 1302 00:50:01,920 --> 00:50:03,780 also what we want to do is we want to 1303 00:50:03,780 --> 00:50:06,300 copy this 1304 00:50:06,300 --> 00:50:09,240 copy then we can delete it 1305 00:50:09,240 --> 00:50:12,020 and we can paste it below the function 1306 00:50:12,020 --> 00:50:13,980 right here 1307 00:50:13,980 --> 00:50:17,520 okay now let's see whether this works 1308 00:50:17,520 --> 00:50:19,740 so once again for this feel free to scan 1309 00:50:19,740 --> 00:50:22,380 any website you want I will simply just 1310 00:50:22,380 --> 00:50:24,480 go with the same website that we used in 1311 00:50:24,480 --> 00:50:27,000 the previous video and once again in 1312 00:50:27,000 --> 00:50:28,920 order to discover the IP address of the 1313 00:50:28,920 --> 00:50:31,380 link We simply just type nslookup 1314 00:50:31,380 --> 00:50:33,660 and then 1315 00:50:33,660 --> 00:50:37,980 the link to the actual website copy IP 1316 00:50:37,980 --> 00:50:40,220 address 1317 00:50:40,740 --> 00:50:42,900 copy 1318 00:50:42,900 --> 00:50:46,640 and then let's run the program 1319 00:50:48,180 --> 00:50:51,240 enter Target to scan we select the IP 1320 00:50:51,240 --> 00:50:54,260 address here it is 1321 00:50:54,780 --> 00:50:58,160 and now it is scanning first 10 ports 1322 00:50:58,160 --> 00:51:02,040 now right away you can notice that it's 1323 00:51:02,040 --> 00:51:03,839 not really printing anything it is 1324 00:51:03,839 --> 00:51:06,900 actually going rather slow and it is 1325 00:51:06,900 --> 00:51:08,819 still not even finished with the first 1326 00:51:08,819 --> 00:51:10,920 Port now we don't really want this we 1327 00:51:10,920 --> 00:51:13,619 want our Port scanner to work faster so 1328 00:51:13,619 --> 00:51:15,359 how can we fix this well first of all 1329 00:51:15,359 --> 00:51:18,800 Ctrl C onto the program 1330 00:51:18,960 --> 00:51:22,500 right here and then inside of our scan 1331 00:51:22,500 --> 00:51:24,300 Port function we need to add another 1332 00:51:24,300 --> 00:51:26,220 line 1333 00:51:26,220 --> 00:51:29,059 which will be 1334 00:51:29,760 --> 00:51:31,859 sock dot set 1335 00:51:31,859 --> 00:51:34,140 timeout and we want to set the timeout 1336 00:51:34,140 --> 00:51:37,079 to be equal to 0.5 seconds 1337 00:51:37,079 --> 00:51:39,660 now keep in mind also that the accuracy 1338 00:51:39,660 --> 00:51:41,940 of the scan will depend on the length of 1339 00:51:41,940 --> 00:51:44,280 the timeout so some ports will take a 1340 00:51:44,280 --> 00:51:46,619 longer to connect to and some ports will 1341 00:51:46,619 --> 00:51:48,180 take less to connect to if you simply 1342 00:51:48,180 --> 00:51:50,099 just leave it without timeout the 1343 00:51:50,099 --> 00:51:52,020 accuracy will be the highest the lower 1344 00:51:52,020 --> 00:51:55,079 the timeout the smaller the accuracy but 1345 00:51:55,079 --> 00:51:57,300 this is a price that we want to pay in 1346 00:51:57,300 --> 00:52:00,059 order to actually scan the target faster 1347 00:52:00,059 --> 00:52:02,339 so let's see whether this worked so 1348 00:52:02,339 --> 00:52:04,440 Python 3 Port scanner 1349 00:52:04,440 --> 00:52:06,720 we paste the IP address and we can see 1350 00:52:06,720 --> 00:52:09,780 Port 1 is closed and all of the 10 ports 1351 00:52:09,780 --> 00:52:12,300 are closed on our website 1352 00:52:12,300 --> 00:52:15,540 so we scan ports 1 through 10. 1353 00:52:15,540 --> 00:52:18,240 okay now this is probably correct for 1354 00:52:18,240 --> 00:52:19,800 the website that I'm scanning but how 1355 00:52:19,800 --> 00:52:21,599 can we check that well in the previous 1356 00:52:21,599 --> 00:52:23,400 video I scanned the exact same website 1357 00:52:23,400 --> 00:52:26,640 and I scan the port 80. so how can I 1358 00:52:26,640 --> 00:52:28,800 check whether this is working correctly 1359 00:52:28,800 --> 00:52:31,559 well instead of the range 1 through 10 I 1360 00:52:31,559 --> 00:52:34,520 will simply just type 1361 00:52:34,920 --> 00:52:36,960 75 1362 00:52:36,960 --> 00:52:39,599 through 85 1363 00:52:39,599 --> 00:52:41,940 and most likely all of the ports will be 1364 00:52:41,940 --> 00:52:44,940 closed except the port 80. so let's see 1365 00:52:44,940 --> 00:52:47,839 how this works Python 3 Port scanner 1366 00:52:47,839 --> 00:52:50,280 paste the IP address 1367 00:52:50,280 --> 00:52:52,800 all the ports are closed and we have one 1368 00:52:52,800 --> 00:52:57,420 port open and that is port 80. okay so 1369 00:52:57,420 --> 00:52:59,940 our program seems to work really well 1370 00:52:59,940 --> 00:53:01,980 okay so we discovered that we need to 1371 00:53:01,980 --> 00:53:03,960 set the timeout in order to actually 1372 00:53:03,960 --> 00:53:06,119 scan ports faster 1373 00:53:06,119 --> 00:53:10,140 we lose the accuracy but we gain on time 1374 00:53:10,140 --> 00:53:12,420 in the next video we're going to take a 1375 00:53:12,420 --> 00:53:15,599 look at how we can convert the link to 1376 00:53:15,599 --> 00:53:17,400 an actual IP address 1377 00:53:17,400 --> 00:53:19,319 for example we're going to take a look 1378 00:53:19,319 --> 00:53:21,240 at how we can convert our link of a 1379 00:53:21,240 --> 00:53:23,579 website to an IP address inside of our 1380 00:53:23,579 --> 00:53:25,500 program so whether the user of this 1381 00:53:25,500 --> 00:53:27,480 program specifies a link or an IP 1382 00:53:27,480 --> 00:53:29,760 address this will still work 1383 00:53:29,760 --> 00:53:31,500 okay so I hope I see you in the next 1384 00:53:31,500 --> 00:53:34,800 video and take care bye 1385 00:53:34,800 --> 00:53:36,780 welcome back everyone let's continue 1386 00:53:36,780 --> 00:53:39,599 with our Port scanner so what we did by 1387 00:53:39,599 --> 00:53:41,700 now is we simply just created this 1388 00:53:41,700 --> 00:53:43,440 function which allows us to scan the 1389 00:53:43,440 --> 00:53:46,200 ports and we also saw how we can use for 1390 00:53:46,200 --> 00:53:48,300 Loop in order to iterate over a certain 1391 00:53:48,300 --> 00:53:50,640 amount of ports and scan each and every 1392 00:53:50,640 --> 00:53:51,900 one of them 1393 00:53:51,900 --> 00:53:53,760 but right now let's see how we can 1394 00:53:53,760 --> 00:53:56,099 Implement a function that will allow the 1395 00:53:56,099 --> 00:53:58,440 user of this program to specify the 1396 00:53:58,440 --> 00:54:00,480 domain name as well as the IP address if 1397 00:54:00,480 --> 00:54:01,619 they like 1398 00:54:01,619 --> 00:54:05,339 well here is where our ipy library comes 1399 00:54:05,339 --> 00:54:06,420 in help 1400 00:54:06,420 --> 00:54:08,579 so you will notice that this is still 1401 00:54:08,579 --> 00:54:10,859 gray that means that we haven't used it 1402 00:54:10,859 --> 00:54:13,140 inside of our code and that will change 1403 00:54:13,140 --> 00:54:13,920 now 1404 00:54:13,920 --> 00:54:15,240 so 1405 00:54:15,240 --> 00:54:17,760 we'll simply just create a function up 1406 00:54:17,760 --> 00:54:20,339 here which will be called let's say 1407 00:54:20,339 --> 00:54:22,740 check underscore IP 1408 00:54:22,740 --> 00:54:24,420 and this function will take one 1409 00:54:24,420 --> 00:54:26,400 parameter which we will specify inside 1410 00:54:26,400 --> 00:54:28,200 of these brackets and that parameter 1411 00:54:28,200 --> 00:54:31,859 will be the IP address okay 1412 00:54:31,859 --> 00:54:33,900 now before we code any of this function 1413 00:54:33,900 --> 00:54:36,839 we need to specify all the way down 1414 00:54:36,839 --> 00:54:38,760 what we are going to provide to this 1415 00:54:38,760 --> 00:54:41,099 function and by that I mean which 1416 00:54:41,099 --> 00:54:43,760 parameter are we going to send well 1417 00:54:43,760 --> 00:54:46,079 logically in our case we're going to 1418 00:54:46,079 --> 00:54:48,960 send the IP address parameter keep in 1419 00:54:48,960 --> 00:54:50,579 mind that this IP address variable 1420 00:54:50,579 --> 00:54:53,520 doesn't have to store the IP address it 1421 00:54:53,520 --> 00:54:56,700 can also store the domain name 1422 00:54:56,700 --> 00:54:59,520 so what we need to do is we need to 1423 00:54:59,520 --> 00:55:01,680 simply just after the user specifies the 1424 00:55:01,680 --> 00:55:03,599 target we'll simply just call the 1425 00:55:03,599 --> 00:55:06,839 function check underscore IP and we will 1426 00:55:06,839 --> 00:55:09,420 paste the IP address 1427 00:55:09,420 --> 00:55:12,680 inside of that function 1428 00:55:13,380 --> 00:55:16,079 then we are going to store all of this 1429 00:55:16,079 --> 00:55:20,000 inside of a converted 1430 00:55:20,520 --> 00:55:23,520 underscore IP and you will see in just a 1431 00:55:23,520 --> 00:55:26,220 second why we are doing this so right 1432 00:55:26,220 --> 00:55:28,800 here we are going to scan the converted 1433 00:55:28,800 --> 00:55:31,400 IP address 1434 00:55:32,760 --> 00:55:36,000 and the port number 1435 00:55:36,000 --> 00:55:39,180 okay so let's code function above so 1436 00:55:39,180 --> 00:55:40,680 obviously we need to use this library 1437 00:55:40,680 --> 00:55:43,500 right here and this actual Library comes 1438 00:55:43,500 --> 00:55:45,300 with a specific function which is simply 1439 00:55:45,300 --> 00:55:47,640 called ipfunction okay 1440 00:55:47,640 --> 00:55:51,300 so if I go to my Google home and I have 1441 00:55:51,300 --> 00:55:53,460 a page opened right here which is 1442 00:55:53,460 --> 00:55:55,559 basically the documentation of the ipy 1443 00:55:55,559 --> 00:55:57,599 library we can see that they use right 1444 00:55:57,599 --> 00:55:59,579 here this IP function in order to 1445 00:55:59,579 --> 00:56:02,460 convert an IP address to the IP format 1446 00:56:02,460 --> 00:56:04,920 so in order for our function to work we 1447 00:56:04,920 --> 00:56:06,720 need to specify inside of the brackets 1448 00:56:06,720 --> 00:56:09,240 the IP address which is the parameter of 1449 00:56:09,240 --> 00:56:11,099 our function 1450 00:56:11,099 --> 00:56:13,380 if it manages to convert the IP address 1451 00:56:13,380 --> 00:56:15,420 that means that this works successfully 1452 00:56:15,420 --> 00:56:17,819 and that the user actually specified the 1453 00:56:17,819 --> 00:56:20,339 actual IP address to the Target if it 1454 00:56:20,339 --> 00:56:22,559 gets an value error that means that the 1455 00:56:22,559 --> 00:56:24,480 user specify the domain name 1456 00:56:24,480 --> 00:56:27,359 so let's write that right here and in 1457 00:56:27,359 --> 00:56:28,800 case you don't understand we are going 1458 00:56:28,800 --> 00:56:31,079 to test this so don't worry we're going 1459 00:56:31,079 --> 00:56:34,200 to try to convert the IP address 1460 00:56:34,200 --> 00:56:36,240 and if it manages we are going to return 1461 00:56:36,240 --> 00:56:38,940 simply what we sent to the function 1462 00:56:38,940 --> 00:56:40,500 which is the IP 1463 00:56:40,500 --> 00:56:42,839 and in case it doesn't work we are going 1464 00:56:42,839 --> 00:56:46,380 to get the value error 1465 00:56:46,380 --> 00:56:48,240 which means that the user most likely 1466 00:56:48,240 --> 00:56:50,400 specified the domain name and therefore 1467 00:56:50,400 --> 00:56:53,040 we're going to return a function which 1468 00:56:53,040 --> 00:56:54,960 belongs to the socket Library which 1469 00:56:54,960 --> 00:56:57,599 allows us to convert the actual hostname 1470 00:56:57,599 --> 00:57:00,300 to the IP address so all we need to do 1471 00:57:00,300 --> 00:57:02,280 is specify that function and call it 1472 00:57:02,280 --> 00:57:04,920 upon our IP address and we can do that 1473 00:57:04,920 --> 00:57:08,099 by simply specifying return socket dot 1474 00:57:08,099 --> 00:57:10,680 get host by name 1475 00:57:10,680 --> 00:57:13,200 and here we specify the hostname or in 1476 00:57:13,200 --> 00:57:15,960 our case the IP which we paste it to our 1477 00:57:15,960 --> 00:57:19,079 function okay so this is our internal 1478 00:57:19,079 --> 00:57:21,300 function now let's see inside of a 1479 00:57:21,300 --> 00:57:23,599 terminal 1480 00:57:23,760 --> 00:57:27,000 and let's open up our python 3. 1481 00:57:27,000 --> 00:57:31,140 and here we can import IP oops let me 1482 00:57:31,140 --> 00:57:34,319 just do it like this first of all I will 1483 00:57:34,319 --> 00:57:37,579 enlarge this so we can see it better 1484 00:57:37,579 --> 00:57:41,940 open Python 3 import or 1485 00:57:41,940 --> 00:57:44,400 from ipy 1486 00:57:44,400 --> 00:57:46,680 import IP 1487 00:57:46,680 --> 00:57:49,140 and now let's say we have a variable 1488 00:57:49,140 --> 00:57:51,359 called IP address 1489 00:57:51,359 --> 00:57:53,720 and it will be 1490 00:57:53,720 --> 00:57:57,240 192.168.1.1 okay and now if I simply 1491 00:57:57,240 --> 00:58:00,300 just call converted IP 1492 00:58:00,300 --> 00:58:01,800 equals 1493 00:58:01,800 --> 00:58:06,200 IP from IP address 1494 00:58:07,920 --> 00:58:12,020 and I print the converted IP 1495 00:58:12,359 --> 00:58:14,520 you will see it will still be the same 1496 00:58:14,520 --> 00:58:16,859 IP address so it really didn't change 1497 00:58:16,859 --> 00:58:19,319 anything therefore right here if it 1498 00:58:19,319 --> 00:58:21,180 manages to do that we're simply just 1499 00:58:21,180 --> 00:58:23,220 returning the IP address that we pasted 1500 00:58:23,220 --> 00:58:25,500 inside of this function and we are not 1501 00:58:25,500 --> 00:58:27,300 making any changes to it 1502 00:58:27,300 --> 00:58:29,880 but that is only the case if this user 1503 00:58:29,880 --> 00:58:32,220 specifies the IP address if the user 1504 00:58:32,220 --> 00:58:33,780 specifies the domain name so let's 1505 00:58:33,780 --> 00:58:35,579 create a variable called domain name 1506 00:58:35,579 --> 00:58:38,700 equals and then let's say 1507 00:58:38,700 --> 00:58:41,700 google.com 1508 00:58:42,240 --> 00:58:44,700 and we try the same thing so converted 1509 00:58:44,700 --> 00:58:46,440 IP 1510 00:58:46,440 --> 00:58:49,380 equals IP 1511 00:58:49,380 --> 00:58:52,799 from the domain name 1512 00:58:52,799 --> 00:58:55,140 and you will see we will get an error 1513 00:58:55,140 --> 00:58:57,839 and it will be the value error 1514 00:58:57,839 --> 00:59:00,299 so that is the case right here 1515 00:59:00,299 --> 00:59:02,160 then we are going to perform the get 1516 00:59:02,160 --> 00:59:04,140 host by name which will retrieve the IP 1517 00:59:04,140 --> 00:59:06,359 address of the google.com and then we 1518 00:59:06,359 --> 00:59:08,400 will return the IP address inside of our 1519 00:59:08,400 --> 00:59:10,020 scan Port function 1520 00:59:10,020 --> 00:59:11,880 so that is all there is for this 1521 00:59:11,880 --> 00:59:14,339 function now let's see whether this 1522 00:59:14,339 --> 00:59:16,260 works 1523 00:59:16,260 --> 00:59:19,200 okay so let's run the program Python 3 1524 00:59:19,200 --> 00:59:21,839 and then Port scanner 1525 00:59:21,839 --> 00:59:26,339 enter Target to scan let's say we enter 1526 00:59:26,339 --> 00:59:28,440 let's say the same website as before 1527 00:59:28,440 --> 00:59:30,599 let's not change it right now and 1528 00:59:30,599 --> 00:59:32,900 instead of the IP address we now enter 1529 00:59:32,900 --> 00:59:34,980 the domain name 1530 00:59:34,980 --> 00:59:37,740 we're going to leave this to run and 1531 00:59:37,740 --> 00:59:39,299 here we can see that it works 1532 00:59:39,299 --> 00:59:41,040 successfully as it did manage to find 1533 00:59:41,040 --> 00:59:43,740 the port 80 open we will get the same 1534 00:59:43,740 --> 00:59:46,200 result even if we scanned with an IP 1535 00:59:46,200 --> 00:59:48,359 address so right now we can specify both 1536 00:59:48,359 --> 00:59:50,819 the domain name and IP address so that 1537 00:59:50,819 --> 00:59:51,839 is good 1538 00:59:51,839 --> 00:59:53,400 now in the next video we're going to 1539 00:59:53,400 --> 00:59:54,900 take a look at how we can specify 1540 00:59:54,900 --> 00:59:56,760 multiple targets and scan multiple 1541 00:59:56,760 --> 00:59:58,319 targets at once 1542 00:59:58,319 --> 01:00:00,119 so we don't have to run our program over 1543 01:00:00,119 --> 01:00:02,160 and over again we can do the same thing 1544 01:00:02,160 --> 01:00:04,140 just by specifying multiple targets 1545 01:00:04,140 --> 01:00:05,700 inside of our program 1546 01:00:05,700 --> 01:00:08,040 and it will scan them one by one 1547 01:00:08,040 --> 01:00:10,140 so we're going to take a look at that in 1548 01:00:10,140 --> 01:00:11,700 the next tutorial hope you enjoyed this 1549 01:00:11,700 --> 01:00:13,980 small lecture and I will see you in the 1550 01:00:13,980 --> 01:00:16,079 next one bye 1551 01:00:16,079 --> 01:00:17,880 welcome back everybody and let's 1552 01:00:17,880 --> 01:00:20,160 continue with our Port scanner so we 1553 01:00:20,160 --> 01:00:21,900 managed to create a function that will 1554 01:00:21,900 --> 01:00:24,000 convert the domain name into an IP 1555 01:00:24,000 --> 01:00:26,040 address and now we want to be able to 1556 01:00:26,040 --> 01:00:28,020 specify multiple targets for our program 1557 01:00:28,020 --> 01:00:29,579 to scan 1558 01:00:29,579 --> 01:00:32,400 okay so how we can do that well it is 1559 01:00:32,400 --> 01:00:34,740 rather easy we're going to implement a 1560 01:00:34,740 --> 01:00:36,420 little bit of changes down here at the 1561 01:00:36,420 --> 01:00:38,700 bottom of our program so here you will 1562 01:00:38,700 --> 01:00:41,160 notice that we have the variable called 1563 01:00:41,160 --> 01:00:42,480 IP address 1564 01:00:42,480 --> 01:00:45,240 now it says enter Target to scan 1565 01:00:45,240 --> 01:00:47,220 well we could simply just do something 1566 01:00:47,220 --> 01:00:49,740 like this and specify to the user of 1567 01:00:49,740 --> 01:00:51,540 this program that they can also enter 1568 01:00:51,540 --> 01:00:55,140 multiple targets by typing Target slash 1569 01:00:55,140 --> 01:00:56,339 S 1570 01:00:56,339 --> 01:00:58,740 and also we're going to specify to the 1571 01:00:58,740 --> 01:01:01,020 user 1572 01:01:01,020 --> 01:01:04,940 split multiple targets 1573 01:01:05,099 --> 01:01:06,540 with 1574 01:01:06,540 --> 01:01:07,920 comma 1575 01:01:07,920 --> 01:01:12,660 okay so simple as that let us make this 1576 01:01:12,660 --> 01:01:14,579 a little bit better but this is just the 1577 01:01:14,579 --> 01:01:16,500 part where we prompt the user how they 1578 01:01:16,500 --> 01:01:19,079 can specify multiple targets now we need 1579 01:01:19,079 --> 01:01:21,119 to actually split these targets and scan 1580 01:01:21,119 --> 01:01:23,280 each one of them one by one 1581 01:01:23,280 --> 01:01:26,040 so how can we do that well first thing 1582 01:01:26,040 --> 01:01:27,780 we're going to do is so we don't get 1583 01:01:27,780 --> 01:01:29,579 confused we are going to rename this 1584 01:01:29,579 --> 01:01:33,599 into targets variable 1585 01:01:33,599 --> 01:01:35,579 and then what we're going to do we're 1586 01:01:35,579 --> 01:01:38,520 going to delete this line for now 1587 01:01:38,520 --> 01:01:42,119 we're going to specify if and then 1588 01:01:42,119 --> 01:01:44,400 comma 1589 01:01:44,400 --> 01:01:46,260 in targets 1590 01:01:46,260 --> 01:01:48,420 if there is command targets logically 1591 01:01:48,420 --> 01:01:50,220 that means that the user of this program 1592 01:01:50,220 --> 01:01:53,099 specified multiple targets to scan if 1593 01:01:53,099 --> 01:01:55,140 there is not comma inside of the targets 1594 01:01:55,140 --> 01:01:56,940 variable that means that the user only 1595 01:01:56,940 --> 01:01:59,579 specified one target to scan so we're 1596 01:01:59,579 --> 01:02:01,619 going to lead by that logic 1597 01:02:01,619 --> 01:02:05,700 so if comma is in targets then for IP 1598 01:02:05,700 --> 01:02:07,619 address 1599 01:02:07,619 --> 01:02:09,240 and we're going to call it simply just 1600 01:02:09,240 --> 01:02:11,160 IP underscore add 1601 01:02:11,160 --> 01:02:13,500 in targets 1602 01:02:13,500 --> 01:02:15,059 and we're going to call the function 1603 01:02:15,059 --> 01:02:16,920 called split 1604 01:02:16,920 --> 01:02:18,720 and what this function does is basically 1605 01:02:18,720 --> 01:02:21,480 it will split the string 1606 01:02:21,480 --> 01:02:23,520 with the character that we specify 1607 01:02:23,520 --> 01:02:25,559 inside of the brackets so we want to 1608 01:02:25,559 --> 01:02:28,319 split at every comma if we split at 1609 01:02:28,319 --> 01:02:29,760 every comma that means we're going to 1610 01:02:29,760 --> 01:02:32,400 split all of the IP addresses one by one 1611 01:02:32,400 --> 01:02:35,280 therefore we're specify right here for 1612 01:02:35,280 --> 01:02:38,040 IP address in targets.split we want to 1613 01:02:38,040 --> 01:02:42,480 scan each and every IP address so scan 1614 01:02:42,480 --> 01:02:43,920 port 1615 01:02:43,920 --> 01:02:46,500 IP address 1616 01:02:46,500 --> 01:02:48,960 and then 1617 01:02:48,960 --> 01:02:50,880 so we want to scan each and every Target 1618 01:02:50,880 --> 01:02:53,700 from this list and in order to do that 1619 01:02:53,700 --> 01:02:56,280 we're going to create a function which 1620 01:02:56,280 --> 01:02:59,339 is going to be called scan now I know we 1621 01:02:59,339 --> 01:03:01,859 do have a scan Port function but we're 1622 01:03:01,859 --> 01:03:03,480 going to use this function in order to 1623 01:03:03,480 --> 01:03:06,900 scan one single port one by one 1624 01:03:06,900 --> 01:03:08,640 and we're going to call this scan 1625 01:03:08,640 --> 01:03:10,619 function in order to scan each and every 1626 01:03:10,619 --> 01:03:12,900 Target and also convert the domain name 1627 01:03:12,900 --> 01:03:16,140 into an IP address if needed so all that 1628 01:03:16,140 --> 01:03:17,940 this function will take as a parameter 1629 01:03:17,940 --> 01:03:21,359 will be the IP address which we'll get 1630 01:03:21,359 --> 01:03:25,020 from this for Loop right here okay we 1631 01:03:25,020 --> 01:03:27,480 also want to strip it from any 1632 01:03:27,480 --> 01:03:30,540 unnecessary empty spaces in case there 1633 01:03:30,540 --> 01:03:31,559 are some 1634 01:03:31,559 --> 01:03:34,020 and right now all we need to do is code 1635 01:03:34,020 --> 01:03:38,059 this function let's go all the way up 1636 01:03:38,640 --> 01:03:41,579 and call the scan function onto the 1637 01:03:41,579 --> 01:03:45,180 target so this will be one single Target 1638 01:03:45,180 --> 01:03:47,280 and first we need to do is to get back 1639 01:03:47,280 --> 01:03:49,319 the line that we deleted before which is 1640 01:03:49,319 --> 01:03:51,540 the conversion of the IP address so 1641 01:03:51,540 --> 01:03:55,020 converted underscore IP 1642 01:03:55,020 --> 01:03:57,299 will be equal 1643 01:03:57,299 --> 01:04:00,359 to check IP which is our function that 1644 01:04:00,359 --> 01:04:02,700 we coded in the previous lecture and we 1645 01:04:02,700 --> 01:04:04,799 need to check the IP address 1646 01:04:04,799 --> 01:04:07,260 from the target which is our parameter 1647 01:04:07,260 --> 01:04:09,359 inside of the function 1648 01:04:09,359 --> 01:04:12,660 okay and now we will print just so we 1649 01:04:12,660 --> 01:04:14,400 know what we're doing we're going to 1650 01:04:14,400 --> 01:04:16,020 print 1651 01:04:16,020 --> 01:04:18,960 first of all new line character 1652 01:04:18,960 --> 01:04:22,060 which is backslash n 1653 01:04:22,060 --> 01:04:23,220 [Music] 1654 01:04:23,220 --> 01:04:24,660 Plus 1655 01:04:24,660 --> 01:04:26,880 and let's make some type of a smiley 1656 01:04:26,880 --> 01:04:28,740 right here which will look something 1657 01:04:28,740 --> 01:04:30,960 like this so 1658 01:04:30,960 --> 01:04:35,720 and let's print scanning Target 1659 01:04:36,180 --> 01:04:38,880 we also want to specify which Target are 1660 01:04:38,880 --> 01:04:40,559 we scanning in case there are multiple 1661 01:04:40,559 --> 01:04:43,500 ones so we'll specify the string of the 1662 01:04:43,500 --> 01:04:45,420 target which will be either the domain 1663 01:04:45,420 --> 01:04:47,880 name or the IP address 1664 01:04:47,880 --> 01:04:50,579 if we specify plus the string of the 1665 01:04:50,579 --> 01:04:53,880 converted IP it will only specify the IP 1666 01:04:53,880 --> 01:04:55,799 address since it will already be 1667 01:04:55,799 --> 01:04:58,380 converted from the domain name 1668 01:04:58,380 --> 01:05:00,000 but we don't want that we want to 1669 01:05:00,000 --> 01:05:01,920 specify plus the string of Target which 1670 01:05:01,920 --> 01:05:03,359 will be the names that the user 1671 01:05:03,359 --> 01:05:06,660 specified to the program and then we 1672 01:05:06,660 --> 01:05:09,839 need to copy this part from Below which 1673 01:05:09,839 --> 01:05:12,540 is four port in range 1674 01:05:12,540 --> 01:05:15,119 scan each and every port 1675 01:05:15,119 --> 01:05:17,700 let's copy this we no longer need it 1676 01:05:17,700 --> 01:05:20,700 right here we can delete it from here 1677 01:05:20,700 --> 01:05:23,040 and we can move it inside of our scan 1678 01:05:23,040 --> 01:05:25,520 function 1679 01:05:25,680 --> 01:05:27,480 so right here 1680 01:05:27,480 --> 01:05:30,000 let me just tap this properly and we're 1681 01:05:30,000 --> 01:05:33,420 going to change a few things if we need 1682 01:05:33,420 --> 01:05:37,380 so for porting range 75 to 85 we can 1683 01:05:37,380 --> 01:05:39,900 change that right away for example from 1684 01:05:39,900 --> 01:05:43,200 Port 1 to Port 100 and you can keep this 1685 01:05:43,200 --> 01:05:46,520 number as low or as high as you want 1686 01:05:46,520 --> 01:05:48,839 just for the purposes of this tutorial 1687 01:05:48,839 --> 01:05:50,700 we're going to leave it on only scanning 1688 01:05:50,700 --> 01:05:53,640 100 ports since most of the ports that 1689 01:05:53,640 --> 01:05:55,260 we want to see whether they're open or 1690 01:05:55,260 --> 01:05:58,079 closed will be in the first 100 ports 1691 01:05:58,079 --> 01:05:59,460 okay 1692 01:05:59,460 --> 01:06:01,740 and then we will call the scan Port 1693 01:06:01,740 --> 01:06:04,500 function onto the port number and also 1694 01:06:04,500 --> 01:06:06,960 onto the converted IP which we converted 1695 01:06:06,960 --> 01:06:09,480 in the first line of our function 1696 01:06:09,480 --> 01:06:12,359 okay so everything makes sense now 1697 01:06:12,359 --> 01:06:13,740 another thing that we need to change 1698 01:06:13,740 --> 01:06:15,780 down here 1699 01:06:15,780 --> 01:06:18,540 since we specified if comma in targets 1700 01:06:18,540 --> 01:06:20,700 that means that the actual user 1701 01:06:20,700 --> 01:06:23,040 specified multiple targets to scan but 1702 01:06:23,040 --> 01:06:25,260 what if they specify only one target 1703 01:06:25,260 --> 01:06:27,660 well then nothing of this will get 1704 01:06:27,660 --> 01:06:30,839 executed and we will not really scan any 1705 01:06:30,839 --> 01:06:32,819 Target throughout our program it will 1706 01:06:32,819 --> 01:06:34,680 simply just exit the program without 1707 01:06:34,680 --> 01:06:36,420 scanning the target 1708 01:06:36,420 --> 01:06:38,819 so we need to add an else statement 1709 01:06:38,819 --> 01:06:39,960 right here 1710 01:06:39,960 --> 01:06:43,680 so if command targets else 1711 01:06:43,680 --> 01:06:47,339 we want to scan the targets simple as 1712 01:06:47,339 --> 01:06:49,859 that because in this case the targets 1713 01:06:49,859 --> 01:06:51,900 will be just one IP address or one 1714 01:06:51,900 --> 01:06:54,480 domain name then it will jump from that 1715 01:06:54,480 --> 01:06:56,520 function to the scan function which will 1716 01:06:56,520 --> 01:06:58,680 convert that IP address and it will 1717 01:06:58,680 --> 01:07:01,440 perform this scan Port function onto the 1718 01:07:01,440 --> 01:07:03,900 first 100 ports 1719 01:07:03,900 --> 01:07:06,420 okay so everything makes sense now let's 1720 01:07:06,420 --> 01:07:08,520 see whether we have an error inside of 1721 01:07:08,520 --> 01:07:10,680 our program or if everything works 1722 01:07:10,680 --> 01:07:13,200 perfectly okay so let's see how we can 1723 01:07:13,200 --> 01:07:16,140 run it let's open up our terminal 1724 01:07:16,140 --> 01:07:18,240 and navigate 1725 01:07:18,240 --> 01:07:20,520 and first I will enlarge this so we can 1726 01:07:20,520 --> 01:07:22,079 see everything 1727 01:07:22,079 --> 01:07:24,359 and we need to navigate to our pycharm 1728 01:07:24,359 --> 01:07:26,400 directory it will usually be in the 1729 01:07:26,400 --> 01:07:28,319 slash root directory so here it is 1730 01:07:28,319 --> 01:07:31,559 pycharm projects I will CD to that 1731 01:07:31,559 --> 01:07:33,720 directory type LS 1732 01:07:33,720 --> 01:07:35,460 we have the test directory which we 1733 01:07:35,460 --> 01:07:37,619 created once we install the pycharm and 1734 01:07:37,619 --> 01:07:40,079 we have our Port scanner directory or 1735 01:07:40,079 --> 01:07:42,359 our Port scanner project so let's change 1736 01:07:42,359 --> 01:07:44,160 the directory to the port scanner type 1737 01:07:44,160 --> 01:07:46,559 LS once again and here is our port 1738 01:07:46,559 --> 01:07:48,180 scanner.py 1739 01:07:48,180 --> 01:07:50,220 I will clear the screen and I will run 1740 01:07:50,220 --> 01:07:51,900 the program 1741 01:07:51,900 --> 01:07:54,299 first of all let's try it with one 1742 01:07:54,299 --> 01:07:55,559 target 1743 01:07:55,559 --> 01:07:57,180 so 1744 01:07:57,180 --> 01:07:59,099 let's switch it up a little bit I will 1745 01:07:59,099 --> 01:08:01,920 use my actual router IP address in order 1746 01:08:01,920 --> 01:08:04,020 to perform test of this program so I 1747 01:08:04,020 --> 01:08:07,319 will type 182.168.1.1 1748 01:08:07,440 --> 01:08:09,480 press here enter and you will see it 1749 01:08:09,480 --> 01:08:10,799 will perform the scan really fast 1750 01:08:10,799 --> 01:08:12,500 because my router is close to me 1751 01:08:12,500 --> 01:08:15,599 therefore we can see most of the ports 1752 01:08:15,599 --> 01:08:19,020 are closed we have the port 22 open for 1753 01:08:19,020 --> 01:08:21,600 23 open 1754 01:08:21,600 --> 01:08:25,080 let's see which ones are also open port 1755 01:08:25,080 --> 01:08:29,580 53 open for the DNS and Port 80 open all 1756 01:08:29,580 --> 01:08:32,698 the other ports are closed okay 1757 01:08:32,698 --> 01:08:36,120 so right away we can notice that this is 1758 01:08:36,120 --> 01:08:38,640 not really that good to look at we don't 1759 01:08:38,640 --> 01:08:40,259 really want to print the closed ports as 1760 01:08:40,259 --> 01:08:41,819 there is too much happening right here 1761 01:08:41,819 --> 01:08:43,560 especially if you scan more than 100 1762 01:08:43,560 --> 01:08:45,719 ports it will be really hard to find all 1763 01:08:45,719 --> 01:08:47,640 of the open ones so let's see what we 1764 01:08:47,640 --> 01:08:49,859 can do inside of our program in order to 1765 01:08:49,859 --> 01:08:52,920 print only the open ports okay so right 1766 01:08:52,920 --> 01:08:54,540 here whoops 1767 01:08:54,540 --> 01:08:56,819 need to go right here inside our code 1768 01:08:56,819 --> 01:08:59,759 and in the scan Port function is our 1769 01:08:59,759 --> 01:09:01,920 print statements for default open and 1770 01:09:01,920 --> 01:09:05,040 Port closed so what we can do is instead 1771 01:09:05,040 --> 01:09:07,500 of Printing Port is closed we can delete 1772 01:09:07,500 --> 01:09:09,920 this 1773 01:09:13,319 --> 01:09:16,198 and we can simply specify pass 1774 01:09:16,198 --> 01:09:17,939 now what this will do is it will not 1775 01:09:17,939 --> 01:09:20,219 perform anything it will not print any 1776 01:09:20,219 --> 01:09:23,160 statements it will simply just pass in 1777 01:09:23,160 --> 01:09:26,399 case the port is closed okay simple as 1778 01:09:26,399 --> 01:09:30,719 that let's test it once again Python 3 1779 01:09:30,719 --> 01:09:34,380 Port scanner.py specify the IP address 1780 01:09:34,380 --> 01:09:36,600 of my router once again and this is a 1781 01:09:36,600 --> 01:09:38,580 lot better we can see scanning Target 1782 01:09:38,580 --> 01:09:41,279 and then the actual IP address of my 1783 01:09:41,279 --> 01:09:44,279 router and then which ports are open and 1784 01:09:44,279 --> 01:09:46,500 it is the exact same four ports that we 1785 01:09:46,500 --> 01:09:48,238 saw before 1786 01:09:48,238 --> 01:09:50,580 let's try another Target let's specify 1787 01:09:50,580 --> 01:09:52,560 actually two Targets now 1788 01:09:52,560 --> 01:09:55,140 if I run the program 1789 01:09:55,140 --> 01:09:57,900 and for this test you can specify the 1790 01:09:57,900 --> 01:10:00,060 same Target as I will which will be an 1791 01:10:00,060 --> 01:10:01,320 actual domain name 1792 01:10:01,320 --> 01:10:06,420 which is called test PHP Dot oneweb.com 1793 01:10:06,420 --> 01:10:08,520 okay 1794 01:10:08,520 --> 01:10:11,100 so let's specify this Target and also 1795 01:10:11,100 --> 01:10:13,380 you can specify any other random IP 1796 01:10:13,380 --> 01:10:15,600 address or domain name if you want in 1797 01:10:15,600 --> 01:10:17,280 this case I will specify once again my 1798 01:10:17,280 --> 01:10:19,920 router so we have a mixture of the 1799 01:10:19,920 --> 01:10:22,260 domain name and the IP address so we can 1800 01:10:22,260 --> 01:10:24,239 see whether this will work properly if I 1801 01:10:24,239 --> 01:10:27,239 press enter it will first start off with 1802 01:10:27,239 --> 01:10:29,580 this domain name right here and it will 1803 01:10:29,580 --> 01:10:32,040 scan for the open ports and then it will 1804 01:10:32,040 --> 01:10:34,380 proceed to the IP address of my router 1805 01:10:34,380 --> 01:10:37,020 and scan the open ports for that router 1806 01:10:37,020 --> 01:10:38,040 as well 1807 01:10:38,040 --> 01:10:40,679 so we can see on the first link it found 1808 01:10:40,679 --> 01:10:45,719 four ports open for 21 22 53 and 80 and 1809 01:10:45,719 --> 01:10:47,940 on my router the same four ports as 1810 01:10:47,940 --> 01:10:48,900 before 1811 01:10:48,900 --> 01:10:51,540 program works correctly 1812 01:10:51,540 --> 01:10:53,159 we're almost close to finishing our 1813 01:10:53,159 --> 01:10:55,440 program but there is one more thing that 1814 01:10:55,440 --> 01:10:57,780 we actually want to do we want to also 1815 01:10:57,780 --> 01:11:00,179 print which service is running on an 1816 01:11:00,179 --> 01:11:01,739 open port 1817 01:11:01,739 --> 01:11:04,260 for example let's say we want to 1818 01:11:04,260 --> 01:11:06,239 discover whether Port 80 is running 1819 01:11:06,239 --> 01:11:08,640 Apache 2 or some other version of a web 1820 01:11:08,640 --> 01:11:10,140 server 1821 01:11:10,140 --> 01:11:12,600 well we can do that by simply grabbing 1822 01:11:12,600 --> 01:11:15,600 the banner on an open port and more 1823 01:11:15,600 --> 01:11:17,460 about that in the next lecture for now 1824 01:11:17,460 --> 01:11:19,500 on we are glad that we can scan multiple 1825 01:11:19,500 --> 01:11:21,480 targets whether they are specified as a 1826 01:11:21,480 --> 01:11:24,360 domain name or as an IP address we can 1827 01:11:24,360 --> 01:11:27,060 split them by comma we can also scan one 1828 01:11:27,060 --> 01:11:29,699 target if we want and we also print only 1829 01:11:29,699 --> 01:11:31,380 open ports as we are not really 1830 01:11:31,380 --> 01:11:34,380 interested in the closed ports okay so 1831 01:11:34,380 --> 01:11:36,060 thank you for watching this lecture and 1832 01:11:36,060 --> 01:11:39,300 I will see you in the next one bye 1833 01:11:39,300 --> 01:11:41,699 welcome back everybody and let's finally 1834 01:11:41,699 --> 01:11:44,760 finish our Port scanner as I mentioned 1835 01:11:44,760 --> 01:11:46,679 in the previous video we're only left to 1836 01:11:46,679 --> 01:11:48,900 do one small thing before our Port 1837 01:11:48,900 --> 01:11:51,719 scanner is complete and ready to use and 1838 01:11:51,719 --> 01:11:53,460 that is to perform the banner grabbing 1839 01:11:53,460 --> 01:11:55,980 on the open ports to discover which 1840 01:11:55,980 --> 01:11:57,960 services and which softwares are running 1841 01:11:57,960 --> 01:12:00,780 on those open ports which can give us 1842 01:12:00,780 --> 01:12:02,760 even more detail and information that we 1843 01:12:02,760 --> 01:12:06,239 can use in our future attack okay so 1844 01:12:06,239 --> 01:12:07,679 what we need to do 1845 01:12:07,679 --> 01:12:10,500 is let's first of all think how we can 1846 01:12:10,500 --> 01:12:12,060 actually grab the banner from an open 1847 01:12:12,060 --> 01:12:14,640 port well logically we need to connect 1848 01:12:14,640 --> 01:12:17,520 to that Port we need to try to receive 1849 01:12:17,520 --> 01:12:20,040 something from that open port and then 1850 01:12:20,040 --> 01:12:22,260 read that information that we received 1851 01:12:22,260 --> 01:12:23,640 from that port 1852 01:12:23,640 --> 01:12:25,739 so we already performed half of that job 1853 01:12:25,739 --> 01:12:28,260 we connect to that Port right here at 1854 01:12:28,260 --> 01:12:29,400 this line 1855 01:12:29,400 --> 01:12:31,620 so all we're left to do after it is 1856 01:12:31,620 --> 01:12:33,960 check whether that Port retrieves some 1857 01:12:33,960 --> 01:12:36,000 information or send some information 1858 01:12:36,000 --> 01:12:39,540 back to us once we connect okay so how 1859 01:12:39,540 --> 01:12:41,699 can we do that well right after the 1860 01:12:41,699 --> 01:12:44,520 connect function we can try to retrieve 1861 01:12:44,520 --> 01:12:45,960 the information 1862 01:12:45,960 --> 01:12:47,699 we're going to use a specific function 1863 01:12:47,699 --> 01:12:49,739 to do that and we will store the result 1864 01:12:49,739 --> 01:12:51,780 of that function inside of our variable 1865 01:12:51,780 --> 01:12:54,600 which we will name Banner so Banner will 1866 01:12:54,600 --> 01:12:56,219 be equal 1867 01:12:56,219 --> 01:12:58,679 uh to the function which will be called 1868 01:12:58,679 --> 01:13:01,440 get banner and that function will take 1869 01:13:01,440 --> 01:13:04,980 as a parameter the socket object 1870 01:13:04,980 --> 01:13:06,840 so we're pasting our socket object 1871 01:13:06,840 --> 01:13:08,880 inside of this function so we can use it 1872 01:13:08,880 --> 01:13:11,400 inside of it and then we will retrieve 1873 01:13:11,400 --> 01:13:13,500 the actual Banner if we manage to get it 1874 01:13:13,500 --> 01:13:15,600 to the banner variable 1875 01:13:15,600 --> 01:13:18,060 all right so let's first of all code 1876 01:13:18,060 --> 01:13:20,460 that function we can do it right here 1877 01:13:20,460 --> 01:13:22,140 between the scan port and check 1878 01:13:22,140 --> 01:13:25,020 ipfunction and we will call it as we 1879 01:13:25,020 --> 01:13:27,719 already said get Banner 1880 01:13:27,719 --> 01:13:29,520 this function will take the socket 1881 01:13:29,520 --> 01:13:31,140 object as a parameter which we already 1882 01:13:31,140 --> 01:13:33,840 pasted inside of our scan Port function 1883 01:13:33,840 --> 01:13:36,480 and all we need to return from this is 1884 01:13:36,480 --> 01:13:39,540 we need to return the socket object and 1885 01:13:39,540 --> 01:13:41,820 then dot receive which is the function 1886 01:13:41,820 --> 01:13:44,460 that receives the data from this open 1887 01:13:44,460 --> 01:13:45,900 port 1888 01:13:45,900 --> 01:13:47,940 we can also specify inside of the 1889 01:13:47,940 --> 01:13:50,040 brackets which amount of bytes we want 1890 01:13:50,040 --> 01:13:52,320 to receive and usually this number is 1891 01:13:52,320 --> 01:13:56,280 specified as 1024 bytes as we don't 1892 01:13:56,280 --> 01:13:58,260 really need more in order to get and 1893 01:13:58,260 --> 01:14:00,840 print the banner okay so this is the 1894 01:14:00,840 --> 01:14:03,600 entire function the entire get Banner 1895 01:14:03,600 --> 01:14:05,580 function now we need to perform some 1896 01:14:05,580 --> 01:14:07,560 modifications right here inside of our 1897 01:14:07,560 --> 01:14:08,580 program 1898 01:14:08,580 --> 01:14:12,719 so we have the function right here 1899 01:14:12,719 --> 01:14:15,360 and we try right here to store the 1900 01:14:15,360 --> 01:14:18,659 banner inside this variable okay 1901 01:14:18,659 --> 01:14:21,420 now if we do manage to store it we're 1902 01:14:21,420 --> 01:14:22,920 going to print 1903 01:14:22,920 --> 01:14:25,679 port and then the string of the port is 1904 01:14:25,679 --> 01:14:26,940 open 1905 01:14:26,940 --> 01:14:28,920 but let's change it up so it looks a 1906 01:14:28,920 --> 01:14:30,659 little bit better so we're going to 1907 01:14:30,659 --> 01:14:33,480 delete all of this and print the exact 1908 01:14:33,480 --> 01:14:36,000 same thing just with the Bender attached 1909 01:14:36,000 --> 01:14:37,800 so we're going to print something like 1910 01:14:37,800 --> 01:14:39,960 this let's add the plus sign which means 1911 01:14:39,960 --> 01:14:43,679 that the port is open so open port 1912 01:14:43,679 --> 01:14:47,460 and then space we will add the string of 1913 01:14:47,460 --> 01:14:50,100 the port number that we are scanning 1914 01:14:50,100 --> 01:14:53,040 so plus the string of port 1915 01:14:53,040 --> 01:14:55,320 and then the next thing we want to do is 1916 01:14:55,320 --> 01:14:58,140 plus and we want to add the banner let's 1917 01:14:58,140 --> 01:15:00,540 separate it with two dots 1918 01:15:00,540 --> 01:15:04,620 and then add or concat the string from 1919 01:15:04,620 --> 01:15:06,000 the banner 1920 01:15:06,000 --> 01:15:10,140 to our open port number so we are going 1921 01:15:10,140 --> 01:15:12,300 to leave it like this 1922 01:15:12,300 --> 01:15:15,060 let me just see another thing that we 1923 01:15:15,060 --> 01:15:17,100 need to add is another accept statement 1924 01:15:17,100 --> 01:15:19,679 right here so accept in case we cannot 1925 01:15:19,679 --> 01:15:21,780 get the banner we're only going to print 1926 01:15:21,780 --> 01:15:24,780 open port and we're not going to print 1927 01:15:24,780 --> 01:15:26,640 any type of banner as we didn't really 1928 01:15:26,640 --> 01:15:30,620 manage to retrieve it so open port 1929 01:15:31,500 --> 01:15:35,100 plus the string of port and that is all 1930 01:15:35,100 --> 01:15:36,719 we need to do right here 1931 01:15:36,719 --> 01:15:40,320 now let's see whether this will work 1932 01:15:40,320 --> 01:15:42,360 if we open the terminal 1933 01:15:42,360 --> 01:15:44,340 right here 1934 01:15:44,340 --> 01:15:45,900 and large 1935 01:15:45,900 --> 01:15:48,120 the letter so we can see everything and 1936 01:15:48,120 --> 01:15:50,100 navigate to pycharm projects and then 1937 01:15:50,100 --> 01:15:52,199 Port scanner 1938 01:15:52,199 --> 01:15:54,659 then we try to run the port scanner and 1939 01:15:54,659 --> 01:15:56,280 specify 1940 01:15:56,280 --> 01:15:58,020 same two websites as in the previous 1941 01:15:58,020 --> 01:16:02,520 video so test PHP Dot oneweb.com 1942 01:16:02,520 --> 01:16:05,100 let's first of all try with this one 1943 01:16:05,100 --> 01:16:07,380 it will scan the Target and we can see 1944 01:16:07,380 --> 01:16:09,780 right here we do manage to retrieve some 1945 01:16:09,780 --> 01:16:12,960 of the banners from two different open 1946 01:16:12,960 --> 01:16:14,280 ports 1947 01:16:14,280 --> 01:16:16,380 so here it is we got the banner for the 1948 01:16:16,380 --> 01:16:18,719 open port 21 and now we know the 1949 01:16:18,719 --> 01:16:20,760 diversion of the software running on the 1950 01:16:20,760 --> 01:16:23,640 open port 21 which is the FTP Port is 1951 01:16:23,640 --> 01:16:25,400 pro ftpd 1952 01:16:25,400 --> 01:16:28,800 1.3.3 e server and what we can do with 1953 01:16:28,800 --> 01:16:30,840 this information we can simply just copy 1954 01:16:30,840 --> 01:16:32,940 this paste it inside of a Google and see 1955 01:16:32,940 --> 01:16:34,920 whether there is any type of exploit for 1956 01:16:34,920 --> 01:16:37,980 this specific version of the FTP server 1957 01:16:37,980 --> 01:16:40,140 we can also perform the same thing for 1958 01:16:40,140 --> 01:16:43,679 the SSH which is on Port 22 we see that 1959 01:16:43,679 --> 01:16:47,880 the version is SSH 2.1 open SSH 5.3 P1 1960 01:16:47,880 --> 01:16:50,940 Debian Ubuntu then we can copy this and 1961 01:16:50,940 --> 01:16:54,300 try to find it on Google for some and 1962 01:16:54,300 --> 01:16:55,980 try to find some vulnerabilities for 1963 01:16:55,980 --> 01:16:57,300 this version in Google 1964 01:16:57,300 --> 01:16:58,980 simple as that 1965 01:16:58,980 --> 01:17:01,260 but let's make our actual output a 1966 01:17:01,260 --> 01:17:02,880 little bit prettier we don't really want 1967 01:17:02,880 --> 01:17:05,640 it to print this B and then the 1968 01:17:05,640 --> 01:17:08,040 apostrophe and we also don't want it to 1969 01:17:08,040 --> 01:17:10,560 print the slash r or the backslash R 1970 01:17:10,560 --> 01:17:12,840 backslash n which seem to just stand for 1971 01:17:12,840 --> 01:17:15,900 the new line character okay so let's see 1972 01:17:15,900 --> 01:17:18,300 how we can get rid of that well in the 1973 01:17:18,300 --> 01:17:20,580 part where we are printing the banner if 1974 01:17:20,580 --> 01:17:22,679 we take a look at the hour output we can 1975 01:17:22,679 --> 01:17:24,540 see that the banner output starts with b 1976 01:17:24,540 --> 01:17:26,520 and then apostrophe 1977 01:17:26,520 --> 01:17:28,199 that is because we haven't really 1978 01:17:28,199 --> 01:17:30,900 decoded our Banner 1979 01:17:30,900 --> 01:17:34,199 once it actually receives the message or 1980 01:17:34,199 --> 01:17:37,560 receives this 1024 bytes those 1024 1981 01:17:37,560 --> 01:17:40,080 bytes will be encoded by default 1982 01:17:40,080 --> 01:17:42,420 in order for us to remove that b and the 1983 01:17:42,420 --> 01:17:44,640 apostrophe we can simply just type 1984 01:17:44,640 --> 01:17:46,920 Banner dot decode 1985 01:17:46,920 --> 01:17:49,080 which is a function which will remove 1986 01:17:49,080 --> 01:17:51,480 that and we also want to strip the new 1987 01:17:51,480 --> 01:17:53,219 line character so how we can do that 1988 01:17:53,219 --> 01:17:55,080 well we can add another function to this 1989 01:17:55,080 --> 01:17:58,679 Banner which is dot strip 1990 01:17:58,679 --> 01:18:02,100 and right here we can specify 1991 01:18:02,100 --> 01:18:03,900 backslash n 1992 01:18:03,900 --> 01:18:06,300 for example let's see whether this 1993 01:18:06,300 --> 01:18:09,300 worked if I go right here 1994 01:18:09,300 --> 01:18:14,159 and type same website test PHP 1995 01:18:14,159 --> 01:18:17,940 Dot oneweb.com 1996 01:18:18,900 --> 01:18:21,060 here it is now we got the prettier 1997 01:18:21,060 --> 01:18:24,000 output if you compare this one 1998 01:18:24,000 --> 01:18:26,219 with this one you will notice we no 1999 01:18:26,219 --> 01:18:28,860 longer get this B apostrophe and this 2000 01:18:28,860 --> 01:18:32,100 backslash R and backslash n 2001 01:18:32,100 --> 01:18:34,440 all right so great our Port scanner 2002 01:18:34,440 --> 01:18:36,659 works let's also test it to see whether 2003 01:18:36,659 --> 01:18:39,179 it works on multiple targets so I will 2004 01:18:39,179 --> 01:18:40,380 clear the screen 2005 01:18:40,380 --> 01:18:42,960 run my port scanner 2006 01:18:42,960 --> 01:18:45,420 specify for example three targets which 2007 01:18:45,420 --> 01:18:47,340 one of them will be this one which we 2008 01:18:47,340 --> 01:18:49,440 used in the first lectures of our Port 2009 01:18:49,440 --> 01:18:51,960 scanner then we can use the IP address 2010 01:18:51,960 --> 01:18:53,400 on my router 2011 01:18:53,400 --> 01:18:56,719 and then we can use the same test PHP 2012 01:18:56,719 --> 01:19:00,719 Dot oneweb.com 2013 01:19:01,260 --> 01:19:04,260 it will go and scan one by one first of 2014 01:19:04,260 --> 01:19:06,360 all it will start with this IP address 2015 01:19:06,360 --> 01:19:08,580 right here if it manages to find open 2016 01:19:08,580 --> 01:19:11,040 ports it will print them out if it also 2017 01:19:11,040 --> 01:19:12,780 manages to grab the banner it will also 2018 01:19:12,780 --> 01:19:15,239 print that out it will also print the 2019 01:19:15,239 --> 01:19:17,159 banner out as well next to the open port 2020 01:19:17,159 --> 01:19:19,320 then it will proceed to the next two 2021 01:19:19,320 --> 01:19:21,659 Targets and perform the exact same task 2022 01:19:21,659 --> 01:19:23,460 on both of them 2023 01:19:23,460 --> 01:19:25,739 now you might notice that some targets 2024 01:19:25,739 --> 01:19:27,780 will go slower in scanning and some 2025 01:19:27,780 --> 01:19:29,760 targets will go faster and that is 2026 01:19:29,760 --> 01:19:32,400 pretty much normal keep in mind that 2027 01:19:32,400 --> 01:19:34,260 this part right here which is the socket 2028 01:19:34,260 --> 01:19:36,840 dot set timeout is crucial in order to 2029 01:19:36,840 --> 01:19:39,900 get more or less accurate scan 2030 01:19:39,900 --> 01:19:42,480 if we simply just remove this line then 2031 01:19:42,480 --> 01:19:44,280 some actual targets might be scanning 2032 01:19:44,280 --> 01:19:47,100 for hours depending on the distance and 2033 01:19:47,100 --> 01:19:48,960 the open ports that they have and also 2034 01:19:48,960 --> 01:19:50,300 the services that they are running 2035 01:19:50,300 --> 01:19:52,440 sometimes it might take longer to 2036 01:19:52,440 --> 01:19:54,120 connect to those ports and so on and so 2037 01:19:54,120 --> 01:19:56,400 on therefore it is always good to set a 2038 01:19:56,400 --> 01:19:58,260 timeout so you don't have to wait an 2039 01:19:58,260 --> 01:20:01,080 entire day for your scan to finish 2040 01:20:01,080 --> 01:20:03,659 but by lowering this timeout you will 2041 01:20:03,659 --> 01:20:06,420 also lose the accuracy of your scan for 2042 01:20:06,420 --> 01:20:08,580 example let's say we have a port that 2043 01:20:08,580 --> 01:20:10,320 takes one second to connect to and you 2044 01:20:10,320 --> 01:20:12,840 set the timeout 0.5 seconds 2045 01:20:12,840 --> 01:20:15,960 well then after 0.5 seconds it will 2046 01:20:15,960 --> 01:20:18,000 determine that this port is closed even 2047 01:20:18,000 --> 01:20:19,920 though it is not it just takes longer to 2048 01:20:19,920 --> 01:20:22,560 connect to therefore you will lose the 2049 01:20:22,560 --> 01:20:24,420 accuracy and you will not know that that 2050 01:20:24,420 --> 01:20:26,040 port is open 2051 01:20:26,040 --> 01:20:27,900 so this part right here which is the 2052 01:20:27,900 --> 01:20:30,120 timeout is completely up to you you can 2053 01:20:30,120 --> 01:20:31,980 change it to whichever time you want 2054 01:20:31,980 --> 01:20:35,040 let's go back to our scan and we can see 2055 01:20:35,040 --> 01:20:37,260 all three scans have finished on the 2056 01:20:37,260 --> 01:20:39,420 first Target we only found one open port 2057 01:20:39,420 --> 01:20:41,520 we didn't manage to retrieve any Banner 2058 01:20:41,520 --> 01:20:44,520 for it on my router we found four open 2059 01:20:44,520 --> 01:20:47,520 ports and Port 22 sent the banner back 2060 01:20:47,520 --> 01:20:49,500 to us and now we know which version of 2061 01:20:49,500 --> 01:20:51,120 software it is running 2062 01:20:51,120 --> 01:20:53,520 and the target number three we already 2063 01:20:53,520 --> 01:20:56,280 scanned and we got the exact same result 2064 01:20:56,280 --> 01:20:59,940 okay so our Port scanner is complete it 2065 01:20:59,940 --> 01:21:01,980 can scan multiple targets it retrieves 2066 01:21:01,980 --> 01:21:03,120 the banners 2067 01:21:03,120 --> 01:21:05,040 and now we are ready to use it for our 2068 01:21:05,040 --> 01:21:07,860 penetration testing okay so in the next 2069 01:21:07,860 --> 01:21:10,320 video we're going to go really fast over 2070 01:21:10,320 --> 01:21:12,120 this code so we can explain it once 2071 01:21:12,120 --> 01:21:13,800 again for those of you that have some 2072 01:21:13,800 --> 01:21:15,840 inconvenience or if there is something 2073 01:21:15,840 --> 01:21:17,280 that you do not understand I will simply 2074 01:21:17,280 --> 01:21:19,500 just go fast through that code and then 2075 01:21:19,500 --> 01:21:21,360 we're going to see how we can also 2076 01:21:21,360 --> 01:21:24,179 import our Port scanner into another 2077 01:21:24,179 --> 01:21:26,820 Python program if we want to 2078 01:21:26,820 --> 01:21:29,040 after that video we're going to proceed 2079 01:21:29,040 --> 01:21:31,980 to our next project okay so thank you 2080 01:21:31,980 --> 01:21:33,540 for watching this video and I will see 2081 01:21:33,540 --> 01:21:36,239 you in the next one bye welcome back 2082 01:21:36,239 --> 01:21:38,340 everyone and this is the last video to 2083 01:21:38,340 --> 01:21:40,440 our Port scanner project 2084 01:21:40,440 --> 01:21:42,480 right now what we're going to do is we 2085 01:21:42,480 --> 01:21:45,060 are going to first of all recap what we 2086 01:21:45,060 --> 01:21:47,159 did inside of this program 2087 01:21:47,159 --> 01:21:48,780 so we're just going to go to the program 2088 01:21:48,780 --> 01:21:50,520 code real fast and explain what 2089 01:21:50,520 --> 01:21:52,560 everything is doing once again 2090 01:21:52,560 --> 01:21:54,719 and then I will show you how you can use 2091 01:21:54,719 --> 01:21:57,000 this program and import it inside of 2092 01:21:57,000 --> 01:21:59,520 another program so you can use it all 2093 01:21:59,520 --> 01:22:01,860 right so first of all let's navigate all 2094 01:22:01,860 --> 01:22:03,480 the way down to the beginning of the 2095 01:22:03,480 --> 01:22:06,000 program here as you can see we prompt 2096 01:22:06,000 --> 01:22:08,040 the user to input the Target or multiple 2097 01:22:08,040 --> 01:22:09,960 targets we then check whether they 2098 01:22:09,960 --> 01:22:12,360 specified one target or multiple targets 2099 01:22:12,360 --> 01:22:14,699 if we find comma inside of this variable 2100 01:22:14,699 --> 01:22:16,679 that means they specified multiple 2101 01:22:16,679 --> 01:22:19,320 targets therefore we will split all of 2102 01:22:19,320 --> 01:22:21,600 those targets and for each and every IP 2103 01:22:21,600 --> 01:22:23,820 address inside of this variable we will 2104 01:22:23,820 --> 01:22:27,120 perform the scanning of that IP address 2105 01:22:27,120 --> 01:22:29,460 in any other case that means if we 2106 01:22:29,460 --> 01:22:31,440 didn't find comma that means they only 2107 01:22:31,440 --> 01:22:33,420 specified one target therefore we are 2108 01:22:33,420 --> 01:22:36,360 going to perform the scan function onto 2109 01:22:36,360 --> 01:22:38,400 the targets variable as it is only 2110 01:22:38,400 --> 01:22:41,100 storing one IP address or one domain 2111 01:22:41,100 --> 01:22:42,780 name okay 2112 01:22:42,780 --> 01:22:44,760 then once we navigate to the scan 2113 01:22:44,760 --> 01:22:46,140 function 2114 01:22:46,140 --> 01:22:48,480 here we first take the converted IP 2115 01:22:48,480 --> 01:22:50,640 variable and then we perform the check 2116 01:22:50,640 --> 01:22:53,580 IP function onto the specified Target if 2117 01:22:53,580 --> 01:22:55,620 the specified Target is simply IP 2118 01:22:55,620 --> 01:22:57,480 address we will return that IP address 2119 01:22:57,480 --> 01:22:59,520 and it will be stored inside of the 2120 01:22:59,520 --> 01:23:02,520 converted IP in case the target is an 2121 01:23:02,520 --> 01:23:04,980 actual domain name therefore we're going 2122 01:23:04,980 --> 01:23:07,020 to perform this socket get host by name 2123 01:23:07,020 --> 01:23:09,120 method which allows us to convert the 2124 01:23:09,120 --> 01:23:11,940 domain name into an IP address 2125 01:23:11,940 --> 01:23:13,320 okay 2126 01:23:13,320 --> 01:23:16,080 right after we convert the IB address we 2127 01:23:16,080 --> 01:23:19,560 scan for 100 ports now this number keep 2128 01:23:19,560 --> 01:23:21,360 in mind can be changed for example you 2129 01:23:21,360 --> 01:23:23,880 can scan for first 500 ports if you'd 2130 01:23:23,880 --> 01:23:26,340 like it doesn't have to be 100 this is a 2131 01:23:26,340 --> 01:23:28,620 number that you can change now another 2132 01:23:28,620 --> 01:23:30,179 thing that you might want to implement 2133 01:23:30,179 --> 01:23:32,340 in this program if you want is you can 2134 01:23:32,340 --> 01:23:34,380 also prompt to the user for how many 2135 01:23:34,380 --> 01:23:36,360 ports they want to scan 2136 01:23:36,360 --> 01:23:38,520 how we would do that but we will simply 2137 01:23:38,520 --> 01:23:40,560 do that by specifying something like 2138 01:23:40,560 --> 01:23:42,719 this you go to the beginning of the 2139 01:23:42,719 --> 01:23:44,820 program and there you can simply type 2140 01:23:44,820 --> 01:23:48,060 Port num let's say we call the variable 2141 01:23:48,060 --> 01:23:51,980 like that and then input 2142 01:23:53,340 --> 01:23:54,600 enter 2143 01:23:54,600 --> 01:23:58,920 number of ports that you want 2144 01:23:58,920 --> 01:24:00,480 can 2145 01:24:00,480 --> 01:24:02,520 then the user would enter the number of 2146 01:24:02,520 --> 01:24:03,659 ports 2147 01:24:03,659 --> 01:24:06,780 oops let's not leave this to to be 2148 01:24:06,780 --> 01:24:09,480 Capital let's leave it like this so 2149 01:24:09,480 --> 01:24:11,159 enter number of ports that you want to 2150 01:24:11,159 --> 01:24:13,199 scan then you would take this actual 2151 01:24:13,199 --> 01:24:15,540 variable and you will also paste it into 2152 01:24:15,540 --> 01:24:17,520 the scan function 2153 01:24:17,520 --> 01:24:19,679 once you do that if you go back to the 2154 01:24:19,679 --> 01:24:22,020 scan function right here you would 2155 01:24:22,020 --> 01:24:25,140 simply have something like portnum 2156 01:24:25,140 --> 01:24:28,440 as a parameter and then you would have 2157 01:24:28,440 --> 01:24:30,840 for porting range one through port 2158 01:24:30,840 --> 01:24:33,060 number so you wouldn't have 500 you 2159 01:24:33,060 --> 01:24:36,120 would have something like Port num 2160 01:24:36,120 --> 01:24:37,860 so simple as that 2161 01:24:37,860 --> 01:24:39,420 but we're not going to leave it like 2162 01:24:39,420 --> 01:24:41,699 this let's just leave it as the way it 2163 01:24:41,699 --> 01:24:44,040 was before this is just something that 2164 01:24:44,040 --> 01:24:45,960 you can Implement and leave it in the 2165 01:24:45,960 --> 01:24:48,780 program if you want in this case we are 2166 01:24:48,780 --> 01:24:50,760 not going to use that since it is not 2167 01:24:50,760 --> 01:24:53,040 necessary we simply just always want to 2168 01:24:53,040 --> 01:24:56,159 scan for first 500 ports 2169 01:24:56,159 --> 01:24:59,420 so I will delete this 2170 01:24:59,940 --> 01:25:02,040 also keep in mind if you leave that 2171 01:25:02,040 --> 01:25:03,840 option you also need to specify the port 2172 01:25:03,840 --> 01:25:06,179 number inside of this line right here 2173 01:25:06,179 --> 01:25:08,340 and also inside of this line right here 2174 01:25:08,340 --> 01:25:10,440 as a second parameter to the function 2175 01:25:10,440 --> 01:25:13,920 okay so once we get to this for Loop we 2176 01:25:13,920 --> 01:25:15,900 scan for each and every port between the 2177 01:25:15,900 --> 01:25:18,540 range of 1 and 500 and we do that by 2178 01:25:18,540 --> 01:25:20,820 using the scan Port function 2179 01:25:20,820 --> 01:25:22,500 so let's go to the scan board function 2180 01:25:22,500 --> 01:25:24,480 and this is the main part of the program 2181 01:25:24,480 --> 01:25:27,000 here we create the socket object we set 2182 01:25:27,000 --> 01:25:28,980 the timeout so we don't actually waste 2183 01:25:28,980 --> 01:25:31,080 too much of our time trying to figure 2184 01:25:31,080 --> 01:25:32,760 out whether a port is closed or open 2185 01:25:32,760 --> 01:25:35,760 keep in mind that the accuracy of the 2186 01:25:35,760 --> 01:25:37,739 scan will depend on the amount of the 2187 01:25:37,739 --> 01:25:40,020 timeout that you set the lower the 2188 01:25:40,020 --> 01:25:42,000 timeout the lesser the accuracy the 2189 01:25:42,000 --> 01:25:43,860 harder the timeout the bigger the 2190 01:25:43,860 --> 01:25:46,620 accuracy okay so then we perform the 2191 01:25:46,620 --> 01:25:48,719 connect function onto the target IP 2192 01:25:48,719 --> 01:25:50,760 address and the port number 2193 01:25:50,760 --> 01:25:52,739 right after it if we manage to connect 2194 01:25:52,739 --> 01:25:54,900 we will simply just try to get banner 2195 01:25:54,900 --> 01:25:57,239 and figure out which software is the 2196 01:25:57,239 --> 01:25:58,860 target running on that specific open 2197 01:25:58,860 --> 01:26:00,840 port if we don't manage to get the 2198 01:26:00,840 --> 01:26:02,639 Bender we will simply just print open 2199 01:26:02,639 --> 01:26:04,679 port without the banner and if we do 2200 01:26:04,679 --> 01:26:06,659 manage to get it we'll print open port 2201 01:26:06,659 --> 01:26:09,239 then the port number and we will attach 2202 01:26:09,239 --> 01:26:13,500 the banner right after the two dots okay 2203 01:26:13,500 --> 01:26:15,659 in any other case if we don't manage to 2204 01:26:15,659 --> 01:26:17,580 connect we will simply just pass and not 2205 01:26:17,580 --> 01:26:19,320 print anything because we are not really 2206 01:26:19,320 --> 01:26:21,420 interested in printing which ports are 2207 01:26:21,420 --> 01:26:23,699 closed we're only interested in printing 2208 01:26:23,699 --> 01:26:27,000 the open ports okay so this is basically 2209 01:26:27,000 --> 01:26:29,219 the whole idea of this port scanner 2210 01:26:29,219 --> 01:26:31,139 project and now let's see how we can 2211 01:26:31,139 --> 01:26:33,540 actually use this program and import it 2212 01:26:33,540 --> 01:26:36,300 into another program okay so how can we 2213 01:26:36,300 --> 01:26:38,219 do that well first of all what we need 2214 01:26:38,219 --> 01:26:40,380 to do is we need to create another file 2215 01:26:40,380 --> 01:26:42,900 so I'm just going to go right click on 2216 01:26:42,900 --> 01:26:45,739 the port scanner 2217 01:26:46,500 --> 01:26:49,260 then go to the new and then python file 2218 01:26:49,260 --> 01:26:53,940 and let's call this file ipscan.py 2219 01:26:54,659 --> 01:26:56,699 it will automatically add it right here 2220 01:26:56,699 --> 01:26:59,340 so you will have two tabs one for 2221 01:26:59,340 --> 01:27:01,440 default scanner and one for the IP scan 2222 01:27:01,440 --> 01:27:04,199 and now we want to import this program 2223 01:27:04,199 --> 01:27:06,000 now one thing before you actually do 2224 01:27:06,000 --> 01:27:07,620 that is you need to make sure that both 2225 01:27:07,620 --> 01:27:09,719 of these files are in the same directory 2226 01:27:09,719 --> 01:27:12,120 in my case they are both in the port 2227 01:27:12,120 --> 01:27:14,159 scanner project therefore they are in 2228 01:27:14,159 --> 01:27:16,679 the same directory so I can proceed 2229 01:27:16,679 --> 01:27:18,960 now the next thing that we need to take 2230 01:27:18,960 --> 01:27:20,760 a look at is the name of our Port 2231 01:27:20,760 --> 01:27:23,520 scanner so it is named portscanner.py 2232 01:27:23,520 --> 01:27:25,139 now in order to actually import this 2233 01:27:25,139 --> 01:27:26,940 file into another file in the same 2234 01:27:26,940 --> 01:27:29,040 directory we simply just type the 2235 01:27:29,040 --> 01:27:31,440 command import and then the name of the 2236 01:27:31,440 --> 01:27:33,360 program that we want to import in our 2237 01:27:33,360 --> 01:27:35,520 case it is Port scanner 2238 01:27:35,520 --> 01:27:38,760 so let's type it right here for scanner 2239 01:27:38,760 --> 01:27:40,560 and you will see that pycharm already 2240 01:27:40,560 --> 01:27:43,500 recognizes it therefore we successfully 2241 01:27:43,500 --> 01:27:45,540 managed to import our Port scanner 2242 01:27:45,540 --> 01:27:47,400 program 2243 01:27:47,400 --> 01:27:49,560 now how can we perform the same task 2244 01:27:49,560 --> 01:27:51,320 that we did right here 2245 01:27:51,320 --> 01:27:55,500 just without typing all of this code 2246 01:27:55,500 --> 01:27:57,600 well we can simply just call these 2247 01:27:57,600 --> 01:28:00,540 functions from our second program and 2248 01:28:00,540 --> 01:28:03,960 use them independently Okay so 2249 01:28:03,960 --> 01:28:05,940 the use of this importing is basically 2250 01:28:05,940 --> 01:28:08,159 if anyone else wants to use our Port 2251 01:28:08,159 --> 01:28:10,320 scanner they can simply just import it 2252 01:28:10,320 --> 01:28:12,000 and use the functions from that program 2253 01:28:12,000 --> 01:28:14,580 into their own program 2254 01:28:14,580 --> 01:28:16,380 so what we're going to specify right 2255 01:28:16,380 --> 01:28:19,020 here first is the IP address to for 2256 01:28:19,020 --> 01:28:20,280 example be 2257 01:28:20,280 --> 01:28:24,600 test PHP Dot oneweb.com 2258 01:28:24,600 --> 01:28:26,400 this is the domain name that we use to 2259 01:28:26,400 --> 01:28:28,920 test with our Port scanner before so 2260 01:28:28,920 --> 01:28:31,199 nothing new right here and all we need 2261 01:28:31,199 --> 01:28:33,360 to do to actually run this port scanner 2262 01:28:33,360 --> 01:28:35,580 inside of a different program is to call 2263 01:28:35,580 --> 01:28:38,340 the scan function 2264 01:28:38,340 --> 01:28:40,440 now at first you might be asking well 2265 01:28:40,440 --> 01:28:42,000 why are we calling the scan function 2266 01:28:42,000 --> 01:28:44,400 well basically you will notice that by 2267 01:28:44,400 --> 01:28:46,860 calling this scan function all of the 2268 01:28:46,860 --> 01:28:49,320 other functions get called as well 2269 01:28:49,320 --> 01:28:51,659 for example inside with the scan 2270 01:28:51,659 --> 01:28:54,060 function we first call the check IP 2271 01:28:54,060 --> 01:28:56,460 function in order to check for the IP 2272 01:28:56,460 --> 01:28:58,620 address then we call the scan Port 2273 01:28:58,620 --> 01:29:00,900 function which will scan each and every 2274 01:29:00,900 --> 01:29:03,000 port that we specify inside of this for 2275 01:29:03,000 --> 01:29:05,040 Loop and inside of the scan Port 2276 01:29:05,040 --> 01:29:07,739 function the get Banner function gets 2277 01:29:07,739 --> 01:29:10,139 called in order to print the banner so 2278 01:29:10,139 --> 01:29:11,760 we don't need to call specifically all 2279 01:29:11,760 --> 01:29:13,380 of these functions we can simply just 2280 01:29:13,380 --> 01:29:16,020 call the scan function 2281 01:29:16,020 --> 01:29:18,780 okay so how can we do that well in order 2282 01:29:18,780 --> 01:29:20,100 to call a function from a different 2283 01:29:20,100 --> 01:29:22,260 program we first of all need to specify 2284 01:29:22,260 --> 01:29:24,780 the program name just the same way that 2285 01:29:24,780 --> 01:29:26,400 you would specify a method from a 2286 01:29:26,400 --> 01:29:28,679 different library for example right here 2287 01:29:28,679 --> 01:29:32,040 we use socket library and we called a 2288 01:29:32,040 --> 01:29:34,139 method or a function 2289 01:29:34,139 --> 01:29:36,060 and we call the function from that 2290 01:29:36,060 --> 01:29:38,340 specific library but before we had to 2291 01:29:38,340 --> 01:29:40,980 specify the library name same way goes 2292 01:29:40,980 --> 01:29:42,840 here we first need to specify Port 2293 01:29:42,840 --> 01:29:46,920 scanner and then Dot and then scan 2294 01:29:46,920 --> 01:29:49,020 you remember that this can function 2295 01:29:49,020 --> 01:29:50,880 takes one argument which will be the 2296 01:29:50,880 --> 01:29:53,100 target as the pycharm already tells us 2297 01:29:53,100 --> 01:29:56,280 right here and our Target will be the IP 2298 01:29:56,280 --> 01:29:58,139 address 2299 01:29:58,139 --> 01:30:00,300 and believe it or not but this is the 2300 01:30:00,300 --> 01:30:01,620 entire program 2301 01:30:01,620 --> 01:30:04,199 just by using these three lines we can 2302 01:30:04,199 --> 01:30:06,300 perform the same thing that we did 2303 01:30:06,300 --> 01:30:10,400 inside of our Port scanner project 2304 01:30:10,560 --> 01:30:12,480 so this is the power of importing 2305 01:30:12,480 --> 01:30:14,520 libraries you can see that anyone who 2306 01:30:14,520 --> 01:30:16,380 wants to use this can simply just write 2307 01:30:16,380 --> 01:30:18,420 three lines and they will perform the 2308 01:30:18,420 --> 01:30:20,880 same task that we performed by coding 2309 01:30:20,880 --> 01:30:23,100 the entire Port scanner 2310 01:30:23,100 --> 01:30:24,780 but there is another thing that we need 2311 01:30:24,780 --> 01:30:26,820 to take a look at before we actually try 2312 01:30:26,820 --> 01:30:29,340 to run the IP scan you might notice this 2313 01:30:29,340 --> 01:30:30,840 part right here 2314 01:30:30,840 --> 01:30:33,060 well we didn't really want to run this 2315 01:30:33,060 --> 01:30:35,340 since first of all we're calling this 2316 01:30:35,340 --> 01:30:38,340 can function already inside of our 2317 01:30:38,340 --> 01:30:40,860 ipscan program therefore we don't really 2318 01:30:40,860 --> 01:30:44,460 want to call it twice and we would 2319 01:30:44,460 --> 01:30:46,139 actually call it because by importing 2320 01:30:46,139 --> 01:30:48,900 the port scanner into our ipscan we're 2321 01:30:48,900 --> 01:30:51,960 also calling this part of the code 2322 01:30:51,960 --> 01:30:54,300 importing a library simply means that we 2323 01:30:54,300 --> 01:30:55,920 are going to paste the entire Port 2324 01:30:55,920 --> 01:30:58,679 scanner code into our ipscan function 2325 01:30:58,679 --> 01:31:01,139 therefore this part of the code will 2326 01:31:01,139 --> 01:31:02,520 also get ran 2327 01:31:02,520 --> 01:31:04,500 so how can we make sure that this part 2328 01:31:04,500 --> 01:31:07,739 of the code doesn't get ran well simply 2329 01:31:07,739 --> 01:31:10,020 we can type 2330 01:31:10,020 --> 01:31:13,800 if underscore underscore name underscore 2331 01:31:13,800 --> 01:31:16,739 underscore equals equals and then open 2332 01:31:16,739 --> 01:31:19,739 double quotes underscore underscore main 2333 01:31:19,739 --> 01:31:21,840 underscore underscore 2334 01:31:21,840 --> 01:31:24,300 if this is equal to Main 2335 01:31:24,300 --> 01:31:26,639 then we're going to run this part of 2336 01:31:26,639 --> 01:31:27,900 code 2337 01:31:27,900 --> 01:31:30,600 so let's tap all of these lines in so 2338 01:31:30,600 --> 01:31:33,719 they belong to this if statement 2339 01:31:33,719 --> 01:31:36,300 and now this part of program will only 2340 01:31:36,300 --> 01:31:40,199 get ran if we run the port scanner 2341 01:31:40,199 --> 01:31:42,420 this line basically means that the 2342 01:31:42,420 --> 01:31:44,520 actual python will recognize whether 2343 01:31:44,520 --> 01:31:46,920 this program is being ran as a main 2344 01:31:46,920 --> 01:31:49,980 program or it is being imported into a 2345 01:31:49,980 --> 01:31:52,320 different program and ran from there in 2346 01:31:52,320 --> 01:31:54,000 case it is being important in different 2347 01:31:54,000 --> 01:31:55,980 program like in this case right here 2348 01:31:55,980 --> 01:31:59,400 then it will not run this part of the 2349 01:31:59,400 --> 01:32:00,300 code 2350 01:32:00,300 --> 01:32:02,280 if it is not imported into a different 2351 01:32:02,280 --> 01:32:04,380 program and if we simply just try to run 2352 01:32:04,380 --> 01:32:06,719 the port scanner itself then this part 2353 01:32:06,719 --> 01:32:09,179 of the code will actually run and that 2354 01:32:09,179 --> 01:32:12,120 is the meaning of this line right here 2355 01:32:12,120 --> 01:32:14,699 you can simply just remember this as if 2356 01:32:14,699 --> 01:32:16,739 this is the main program then run this 2357 01:32:16,739 --> 01:32:19,440 part of the code okay so right now let's 2358 01:32:19,440 --> 01:32:22,800 test our ipscan.py 2359 01:32:22,800 --> 01:32:25,500 let's open the terminal 2360 01:32:25,500 --> 01:32:30,600 and let's type Python 3 ipscan.py 2361 01:32:31,139 --> 01:32:33,719 you can see it is scanning the target it 2362 01:32:33,719 --> 01:32:36,360 already found the two ports open and it 2363 01:32:36,360 --> 01:32:38,699 will scan for first 500 ports as we 2364 01:32:38,699 --> 01:32:40,500 specified and changed the number from 2365 01:32:40,500 --> 01:32:43,440 100 to 500 you can see we are also 2366 01:32:43,440 --> 01:32:45,120 getting some banners from these open 2367 01:32:45,120 --> 01:32:50,360 ports we got open port 106 open port 110 2368 01:32:50,360 --> 01:32:53,580 143 we can see here is a long Banner 2369 01:32:53,580 --> 01:32:55,679 from that Port not really sure what this 2370 01:32:55,679 --> 01:32:57,000 is 2371 01:32:57,000 --> 01:32:59,100 we also discover another open port which 2372 01:32:59,100 --> 01:33:02,340 is Port 465 and therefore our program 2373 01:33:02,340 --> 01:33:04,800 closes as it reached the 500 ports 2374 01:33:04,800 --> 01:33:05,520 number 2375 01:33:05,520 --> 01:33:07,679 okay so it actually does work now 2376 01:33:07,679 --> 01:33:09,179 another thing that you should keep in 2377 01:33:09,179 --> 01:33:11,159 mind is that you will need to actually 2378 01:33:11,159 --> 01:33:14,580 code this part of the code into this IP 2379 01:33:14,580 --> 01:33:17,159 scan because for example if a user 2380 01:33:17,159 --> 01:33:19,320 specifies comma and then an IP address 2381 01:33:19,320 --> 01:33:22,320 this will not work because we do not 2382 01:33:22,320 --> 01:33:24,659 have this part and this if statement 2383 01:33:24,659 --> 01:33:27,120 right here therefore it will not be able 2384 01:33:27,120 --> 01:33:30,600 to scan because of this comma right here 2385 01:33:30,600 --> 01:33:32,400 so if you want to be able to scan 2386 01:33:32,400 --> 01:33:34,320 multiple targets from your ipscan 2387 01:33:34,320 --> 01:33:36,420 program make sure that you implement 2388 01:33:36,420 --> 01:33:40,560 this if statement into the IP scan but 2389 01:33:40,560 --> 01:33:41,940 we are not going to do that at the 2390 01:33:41,940 --> 01:33:43,620 moment there is no need for that we 2391 01:33:43,620 --> 01:33:45,239 already did that in the port scanner 2392 01:33:45,239 --> 01:33:47,760 program and I will leave that up to you 2393 01:33:47,760 --> 01:33:50,940 okay so with this we actually finish our 2394 01:33:50,940 --> 01:33:52,380 first project which will be the port 2395 01:33:52,380 --> 01:33:55,080 scanner and in the next project we're 2396 01:33:55,080 --> 01:33:56,639 going to take a look at how we can 2397 01:33:56,639 --> 01:33:58,620 create the vulnerability scanner which 2398 01:33:58,620 --> 01:34:01,020 will be based on this port scanner that 2399 01:34:01,020 --> 01:34:03,120 we just created so make sure not to 2400 01:34:03,120 --> 01:34:04,980 delete this program as we are going to 2401 01:34:04,980 --> 01:34:07,139 need it you also know that you will have 2402 01:34:07,139 --> 01:34:09,300 all of these actual programs in the 2403 01:34:09,300 --> 01:34:11,219 resources at the end of each project 2404 01:34:11,219 --> 01:34:13,199 okay so you can simply just download 2405 01:34:13,199 --> 01:34:16,260 them if you don't want to code them I 2406 01:34:16,260 --> 01:34:18,239 hope you enjoyed this lecture and I will 2407 01:34:18,239 --> 01:34:20,280 see you in the vulnerability scanner 2408 01:34:20,280 --> 01:34:22,800 project take care and bye welcome 2409 01:34:22,800 --> 01:34:25,380 everybody to our second project of this 2410 01:34:25,380 --> 01:34:27,360 course which would be a vulnerability 2411 01:34:27,360 --> 01:34:30,420 scanner all right so what we did by now 2412 01:34:30,420 --> 01:34:32,940 is we created our Port scanner which 2413 01:34:32,940 --> 01:34:34,920 managed to scan multiple targets as well 2414 01:34:34,920 --> 01:34:37,139 as one Target and also discover which 2415 01:34:37,139 --> 01:34:39,659 ports were open and closed and we also 2416 01:34:39,659 --> 01:34:40,920 managed to discover some of the 2417 01:34:40,920 --> 01:34:43,440 softwares running on those open ports 2418 01:34:43,440 --> 01:34:45,780 all right right now we want to advance 2419 01:34:45,780 --> 01:34:47,760 our game and create a vulnerability 2420 01:34:47,760 --> 01:34:49,560 scanner which will be able to detect 2421 01:34:49,560 --> 01:34:52,080 which of those softwares are potentially 2422 01:34:52,080 --> 01:34:54,780 vulnerable to some type of the attack 2423 01:34:54,780 --> 01:34:56,580 so there are a few approaches that we 2424 01:34:56,580 --> 01:34:59,159 can do in order to create this I picked 2425 01:34:59,159 --> 01:35:01,679 one which is going to be based on our 2426 01:35:01,679 --> 01:35:03,600 Port scanner meaning that we are first 2427 01:35:03,600 --> 01:35:06,060 going to import our Port scanner we are 2428 01:35:06,060 --> 01:35:08,460 going to scan for the open ports then we 2429 01:35:08,460 --> 01:35:10,380 are going to create a list of vulnerable 2430 01:35:10,380 --> 01:35:13,980 softwares in a txt file which then we're 2431 01:35:13,980 --> 01:35:16,080 going to also import into our program 2432 01:35:16,080 --> 01:35:18,179 and then we are going to compare the 2433 01:35:18,179 --> 01:35:20,280 softwares on the open ports with the 2434 01:35:20,280 --> 01:35:23,040 softwares named in the list or in our 2435 01:35:23,040 --> 01:35:25,860 txt file and if they do match that means 2436 01:35:25,860 --> 01:35:27,600 that we discover the loadable software 2437 01:35:27,600 --> 01:35:30,960 which can be exploited all right now you 2438 01:35:30,960 --> 01:35:32,400 can actually download some of these 2439 01:35:32,400 --> 01:35:34,080 vulnerable software's list over the 2440 01:35:34,080 --> 01:35:36,360 Internet or for the purposes of this 2441 01:35:36,360 --> 01:35:38,219 tutorial you can simply just create a 2442 01:35:38,219 --> 01:35:40,260 small list of a few softwares like I 2443 01:35:40,260 --> 01:35:42,780 will in order to test our program but 2444 01:35:42,780 --> 01:35:44,760 before we do any of that let us open up 2445 01:35:44,760 --> 01:35:47,460 our pycharm and create our new project 2446 01:35:47,460 --> 01:35:51,060 all right so I will open up my pycharm 2447 01:35:51,060 --> 01:35:53,940 by going here and typing pycharm 2448 01:35:53,940 --> 01:35:56,580 here it is it loaded fully and by 2449 01:35:56,580 --> 01:35:58,380 default it will open up our previous 2450 01:35:58,380 --> 01:36:00,360 project which will be the port scanner 2451 01:36:00,360 --> 01:36:02,340 project but we do not want to continue 2452 01:36:02,340 --> 01:36:05,040 coding inside of that project we want to 2453 01:36:05,040 --> 01:36:06,840 create a new one and then we are going 2454 01:36:06,840 --> 01:36:09,060 to copy paste the port scanner into that 2455 01:36:09,060 --> 01:36:10,500 new project 2456 01:36:10,500 --> 01:36:12,960 all right so let's wait for it to reopen 2457 01:36:12,960 --> 01:36:14,940 all of the files from the port scanner 2458 01:36:14,940 --> 01:36:15,840 project 2459 01:36:15,840 --> 01:36:18,480 okay so here it is now let's go on to 2460 01:36:18,480 --> 01:36:20,159 the file right here 2461 01:36:20,159 --> 01:36:23,480 click on the new project 2462 01:36:23,940 --> 01:36:26,100 under the create new project in the 2463 01:36:26,100 --> 01:36:28,440 location we can create a name for our 2464 01:36:28,440 --> 01:36:30,320 new project which would be 2465 01:36:30,320 --> 01:36:32,760 vulnerability or let's just type phone 2466 01:36:32,760 --> 01:36:34,739 scanner it doesn't really matter you can 2467 01:36:34,739 --> 01:36:37,139 call it anything you want and then click 2468 01:36:37,139 --> 01:36:39,360 on create it will ask you whether you 2469 01:36:39,360 --> 01:36:41,400 want to open the project inside of this 2470 01:36:41,400 --> 01:36:43,260 window or whether you want to create a 2471 01:36:43,260 --> 01:36:45,120 new window for it we can simply just 2472 01:36:45,120 --> 01:36:47,400 create this window 2473 01:36:47,400 --> 01:36:50,639 and it will open up the new project we 2474 01:36:50,639 --> 01:36:53,520 just created all right so here it is 2475 01:36:53,520 --> 01:36:54,900 it's creating all the dependencies 2476 01:36:54,900 --> 01:36:57,120 needed and right now what we're going to 2477 01:36:57,120 --> 01:37:00,540 do we're going to open up our terminal 2478 01:37:00,540 --> 01:37:02,340 we are going to navigate to our Port 2479 01:37:02,340 --> 01:37:04,800 scanner project using our terminal and 2480 01:37:04,800 --> 01:37:06,719 then we'll copy our Port scanner to the 2481 01:37:06,719 --> 01:37:09,840 vulnerability scanner right so let's go 2482 01:37:09,840 --> 01:37:13,080 to the pycharm projects if I type LS 2483 01:37:13,080 --> 01:37:16,020 here are both of these then we want to 2484 01:37:16,020 --> 01:37:18,060 navigate to the port scanner type LS 2485 01:37:18,060 --> 01:37:20,420 once again and we want to copy the port 2486 01:37:20,420 --> 01:37:23,580 scanner.py into the portability scanner 2487 01:37:23,580 --> 01:37:26,760 directory all right so CP port 2488 01:37:26,760 --> 01:37:30,780 scanner.py to the root pycharm and then 2489 01:37:30,780 --> 01:37:33,060 vulnerability scanner 2490 01:37:33,060 --> 01:37:36,120 press enter and in just a few seconds we 2491 01:37:36,120 --> 01:37:38,699 should see our Port scanner right here 2492 01:37:38,699 --> 01:37:43,159 okay so here it is let's open it up 2493 01:37:45,000 --> 01:37:47,040 and here is our program 2494 01:37:47,040 --> 01:37:49,020 now as I mentioned previously we are 2495 01:37:49,020 --> 01:37:50,820 going to base our vulnerability scanner 2496 01:37:50,820 --> 01:37:53,699 onto the sports scanner right here but 2497 01:37:53,699 --> 01:37:55,739 we're not going to code it right in this 2498 01:37:55,739 --> 01:37:57,120 program we're simply just going to 2499 01:37:57,120 --> 01:37:59,639 import our Port scanner as I showed you 2500 01:37:59,639 --> 01:38:01,380 in the previous video how you can do 2501 01:38:01,380 --> 01:38:03,179 that and we're going to perform some 2502 01:38:03,179 --> 01:38:05,340 small modifications to this program 2503 01:38:05,340 --> 01:38:07,260 right here for example we want to make 2504 01:38:07,260 --> 01:38:10,020 this program a class so we're going to 2505 01:38:10,020 --> 01:38:11,820 delete some of the functions right here 2506 01:38:11,820 --> 01:38:13,920 we're going to modify this part of the 2507 01:38:13,920 --> 01:38:15,960 program and we're going to create this 2508 01:38:15,960 --> 01:38:19,440 to be one giant class all right but more 2509 01:38:19,440 --> 01:38:21,540 about that in the next tutorial for now 2510 01:38:21,540 --> 01:38:23,760 on we just simply copy this we created 2511 01:38:23,760 --> 01:38:25,920 our new project and in the next video we 2512 01:38:25,920 --> 01:38:27,480 are ready to start coding our 2513 01:38:27,480 --> 01:38:30,840 vulnerability scanner alright so see you 2514 01:38:30,840 --> 01:38:33,300 there and take care bye 2515 01:38:33,300 --> 01:38:34,980 welcome back everybody 2516 01:38:34,980 --> 01:38:36,840 so for now we haven't really done 2517 01:38:36,840 --> 01:38:39,540 anything yet but we did import our Port 2518 01:38:39,540 --> 01:38:41,699 scanner and now we are ready to start 2519 01:38:41,699 --> 01:38:44,219 coding the main part of the program so 2520 01:38:44,219 --> 01:38:45,840 let's go to the vulnerability scanner 2521 01:38:45,840 --> 01:38:48,000 right here right click on it click on 2522 01:38:48,000 --> 01:38:50,639 the new and click on python file so all 2523 01:38:50,639 --> 01:38:52,320 of this stuff we already learned we know 2524 01:38:52,320 --> 01:38:54,540 how to do it and let's create a program 2525 01:38:54,540 --> 01:38:56,239 which will be called 2526 01:38:56,239 --> 01:38:59,040 wolfscan.py now first thing that we want 2527 01:38:59,040 --> 01:39:01,560 to do is of course to import our Port 2528 01:39:01,560 --> 01:39:04,040 scanner 2529 01:39:04,860 --> 01:39:06,840 which makes sure that it is in the same 2530 01:39:06,840 --> 01:39:09,000 directory that is important 2531 01:39:09,000 --> 01:39:10,980 and that is actually going to be the 2532 01:39:10,980 --> 01:39:12,360 only library that we are going to need 2533 01:39:12,360 --> 01:39:14,460 since these two libraries which are 2534 01:39:14,460 --> 01:39:16,139 going to be the socket library and the 2535 01:39:16,139 --> 01:39:18,900 ipy library are already imported inside 2536 01:39:18,900 --> 01:39:22,260 of this port scanner program all right 2537 01:39:22,260 --> 01:39:24,480 now you might notice once again that 2538 01:39:24,480 --> 01:39:26,699 this ipy is actually red underlined 2539 01:39:26,699 --> 01:39:28,620 which means that this Library does not 2540 01:39:28,620 --> 01:39:30,420 exist inside the default virtual 2541 01:39:30,420 --> 01:39:33,120 environment and we already talked about 2542 01:39:33,120 --> 01:39:35,460 this before you need to actually pip3 2543 01:39:35,460 --> 01:39:37,320 install it inside of this virtual 2544 01:39:37,320 --> 01:39:38,900 environment so let's do that right away 2545 01:39:38,900 --> 01:39:42,239 using our terminal make sure that you're 2546 01:39:42,239 --> 01:39:44,760 using terminal inside of the pycharm and 2547 01:39:44,760 --> 01:39:49,380 simply just type pip3 install ipy 2548 01:39:50,239 --> 01:39:53,280 it will install the library for you and 2549 01:39:53,280 --> 01:39:55,260 as soon as it is finished you should no 2550 01:39:55,260 --> 01:39:57,960 longer have this red underlined all 2551 01:39:57,960 --> 01:40:01,100 right so let's see 2552 01:40:01,739 --> 01:40:04,320 here it is it is gone now and now we 2553 01:40:04,320 --> 01:40:06,179 have all of the libraries needed to 2554 01:40:06,179 --> 01:40:08,699 complete our project all right so let's 2555 01:40:08,699 --> 01:40:10,320 go back to our main part of the program 2556 01:40:10,320 --> 01:40:13,020 we imported our Port scanner and now 2557 01:40:13,020 --> 01:40:14,639 let's think about all of the things that 2558 01:40:14,639 --> 01:40:16,139 we need in order to complete this 2559 01:40:16,139 --> 01:40:18,900 project so first of all of course we 2560 01:40:18,900 --> 01:40:20,760 need the target if we are going to scan 2561 01:40:20,760 --> 01:40:22,679 so we want to prompt the user of this 2562 01:40:22,679 --> 01:40:25,440 program for the target's IP address so 2563 01:40:25,440 --> 01:40:28,920 let's call it targets IP equals input 2564 01:40:28,920 --> 01:40:31,620 and we're going to actually ask the user 2565 01:40:31,620 --> 01:40:33,900 for the input of this 2566 01:40:33,900 --> 01:40:37,020 so let's type it like this and then we 2567 01:40:37,020 --> 01:40:42,120 can add a star sign enter Target to scan 2568 01:40:42,120 --> 01:40:46,020 for vulnerable open ports 2569 01:40:46,020 --> 01:40:49,080 okay so this will be the target's IP 2570 01:40:49,080 --> 01:40:51,060 once again we also want to make sure 2571 01:40:51,060 --> 01:40:53,460 that this can be both IP address and the 2572 01:40:53,460 --> 01:40:55,380 actual domain name but we don't need to 2573 01:40:55,380 --> 01:40:57,179 worry about that as that part of the 2574 01:40:57,179 --> 01:40:59,760 code is already located inside of our 2575 01:40:59,760 --> 01:41:02,699 Port scanner that we imported so no need 2576 01:41:02,699 --> 01:41:05,159 to code it once again let's just go to 2577 01:41:05,159 --> 01:41:07,500 the next line and also let's ask for the 2578 01:41:07,500 --> 01:41:09,659 user for the number of ports that they 2579 01:41:09,659 --> 01:41:12,360 want to scan now we didn't use it in our 2580 01:41:12,360 --> 01:41:14,580 Port scanner so why not use it right 2581 01:41:14,580 --> 01:41:16,440 here let's say they want to scan 100 2582 01:41:16,440 --> 01:41:18,659 ports and a different user wants to scan 2583 01:41:18,659 --> 01:41:21,420 200 ports let's add that as an available 2584 01:41:21,420 --> 01:41:24,480 option as well so port number 2585 01:41:24,480 --> 01:41:27,780 will be equal to the input 2586 01:41:27,780 --> 01:41:30,540 and in the second line we prompt the 2587 01:41:30,540 --> 01:41:33,679 user for the amount 2588 01:41:34,020 --> 01:41:36,900 of ports 2589 01:41:36,900 --> 01:41:38,820 you want 2590 01:41:38,820 --> 01:41:40,619 scan 2591 01:41:40,619 --> 01:41:42,780 and let's also notify them inside of the 2592 01:41:42,780 --> 01:41:45,060 brackets that 500 will mean 2593 01:41:45,060 --> 01:41:49,500 first 500 ports okay so in case they get 2594 01:41:49,500 --> 01:41:51,719 confused they know what they need to 2595 01:41:51,719 --> 01:41:54,659 specify all right now another important 2596 01:41:54,659 --> 01:41:56,340 thing that we need to do about this line 2597 01:41:56,340 --> 01:41:58,440 is we need to make sure that this port 2598 01:41:58,440 --> 01:42:01,380 number is an integer value for example 2599 01:42:01,380 --> 01:42:04,260 if the user specifies number 100 it will 2600 01:42:04,260 --> 01:42:06,420 be stored inside of this port number but 2601 01:42:06,420 --> 01:42:08,820 it will be stored as a string and not as 2602 01:42:08,820 --> 01:42:10,980 an integer therefore we need to wrap 2603 01:42:10,980 --> 01:42:13,219 this entire part 2604 01:42:13,219 --> 01:42:16,199 inside of an integer function and this 2605 01:42:16,199 --> 01:42:18,000 integer function simply just converts 2606 01:42:18,000 --> 01:42:20,400 whatever is inside of the brackets into 2607 01:42:20,400 --> 01:42:22,020 an integer value 2608 01:42:22,020 --> 01:42:24,300 keep in mind that you will get an error 2609 01:42:24,300 --> 01:42:26,820 in case the actual user of this program 2610 01:42:26,820 --> 01:42:29,520 specifies a string for example they type 2611 01:42:29,520 --> 01:42:32,639 the word tree well that word will not 2612 01:42:32,639 --> 01:42:34,860 get converted to an integer because that 2613 01:42:34,860 --> 01:42:36,840 is not possible therefore this will only 2614 01:42:36,840 --> 01:42:39,600 work if the user specifies the actual 2615 01:42:39,600 --> 01:42:42,300 number which should be the case as we 2616 01:42:42,300 --> 01:42:44,219 are indeed asking for a number therefore 2617 01:42:44,219 --> 01:42:46,860 we want to convert it to integer so our 2618 01:42:46,860 --> 01:42:49,380 program can continue executing alright 2619 01:42:49,380 --> 01:42:51,000 so now that we got these two things out 2620 01:42:51,000 --> 01:42:53,159 of the way there is a third and last 2621 01:42:53,159 --> 01:42:54,900 thing that we need to ask the user 2622 01:42:54,900 --> 01:42:56,580 before we actually start running the 2623 01:42:56,580 --> 01:42:58,560 main part of the program and that is 2624 01:42:58,560 --> 01:43:01,139 going to be the actual file from which 2625 01:43:01,139 --> 01:43:03,360 we're going to read vulnerable softwares 2626 01:43:03,360 --> 01:43:05,940 so for this program to run we need a 2627 01:43:05,940 --> 01:43:08,100 file as I mentioned at the beginning of 2628 01:43:08,100 --> 01:43:09,780 this section we need a file that is 2629 01:43:09,780 --> 01:43:11,940 going to store vulnerable software names 2630 01:43:11,940 --> 01:43:14,340 that then we're going to compare with 2631 01:43:14,340 --> 01:43:16,679 the softwares running on open ports so 2632 01:43:16,679 --> 01:43:18,420 we're going to call that 2633 01:43:18,420 --> 01:43:22,619 for example wool underscore file and it 2634 01:43:22,619 --> 01:43:24,060 will be equal 2635 01:43:24,060 --> 01:43:27,199 to the input 2636 01:43:30,239 --> 01:43:33,540 oops let's add the double quotes 2637 01:43:33,540 --> 01:43:36,659 so to the input 2638 01:43:36,659 --> 01:43:39,179 and then we prompt the user enter path 2639 01:43:39,179 --> 01:43:42,199 to the file 2640 01:43:42,480 --> 01:43:45,679 with vulnerable 2641 01:43:46,380 --> 01:43:48,420 softwares 2642 01:43:48,420 --> 01:43:50,460 okay so now that we finished everything 2643 01:43:50,460 --> 01:43:52,860 these are three things that we need in 2644 01:43:52,860 --> 01:43:54,480 order to run this program 2645 01:43:54,480 --> 01:43:56,880 let's print also the new line character 2646 01:43:56,880 --> 01:43:59,600 so right after this 2647 01:43:59,600 --> 01:44:03,540 we can have a little bit better View and 2648 01:44:03,540 --> 01:44:05,760 now we want to use the port scanner onto 2649 01:44:05,760 --> 01:44:08,100 our program all right so we're simply 2650 01:44:08,100 --> 01:44:09,659 just going to call the function Port 2651 01:44:09,659 --> 01:44:10,860 scanner 2652 01:44:10,860 --> 01:44:13,800 dot scan 2653 01:44:13,800 --> 01:44:17,040 onto the targets IP 2654 01:44:17,040 --> 01:44:18,659 okay now 2655 01:44:18,659 --> 01:44:20,820 if you think about this a little bit you 2656 01:44:20,820 --> 01:44:22,500 will notice that this will not actually 2657 01:44:22,500 --> 01:44:25,440 work now why this will not work well 2658 01:44:25,440 --> 01:44:27,360 there are a few problems with our Port 2659 01:44:27,360 --> 01:44:30,540 scanner not with the port scanner itself 2660 01:44:30,540 --> 01:44:33,179 but with the way that we imported it and 2661 01:44:33,179 --> 01:44:34,800 that we are going to use it inside of 2662 01:44:34,800 --> 01:44:37,260 our vulnerability scanner so first of 2663 01:44:37,260 --> 01:44:39,360 all we got a problem with this port 2664 01:44:39,360 --> 01:44:41,460 number variable 2665 01:44:41,460 --> 01:44:44,100 we cannot really paste it into our scan 2666 01:44:44,100 --> 01:44:46,800 function as our scan function only takes 2667 01:44:46,800 --> 01:44:48,420 one parameter so that is the first 2668 01:44:48,420 --> 01:44:51,239 problem as we don't really have a way to 2669 01:44:51,239 --> 01:44:53,520 actually tell the port scanner that we 2670 01:44:53,520 --> 01:44:55,619 want to use this exact amount of ports 2671 01:44:55,619 --> 01:44:57,600 so that is the part that we also need to 2672 01:44:57,600 --> 01:44:59,880 edit inside of a report scanner 2673 01:44:59,880 --> 01:45:01,920 now another thing that we want to do is 2674 01:45:01,920 --> 01:45:04,139 we want to convert this entire actual 2675 01:45:04,139 --> 01:45:06,600 Port scanner into a class 2676 01:45:06,600 --> 01:45:08,580 and we also want to get rid of some of 2677 01:45:08,580 --> 01:45:10,380 the functions that we don't need 2678 01:45:10,380 --> 01:45:13,020 and also we want to get rid of this part 2679 01:45:13,020 --> 01:45:14,460 of the program 2680 01:45:14,460 --> 01:45:16,139 since there is a lot to do with this 2681 01:45:16,139 --> 01:45:17,580 port scanner we are going to leave that 2682 01:45:17,580 --> 01:45:19,440 for the next tutorial so in the next 2683 01:45:19,440 --> 01:45:21,179 tutorial we're going to cover this port 2684 01:45:21,179 --> 01:45:23,219 scanner and convert it to the best 2685 01:45:23,219 --> 01:45:25,199 possible way for us to use it inside of 2686 01:45:25,199 --> 01:45:27,179 our vulnerability scanner and then we're 2687 01:45:27,179 --> 01:45:29,820 going to continue from there alright so 2688 01:45:29,820 --> 01:45:32,100 for now we simply just prompted the user 2689 01:45:32,100 --> 01:45:34,380 for the needed things and in the next 2690 01:45:34,380 --> 01:45:35,760 video we're going to cover the port 2691 01:45:35,760 --> 01:45:38,280 scanner and how we can convert it the 2692 01:45:38,280 --> 01:45:39,719 best way possible 2693 01:45:39,719 --> 01:45:42,719 see you there and take care bye hello 2694 01:45:42,719 --> 01:45:44,580 everybody and welcome to this tutorial 2695 01:45:44,580 --> 01:45:46,619 and right now let's cover the port 2696 01:45:46,619 --> 01:45:48,840 scanner conversion to a class 2697 01:45:48,840 --> 01:45:51,060 all right so anyone who's actually 2698 01:45:51,060 --> 01:45:53,699 covered and learned python before knows 2699 01:45:53,699 --> 01:45:55,560 what classes are and knows why they are 2700 01:45:55,560 --> 01:45:58,500 important and in this case in our case 2701 01:45:58,500 --> 01:46:00,420 we want to make sure that we converted 2702 01:46:00,420 --> 01:46:03,119 class for the better usage inside of 2703 01:46:03,119 --> 01:46:05,520 this vulnerability scanner project 2704 01:46:05,520 --> 01:46:07,380 all right so first thing that we are 2705 01:46:07,380 --> 01:46:08,340 going to do 2706 01:46:08,340 --> 01:46:10,320 is we're going to create the class at 2707 01:46:10,320 --> 01:46:12,780 the top of this program we're going to 2708 01:46:12,780 --> 01:46:15,300 create it with the keyword class and 2709 01:46:15,300 --> 01:46:17,340 then we're going to call it let's say 2710 01:46:17,340 --> 01:46:20,119 port scan 2711 01:46:20,580 --> 01:46:23,159 open and close brackets and add two dots 2712 01:46:23,159 --> 01:46:24,920 and this is how we can create a class 2713 01:46:24,920 --> 01:46:27,360 now all of these functions that we have 2714 01:46:27,360 --> 01:46:29,520 below we want to make sure that they 2715 01:46:29,520 --> 01:46:32,179 belong to our port scan class 2716 01:46:32,179 --> 01:46:35,520 so what we can do is we can tap each and 2717 01:46:35,520 --> 01:46:37,619 every line so let's do it one by one 2718 01:46:37,619 --> 01:46:40,020 like this and you will see that some of 2719 01:46:40,020 --> 01:46:41,940 these actual keywords will start 2720 01:46:41,940 --> 01:46:44,580 changing colors as they start belonging 2721 01:46:44,580 --> 01:46:47,219 to our port scan class all right so 2722 01:46:47,219 --> 01:46:50,600 let's do it like this 2723 01:46:53,159 --> 01:46:56,100 all of it should be tapped once so let's 2724 01:46:56,100 --> 01:46:58,800 go like this and the scan port at the 2725 01:46:58,800 --> 01:47:00,920 end 2726 01:47:09,719 --> 01:47:13,139 okay so here it is now this part of the 2727 01:47:13,139 --> 01:47:14,699 program you might be asking what we're 2728 01:47:14,699 --> 01:47:16,860 going to do with this well in this case 2729 01:47:16,860 --> 01:47:18,960 we don't need it so we can simply just 2730 01:47:18,960 --> 01:47:20,520 delete that 2731 01:47:20,520 --> 01:47:23,520 all we need are our class with these 2732 01:47:23,520 --> 01:47:25,800 functions right here let me just create 2733 01:47:25,800 --> 01:47:27,780 space between each of these functions so 2734 01:47:27,780 --> 01:47:29,639 we can see each and every one of them a 2735 01:47:29,639 --> 01:47:32,639 little bit better and now let's see what 2736 01:47:32,639 --> 01:47:34,619 we need to do in order to get this to 2737 01:47:34,619 --> 01:47:37,080 work well first of all we are missing a 2738 01:47:37,080 --> 01:47:38,820 function that every class needs and that 2739 01:47:38,820 --> 01:47:41,580 is the init function this init function 2740 01:47:41,580 --> 01:47:43,920 will be coded at the top of the class so 2741 01:47:43,920 --> 01:47:46,739 right below the initiation of the class 2742 01:47:46,739 --> 01:47:48,420 itself we're going to type def 2743 01:47:48,420 --> 01:47:51,540 underscore underscore init underscore 2744 01:47:51,540 --> 01:47:52,739 underscore 2745 01:47:52,739 --> 01:47:55,320 all right and you will notice that by 2746 01:47:55,320 --> 01:47:57,600 default if I open and close brackets it 2747 01:47:57,600 --> 01:47:59,639 will add this self argument as a 2748 01:47:59,639 --> 01:48:02,219 parameter to this init function or init 2749 01:48:02,219 --> 01:48:04,739 method right here and this self-argument 2750 01:48:04,739 --> 01:48:07,080 basically means that it is belonging to 2751 01:48:07,080 --> 01:48:08,940 this class and what we're going to 2752 01:48:08,940 --> 01:48:11,639 Define inside of this init method is all 2753 01:48:11,639 --> 01:48:14,159 of the stuff well all of the parameters 2754 01:48:14,159 --> 01:48:16,619 that are going to define the object to 2755 01:48:16,619 --> 01:48:18,900 our class for example we want to define 2756 01:48:18,900 --> 01:48:21,300 the target parameter and the port number 2757 01:48:21,300 --> 01:48:24,119 parameter that is an actual attribute to 2758 01:48:24,119 --> 01:48:27,179 our class which defines our object all 2759 01:48:27,179 --> 01:48:30,119 right so next to the self argument we 2760 01:48:30,119 --> 01:48:32,639 need to define those two attributes so 2761 01:48:32,639 --> 01:48:34,800 the first one we can call Target 2762 01:48:34,800 --> 01:48:36,780 and the second one which is the new one 2763 01:48:36,780 --> 01:48:40,560 will be called Port underscore number 2764 01:48:40,560 --> 01:48:44,100 all right so simple as that and in order 2765 01:48:44,100 --> 01:48:45,780 to Define them inside of the init 2766 01:48:45,780 --> 01:48:48,239 function we simply just type self.target 2767 01:48:48,239 --> 01:48:51,900 will be equal to Target and self dot 2768 01:48:51,900 --> 01:48:53,280 port number 2769 01:48:53,280 --> 01:48:56,280 will be equal to port number 2770 01:48:56,280 --> 01:48:57,900 and this is just a python way to 2771 01:48:57,900 --> 01:49:00,000 actually Define them so nothing really 2772 01:49:00,000 --> 01:49:02,219 important there let me just delete this 2773 01:49:02,219 --> 01:49:04,199 empty space and now that we have our 2774 01:49:04,199 --> 01:49:07,020 init function we need to add this self 2775 01:49:07,020 --> 01:49:10,500 argument or self parameter to each and 2776 01:49:10,500 --> 01:49:12,420 every function that belongs to this 2777 01:49:12,420 --> 01:49:13,560 class 2778 01:49:13,560 --> 01:49:15,480 so we're simply just going to go right 2779 01:49:15,480 --> 01:49:18,480 here and type self 2780 01:49:18,480 --> 01:49:22,760 we're also going to type self right here 2781 01:49:25,320 --> 01:49:28,580 self right here 2782 01:49:29,880 --> 01:49:34,219 and South right here 2783 01:49:36,719 --> 01:49:39,239 and another very important thing that we 2784 01:49:39,239 --> 01:49:41,880 should consider is that we don't need 2785 01:49:41,880 --> 01:49:44,820 any of these other parameters outside of 2786 01:49:44,820 --> 01:49:46,440 the self parameter 2787 01:49:46,440 --> 01:49:49,560 and why is that well once you define 2788 01:49:49,560 --> 01:49:52,320 those attributes that we need inside of 2789 01:49:52,320 --> 01:49:54,060 this init method right here 2790 01:49:54,060 --> 01:49:56,219 we can access these variables throughout 2791 01:49:56,219 --> 01:49:59,219 each and every function in our class 2792 01:49:59,219 --> 01:50:01,380 so we don't need to paste them as 2793 01:50:01,380 --> 01:50:03,300 parameters let us just delete everything 2794 01:50:03,300 --> 01:50:05,880 but the cell parameter from each and 2795 01:50:05,880 --> 01:50:08,420 every class 2796 01:50:10,619 --> 01:50:14,060 and right here as well 2797 01:50:14,580 --> 01:50:16,560 make sure you do not delete it from the 2798 01:50:16,560 --> 01:50:19,199 init methods so let's leave it like this 2799 01:50:19,199 --> 01:50:21,239 so now that we fixed all of the methods 2800 01:50:21,239 --> 01:50:23,940 let's restructure our program a little 2801 01:50:23,940 --> 01:50:26,639 bit so I will start off with this scan 2802 01:50:26,639 --> 01:50:28,440 Port function 2803 01:50:28,440 --> 01:50:30,360 all right so what we're going to do with 2804 01:50:30,360 --> 01:50:32,580 this scan Port function besides it's 2805 01:50:32,580 --> 01:50:34,679 doing the usual stuff that it did inside 2806 01:50:34,679 --> 01:50:37,320 of our Port scanner uh project we're 2807 01:50:37,320 --> 01:50:40,800 going to add the converted IP 2808 01:50:40,800 --> 01:50:43,619 into the scan Port function instead of 2809 01:50:43,619 --> 01:50:45,239 the scan function 2810 01:50:45,239 --> 01:50:47,280 so we're going to delete it from the 2811 01:50:47,280 --> 01:50:51,179 scan function first let's go right here 2812 01:50:51,179 --> 01:50:53,639 we also are not interested into printing 2813 01:50:53,639 --> 01:50:55,800 anymore since printing we are going to 2814 01:50:55,800 --> 01:50:57,480 do in the main program which is going to 2815 01:50:57,480 --> 01:50:59,820 be the vulnerability scanner so our scan 2816 01:50:59,820 --> 01:51:01,739 function will be left with just these 2817 01:51:01,739 --> 01:51:03,659 two lines of code while the conversion 2818 01:51:03,659 --> 01:51:05,580 of the IP address will be moved right 2819 01:51:05,580 --> 01:51:07,739 here into the scan Port function 2820 01:51:07,739 --> 01:51:10,020 so we're going to call the check IP 2821 01:51:10,020 --> 01:51:12,440 function 2822 01:51:14,340 --> 01:51:16,920 and you will notice right away that some 2823 01:51:16,920 --> 01:51:19,139 of the stuff inside of our class is 2824 01:51:19,139 --> 01:51:21,600 actually red underlined and by some of 2825 01:51:21,600 --> 01:51:23,460 the stuff I mean a lot of things such as 2826 01:51:23,460 --> 01:51:25,619 for example these check IPS underlined 2827 01:51:25,619 --> 01:51:28,500 these two variables are underlined these 2828 01:51:28,500 --> 01:51:30,420 get Banner is underlined the port is 2829 01:51:30,420 --> 01:51:32,580 underlined so all this stuff are 2830 01:51:32,580 --> 01:51:34,860 underlined which means that they are not 2831 01:51:34,860 --> 01:51:38,100 recognized by the pie charm well why is 2832 01:51:38,100 --> 01:51:38,820 that 2833 01:51:38,820 --> 01:51:41,159 let's start off first with the functions 2834 01:51:41,159 --> 01:51:43,860 themselves as to why they are underlined 2835 01:51:43,860 --> 01:51:45,960 once you create a class you need to 2836 01:51:45,960 --> 01:51:47,820 actually rename those functions when you 2837 01:51:47,820 --> 01:51:49,920 call them inside of the class you need 2838 01:51:49,920 --> 01:51:52,679 to add the self argument before 2839 01:51:52,679 --> 01:51:55,860 so for example if I type self dot check 2840 01:51:55,860 --> 01:51:58,560 IP you will notice that it will no 2841 01:51:58,560 --> 01:52:00,960 longer be a red underlined and this will 2842 01:52:00,960 --> 01:52:03,719 get recognized by the pycharm this is 2843 01:52:03,719 --> 01:52:05,520 just a way to call different methods 2844 01:52:05,520 --> 01:52:07,860 from the class itself so the class can 2845 01:52:07,860 --> 01:52:10,800 recognize that this check IP belongs to 2846 01:52:10,800 --> 01:52:13,980 its own methods and therefore it knows 2847 01:52:13,980 --> 01:52:17,040 which actual method to call 2848 01:52:17,040 --> 01:52:19,199 same goes with this get Banner function 2849 01:52:19,199 --> 01:52:21,840 right here which we can simply just add 2850 01:52:21,840 --> 01:52:24,780 self.get banner and it will stop being 2851 01:52:24,780 --> 01:52:26,760 read underline 2852 01:52:26,760 --> 01:52:28,500 let's see whether we have another 2853 01:52:28,500 --> 01:52:30,719 function which is red underline here it 2854 01:52:30,719 --> 01:52:33,300 is scan Port if I simply just type self 2855 01:52:33,300 --> 01:52:36,920 Dot scanport 2856 01:52:37,380 --> 01:52:40,380 we can see it works successfully 2857 01:52:40,380 --> 01:52:42,239 now but what are we going to do with 2858 01:52:42,239 --> 01:52:44,520 these actual variables which are red 2859 01:52:44,520 --> 01:52:47,340 underlined well first of all we don't 2860 01:52:47,340 --> 01:52:49,380 really need this IP address variable 2861 01:52:49,380 --> 01:52:51,659 anymore as we are actually getting the 2862 01:52:51,659 --> 01:52:53,460 IP address from our main part of the 2863 01:52:53,460 --> 01:52:54,840 program which is going to be the 2864 01:52:54,840 --> 01:52:57,420 target's ipv variable right here and 2865 01:52:57,420 --> 01:52:58,860 then we're going to paste it into our 2866 01:52:58,860 --> 01:53:01,440 class which will then get stored inside 2867 01:53:01,440 --> 01:53:04,020 of the cell.target variable which then 2868 01:53:04,020 --> 01:53:06,719 we can use throughout our class so let's 2869 01:53:06,719 --> 01:53:09,000 change it everywhere we can first of all 2870 01:53:09,000 --> 01:53:11,400 we're going to change it in the check IP 2871 01:53:11,400 --> 01:53:14,159 method so we're no longer checking the 2872 01:53:14,159 --> 01:53:16,199 IP from the IP we're checking the 2873 01:53:16,199 --> 01:53:19,199 eyepiece from the self the Target and 2874 01:53:19,199 --> 01:53:21,000 make sure that throughout of this class 2875 01:53:21,000 --> 01:53:22,920 you also use the self-argument when 2876 01:53:22,920 --> 01:53:25,679 specifying the variable name so we're 2877 01:53:25,679 --> 01:53:28,020 trying the ipfunction from self.target 2878 01:53:28,020 --> 01:53:30,540 and in case it works we're returning 2879 01:53:30,540 --> 01:53:32,280 self.target 2880 01:53:32,280 --> 01:53:34,800 in case it doesn't work we want to 2881 01:53:34,800 --> 01:53:37,440 return the get host by name from the 2882 01:53:37,440 --> 01:53:40,080 cell.target once again keep in mind that 2883 01:53:40,080 --> 01:53:42,659 this will store the IP address from our 2884 01:53:42,659 --> 01:53:44,340 Target machine 2885 01:53:44,340 --> 01:53:47,340 goes right here to the scan Port we 2886 01:53:47,340 --> 01:53:49,260 don't really need this converted IP 2887 01:53:49,260 --> 01:53:52,320 anymore and why won't we need it well we 2888 01:53:52,320 --> 01:53:53,639 don't need it because as you can see 2889 01:53:53,639 --> 01:53:56,280 this scan Port function doesn't take the 2890 01:53:56,280 --> 01:53:57,960 IP address as a parameter anymore 2891 01:53:57,960 --> 01:54:00,719 therefore this is red underlined so we 2892 01:54:00,719 --> 01:54:02,760 can simply delete it 2893 01:54:02,760 --> 01:54:06,179 but what with this port number well we 2894 01:54:06,179 --> 01:54:08,040 actually need to send this port as a 2895 01:54:08,040 --> 01:54:10,440 parameter because we are inside this for 2896 01:54:10,440 --> 01:54:12,840 Loop therefore this port will change 2897 01:54:12,840 --> 01:54:15,360 through each iteration and we need to 2898 01:54:15,360 --> 01:54:18,000 specify to this method right here which 2899 01:54:18,000 --> 01:54:21,000 iteration is it currently at so we need 2900 01:54:21,000 --> 01:54:22,440 to send the port as an argument 2901 01:54:22,440 --> 01:54:24,540 therefore we're going to go to the scan 2902 01:54:24,540 --> 01:54:25,500 port 2903 01:54:25,500 --> 01:54:27,780 and next to the self we're going to add 2904 01:54:27,780 --> 01:54:30,360 Port as a parameter and you will see 2905 01:54:30,360 --> 01:54:33,540 right here at these three spots the red 2906 01:54:33,540 --> 01:54:36,420 underline will go away as this port now 2907 01:54:36,420 --> 01:54:39,480 exists in this program and the last part 2908 01:54:39,480 --> 01:54:41,940 which thread underlined is this IP 2909 01:54:41,940 --> 01:54:43,679 address right here 2910 01:54:43,679 --> 01:54:46,199 once again we don't really need this IP 2911 01:54:46,199 --> 01:54:49,380 address anymore we have self.target and 2912 01:54:49,380 --> 01:54:50,940 right here since at the beginning of 2913 01:54:50,940 --> 01:54:53,280 this try statement we converted the IP 2914 01:54:53,280 --> 01:54:55,500 we don't need to specify cell.target 2915 01:54:55,500 --> 01:54:58,820 right here we can specify converted IP 2916 01:54:58,820 --> 01:55:01,500 all right since this will be the IP 2917 01:55:01,500 --> 01:55:03,540 address whether the target was specified 2918 01:55:03,540 --> 01:55:06,540 as a domain or simply as an IP address 2919 01:55:06,540 --> 01:55:08,100 all right 2920 01:55:08,100 --> 01:55:09,840 another thing that we want to make sure 2921 01:55:09,840 --> 01:55:11,820 is that we don't have unnecessary 2922 01:55:11,820 --> 01:55:14,100 functions that can be put inside of a 2923 01:55:14,100 --> 01:55:16,139 different functions for example this get 2924 01:55:16,139 --> 01:55:18,600 Banner can also be put inside of this 2925 01:55:18,600 --> 01:55:21,000 scan Port function therefore we don't 2926 01:55:21,000 --> 01:55:23,880 really need this method right here 2927 01:55:23,880 --> 01:55:26,159 so we can simply just delete the get 2928 01:55:26,159 --> 01:55:28,380 Banner 2929 01:55:28,380 --> 01:55:31,619 and we can put it right here 2930 01:55:31,619 --> 01:55:33,960 as you will see this will get flagged as 2931 01:55:33,960 --> 01:55:35,840 get Banner doesn't exist anymore 2932 01:55:35,840 --> 01:55:38,400 therefore instead of trying to call this 2933 01:55:38,400 --> 01:55:40,500 function what we're going to do 2934 01:55:40,500 --> 01:55:42,119 is we're going to write the get better 2935 01:55:42,119 --> 01:55:46,500 function code instead right here so suck 2936 01:55:46,500 --> 01:55:49,080 dot receive 2937 01:55:49,080 --> 01:55:52,800 we want to receive 1024 bytes 2938 01:55:52,800 --> 01:55:54,600 and we're simply just using the sock 2939 01:55:54,600 --> 01:55:57,119 object that we created right here so no 2940 01:55:57,119 --> 01:55:59,400 worries about that we don't need to name 2941 01:55:59,400 --> 01:56:01,860 it anything differently we also want to 2942 01:56:01,860 --> 01:56:05,060 decode the response 2943 01:56:05,880 --> 01:56:07,679 and the reason why we're decoding the 2944 01:56:07,679 --> 01:56:09,960 response is so we didn't really have to 2945 01:56:09,960 --> 01:56:12,659 do it later on right here 2946 01:56:12,659 --> 01:56:15,179 so once we decode the response we then 2947 01:56:15,179 --> 01:56:17,460 want to strip it 2948 01:56:17,460 --> 01:56:19,860 from any unnecessary characters such as 2949 01:56:19,860 --> 01:56:22,260 for example backslash n and also we want 2950 01:56:22,260 --> 01:56:25,820 to strip it from backslash r 2951 01:56:26,340 --> 01:56:28,260 and the reason why we are performing 2952 01:56:28,260 --> 01:56:29,659 this stripping part 2953 01:56:29,659 --> 01:56:32,400 is because especially in this program 2954 01:56:32,400 --> 01:56:34,380 right here in our vulnerability scanner 2955 01:56:34,380 --> 01:56:36,600 it is important to strip everything that 2956 01:56:36,600 --> 01:56:39,119 we don't need from the response as this 2957 01:56:39,119 --> 01:56:40,920 Banner variable will store the most 2958 01:56:40,920 --> 01:56:42,840 important and crucial part to our 2959 01:56:42,840 --> 01:56:45,179 vulnerability scanner as inside of this 2960 01:56:45,179 --> 01:56:46,860 program we are going to compare this 2961 01:56:46,860 --> 01:56:50,699 Bender variable with the actual content 2962 01:56:50,699 --> 01:56:53,100 from this vulnerability file in order if 2963 01:56:53,100 --> 01:56:55,560 they match so for example if we have the 2964 01:56:55,560 --> 01:56:57,719 same Banner in a vulnerability file and 2965 01:56:57,719 --> 01:56:59,760 the same Banner gets retrieved into this 2966 01:56:59,760 --> 01:57:02,100 variable and imagine that we do not 2967 01:57:02,100 --> 01:57:04,440 strip these actual characters from it 2968 01:57:04,440 --> 01:57:06,659 well our program will not really find 2969 01:57:06,659 --> 01:57:09,000 the match as they will be different only 2970 01:57:09,000 --> 01:57:10,800 by this character 2971 01:57:10,800 --> 01:57:12,780 so that's why we're stripping it as the 2972 01:57:12,780 --> 01:57:14,940 new line character is not important to 2973 01:57:14,940 --> 01:57:18,800 us all right so simple as that 2974 01:57:18,800 --> 01:57:21,960 the next thing we actually don't need is 2975 01:57:21,960 --> 01:57:23,699 these print statements right here we 2976 01:57:23,699 --> 01:57:26,219 needed them inside of our Port scanner 2977 01:57:26,219 --> 01:57:27,540 project but we don't need them anymore 2978 01:57:27,540 --> 01:57:29,340 as we are not really interested in 2979 01:57:29,340 --> 01:57:31,020 printing which ports are closed and 2980 01:57:31,020 --> 01:57:32,880 which ports are open 2981 01:57:32,880 --> 01:57:35,880 since this is not a port scanner 2982 01:57:35,880 --> 01:57:38,219 but however there is another problem 2983 01:57:38,219 --> 01:57:41,460 that will occur and that is that this 2984 01:57:41,460 --> 01:57:44,400 Banner can only store one Banner at a 2985 01:57:44,400 --> 01:57:45,420 time 2986 01:57:45,420 --> 01:57:47,760 but we need to retrieve multiple banners 2987 01:57:47,760 --> 01:57:50,159 if we find multiple ports open on the 2988 01:57:50,159 --> 01:57:51,840 targets and if we also manage to 2989 01:57:51,840 --> 01:57:53,460 retrieve multiple bandits from those 2990 01:57:53,460 --> 01:57:54,719 open ports 2991 01:57:54,719 --> 01:57:56,639 so we will need to store multiple 2992 01:57:56,639 --> 01:57:59,340 banners and not just one so how can we 2993 01:57:59,340 --> 01:58:01,260 fix that well 2994 01:58:01,260 --> 01:58:03,360 we can actually easily fix that we can 2995 01:58:03,360 --> 01:58:04,619 simply just add 2996 01:58:04,619 --> 01:58:07,199 a list which will be at the beginning of 2997 01:58:07,199 --> 01:58:09,360 our class right here we're going to call 2998 01:58:09,360 --> 01:58:11,520 it banners and in order to define a list 2999 01:58:11,520 --> 01:58:13,619 we specify these square brackets right 3000 01:58:13,619 --> 01:58:15,900 here by specifying open and close square 3001 01:58:15,900 --> 01:58:18,119 brackets we initiate that this Benders 3002 01:58:18,119 --> 01:58:20,580 list will be empty for now and then 3003 01:58:20,580 --> 01:58:22,380 every time we actually manage to 3004 01:58:22,380 --> 01:58:24,659 retrieve the banner right here 3005 01:58:24,659 --> 01:58:27,540 with this line we can then right after 3006 01:58:27,540 --> 01:58:30,480 it below append 3007 01:58:30,480 --> 01:58:33,599 the actual Banner to the banners list 3008 01:58:33,599 --> 01:58:35,940 just like this and you will notice that 3009 01:58:35,940 --> 01:58:38,340 this Banner is that these banners is red 3010 01:58:38,340 --> 01:58:40,080 underlined that means that we need to 3011 01:58:40,080 --> 01:58:43,560 add the self dot banners argument right 3012 01:58:43,560 --> 01:58:46,560 here and everything will work correctly 3013 01:58:46,560 --> 01:58:48,840 and in case we don't manage to retrieve 3014 01:58:48,840 --> 01:58:50,580 the banner we're simply just going to 3015 01:58:50,580 --> 01:58:54,480 pass for now all right and at the end we 3016 01:58:54,480 --> 01:58:56,099 can simply just close the connection 3017 01:58:56,099 --> 01:58:58,500 with sock.close 3018 01:58:58,500 --> 01:59:01,440 so simple as that let me see if 3019 01:59:01,440 --> 01:59:02,520 everything 3020 01:59:02,520 --> 01:59:05,340 is correct for now everything seems to 3021 01:59:05,340 --> 01:59:06,900 be good 3022 01:59:06,900 --> 01:59:09,900 our get check IP function is good our 3023 01:59:09,900 --> 01:59:11,580 scan is good 3024 01:59:11,580 --> 01:59:13,679 but don't worry 3025 01:59:13,679 --> 01:59:15,540 there is another thing that we actually 3026 01:59:15,540 --> 01:59:17,940 have to do which is going to be to 3027 01:59:17,940 --> 01:59:20,159 create another list which is going to be 3028 01:59:20,159 --> 01:59:23,940 the open ports list 3029 01:59:23,940 --> 01:59:25,800 now you might be asking why are we 3030 01:59:25,800 --> 01:59:27,540 actually doing this 3031 01:59:27,540 --> 01:59:29,639 and this is more easily showed than 3032 01:59:29,639 --> 01:59:31,560 explain but I will try to explain it 3033 01:59:31,560 --> 01:59:33,599 anyway right now and once we run the 3034 01:59:33,599 --> 01:59:35,099 program you will get it while we need 3035 01:59:35,099 --> 01:59:37,560 this open ports list for now on let me 3036 01:59:37,560 --> 01:59:40,020 just try to explain it well once we 3037 01:59:40,020 --> 01:59:41,940 actually created this class right here 3038 01:59:41,940 --> 01:59:44,460 with these three methods you notice that 3039 01:59:44,460 --> 01:59:46,500 we also had to create this banners list 3040 01:59:46,500 --> 01:59:48,659 right here in order to store multiple 3041 01:59:48,659 --> 01:59:49,860 banners 3042 01:59:49,860 --> 01:59:51,599 once you actually get to actually 3043 01:59:51,599 --> 01:59:54,179 printing those banners and open ports 3044 01:59:54,179 --> 01:59:56,400 into our vulnerability scanner we want 3045 01:59:56,400 --> 01:59:58,860 to make sure that each open port will 3046 01:59:58,860 --> 02:00:01,199 match to each banner and since we 3047 02:00:01,199 --> 02:00:03,480 removed all of the print statements we 3048 02:00:03,480 --> 02:00:05,699 cannot really print open port one by one 3049 02:00:05,699 --> 02:00:08,340 we have to store all of the open ports 3050 02:00:08,340 --> 02:00:09,900 somewhere and all of the banners 3051 02:00:09,900 --> 02:00:12,119 somewhere and then we have to print them 3052 02:00:12,119 --> 02:00:15,360 each element one by one that's why we 3053 02:00:15,360 --> 02:00:17,880 also need the open port list that we 3054 02:00:17,880 --> 02:00:20,159 created right here and after each time 3055 02:00:20,159 --> 02:00:22,199 we managed to connect to a port we will 3056 02:00:22,199 --> 02:00:25,260 add that port to the open ports list so 3057 02:00:25,260 --> 02:00:28,560 self dot open ports and then dot append 3058 02:00:28,560 --> 02:00:30,420 the same way we are adding the banners 3059 02:00:30,420 --> 02:00:33,119 we're also going to add open ports and 3060 02:00:33,119 --> 02:00:34,800 we're simply just going to specify right 3061 02:00:34,800 --> 02:00:37,080 here Port all right 3062 02:00:37,080 --> 02:00:41,639 now that is not the end of our problems 3063 02:00:41,639 --> 02:00:43,739 you will notice once we actually had 3064 02:00:43,739 --> 02:00:46,800 Port scanner projects that we had more 3065 02:00:46,800 --> 02:00:49,560 open ports than more panels retrieved 3066 02:00:49,560 --> 02:00:51,659 for example some of the ports that were 3067 02:00:51,659 --> 02:00:54,239 open and that we tagged as open weren't 3068 02:00:54,239 --> 02:00:56,940 sending us any Banner therefore we just 3069 02:00:56,940 --> 02:00:59,820 didn't have Banner for that open port 3070 02:00:59,820 --> 02:01:01,500 and that could present us a problem 3071 02:01:01,500 --> 02:01:04,739 because if we have 10 open ports for 3072 02:01:04,739 --> 02:01:06,780 example and we retrieve only three 3073 02:01:06,780 --> 02:01:09,840 banners then in one list which will be 3074 02:01:09,840 --> 02:01:11,639 the open ports list we will have 10 3075 02:01:11,639 --> 02:01:14,159 elements or 10 ports and in the banners 3076 02:01:14,159 --> 02:01:16,980 list we will have three elements and 3077 02:01:16,980 --> 02:01:18,659 therefore once we want to print each 3078 02:01:18,659 --> 02:01:21,239 element one by one for example the 3079 02:01:21,239 --> 02:01:23,820 element one from the open ports should 3080 02:01:23,820 --> 02:01:26,219 correspond to the element 1 from banners 3081 02:01:26,219 --> 02:01:29,219 and so on and so on it will get confused 3082 02:01:29,219 --> 02:01:31,500 in some of the open ports which don't 3083 02:01:31,500 --> 02:01:33,960 have banners will get banners and it 3084 02:01:33,960 --> 02:01:36,540 will all get mixed up and it will not be 3085 02:01:36,540 --> 02:01:38,760 correct therefore we want to make sure 3086 02:01:38,760 --> 02:01:40,980 that the open port list has the exact 3087 02:01:40,980 --> 02:01:43,619 same amount of elements as the Banner's 3088 02:01:43,619 --> 02:01:47,520 list has so each element can respond to 3089 02:01:47,520 --> 02:01:50,460 each element from the different list 3090 02:01:50,460 --> 02:01:52,500 how can we do that since we are 3091 02:01:52,500 --> 02:01:54,060 obviously going to have less banners 3092 02:01:54,060 --> 02:01:56,460 than open ports well we can fix that 3093 02:01:56,460 --> 02:01:58,800 just by instead of the pass statement 3094 02:01:58,800 --> 02:02:01,139 right here under the accept we can also 3095 02:02:01,139 --> 02:02:03,360 pen to the banners list 3096 02:02:03,360 --> 02:02:05,760 so for each open port we're going to 3097 02:02:05,760 --> 02:02:08,699 append anyway even if it manages to 3098 02:02:08,699 --> 02:02:10,320 retrieve the banner we are going to 3099 02:02:10,320 --> 02:02:12,119 append and if it doesn't manage to 3100 02:02:12,119 --> 02:02:13,920 retrieve the banner we're also going to 3101 02:02:13,920 --> 02:02:17,760 append so self.banners dot append but in 3102 02:02:17,760 --> 02:02:19,139 this case we are simply just going to 3103 02:02:19,139 --> 02:02:21,719 append empty space we're not going to 3104 02:02:21,719 --> 02:02:24,540 append any string or anything else it 3105 02:02:24,540 --> 02:02:26,520 will simply just be there so an element 3106 02:02:26,520 --> 02:02:30,060 can get added to the banners list all 3107 02:02:30,060 --> 02:02:32,580 right so we simply change this so we can 3108 02:02:32,580 --> 02:02:34,920 have the same amount of elements in both 3109 02:02:34,920 --> 02:02:37,800 banners and open ports 3110 02:02:37,800 --> 02:02:39,780 and with this we successfully 3111 02:02:39,780 --> 02:02:42,599 transformed our Port scanner into an 3112 02:02:42,599 --> 02:02:44,580 actual class that we can use inside of 3113 02:02:44,580 --> 02:02:47,159 our vulnerability scanner project and in 3114 02:02:47,159 --> 02:02:49,260 the next video we're going to see how we 3115 02:02:49,260 --> 02:02:50,820 can call this class from our 3116 02:02:50,820 --> 02:02:53,460 vulnerability scanner okay so thank you 3117 02:02:53,460 --> 02:02:55,199 for watching this tutorial and I will 3118 02:02:55,199 --> 02:02:58,560 see you in the next one bye 3119 02:02:58,560 --> 02:03:01,320 welcome back everybody let's see now how 3120 02:03:01,320 --> 02:03:03,239 we can actually call our Port scanner 3121 02:03:03,239 --> 02:03:06,060 class into our vulnerability scanner 3122 02:03:06,060 --> 02:03:09,119 program all right so we have everything 3123 02:03:09,119 --> 02:03:11,280 ready right here we switched everything 3124 02:03:11,280 --> 02:03:13,860 that we needed to we also added some of 3125 02:03:13,860 --> 02:03:15,719 the lists some of the specific 3126 02:03:15,719 --> 02:03:18,239 attributes to this class we changed some 3127 02:03:18,239 --> 02:03:20,340 of the functions as well as deleted the 3128 02:03:20,340 --> 02:03:23,820 get Banner method from this class and we 3129 02:03:23,820 --> 02:03:25,800 also added the conversion of IP address 3130 02:03:25,800 --> 02:03:28,800 into the scan Port method all right 3131 02:03:28,800 --> 02:03:31,080 so now that what we need to do is we 3132 02:03:31,080 --> 02:03:32,760 need to see how we can create an object 3133 02:03:32,760 --> 02:03:34,800 that will belong to this class and how 3134 02:03:34,800 --> 02:03:36,179 we can use it inside of our 3135 02:03:36,179 --> 02:03:38,460 vulnerability scanner program 3136 02:03:38,460 --> 02:03:40,860 well right away I can tell you that this 3137 02:03:40,860 --> 02:03:42,840 will not work because with this we're 3138 02:03:42,840 --> 02:03:44,699 simply specifying the name of the file 3139 02:03:44,699 --> 02:03:48,239 that we imported and then the function 3140 02:03:48,239 --> 02:03:51,119 but this function no longer exists as a 3141 02:03:51,119 --> 02:03:52,500 separate function inside of the port 3142 02:03:52,500 --> 02:03:55,739 scanner that function is now the actual 3143 02:03:55,739 --> 02:03:58,679 method to the port scan class 3144 02:03:58,679 --> 02:04:00,840 so in order to actually call that we 3145 02:04:00,840 --> 02:04:02,580 first of all need to create an object 3146 02:04:02,580 --> 02:04:04,679 that will belong to that class 3147 02:04:04,679 --> 02:04:06,719 and we can simply call that object 3148 02:04:06,719 --> 02:04:09,420 Target so simple as that Target will be 3149 02:04:09,420 --> 02:04:12,119 our object and in order to initiate that 3150 02:04:12,119 --> 02:04:13,920 object to belong to the portskin class 3151 02:04:13,920 --> 02:04:16,260 we first of all need to specify the port 3152 02:04:16,260 --> 02:04:17,940 scanner which is the file that we are 3153 02:04:17,940 --> 02:04:20,219 using the class from and then the name 3154 02:04:20,219 --> 02:04:22,260 of the class itself 3155 02:04:22,260 --> 02:04:24,840 now you will notice that if I specify 3156 02:04:24,840 --> 02:04:27,540 the open and close brackets pycharm will 3157 02:04:27,540 --> 02:04:30,000 suggest right away that this port scan 3158 02:04:30,000 --> 02:04:33,179 class takes two parameters 3159 02:04:33,179 --> 02:04:35,460 the first parameter will be the target's 3160 02:04:35,460 --> 02:04:38,520 IP address and the number of ports that 3161 02:04:38,520 --> 02:04:40,139 we want to scan for the vulnerable 3162 02:04:40,139 --> 02:04:41,219 software 3163 02:04:41,219 --> 02:04:43,440 now why does it say these two parameters 3164 02:04:43,440 --> 02:04:45,659 well inside of our Port scanner class 3165 02:04:45,659 --> 02:04:47,280 you will notice that we have two 3166 02:04:47,280 --> 02:04:50,400 variables inside of our init method and 3167 02:04:50,400 --> 02:04:52,199 these two variables are exactly what we 3168 02:04:52,199 --> 02:04:54,900 need to specify to our object so we need 3169 02:04:54,900 --> 02:04:56,639 to know the target's IP address as well 3170 02:04:56,639 --> 02:04:59,400 as the number of ports so let's specify 3171 02:04:59,400 --> 02:05:01,500 that we already prompted to the user for 3172 02:05:01,500 --> 02:05:03,599 these two values therefore we can simply 3173 02:05:03,599 --> 02:05:06,540 just specify right here targets AP and 3174 02:05:06,540 --> 02:05:10,560 then comma port number all right and we 3175 02:05:10,560 --> 02:05:12,659 successfully created the object to our 3176 02:05:12,659 --> 02:05:14,159 port scan class 3177 02:05:14,159 --> 02:05:16,440 right now in order to initiate the scan 3178 02:05:16,440 --> 02:05:19,020 itself so we can scan for the open ports 3179 02:05:19,020 --> 02:05:20,520 and retrieve the Banners To those open 3180 02:05:20,520 --> 02:05:22,860 ports we need to initiate the method 3181 02:05:22,860 --> 02:05:24,300 from this class 3182 02:05:24,300 --> 02:05:26,340 and how do we do that we need to 3183 02:05:26,340 --> 02:05:29,219 initiate the method onto our object from 3184 02:05:29,219 --> 02:05:31,320 the port scanner class 3185 02:05:31,320 --> 02:05:33,300 so how can we do that but first of all 3186 02:05:33,300 --> 02:05:34,980 we need to check which method we need to 3187 02:05:34,980 --> 02:05:37,800 initiate and ideally we want to initiate 3188 02:05:37,800 --> 02:05:40,020 one method which will call all of the 3189 02:05:40,020 --> 02:05:42,360 other methods as well and in our case 3190 02:05:42,360 --> 02:05:45,239 that method would be this can function 3191 02:05:45,239 --> 02:05:48,179 as scan method called the scan Port 3192 02:05:48,179 --> 02:05:51,000 method and the scan Port method calls 3193 02:05:51,000 --> 02:05:53,340 the check IP method as well as checks 3194 02:05:53,340 --> 02:05:55,139 for the banners and adds them to the 3195 02:05:55,139 --> 02:05:55,980 list 3196 02:05:55,980 --> 02:05:59,159 so we need to type right here Target dot 3197 02:05:59,159 --> 02:06:00,960 scan 3198 02:06:00,960 --> 02:06:04,080 and simply we just these two lines we 3199 02:06:04,080 --> 02:06:06,599 perform the entire scan for open ports 3200 02:06:06,599 --> 02:06:10,139 and softwares on our Target's IP address 3201 02:06:10,139 --> 02:06:12,239 all we're left to do right now is 3202 02:06:12,239 --> 02:06:14,400 compare those banners that we retrieved 3203 02:06:14,400 --> 02:06:16,739 from the open ports with the banners 3204 02:06:16,739 --> 02:06:18,599 that we will have in a separate file 3205 02:06:18,599 --> 02:06:20,099 that we're just going that we're going 3206 02:06:20,099 --> 02:06:22,500 to create in just a second and if we 3207 02:06:22,500 --> 02:06:25,560 find a match that means that we found a 3208 02:06:25,560 --> 02:06:27,300 vulnerable software 3209 02:06:27,300 --> 02:06:30,239 all right so first of all we need to 3210 02:06:30,239 --> 02:06:32,280 perform something and that will be the 3211 02:06:32,280 --> 02:06:34,619 scanning of a Target and then we're 3212 02:06:34,619 --> 02:06:36,599 going to add two or three banners to the 3213 02:06:36,599 --> 02:06:38,460 actual txt file which then we're going 3214 02:06:38,460 --> 02:06:39,420 to use 3215 02:06:39,420 --> 02:06:41,280 well let me just show you it is easier 3216 02:06:41,280 --> 02:06:43,080 if I just show you first of all I will 3217 02:06:43,080 --> 02:06:45,659 enlarge this Zoom this in 3218 02:06:45,659 --> 02:06:47,699 and I will navigate to our pychon 3219 02:06:47,699 --> 02:06:49,739 projects as well as the port scanner 3220 02:06:49,739 --> 02:06:52,920 project and here if I simply just python 3221 02:06:52,920 --> 02:06:55,800 the port scanner.py 3222 02:06:55,800 --> 02:06:59,900 and let's say we test this website test 3223 02:06:59,900 --> 02:07:03,360 php.oneweb.com press your enter it will 3224 02:07:03,360 --> 02:07:05,099 scan for the open ports and we will 3225 02:07:05,099 --> 02:07:07,080 retrieve some banners from it 3226 02:07:07,080 --> 02:07:09,119 then we're going to copy these banners 3227 02:07:09,119 --> 02:07:11,940 and add them into a txt file which then 3228 02:07:11,940 --> 02:07:14,219 we will use inside of this program 3229 02:07:14,219 --> 02:07:16,320 so let's say we want to copy first two 3230 02:07:16,320 --> 02:07:18,540 banners all right we're just going to 3231 02:07:18,540 --> 02:07:21,420 wait for a few seconds for this scan to 3232 02:07:21,420 --> 02:07:24,179 finish and keep in mind we are using the 3233 02:07:24,179 --> 02:07:26,040 port scanner tool that we created so you 3234 02:07:26,040 --> 02:07:28,199 can see it can be sometimes useful 3235 02:07:28,199 --> 02:07:30,719 especially when you try to gather more 3236 02:07:30,719 --> 02:07:32,960 information about the targets machine 3237 02:07:32,960 --> 02:07:35,280 alright so here it is it has finished 3238 02:07:35,280 --> 02:07:38,400 now let's copy this 3239 02:07:38,400 --> 02:07:40,440 we don't need that IP address we're 3240 02:07:40,440 --> 02:07:42,360 going to copy this 3241 02:07:42,360 --> 02:07:44,940 then right here under the volt scanner 3242 02:07:44,940 --> 02:07:46,980 we're going to click on new but instead 3243 02:07:46,980 --> 02:07:48,719 of new python file we simply just want 3244 02:07:48,719 --> 02:07:50,880 to create new file it will be called 3245 02:07:50,880 --> 02:07:54,119 let's say Vol underscore file or no 3246 02:07:54,119 --> 02:07:55,500 let's not call it like the actual 3247 02:07:55,500 --> 02:07:59,880 variable uh wallbanners.txt 3248 02:07:59,880 --> 02:08:01,560 let's call it just like that and then 3249 02:08:01,560 --> 02:08:03,719 right here we're going to paste this as 3250 02:08:03,719 --> 02:08:05,219 a first Banner 3251 02:08:05,219 --> 02:08:07,679 and as a second Banner we are going to 3252 02:08:07,679 --> 02:08:09,000 paste 3253 02:08:09,000 --> 02:08:12,659 let's say this copy selection 3254 02:08:12,659 --> 02:08:15,900 and paste it right here all right so 3255 02:08:15,900 --> 02:08:19,619 here it is we got two banners ready 3256 02:08:19,619 --> 02:08:21,719 and now let's see if we managed to find 3257 02:08:21,719 --> 02:08:24,599 these two matches with our vulnerability 3258 02:08:24,599 --> 02:08:28,080 scanner okay so first of all what we 3259 02:08:28,080 --> 02:08:29,820 need to do in order to compare the 3260 02:08:29,820 --> 02:08:32,159 banners with the banners from the file 3261 02:08:32,159 --> 02:08:34,739 we need to open that file first so how 3262 02:08:34,739 --> 02:08:36,599 can we do that well in Python we do it 3263 02:08:36,599 --> 02:08:41,239 with this statement so with open 3264 02:08:41,340 --> 02:08:43,920 and then open and close brackets and 3265 02:08:43,920 --> 02:08:45,780 first parameter to this open function 3266 02:08:45,780 --> 02:08:48,060 would be the file name which is stored 3267 02:08:48,060 --> 02:08:50,760 inside of this wall file variable so 3268 02:08:50,760 --> 02:08:54,900 with open wall underscore file 3269 02:08:54,900 --> 02:08:56,699 and the second parameter would be how 3270 02:08:56,699 --> 02:08:58,380 you want to actually open it in our case 3271 02:08:58,380 --> 02:09:00,480 we want to open that file for reading so 3272 02:09:00,480 --> 02:09:02,520 we want to read from it you also have 3273 02:09:02,520 --> 02:09:04,320 the write and append option but in this 3274 02:09:04,320 --> 02:09:06,360 case we're going to open the file for 3275 02:09:06,360 --> 02:09:08,159 reading which we specified just by 3276 02:09:08,159 --> 02:09:10,860 simply typing smaller case r 3277 02:09:10,860 --> 02:09:13,020 and then we specify 3278 02:09:13,020 --> 02:09:15,719 as and then the name of the file object 3279 02:09:15,719 --> 02:09:18,060 as file let's call it like that so with 3280 02:09:18,060 --> 02:09:20,099 open vulnerability file for reading as 3281 02:09:20,099 --> 02:09:21,300 filed 3282 02:09:21,300 --> 02:09:24,420 then we need to perform the comparison 3283 02:09:24,420 --> 02:09:26,940 of these banners what we're going to do 3284 02:09:26,940 --> 02:09:28,920 first is we're going to add a count 3285 02:09:28,920 --> 02:09:32,159 variable which will be equal to 0 and 3286 02:09:32,159 --> 02:09:33,780 then we're going to take a look at all 3287 02:09:33,780 --> 02:09:35,699 of the banners that we gathered during 3288 02:09:35,699 --> 02:09:38,460 our scan all right so how can we do that 3289 02:09:38,460 --> 02:09:40,800 we can access those vendors by simply 3290 02:09:40,800 --> 02:09:44,460 typing Target dot banners 3291 02:09:44,460 --> 02:09:47,099 how can we do that well since we created 3292 02:09:47,099 --> 02:09:48,780 this object right here 3293 02:09:48,780 --> 02:09:51,540 this object besides these two variables 3294 02:09:51,540 --> 02:09:54,719 also has these two variables right here 3295 02:09:54,719 --> 02:09:57,239 or these two lists should I say so we 3296 02:09:57,239 --> 02:09:59,340 can also access them as well if we want 3297 02:09:59,340 --> 02:10:01,199 to using our object 3298 02:10:01,199 --> 02:10:04,260 so Target banners and what we want to do 3299 02:10:04,260 --> 02:10:06,659 with that is we want to iterate over it 3300 02:10:06,659 --> 02:10:08,340 so for Banner 3301 02:10:08,340 --> 02:10:12,000 in target.banners 3302 02:10:12,719 --> 02:10:14,639 we first of all want to navigate to the 3303 02:10:14,639 --> 02:10:16,980 beginning of our ball banners.txt file 3304 02:10:16,980 --> 02:10:20,400 and we can do that using file.seek zero 3305 02:10:20,400 --> 02:10:22,679 and the reason why we need this line is 3306 02:10:22,679 --> 02:10:25,080 because in case we remove this 3307 02:10:25,080 --> 02:10:27,960 it will only find the first result and 3308 02:10:27,960 --> 02:10:29,520 it will not manage to find the second 3309 02:10:29,520 --> 02:10:31,860 result because it will take the first 3310 02:10:31,860 --> 02:10:34,320 Banner then it will iterate over all of 3311 02:10:34,320 --> 02:10:36,540 the banners inside of this list and if 3312 02:10:36,540 --> 02:10:39,000 it finds it it will be stuck at the end 3313 02:10:39,000 --> 02:10:41,460 of the actual file and it will not get 3314 02:10:41,460 --> 02:10:43,380 back to read it from the beginning for 3315 02:10:43,380 --> 02:10:45,840 the next Banner it will just read it 3316 02:10:45,840 --> 02:10:47,820 from where it stopped that's why after 3317 02:10:47,820 --> 02:10:50,159 every Banner we need to actually seek to 3318 02:10:50,159 --> 02:10:52,320 the beginning of this file which we do 3319 02:10:52,320 --> 02:10:55,440 using file.seek zero zero means simply 3320 02:10:55,440 --> 02:10:57,540 return to the beginning and read all 3321 02:10:57,540 --> 02:10:59,699 over again 3322 02:10:59,699 --> 02:11:02,400 and now we need to iterate once again so 3323 02:11:02,400 --> 02:11:04,139 four line 3324 02:11:04,139 --> 02:11:07,920 in file.readlines 3325 02:11:08,520 --> 02:11:09,960 and you will notice that we actually 3326 02:11:09,960 --> 02:11:11,880 have two functions right here one is 3327 02:11:11,880 --> 02:11:14,880 read line and one is read lines if you 3328 02:11:14,880 --> 02:11:17,400 use Redline it will only read one 3329 02:11:17,400 --> 02:11:19,500 characters one by one so we don't really 3330 02:11:19,500 --> 02:11:21,599 want that we want to use read line so it 3331 02:11:21,599 --> 02:11:23,639 actually leads line by line 3332 02:11:23,639 --> 02:11:25,500 so let's just type it right here for 3333 02:11:25,500 --> 02:11:28,560 line in file dot read lines 3334 02:11:28,560 --> 02:11:30,480 and since this is a function we need to 3335 02:11:30,480 --> 02:11:33,239 open and close brackets 3336 02:11:33,239 --> 02:11:36,060 and now we can compare the banners if 3337 02:11:36,060 --> 02:11:38,460 line dot strip we want to strip it from 3338 02:11:38,460 --> 02:11:40,080 anything that might cause some problems 3339 02:11:40,080 --> 02:11:42,659 in matching these two banners and keep 3340 02:11:42,659 --> 02:11:44,520 in mind that this line is simply just 3341 02:11:44,520 --> 02:11:47,219 aligned from the dxt file for example it 3342 02:11:47,219 --> 02:11:50,040 can be this and then we need to compare 3343 02:11:50,040 --> 02:11:52,619 that with the banners from this list 3344 02:11:52,619 --> 02:11:55,739 right here so ifline.strip 3345 02:11:55,739 --> 02:11:57,719 in Banner 3346 02:11:57,719 --> 02:11:59,760 in Banner that we are currently reading 3347 02:11:59,760 --> 02:12:01,739 from this list 3348 02:12:01,739 --> 02:12:04,139 so if line.strips in better 3349 02:12:04,139 --> 02:12:06,599 and then here we want to print 3350 02:12:06,599 --> 02:12:08,940 let's print it like this 3351 02:12:08,940 --> 02:12:11,880 so open single quote 3352 02:12:11,880 --> 02:12:13,860 two exclamation marks and let's print in 3353 02:12:13,860 --> 02:12:18,360 capital letters for example vulnerable 3354 02:12:18,780 --> 02:12:20,940 Banner 3355 02:12:20,940 --> 02:12:22,260 and then 3356 02:12:22,260 --> 02:12:24,239 let's also add double quotes to our 3357 02:12:24,239 --> 02:12:26,639 actual string so we can add it between 3358 02:12:26,639 --> 02:12:30,659 the banner plus the banner itself Plus 3359 02:12:30,659 --> 02:12:33,239 and then single quotes double quotes at 3360 02:12:33,239 --> 02:12:36,060 the beginning and then on Port 3361 02:12:36,060 --> 02:12:40,040 and let's print it like this 3362 02:12:41,280 --> 02:12:44,639 plus the string 3363 02:12:44,639 --> 02:12:46,739 and here want to actually print the port 3364 02:12:46,739 --> 02:12:48,780 number corresponding to that specific 3365 02:12:48,780 --> 02:12:51,239 Banner so how can we do that 3366 02:12:51,239 --> 02:12:52,980 well that is why we need this count 3367 02:12:52,980 --> 02:12:55,380 variable since discount variable will 3368 02:12:55,380 --> 02:12:57,540 keep a track of each element that we'd 3369 02:12:57,540 --> 02:12:59,340 pass by by scanning each and every 3370 02:12:59,340 --> 02:13:01,619 Banner so each and every Banner will 3371 02:13:01,619 --> 02:13:04,320 correspond to the exact same number of 3372 02:13:04,320 --> 02:13:07,560 elements inside of this open ports list 3373 02:13:07,560 --> 02:13:09,900 right here so for example if the count 3374 02:13:09,900 --> 02:13:12,599 variable came to number three that means 3375 02:13:12,599 --> 02:13:14,579 we are scanning third banner and that 3376 02:13:14,579 --> 02:13:17,460 third Banner will be corresponding to 3377 02:13:17,460 --> 02:13:20,280 the third element of the open ports list 3378 02:13:20,280 --> 02:13:22,800 which will be the actual port number to 3379 02:13:22,800 --> 02:13:25,199 that specific better so in order to 3380 02:13:25,199 --> 02:13:27,300 access that list we need to type the 3381 02:13:27,300 --> 02:13:29,760 target object Dot 3382 02:13:29,760 --> 02:13:33,000 open ports we can access it the same way 3383 02:13:33,000 --> 02:13:35,099 that we access the banners so dot open 3384 02:13:35,099 --> 02:13:37,619 ports and here we need to specify which 3385 02:13:37,619 --> 02:13:39,179 element are we looking for and we 3386 02:13:39,179 --> 02:13:40,920 specify that in the square brackets 3387 02:13:40,920 --> 02:13:42,000 right here 3388 02:13:42,000 --> 02:13:46,079 so then we add right here count 3389 02:13:46,079 --> 02:13:48,900 so simple as that 3390 02:13:48,900 --> 02:13:52,079 for some reason we are getting these red 3391 02:13:52,079 --> 02:13:53,520 lines 3392 02:13:53,520 --> 02:13:56,540 in for example line dot strip port 3393 02:13:56,540 --> 02:13:59,520 scanner.port scan 3394 02:13:59,520 --> 02:14:02,840 and why is that 3395 02:14:03,239 --> 02:14:05,520 well let's just finish this 3396 02:14:05,520 --> 02:14:07,860 so we don't forget the last line which 3397 02:14:07,860 --> 02:14:09,659 will be to actually increase the count 3398 02:14:09,659 --> 02:14:12,000 variable by one and you need to keep in 3399 02:14:12,000 --> 02:14:13,560 mind where are you actually increasing 3400 02:14:13,560 --> 02:14:15,719 it inside of each Loop well you want to 3401 02:14:15,719 --> 02:14:17,520 increase it inside of this Loop but you 3402 02:14:17,520 --> 02:14:19,679 don't want to increase it inside of this 3403 02:14:19,679 --> 02:14:21,900 Loop so you want to increase it after 3404 02:14:21,900 --> 02:14:24,300 you pass every Banner you increase the 3405 02:14:24,300 --> 02:14:26,219 element by one because you proceed to 3406 02:14:26,219 --> 02:14:28,199 the next Banner in the list therefore we 3407 02:14:28,199 --> 02:14:31,320 want to increase it right here so count 3408 02:14:31,320 --> 02:14:35,060 plus equals 1. 3409 02:14:36,300 --> 02:14:38,579 okay so everything seems to be working 3410 02:14:38,579 --> 02:14:41,699 correctly we just seem to have bunch of 3411 02:14:41,699 --> 02:14:43,980 Errors right here but let's try to run 3412 02:14:43,980 --> 02:14:46,139 the program so we can see 3413 02:14:46,139 --> 02:14:48,360 what type of errors are those so we'll 3414 02:14:48,360 --> 02:14:50,040 scan Dot py 3415 02:14:50,040 --> 02:14:54,139 and it says right here invalid syntax 3416 02:14:54,139 --> 02:14:57,540 let's see where that is invalid syntax 3417 02:14:57,540 --> 02:14:59,820 inside of the profile 3418 02:14:59,820 --> 02:15:02,639 okay so we have a bracket extra so let's 3419 02:15:02,639 --> 02:15:06,800 delete this try it once again 3420 02:15:07,320 --> 02:15:09,719 oh no we actually do not have a bracket 3421 02:15:09,719 --> 02:15:11,520 extra 3422 02:15:11,520 --> 02:15:13,920 we're not even fixing the correct part 3423 02:15:13,920 --> 02:15:16,800 it is inside this wall file yeah we have 3424 02:15:16,800 --> 02:15:18,960 an extra square bracket right here so 3425 02:15:18,960 --> 02:15:21,060 let's delete that and if I run it once 3426 02:15:21,060 --> 02:15:21,840 again 3427 02:15:21,840 --> 02:15:24,239 I know we can notice that we no longer 3428 02:15:24,239 --> 02:15:26,940 have any errors so this extra bracket 3429 02:15:26,940 --> 02:15:29,159 right here created as the problem throat 3430 02:15:29,159 --> 02:15:31,260 the entire program so now that we fixed 3431 02:15:31,260 --> 02:15:34,020 it this should work enter Target to scan 3432 02:15:34,020 --> 02:15:36,719 for vulnerable open ports let's type 3433 02:15:36,719 --> 02:15:40,320 uh test php.1 web 3434 02:15:40,320 --> 02:15:41,699 .com 3435 02:15:41,699 --> 02:15:44,159 we want to scan for first 100 boards 3436 02:15:44,159 --> 02:15:46,020 because both of the vulnerable softwares 3437 02:15:46,020 --> 02:15:48,420 are located inside of the first 100 3438 02:15:48,420 --> 02:15:51,060 ports and we want to enter the path to 3439 02:15:51,060 --> 02:15:52,560 the file with vulnerable softwares while 3440 02:15:52,560 --> 02:15:54,780 in our case since the actual file is 3441 02:15:54,780 --> 02:15:56,579 inside the same directory as our program 3442 02:15:56,579 --> 02:15:58,920 we don't need to specify the path we can 3443 02:15:58,920 --> 02:16:01,260 simply just passify the file name but if 3444 02:16:01,260 --> 02:16:03,300 this file was in another directory you 3445 02:16:03,300 --> 02:16:04,980 would need to specify the full path to 3446 02:16:04,980 --> 02:16:06,420 the directory 3447 02:16:06,420 --> 02:16:10,440 in our case wallbanners.txt 3448 02:16:10,920 --> 02:16:13,560 press here enter and now we wait for it 3449 02:16:13,560 --> 02:16:15,840 to perform the scan first of the first 3450 02:16:15,840 --> 02:16:18,239 100 ports then it will go to this 3451 02:16:18,239 --> 02:16:20,520 iteration right here with opening of the 3452 02:16:20,520 --> 02:16:22,320 file and then comparing the banners and 3453 02:16:22,320 --> 02:16:24,540 if it manages to find the banner that 3454 02:16:24,540 --> 02:16:27,300 matches in both of the banners list and 3455 02:16:27,300 --> 02:16:30,119 the actual file that we open then it 3456 02:16:30,119 --> 02:16:31,739 will print native vulnerable software 3457 02:16:31,739 --> 02:16:34,558 has been found alright so let's see 3458 02:16:34,558 --> 02:16:36,780 right here it might take a few seconds 3459 02:16:36,780 --> 02:16:38,519 to finish 3460 02:16:38,519 --> 02:16:40,978 and here it is we found two vulnerable 3461 02:16:40,978 --> 02:16:42,599 banners as it prints right here 3462 02:16:42,599 --> 02:16:46,080 vulnerable Banner with this name right 3463 02:16:46,080 --> 02:16:49,439 here on Port 21 and vulnerable Banner 3464 02:16:49,439 --> 02:16:53,280 with this name on Port 22. alright so 3465 02:16:53,280 --> 02:16:55,799 good we managed to find vulnerable 3466 02:16:55,799 --> 02:16:57,959 banners and now we can simply just 3467 02:16:57,959 --> 02:17:00,898 proceed to exploit the target with these 3468 02:17:00,898 --> 02:17:04,799 two vulnerabilities all right so that 3469 02:17:04,799 --> 02:17:06,299 would be about it for this vulnerability 3470 02:17:06,299 --> 02:17:07,799 scanner as you can see it is not really 3471 02:17:07,799 --> 02:17:10,620 that big of a project it is mostly based 3472 02:17:10,620 --> 02:17:12,540 on our Port scanner we simply just 3473 02:17:12,540 --> 02:17:15,718 compare the actual banners from the file 3474 02:17:15,718 --> 02:17:18,420 and the scan itself and then we print it 3475 02:17:18,420 --> 02:17:21,780 out alright so once again this is 3476 02:17:21,780 --> 02:17:23,218 something that you can download from the 3477 02:17:23,218 --> 02:17:25,558 Internet or you can simply just create 3478 02:17:25,558 --> 02:17:28,080 it by yourself just by adding multiple 3479 02:17:28,080 --> 02:17:29,820 vulnerable banners to this list and then 3480 02:17:29,820 --> 02:17:32,218 creating your own list 3481 02:17:32,218 --> 02:17:35,040 and then you can use this program in 3482 02:17:35,040 --> 02:17:37,978 order to scan the Target in the next 3483 02:17:37,978 --> 02:17:39,959 video we are going to perform the recap 3484 02:17:39,959 --> 02:17:42,299 of this actual project we're going to 3485 02:17:42,299 --> 02:17:44,040 see once again how this program works 3486 02:17:44,040 --> 02:17:46,019 briefly explain it once again in case 3487 02:17:46,019 --> 02:17:47,218 there is something that you missed or 3488 02:17:47,218 --> 02:17:49,320 did not understand and then we are going 3489 02:17:49,320 --> 02:17:52,679 to proceed to our next project thank you 3490 02:17:52,679 --> 02:17:54,058 for watching and see you in the next 3491 02:17:54,058 --> 02:17:57,179 lecture bye welcome back let's perform a 3492 02:17:57,179 --> 02:18:00,058 recap on our vulnerability scanner all 3493 02:18:00,058 --> 02:18:01,978 right so let's go step by step so the 3494 02:18:01,978 --> 02:18:04,080 first thing that we did is we imported 3495 02:18:04,080 --> 02:18:06,718 our Port scanner that we coded in the 3496 02:18:06,718 --> 02:18:08,040 previous project 3497 02:18:08,040 --> 02:18:10,439 now in order for this port scanner to 3498 02:18:10,439 --> 02:18:11,638 work we perform some of the 3499 02:18:11,638 --> 02:18:14,099 modifications to the code Itself by 3500 02:18:14,099 --> 02:18:16,558 adding the actual port scan class which 3501 02:18:16,558 --> 02:18:18,359 will have these multiple methods and 3502 02:18:18,359 --> 02:18:20,580 each one of them will perform a separate 3503 02:18:20,580 --> 02:18:21,898 task 3504 02:18:21,898 --> 02:18:23,398 we also performed some little 3505 02:18:23,398 --> 02:18:25,859 modifications to the actual parameters 3506 02:18:25,859 --> 02:18:28,138 themselves and also deleted the get 3507 02:18:28,138 --> 02:18:30,660 Banner function and we put it inside of 3508 02:18:30,660 --> 02:18:33,120 the scan Port function we also removed 3509 02:18:33,120 --> 02:18:34,740 all the print statements as we do not 3510 02:18:34,740 --> 02:18:36,540 need them and we added two different 3511 02:18:36,540 --> 02:18:39,000 lists which is the banners list and the 3512 02:18:39,000 --> 02:18:41,340 open ports list in order to be able to 3513 02:18:41,340 --> 02:18:44,040 print the banners and open ports inside 3514 02:18:44,040 --> 02:18:47,280 of our vulnerability scanner after that 3515 02:18:47,280 --> 02:18:49,019 we then created these three variables 3516 02:18:49,019 --> 02:18:50,398 which will store all of the needed 3517 02:18:50,398 --> 02:18:52,260 information for our Port scanner to run 3518 02:18:52,260 --> 02:18:54,898 if we initiated an object right after it 3519 02:18:54,898 --> 02:18:56,939 which will belong to the class port scan 3520 02:18:56,939 --> 02:18:59,398 we then initiated the scan Itself by 3521 02:18:59,398 --> 02:19:01,019 calling the scan method from the port 3522 02:19:01,019 --> 02:19:02,340 scan class 3523 02:19:02,340 --> 02:19:04,799 after the scan has finished we now know 3524 02:19:04,799 --> 02:19:07,558 that after this line in our open ports 3525 02:19:07,558 --> 02:19:09,840 list right here and in our banners list 3526 02:19:09,840 --> 02:19:12,058 later here we have all of the results 3527 02:19:12,058 --> 02:19:13,320 ready 3528 02:19:13,320 --> 02:19:16,019 so then after the scan we open the file 3529 02:19:16,019 --> 02:19:18,299 which contains the vulnerable softwares 3530 02:19:18,299 --> 02:19:20,099 on an open port 3531 02:19:20,099 --> 02:19:22,439 as soon as we open the file we created 3532 02:19:22,439 --> 02:19:23,939 the count variable which is really 3533 02:19:23,939 --> 02:19:25,859 important in order to keep the track of 3534 02:19:25,859 --> 02:19:28,679 elements in the banners and open ports 3535 02:19:28,679 --> 02:19:29,519 as well 3536 02:19:29,519 --> 02:19:32,099 after every Banner that we scanned we 3537 02:19:32,099 --> 02:19:33,959 increase the count variable by 1 and 3538 02:19:33,959 --> 02:19:36,420 proceed to the next banner and then we 3539 02:19:36,420 --> 02:19:39,179 compare the line with the banner itself 3540 02:19:39,179 --> 02:19:41,218 and if there is any part that matches 3541 02:19:41,218 --> 02:19:43,799 with the banner we will print it as a 3542 02:19:43,799 --> 02:19:45,780 vulnerable Banner as well as specify 3543 02:19:45,780 --> 02:19:49,320 which Port this software is running on 3544 02:19:49,320 --> 02:19:52,920 all right so now that we recapped all of 3545 02:19:52,920 --> 02:19:54,960 the things that we did let's perform one 3546 02:19:54,960 --> 02:19:57,660 final test to see whether it works if I 3547 02:19:57,660 --> 02:19:58,859 clear this 3548 02:19:58,859 --> 02:20:03,420 Python 3 and then ballscan.py 3549 02:20:03,420 --> 02:20:05,460 let's perform the same test once again 3550 02:20:05,460 --> 02:20:08,720 mobile web.com 3551 02:20:08,760 --> 02:20:12,840 first 100 ports and wall banners 3552 02:20:12,840 --> 02:20:15,540 .txt now you might be asking the reason 3553 02:20:15,540 --> 02:20:17,880 why we are performing these Recaps after 3554 02:20:17,880 --> 02:20:20,040 every project well it is in case you 3555 02:20:20,040 --> 02:20:21,240 missed something or didn't understand 3556 02:20:21,240 --> 02:20:23,280 something so we just go over the code 3557 02:20:23,280 --> 02:20:27,240 one more time in short term and it will 3558 02:20:27,240 --> 02:20:28,800 also help you to remember everything 3559 02:20:28,800 --> 02:20:31,439 better and to fully understand the 3560 02:20:31,439 --> 02:20:34,380 program once it is fully coded and once 3561 02:20:34,380 --> 02:20:36,660 it is working as well as we can see we 3562 02:20:36,660 --> 02:20:38,399 got the exact same result as in the 3563 02:20:38,399 --> 02:20:39,960 previous video and we managed to find 3564 02:20:39,960 --> 02:20:42,420 both of the vulnerable banners which is 3565 02:20:42,420 --> 02:20:43,439 good 3566 02:20:43,439 --> 02:20:47,359 now if I try to for example scan my 3567 02:20:47,359 --> 02:20:49,680 router's IP address 3568 02:20:49,680 --> 02:20:51,300 100 3569 02:20:51,300 --> 02:20:54,359 world banners.txt 3570 02:20:54,359 --> 02:20:56,340 it will scan my router and you will see 3571 02:20:56,340 --> 02:20:58,319 it will not find any vulnerable 3572 02:20:58,319 --> 02:21:00,720 softwares as there is not any open port 3573 02:21:00,720 --> 02:21:03,180 on my router which is running one of 3574 02:21:03,180 --> 02:21:06,000 these two softwares all right so that 3575 02:21:06,000 --> 02:21:07,560 would be about it for this project I 3576 02:21:07,560 --> 02:21:09,540 hope you enjoyed it and in the next 3577 02:21:09,540 --> 02:21:11,520 video we're going to see how we can 3578 02:21:11,520 --> 02:21:13,380 still gain access to the Target machine 3579 02:21:13,380 --> 02:21:15,660 even if we don't find a vulnerable 3580 02:21:15,660 --> 02:21:17,760 software running on an open port and we 3581 02:21:17,760 --> 02:21:19,800 don't know how to exploit it we're going 3582 02:21:19,800 --> 02:21:21,300 to take a look at some of the different 3583 02:21:21,300 --> 02:21:23,819 things that we can do in order to enter 3584 02:21:23,819 --> 02:21:25,740 the targets machine such as for example 3585 02:21:25,740 --> 02:21:28,500 performing the SSH brute force and 3586 02:21:28,500 --> 02:21:31,500 gaining the SSH access to the Target 3587 02:21:31,500 --> 02:21:33,120 so we're going to see how we can do that 3588 02:21:33,120 --> 02:21:35,580 in our next project and after that many 3589 02:21:35,580 --> 02:21:37,140 more projects to go so thank you for 3590 02:21:37,140 --> 02:21:39,180 watching this tutorial and I will see 3591 02:21:39,180 --> 02:21:42,000 you in the next lecture bye hello 3592 02:21:42,000 --> 02:21:44,460 everyone and this is our bonus video for 3593 02:21:44,460 --> 02:21:47,580 the SSH Brute Force section and in this 3594 02:21:47,580 --> 02:21:49,140 video I will demonstrate how you can 3595 02:21:49,140 --> 02:21:51,479 install met exploitable as a virtual 3596 02:21:51,479 --> 02:21:52,620 machine 3597 02:21:52,620 --> 02:21:54,120 alright so there are a few things that 3598 02:21:54,120 --> 02:21:55,740 you need to do first of all you need to 3599 02:21:55,740 --> 02:21:57,720 open up your Google Chrome and type in 3600 02:21:57,720 --> 02:22:00,060 the metasploitable name inside of your 3601 02:22:00,060 --> 02:22:01,020 search bar 3602 02:22:01,020 --> 02:22:02,760 then you should navigate to the first 3603 02:22:02,760 --> 02:22:04,680 link which will be the sourceforce.net 3604 02:22:04,680 --> 02:22:07,680 metasploitable download click on it and 3605 02:22:07,680 --> 02:22:09,479 simply click on this green download 3606 02:22:09,479 --> 02:22:12,000 button it will start downloading this 3607 02:22:12,000 --> 02:22:14,520 ZIP file which is around 800 megabytes 3608 02:22:14,520 --> 02:22:17,460 large and once it has finished then you 3609 02:22:17,460 --> 02:22:19,620 can extract it to the desktop 3610 02:22:19,620 --> 02:22:21,780 or simply just move it to the desktop 3611 02:22:21,780 --> 02:22:25,280 create a new folder 3612 02:22:25,740 --> 02:22:27,359 call that folder for example 3613 02:22:27,359 --> 02:22:30,359 metasploitable 3614 02:22:30,960 --> 02:22:35,359 paste this ZIP file into that folder 3615 02:22:35,399 --> 02:22:37,800 then we want to extract all of the files 3616 02:22:37,800 --> 02:22:41,280 inside of this folder that we created 3617 02:22:41,280 --> 02:22:43,140 now this will take a few seconds to 3618 02:22:43,140 --> 02:22:45,560 finish and we should receive the 3619 02:22:45,560 --> 02:22:47,819 metasploitable.vmdk file which then we 3620 02:22:47,819 --> 02:22:49,740 will use in order to create our virtual 3621 02:22:49,740 --> 02:22:51,479 machine with all the vulnerable 3622 02:22:51,479 --> 02:22:53,819 softwares now the only thing we need 3623 02:22:53,819 --> 02:22:55,859 from this virtual machine is the SSH 3624 02:22:55,859 --> 02:22:58,920 client so once again if you have any SSH 3625 02:22:58,920 --> 02:23:01,380 service running on any other machine you 3626 02:23:01,380 --> 02:23:02,640 don't really need to do this you can 3627 02:23:02,640 --> 02:23:05,460 perform the SSH brute force on any SSH 3628 02:23:05,460 --> 02:23:08,220 machine that you managed to find and of 3629 02:23:08,220 --> 02:23:09,660 course that you have the permission to 3630 02:23:09,660 --> 02:23:12,899 test on alright so this is fist we got 3631 02:23:12,899 --> 02:23:15,180 this file right here and you will see a 3632 02:23:15,180 --> 02:23:16,620 couple of files in which we are 3633 02:23:16,620 --> 02:23:18,600 interested in this metasploitable file 3634 02:23:18,600 --> 02:23:22,260 which is dot vmdk it is the size of 1.79 3635 02:23:22,260 --> 02:23:25,319 gigabytes and right now we need to open 3636 02:23:25,319 --> 02:23:27,000 up our virtualbox 3637 02:23:27,000 --> 02:23:29,640 click on new 3638 02:23:29,640 --> 02:23:31,920 put in a name for your virtual machine 3639 02:23:31,920 --> 02:23:35,340 for example let's call it Metasploit 3640 02:23:35,340 --> 02:23:37,620 and make sure that under the type you 3641 02:23:37,620 --> 02:23:39,780 set Linux and under the version you set 3642 02:23:39,780 --> 02:23:42,840 all the way down other Linux 64-bit 3643 02:23:42,840 --> 02:23:44,540 click on next 3644 02:23:44,540 --> 02:23:47,100 512 megabytes is more than enough for 3645 02:23:47,100 --> 02:23:49,260 this machine so click on next and 3646 02:23:49,260 --> 02:23:51,000 instead of going with the create a 3647 02:23:51,000 --> 02:23:52,920 virtual hard disk now as we did with the 3648 02:23:52,920 --> 02:23:55,080 color Linux machine we want to go to the 3649 02:23:55,080 --> 02:23:57,180 use an existing virtual hard disk file 3650 02:23:57,180 --> 02:24:00,120 click on this and right here click on 3651 02:24:00,120 --> 02:24:02,520 this icon where it will open this video 3652 02:24:02,520 --> 02:24:04,500 where you can simply just find your 3653 02:24:04,500 --> 02:24:08,220 metasploitable vmdk file and use it as 3654 02:24:08,220 --> 02:24:10,319 your hard disk since I don't have it 3655 02:24:10,319 --> 02:24:12,960 right here I want to go to the ad 3656 02:24:12,960 --> 02:24:15,540 then I want to navigate to the desktop 3657 02:24:15,540 --> 02:24:18,240 2D met exploitable and then this file 3658 02:24:18,240 --> 02:24:20,060 and here it is the 3659 02:24:20,060 --> 02:24:24,140 metasploitable.vndk click on open 3660 02:24:24,300 --> 02:24:27,780 try to find it right here here it is I 3661 02:24:27,780 --> 02:24:30,000 will simply just double click on it it 3662 02:24:30,000 --> 02:24:32,100 will automatically set it right here and 3663 02:24:32,100 --> 02:24:33,960 I will click on create 3664 02:24:33,960 --> 02:24:36,120 as soon as that has finished we also 3665 02:24:36,120 --> 02:24:37,979 want to set the network settings that we 3666 02:24:37,979 --> 02:24:40,380 used in the Cal Linux we also want to 3667 02:24:40,380 --> 02:24:42,359 set it in the metasploitable as well so 3668 02:24:42,359 --> 02:24:44,340 go to the bridge adapter and set the 3669 02:24:44,340 --> 02:24:46,620 ethernet cable connection and once again 3670 02:24:46,620 --> 02:24:48,780 make sure cable connected is checked 3671 02:24:48,780 --> 02:24:52,020 click on OK and now you can start the 3672 02:24:52,020 --> 02:24:54,300 machine so I will simply just click on 3673 02:24:54,300 --> 02:24:56,939 start and you will notice that this 3674 02:24:56,939 --> 02:24:58,800 actual machine doesn't take too long to 3675 02:24:58,800 --> 02:25:01,560 install it will take just two or three 3676 02:25:01,560 --> 02:25:03,840 minutes possibly and then we are ready 3677 02:25:03,840 --> 02:25:07,140 to proceed with our brute forcer for the 3678 02:25:07,140 --> 02:25:10,020 SSH service all right so it says 3679 02:25:10,020 --> 02:25:12,180 starting up right here 3680 02:25:12,180 --> 02:25:14,100 it will automatically download and 3681 02:25:14,100 --> 02:25:15,780 install all of this stuff and all the 3682 02:25:15,780 --> 02:25:17,460 softwares that it needs so we don't 3683 02:25:17,460 --> 02:25:19,620 really have to do anything all we need 3684 02:25:19,620 --> 02:25:22,080 to do is to log into the machine once it 3685 02:25:22,080 --> 02:25:24,300 has finished installing everything all 3686 02:25:24,300 --> 02:25:25,979 right so we are going to wait for that 3687 02:25:25,979 --> 02:25:28,200 to finish and here it is it is already 3688 02:25:28,200 --> 02:25:31,380 over it is asking us for the login and 3689 02:25:31,380 --> 02:25:33,720 you will notice that above the actual 3690 02:25:33,720 --> 02:25:35,939 login it tells us that the username and 3691 02:25:35,939 --> 02:25:39,479 password is msf admin and msf admin so 3692 02:25:39,479 --> 02:25:41,760 let's go right here and type rsf admin 3693 02:25:41,760 --> 02:25:46,260 and as a password as well msf admin 3694 02:25:46,260 --> 02:25:48,600 clear the screen since this is just a 3695 02:25:48,600 --> 02:25:50,399 command line machine and if I type 3696 02:25:50,399 --> 02:25:53,160 ifconfig I make sure that we are in the 3697 02:25:53,160 --> 02:25:55,380 same local area network with the IP 3698 02:25:55,380 --> 02:25:56,780 address of 3699 02:25:56,780 --> 02:25:59,819 192.168.1.3 and this is basically it we 3700 02:25:59,819 --> 02:26:01,680 successfully downloaded and installed 3701 02:26:01,680 --> 02:26:04,020 metasploitable virtual machine 3702 02:26:04,020 --> 02:26:05,580 so thank you for watching this tutorial 3703 02:26:05,580 --> 02:26:07,800 and I will see you in the next lecture 3704 02:26:07,800 --> 02:26:09,180 bye 3705 02:26:09,180 --> 02:26:11,340 hello everybody and welcome to our third 3706 02:26:11,340 --> 02:26:13,500 project which is going to be the SSH 3707 02:26:13,500 --> 02:26:16,680 brute forcer so for now on we managed to 3708 02:26:16,680 --> 02:26:18,780 scan the open ports to determine which 3709 02:26:18,780 --> 02:26:20,939 ones were closed which ones were open we 3710 02:26:20,939 --> 02:26:22,740 also managed to scan for the softwares 3711 02:26:22,740 --> 02:26:24,720 running on those open ports and now 3712 02:26:24,720 --> 02:26:27,000 let's imagine an example that we didn't 3713 02:26:27,000 --> 02:26:28,680 really manage to find any vulnerable 3714 02:26:28,680 --> 02:26:30,780 software running on those open ports 3715 02:26:30,780 --> 02:26:32,760 well now we have to turn to different 3716 02:26:32,760 --> 02:26:35,220 approaches such as for example trying to 3717 02:26:35,220 --> 02:26:37,140 gain access through some of those 3718 02:26:37,140 --> 02:26:39,420 Services running all those open ports 3719 02:26:39,420 --> 02:26:41,460 and we're going to take a look at the 3720 02:26:41,460 --> 02:26:43,260 first one which is going to be the SSH 3721 02:26:43,260 --> 02:26:46,620 Brute Force now what is an SSH 3722 02:26:46,620 --> 02:26:48,720 well sh is a way that you can 3723 02:26:48,720 --> 02:26:50,460 communicate and control the target 3724 02:26:50,460 --> 02:26:53,100 machine over the Internet just by 3725 02:26:53,100 --> 02:26:55,560 performing the SSH connection to that 3726 02:26:55,560 --> 02:26:56,819 specific machine 3727 02:26:56,819 --> 02:26:59,280 now of course it is a secure protocol 3728 02:26:59,280 --> 02:27:01,260 therefore we would need the username and 3729 02:27:01,260 --> 02:27:03,540 password in order to gain access to that 3730 02:27:03,540 --> 02:27:06,120 specific machine over the SSH protocol 3731 02:27:06,120 --> 02:27:08,280 now for the purposes of this project 3732 02:27:08,280 --> 02:27:10,140 we're going to use a virtual machine 3733 02:27:10,140 --> 02:27:13,140 which is called metasploitable now I 3734 02:27:13,140 --> 02:27:15,120 downloaded it and already installed it 3735 02:27:15,120 --> 02:27:18,420 here it is and in case you don't know 3736 02:27:18,420 --> 02:27:21,060 how to do that I created a bonus video 3737 02:27:21,060 --> 02:27:22,740 which is going to be at the last section 3738 02:27:22,740 --> 02:27:25,080 of this course and there you should see 3739 02:27:25,080 --> 02:27:27,540 the bonus video which simply just shows 3740 02:27:27,540 --> 02:27:29,420 you how to download and install 3741 02:27:29,420 --> 02:27:32,100 metasploitable now I will assume that 3742 02:27:32,100 --> 02:27:34,319 you already have it and that you watch 3743 02:27:34,319 --> 02:27:35,880 that video so I will simply just start 3744 02:27:35,880 --> 02:27:38,359 this machine 3745 02:27:38,819 --> 02:27:40,800 and first of all we're going to take a 3746 02:27:40,800 --> 02:27:42,359 look at how we can simply just connect 3747 02:27:42,359 --> 02:27:45,300 over the SSH using our terminal and then 3748 02:27:45,300 --> 02:27:47,100 we're going to try to implement all of 3749 02:27:47,100 --> 02:27:50,399 that into our SSH Brute Force program 3750 02:27:50,399 --> 02:27:52,260 now there will be two versions of this 3751 02:27:52,260 --> 02:27:54,540 program one will be a regular sh brute 3752 02:27:54,540 --> 02:27:56,819 force and the other one will be the SSH 3753 02:27:56,819 --> 02:28:00,060 brute forcer with threading library now 3754 02:28:00,060 --> 02:28:02,399 the reason why we do that is because if 3755 02:28:02,399 --> 02:28:04,200 you use a Threading library in order to 3756 02:28:04,200 --> 02:28:05,819 perform brute forcing it will 3757 02:28:05,819 --> 02:28:08,040 automatically be faster than simply just 3758 02:28:08,040 --> 02:28:10,620 using one thread in order to perform the 3759 02:28:10,620 --> 02:28:12,120 Brute Force 3760 02:28:12,120 --> 02:28:14,520 but let's not bother ourselves with that 3761 02:28:14,520 --> 02:28:16,800 right now let's see how we can connect 3762 02:28:16,800 --> 02:28:19,740 to the SSH using our terminal so our 3763 02:28:19,740 --> 02:28:22,439 machine is up and running we log in 3764 02:28:22,439 --> 02:28:25,800 using the msf admin as a username and 3765 02:28:25,800 --> 02:28:29,700 msf admin as a password and here it is 3766 02:28:29,700 --> 02:28:32,340 everything works correctly if I type 3767 02:28:32,340 --> 02:28:34,500 ifconfig I will check my IP address 3768 02:28:34,500 --> 02:28:36,500 which is going to be 3769 02:28:36,500 --> 02:28:39,300 192.168.1.3 so I need to remember that 3770 02:28:39,300 --> 02:28:42,240 open up my terminal let me enlarge all 3771 02:28:42,240 --> 02:28:43,740 of this in 3772 02:28:43,740 --> 02:28:46,319 and now try to connect to that IP 3773 02:28:46,319 --> 02:28:49,020 address using as Sage protocol so SSH 3774 02:28:49,020 --> 02:28:51,260 and then 3775 02:28:51,260 --> 02:28:54,720 192.168.1.3 press here enter and here 3776 02:28:54,720 --> 02:28:56,399 are some of the stuff that happens once 3777 02:28:56,399 --> 02:28:58,439 you try to connect over the sh the 3778 02:28:58,439 --> 02:29:00,600 authenticity of the host can be 3779 02:29:00,600 --> 02:29:03,359 established as a key fingerprint is and 3780 02:29:03,359 --> 02:29:05,280 then this one are sure you want to 3781 02:29:05,280 --> 02:29:07,979 continue connecting we want to type here 3782 02:29:07,979 --> 02:29:10,020 yes 3783 02:29:10,020 --> 02:29:12,060 and it will tell us that it permanently 3784 02:29:12,060 --> 02:29:14,580 added the RSA to the list of known hosts 3785 02:29:14,580 --> 02:29:16,920 now this is just some regular stuff that 3786 02:29:16,920 --> 02:29:18,359 happens once you try to actually connect 3787 02:29:18,359 --> 02:29:21,120 to the sh and we're going to have to 3788 02:29:21,120 --> 02:29:22,620 implement some of these things in our 3789 02:29:22,620 --> 02:29:24,660 program as well so keep in mind for that 3790 02:29:24,660 --> 02:29:27,899 right now and it will ask us to connect 3791 02:29:27,899 --> 02:29:29,760 to the root account which we don't 3792 02:29:29,760 --> 02:29:32,040 really want so I'm just going to click 3793 02:29:32,040 --> 02:29:34,500 exit right here 3794 02:29:34,500 --> 02:29:37,800 I will control C and then I will SSH msf 3795 02:29:37,800 --> 02:29:42,000 admin and then add 192.168.1.3 3796 02:29:43,680 --> 02:29:46,740 okay and the password will be msf admin 3797 02:29:46,740 --> 02:29:49,380 if I'm not mistaken and here it is we 3798 02:29:49,380 --> 02:29:50,939 successfully managed to connect to the 3799 02:29:50,939 --> 02:29:53,700 msf admin account on the multiploitable 3800 02:29:53,700 --> 02:29:56,580 virtual machine using the SSH from our 3801 02:29:56,580 --> 02:29:59,340 terminal all right and now if I type 3802 02:29:59,340 --> 02:30:01,740 5config in this terminal you will see 3803 02:30:01,740 --> 02:30:04,380 that we get the exact same IP address as 3804 02:30:04,380 --> 02:30:06,600 we got when I typed ifconfig inside our 3805 02:30:06,600 --> 02:30:07,859 metasploitable 3806 02:30:07,859 --> 02:30:09,660 so we basically got something like a 3807 02:30:09,660 --> 02:30:12,240 reverse shell running and we can execute 3808 02:30:12,240 --> 02:30:14,760 any commands we want and we can do 3809 02:30:14,760 --> 02:30:16,560 anything onto our met exploitable 3810 02:30:16,560 --> 02:30:19,020 machine so let me exit this since we are 3811 02:30:19,020 --> 02:30:20,640 not really interested in doing this over 3812 02:30:20,640 --> 02:30:22,880 terminal and let's start the new project 3813 02:30:22,880 --> 02:30:26,399 on SSH brute forcer 3814 02:30:26,399 --> 02:30:28,340 now of course I showed you an example 3815 02:30:28,340 --> 02:30:31,439 let me just open up my pycharm now of 3816 02:30:31,439 --> 02:30:33,660 course I showed you an example in which 3817 02:30:33,660 --> 02:30:35,340 we actually know the password to the 3818 02:30:35,340 --> 02:30:38,160 Target and in our program we want to 3819 02:30:38,160 --> 02:30:39,540 make sure that we do not know the 3820 02:30:39,540 --> 02:30:41,280 password and we will try multiple 3821 02:30:41,280 --> 02:30:43,500 passwords until we actually find the 3822 02:30:43,500 --> 02:30:46,439 correct one okay and then once we find 3823 02:30:46,439 --> 02:30:48,479 the correct one we will print it to the 3824 02:30:48,479 --> 02:30:51,300 screen found password and we will print 3825 02:30:51,300 --> 02:30:53,340 the username and the password for that 3826 02:30:53,340 --> 02:30:55,620 specific account 3827 02:30:55,620 --> 02:30:58,140 Now by default we will probably open up 3828 02:30:58,140 --> 02:30:59,819 our previous project which is going to 3829 02:30:59,819 --> 02:31:01,920 be the vulnerability scanner yeah here 3830 02:31:01,920 --> 02:31:05,040 it is but we want to as usual create a 3831 02:31:05,040 --> 02:31:07,560 new project which we will call the SSH 3832 02:31:07,560 --> 02:31:10,080 brute forcer so let's wait for all of 3833 02:31:10,080 --> 02:31:11,819 this to load up 3834 02:31:11,819 --> 02:31:14,280 okay so it loaded up let's go to the 3835 02:31:14,280 --> 02:31:15,600 file 3836 02:31:15,600 --> 02:31:18,500 new project 3837 02:31:19,439 --> 02:31:22,200 let's name the project to be SSH Brute 3838 02:31:22,200 --> 02:31:23,700 Force 3839 02:31:23,700 --> 02:31:26,460 click on create we want to create and 3840 02:31:26,460 --> 02:31:28,200 open the new project inside of this 3841 02:31:28,200 --> 02:31:30,380 window 3842 02:31:32,520 --> 02:31:34,560 let's wait for it to create the virtual 3843 02:31:34,560 --> 02:31:35,880 environment for us and all the 3844 02:31:35,880 --> 02:31:37,439 dependencies 3845 02:31:37,439 --> 02:31:39,420 and now we can simply just create our 3846 02:31:39,420 --> 02:31:43,140 python file by right clicking new python 3847 02:31:43,140 --> 02:31:48,180 file and let's call it SSH brute.py 3848 02:31:48,420 --> 02:31:50,460 easy to remember so 3849 02:31:50,460 --> 02:31:52,200 all we are going to do in this video 3850 02:31:52,200 --> 02:31:53,880 before we end it is we're going to 3851 02:31:53,880 --> 02:31:56,160 import the needed libraries for this 3852 02:31:56,160 --> 02:31:58,620 program to work 3853 02:31:58,620 --> 02:32:01,140 now let's type the import command and 3854 02:32:01,140 --> 02:32:03,359 the first library and the most important 3855 02:32:03,359 --> 02:32:05,399 library for this actual project is going 3856 02:32:05,399 --> 02:32:07,260 to be the paramico 3857 02:32:07,260 --> 02:32:09,960 Library we will use this library in 3858 02:32:09,960 --> 02:32:12,000 order to automate the process of 3859 02:32:12,000 --> 02:32:14,580 connecting to our SSH client so this 3860 02:32:14,580 --> 02:32:16,560 library has already pre-made functions 3861 02:32:16,560 --> 02:32:18,600 that we can use in order to make this 3862 02:32:18,600 --> 02:32:21,060 process shorter all right then we're 3863 02:32:21,060 --> 02:32:23,760 going to need assist Library the OS 3864 02:32:23,760 --> 02:32:25,859 Library 3865 02:32:25,859 --> 02:32:28,080 the socket library of course every time 3866 02:32:28,080 --> 02:32:30,720 we actually try to perform some some 3867 02:32:30,720 --> 02:32:32,939 tasks over the Internet we will most 3868 02:32:32,939 --> 02:32:35,160 likely use the socket library and we are 3869 02:32:35,160 --> 02:32:38,939 also going to use the term color Library 3870 02:32:38,939 --> 02:32:40,979 now you will notice that out of these 3871 02:32:40,979 --> 02:32:42,899 file libraries two are actually red 3872 02:32:42,899 --> 02:32:44,700 underlined which means we do not have 3873 02:32:44,700 --> 02:32:46,620 them installed inside our virtual 3874 02:32:46,620 --> 02:32:48,540 environment so let's install them we 3875 02:32:48,540 --> 02:32:51,000 already know how to do that we will open 3876 02:32:51,000 --> 02:32:53,160 up our terminal inside our pycharm and 3877 02:32:53,160 --> 02:32:55,560 type pip3 install and first let's go 3878 02:32:55,560 --> 02:32:58,020 with the paramico since paramico is 3879 02:32:58,020 --> 02:32:59,760 essential for this program to work while 3880 02:32:59,760 --> 02:33:01,979 as term color we don't really need but 3881 02:33:01,979 --> 02:33:04,920 it will make our program look nicer and 3882 02:33:04,920 --> 02:33:06,660 we can see it successfully installed 3883 02:33:06,660 --> 02:33:10,140 paramico and now let's pip3 install term 3884 02:33:10,140 --> 02:33:13,439 color alright so paper is return color 3885 02:33:13,439 --> 02:33:15,840 and this will finish in just a second 3886 02:33:15,840 --> 02:33:17,220 here it is 3887 02:33:17,220 --> 02:33:20,040 if I exit this terminal and go back to 3888 02:33:20,040 --> 02:33:21,120 my program 3889 02:33:21,120 --> 02:33:23,100 for some reason this is still red 3890 02:33:23,100 --> 02:33:24,780 underline not really sure why let's 3891 02:33:24,780 --> 02:33:27,060 start typing something maybe it will go 3892 02:33:27,060 --> 02:33:27,960 away 3893 02:33:27,960 --> 02:33:29,760 print 3894 02:33:29,760 --> 02:33:32,819 yeah it went away great so everything is 3895 02:33:32,819 --> 02:33:34,920 imported successfully and in the next 3896 02:33:34,920 --> 02:33:38,280 video we can start off with our brute 3897 02:33:38,280 --> 02:33:40,200 forcer hope I see you in the next 3898 02:33:40,200 --> 02:33:43,380 lecture and take care bye welcome back 3899 02:33:43,380 --> 02:33:45,420 everyone and let's continue with the 3900 02:33:45,420 --> 02:33:47,819 coding of our brute forcer you will 3901 02:33:47,819 --> 02:33:49,920 notice right away that we're going to 3902 02:33:49,920 --> 02:33:52,200 start it rather the same as our 3903 02:33:52,200 --> 02:33:54,120 vulnerability scanner by prompting the 3904 02:33:54,120 --> 02:33:55,979 users to input three different things 3905 02:33:55,979 --> 02:33:57,600 that we are going to store into three 3906 02:33:57,600 --> 02:33:59,340 different variables and use throughout 3907 02:33:59,340 --> 02:34:00,420 our program 3908 02:34:00,420 --> 02:34:02,399 now two of those three things are going 3909 02:34:02,399 --> 02:34:04,080 to be the exact same as in our 3910 02:34:04,080 --> 02:34:06,300 vulnerability scanner and the third one 3911 02:34:06,300 --> 02:34:08,460 is going to be the username for the sh 3912 02:34:08,460 --> 02:34:11,100 account so first thing we're going to 3913 02:34:11,100 --> 02:34:13,500 prompt the user is to enter the host so 3914 02:34:13,500 --> 02:34:15,780 the actual IP address to the Target that 3915 02:34:15,780 --> 02:34:17,880 they want to connect to so we're going 3916 02:34:17,880 --> 02:34:21,180 to type it right here input 3917 02:34:21,180 --> 02:34:24,080 and let's add 3918 02:34:24,120 --> 02:34:25,560 plus sign 3919 02:34:25,560 --> 02:34:29,040 and then Target address 3920 02:34:29,040 --> 02:34:31,020 so the user can specify the target 3921 02:34:31,020 --> 02:34:32,040 address 3922 02:34:32,040 --> 02:34:33,899 the second thing that we are going to 3923 02:34:33,899 --> 02:34:35,880 need is going to be the username for the 3924 02:34:35,880 --> 02:34:37,260 account that we are trying to Brute 3925 02:34:37,260 --> 02:34:39,600 Force which in our case if you're using 3926 02:34:39,600 --> 02:34:41,399 that exploitable as I am is going to be 3927 02:34:41,399 --> 02:34:44,160 msf admin all right so we're going to 3928 02:34:44,160 --> 02:34:46,020 input 3929 02:34:46,020 --> 02:34:48,060 right here 3930 02:34:48,060 --> 02:34:50,640 at the plus sign once again and Sh 3931 02:34:50,640 --> 02:34:52,859 username 3932 02:34:52,859 --> 02:34:54,420 and the last thing that we want to 3933 02:34:54,420 --> 02:34:57,359 prompt to the user is to input the file 3934 02:34:57,359 --> 02:34:59,700 or the file name from which we are going 3935 02:34:59,700 --> 02:35:01,319 to read the passwords 3936 02:35:01,319 --> 02:35:04,859 all right so input file let's call it 3937 02:35:04,859 --> 02:35:09,000 like that and we're going to type input 3938 02:35:09,000 --> 02:35:12,859 single quotes plus sign and then 3939 02:35:12,859 --> 02:35:15,840 passwords file 3940 02:35:15,840 --> 02:35:18,660 alright so simple as that once the user 3941 02:35:18,660 --> 02:35:21,000 specifies all of these three things we 3942 02:35:21,000 --> 02:35:22,859 are ready to start running our program 3943 02:35:22,859 --> 02:35:24,720 the first thing that we're going to take 3944 02:35:24,720 --> 02:35:26,460 a look at is whether the username 3945 02:35:26,460 --> 02:35:28,380 specified the actual password file 3946 02:35:28,380 --> 02:35:30,960 correctly and we're going to do that 3947 02:35:30,960 --> 02:35:33,540 using the OS Library so we're going to 3948 02:35:33,540 --> 02:35:35,520 see whether this file actually exists if 3949 02:35:35,520 --> 02:35:37,260 it doesn't exist 3950 02:35:37,260 --> 02:35:39,840 we're going to print to the user file 3951 02:35:39,840 --> 02:35:42,720 doesn't exist okay so now in order to 3952 02:35:42,720 --> 02:35:44,160 actually do that we're going to use an 3953 02:35:44,160 --> 02:35:47,160 if statement and we're going to call the 3954 02:35:47,160 --> 02:35:50,399 OS library with the path and Dot exists 3955 02:35:50,399 --> 02:35:51,680 now this 3956 02:35:51,680 --> 02:35:53,640 os.path.exists will check for a 3957 02:35:53,640 --> 02:35:56,160 specified path whether that path simply 3958 02:35:56,160 --> 02:35:58,439 exists or not basically it performs the 3959 02:35:58,439 --> 02:36:01,020 same thing as its name says so 3960 02:36:01,020 --> 02:36:04,020 os.path.exists 3961 02:36:04,080 --> 02:36:06,479 and in the brackets we specify the 3962 02:36:06,479 --> 02:36:08,580 actual path to the file so in our case 3963 02:36:08,580 --> 02:36:11,340 that will be input file 3964 02:36:11,340 --> 02:36:14,460 and if it equals equals to false since 3965 02:36:14,460 --> 02:36:16,260 this actual function will return true 3966 02:36:16,260 --> 02:36:18,899 and false true if the file exists and 3967 02:36:18,899 --> 02:36:21,240 false if it doesn't exist so in this 3968 02:36:21,240 --> 02:36:23,040 case if it doesn't exist we're going to 3969 02:36:23,040 --> 02:36:25,340 print 3970 02:36:28,859 --> 02:36:33,120 that file doesn't exist and we also want 3971 02:36:33,120 --> 02:36:34,859 to make sure that we already here slash 3972 02:36:34,859 --> 02:36:37,920 path in case the user specifies path and 3973 02:36:37,920 --> 02:36:39,540 not just the file name 3974 02:36:39,540 --> 02:36:41,819 and then we're going to use the sys 3975 02:36:41,819 --> 02:36:43,920 library in order to exit the program 3976 02:36:43,920 --> 02:36:47,040 with number one so sys.exits in case 3977 02:36:47,040 --> 02:36:49,020 that file doesn't exist so the user can 3978 02:36:49,020 --> 02:36:51,120 actually rerun the program and specify 3979 02:36:51,120 --> 02:36:53,640 the correct file right now that we did 3980 02:36:53,640 --> 02:36:55,800 all of this we need to actually proceed 3981 02:36:55,800 --> 02:36:58,319 with the main part of the program which 3982 02:36:58,319 --> 02:36:59,939 is going to be the comparison of the 3983 02:36:59,939 --> 02:37:02,460 passwords with the SSH client so in 3984 02:37:02,460 --> 02:37:04,140 order to do that we're going to have to 3985 02:37:04,140 --> 02:37:06,780 open file first and to open this 3986 02:37:06,780 --> 02:37:08,520 password file we simply just use the 3987 02:37:08,520 --> 02:37:09,899 same thing as from the vulnerability 3988 02:37:09,899 --> 02:37:12,300 scanner which is the statement with open 3989 02:37:12,300 --> 02:37:15,120 and then we specify the file name in our 3990 02:37:15,120 --> 02:37:17,280 case it is stored inside the input file 3991 02:37:17,280 --> 02:37:19,620 variable and then we open it up for 3992 02:37:19,620 --> 02:37:22,140 reading once we do that we simply create 3993 02:37:22,140 --> 02:37:24,720 the file descriptor name which is going 3994 02:37:24,720 --> 02:37:27,899 to be just file and then we check 3995 02:37:27,899 --> 02:37:30,960 all the passwords line by line so for 3996 02:37:30,960 --> 02:37:32,220 each line 3997 02:37:32,220 --> 02:37:35,280 in file.redlines and keep in mind that 3998 02:37:35,280 --> 02:37:38,220 you need to use readline with s and 3999 02:37:38,220 --> 02:37:40,500 there is also read line but read line 4000 02:37:40,500 --> 02:37:42,960 will only read character one by one and 4001 02:37:42,960 --> 02:37:44,760 we want to make sure we use read line so 4002 02:37:44,760 --> 02:37:47,460 we read line by line all right 4003 02:37:47,460 --> 02:37:49,920 once it reads the line that line will be 4004 02:37:49,920 --> 02:37:52,260 a password and we're going to set it so 4005 02:37:52,260 --> 02:37:54,180 password equals 4006 02:37:54,180 --> 02:37:57,120 line and that line we want to strip out 4007 02:37:57,120 --> 02:37:59,340 any character that we don't need for 4008 02:37:59,340 --> 02:38:01,439 example the new line character we don't 4009 02:38:01,439 --> 02:38:03,420 really need it inside of the string so 4010 02:38:03,420 --> 02:38:04,920 we're going to strip any unnecessary 4011 02:38:04,920 --> 02:38:06,780 thing and store it in a new variable 4012 02:38:06,780 --> 02:38:08,580 that we just created which is going to 4013 02:38:08,580 --> 02:38:11,640 be called password all right once we 4014 02:38:11,640 --> 02:38:14,100 have the password ready to test then we 4015 02:38:14,100 --> 02:38:16,020 can simply just try to connect with that 4016 02:38:16,020 --> 02:38:18,060 password 4017 02:38:18,060 --> 02:38:20,100 and in order to do that we're going to 4018 02:38:20,100 --> 02:38:23,580 use a function SSH underscore whoops SSH 4019 02:38:23,580 --> 02:38:25,979 underscore connect 4020 02:38:25,979 --> 02:38:29,340 with this specified password now you 4021 02:38:29,340 --> 02:38:31,979 might notice right away that this is red 4022 02:38:31,979 --> 02:38:34,380 underline and the reason why this thread 4023 02:38:34,380 --> 02:38:36,240 underline is because this function 4024 02:38:36,240 --> 02:38:38,160 doesn't even exist 4025 02:38:38,160 --> 02:38:39,899 now you might be asking why are we using 4026 02:38:39,899 --> 02:38:41,520 it if it doesn't exist well we're going 4027 02:38:41,520 --> 02:38:43,740 to code it in the next video and inside 4028 02:38:43,740 --> 02:38:45,540 of this function we're going to use the 4029 02:38:45,540 --> 02:38:47,580 paramico library in order to automate 4030 02:38:47,580 --> 02:38:50,399 the SSH connection to the Target all 4031 02:38:50,399 --> 02:38:52,260 right so that would be about it for this 4032 02:38:52,260 --> 02:38:54,780 tutorial and I will see you in the next 4033 02:38:54,780 --> 02:38:57,840 lecture bye welcome back everyone and 4034 02:38:57,840 --> 02:38:59,700 right now we are ready to start coding 4035 02:38:59,700 --> 02:39:02,460 our sh connect function in the previous 4036 02:39:02,460 --> 02:39:04,979 video we coded all of this so this is 4037 02:39:04,979 --> 02:39:06,479 just the base part of the program where 4038 02:39:06,479 --> 02:39:09,000 we ask for some uh imported information 4039 02:39:09,000 --> 02:39:10,740 then we check whether that information 4040 02:39:10,740 --> 02:39:13,800 is correct and then we continue with the 4041 02:39:13,800 --> 02:39:15,899 actual brute forcing right now we are 4042 02:39:15,899 --> 02:39:17,520 going to call the sh connect function 4043 02:39:17,520 --> 02:39:19,560 and let's do it at the beginning of the 4044 02:39:19,560 --> 02:39:21,240 program we're going to Define it first 4045 02:39:21,240 --> 02:39:23,750 Define SSH underscore connect 4046 02:39:23,750 --> 02:39:25,140 [Music] 4047 02:39:25,140 --> 02:39:27,060 and this function will actually take two 4048 02:39:27,060 --> 02:39:29,340 parameters one of them is going to be 4049 02:39:29,340 --> 02:39:31,560 the password which we specified right 4050 02:39:31,560 --> 02:39:33,359 here and the other one we're going to 4051 02:39:33,359 --> 02:39:35,520 actually declare right here in the 4052 02:39:35,520 --> 02:39:37,020 brackets and we're going to call it code 4053 02:39:37,020 --> 02:39:40,200 to be equal to zero what this means when 4054 02:39:40,200 --> 02:39:42,000 you simply specify code to be equal to 4055 02:39:42,000 --> 02:39:44,580 zero is in case we don't really specify 4056 02:39:44,580 --> 02:39:46,680 anything as a second parameter right 4057 02:39:46,680 --> 02:39:48,600 here in this line that means that this 4058 02:39:48,600 --> 02:39:50,460 code parameter will automatically be set 4059 02:39:50,460 --> 02:39:53,100 to zero all right and we want it like 4060 02:39:53,100 --> 02:39:55,500 that so let's add two dots right here 4061 02:39:55,500 --> 02:39:57,180 and start coding the part of the 4062 02:39:57,180 --> 02:39:58,979 function first of all we need to create 4063 02:39:58,979 --> 02:40:00,660 a variable which is going to be called 4064 02:40:00,660 --> 02:40:03,600 SSH and that variable will be equal to 4065 02:40:03,600 --> 02:40:05,060 parametical 4066 02:40:05,060 --> 02:40:07,560 dot sh client 4067 02:40:07,560 --> 02:40:09,720 so we're going to use this sh client 4068 02:40:09,720 --> 02:40:11,100 function in order to declare this 4069 02:40:11,100 --> 02:40:12,000 variable 4070 02:40:12,000 --> 02:40:13,680 and then we're going to use this 4071 02:40:13,680 --> 02:40:14,640 variable 4072 02:40:14,640 --> 02:40:18,479 to set missing host key policy so this 4073 02:40:18,479 --> 02:40:20,460 is a long function as you can see you 4074 02:40:20,460 --> 02:40:22,260 can simply just tab it to auto complete 4075 02:40:22,260 --> 02:40:24,720 it once the pycharm outputs it as a 4076 02:40:24,720 --> 02:40:26,399 possible function to use so we're going 4077 02:40:26,399 --> 02:40:28,939 to type as Sage set musicowski policy 4078 02:40:28,939 --> 02:40:31,620 and right here we need to specify 4079 02:40:31,620 --> 02:40:33,120 paramico 4080 02:40:33,120 --> 02:40:36,780 dot Auto add 4081 02:40:36,780 --> 02:40:40,560 policy and this is also function so this 4082 02:40:40,560 --> 02:40:42,479 is just some basic two lines that we 4083 02:40:42,479 --> 02:40:44,640 need to set before we try to connect to 4084 02:40:44,640 --> 02:40:48,899 the SSH client and right after it comes 4085 02:40:48,899 --> 02:40:50,880 the connect part which we will try with 4086 02:40:50,880 --> 02:40:54,560 the try and accept statement 4087 02:40:56,340 --> 02:40:58,260 similar thing that we did with our Port 4088 02:40:58,260 --> 02:40:59,760 scanner we're going to do right here 4089 02:40:59,760 --> 02:41:01,620 we're going to try to connect inside 4090 02:41:01,620 --> 02:41:03,780 this try statement and in the accept 4091 02:41:03,780 --> 02:41:05,819 statement we're going to print that the 4092 02:41:05,819 --> 02:41:08,700 password was incorrect all right so 4093 02:41:08,700 --> 02:41:10,920 right here in the try statement we're 4094 02:41:10,920 --> 02:41:14,760 going to type SSH dot connect 4095 02:41:14,760 --> 02:41:17,760 we're going to connect onto the host and 4096 02:41:17,760 --> 02:41:19,439 keep in mind that the host is this 4097 02:41:19,439 --> 02:41:21,479 variable right here which stores the IP 4098 02:41:21,479 --> 02:41:23,580 address that the user specifies 4099 02:41:23,580 --> 02:41:27,060 we want to connect over the port 22 4100 02:41:27,060 --> 02:41:29,460 because the port 22 is a regular port 4101 02:41:29,460 --> 02:41:31,140 for the SSH 4102 02:41:31,140 --> 02:41:33,960 we want to set the username to be equal 4103 02:41:33,960 --> 02:41:35,399 to username 4104 02:41:35,399 --> 02:41:37,620 which once again is this variable right 4105 02:41:37,620 --> 02:41:38,520 here 4106 02:41:38,520 --> 02:41:40,680 and we want to set the last thing which 4107 02:41:40,680 --> 02:41:42,899 is going to be the password to be equal 4108 02:41:42,899 --> 02:41:44,520 to password 4109 02:41:44,520 --> 02:41:47,340 which we pasted right here as a 4110 02:41:47,340 --> 02:41:48,359 parameter 4111 02:41:48,359 --> 02:41:51,300 so it is going to get stored from here 4112 02:41:51,300 --> 02:41:54,000 to here all right so this connect 4113 02:41:54,000 --> 02:41:56,340 function that comes with the parameter 4114 02:41:56,340 --> 02:41:59,640 library has four parameters the IP 4115 02:41:59,640 --> 02:42:02,280 address the port number the username and 4116 02:42:02,280 --> 02:42:04,800 the password and this is all that we are 4117 02:42:04,800 --> 02:42:06,000 going to do right here in the try 4118 02:42:06,000 --> 02:42:08,280 statement in the accept statement we're 4119 02:42:08,280 --> 02:42:10,200 going to check for an error which is 4120 02:42:10,200 --> 02:42:13,460 going to be called paramico 4121 02:42:13,460 --> 02:42:16,380 authentication exception which simply 4122 02:42:16,380 --> 02:42:18,840 just stands for if the password is was 4123 02:42:18,840 --> 02:42:20,760 incorrect we're going to perform this 4124 02:42:20,760 --> 02:42:22,319 part of the code so if the 4125 02:42:22,319 --> 02:42:23,939 authentication didn't manage to go 4126 02:42:23,939 --> 02:42:25,979 through that means we specified the 4127 02:42:25,979 --> 02:42:28,140 incorrect password and therefore we're 4128 02:42:28,140 --> 02:42:30,300 going to set the code parameter which 4129 02:42:30,300 --> 02:42:32,100 remember is the second parameter to our 4130 02:42:32,100 --> 02:42:35,960 function to be equal to one 4131 02:42:36,060 --> 02:42:38,160 and in the last case which is going to 4132 02:42:38,160 --> 02:42:40,560 be another accept statement we're going 4133 02:42:40,560 --> 02:42:42,240 to set right here 4134 02:42:42,240 --> 02:42:43,800 accept 4135 02:42:43,800 --> 02:42:46,439 socket error 4136 02:42:46,439 --> 02:42:48,720 as e 4137 02:42:48,720 --> 02:42:50,939 we're going to set the code to be equal 4138 02:42:50,939 --> 02:42:52,620 to 2. 4139 02:42:52,620 --> 02:42:54,660 and before I explain this try and except 4140 02:42:54,660 --> 02:42:56,160 once again let me just type here as 4141 02:42:56,160 --> 02:42:59,340 sage.close once we finish everything and 4142 02:42:59,340 --> 02:43:01,800 we want to return the code from this 4143 02:43:01,800 --> 02:43:03,060 function 4144 02:43:03,060 --> 02:43:05,160 so let's go through it once again we 4145 02:43:05,160 --> 02:43:07,800 declare the sh client we add the auto 4146 02:43:07,800 --> 02:43:10,080 add policy these are two standard lines 4147 02:43:10,080 --> 02:43:12,240 before we try to connect then we try to 4148 02:43:12,240 --> 02:43:14,280 connect to the Target if we manage to 4149 02:43:14,280 --> 02:43:16,319 connect with the password then the 4150 02:43:16,319 --> 02:43:17,939 second parameter which is called will 4151 02:43:17,939 --> 02:43:20,819 remain zero if we specify wrong password 4152 02:43:20,819 --> 02:43:23,580 the code will be changed to 1 and if 4153 02:43:23,580 --> 02:43:25,140 there is any error during the connection 4154 02:43:25,140 --> 02:43:27,240 for example we cannot connect to the 4155 02:43:27,240 --> 02:43:29,520 Target because it is offline then the 4156 02:43:29,520 --> 02:43:33,479 code will be 2. therefore once we return 4157 02:43:33,479 --> 02:43:36,060 the code and we check it then we will 4158 02:43:36,060 --> 02:43:38,399 know which password is correct and which 4159 02:43:38,399 --> 02:43:40,859 password isn't correct all right so 4160 02:43:40,859 --> 02:43:42,600 we're going to finish that in the next 4161 02:43:42,600 --> 02:43:45,120 tutorial for now on we got our function 4162 02:43:45,120 --> 02:43:47,520 ready and before I finish off this 4163 02:43:47,520 --> 02:43:50,280 lecture I will just add right here that 4164 02:43:50,280 --> 02:43:53,280 the response is going to be equal to sh 4165 02:43:53,280 --> 02:43:55,439 connect with the password 4166 02:43:55,439 --> 02:43:57,720 the reason for that is since we are 4167 02:43:57,720 --> 02:43:59,939 returning the code from our function we 4168 02:43:59,939 --> 02:44:01,680 want to store the result inside of a 4169 02:44:01,680 --> 02:44:03,600 response variable therefore this 4170 02:44:03,600 --> 02:44:05,880 response variable will contain the value 4171 02:44:05,880 --> 02:44:10,319 of the code whether it is 0 1 or 2 all 4172 02:44:10,319 --> 02:44:12,180 right so simple as that and let's 4173 02:44:12,180 --> 02:44:14,220 continue in the next tutorial hope I see 4174 02:44:14,220 --> 02:44:16,740 you there and take care bye 4175 02:44:16,740 --> 02:44:19,319 welcome back let's wrap up our program 4176 02:44:19,319 --> 02:44:21,479 and run it for a test 4177 02:44:21,479 --> 02:44:23,460 so there are a few things that we 4178 02:44:23,460 --> 02:44:25,020 actually need to finish before we do 4179 02:44:25,020 --> 02:44:27,600 that for now on we got the main part of 4180 02:44:27,600 --> 02:44:28,979 the program ready which is the connect 4181 02:44:28,979 --> 02:44:31,319 function we used up all of these four 4182 02:44:31,319 --> 02:44:33,660 libraries and we are just now going to 4183 02:44:33,660 --> 02:44:36,359 use the term color Library as well and 4184 02:44:36,359 --> 02:44:38,880 we also managed to open the file read 4185 02:44:38,880 --> 02:44:41,220 the password from the file and now we 4186 02:44:41,220 --> 02:44:43,439 need to compare the actual code that we 4187 02:44:43,439 --> 02:44:46,140 return from the response 4188 02:44:46,140 --> 02:44:48,540 and see whether that password is correct 4189 02:44:48,540 --> 02:44:52,140 or not all right so the last line is US 4190 02:44:52,140 --> 02:44:54,479 returning the code and storing it in the 4191 02:44:54,479 --> 02:44:56,700 response variable so let's think about 4192 02:44:56,700 --> 02:44:59,700 what we need to do after it well we need 4193 02:44:59,700 --> 02:45:02,580 to compare the actual response with 0 1 4194 02:45:02,580 --> 02:45:05,040 and 2 simple as that 4195 02:45:05,040 --> 02:45:07,380 so in the try statement we are first of 4196 02:45:07,380 --> 02:45:10,560 all going to compare if response equals 4197 02:45:10,560 --> 02:45:13,740 equals to zero that means let's check it 4198 02:45:13,740 --> 02:45:17,460 out first but zero means well since 0 is 4199 02:45:17,460 --> 02:45:19,680 a parameter that is already set by 4200 02:45:19,680 --> 02:45:22,260 default or the code is parameter that is 4201 02:45:22,260 --> 02:45:23,880 already set by default to be equal to 4202 02:45:23,880 --> 02:45:26,520 zero and we do not change it if we 4203 02:45:26,520 --> 02:45:28,680 manage to connect that means that 0 4204 02:45:28,680 --> 02:45:31,680 equals successful connection so we're 4205 02:45:31,680 --> 02:45:35,180 going to print found password 4206 02:45:37,439 --> 02:45:41,100 let's print it like this so inside we 4207 02:45:41,100 --> 02:45:42,840 are going to add the plus sign 4208 02:45:42,840 --> 02:45:44,040 found 4209 02:45:44,040 --> 02:45:46,560 password 4210 02:45:46,560 --> 02:45:49,020 two dots and then let's add the password 4211 02:45:49,020 --> 02:45:51,720 as a string 4212 02:45:51,720 --> 02:45:54,840 and let's also add for which account we 4213 02:45:54,840 --> 02:45:56,340 managed to find the password so for 4214 02:45:56,340 --> 02:45:58,700 account 4215 02:45:58,800 --> 02:46:01,319 and then let's also add Plus 4216 02:46:01,319 --> 02:46:03,660 username all right 4217 02:46:03,660 --> 02:46:06,120 and let me just move this a little bit 4218 02:46:06,120 --> 02:46:08,520 to the side so everything can fit inside 4219 02:46:08,520 --> 02:46:11,580 of our screen and now there is the part 4220 02:46:11,580 --> 02:46:13,920 where we can use term card library and 4221 02:46:13,920 --> 02:46:15,899 what term color Library allows us to do 4222 02:46:15,899 --> 02:46:18,180 is to print the statements in different 4223 02:46:18,180 --> 02:46:19,319 colors 4224 02:46:19,319 --> 02:46:21,420 that's what I meant when I mentioned 4225 02:46:21,420 --> 02:46:22,859 that it is not needed inside of this 4226 02:46:22,859 --> 02:46:24,479 program but it will make it look a 4227 02:46:24,479 --> 02:46:26,700 little bit prettier so inside of the 4228 02:46:26,700 --> 02:46:28,439 print statement we're going to Define 4229 02:46:28,439 --> 02:46:30,180 term color 4230 02:46:30,180 --> 02:46:32,939 and then dot colored which is the actual 4231 02:46:32,939 --> 02:46:34,620 function that we need to use 4232 02:46:34,620 --> 02:46:38,460 open up two brackets right here 4233 02:46:38,460 --> 02:46:40,680 and in the first bracket we're going to 4234 02:46:40,680 --> 02:46:43,200 type the actual print statement which is 4235 02:46:43,200 --> 02:46:44,700 this thing 4236 02:46:44,700 --> 02:46:47,040 let us go to the site 4237 02:46:47,040 --> 02:46:49,800 so here we close the first bracket then 4238 02:46:49,800 --> 02:46:52,319 we need to add the comma and in between 4239 02:46:52,319 --> 02:46:54,300 the single quotes here we specify in 4240 02:46:54,300 --> 02:46:56,460 which color we want to print let's say 4241 02:46:56,460 --> 02:46:58,800 we want to print in green color 4242 02:46:58,800 --> 02:47:00,960 as we successfully managed to connect so 4243 02:47:00,960 --> 02:47:02,880 it will be green and then we need to 4244 02:47:02,880 --> 02:47:04,859 close the first bracket which is going 4245 02:47:04,859 --> 02:47:06,540 to be the bracket to the term color 4246 02:47:06,540 --> 02:47:08,819 function and now the second bracket 4247 02:47:08,819 --> 02:47:10,500 which is going to be the bracket to the 4248 02:47:10,500 --> 02:47:12,120 print statement 4249 02:47:12,120 --> 02:47:14,220 so let's check if we have the right 4250 02:47:14,220 --> 02:47:16,920 amount of brackets one bracket two 4251 02:47:16,920 --> 02:47:19,620 bracket three brackets and three close 4252 02:47:19,620 --> 02:47:21,660 brackets all right so everything seems 4253 02:47:21,660 --> 02:47:22,800 to be good 4254 02:47:22,800 --> 02:47:26,160 now let's go down here if we manage to 4255 02:47:26,160 --> 02:47:28,260 find the password let me just move this 4256 02:47:28,260 --> 02:47:31,399 so we can see entire code 4257 02:47:35,880 --> 02:47:38,160 if we manage to find the password 4258 02:47:38,160 --> 02:47:40,680 then we can break out of this program 4259 02:47:40,680 --> 02:47:42,899 since we don't really need to test 4260 02:47:42,899 --> 02:47:45,720 anymore we managed to find it in case we 4261 02:47:45,720 --> 02:47:46,800 don't manage 4262 02:47:46,800 --> 02:47:49,680 which will be the else if statement or 4263 02:47:49,680 --> 02:47:54,060 else if response equals equals to one 4264 02:47:54,060 --> 02:47:57,720 then we will simply just print incorrect 4265 02:47:57,720 --> 02:48:00,780 login and we're going to add the 4266 02:48:00,780 --> 02:48:03,240 password so we can see which password is 4267 02:48:03,240 --> 02:48:06,660 incorrect and the last case which is if 4268 02:48:06,660 --> 02:48:08,100 the response 4269 02:48:08,100 --> 02:48:10,200 is equal to 2 4270 02:48:10,200 --> 02:48:14,340 then we're going to print simply just 4271 02:48:14,340 --> 02:48:17,100 let's print it like this 4272 02:48:17,100 --> 02:48:20,880 and let's print can't connect 4273 02:48:20,880 --> 02:48:22,859 as an error so we didn't manage to 4274 02:48:22,859 --> 02:48:24,899 connect possibly the target is offline 4275 02:48:24,899 --> 02:48:27,540 and after it we want to see us exit the 4276 02:48:27,540 --> 02:48:29,520 program since we didn't manage to 4277 02:48:29,520 --> 02:48:31,020 connect there is nothing really more to 4278 02:48:31,020 --> 02:48:34,260 test right here and after it as the 4279 02:48:34,260 --> 02:48:36,540 accept statement we want to print any 4280 02:48:36,540 --> 02:48:38,880 other exception in case there is some 4281 02:48:38,880 --> 02:48:40,500 exception that we didn't cover such as 4282 02:48:40,500 --> 02:48:43,080 connection wrong password or didn't 4283 02:48:43,080 --> 02:48:45,000 manage to connect we want to print it 4284 02:48:45,000 --> 02:48:47,819 right here so accept exception 4285 02:48:47,819 --> 02:48:49,859 as e 4286 02:48:49,859 --> 02:48:53,220 we want to print that exception so print 4287 02:48:53,220 --> 02:48:57,060 e and then we can pass 4288 02:48:57,060 --> 02:48:59,399 since this actual exception can occur 4289 02:48:59,399 --> 02:49:01,740 only in one password therefore we don't 4290 02:49:01,740 --> 02:49:03,180 really want to break out of the program 4291 02:49:03,180 --> 02:49:05,760 we want to print that exception and 4292 02:49:05,760 --> 02:49:08,580 possibly go on to the next password okay 4293 02:49:08,580 --> 02:49:10,800 so this is the entire program 4294 02:49:10,800 --> 02:49:12,840 let's see if there is anything that we 4295 02:49:12,840 --> 02:49:15,359 didn't code let's delete this empty 4296 02:49:15,359 --> 02:49:17,880 space right here we used up all the 4297 02:49:17,880 --> 02:49:20,399 libraries that's been imported this is 4298 02:49:20,399 --> 02:49:22,080 the part of the program well we'll check 4299 02:49:22,080 --> 02:49:25,260 for the password and this is the actual 4300 02:49:25,260 --> 02:49:27,120 connection part of the program alright 4301 02:49:27,120 --> 02:49:29,399 so let's test it up we're going to open 4302 02:49:29,399 --> 02:49:31,140 up our terminal 4303 02:49:31,140 --> 02:49:33,300 enlarge everything so we can see it 4304 02:49:33,300 --> 02:49:34,979 better 4305 02:49:34,979 --> 02:49:37,020 and before we actually test it you might 4306 02:49:37,020 --> 02:49:39,060 notice that we're missing one thing and 4307 02:49:39,060 --> 02:49:41,580 that thing is going to be the passwords 4308 02:49:41,580 --> 02:49:44,640 list now once again for this for the 4309 02:49:44,640 --> 02:49:46,200 purposes of this tutorial I'm going to 4310 02:49:46,200 --> 02:49:48,120 create a small password list with around 4311 02:49:48,120 --> 02:49:50,640 10 passwords but if you were to perform 4312 02:49:50,640 --> 02:49:52,859 a real life attack you would actually 4313 02:49:52,859 --> 02:49:55,080 use a lot bigger password with possibly 4314 02:49:55,080 --> 02:49:57,000 tens of thousands or hundreds of 4315 02:49:57,000 --> 02:49:59,760 thousand passwords and see which one is 4316 02:49:59,760 --> 02:50:02,160 correct if you manage to find it 4317 02:50:02,160 --> 02:50:04,140 now of course in the bonus videos I will 4318 02:50:04,140 --> 02:50:05,520 leave a video where I will show you 4319 02:50:05,520 --> 02:50:07,319 where you can actually download some of 4320 02:50:07,319 --> 02:50:08,819 the bigger password lists that are used 4321 02:50:08,819 --> 02:50:10,859 for real life attacks but right now 4322 02:50:10,859 --> 02:50:12,479 we're going to test it on a small 4323 02:50:12,479 --> 02:50:14,520 password list that we're going to create 4324 02:50:14,520 --> 02:50:18,560 so let's go right here right click 4325 02:50:20,220 --> 02:50:23,580 right click right here new and we want 4326 02:50:23,580 --> 02:50:26,040 well we don't want that we want to go 4327 02:50:26,040 --> 02:50:29,520 once again a new new file just a regular 4328 02:50:29,520 --> 02:50:33,420 file and let's call it passwords.txt 4329 02:50:33,420 --> 02:50:35,640 and let's add some random passwords such 4330 02:50:35,640 --> 02:50:38,899 as for example hello world 4331 02:50:39,300 --> 02:50:40,859 one two three 4332 02:50:40,859 --> 02:50:44,220 five four three two one password one two 4333 02:50:44,220 --> 02:50:45,960 three 4334 02:50:45,960 --> 02:50:50,060 let's type in another password 4335 02:50:50,520 --> 02:50:54,359 test four three two one let's add a real 4336 02:50:54,359 --> 02:50:56,160 password right now so we can see whether 4337 02:50:56,160 --> 02:50:58,920 it works which is msf admin and let's 4338 02:50:58,920 --> 02:51:01,920 add two more passwords so so root and 4339 02:51:01,920 --> 02:51:05,160 root one two three why not so we have 4340 02:51:05,160 --> 02:51:06,240 around 4341 02:51:06,240 --> 02:51:08,340 nine passwords so let's add one more so 4342 02:51:08,340 --> 02:51:10,380 we can Circle it to ten one two three 4343 02:51:10,380 --> 02:51:13,620 four five six seven eight nine and this 4344 02:51:13,620 --> 02:51:15,899 is our password list all right so let's 4345 02:51:15,899 --> 02:51:17,340 test our program 4346 02:51:17,340 --> 02:51:19,740 we have our terminal open 4347 02:51:19,740 --> 02:51:22,620 we zoomed everything in now let's go to 4348 02:51:22,620 --> 02:51:25,800 the pie charm let's go to the 4349 02:51:25,800 --> 02:51:29,939 sh brute force and right here we want to 4350 02:51:29,939 --> 02:51:33,600 run the sh blue.py so Python 3 SSH root 4351 02:51:33,600 --> 02:51:35,100 Dot py 4352 02:51:35,100 --> 02:51:37,859 we have somewhere invalid syntax so 4353 02:51:37,859 --> 02:51:39,920 let's see where that is file.redlines 4354 02:51:39,920 --> 02:51:42,660 this is somewhere down here 4355 02:51:42,660 --> 02:51:45,479 four line in file.readlines and at the 4356 02:51:45,479 --> 02:51:47,160 end of the fourth statement we need to 4357 02:51:47,160 --> 02:51:50,040 specify two dots therefore this didn't 4358 02:51:50,040 --> 02:51:53,780 work let's test it once again 4359 02:51:54,240 --> 02:51:57,080 Target address we specify 4360 02:51:57,080 --> 02:51:59,939 192.168.1.3 and once again in order to 4361 02:51:59,939 --> 02:52:01,680 check out the IP address of your target 4362 02:52:01,680 --> 02:52:03,359 machine 4363 02:52:03,359 --> 02:52:06,660 you simply just type ifconfig inside of 4364 02:52:06,660 --> 02:52:08,399 your met exploitable and you will get 4365 02:52:08,399 --> 02:52:12,319 the inet address right here which is 4366 02:52:12,319 --> 02:52:15,000 192.168.1.3 in my case in your case it 4367 02:52:15,000 --> 02:52:16,620 will most likely be something different 4368 02:52:16,620 --> 02:52:18,960 so don't specify the same thing right 4369 02:52:18,960 --> 02:52:21,359 here okay so now that specify this press 4370 02:52:21,359 --> 02:52:23,819 enter the SSH username for the Met 4371 02:52:23,819 --> 02:52:27,180 splitable is msf admin now you can 4372 02:52:27,180 --> 02:52:29,040 perform this attack if you want to 4373 02:52:29,040 --> 02:52:31,560 practice after this on a root account on 4374 02:52:31,560 --> 02:52:33,840 metasploitable with a big password list 4375 02:52:33,840 --> 02:52:35,880 that you can download online and see 4376 02:52:35,880 --> 02:52:37,979 whether you can crack the root as Sage 4377 02:52:37,979 --> 02:52:40,439 account on the met exploitable so asset 4378 02:52:40,439 --> 02:52:42,899 username msf admin and passwords file 4379 02:52:42,899 --> 02:52:45,140 will be 4380 02:52:45,140 --> 02:52:48,180 passwords.txt press here enter 4381 02:52:48,180 --> 02:52:50,939 and let's see whether this will work as 4382 02:52:50,939 --> 02:52:53,939 you can see first password is incorrect 4383 02:52:53,939 --> 02:52:56,220 second password incorrect third and 4384 02:52:56,220 --> 02:52:58,800 fourth are also Incorrect and let's see 4385 02:52:58,800 --> 02:53:00,420 what happens once we get to the msf 4386 02:53:00,420 --> 02:53:02,520 admin 4387 02:53:02,520 --> 02:53:05,520 and here it is found password msf admin 4388 02:53:05,520 --> 02:53:07,740 for account msf admin 4389 02:53:07,740 --> 02:53:09,479 then it exited out of the program 4390 02:53:09,479 --> 02:53:11,520 because there is no point in testing out 4391 02:53:11,520 --> 02:53:13,080 other passwords 4392 02:53:13,080 --> 02:53:15,180 so all we need to do in order to fix 4393 02:53:15,180 --> 02:53:16,620 this 4394 02:53:16,620 --> 02:53:18,479 so it can look a little bit prettier is 4395 02:53:18,479 --> 02:53:20,220 we want to 4396 02:53:20,220 --> 02:53:24,300 print right here right after the 4397 02:53:24,300 --> 02:53:26,399 input file we want to print the new line 4398 02:53:26,399 --> 02:53:28,620 character so we can differentiate the 4399 02:53:28,620 --> 02:53:31,140 input parameters that we specify from 4400 02:53:31,140 --> 02:53:33,540 the actual passwords that it tests so 4401 02:53:33,540 --> 02:53:36,060 print backslash n 4402 02:53:36,060 --> 02:53:38,520 and let's run it once again right here 4403 02:53:38,520 --> 02:53:40,880 clear 4404 02:53:40,920 --> 02:53:43,920 182.168.1.3 4405 02:53:43,979 --> 02:53:48,540 msf admin and passwords.txt 4406 02:53:48,540 --> 02:53:51,479 here it is new line character is there 4407 02:53:51,479 --> 02:53:53,460 and it will perform the exact same task 4408 02:53:53,460 --> 02:53:56,040 as it did previously now you might 4409 02:53:56,040 --> 02:53:57,720 notice that this is going a little bit 4410 02:53:57,720 --> 02:54:00,120 slow and that is something that we will 4411 02:54:00,120 --> 02:54:02,580 fix in the next video as we're going to 4412 02:54:02,580 --> 02:54:04,740 see how we can import threading library 4413 02:54:04,740 --> 02:54:07,500 inside of this program to make it Brute 4414 02:54:07,500 --> 02:54:09,779 Force the passwords faster because in 4415 02:54:09,779 --> 02:54:12,000 real life attacks if you for example had 4416 02:54:12,000 --> 02:54:15,060 100 000 passwords this would take a long 4417 02:54:15,060 --> 02:54:17,939 time to actually brute force and you 4418 02:54:17,939 --> 02:54:19,680 don't really want to sit for a week 4419 02:54:19,680 --> 02:54:22,080 waiting for a hundred thousand passwords 4420 02:54:22,080 --> 02:54:24,300 to finish you want to finish it as fast 4421 02:54:24,300 --> 02:54:26,160 as possible so we're going to take a 4422 02:54:26,160 --> 02:54:28,319 look at that in the next tutorial I hope 4423 02:54:28,319 --> 02:54:29,880 you enjoyed this one 4424 02:54:29,880 --> 02:54:32,399 and I will see you in the threading part 4425 02:54:32,399 --> 02:54:35,160 of this section take care bye welcome 4426 02:54:35,160 --> 02:54:36,840 everyone to this lecture where we are 4427 02:54:36,840 --> 02:54:39,180 going to take a look at the code of how 4428 02:54:39,180 --> 02:54:42,060 we can make our SSH brute forcer work 4429 02:54:42,060 --> 02:54:45,359 faster by using thread Library 4430 02:54:45,359 --> 02:54:47,819 all right so here is the code and the 4431 02:54:47,819 --> 02:54:49,380 reason why we are not going to code it 4432 02:54:49,380 --> 02:54:51,779 ourselves is because it is rather 4433 02:54:51,779 --> 02:54:53,819 similar to the first program that we 4434 02:54:53,819 --> 02:54:56,700 coded in the previous few videos there 4435 02:54:56,700 --> 02:54:59,580 are just some minor changes as well as 4436 02:54:59,580 --> 02:55:01,560 adding some libraries that we're going 4437 02:55:01,560 --> 02:55:03,720 to need so let's start off from the 4438 02:55:03,720 --> 02:55:05,880 beginning well first of all there are 4439 02:55:05,880 --> 02:55:07,680 two different libraries that we had to 4440 02:55:07,680 --> 02:55:11,279 import next to these four those two are 4441 02:55:11,279 --> 02:55:14,460 time library and threading Library both 4442 02:55:14,460 --> 02:55:16,140 of these libraries belong to the default 4443 02:55:16,140 --> 02:55:18,840 python libraries so there is no need for 4444 02:55:18,840 --> 02:55:20,760 you to actually install them in your 4445 02:55:20,760 --> 02:55:22,859 virtual environment as they are already 4446 02:55:22,859 --> 02:55:23,939 there 4447 02:55:23,939 --> 02:55:25,800 right after it at the beginning of the 4448 02:55:25,800 --> 02:55:28,500 program we declare a stop flag variable 4449 02:55:28,500 --> 02:55:30,540 and this variable is going to be of use 4450 02:55:30,540 --> 02:55:32,520 to us once we get to the actual 4451 02:55:32,520 --> 02:55:35,340 threading part so for now on WE simply 4452 02:55:35,340 --> 02:55:37,080 just declare a variable and it will be 4453 02:55:37,080 --> 02:55:40,140 an integer value of zero in our sh 4454 02:55:40,140 --> 02:55:42,779 connect function we make a few minor 4455 02:55:42,779 --> 02:55:45,060 changes such as for example we declared 4456 02:55:45,060 --> 02:55:46,800 that we are going to use the global stop 4457 02:55:46,800 --> 02:55:49,500 flag variable inside of this function 4458 02:55:49,500 --> 02:55:51,660 then we perform the same two things that 4459 02:55:51,660 --> 02:55:54,359 we performed in the regular brute forcer 4460 02:55:54,359 --> 02:55:57,359 after it we try to connect and if we 4461 02:55:57,359 --> 02:55:59,460 manage to connect then we set the stop 4462 02:55:59,460 --> 02:56:01,979 flag to be equal to 1. 4463 02:56:01,979 --> 02:56:04,020 then after it we print that the password 4464 02:56:04,020 --> 02:56:06,240 was found and in any other case we'll 4465 02:56:06,240 --> 02:56:08,880 print incorrect login and we will close 4466 02:56:08,880 --> 02:56:11,700 the sh connection now let's get to the 4467 02:56:11,700 --> 02:56:13,500 part where we actually set the stop flag 4468 02:56:13,500 --> 02:56:15,660 variable to be equal to one why do we do 4469 02:56:15,660 --> 02:56:19,560 that well if we go all the way down 4470 02:56:19,560 --> 02:56:21,479 all these things are the same as in the 4471 02:56:21,479 --> 02:56:23,700 previous program right here I just added 4472 02:56:23,700 --> 02:56:25,439 a print statement that says starting 4473 02:56:25,439 --> 02:56:27,840 threaded sh Brute Force 4474 02:56:27,840 --> 02:56:29,880 and Below there we open the file for 4475 02:56:29,880 --> 02:56:31,859 passwords and if we go to the 4476 02:56:31,859 --> 02:56:34,020 passwords.txt file you will notice that 4477 02:56:34,020 --> 02:56:36,000 I added a few more passwords right here 4478 02:56:36,000 --> 02:56:38,040 around 150. 4479 02:56:38,040 --> 02:56:40,260 so we can see how fast it will Brute 4480 02:56:40,260 --> 02:56:42,840 Force the correct password is somewhere 4481 02:56:42,840 --> 02:56:45,240 around here and let's continue with the 4482 02:56:45,240 --> 02:56:48,300 program so we go into the for Loop and 4483 02:56:48,300 --> 02:56:50,700 we read password by password or line by 4484 02:56:50,700 --> 02:56:53,340 line and if stop flag is equal to zero 4485 02:56:53,340 --> 02:56:55,800 then we will join all threads and exit 4486 02:56:55,800 --> 02:56:57,300 the program 4487 02:56:57,300 --> 02:56:59,399 and the threads that we create are 4488 02:56:59,399 --> 02:57:02,399 actually down here okay so let's 4489 02:57:02,399 --> 02:57:04,620 not pay attention to this part of the 4490 02:57:04,620 --> 02:57:06,979 code at the moment so for each password 4491 02:57:06,979 --> 02:57:09,840 we perform the strip function onto that 4492 02:57:09,840 --> 02:57:11,760 password so we can get rid of all the 4493 02:57:11,760 --> 02:57:14,700 unnecessary characters then we create a 4494 02:57:14,700 --> 02:57:16,560 thread object which is going to be 4495 02:57:16,560 --> 02:57:20,100 called T we perform the actual thread 4496 02:57:20,100 --> 02:57:22,380 object and the thread function onto the 4497 02:57:22,380 --> 02:57:24,420 SSH connect function and that is the 4498 02:57:24,420 --> 02:57:26,520 first parameter to this thread function 4499 02:57:26,520 --> 02:57:29,160 so the target is the actual function 4500 02:57:29,160 --> 02:57:30,960 that you're going to perform the thread 4501 02:57:30,960 --> 02:57:33,660 on and the args are the arguments to 4502 02:57:33,660 --> 02:57:35,939 that function so in our case that is 4503 02:57:35,939 --> 02:57:37,800 just one argument which is the password 4504 02:57:37,800 --> 02:57:40,979 parameter and this comma right here has 4505 02:57:40,979 --> 02:57:42,899 to be there even though we don't have a 4506 02:57:42,899 --> 02:57:45,120 second parameter otherwise this will not 4507 02:57:45,120 --> 02:57:47,279 work so we have to add it right here 4508 02:57:47,279 --> 02:57:49,500 right after we create the thread object 4509 02:57:49,500 --> 02:57:51,600 and we call it onto the target of SSH 4510 02:57:51,600 --> 02:57:53,220 connect with the arguments of password 4511 02:57:53,220 --> 02:57:56,399 then we can start that thread and we can 4512 02:57:56,399 --> 02:57:59,580 sleep for 0.5 seconds after every time 4513 02:57:59,580 --> 02:58:01,979 we start a thread all right 4514 02:58:01,979 --> 02:58:03,899 so what this will do is it will start to 4515 02:58:03,899 --> 02:58:05,939 thread each time a new password is being 4516 02:58:05,939 --> 02:58:08,520 read from the file and each password 4517 02:58:08,520 --> 02:58:11,580 will have its own thread and in case the 4518 02:58:11,580 --> 02:58:14,279 stop flag gets switched to 1 well that 4519 02:58:14,279 --> 02:58:15,899 means that some of those threads 4520 02:58:15,899 --> 02:58:17,399 actually manage to find the correct 4521 02:58:17,399 --> 02:58:19,560 password as they manage to connect to 4522 02:58:19,560 --> 02:58:21,960 the Target therefore we set the flag to 4523 02:58:21,960 --> 02:58:24,300 be equal to 1 and once the flag is set 4524 02:58:24,300 --> 02:58:26,460 to 1 that means that we can close the 4525 02:58:26,460 --> 02:58:28,439 program since we found the correct 4526 02:58:28,439 --> 02:58:30,720 password therefore we perform the T dot 4527 02:58:30,720 --> 02:58:32,460 join function which will join all the 4528 02:58:32,460 --> 02:58:34,680 threads that running and then we can 4529 02:58:34,680 --> 02:58:36,479 exit the program 4530 02:58:36,479 --> 02:58:39,300 and that is the entire program that runs 4531 02:58:39,300 --> 02:58:41,939 on threads so let's see whether it is 4532 02:58:41,939 --> 02:58:43,920 faster than the previous one 4533 02:58:43,920 --> 02:58:49,580 first I'm going to go and enlarge this 4534 02:58:50,160 --> 02:58:52,680 then I will navigate to the pycharm and 4535 02:58:52,680 --> 02:58:54,899 then as Sage brute force and first we 4536 02:58:54,899 --> 02:58:56,819 will run the previous program 4537 02:58:56,819 --> 02:58:59,220 so the previous program had no threading 4538 02:58:59,220 --> 02:59:01,439 library and let's see how that one will 4539 02:59:01,439 --> 02:59:04,939 do so the target address is 4540 02:59:04,939 --> 02:59:08,100 192.168.1.3 in my case the SSH username 4541 02:59:08,100 --> 02:59:11,460 is msf admin and the passwords file is 4542 02:59:11,460 --> 02:59:12,660 password 4543 02:59:12,660 --> 02:59:18,080 or passwords.txt press here enter 4544 02:59:18,540 --> 02:59:21,420 it will start running we can see we got 4545 02:59:21,420 --> 02:59:24,840 some incorrect logins 4546 02:59:24,840 --> 02:59:26,939 and you can see each password takes 4547 02:59:26,939 --> 02:59:30,240 around one second to finish therefore 4548 02:59:30,240 --> 02:59:33,120 this is going rather slow so let's just 4549 02:59:33,120 --> 02:59:35,340 Ctrl CD so we don't wait for the correct 4550 02:59:35,340 --> 02:59:37,260 password 4551 02:59:37,260 --> 02:59:40,560 and if we run the second program which 4552 02:59:40,560 --> 02:59:43,920 is our threaded brute forcer 4553 02:59:43,920 --> 02:59:47,720 and type in the same information 4554 02:59:50,760 --> 02:59:53,460 it will start our threaded brute forcer 4555 02:59:53,460 --> 02:59:56,100 and you will see that the passwords go a 4556 02:59:56,100 --> 02:59:58,439 lot faster than before 4557 02:59:58,439 --> 03:00:00,300 as you can see we already managed to 4558 03:00:00,300 --> 03:00:03,300 cover more than 20 passwords and here it 4559 03:00:03,300 --> 03:00:06,060 is here is the correct password and few 4560 03:00:06,060 --> 03:00:08,760 seconds after that it closes the program 4561 03:00:08,760 --> 03:00:11,340 now the reason why it goes for few more 4562 03:00:11,340 --> 03:00:13,080 passwords after finding the correct 4563 03:00:13,080 --> 03:00:14,880 password is because all of these 4564 03:00:14,880 --> 03:00:17,700 passwords were separate threads that for 4565 03:00:17,700 --> 03:00:20,100 ran before this one has finished 4566 03:00:20,100 --> 03:00:22,260 therefore it had to finish these ones 4567 03:00:22,260 --> 03:00:24,720 first and then exit program 4568 03:00:24,720 --> 03:00:26,700 and you can see how many passwords we 4569 03:00:26,700 --> 03:00:29,399 managed to actually cover in just a 4570 03:00:29,399 --> 03:00:31,560 matter of a second or two and it also 4571 03:00:31,560 --> 03:00:34,560 managed to find the correct password 4572 03:00:34,560 --> 03:00:36,600 now the reason why incorrect passwords 4573 03:00:36,600 --> 03:00:38,640 are printed in Red is because I also 4574 03:00:38,640 --> 03:00:40,439 added a print statement 4575 03:00:40,439 --> 03:00:43,920 somewhere around here which says that we 4576 03:00:43,920 --> 03:00:46,260 print the incorrect password in red 4577 03:00:46,260 --> 03:00:48,600 color by using term color.colored 4578 03:00:48,600 --> 03:00:50,819 function which we already covered before 4579 03:00:50,819 --> 03:00:54,060 that's basically it for this sh brute 4580 03:00:54,060 --> 03:00:56,220 forcer I hope you enjoyed this section 4581 03:00:56,220 --> 03:00:58,920 as well as the previous two and this was 4582 03:00:58,920 --> 03:01:01,560 also some type of a recap video to this 4583 03:01:01,560 --> 03:01:03,120 Brute Force so therefore we are not 4584 03:01:03,120 --> 03:01:05,160 going to do a recap video as a next 4585 03:01:05,160 --> 03:01:06,899 lecture we are going to go straight into 4586 03:01:06,899 --> 03:01:09,300 the next project so hope you enjoyed 4587 03:01:09,300 --> 03:01:11,220 this one once again and I will see you 4588 03:01:11,220 --> 03:01:14,460 in the next tutorial bye 4589 03:01:14,460 --> 03:01:17,160 hello everyone and Welcome to our next 4590 03:01:17,160 --> 03:01:18,960 project which is going to be a project 4591 03:01:18,960 --> 03:01:21,899 on our spoofing now this is going to be 4592 03:01:21,899 --> 03:01:24,000 a little bit of harder project than the 4593 03:01:24,000 --> 03:01:26,100 previous View that we did since we're 4594 03:01:26,100 --> 03:01:27,779 going to interact with different packets 4595 03:01:27,779 --> 03:01:30,120 and different internet protocols inside 4596 03:01:30,120 --> 03:01:32,460 of this section we're also going to 4597 03:01:32,460 --> 03:01:34,680 introduce a new library which is a 4598 03:01:34,680 --> 03:01:36,600 massive Library called scapi which 4599 03:01:36,600 --> 03:01:38,580 allows us to modify send and receive 4600 03:01:38,580 --> 03:01:41,540 different packets and responses alright 4601 03:01:41,540 --> 03:01:44,040 now for those of you that are not 4602 03:01:44,040 --> 03:01:46,140 familiar with networking with Arps 4603 03:01:46,140 --> 03:01:48,720 poofing or with our packets in general I 4604 03:01:48,720 --> 03:01:50,160 will make sure to leave some of the 4605 03:01:50,160 --> 03:01:52,560 resources links so you can read more 4606 03:01:52,560 --> 03:01:54,359 about the Arps spoofing and understand 4607 03:01:54,359 --> 03:01:56,399 it a whole lot better 4608 03:01:56,399 --> 03:01:58,260 in this project we're going to create 4609 03:01:58,260 --> 03:02:01,020 two programs first one is going to be 4610 03:02:01,020 --> 03:02:03,540 the Manual Arts proofing so we're going 4611 03:02:03,540 --> 03:02:05,700 to go through the entire process of Arps 4612 03:02:05,700 --> 03:02:07,979 moving line by line we're going to see 4613 03:02:07,979 --> 03:02:10,680 the responses how it happens what we 4614 03:02:10,680 --> 03:02:12,060 need to specify in order for our 4615 03:02:12,060 --> 03:02:14,460 spoofing to happen and then we are going 4616 03:02:14,460 --> 03:02:16,140 to create a second program which is 4617 03:02:16,140 --> 03:02:18,420 going to automate that entire process 4618 03:02:18,420 --> 03:02:20,700 the reason why we are first performing 4619 03:02:20,700 --> 03:02:22,800 the manual a lot of spoofing is so we 4620 03:02:22,800 --> 03:02:24,660 can understand everything a little bit 4621 03:02:24,660 --> 03:02:26,939 better all right 4622 03:02:26,939 --> 03:02:29,640 now let's explain our spoofing briefly 4623 03:02:29,640 --> 03:02:31,439 well let's imagine we have three 4624 03:02:31,439 --> 03:02:33,540 machines on the network the first one is 4625 03:02:33,540 --> 03:02:35,399 router which is routing the connections 4626 03:02:35,399 --> 03:02:38,819 the second two are two different laptops 4627 03:02:38,819 --> 03:02:41,100 one of them is the target laptop and one 4628 03:02:41,100 --> 03:02:43,080 of them is the attacker laptop 4629 03:02:43,080 --> 03:02:45,779 now the attacker machine sends the ARP 4630 03:02:45,779 --> 03:02:47,880 packets which tell the router and tell 4631 03:02:47,880 --> 03:02:50,220 the machine that their connection should 4632 03:02:50,220 --> 03:02:53,160 go over the attacker's machine 4633 03:02:53,160 --> 03:02:55,740 how do they do that well simply the 4634 03:02:55,740 --> 03:02:57,779 attacker sends the router a packet which 4635 03:02:57,779 --> 03:02:59,640 tells the router hey I am the target 4636 03:02:59,640 --> 03:03:01,859 machine you can send the packets to me 4637 03:03:01,859 --> 03:03:04,200 instead of the real Target machine 4638 03:03:04,200 --> 03:03:06,060 then what we do with those packets we 4639 03:03:06,060 --> 03:03:08,160 read them and then we can forward them 4640 03:03:08,160 --> 03:03:10,140 to the actual Target machine so the 4641 03:03:10,140 --> 03:03:11,580 target will have no idea that anything 4642 03:03:11,580 --> 03:03:14,040 is happening since the packets are 4643 03:03:14,040 --> 03:03:16,680 arriving at the destination 4644 03:03:16,680 --> 03:03:18,960 if we do the opposite to the Target so 4645 03:03:18,960 --> 03:03:20,760 we send the arc package to the Target 4646 03:03:20,760 --> 03:03:23,640 which tell the target machine hey I am 4647 03:03:23,640 --> 03:03:25,800 the router please send the packets to me 4648 03:03:25,800 --> 03:03:27,180 and then 4649 03:03:27,180 --> 03:03:28,800 the packets that were supposed to go 4650 03:03:28,800 --> 03:03:30,899 from the target machine to the router go 4651 03:03:30,899 --> 03:03:32,880 first to our machine and then we forward 4652 03:03:32,880 --> 03:03:35,760 them to the router and therefore we are 4653 03:03:35,760 --> 03:03:37,859 the man in the middle there by ours 4654 03:03:37,859 --> 03:03:41,040 proofing the correction all right so 4655 03:03:41,040 --> 03:03:43,380 another thing to keep in mind is that 4656 03:03:43,380 --> 03:03:46,140 this will not work on all networks it 4657 03:03:46,140 --> 03:03:48,120 will only work of some networks where 4658 03:03:48,120 --> 03:03:50,580 our spoofing is still possible there are 4659 03:03:50,580 --> 03:03:52,200 a bunch of different networks in the 4660 03:03:52,200 --> 03:03:54,540 world that have security measures that 4661 03:03:54,540 --> 03:03:56,399 prevent ARB spoofing 4662 03:03:56,399 --> 03:03:59,040 but there is even more of them that do 4663 03:03:59,040 --> 03:04:01,979 not prevent ARP spoofing 4664 03:04:01,979 --> 03:04:03,779 so that's why we are covering this 4665 03:04:03,779 --> 03:04:06,300 project let's start with creating the 4666 03:04:06,300 --> 03:04:09,359 project inside of a pycharm here it is I 4667 03:04:09,359 --> 03:04:11,520 already went on file and the new project 4668 03:04:11,520 --> 03:04:13,220 so I will simply just type right here 4669 03:04:13,220 --> 03:04:16,760 Arps buffer 4670 03:04:16,859 --> 03:04:19,200 click on create we want to create on 4671 03:04:19,200 --> 03:04:21,560 this window 4672 03:04:24,720 --> 03:04:26,580 and we're going to start off by 4673 03:04:26,580 --> 03:04:29,340 importing the libraries that we need 4674 03:04:29,340 --> 03:04:31,979 for the first program which is going to 4675 03:04:31,979 --> 03:04:34,200 be us going line by line and checking 4676 03:04:34,200 --> 03:04:37,620 out how arp's proofing Works we're only 4677 03:04:37,620 --> 03:04:39,240 going to need one library and that is 4678 03:04:39,240 --> 03:04:42,720 going to be this KP Library so first of 4679 03:04:42,720 --> 03:04:44,840 all 4680 03:04:44,939 --> 03:04:47,880 I will go right here and click on new 4681 03:04:47,880 --> 03:04:50,399 python file and we will call this first 4682 03:04:50,399 --> 03:04:53,640 program malicious ARP packet and we can 4683 03:04:53,640 --> 03:04:56,939 shorten that by simply typing Mal art 4684 03:04:56,939 --> 03:05:00,660 dot py simple as that and all we need to 4685 03:05:00,660 --> 03:05:04,200 do is type fromskp.all 4686 03:05:04,200 --> 03:05:05,819 import 4687 03:05:05,819 --> 03:05:08,399 and Then star sign and the Star Sign 4688 03:05:08,399 --> 03:05:10,500 simply implicates that we are importing 4689 03:05:10,500 --> 03:05:12,960 everything from kp.all but you can 4690 03:05:12,960 --> 03:05:14,880 notice that the Escape is actually red 4691 03:05:14,880 --> 03:05:17,100 underlying therefore we need to install 4692 03:05:17,100 --> 03:05:20,580 it first so let's open up our terminal 4693 03:05:20,580 --> 03:05:27,120 53 oops pip 3 installed escapee 4694 03:05:27,779 --> 03:05:30,180 it will collect the library and in no 4695 03:05:30,180 --> 03:05:32,160 time we should have it up and running 4696 03:05:32,160 --> 03:05:35,700 here it is if we go right here in just a 4697 03:05:35,700 --> 03:05:39,720 few seconds this red line will go away 4698 03:05:39,720 --> 03:05:42,899 all right so let's experiment with skp a 4699 03:05:42,899 --> 03:05:44,279 little bit 4700 03:05:44,279 --> 03:05:47,520 so if I go and open up my terminal right 4701 03:05:47,520 --> 03:05:48,540 here 4702 03:05:48,540 --> 03:05:50,399 and before we actually code anything 4703 03:05:50,399 --> 03:05:52,920 inside of pycharm Let Us open up our 4704 03:05:52,920 --> 03:05:54,359 terminal 4705 03:05:54,359 --> 03:05:57,540 zoom in our terminal 4706 03:05:57,540 --> 03:06:00,600 and run scapey now you will notice that 4707 03:06:00,600 --> 03:06:02,640 you can simply just run scapey instead 4708 03:06:02,640 --> 03:06:04,979 of python in your terminal and it will 4709 03:06:04,979 --> 03:06:08,460 open a platform or a framework that 4710 03:06:08,460 --> 03:06:12,120 allows you to only execute commands 4711 03:06:12,120 --> 03:06:14,520 all right so here it is I will enlarge 4712 03:06:14,520 --> 03:06:17,340 this so we can see everything better in 4713 03:06:17,340 --> 03:06:18,960 case you don't have scaping installed 4714 03:06:18,960 --> 03:06:21,300 simply you can install it by using pip3 4715 03:06:21,300 --> 03:06:24,000 as we showed in pie chart 4716 03:06:24,000 --> 03:06:26,700 now what Skippy allows us to do is it 4717 03:06:26,700 --> 03:06:28,920 allows us to create different types of 4718 03:06:28,920 --> 03:06:32,279 packets for example we have TCP packets 4719 03:06:32,279 --> 03:06:34,680 UDP packets we can also create icmp 4720 03:06:34,680 --> 03:06:37,260 packets and in our case in this section 4721 03:06:37,260 --> 03:06:39,840 we are going to use our packets 4722 03:06:39,840 --> 03:06:42,359 so if I simply just type LS 4723 03:06:42,359 --> 03:06:45,300 and in brackets I specify arp 4724 03:06:45,300 --> 03:06:47,100 you will notice that first of all this 4725 03:06:47,100 --> 03:06:49,500 LS is the same as the ls command inside 4726 03:06:49,500 --> 03:06:51,840 of a terminal it will simply just list 4727 03:06:51,840 --> 03:06:54,180 all of the different fields that the r 4728 03:06:54,180 --> 03:06:55,920 packet has 4729 03:06:55,920 --> 03:06:57,899 so we have all of those fields that we 4730 03:06:57,899 --> 03:07:00,180 need to specify inside of an ARP packet 4731 03:07:00,180 --> 03:07:02,580 before we actually try to send it 4732 03:07:02,580 --> 03:07:04,399 we have pdst 4733 03:07:04,399 --> 03:07:09,899 hwdst B source and HW source and op and 4734 03:07:09,899 --> 03:07:11,939 these five fields are the most important 4735 03:07:11,939 --> 03:07:15,420 to us for this section this P DSD is 4736 03:07:15,420 --> 03:07:17,460 actually the destination to which we are 4737 03:07:17,460 --> 03:07:20,580 sending the packet the hwdst destination 4738 03:07:20,580 --> 03:07:22,740 Mac address which we are sending the 4739 03:07:22,740 --> 03:07:25,200 packet the P source is our own IP 4740 03:07:25,200 --> 03:07:28,319 address and the HW source is our own Mac 4741 03:07:28,319 --> 03:07:29,220 address 4742 03:07:29,220 --> 03:07:33,240 the op field is simply set to either one 4743 03:07:33,240 --> 03:07:34,800 or two 4744 03:07:34,800 --> 03:07:36,779 and the reason for that is because there 4745 03:07:36,779 --> 03:07:39,540 are two types of our packets if op is 4746 03:07:39,540 --> 03:07:41,279 set to one that means we are sending the 4747 03:07:41,279 --> 03:07:45,180 ARP request and if op is set to 2 that 4748 03:07:45,180 --> 03:07:47,880 means we are sending the ARP response 4749 03:07:47,880 --> 03:07:50,580 and the request is simply us asking for 4750 03:07:50,580 --> 03:07:53,580 example at which Mac address and IP 4751 03:07:53,580 --> 03:07:55,979 address is the router and the response 4752 03:07:55,979 --> 03:07:57,960 would be if someone asks for our own Mac 4753 03:07:57,960 --> 03:07:59,520 address over the broadcast we would 4754 03:07:59,520 --> 03:08:02,819 simply reply K that IP address is at 4755 03:08:02,819 --> 03:08:05,100 this Mac address and that is the ARP 4756 03:08:05,100 --> 03:08:06,899 response all right 4757 03:08:06,899 --> 03:08:09,000 but even though if you don't understand 4758 03:08:09,000 --> 03:08:10,560 you will understand it too the process 4759 03:08:10,560 --> 03:08:13,080 of coding now in order to create a 4760 03:08:13,080 --> 03:08:15,120 packet inside of scapey we can define 4761 03:08:15,120 --> 03:08:18,479 something like packet equals and then 4762 03:08:18,479 --> 03:08:21,120 ARP specifying which packet we want and 4763 03:08:21,120 --> 03:08:23,340 inside of the brackets we specify all of 4764 03:08:23,340 --> 03:08:25,200 these options that we need 4765 03:08:25,200 --> 03:08:27,600 for example I can simply specify P 4766 03:08:27,600 --> 03:08:30,720 destination equals and then let's say 4767 03:08:30,720 --> 03:08:34,740 the IP address of my router 4768 03:08:34,740 --> 03:08:37,979 and if I just type packet.show 4769 03:08:37,979 --> 03:08:40,620 you will see all of the fields for my 4770 03:08:40,620 --> 03:08:43,020 packet most of them will be set 4771 03:08:43,020 --> 03:08:44,340 automatically 4772 03:08:44,340 --> 03:08:47,040 you will notice that the HW source and P 4773 03:08:47,040 --> 03:08:49,260 Source are set automatically and this is 4774 03:08:49,260 --> 03:08:51,420 the MAC address of our Cal Linux machine 4775 03:08:51,420 --> 03:08:53,700 and the IP address of our Cal Linux 4776 03:08:53,700 --> 03:08:55,560 machine 4777 03:08:55,560 --> 03:08:58,140 the op is set to who has which means 4778 03:08:58,140 --> 03:09:00,660 this is a request if we try to change it 4779 03:09:00,660 --> 03:09:02,700 for example packets 4780 03:09:02,700 --> 03:09:05,640 dot op equals to 4781 03:09:05,640 --> 03:09:08,880 and then we type once again packet.show 4782 03:09:08,880 --> 03:09:10,500 we got 4783 03:09:10,500 --> 03:09:14,040 changed op value which is now is at so 4784 03:09:14,040 --> 03:09:16,920 this means we are sending a response all 4785 03:09:16,920 --> 03:09:20,580 right the packet type is is ipv4 and you 4786 03:09:20,580 --> 03:09:23,760 can see the HW type is 0x1 4787 03:09:23,760 --> 03:09:26,640 and all these values are set except the 4788 03:09:26,640 --> 03:09:28,979 hardware destination or the MAC address 4789 03:09:28,979 --> 03:09:31,200 of the actual Target that we want to get 4790 03:09:31,200 --> 03:09:33,240 the MAC address from 4791 03:09:33,240 --> 03:09:35,220 alright so this is just small intro to 4792 03:09:35,220 --> 03:09:37,200 the art packets and in the next video 4793 03:09:37,200 --> 03:09:39,300 we're going to implement this in our 4794 03:09:39,300 --> 03:09:42,840 pycharm and send our first malicious Arc 4795 03:09:42,840 --> 03:09:45,180 packet thank you for watching and take 4796 03:09:45,180 --> 03:09:46,800 care bye 4797 03:09:46,800 --> 03:09:48,300 welcome back 4798 03:09:48,300 --> 03:09:51,180 let's see how arp's pooping really works 4799 03:09:51,180 --> 03:09:53,100 alright so 4800 03:09:53,100 --> 03:09:55,620 now that we Import in our library the 4801 03:09:55,620 --> 03:09:57,540 first thing and the first step in order 4802 03:09:57,540 --> 03:09:59,640 to actually perform the Arts proofing is 4803 03:09:59,640 --> 03:10:02,760 to create the malicious packet 4804 03:10:02,760 --> 03:10:04,500 so how can we do that 4805 03:10:04,500 --> 03:10:06,420 well first of all we need to figure out 4806 03:10:06,420 --> 03:10:09,359 which machines are we trying to attack 4807 03:10:09,359 --> 03:10:12,420 in this case I will try to attack my 4808 03:10:12,420 --> 03:10:15,300 Windows 10 main PC so this environment 4809 03:10:15,300 --> 03:10:16,560 right here 4810 03:10:16,560 --> 03:10:19,020 now you can also try to attack Windows 4811 03:10:19,020 --> 03:10:20,939 machine but it can also be a Linux 4812 03:10:20,939 --> 03:10:22,680 machine if you'd like 4813 03:10:22,680 --> 03:10:24,899 all right so the first thing that we 4814 03:10:24,899 --> 03:10:27,660 need to do is to pretend that we do not 4815 03:10:27,660 --> 03:10:30,000 know how to communicate with our Target 4816 03:10:30,000 --> 03:10:32,640 machine therefore we need to find out 4817 03:10:32,640 --> 03:10:35,460 its Mac address first how can we do that 4818 03:10:35,460 --> 03:10:37,979 well we can simply just send an ARP 4819 03:10:37,979 --> 03:10:40,500 request through the broadcast Mac 4820 03:10:40,500 --> 03:10:42,300 address which means that every machine 4821 03:10:42,300 --> 03:10:44,399 on this local area network will receive 4822 03:10:44,399 --> 03:10:47,160 the request and possibly send a reply 4823 03:10:47,160 --> 03:10:49,500 so how can we do that well first of all 4824 03:10:49,500 --> 03:10:52,560 we need to create a packet 4825 03:10:52,560 --> 03:10:54,240 which is going to cover the broadcast 4826 03:10:54,240 --> 03:10:56,220 Mac address 4827 03:10:56,220 --> 03:10:58,380 we can set the broadcast Mac address 4828 03:10:58,380 --> 03:11:00,840 inside of the adder layer of the packet 4829 03:11:00,840 --> 03:11:03,060 so we will simply just create the editor 4830 03:11:03,060 --> 03:11:06,720 packet with the destination of 4831 03:11:06,720 --> 03:11:09,359 the broadcast Mac address which we all 4832 03:11:09,359 --> 03:11:13,740 know to be FF ffff and this now we 4833 03:11:13,740 --> 03:11:16,920 specify six times all right now if we go 4834 03:11:16,920 --> 03:11:18,960 to the escapee right here from our 4835 03:11:18,960 --> 03:11:21,899 terminal and we type LS on the adder 4836 03:11:21,899 --> 03:11:24,000 packet we can see it only has three 4837 03:11:24,000 --> 03:11:26,819 fields which is the type the source and 4838 03:11:26,819 --> 03:11:28,859 the destination 4839 03:11:28,859 --> 03:11:31,140 if I create a packet which is going to 4840 03:11:31,140 --> 03:11:33,779 be equal to enter with the destination 4841 03:11:33,779 --> 03:11:35,640 that we just specified of the broadcast 4842 03:11:35,640 --> 03:11:38,540 Mac address 4843 03:11:38,880 --> 03:11:41,640 and print packet.show 4844 03:11:41,640 --> 03:11:43,380 you will see that the source will 4845 03:11:43,380 --> 03:11:45,540 automatically be set to the MAC address 4846 03:11:45,540 --> 03:11:48,000 of my Kali Linux machine 4847 03:11:48,000 --> 03:11:50,760 and the type will be set as well as we 4848 03:11:50,760 --> 03:11:52,859 can see right here the destination is 4849 03:11:52,859 --> 03:11:55,560 set to the broadcast Mac address 4850 03:11:55,560 --> 03:11:57,720 but if we want to we can actually add 4851 03:11:57,720 --> 03:12:00,600 the r player to this Adder layer in 4852 03:12:00,600 --> 03:12:02,520 order to create a full packet and that 4853 03:12:02,520 --> 03:12:04,800 is what we're going to do 4854 03:12:04,800 --> 03:12:07,020 so what I'm going to do 4855 03:12:07,020 --> 03:12:09,240 is before even coding it in the pie 4856 03:12:09,240 --> 03:12:11,100 charm I'm going to restart scapey right 4857 03:12:11,100 --> 03:12:13,439 here and demonstrate the creation of 4858 03:12:13,439 --> 03:12:15,840 packet first because we have a visuals 4859 03:12:15,840 --> 03:12:17,520 right here therefore we can understand 4860 03:12:17,520 --> 03:12:19,740 it a whole lot better let's create a 4861 03:12:19,740 --> 03:12:21,899 broadcast packet that we already typed 4862 03:12:21,899 --> 03:12:24,740 in the pi term 4863 03:12:24,960 --> 03:12:27,420 that will have the other layer with the 4864 03:12:27,420 --> 03:12:30,300 destination to be equal to the broadcast 4865 03:12:30,300 --> 03:12:32,640 since we are sending out a request to 4866 03:12:32,640 --> 03:12:35,279 everyone and hopefully getting a reply 4867 03:12:35,279 --> 03:12:37,740 from someone who knows where our Windows 4868 03:12:37,740 --> 03:12:40,560 10 machine is located all right 4869 03:12:40,560 --> 03:12:43,319 now after we do that we need to also add 4870 03:12:43,319 --> 03:12:46,020 the r player so let's just create our 4871 03:12:46,020 --> 03:12:48,479 player right here 4872 03:12:48,479 --> 03:12:51,000 to be equal to the arp 4873 03:12:51,000 --> 03:12:53,399 and here all we need to do is specify 4874 03:12:53,399 --> 03:12:56,220 the IP address of our Target machine so 4875 03:12:56,220 --> 03:12:58,140 I'm going to check the IP address of my 4876 03:12:58,140 --> 03:13:00,300 Windows 10 machine right here 4877 03:13:00,300 --> 03:13:02,580 by opening up the command prompt and 4878 03:13:02,580 --> 03:13:05,040 typing ipconfig 4879 03:13:05,040 --> 03:13:07,200 press your enter and we can see that the 4880 03:13:07,200 --> 03:13:09,840 IP address of my Windows 10 machine is 4881 03:13:09,840 --> 03:13:12,840 192.168.1.2 4882 03:13:12,840 --> 03:13:14,580 so that is what we need to specify 4883 03:13:14,580 --> 03:13:17,640 inside of our R player we are interested 4884 03:13:17,640 --> 03:13:19,620 at the destination so we will specify 4885 03:13:19,620 --> 03:13:21,660 pdst 4886 03:13:21,660 --> 03:13:25,140 to be equal to the IP address of Windows 4887 03:13:25,140 --> 03:13:27,899 10 machine all right so we got that 4888 03:13:27,899 --> 03:13:29,279 ready 4889 03:13:29,279 --> 03:13:32,700 let me enlarge this a little bit more 4890 03:13:32,700 --> 03:13:36,359 and now if I simply just type R player 4891 03:13:36,359 --> 03:13:38,279 dot show 4892 03:13:38,279 --> 03:13:40,620 will have all of the fields filled 4893 03:13:40,620 --> 03:13:42,960 automatically by default 4894 03:13:42,960 --> 03:13:45,420 our IP address is there and our Mac 4895 03:13:45,420 --> 03:13:48,420 address is there as well the op is also 4896 03:13:48,420 --> 03:13:50,880 said to be an ARP request now in order 4897 03:13:50,880 --> 03:13:52,500 to actually combine these two packets 4898 03:13:52,500 --> 03:13:54,840 all we need to do is create another 4899 03:13:54,840 --> 03:13:56,819 variable which will be called entire 4900 03:13:56,819 --> 03:13:59,540 packet 4901 03:14:00,720 --> 03:14:03,180 and this entire packet will be equal to 4902 03:14:03,180 --> 03:14:04,859 broadcast 4903 03:14:04,859 --> 03:14:08,640 slash ARP layer 4904 03:14:08,640 --> 03:14:10,800 and that is how we can combine these two 4905 03:14:10,800 --> 03:14:11,700 packets 4906 03:14:11,700 --> 03:14:13,620 let me just show you right here so you 4907 03:14:13,620 --> 03:14:15,180 can understand it better if I type 4908 03:14:15,180 --> 03:14:18,359 entire packet dot show 4909 03:14:18,359 --> 03:14:20,640 you will see right now we have two 4910 03:14:20,640 --> 03:14:23,580 layers to our entire packet 4911 03:14:23,580 --> 03:14:25,920 the ethernet layer which we set the 4912 03:14:25,920 --> 03:14:27,600 destination to be the broadcast Mac 4913 03:14:27,600 --> 03:14:30,540 address and the r player which we set 4914 03:14:30,540 --> 03:14:33,300 the IP destination to be the IP address 4915 03:14:33,300 --> 03:14:36,180 of our Windows 10 machine 4916 03:14:36,180 --> 03:14:39,060 now we can send out this packet alright 4917 03:14:39,060 --> 03:14:42,120 so how can we do that 4918 03:14:42,120 --> 03:14:44,819 well we can use a function which is 4919 03:14:44,819 --> 03:14:47,100 called SRP 4920 03:14:47,100 --> 03:14:49,200 and this function allows us to send the 4921 03:14:49,200 --> 03:14:51,899 entire packet we can also specify the 4922 03:14:51,899 --> 03:14:54,540 timeout to be equal to 2 seconds and we 4923 03:14:54,540 --> 03:14:56,819 want to set the verbose to be equal to 4924 03:14:56,819 --> 03:14:58,620 true 4925 03:14:58,620 --> 03:14:59,899 now 4926 03:14:59,899 --> 03:15:03,240 this actual function will retrieve two 4927 03:15:03,240 --> 03:15:06,180 lists the first list will be the 4928 03:15:06,180 --> 03:15:08,279 answered responses and the second list 4929 03:15:08,279 --> 03:15:11,760 would be the unanswered machines all 4930 03:15:11,760 --> 03:15:14,340 right so in order to actually print that 4931 03:15:14,340 --> 03:15:16,200 list afterwards we first of all need to 4932 03:15:16,200 --> 03:15:18,120 store it and let's call the variable 4933 03:15:18,120 --> 03:15:21,120 answer and since I just mentioned that 4934 03:15:21,120 --> 03:15:23,040 it retrieves two lists we want to pick 4935 03:15:23,040 --> 03:15:26,640 the first list by specifying this 0 4936 03:15:26,640 --> 03:15:29,279 inside of square brackets since the 4937 03:15:29,279 --> 03:15:32,340 first list are answered responses if I 4938 03:15:32,340 --> 03:15:34,319 press here enter 4939 03:15:34,319 --> 03:15:36,720 it will tell us that it received one 4940 03:15:36,720 --> 03:15:39,120 package got one answers and remaining 4941 03:15:39,120 --> 03:15:40,740 zero packets so everything worked 4942 03:15:40,740 --> 03:15:45,620 properly if I type here print answer 4943 03:15:46,680 --> 03:15:48,779 it will tell you the results which means 4944 03:15:48,779 --> 03:15:51,120 that we got other response it was not a 4945 03:15:51,120 --> 03:15:54,060 TCP answer or UDP or icmp it was under 4946 03:15:54,060 --> 03:15:56,399 the other and by other it means we got 4947 03:15:56,399 --> 03:15:59,100 the ARP response which is good now in 4948 03:15:59,100 --> 03:16:00,960 order to print this response we can 4949 03:16:00,960 --> 03:16:04,260 simply just type print answer 4950 03:16:04,260 --> 03:16:07,439 and select the first element 4951 03:16:07,439 --> 03:16:10,200 and you will see our packet right here 4952 03:16:10,200 --> 03:16:13,140 now if we take a look at this packet we 4953 03:16:13,140 --> 03:16:15,899 will see that this is our own packet 4954 03:16:15,899 --> 03:16:17,819 that we sent since we have the ethernet 4955 03:16:17,819 --> 03:16:19,880 set for the destination to the broadcast 4956 03:16:19,880 --> 03:16:23,340 and the r player set to have the IP 4957 03:16:23,340 --> 03:16:26,160 destination to the Windows 10 machine 4958 03:16:26,160 --> 03:16:28,740 and this right here 4959 03:16:28,740 --> 03:16:31,859 would be the response that we got as we 4960 03:16:31,859 --> 03:16:34,200 can see the destination Mac address is 4961 03:16:34,200 --> 03:16:36,660 the MAC address of our own Kali Linux 4962 03:16:36,660 --> 03:16:37,740 machine 4963 03:16:37,740 --> 03:16:40,800 the source is the MAC address from our 4964 03:16:40,800 --> 03:16:43,439 Windows 10 machine since our Windows 10 4965 03:16:43,439 --> 03:16:45,300 machine sent this packet back to us 4966 03:16:45,300 --> 03:16:48,720 telling us that this is its own Mac 4967 03:16:48,720 --> 03:16:49,859 address 4968 03:16:49,859 --> 03:16:52,560 we can also see it right here where the 4969 03:16:52,560 --> 03:16:55,080 HW source is the MAC address of Windows 4970 03:16:55,080 --> 03:16:58,620 10 machine the P source is the source IP 4971 03:16:58,620 --> 03:17:00,660 address of Windows 10 machine and this 4972 03:17:00,660 --> 03:17:03,120 is where the Windows 10 machine sent the 4973 03:17:03,120 --> 03:17:05,819 packet to which is our Cal Linux machine 4974 03:17:05,819 --> 03:17:08,640 therefore we received it now what we 4975 03:17:08,640 --> 03:17:11,040 want to get out of this entire packet is 4976 03:17:11,040 --> 03:17:14,279 this Mac address right here 4977 03:17:14,279 --> 03:17:17,160 so how we can do that well we can simply 4978 03:17:17,160 --> 03:17:19,920 just print let's print something like 4979 03:17:19,920 --> 03:17:21,359 this answer 4980 03:17:21,359 --> 03:17:23,760 and since this has bunch of elements we 4981 03:17:23,760 --> 03:17:27,060 will select the first one which is this 4982 03:17:27,060 --> 03:17:30,240 and then we can select 4983 03:17:30,240 --> 03:17:32,640 the second element 4984 03:17:32,640 --> 03:17:37,760 under the number one if we print it 4985 03:17:38,359 --> 03:17:41,279 Python 3 makes no sense 4986 03:17:41,279 --> 03:17:46,819 wait if I just type print dot show 4987 03:17:46,819 --> 03:17:50,640 here it is bound method we only get the 4988 03:17:50,640 --> 03:17:53,220 response now as we can see right here we 4989 03:17:53,220 --> 03:17:55,920 no longer get this part and all we want 4990 03:17:55,920 --> 03:17:58,859 to select from this response is the HW 4991 03:17:58,859 --> 03:18:01,439 source which is this right here since 4992 03:18:01,439 --> 03:18:03,779 this is the MAC address of the Windows 4993 03:18:03,779 --> 03:18:06,840 10 machine so let's select it if we type 4994 03:18:06,840 --> 03:18:10,500 here Target Mac address 4995 03:18:10,500 --> 03:18:13,680 we can set it to be equal to 4996 03:18:13,680 --> 03:18:15,540 answer 4997 03:18:15,540 --> 03:18:19,140 first element which is the packet that 4998 03:18:19,140 --> 03:18:21,000 we sent and the packet that we received 4999 03:18:21,000 --> 03:18:23,340 but since we only want the packet that 5000 03:18:23,340 --> 03:18:25,160 we received we set the second element 5001 03:18:25,160 --> 03:18:28,200 and that is this part right here and 5002 03:18:28,200 --> 03:18:30,540 from the second element we want to get 5003 03:18:30,540 --> 03:18:34,680 the HW source which is the MAC address 5004 03:18:34,680 --> 03:18:36,720 of the Windows 10 machine 5005 03:18:36,720 --> 03:18:38,700 if I press here enter 5006 03:18:38,700 --> 03:18:42,800 and we print the target Mac address 5007 03:18:45,300 --> 03:18:47,819 we get just the MAC address of Windows 5008 03:18:47,819 --> 03:18:50,279 10 machine alright great how cool is 5009 03:18:50,279 --> 03:18:52,200 that we successfully retrieved the MAC 5010 03:18:52,200 --> 03:18:54,600 address of Windows 10 Machine by sending 5011 03:18:54,600 --> 03:18:56,819 the art packet and getting the ARP 5012 03:18:56,819 --> 03:18:59,340 response back to us 5013 03:18:59,340 --> 03:19:01,800 now it is time to get to the hacking 5014 03:19:01,800 --> 03:19:04,620 stuff this was all just small networking 5015 03:19:04,620 --> 03:19:07,319 right now we want to create a malformed 5016 03:19:07,319 --> 03:19:09,600 or unalicious art packet and send it 5017 03:19:09,600 --> 03:19:11,160 once again 5018 03:19:11,160 --> 03:19:12,960 how can we do that 5019 03:19:12,960 --> 03:19:15,060 well first we need to craft the packet 5020 03:19:15,060 --> 03:19:18,000 all right so we already know how to do 5021 03:19:18,000 --> 03:19:19,740 that let's create a variable called 5022 03:19:19,740 --> 03:19:23,279 packet and this packet variable will be 5023 03:19:23,279 --> 03:19:26,300 equal to the art packet 5024 03:19:26,300 --> 03:19:28,680 first since this is a malicious packet 5025 03:19:28,680 --> 03:19:30,660 let's see what we want this packet to do 5026 03:19:30,660 --> 03:19:32,939 well we want this packet to tell the 5027 03:19:32,939 --> 03:19:35,340 Windows 10 machine that our Kali Linux 5028 03:19:35,340 --> 03:19:38,340 machine is a router so it sends all of 5029 03:19:38,340 --> 03:19:40,800 its packets to us first of all we need 5030 03:19:40,800 --> 03:19:43,560 to set the op value to be equal to 2 5031 03:19:43,560 --> 03:19:46,620 since we want our packet to be the art 5032 03:19:46,620 --> 03:19:49,319 response we are telling the Windows 10 5033 03:19:49,319 --> 03:19:51,000 machine that we are the router we are 5034 03:19:51,000 --> 03:19:52,859 not requesting anything therefore we 5035 03:19:52,859 --> 03:19:55,920 will set the op to be equal to 2. 5036 03:19:55,920 --> 03:19:57,960 the next thing we want to set is the 5037 03:19:57,960 --> 03:19:59,880 hardware destination or the MAC address 5038 03:19:59,880 --> 03:20:02,399 of our Windows 10 machine and this is 5039 03:20:02,399 --> 03:20:04,979 why we needed Mac address that we 5040 03:20:04,979 --> 03:20:07,439 received from this packet right here we 5041 03:20:07,439 --> 03:20:08,880 got it in the Target Mac address 5042 03:20:08,880 --> 03:20:11,220 variable so you can either specify the 5043 03:20:11,220 --> 03:20:13,620 MAC address itself or you can specify 5044 03:20:13,620 --> 03:20:15,960 Target Mac address 5045 03:20:15,960 --> 03:20:17,399 all right 5046 03:20:17,399 --> 03:20:19,080 the next thing that we need to specify 5047 03:20:19,080 --> 03:20:21,240 is the P destination 5048 03:20:21,240 --> 03:20:23,220 which is the IP address to our Target 5049 03:20:23,220 --> 03:20:28,140 machine in my case that is 192.168.1.2 5050 03:20:29,640 --> 03:20:31,200 and the last thing that we need to 5051 03:20:31,200 --> 03:20:33,479 specify is the P source 5052 03:20:33,479 --> 03:20:37,260 if I specify psrc equals here we 5053 03:20:37,260 --> 03:20:39,240 specified the machine that we want to 5054 03:20:39,240 --> 03:20:42,000 impersonate in our case we want to be 5055 03:20:42,000 --> 03:20:44,100 the router therefore I will specify my 5056 03:20:44,100 --> 03:20:46,700 router's IP address which is 5057 03:20:46,700 --> 03:20:49,319 192.168.1.1 in case you don't know what 5058 03:20:49,319 --> 03:20:51,359 your router's IP address is you can 5059 03:20:51,359 --> 03:20:53,399 simply just go open up your terminal and 5060 03:20:53,399 --> 03:20:56,939 type in netstat dash NR 5061 03:20:56,939 --> 03:21:00,000 under the Gateway you will see your 5062 03:21:00,000 --> 03:21:02,760 router's IP address all right so let's 5063 03:21:02,760 --> 03:21:04,740 close this 5064 03:21:04,740 --> 03:21:07,620 now that we have everything ready once 5065 03:21:07,620 --> 03:21:09,439 again we are sending the op equals to 5066 03:21:09,439 --> 03:21:11,700 because we are saying that we are 5067 03:21:11,700 --> 03:21:14,340 Gateway so this is a response let's 5068 03:21:14,340 --> 03:21:17,279 press here enter if I just type packet 5069 03:21:17,279 --> 03:21:19,560 dot show 5070 03:21:19,560 --> 03:21:23,460 here is the contents of our packet we 5071 03:21:23,460 --> 03:21:25,920 got everything ready to go 5072 03:21:25,920 --> 03:21:27,899 but before we actually send out this 5073 03:21:27,899 --> 03:21:30,540 packet let's see what are the ARP tables 5074 03:21:30,540 --> 03:21:32,580 on our Windows 10 machine so how can we 5075 03:21:32,580 --> 03:21:34,979 do that well open up your command prompt 5076 03:21:34,979 --> 03:21:38,160 once again I will clear the screen and 5077 03:21:38,160 --> 03:21:41,040 if you type ARP Dash a 5078 03:21:41,040 --> 03:21:43,500 you will see the ARP table on our 5079 03:21:43,500 --> 03:21:45,840 Windows 10 machine we can see that the 5080 03:21:45,840 --> 03:21:47,939 router's IP address is at this Mac 5081 03:21:47,939 --> 03:21:49,319 address right here 5082 03:21:49,319 --> 03:21:52,380 the Kali Linux IP address is at this Mac 5083 03:21:52,380 --> 03:21:54,660 address right here 5084 03:21:54,660 --> 03:21:56,279 you will notice once we send the 5085 03:21:56,279 --> 03:21:58,920 malicious packet that these two IP 5086 03:21:58,920 --> 03:22:01,080 addresses which is the router's IP 5087 03:22:01,080 --> 03:22:03,300 address and the Cal Linux IP address 5088 03:22:03,300 --> 03:22:06,779 will have the same Mac addresses that 5089 03:22:06,779 --> 03:22:08,700 means that we successfully spoofed the 5090 03:22:08,700 --> 03:22:11,760 Windows 10 machine into thinking 5091 03:22:11,760 --> 03:22:15,000 that we are the router and then it will 5092 03:22:15,000 --> 03:22:16,740 send all of its packets to our Mac 5093 03:22:16,740 --> 03:22:18,840 address instead of the router's MAC 5094 03:22:18,840 --> 03:22:19,620 address 5095 03:22:19,620 --> 03:22:21,899 so let's see if this will work 5096 03:22:21,899 --> 03:22:23,640 in order to send this packet we will 5097 03:22:23,640 --> 03:22:25,979 simply just use the send function we 5098 03:22:25,979 --> 03:22:28,979 will specify packet and then 5099 03:22:28,979 --> 03:22:31,680 verbose equals false since we don't need 5100 03:22:31,680 --> 03:22:34,439 to see anything we send the packet and 5101 03:22:34,439 --> 03:22:36,479 let's go to our Command Prompt and run 5102 03:22:36,479 --> 03:22:39,680 the same command once again 5103 03:22:39,720 --> 03:22:42,420 and here it is we successfully spoofed 5104 03:22:42,420 --> 03:22:44,700 the Windows 10 machine 5105 03:22:44,700 --> 03:22:47,240 now we got the 5106 03:22:47,240 --> 03:22:50,660 192.168.1.1 which is our router and 5107 03:22:50,660 --> 03:22:52,680 192.168.1.4 which is scale Linux machine 5108 03:22:52,680 --> 03:22:57,260 to have the same Mac address 5109 03:22:57,960 --> 03:23:00,420 how cool is that we successfully spoofed 5110 03:23:00,420 --> 03:23:01,979 the Windows 10 machine 5111 03:23:01,979 --> 03:23:03,960 and this is what's called the ARP 5112 03:23:03,960 --> 03:23:05,220 spoofing 5113 03:23:05,220 --> 03:23:07,800 now if you don't run this packet in a 5114 03:23:07,800 --> 03:23:10,200 while loop this will most likely get 5115 03:23:10,200 --> 03:23:12,479 reset after a few seconds or minutes so 5116 03:23:12,479 --> 03:23:15,000 let's see if we still have it yeah it 5117 03:23:15,000 --> 03:23:16,859 already got reset back as you can see 5118 03:23:16,859 --> 03:23:19,560 the router is already set back to its 5119 03:23:19,560 --> 03:23:22,140 own real Mac address but if we send this 5120 03:23:22,140 --> 03:23:23,520 once again 5121 03:23:23,520 --> 03:23:26,939 and type the ARP Dashay once again 5122 03:23:26,939 --> 03:23:30,239 we spoke the router one more time 5123 03:23:30,239 --> 03:23:32,220 Okay so 5124 03:23:32,220 --> 03:23:34,200 we're going to see in the next video how 5125 03:23:34,200 --> 03:23:36,479 we can do this in a while loop and how 5126 03:23:36,479 --> 03:23:38,040 we can create a program that will 5127 03:23:38,040 --> 03:23:40,140 automate this entire process 5128 03:23:40,140 --> 03:23:42,060 so thank you for watching and I will see 5129 03:23:42,060 --> 03:23:44,939 you in the next tutorial bye 5130 03:23:44,939 --> 03:23:47,700 welcome back we are ready for our final 5131 03:23:47,700 --> 03:23:50,520 project of this section let's create the 5132 03:23:50,520 --> 03:23:52,800 ARP spoofer which will automate the 5133 03:23:52,800 --> 03:23:55,020 entire process and run it in a while 5134 03:23:55,020 --> 03:23:56,580 loop 5135 03:23:56,580 --> 03:23:58,140 since we already did this in the 5136 03:23:58,140 --> 03:24:00,540 previous video in using KP in our 5137 03:24:00,540 --> 03:24:02,160 terminal we don't really need it right 5138 03:24:02,160 --> 03:24:03,300 here 5139 03:24:03,300 --> 03:24:07,399 we can simply just create a new file 5140 03:24:08,460 --> 03:24:12,899 which we can call ARP spoofer 5141 03:24:12,899 --> 03:24:14,399 Dot py 5142 03:24:14,399 --> 03:24:15,720 all right 5143 03:24:15,720 --> 03:24:17,580 we need the same library that we 5144 03:24:17,580 --> 03:24:20,939 imported before so import 5145 03:24:20,939 --> 03:24:23,100 so we're going to import scapi like this 5146 03:24:23,100 --> 03:24:26,040 import kp.org 5147 03:24:26,040 --> 03:24:28,500 escapee 5148 03:24:28,500 --> 03:24:32,819 we also want to import the sys Library 5149 03:24:32,819 --> 03:24:35,819 and we want to import the time Library 5150 03:24:35,819 --> 03:24:37,800 all right so these are the three 5151 03:24:37,800 --> 03:24:39,840 libraries that we are going to need as 5152 03:24:39,840 --> 03:24:42,060 you can see we have all three of them so 5153 03:24:42,060 --> 03:24:44,220 we need to install any additional 5154 03:24:44,220 --> 03:24:45,600 libraries 5155 03:24:45,600 --> 03:24:47,880 now the first thing that we want to 5156 03:24:47,880 --> 03:24:50,100 prompt to the user is for the target's 5157 03:24:50,100 --> 03:24:54,420 IP address and router's IP address 5158 03:24:54,420 --> 03:24:56,279 now before we actually even code 5159 03:24:56,279 --> 03:24:58,859 anything let's discuss what we want this 5160 03:24:58,859 --> 03:25:01,140 program to do in the previous video we 5161 03:25:01,140 --> 03:25:03,000 showed how we actually sent a malicious 5162 03:25:03,000 --> 03:25:05,279 packet to Windows 10 machine telling 5163 03:25:05,279 --> 03:25:08,160 them that we are the router now we need 5164 03:25:08,160 --> 03:25:10,800 to do that two times so we need to send 5165 03:25:10,800 --> 03:25:12,359 the malicious packet to Windows 10 5166 03:25:12,359 --> 03:25:14,939 machine telling the Windows 10 that we 5167 03:25:14,939 --> 03:25:16,920 are the router and we also need to send 5168 03:25:16,920 --> 03:25:18,479 the malicious packet to the router 5169 03:25:18,479 --> 03:25:20,399 telling the router that we are Windows 5170 03:25:20,399 --> 03:25:21,899 10 machine 5171 03:25:21,899 --> 03:25:24,300 and then we can forward the packets from 5172 03:25:24,300 --> 03:25:25,979 one machine to another 5173 03:25:25,979 --> 03:25:27,779 and vice versa 5174 03:25:27,779 --> 03:25:29,520 if you think about it it should be 5175 03:25:29,520 --> 03:25:31,979 rather easy so let's start with it we 5176 03:25:31,979 --> 03:25:33,660 first of all need to prompt the user of 5177 03:25:33,660 --> 03:25:36,420 this program to specify the target's IP 5178 03:25:36,420 --> 03:25:39,600 address and the router's IP address 5179 03:25:39,600 --> 03:25:41,340 all right so let's start with the target 5180 03:25:41,340 --> 03:25:42,899 IP 5181 03:25:42,899 --> 03:25:45,060 and since we imported assist Library we 5182 03:25:45,060 --> 03:25:47,040 can simply just specify that the target 5183 03:25:47,040 --> 03:25:52,279 IP will be equal to the sys dot arc V 5184 03:25:52,380 --> 03:25:55,140 which is number two and this basically 5185 03:25:55,140 --> 03:25:56,880 means that we are going to read the 5186 03:25:56,880 --> 03:25:59,819 targets IP and the router's IP from the 5187 03:25:59,819 --> 03:26:01,380 command line once the user of this 5188 03:26:01,380 --> 03:26:03,960 program runs it let me just give you a 5189 03:26:03,960 --> 03:26:06,660 quick look if so you can understand it 5190 03:26:06,660 --> 03:26:09,000 uh 5191 03:26:09,000 --> 03:26:11,340 for example this program will be ran 5192 03:26:11,340 --> 03:26:13,979 something like this so Python 3 ARP 5193 03:26:13,979 --> 03:26:15,060 spoofer 5194 03:26:15,060 --> 03:26:19,020 oops Dot py and then after it we would 5195 03:26:19,020 --> 03:26:20,660 specify 5196 03:26:20,660 --> 03:26:23,479 192.168.1.1 and 5197 03:26:23,479 --> 03:26:26,399 192.168.1.2 so the first argument will 5198 03:26:26,399 --> 03:26:27,660 be 5199 03:26:27,660 --> 03:26:30,120 the IP address of our router and the 5200 03:26:30,120 --> 03:26:31,739 second argument will be the IP address 5201 03:26:31,739 --> 03:26:34,560 from our Target machine and then we're 5202 03:26:34,560 --> 03:26:37,800 going to read the IP addresses from the 5203 03:26:37,800 --> 03:26:40,020 command line and store it into these 5204 03:26:40,020 --> 03:26:42,779 variables so the target IB will be the 5205 03:26:42,779 --> 03:26:44,939 second parameter or in this case the 5206 03:26:44,939 --> 03:26:47,220 third parameter since counting of 5207 03:26:47,220 --> 03:26:49,739 elements starts from 0 and the zero 5208 03:26:49,739 --> 03:26:52,380 element is the actual name of the 5209 03:26:52,380 --> 03:26:55,319 program all right and we are left with 5210 03:26:55,319 --> 03:27:00,000 the router IP to be equal to sys.org V 5211 03:27:00,000 --> 03:27:02,580 first element or the second element in 5212 03:27:02,580 --> 03:27:05,100 this case which will be the 5213 03:27:05,100 --> 03:27:07,859 IP address of the router all right so 5214 03:27:07,859 --> 03:27:09,779 we're going to read these two from the 5215 03:27:09,779 --> 03:27:10,920 command 5216 03:27:10,920 --> 03:27:14,040 then we're storing it right here and the 5217 03:27:14,040 --> 03:27:15,600 next thing that we want to do with these 5218 03:27:15,600 --> 03:27:17,700 two information since this is the only 5219 03:27:17,700 --> 03:27:19,739 thing that we are going to get from the 5220 03:27:19,739 --> 03:27:21,899 user of this program we want to get the 5221 03:27:21,899 --> 03:27:25,979 Mac addresses for these two Targets 5222 03:27:25,979 --> 03:27:28,319 so how can we do that well let's simply 5223 03:27:28,319 --> 03:27:32,460 specify another variable called Target 5224 03:27:32,460 --> 03:27:35,580 Mac and that variable will be equal to 5225 03:27:35,580 --> 03:27:38,819 get MAC address 5226 03:27:38,819 --> 03:27:42,920 from the targets IP 5227 03:27:43,800 --> 03:27:45,239 then you will see that this is red 5228 03:27:45,239 --> 03:27:47,100 underlined that means this function does 5229 03:27:47,100 --> 03:27:48,840 not exist therefore we are going to have 5230 03:27:48,840 --> 03:27:51,840 to code it and don't worry about it we 5231 03:27:51,840 --> 03:27:53,580 already kind of coded this function in 5232 03:27:53,580 --> 03:27:55,319 the previous video once we saw the 5233 03:27:55,319 --> 03:27:57,060 process of getting the MAC address of 5234 03:27:57,060 --> 03:27:59,220 our Windows 10 machine all we need to do 5235 03:27:59,220 --> 03:28:01,979 is the same the exact same thing just 5236 03:28:01,979 --> 03:28:03,660 now we need to do it with both Windows 5237 03:28:03,660 --> 03:28:05,700 10 machine and the router 5238 03:28:05,700 --> 03:28:08,220 so let's type it right here router Mac 5239 03:28:08,220 --> 03:28:09,779 equals 5240 03:28:09,779 --> 03:28:13,580 get MAC address 5241 03:28:14,819 --> 03:28:18,380 from the routers 5242 03:28:18,899 --> 03:28:20,460 IP 5243 03:28:20,460 --> 03:28:22,200 and we need to make sure that all of 5244 03:28:22,200 --> 03:28:24,060 these variables are strings as we are 5245 03:28:24,060 --> 03:28:25,500 going to use them so we're just going to 5246 03:28:25,500 --> 03:28:28,319 wrap them just in case inside of a 5247 03:28:28,319 --> 03:28:29,220 string 5248 03:28:29,220 --> 03:28:31,800 function 5249 03:28:31,800 --> 03:28:34,920 all right so string 5250 03:28:34,920 --> 03:28:36,660 we also want to make sure that the IP 5251 03:28:36,660 --> 03:28:39,620 addresses are strings 5252 03:28:39,859 --> 03:28:43,859 just in case let's wrap this so we have 5253 03:28:43,859 --> 03:28:46,020 everything set to go 5254 03:28:46,020 --> 03:28:48,180 now what we need to do is we need to 5255 03:28:48,180 --> 03:28:51,380 code the get MAC address function 5256 03:28:51,380 --> 03:28:54,960 so let's code it right here 5257 03:28:54,960 --> 03:28:57,600 let's define it first so Define get MAC 5258 03:28:57,600 --> 03:28:59,700 address 5259 03:28:59,700 --> 03:29:02,279 let's lower this in for just a second so 5260 03:29:02,279 --> 03:29:04,620 we can see the program better and since 5261 03:29:04,620 --> 03:29:06,600 we already noticed right here this 5262 03:29:06,600 --> 03:29:08,880 function will take a parameter the IP 5263 03:29:08,880 --> 03:29:10,979 address 5264 03:29:10,979 --> 03:29:12,840 whether it is the IP address of the 5265 03:29:12,840 --> 03:29:14,540 Target or the router it doesn't matter 5266 03:29:14,540 --> 03:29:18,540 the function will perform the same so if 5267 03:29:18,540 --> 03:29:20,220 we remember from the previous video what 5268 03:29:20,220 --> 03:29:23,100 we first did is we created the broadcast 5269 03:29:23,100 --> 03:29:25,760 layer 5270 03:29:26,520 --> 03:29:31,279 that will be equal to KP dot ather 5271 03:29:31,859 --> 03:29:33,600 with the destination 5272 03:29:33,600 --> 03:29:37,160 to the broadcast Mac address 5273 03:29:37,680 --> 03:29:40,140 alright so this is the first layer and 5274 03:29:40,140 --> 03:29:42,300 the second layer you already know is the 5275 03:29:42,300 --> 03:29:43,739 ARP layer 5276 03:29:43,739 --> 03:29:47,399 this will be equal to kp.arp 5277 03:29:47,399 --> 03:29:50,279 and the P destination has to be set to 5278 03:29:50,279 --> 03:29:53,220 the IP address of this actual function 5279 03:29:53,220 --> 03:29:55,800 so in this case it will be the targets 5280 03:29:55,800 --> 03:29:59,760 IP and in this case the router's IP 5281 03:29:59,760 --> 03:30:02,279 basically once again we are sending the 5282 03:30:02,279 --> 03:30:04,200 broadcast Mac address so we're sending 5283 03:30:04,200 --> 03:30:06,779 to the entire network asking what is the 5284 03:30:06,779 --> 03:30:09,120 MAC address of this IP address right 5285 03:30:09,120 --> 03:30:09,960 here 5286 03:30:09,960 --> 03:30:11,340 all right 5287 03:30:11,340 --> 03:30:13,680 we already know that the other fields of 5288 03:30:13,680 --> 03:30:15,120 the r packet will get filled 5289 03:30:15,120 --> 03:30:16,620 automatically so we don't need to 5290 03:30:16,620 --> 03:30:18,960 specify them by default if you remember 5291 03:30:18,960 --> 03:30:21,479 the op parameter of this art packet will 5292 03:30:21,479 --> 03:30:23,520 be set to 1 which means it is by default 5293 03:30:23,520 --> 03:30:25,260 a request so we don't have to set that 5294 03:30:25,260 --> 03:30:26,279 as well 5295 03:30:26,279 --> 03:30:29,160 and right now let's create a packet a 5296 03:30:29,160 --> 03:30:34,560 final packet which we can call get Mac 5297 03:30:34,560 --> 03:30:36,239 packet 5298 03:30:36,239 --> 03:30:37,800 just so we can understand everything 5299 03:30:37,800 --> 03:30:40,439 better once we read the program code 5300 03:30:40,439 --> 03:30:42,600 and this get Mac packet will be the 5301 03:30:42,600 --> 03:30:46,979 broadcast layer slash ARP layer 5302 03:30:46,979 --> 03:30:48,359 all right 5303 03:30:48,359 --> 03:30:50,340 all we will have to do is send this 5304 03:30:50,340 --> 03:30:53,700 packet and retrieve the MAC address 5305 03:30:53,700 --> 03:30:55,920 if you remember we will store this 5306 03:30:55,920 --> 03:30:58,560 inside of our answer variable and then 5307 03:30:58,560 --> 03:31:00,840 we will perform the SRP function which 5308 03:31:00,840 --> 03:31:03,600 sends and retrieves the response 5309 03:31:03,600 --> 03:31:06,000 we will perform that on the get Mac 5310 03:31:06,000 --> 03:31:08,540 packet 5311 03:31:09,060 --> 03:31:12,600 with the timeout of two seconds 5312 03:31:12,600 --> 03:31:14,520 we want to set different post to be 5313 03:31:14,520 --> 03:31:16,319 equal to false 5314 03:31:16,319 --> 03:31:19,140 and we want to grab the first element of 5315 03:31:19,140 --> 03:31:21,060 this list which is going to be the list 5316 03:31:21,060 --> 03:31:22,920 with answers 5317 03:31:22,920 --> 03:31:25,560 all right and then from that list with 5318 03:31:25,560 --> 03:31:28,020 answers we want to return the MAC 5319 03:31:28,020 --> 03:31:31,439 address of the specified Target so we 5320 03:31:31,439 --> 03:31:33,899 are returning the answer this answer 5321 03:31:33,899 --> 03:31:36,660 variable will also have a bunch of lists 5322 03:31:36,660 --> 03:31:38,580 so we need to set right here that we 5323 03:31:38,580 --> 03:31:40,979 want the first list 5324 03:31:40,979 --> 03:31:43,319 then from the first list we want the 5325 03:31:43,319 --> 03:31:45,899 response which is going to have the MAC 5326 03:31:45,899 --> 03:31:48,120 address of the Target and therefore we 5327 03:31:48,120 --> 03:31:51,960 want to get it with HW SRC so we are 5328 03:31:51,960 --> 03:31:53,760 returning the MAC address of the target 5329 03:31:53,760 --> 03:31:55,319 machine 5330 03:31:55,319 --> 03:31:57,239 alright so before we continue anything 5331 03:31:57,239 --> 03:32:01,340 let's see whether this works 5332 03:32:01,439 --> 03:32:05,540 at the end we're going to print 5333 03:32:05,580 --> 03:32:09,000 the router Mac 5334 03:32:09,000 --> 03:32:11,899 and we want to print 5335 03:32:11,899 --> 03:32:14,819 the target Mac 5336 03:32:14,819 --> 03:32:17,580 so let's run the program we already know 5337 03:32:17,580 --> 03:32:20,220 that we have to run it like this so keep 5338 03:32:20,220 --> 03:32:22,080 in mind that you do not reverse these 5339 03:32:22,080 --> 03:32:23,760 two IP addresses the first IP address 5340 03:32:23,760 --> 03:32:26,340 that should go is the router's IP which 5341 03:32:26,340 --> 03:32:28,859 we can see right here since this is the 5342 03:32:28,859 --> 03:32:31,439 element 2 and this is the element 3 and 5343 03:32:31,439 --> 03:32:34,200 the second argument is the target's IP 5344 03:32:34,200 --> 03:32:36,239 so if I run this 5345 03:32:36,239 --> 03:32:38,819 we get both of the Mac addresses printed 5346 03:32:38,819 --> 03:32:41,819 out at the screen so we successfully get 5347 03:32:41,819 --> 03:32:44,160 the Mac addresses to our router and 5348 03:32:44,160 --> 03:32:45,479 Target machine 5349 03:32:45,479 --> 03:32:46,920 good 5350 03:32:46,920 --> 03:32:49,439 in the next video we can code this poof 5351 03:32:49,439 --> 03:32:51,540 part which is going to actually send the 5352 03:32:51,540 --> 03:32:54,479 malicious packet and create our spoofing 5353 03:32:54,479 --> 03:32:56,700 between these two Targets so thank you 5354 03:32:56,700 --> 03:32:58,500 for watching this lecture and I will see 5355 03:32:58,500 --> 03:33:01,680 you in the next video bye 5356 03:33:01,680 --> 03:33:04,200 welcome back so for now on half of the 5357 03:33:04,200 --> 03:33:06,479 program is done good we managed to get 5358 03:33:06,479 --> 03:33:08,640 Mac addresses from our Target and our 5359 03:33:08,640 --> 03:33:11,220 router now it's time to actually perform 5360 03:33:11,220 --> 03:33:13,439 the hacking stuff and spoke these two 5361 03:33:13,439 --> 03:33:14,640 Targets 5362 03:33:14,640 --> 03:33:17,460 alright so let's do it now that we got 5363 03:33:17,460 --> 03:33:19,260 the Mac addresses let's see what's next 5364 03:33:19,260 --> 03:33:21,420 step first of all I'm going to delete 5365 03:33:21,420 --> 03:33:23,580 these two print statements as we don't 5366 03:33:23,580 --> 03:33:25,080 really need them 5367 03:33:25,080 --> 03:33:26,760 at the moment 5368 03:33:26,760 --> 03:33:29,660 lower this 5369 03:33:29,939 --> 03:33:32,760 and now if you remember we need to enter 5370 03:33:32,760 --> 03:33:34,979 a while loop in order for our spoofing 5371 03:33:34,979 --> 03:33:37,620 to last longer 5372 03:33:37,620 --> 03:33:39,479 so what we are going to do is I'm going 5373 03:33:39,479 --> 03:33:41,880 to type the try and accept statement 5374 03:33:41,880 --> 03:33:43,380 right here 5375 03:33:43,380 --> 03:33:45,660 and in this try statement we'll simply 5376 03:33:45,660 --> 03:33:48,000 just try to spoof the targets so while 5377 03:33:48,000 --> 03:33:50,300 true 5378 03:33:50,460 --> 03:33:53,819 we want to spoof 5379 03:33:53,819 --> 03:33:55,680 and we will see in just a second what 5380 03:33:55,680 --> 03:33:58,800 parameters will this pull function take 5381 03:33:58,800 --> 03:34:01,739 and in the accept statement we want to 5382 03:34:01,739 --> 03:34:02,939 accept 5383 03:34:02,939 --> 03:34:05,520 keyboard Interruption and the re the 5384 03:34:05,520 --> 03:34:07,080 reason why we're specifying the keyboard 5385 03:34:07,080 --> 03:34:09,120 interrupt is because if you take a 5386 03:34:09,120 --> 03:34:10,859 closer look this is a while true Loop 5387 03:34:10,859 --> 03:34:13,140 and while true Loop are infinite Loops 5388 03:34:13,140 --> 03:34:15,300 that means this false proof for the 5389 03:34:15,300 --> 03:34:17,460 infinite amount of time therefore we 5390 03:34:17,460 --> 03:34:19,500 want to make sure that at any time that 5391 03:34:19,500 --> 03:34:21,420 we want to stop the program we'll simply 5392 03:34:21,420 --> 03:34:23,100 just keyboard interrupt and it will 5393 03:34:23,100 --> 03:34:25,319 close the spoofing 5394 03:34:25,319 --> 03:34:28,880 so I will print right here 5395 03:34:29,160 --> 03:34:33,000 closing arp's buffer 5396 03:34:33,000 --> 03:34:35,640 and then we can simply exit the program 5397 03:34:35,640 --> 03:34:37,020 all right 5398 03:34:37,020 --> 03:34:39,300 so now let's get back to this both 5399 03:34:39,300 --> 03:34:41,580 function it is read underlined of course 5400 03:34:41,580 --> 03:34:43,680 because it doesn't exist therefore we 5401 03:34:43,680 --> 03:34:45,660 will have to code it but before we do 5402 03:34:45,660 --> 03:34:47,340 that let's take a look at what 5403 03:34:47,340 --> 03:34:50,040 parameters this function should take 5404 03:34:50,040 --> 03:34:51,479 well 5405 03:34:51,479 --> 03:34:53,880 it actually has to take all of these 5406 03:34:53,880 --> 03:34:56,399 four parameters right here since we want 5407 03:34:56,399 --> 03:34:58,620 to spoof both to the targets and for 5408 03:34:58,620 --> 03:35:00,600 each of the target we need its own Mac 5409 03:35:00,600 --> 03:35:03,239 address and its own IP address therefore 5410 03:35:03,239 --> 03:35:05,220 we need to send all of these four 5411 03:35:05,220 --> 03:35:08,640 variables into this spool function 5412 03:35:08,640 --> 03:35:11,640 let's keep a track of in which order we 5413 03:35:11,640 --> 03:35:13,080 are sending them so we're first of all 5414 03:35:13,080 --> 03:35:15,739 going to send 5415 03:35:15,779 --> 03:35:18,960 router IP 5416 03:35:18,960 --> 03:35:22,319 then we will send Target IP 5417 03:35:22,319 --> 03:35:25,080 then we'll send router Mac and the last 5418 03:35:25,080 --> 03:35:28,800 thing we need to send is the target Mac 5419 03:35:28,800 --> 03:35:31,500 so we are sending these four variables 5420 03:35:31,500 --> 03:35:34,620 and right here we will code the function 5421 03:35:34,620 --> 03:35:36,600 itself 5422 03:35:36,600 --> 03:35:38,760 and keep in mind that we need to specify 5423 03:35:38,760 --> 03:35:41,520 the exact same order of these variables 5424 03:35:41,520 --> 03:35:43,800 so we don't get error when running the 5425 03:35:43,800 --> 03:35:45,000 program 5426 03:35:45,000 --> 03:35:47,640 the next one is Target IP 5427 03:35:47,640 --> 03:35:50,040 after it comes the router Mac 5428 03:35:50,040 --> 03:35:54,000 and lastly the target Mac here it is now 5429 03:35:54,000 --> 03:35:55,739 let's see what we need to code right 5430 03:35:55,739 --> 03:35:56,939 here 5431 03:35:56,939 --> 03:35:59,340 in the first video of this section once 5432 03:35:59,340 --> 03:36:01,859 we created the first malicious packet we 5433 03:36:01,859 --> 03:36:04,560 created it using an OP equals tool which 5434 03:36:04,560 --> 03:36:06,479 is a response which is good it should be 5435 03:36:06,479 --> 03:36:08,399 like that and we're going to do the same 5436 03:36:08,399 --> 03:36:11,040 thing right here just right now instead 5437 03:36:11,040 --> 03:36:12,960 of one packet we're going to create two 5438 03:36:12,960 --> 03:36:15,120 packets one will be sent to the router 5439 03:36:15,120 --> 03:36:16,739 and the other one will be sent to the 5440 03:36:16,739 --> 03:36:19,200 Windows 10 machine spoofing them both at 5441 03:36:19,200 --> 03:36:20,340 the same time 5442 03:36:20,340 --> 03:36:22,260 so let's create a variable which will be 5443 03:36:22,260 --> 03:36:24,120 called packet one 5444 03:36:24,120 --> 03:36:27,300 the packet one will be a packet that we 5445 03:36:27,300 --> 03:36:30,239 will determine to go to the router 5446 03:36:30,239 --> 03:36:32,279 so how can we do that we'll we'll simply 5447 03:36:32,279 --> 03:36:35,399 create escape.arp packet as usual 5448 03:36:35,399 --> 03:36:38,040 we send the op to be equal to 2 since 5449 03:36:38,040 --> 03:36:41,160 this is a response and in order to to 5450 03:36:41,160 --> 03:36:43,439 navigate this packet to router we simply 5451 03:36:43,439 --> 03:36:45,300 send the hardware destination to be 5452 03:36:45,300 --> 03:36:47,640 equal to router Mac 5453 03:36:47,640 --> 03:36:49,500 we also need to send the P destination 5454 03:36:49,500 --> 03:36:53,420 to be equal to router IP 5455 03:36:53,580 --> 03:36:56,160 right here and another thing that we 5456 03:36:56,160 --> 03:36:58,680 need is going to be the P source 5457 03:36:58,680 --> 03:37:01,800 now before I actually type this B Source 5458 03:37:01,800 --> 03:37:03,899 I will create packet2 5459 03:37:03,899 --> 03:37:05,939 which is going to be navigated to the 5460 03:37:05,939 --> 03:37:07,260 Windows 10 machine 5461 03:37:07,260 --> 03:37:09,660 or to your own Target machine which is 5462 03:37:09,660 --> 03:37:12,239 not router 5463 03:37:12,239 --> 03:37:15,979 op has to be equal to two 5464 03:37:16,739 --> 03:37:19,200 Hardware destination has to be equal to 5465 03:37:19,200 --> 03:37:20,819 Target Mac 5466 03:37:20,819 --> 03:37:22,920 NDP destination has to be equal to 5467 03:37:22,920 --> 03:37:24,540 Target IP 5468 03:37:24,540 --> 03:37:26,939 and P Source once again we're going to 5469 03:37:26,939 --> 03:37:29,160 leave empty right here 5470 03:37:29,160 --> 03:37:30,840 and the reason why we are leaving it 5471 03:37:30,840 --> 03:37:32,760 empty what do you think what should be 5472 03:37:32,760 --> 03:37:36,120 the P Source or the packet source 5473 03:37:36,120 --> 03:37:38,819 in the first packet 5474 03:37:38,819 --> 03:37:40,979 keep in mind that the P source is the IP 5475 03:37:40,979 --> 03:37:42,960 address of the machine that is sending 5476 03:37:42,960 --> 03:37:45,239 this packet so in our case that will be 5477 03:37:45,239 --> 03:37:47,279 the IP address of the cataly Linux 5478 03:37:47,279 --> 03:37:48,420 machine 5479 03:37:48,420 --> 03:37:50,279 but we're not going to specify the IP 5480 03:37:50,279 --> 03:37:51,840 address of the Cal Linux machine because 5481 03:37:51,840 --> 03:37:54,120 then it would just be a regular packet 5482 03:37:54,120 --> 03:37:55,620 we want to create a malicious packet 5483 03:37:55,620 --> 03:37:56,880 that will be able to spoof the 5484 03:37:56,880 --> 03:37:57,899 connection 5485 03:37:57,899 --> 03:38:00,359 so what we need to specify right here is 5486 03:38:00,359 --> 03:38:02,460 the target's IP 5487 03:38:02,460 --> 03:38:04,439 we want to send this packet to the 5488 03:38:04,439 --> 03:38:07,319 router and make it seem as it came from 5489 03:38:07,319 --> 03:38:08,939 the Windows 10 machine 5490 03:38:08,939 --> 03:38:10,920 the same thing goes with the packet 2. 5491 03:38:10,920 --> 03:38:12,540 we want to send this packet to the 5492 03:38:12,540 --> 03:38:15,300 Windows 10 machine and make it seem like 5493 03:38:15,300 --> 03:38:17,700 it came from the router therefore in the 5494 03:38:17,700 --> 03:38:20,700 packet 2 we are specifying router IP 5495 03:38:20,700 --> 03:38:24,239 simple as that 5496 03:38:24,239 --> 03:38:26,939 all we are left to do right now is send 5497 03:38:26,939 --> 03:38:28,979 these two packets 5498 03:38:28,979 --> 03:38:31,739 so how can we do that well using the 5499 03:38:31,739 --> 03:38:35,420 send function so kp.send 5500 03:38:35,880 --> 03:38:38,580 we will first send back F1 5501 03:38:38,580 --> 03:38:41,580 and then scapit.send 5502 03:38:41,580 --> 03:38:43,560 packet two 5503 03:38:43,560 --> 03:38:46,260 all right simple as that and our program 5504 03:38:46,260 --> 03:38:49,859 is almost done all we are left to add is 5505 03:38:49,859 --> 03:38:52,439 right here under the while true Loop 5506 03:38:52,439 --> 03:38:54,600 below this pull function we want to add 5507 03:38:54,600 --> 03:38:57,600 a small timeout so it doesn't spoof too 5508 03:38:57,600 --> 03:39:00,420 fast we want to add time.sleep 5509 03:39:00,420 --> 03:39:03,600 let's sleep for 2 seconds between each 5510 03:39:03,600 --> 03:39:06,120 and every packet that we send so we will 5511 03:39:06,120 --> 03:39:07,920 send the ARP response the malicious art 5512 03:39:07,920 --> 03:39:10,380 response every two seconds and we will 5513 03:39:10,380 --> 03:39:12,840 keep the ARP tables updated with the 5514 03:39:12,840 --> 03:39:15,359 incorrect Mac addresses to the router 5515 03:39:15,359 --> 03:39:17,399 and Windows 10 machine 5516 03:39:17,399 --> 03:39:20,399 so our program should be finished now 5517 03:39:20,399 --> 03:39:24,120 Let's test it and see how it works if I 5518 03:39:24,120 --> 03:39:26,580 open up my terminal right here 5519 03:39:26,580 --> 03:39:29,460 clear the screen and type python Arps 5520 03:39:29,460 --> 03:39:33,200 and then I specify 5521 03:39:33,200 --> 03:39:36,000 192.168.1.1 so first goes the router's 5522 03:39:36,000 --> 03:39:39,420 IP address and then 182.168.1 5523 03:39:39,420 --> 03:39:42,300 .2 this is the Windows 10 IP address 5524 03:39:42,300 --> 03:39:44,880 before we run it let's check once again 5525 03:39:44,880 --> 03:39:49,380 the arc tables of this target machine 5526 03:39:49,380 --> 03:39:52,859 let's also open a browser so we can see 5527 03:39:52,859 --> 03:39:55,260 that we can connect to the internet 5528 03:39:55,260 --> 03:39:57,660 okay so here is the browser and every 5529 03:39:57,660 --> 03:39:59,580 time we actually open this browser our 5530 03:39:59,580 --> 03:40:01,560 connection goes through the router 5531 03:40:01,560 --> 03:40:03,720 through this Mac address and then it 5532 03:40:03,720 --> 03:40:06,239 retrieves this page back to us and right 5533 03:40:06,239 --> 03:40:08,520 now we're going to try to make this 5534 03:40:08,520 --> 03:40:10,920 browser open the page while going 5535 03:40:10,920 --> 03:40:13,319 through our Linux machine 5536 03:40:13,319 --> 03:40:16,819 so let's run the program 5537 03:40:18,060 --> 03:40:20,760 it will print right here send one packet 5538 03:40:20,760 --> 03:40:22,500 these are the packets that are being 5539 03:40:22,500 --> 03:40:25,080 sent each and every two seconds as we 5540 03:40:25,080 --> 03:40:27,540 specified right here now let's check the 5541 03:40:27,540 --> 03:40:31,020 arc tables on our Windows 10 machine 5542 03:40:31,020 --> 03:40:33,180 and we can see we successfully spoofed 5543 03:40:33,180 --> 03:40:35,819 the MAC address of the router now the 5544 03:40:35,819 --> 03:40:37,620 Windows 10 machine thinks that the 5545 03:40:37,620 --> 03:40:40,260 router is our Linux machine and sends 5546 03:40:40,260 --> 03:40:42,300 all the packets to us 5547 03:40:42,300 --> 03:40:44,760 same goes with the router the router is 5548 03:40:44,760 --> 03:40:46,920 also spoofed and sends all the packets 5549 03:40:46,920 --> 03:40:48,479 that should go to the Windows 10 machine 5550 03:40:48,479 --> 03:40:51,000 to our Cal Linux machine 5551 03:40:51,000 --> 03:40:53,520 now if we try to go 5552 03:40:53,520 --> 03:40:55,620 and open 5553 03:40:55,620 --> 03:40:57,720 some page 5554 03:40:57,720 --> 03:41:00,359 I clicked on a random website you will 5555 03:41:00,359 --> 03:41:04,260 notice that it will load pretty long 5556 03:41:04,260 --> 03:41:06,960 matter of fact in just a few seconds it 5557 03:41:06,960 --> 03:41:08,819 will say that the actual connection 5558 03:41:08,819 --> 03:41:11,100 cannot be established and it will not 5559 03:41:11,100 --> 03:41:12,779 open this page 5560 03:41:12,779 --> 03:41:15,359 now why is that well let me click X 5561 03:41:15,359 --> 03:41:16,620 right here 5562 03:41:16,620 --> 03:41:19,620 if we close this program right here 5563 03:41:19,620 --> 03:41:22,200 there is one thing that we forgot to do 5564 03:41:22,200 --> 03:41:24,359 we successfully spoofed both of the 5565 03:41:24,359 --> 03:41:27,060 targets but now we perform more of 5566 03:41:27,060 --> 03:41:29,580 something like a Dos attack on both of 5567 03:41:29,580 --> 03:41:31,200 these targets as they cannot connect to 5568 03:41:31,200 --> 03:41:32,640 the internet anymore 5569 03:41:32,640 --> 03:41:34,739 that is because we are not forwarding 5570 03:41:34,739 --> 03:41:38,040 packets from one target to another 5571 03:41:38,040 --> 03:41:39,899 in order to be able to forward the 5572 03:41:39,899 --> 03:41:41,520 packets we need to run the command 5573 03:41:41,520 --> 03:41:43,500 inside of our terminal 5574 03:41:43,500 --> 03:41:46,500 which is Echo 1 5575 03:41:46,500 --> 03:41:49,200 and then these two arrows to write at 5576 03:41:49,200 --> 03:41:51,779 this location so slash proc slash sys 5577 03:41:51,779 --> 03:41:54,600 slash net 5578 03:41:54,600 --> 03:41:59,880 slash ipv4 and slash IP forward 5579 03:41:59,880 --> 03:42:01,739 press here enter 5580 03:42:01,739 --> 03:42:05,720 and if I run the program once again 5581 03:42:07,680 --> 03:42:11,040 and try to load the website 5582 03:42:11,040 --> 03:42:14,399 now it loads successfully 5583 03:42:14,399 --> 03:42:17,399 we can load every website that we want 5584 03:42:17,399 --> 03:42:19,140 if you want to we can also go to 5585 03:42:19,140 --> 03:42:21,800 facebook.com 5586 03:42:24,899 --> 03:42:26,939 it will load all the pages without any 5587 03:42:26,939 --> 03:42:28,859 problem and on the Windows 10 machine 5588 03:42:28,859 --> 03:42:31,140 you will not notice anything out of 5589 03:42:31,140 --> 03:42:33,300 order you will most likely never know 5590 03:42:33,300 --> 03:42:35,460 that you have been R spoofed and that 5591 03:42:35,460 --> 03:42:37,399 someone can read all of your information 5592 03:42:37,399 --> 03:42:39,420 the only way that you can actually 5593 03:42:39,420 --> 03:42:41,640 notice that if you simply just go to 5594 03:42:41,640 --> 03:42:43,500 your command prompt and type the command 5595 03:42:43,500 --> 03:42:45,540 arp-8 5596 03:42:45,540 --> 03:42:48,060 and you notice that two different IP 5597 03:42:48,060 --> 03:42:50,399 addresses have same Mac address this is 5598 03:42:50,399 --> 03:42:52,439 a good indication that at the moment you 5599 03:42:52,439 --> 03:42:55,319 are being arp spoofed all right so we 5600 03:42:55,319 --> 03:42:57,479 can see our arp's buffer works correctly 5601 03:42:57,479 --> 03:42:59,399 now all the packets are going through 5602 03:42:59,399 --> 03:43:01,319 our own machine and we can read them if 5603 03:43:01,319 --> 03:43:03,840 we want to but more about that in the 5604 03:43:03,840 --> 03:43:06,300 later sections when we code our own 5605 03:43:06,300 --> 03:43:08,399 password sniffer then we are going to 5606 03:43:08,399 --> 03:43:10,739 combine our arp's buffer right here with 5607 03:43:10,739 --> 03:43:12,899 the password sniffer and we're going to 5608 03:43:12,899 --> 03:43:15,600 see how these two tools will combine in 5609 03:43:15,600 --> 03:43:17,640 order for us to sniff the passwords that 5610 03:43:17,640 --> 03:43:20,100 some more types in their browser alright 5611 03:43:20,100 --> 03:43:21,479 so that would be about it for this 5612 03:43:21,479 --> 03:43:23,880 section in the next video of course we 5613 03:43:23,880 --> 03:43:26,040 are going to perform a small recap onto 5614 03:43:26,040 --> 03:43:28,319 this program and then we will proceed to 5615 03:43:28,319 --> 03:43:29,640 the next project 5616 03:43:29,640 --> 03:43:33,000 thank you for watching and take care bye 5617 03:43:33,000 --> 03:43:35,399 welcome back and before we finish off 5618 03:43:35,399 --> 03:43:37,859 with this section let us do a recap on 5619 03:43:37,859 --> 03:43:39,300 our ARP Stover 5620 03:43:39,300 --> 03:43:41,160 so we'll start off from the beginning of 5621 03:43:41,160 --> 03:43:42,180 the program 5622 03:43:42,180 --> 03:43:44,760 we first prompt the user from 40 Target 5623 03:43:44,760 --> 03:43:47,340 IP and the router IP which they provide 5624 03:43:47,340 --> 03:43:49,920 us with the command itself so the 5625 03:43:49,920 --> 03:43:52,680 command goes Python 3 arp's buffer then 5626 03:43:52,680 --> 03:43:54,540 the IP address of the router and then 5627 03:43:54,540 --> 03:43:57,120 the IP address of the target machine 5628 03:43:57,120 --> 03:43:59,100 then with these information that we 5629 03:43:59,100 --> 03:44:01,920 gather from the command itself we 5630 03:44:01,920 --> 03:44:03,899 proceed to perform our own function 5631 03:44:03,899 --> 03:44:06,420 which is get MAC address function using 5632 03:44:06,420 --> 03:44:08,819 these information to get the target Mac 5633 03:44:08,819 --> 03:44:11,460 address and the router Mac address so we 5634 03:44:11,460 --> 03:44:13,500 use this function right here which is 5635 03:44:13,500 --> 03:44:15,060 get MAC address 5636 03:44:15,060 --> 03:44:17,700 we craft our own packet that will 5637 03:44:17,700 --> 03:44:19,800 consist of the broadcast layer which 5638 03:44:19,800 --> 03:44:21,720 will be the ethernet layer containing 5639 03:44:21,720 --> 03:44:23,399 the broadcast Mac address as the 5640 03:44:23,399 --> 03:44:24,479 destination 5641 03:44:24,479 --> 03:44:26,520 the second layer will be the r player 5642 03:44:26,520 --> 03:44:28,920 which will contain the IP address of the 5643 03:44:28,920 --> 03:44:31,920 target machine as the destination IP 5644 03:44:31,920 --> 03:44:34,920 then we craft that packet by adding both 5645 03:44:34,920 --> 03:44:36,960 of these layers together and then we 5646 03:44:36,960 --> 03:44:39,420 send the packet from the response of the 5647 03:44:39,420 --> 03:44:42,359 packet We Gather the MAC address of that 5648 03:44:42,359 --> 03:44:43,560 machine 5649 03:44:43,560 --> 03:44:45,779 right after we do that for both the 5650 03:44:45,779 --> 03:44:47,580 target Mac and the router Mac address 5651 03:44:47,580 --> 03:44:50,220 then we proceed to go into the while 5652 03:44:50,220 --> 03:44:52,800 true Loop or the infinite Loop which 5653 03:44:52,800 --> 03:44:55,080 will perform the spool function every 5654 03:44:55,080 --> 03:44:57,479 two seconds 5655 03:44:57,479 --> 03:45:00,180 so at every two seconds this function 5656 03:45:00,180 --> 03:45:02,640 right here will get executed and what 5657 03:45:02,640 --> 03:45:04,739 this function does is it creates two 5658 03:45:04,739 --> 03:45:06,840 different malformed or malicious packets 5659 03:45:06,840 --> 03:45:09,840 which one of them the first one spoofs 5660 03:45:09,840 --> 03:45:12,359 the router while the second one spoofs 5661 03:45:12,359 --> 03:45:14,880 the target machine 5662 03:45:14,880 --> 03:45:16,920 then we send both of these packets and 5663 03:45:16,920 --> 03:45:19,140 we perform that action every two seconds 5664 03:45:19,140 --> 03:45:21,960 in case we want to close the program we 5665 03:45:21,960 --> 03:45:24,180 simply just keyboard interrupt it and it 5666 03:45:24,180 --> 03:45:27,000 will exit the program 5667 03:45:27,000 --> 03:45:28,680 so we tested it in the previous video 5668 03:45:28,680 --> 03:45:30,300 therefore there is no really need to 5669 03:45:30,300 --> 03:45:32,399 test it right now and that is the entire 5670 03:45:32,399 --> 03:45:35,399 Arps spoofer now keep in mind that you 5671 03:45:35,399 --> 03:45:37,140 should not delete this program as we are 5672 03:45:37,140 --> 03:45:39,779 going to use it throughout the course in 5673 03:45:39,779 --> 03:45:42,180 order to show you what is the real power 5674 03:45:42,180 --> 03:45:44,340 of this ARP spoofer once we get to the 5675 03:45:44,340 --> 03:45:46,800 password sniffers the password crackers 5676 03:45:46,800 --> 03:45:49,200 and so on and so on for now on let's 5677 03:45:49,200 --> 03:45:51,600 just be there and wait for us as a 5678 03:45:51,600 --> 03:45:53,520 project in the pie chart and then we're 5679 03:45:53,520 --> 03:45:55,920 going to get back to it as soon as we 5680 03:45:55,920 --> 03:45:58,200 need it again alright so that would be 5681 03:45:58,200 --> 03:46:00,060 about all for this section I hope you 5682 03:46:00,060 --> 03:46:02,340 enjoyed it and I will see you in the 5683 03:46:02,340 --> 03:46:05,520 next project bye 5684 03:46:05,520 --> 03:46:07,620 hello everyone and welcome to the 5685 03:46:07,620 --> 03:46:09,540 password sniffer project 5686 03:46:09,540 --> 03:46:12,060 since we finished our ARP spoofer the 5687 03:46:12,060 --> 03:46:13,920 best idea would be to continue with the 5688 03:46:13,920 --> 03:46:15,840 project that we can combine with our 5689 03:46:15,840 --> 03:46:18,300 Arps buffer in order to be able to do a 5690 03:46:18,300 --> 03:46:19,439 complete attack 5691 03:46:19,439 --> 03:46:21,600 we already know that our Arab spoofer 5692 03:46:21,600 --> 03:46:23,760 can create man in the middle that allows 5693 03:46:23,760 --> 03:46:25,260 us to save the packets from the target 5694 03:46:25,260 --> 03:46:28,020 machine that we specify and right now we 5695 03:46:28,020 --> 03:46:30,060 need a password sniffer that will be 5696 03:46:30,060 --> 03:46:32,640 able to extract usernames and passwords 5697 03:46:32,640 --> 03:46:35,520 from all the packets that flow by 5698 03:46:35,520 --> 03:46:37,739 therefore let's get this going hopefully 5699 03:46:37,739 --> 03:46:39,540 you're excited and let's create a new 5700 03:46:39,540 --> 03:46:40,620 project 5701 03:46:40,620 --> 03:46:44,100 go on file new project and password 5702 03:46:44,100 --> 03:46:45,720 sniffer 5703 03:46:45,720 --> 03:46:47,399 let's call it like that 5704 03:46:47,399 --> 03:46:49,080 we want to create it in a separate 5705 03:46:49,080 --> 03:46:51,380 window 5706 03:46:52,319 --> 03:46:54,180 creating the virtual environment as 5707 03:46:54,180 --> 03:46:56,520 usual and for this project we're going 5708 03:46:56,520 --> 03:46:58,140 to use some libraries that we haven't 5709 03:46:58,140 --> 03:47:00,000 encountered before 5710 03:47:00,000 --> 03:47:02,279 so let's import them straight away we're 5711 03:47:02,279 --> 03:47:05,460 going to create our file new python file 5712 03:47:05,460 --> 03:47:08,040 and let's call it pass 5713 03:47:08,040 --> 03:47:12,660 Dash sniffer dot py simple as that we 5714 03:47:12,660 --> 03:47:15,420 are going to need escapee Library 5715 03:47:15,420 --> 03:47:17,399 which we used before so nothing really 5716 03:47:17,399 --> 03:47:19,020 to explain right here 5717 03:47:19,020 --> 03:47:22,319 and we will also need the URL lib 5718 03:47:22,319 --> 03:47:24,500 Library 5719 03:47:28,739 --> 03:47:31,020 all right and the third library that 5720 03:47:31,020 --> 03:47:32,640 we're going to need is going to be the 5721 03:47:32,640 --> 03:47:36,300 re or the regex library and the regex 5722 03:47:36,300 --> 03:47:37,500 library is something that we are going 5723 03:47:37,500 --> 03:47:39,359 to need in order to extract the 5724 03:47:39,359 --> 03:47:41,640 usernames and passwords from the entire 5725 03:47:41,640 --> 03:47:43,500 packet alright 5726 03:47:43,500 --> 03:47:45,660 now our program will have two different 5727 03:47:45,660 --> 03:47:46,859 functions 5728 03:47:46,859 --> 03:47:48,960 one of the functions will parse the 5729 03:47:48,960 --> 03:47:51,180 packets that we Sniff and the second 5730 03:47:51,180 --> 03:47:53,279 function will try to extract the 5731 03:47:53,279 --> 03:47:56,640 username and password from those packets 5732 03:47:56,640 --> 03:47:58,439 but before we do any of that and before 5733 03:47:58,439 --> 03:48:00,840 we code those two functions we first of 5734 03:48:00,840 --> 03:48:02,700 all need to start sniffing for the 5735 03:48:02,700 --> 03:48:03,779 packets 5736 03:48:03,779 --> 03:48:05,880 now let's imagine that our arp's buffer 5737 03:48:05,880 --> 03:48:07,800 is running so what we would want to do 5738 03:48:07,800 --> 03:48:10,920 is we will want to try to sniff those 5739 03:48:10,920 --> 03:48:13,319 packets and this sniff function is 5740 03:48:13,319 --> 03:48:15,420 something that exists in KP so we don't 5741 03:48:15,420 --> 03:48:17,340 really need to code it we simply just 5742 03:48:17,340 --> 03:48:19,800 specify Sniff and it will gather all the 5743 03:48:19,800 --> 03:48:22,560 packets on the specified interface 5744 03:48:22,560 --> 03:48:25,560 sounds good right so since I said that 5745 03:48:25,560 --> 03:48:26,939 it will gather the packets on a 5746 03:48:26,939 --> 03:48:29,160 specified interface therefore we need to 5747 03:48:29,160 --> 03:48:31,140 specify the interface 5748 03:48:31,140 --> 03:48:33,960 we will select the iFace to be equal to 5749 03:48:33,960 --> 03:48:35,340 I face 5750 03:48:35,340 --> 03:48:38,220 and we can code up here I face to be 5751 03:48:38,220 --> 03:48:41,160 equal to your interface in my case that 5752 03:48:41,160 --> 03:48:42,779 is eth0 5753 03:48:42,779 --> 03:48:44,880 now in order to check out what is the 5754 03:48:44,880 --> 03:48:46,500 name of your interface you simply just 5755 03:48:46,500 --> 03:48:48,779 open up your terminal and you can type 5756 03:48:48,779 --> 03:48:50,880 ifconfig 5757 03:48:50,880 --> 03:48:55,279 the interface is the name right here 5758 03:48:55,620 --> 03:48:58,080 since I'm using ethernet cable on Kali 5759 03:48:58,080 --> 03:49:00,600 Linux and this is the actual interface 5760 03:49:00,600 --> 03:49:02,580 which I am using to connect to the 5761 03:49:02,580 --> 03:49:05,399 internet I will specify this name inside 5762 03:49:05,399 --> 03:49:06,660 of my program 5763 03:49:06,660 --> 03:49:09,060 if you are for example using a wireless 5764 03:49:09,060 --> 03:49:11,340 adapter you don't want to specify this 5765 03:49:11,340 --> 03:49:13,020 interface you want to specify the 5766 03:49:13,020 --> 03:49:15,060 wireless adapter which you are using to 5767 03:49:15,060 --> 03:49:16,620 connect to the internet 5768 03:49:16,620 --> 03:49:18,660 if you're simply just connecting over 5769 03:49:18,660 --> 03:49:20,939 the internet cable like me feel free to 5770 03:49:20,939 --> 03:49:23,640 specify the ethernet interface all right 5771 03:49:23,640 --> 03:49:25,979 simple as that let's close this 5772 03:49:25,979 --> 03:49:27,899 now that we got that out of the way 5773 03:49:27,899 --> 03:49:30,720 let's continue with our sniff function 5774 03:49:30,720 --> 03:49:33,180 the next parameter is going to be PRN 5775 03:49:33,180 --> 03:49:35,580 which simply means whatever we specify 5776 03:49:35,580 --> 03:49:37,920 after the equal sign 5777 03:49:37,920 --> 03:49:40,800 that function will be used in order to 5778 03:49:40,800 --> 03:49:43,260 parse the packets that we sniffed using 5779 03:49:43,260 --> 03:49:44,760 this sniff function 5780 03:49:44,760 --> 03:49:46,500 so we're going to create later on a 5781 03:49:46,500 --> 03:49:50,239 function called packet parser 5782 03:49:50,279 --> 03:49:52,140 and the third parameter and last 5783 03:49:52,140 --> 03:49:54,060 parameter is going to be stored to be 5784 03:49:54,060 --> 03:49:55,680 equal to zero so we don't want to store 5785 03:49:55,680 --> 03:49:57,779 anything we don't want to save it 5786 03:49:57,779 --> 03:50:00,000 anywhere we simply just want it to Flow 5787 03:50:00,000 --> 03:50:01,080 by 5788 03:50:01,080 --> 03:50:03,960 all right so as I mentioned before there 5789 03:50:03,960 --> 03:50:05,220 are two functions that we are going to 5790 03:50:05,220 --> 03:50:07,260 need the first one will be the packet 5791 03:50:07,260 --> 03:50:09,359 parser which we use to parse the packets 5792 03:50:09,359 --> 03:50:11,939 from our sniff function as we can see 5793 03:50:11,939 --> 03:50:13,200 right here 5794 03:50:13,200 --> 03:50:16,640 so packet parser 5795 03:50:16,680 --> 03:50:18,720 this packet parser will take one 5796 03:50:18,720 --> 03:50:20,220 parameter which will be the packet 5797 03:50:20,220 --> 03:50:22,800 itself or we can simply type it like 5798 03:50:22,800 --> 03:50:24,779 this packet 5799 03:50:24,779 --> 03:50:28,020 and the second function would be 5800 03:50:28,020 --> 03:50:33,840 Define get login pass 5801 03:50:34,260 --> 03:50:36,359 and this function will also take a 5802 03:50:36,359 --> 03:50:38,100 parameter which will be 5803 03:50:38,100 --> 03:50:40,140 Well for now on we're not we're going to 5804 03:50:40,140 --> 03:50:41,880 leave it without the parameter and we're 5805 03:50:41,880 --> 03:50:44,220 going to add it later on we created 5806 03:50:44,220 --> 03:50:46,260 these two functions all we're left to do 5807 03:50:46,260 --> 03:50:48,540 is run the code inside them 5808 03:50:48,540 --> 03:50:50,700 but let's not get ahead 5809 03:50:50,700 --> 03:50:52,500 we're just going to leave them for this 5810 03:50:52,500 --> 03:50:54,600 video and right here we're going to add 5811 03:50:54,600 --> 03:50:56,520 the accept statement 5812 03:50:56,520 --> 03:50:59,520 of course keyboard interrupt if we 5813 03:50:59,520 --> 03:51:01,380 interrupt the keyboard 5814 03:51:01,380 --> 03:51:05,520 then we can print for example exiting 5815 03:51:05,520 --> 03:51:09,060 and we can then sis or because you could 5816 03:51:09,060 --> 03:51:10,979 just exit the program since we don't 5817 03:51:10,979 --> 03:51:13,680 have the sys Library imported 5818 03:51:13,680 --> 03:51:16,200 and one more thing before we finish off 5819 03:51:16,200 --> 03:51:18,060 with this video is that we need to 5820 03:51:18,060 --> 03:51:20,040 install this KP Library 5821 03:51:20,040 --> 03:51:22,020 we know how to do that pip3 install 5822 03:51:22,020 --> 03:51:23,880 Skippy 5823 03:51:23,880 --> 03:51:26,220 and after this downloads we should be 5824 03:51:26,220 --> 03:51:28,500 good to go and we should be ready to 5825 03:51:28,500 --> 03:51:30,899 code these two functions in the next few 5826 03:51:30,899 --> 03:51:32,040 videos 5827 03:51:32,040 --> 03:51:33,660 so thank you for watching this 5828 03:51:33,660 --> 03:51:35,819 introductory video on password sniffer 5829 03:51:35,819 --> 03:51:37,979 and I will see you in the next lecture 5830 03:51:37,979 --> 03:51:40,200 bye 5831 03:51:40,200 --> 03:51:42,720 welcome back let's continue with our 5832 03:51:42,720 --> 03:51:44,100 password sniffer 5833 03:51:44,100 --> 03:51:46,200 so the first function out of these two 5834 03:51:46,200 --> 03:51:47,760 which we mentioned that we are going to 5835 03:51:47,760 --> 03:51:50,760 need is this one we want to first of all 5836 03:51:50,760 --> 03:51:54,000 parse the packets and filter them should 5837 03:51:54,000 --> 03:51:55,739 I say so we want to filter for the 5838 03:51:55,739 --> 03:51:57,960 specific packets that might contain the 5839 03:51:57,960 --> 03:51:59,939 username and password and then only 5840 03:51:59,939 --> 03:52:01,979 after this is done we're going to paste 5841 03:52:01,979 --> 03:52:04,620 the content of those packets into this 5842 03:52:04,620 --> 03:52:07,500 get login password function and in this 5843 03:52:07,500 --> 03:52:09,359 function we're going to extract the 5844 03:52:09,359 --> 03:52:12,420 username and password all right so let's 5845 03:52:12,420 --> 03:52:15,120 start off with packet parser 5846 03:52:15,120 --> 03:52:16,739 first thing that we need to specify 5847 03:52:16,739 --> 03:52:18,779 right here is we need to check for 5848 03:52:18,779 --> 03:52:22,140 whether this packet has the TCP layer 5849 03:52:22,140 --> 03:52:24,359 now we can simply just do that if we 5850 03:52:24,359 --> 03:52:26,460 specify if packet 5851 03:52:26,460 --> 03:52:29,700 dot has layer 5852 03:52:29,700 --> 03:52:32,819 and this is a function that exists in KP 5853 03:52:32,819 --> 03:52:35,160 we simply specify in the brackets which 5854 03:52:35,160 --> 03:52:37,080 layer we want to look for in our case 5855 03:52:37,080 --> 03:52:40,680 TCP all right so if packet has this 5856 03:52:40,680 --> 03:52:41,640 layer 5857 03:52:41,640 --> 03:52:43,439 then we're going to filter It Forward 5858 03:52:43,439 --> 03:52:45,540 there is another layer that you should 5859 03:52:45,540 --> 03:52:47,460 have and that is 5860 03:52:47,460 --> 03:52:50,100 packet dot has layer 5861 03:52:50,100 --> 03:52:51,540 Raw 5862 03:52:51,540 --> 03:52:54,899 and this raw layer is just a sub layer 5863 03:52:54,899 --> 03:52:58,500 of the TCP layer so if there is a raw 5864 03:52:58,500 --> 03:53:01,080 layer there is for sure going to be a 5865 03:53:01,080 --> 03:53:02,939 TCP layer 5866 03:53:02,939 --> 03:53:04,979 well in most cases 5867 03:53:04,979 --> 03:53:06,479 now another thing that we want to 5868 03:53:06,479 --> 03:53:10,080 specify right here is if it also has 5869 03:53:10,080 --> 03:53:13,340 the IP layer 5870 03:53:14,399 --> 03:53:16,200 now if these three statements are 5871 03:53:16,200 --> 03:53:18,359 satisfied then that is the packet that 5872 03:53:18,359 --> 03:53:20,399 we are looking for so we're going to 5873 03:53:20,399 --> 03:53:22,920 type right here two dots 5874 03:53:22,920 --> 03:53:25,380 and you might notice that right here 5875 03:53:25,380 --> 03:53:28,620 these names are red underlined well some 5876 03:53:28,620 --> 03:53:31,500 of them uh don't worry about that we're 5877 03:53:31,500 --> 03:53:33,720 going to worry about that later on it 5878 03:53:33,720 --> 03:53:35,580 will most likely even work without us 5879 03:53:35,580 --> 03:53:37,319 having to fix anything right here and 5880 03:53:37,319 --> 03:53:38,939 that is just some problem with the pie 5881 03:53:38,939 --> 03:53:40,920 charm itself so no need to worry about 5882 03:53:40,920 --> 03:53:42,600 that at the moment if there is anything 5883 03:53:42,600 --> 03:53:44,340 that we need to fix later on we are 5884 03:53:44,340 --> 03:53:46,739 going to fix it all right so now that we 5885 03:53:46,739 --> 03:53:48,960 got this statement right here 5886 03:53:48,960 --> 03:53:51,479 if that statement is fulfilled what we 5887 03:53:51,479 --> 03:53:53,580 want to do is we want to extract the 5888 03:53:53,580 --> 03:53:55,500 body of the packet 5889 03:53:55,500 --> 03:53:57,660 since in the body of the packet there is 5890 03:53:57,660 --> 03:53:59,700 going to be all the information that we 5891 03:53:59,700 --> 03:54:01,979 are looking for such as usernames and 5892 03:54:01,979 --> 03:54:04,500 passwords how can we do that well we can 5893 03:54:04,500 --> 03:54:06,359 simply just specify a variable which 5894 03:54:06,359 --> 03:54:08,640 will be called body and that variable 5895 03:54:08,640 --> 03:54:11,520 will be equal to the string 5896 03:54:11,520 --> 03:54:15,180 of the packet TCP part so we select it 5897 03:54:15,180 --> 03:54:17,160 like this in the square brackets and 5898 03:54:17,160 --> 03:54:19,620 then we want to select dot payload 5899 03:54:19,620 --> 03:54:22,260 all right so we're selecting the packet 5900 03:54:22,260 --> 03:54:25,199 taking the TCP part and inside of the 5901 03:54:25,199 --> 03:54:28,020 payload of the TCP layer there is going 5902 03:54:28,020 --> 03:54:30,779 to be a username and password in case 5903 03:54:30,779 --> 03:54:32,939 the target tried to log into some page 5904 03:54:32,939 --> 03:54:35,460 now what we want to do is we want to 5905 03:54:35,460 --> 03:54:38,100 send this body to our second function 5906 03:54:38,100 --> 03:54:40,620 which is going to be get login pass 5907 03:54:40,620 --> 03:54:44,040 so let's call the function get login 5908 03:54:44,040 --> 03:54:45,779 underscore pass 5909 03:54:45,779 --> 03:54:48,420 and we will pass the body straight to 5910 03:54:48,420 --> 03:54:49,739 that function 5911 03:54:49,739 --> 03:54:52,140 so let's go over this once again 5912 03:54:52,140 --> 03:54:55,020 we sniff on our interface which is eth0 5913 03:54:55,020 --> 03:54:57,660 then we check for each and every packet 5914 03:54:57,660 --> 03:55:00,779 if it has layer TCP if it has layer raw 5915 03:55:00,779 --> 03:55:03,840 and if it has layer IP if all of these 5916 03:55:03,840 --> 03:55:05,819 three conditions are met then we select 5917 03:55:05,819 --> 03:55:07,680 the body variable to be equal to the 5918 03:55:07,680 --> 03:55:10,020 payload of the TCP layer 5919 03:55:10,020 --> 03:55:13,260 once we select that we send this body to 5920 03:55:13,260 --> 03:55:15,300 our second function which is get login 5921 03:55:15,300 --> 03:55:16,739 pass 5922 03:55:16,739 --> 03:55:19,620 now inside of this function what we need 5923 03:55:19,620 --> 03:55:21,540 to do is we first of all need to need to 5924 03:55:21,540 --> 03:55:23,399 select two different variables first one 5925 03:55:23,399 --> 03:55:26,880 is going to be user to be equal to none 5926 03:55:26,880 --> 03:55:30,660 and password to be equal to none 5927 03:55:30,660 --> 03:55:33,120 now none simply means that we do not 5928 03:55:33,120 --> 03:55:35,040 have any value at the moment inside of 5929 03:55:35,040 --> 03:55:37,560 these two variables and hopefully at the 5930 03:55:37,560 --> 03:55:39,180 end of this function we should have the 5931 03:55:39,180 --> 03:55:41,880 username and password stored right here 5932 03:55:41,880 --> 03:55:44,520 so let's end our tutorial here and we 5933 03:55:44,520 --> 03:55:45,960 are going to continue in the next 5934 03:55:45,960 --> 03:55:48,120 lecture with the coding of our two 5935 03:55:48,120 --> 03:55:51,180 functions take care bye 5936 03:55:51,180 --> 03:55:53,760 welcome back this is our third tutorial 5937 03:55:53,760 --> 03:55:55,739 to our password sniffer 5938 03:55:55,739 --> 03:55:57,660 and you might notice that I added 5939 03:55:57,660 --> 03:55:59,399 something right here that we didn't have 5940 03:55:59,399 --> 03:56:01,560 in the previous video and those are 5941 03:56:01,560 --> 03:56:04,380 these two lists so I added the user's 5942 03:56:04,380 --> 03:56:07,500 fields and the passwords fields 5943 03:56:07,500 --> 03:56:09,960 these two lists are going to help us to 5944 03:56:09,960 --> 03:56:11,880 find for the usernames and passwords 5945 03:56:11,880 --> 03:56:14,760 inside of the body that we paste to this 5946 03:56:14,760 --> 03:56:15,720 function 5947 03:56:15,720 --> 03:56:18,000 so right here now that I mentioned body 5948 03:56:18,000 --> 03:56:20,399 I will paste it straight away since in 5949 03:56:20,399 --> 03:56:22,800 our packet parser function we do call it 5950 03:56:22,800 --> 03:56:25,560 as a parameter all right 5951 03:56:25,560 --> 03:56:27,960 so we're going to check for each and 5952 03:56:27,960 --> 03:56:30,540 every element from this list if it is 5953 03:56:30,540 --> 03:56:32,939 located inside of this body and if it is 5954 03:56:32,939 --> 03:56:35,220 we're going to print the username and 5955 03:56:35,220 --> 03:56:36,420 the password 5956 03:56:36,420 --> 03:56:38,520 now for you you don't really have to 5957 03:56:38,520 --> 03:56:40,920 type all of this if you don't want you 5958 03:56:40,920 --> 03:56:43,020 can go to the resources of this project 5959 03:56:43,020 --> 03:56:45,479 or at the end of this section and 5960 03:56:45,479 --> 03:56:47,520 download this program and simply just 5961 03:56:47,520 --> 03:56:50,100 copy and paste these two Fields all 5962 03:56:50,100 --> 03:56:51,239 right 5963 03:56:51,239 --> 03:56:53,880 so let's get straight into the coding 5964 03:56:53,880 --> 03:56:55,920 now that we have these two fields for 5965 03:56:55,920 --> 03:56:57,899 all the possible names for the usernames 5966 03:56:57,899 --> 03:57:00,720 and the passwords what we can do is we 5967 03:57:00,720 --> 03:57:02,640 can iterate over each and every element 5968 03:57:02,640 --> 03:57:06,239 so for example let's go over the user 5969 03:57:06,239 --> 03:57:07,560 Fields first 5970 03:57:07,560 --> 03:57:09,779 so far login 5971 03:57:09,779 --> 03:57:13,160 in user fields 5972 03:57:13,620 --> 03:57:17,060 we can simply just do 5973 03:57:17,399 --> 03:57:19,560 what we're going to do right here is 5974 03:57:19,560 --> 03:57:21,479 we're going to use regex in order to 5975 03:57:21,479 --> 03:57:24,420 extract the user names now I will first 5976 03:57:24,420 --> 03:57:25,859 type it right here and then I will 5977 03:57:25,859 --> 03:57:28,020 explain it to you so I'll create a 5978 03:57:28,020 --> 03:57:30,500 variable called login underscore R E 5979 03:57:30,500 --> 03:57:33,359 standing for regex and I'm going to call 5980 03:57:33,359 --> 03:57:35,160 the regex library with the search 5981 03:57:35,160 --> 03:57:36,960 function 5982 03:57:36,960 --> 03:57:39,540 in that function I'm going to specify 5983 03:57:39,540 --> 03:57:42,199 the pattern 5984 03:57:43,140 --> 03:57:46,800 which will be percent s equals open 5985 03:57:46,800 --> 03:57:50,340 square brackets close square brackets 5986 03:57:50,340 --> 03:57:53,300 upper sign 5987 03:57:54,899 --> 03:57:57,000 then this sign right here not really 5988 03:57:57,000 --> 03:57:58,979 sure how it is called and then at the 5989 03:57:58,979 --> 03:58:01,140 end we specify a plus 5990 03:58:01,140 --> 03:58:03,840 okay so this is our pattern and 5991 03:58:03,840 --> 03:58:06,779 wait for just a second I will explain it 5992 03:58:06,779 --> 03:58:08,819 we then type percent 5993 03:58:08,819 --> 03:58:10,800 login 5994 03:58:10,800 --> 03:58:16,080 and then comma body and then comma r e 5995 03:58:16,080 --> 03:58:18,420 dot ignore case 5996 03:58:18,420 --> 03:58:21,239 okay so before we continue I need to 5997 03:58:21,239 --> 03:58:23,460 explain this line a little bit better 5998 03:58:23,460 --> 03:58:25,500 so what we're doing right here is we're 5999 03:58:25,500 --> 03:58:28,560 creating login.re object 6000 03:58:28,560 --> 03:58:31,199 now we're calling the re Library which 6001 03:58:31,199 --> 03:58:33,359 is the regex library and on this Library 6002 03:58:33,359 --> 03:58:35,760 we are calling the search function what 6003 03:58:35,760 --> 03:58:38,040 this search function does is it takes a 6004 03:58:38,040 --> 03:58:40,140 pattern that we specify which is this 6005 03:58:40,140 --> 03:58:42,000 right here and to explain this pattern 6006 03:58:42,000 --> 03:58:44,100 you really need to know regex so if you 6007 03:58:44,100 --> 03:58:46,260 do know it that's great if you don't 6008 03:58:46,260 --> 03:58:48,720 know it well then I will leave some 6009 03:58:48,720 --> 03:58:50,520 resources in the description so you can 6010 03:58:50,520 --> 03:58:53,040 get more familiar with regex and its 6011 03:58:53,040 --> 03:58:55,920 patterns what basically this is is the 6012 03:58:55,920 --> 03:58:58,500 pattern which we are going to use in 6013 03:58:58,500 --> 03:59:00,960 order to try to get the usernames 6014 03:59:00,960 --> 03:59:03,120 the second parameter to this function is 6015 03:59:03,120 --> 03:59:06,420 the body and body simply means where are 6016 03:59:06,420 --> 03:59:07,979 we going to search for the username so 6017 03:59:07,979 --> 03:59:09,660 we're searching the usernames in body 6018 03:59:09,660 --> 03:59:11,939 and the last parameter which is ignore 6019 03:59:11,939 --> 03:59:13,500 case simply means that we don't care 6020 03:59:13,500 --> 03:59:15,600 about the uppercase and lowercase 6021 03:59:15,600 --> 03:59:17,520 letters okay 6022 03:59:17,520 --> 03:59:20,279 now this pattern right here this percent 6023 03:59:20,279 --> 03:59:22,560 as since that is the first thing will 6024 03:59:22,560 --> 03:59:25,260 get replaced with the login and keep in 6025 03:59:25,260 --> 03:59:27,660 mind the login is the iterable and it 6026 03:59:27,660 --> 03:59:30,720 will be each and every of these elements 6027 03:59:30,720 --> 03:59:32,880 so for this example let's take this 6028 03:59:32,880 --> 03:59:33,960 element 6029 03:59:33,960 --> 03:59:36,120 what we are looking for is something 6030 03:59:36,120 --> 03:59:40,140 like username equals and then something 6031 03:59:40,140 --> 03:59:41,580 right here 6032 03:59:41,580 --> 03:59:44,640 this pattern simply specifies something 6033 03:59:44,640 --> 03:59:47,279 like this if we find this inside of a 6034 03:59:47,279 --> 03:59:49,380 body that means that we successfully 6035 03:59:49,380 --> 03:59:51,479 found the username and we're going to 6036 03:59:51,479 --> 03:59:54,000 print this to the screen 6037 03:59:54,000 --> 03:59:57,060 okay so let's delete this 6038 03:59:57,060 --> 03:59:59,939 now that we got that out of the way 6039 03:59:59,939 --> 04:00:01,680 we now need to check whether there is 6040 04:00:01,680 --> 04:00:04,500 anything stored inside of this login 6041 04:00:04,500 --> 04:00:06,420 since if there is that means we found 6042 04:00:06,420 --> 04:00:11,520 the username so if login underscore re 6043 04:00:11,520 --> 04:00:14,040 then our user variable which we created 6044 04:00:14,040 --> 04:00:15,720 at the beginning of the program and set 6045 04:00:15,720 --> 04:00:18,479 the value of none to it is going to be 6046 04:00:18,479 --> 04:00:20,779 equal 6047 04:00:21,239 --> 04:00:25,080 to login underscore re dot group and 6048 04:00:25,080 --> 04:00:27,600 group are just the results that we got 6049 04:00:27,600 --> 04:00:30,359 from this function right here therefore 6050 04:00:30,359 --> 04:00:32,399 it will simply just store the username 6051 04:00:32,399 --> 04:00:34,260 inside of this variable 6052 04:00:34,260 --> 04:00:36,660 all right so the same thing we need to 6053 04:00:36,660 --> 04:00:39,180 perform for the passwords as well so 6054 04:00:39,180 --> 04:00:43,939 let's go right here for pass field 6055 04:00:43,939 --> 04:00:47,660 in pass fields 6056 04:00:48,600 --> 04:00:50,580 we're going to create an object once 6057 04:00:50,580 --> 04:00:53,699 again called pass underscore re and we 6058 04:00:53,699 --> 04:00:55,800 perform the exact same thing so I'm 6059 04:00:55,800 --> 04:00:58,939 going to copy this 6060 04:00:59,160 --> 04:01:01,439 so we don't have to type it twice and 6061 04:01:01,439 --> 04:01:04,439 paste it right here 6062 04:01:04,439 --> 04:01:06,720 well not there we don't want it there we 6063 04:01:06,720 --> 04:01:09,960 want it here okay good 6064 04:01:09,960 --> 04:01:12,479 now the pattern right here will remain 6065 04:01:12,479 --> 04:01:15,060 the same as for the usernames just in 6066 04:01:15,060 --> 04:01:16,800 our case what we are searching for is 6067 04:01:16,800 --> 04:01:20,399 something like this password equals and 6068 04:01:20,399 --> 04:01:23,100 then random password okay 6069 04:01:23,100 --> 04:01:26,100 so let's delete this and in order to 6070 04:01:26,100 --> 04:01:28,199 actually search for a password we need 6071 04:01:28,199 --> 04:01:30,060 to replace this login 6072 04:01:30,060 --> 04:01:32,040 with pass field 6073 04:01:32,040 --> 04:01:34,560 since we are iterating right now over 6074 04:01:34,560 --> 04:01:36,960 the second list which is the possible 6075 04:01:36,960 --> 04:01:40,020 names for the password field 6076 04:01:40,020 --> 04:01:41,220 okay 6077 04:01:41,220 --> 04:01:43,500 all of this will remain the same and now 6078 04:01:43,500 --> 04:01:45,899 we need to check whether we got this 6079 04:01:45,899 --> 04:01:48,739 so if 6080 04:01:48,779 --> 04:01:52,080 if pass underscore r e 6081 04:01:52,080 --> 04:01:54,300 then we are going to store in our pass 6082 04:01:54,300 --> 04:01:57,180 WD variable which is once again at the 6083 04:01:57,180 --> 04:01:59,160 beginning of this function and set to 6084 04:01:59,160 --> 04:02:00,420 none 6085 04:02:00,420 --> 04:02:02,279 we will store 6086 04:02:02,279 --> 04:02:06,720 as underscore re dot group 6087 04:02:06,720 --> 04:02:08,520 okay good 6088 04:02:08,520 --> 04:02:11,340 and now at the end 6089 04:02:11,340 --> 04:02:14,220 we need to return these two values so we 6090 04:02:14,220 --> 04:02:18,660 will specify if user and password 6091 04:02:18,660 --> 04:02:20,399 we will return 6092 04:02:20,399 --> 04:02:24,620 both username and password 6093 04:02:25,020 --> 04:02:28,140 all right so this is the entire get 6094 04:02:28,140 --> 04:02:30,720 login pass function and now we are ready 6095 04:02:30,720 --> 04:02:34,500 to go back to our packet parser function 6096 04:02:34,500 --> 04:02:36,720 now before we close this video I'm going 6097 04:02:36,720 --> 04:02:39,180 to just select the username comma 6098 04:02:39,180 --> 04:02:42,000 password to be equal to get login pass 6099 04:02:42,000 --> 04:02:44,939 with the body as a parameter since we 6100 04:02:44,939 --> 04:02:46,979 are returning the two values from this 6101 04:02:46,979 --> 04:02:48,120 function 6102 04:02:48,120 --> 04:02:49,920 therefore we need to set those two 6103 04:02:49,920 --> 04:02:52,560 values inside of these two values 6104 04:02:52,560 --> 04:02:54,840 user will be set inside of a username 6105 04:02:54,840 --> 04:02:57,300 and password will be set inside of a 6106 04:02:57,300 --> 04:02:59,340 password so in the next video we're 6107 04:02:59,340 --> 04:03:01,319 going to wrap up our program and we are 6108 04:03:01,319 --> 04:03:04,319 going to go for a first test of it all 6109 04:03:04,319 --> 04:03:06,060 right so thank you for watching this 6110 04:03:06,060 --> 04:03:08,220 tutorial and I will see you in the next 6111 04:03:08,220 --> 04:03:10,260 lecture bye 6112 04:03:10,260 --> 04:03:12,000 welcome back 6113 04:03:12,000 --> 04:03:14,460 so we've had quite a tough task in the 6114 04:03:14,460 --> 04:03:16,260 previous few videos but we managed to 6115 04:03:16,260 --> 04:03:19,260 get it all to work now it's time to wrap 6116 04:03:19,260 --> 04:03:21,239 up our program and run it for a first 6117 04:03:21,239 --> 04:03:22,319 test 6118 04:03:22,319 --> 04:03:24,660 so what we did for now is we returned 6119 04:03:24,660 --> 04:03:26,880 the username and password extracted it 6120 04:03:26,880 --> 04:03:29,040 from the body and stored it in these two 6121 04:03:29,040 --> 04:03:31,500 variables now what we need to do is we 6122 04:03:31,500 --> 04:03:33,840 need to print these two variables as a 6123 04:03:33,840 --> 04:03:37,739 result so right here after this we need 6124 04:03:37,739 --> 04:03:40,199 to check whether username and password 6125 04:03:40,199 --> 04:03:44,000 is not equal to none 6126 04:03:45,600 --> 04:03:49,260 oops seems like we cannot specify two of 6127 04:03:49,260 --> 04:03:50,819 these variables so we need to delete 6128 04:03:50,819 --> 04:03:54,840 this what we're going to do instead 6129 04:03:54,840 --> 04:03:56,819 is we are going to store this inside of 6130 04:03:56,819 --> 04:04:01,220 one variable let's call it like this 6131 04:04:06,060 --> 04:04:07,739 now the reason why we're storing it in 6132 04:04:07,739 --> 04:04:09,779 one variable is because we can use one 6133 04:04:09,779 --> 04:04:12,180 if statement later on even though we are 6134 04:04:12,180 --> 04:04:14,279 returning two values this will both be 6135 04:04:14,279 --> 04:04:17,520 stored inside of a user pass just as two 6136 04:04:17,520 --> 04:04:20,160 different elements all right so 6137 04:04:20,160 --> 04:04:23,760 after that we can check whether if user 6138 04:04:23,760 --> 04:04:27,479 underscore pass is not equal to none and 6139 04:04:27,479 --> 04:04:29,520 what this simply means since we set the 6140 04:04:29,520 --> 04:04:32,160 user and pass to be equal to none if we 6141 04:04:32,160 --> 04:04:33,960 don't manage to find any username and 6142 04:04:33,960 --> 04:04:36,060 password these two values will remain 6143 04:04:36,060 --> 04:04:38,640 none and they will be returned as none 6144 04:04:38,640 --> 04:04:40,979 at the end of the function therefore 6145 04:04:40,979 --> 04:04:43,020 right here we are checking if user and 6146 04:04:43,020 --> 04:04:45,000 password is not equal to none and we 6147 04:04:45,000 --> 04:04:46,800 specify that with this exclamation mark 6148 04:04:46,800 --> 04:04:48,720 and equal sign 6149 04:04:48,720 --> 04:04:51,199 then what we want to print 6150 04:04:51,199 --> 04:04:56,120 is parse dot unquote 6151 04:04:56,819 --> 04:04:58,800 and this is just a way for us to print 6152 04:04:58,800 --> 04:05:02,160 these two values so parse.unquote and we 6153 04:05:02,160 --> 04:05:04,380 will select the first element of the 6154 04:05:04,380 --> 04:05:06,859 user pass 6155 04:05:08,640 --> 04:05:10,859 and we need to select the second element 6156 04:05:10,859 --> 04:05:13,319 which would be the password as well so 6157 04:05:13,319 --> 04:05:16,680 parse dot unquote 6158 04:05:16,680 --> 04:05:20,040 user underscore pass 6159 04:05:20,040 --> 04:05:23,100 and the second element okay 6160 04:05:23,100 --> 04:05:25,739 so once again if these two values are 6161 04:05:25,739 --> 04:05:27,899 not equal to none we will print the 6162 04:05:27,899 --> 04:05:30,680 username and password 6163 04:05:30,720 --> 04:05:33,859 in any other case 6164 04:05:34,739 --> 04:05:37,140 and by in any other case I mean if we 6165 04:05:37,140 --> 04:05:39,140 encounter any other packet that doesn't 6166 04:05:39,140 --> 04:05:42,060 satisfy these three statements right 6167 04:05:42,060 --> 04:05:43,020 here 6168 04:05:43,020 --> 04:05:45,779 we're going to Simply pass and let that 6169 04:05:45,779 --> 04:05:48,060 packet go since it will probably not 6170 04:05:48,060 --> 04:05:51,540 store any username or any password 6171 04:05:51,540 --> 04:05:53,939 all right so this should be the entire 6172 04:05:53,939 --> 04:05:55,080 program 6173 04:05:55,080 --> 04:05:58,620 here it is let's see how it runs 6174 04:05:58,620 --> 04:06:01,080 if I open up the terminal 6175 04:06:01,080 --> 04:06:05,300 clear the screen and run it 6176 04:06:06,660 --> 04:06:09,359 you will see it did run successfully we 6177 04:06:09,359 --> 04:06:11,279 don't see anything right here nothing is 6178 04:06:11,279 --> 04:06:13,319 being printed so let's check out whether 6179 04:06:13,319 --> 04:06:15,779 we can get something to print right here 6180 04:06:15,779 --> 04:06:19,760 if we open up our Firefox 6181 04:06:20,160 --> 04:06:22,560 and I simply go to the 6182 04:06:22,560 --> 04:06:25,380 192.168.1.1 6183 04:06:25,380 --> 04:06:29,160 which is my router's login page and I go 6184 04:06:29,160 --> 04:06:32,580 for example type hello as a username and 6185 04:06:32,580 --> 04:06:36,620 world as a password and click on login 6186 04:06:36,779 --> 04:06:39,600 you will see right here we do get both 6187 04:06:39,600 --> 04:06:41,760 username and password now the password 6188 04:06:41,760 --> 04:06:44,040 is encrypted but that is because of my 6189 04:06:44,040 --> 04:06:46,739 router security therefore our program 6190 04:06:46,739 --> 04:06:48,899 successfully works 6191 04:06:48,899 --> 04:06:50,819 we do manage to get the username and 6192 04:06:50,819 --> 04:06:52,439 password now let's see on another 6193 04:06:52,439 --> 04:06:54,840 website as well let's go to our good old 6194 04:06:54,840 --> 04:06:58,199 test php.phoneweb.com 6195 04:07:03,000 --> 04:07:05,760 here if you go on the sign up we will 6196 04:07:05,760 --> 04:07:07,859 have a page where it will ask us for the 6197 04:07:07,859 --> 04:07:10,140 username and password so let's type the 6198 04:07:10,140 --> 04:07:12,000 username and password right here let's 6199 04:07:12,000 --> 04:07:16,260 go once again with hello and then world 6200 04:07:16,260 --> 04:07:18,000 click on login 6201 04:07:18,000 --> 04:07:22,140 and we get both hello and both World in 6202 04:07:22,140 --> 04:07:24,960 our terminal right here so our program 6203 04:07:24,960 --> 04:07:27,300 worked correctly 6204 04:07:27,300 --> 04:07:29,520 now in case you also want to get from 6205 04:07:29,520 --> 04:07:31,920 which website are these usernames and 6206 04:07:31,920 --> 04:07:33,479 passwords coming from which would be a 6207 04:07:33,479 --> 04:07:35,040 good idea 6208 04:07:35,040 --> 04:07:39,000 all you need to do is go down 6209 04:07:39,000 --> 04:07:42,300 in our packet parser function and if the 6210 04:07:42,300 --> 04:07:43,739 packet has these three statements 6211 04:07:43,739 --> 04:07:44,819 fulfilled 6212 04:07:44,819 --> 04:07:48,300 we also want to print packet 6213 04:07:48,300 --> 04:07:49,859 TCP 6214 04:07:49,859 --> 04:07:53,600 and then dot payload 6215 04:07:53,699 --> 04:07:56,640 all right so let's go and run it once 6216 04:07:56,640 --> 04:07:58,760 again 6217 04:07:59,100 --> 04:08:03,260 and go to Firefox and type 6218 04:08:04,439 --> 04:08:06,840 oh never mind we will be printing a 6219 04:08:06,840 --> 04:08:08,880 whole lot more packets than we need so 6220 04:08:08,880 --> 04:08:10,800 this actual statement 6221 04:08:10,800 --> 04:08:13,260 should go 6222 04:08:13,260 --> 04:08:14,880 here 6223 04:08:14,880 --> 04:08:17,819 and not here so we only want to print it 6224 04:08:17,819 --> 04:08:19,859 if the user and pass is not equal to 6225 04:08:19,859 --> 04:08:24,859 none so let's go once again and print it 6226 04:08:25,620 --> 04:08:27,479 now once we reload we are not getting 6227 04:08:27,479 --> 04:08:29,399 any random packets so let's type right 6228 04:08:29,399 --> 04:08:33,239 here admin and password will be password 6229 04:08:33,239 --> 04:08:36,420 click on OK we get the username to be 6230 04:08:36,420 --> 04:08:38,040 admin and the password to be password 6231 04:08:38,040 --> 04:08:41,279 and we also get the entire packet above 6232 04:08:41,279 --> 04:08:43,319 so now we can see 6233 04:08:43,319 --> 04:08:45,660 that the login is coming from this 6234 04:08:45,660 --> 04:08:47,340 website 6235 04:08:47,340 --> 04:08:49,140 we also see a bunch of other different 6236 04:08:49,140 --> 04:08:51,000 information which could be useful to us 6237 04:08:51,000 --> 04:08:52,979 but for now on we're only interested in 6238 04:08:52,979 --> 04:08:55,800 this host information and in these two 6239 04:08:55,800 --> 04:08:58,800 values which are username and password 6240 04:08:58,800 --> 04:09:00,239 all right 6241 04:09:00,239 --> 04:09:01,979 now that we are sure that our program 6242 04:09:01,979 --> 04:09:04,199 works and that we can sniff usernames 6243 04:09:04,199 --> 04:09:06,420 and passwords on different websites and 6244 04:09:06,420 --> 04:09:08,100 by the way keep in mind this will only 6245 04:09:08,100 --> 04:09:10,560 work on HTTP websites if you want to 6246 04:09:10,560 --> 04:09:12,420 sniff the information and passwords over 6247 04:09:12,420 --> 04:09:15,840 the https websites you will also need to 6248 04:09:15,840 --> 04:09:18,600 run a cell strip on the site 6249 04:09:18,600 --> 04:09:20,880 and that will only work for the S cell 6250 04:09:20,880 --> 04:09:22,680 connections and not for the TLs 6251 04:09:22,680 --> 04:09:25,260 encryption all right 6252 04:09:25,260 --> 04:09:26,340 but 6253 04:09:26,340 --> 04:09:28,680 let's put that on the side in the next 6254 04:09:28,680 --> 04:09:30,960 video we can combine it with our Arps 6255 04:09:30,960 --> 04:09:33,180 buffer and see how we can sniff the 6256 04:09:33,180 --> 04:09:35,100 usernames and passwords on a different 6257 04:09:35,100 --> 04:09:37,500 machine the same way we did right now in 6258 04:09:37,500 --> 04:09:39,840 Kali Linux just we're going to try to 6259 04:09:39,840 --> 04:09:41,699 sniff the usernames and passwords on 6260 04:09:41,699 --> 04:09:43,439 Windows 10 machine 6261 04:09:43,439 --> 04:09:45,300 so thank you for watching this lecture 6262 04:09:45,300 --> 04:09:49,020 and I will see you in the next video bye 6263 04:09:49,020 --> 04:09:51,600 welcome back and this is the first video 6264 04:09:51,600 --> 04:09:53,580 where we are going to test two of our 6265 04:09:53,580 --> 04:09:55,319 tools together 6266 04:09:55,319 --> 04:09:57,060 we're going to test our passwords to 6267 04:09:57,060 --> 04:09:59,340 infer that we coded in this project and 6268 04:09:59,340 --> 04:10:01,199 we're going to combine it with our Arps 6269 04:10:01,199 --> 04:10:02,880 buffer that we created in the previous 6270 04:10:02,880 --> 04:10:06,779 section so let's see how that will go 6271 04:10:06,779 --> 04:10:09,060 first what we need to do is open up our 6272 04:10:09,060 --> 04:10:11,760 terminal and I will go on to the actions 6273 04:10:11,760 --> 04:10:14,939 and split the terminal horizontally so 6274 04:10:14,939 --> 04:10:17,100 it will have two of these screens right 6275 04:10:17,100 --> 04:10:18,660 here 6276 04:10:18,660 --> 04:10:20,880 in the first screen I will navigate to 6277 04:10:20,880 --> 04:10:22,620 pycharm 6278 04:10:22,620 --> 04:10:24,180 and I will navigate to the password 6279 04:10:24,180 --> 04:10:26,880 sniffer project 6280 04:10:26,880 --> 04:10:29,279 and in the second screen I will navigate 6281 04:10:29,279 --> 04:10:31,739 once again to pycharm and to arp's 6282 04:10:31,739 --> 04:10:32,939 buffer project 6283 04:10:32,939 --> 04:10:34,319 all right 6284 04:10:34,319 --> 04:10:37,800 so if I type LS in the ARP spoofer 6285 04:10:37,800 --> 04:10:40,260 you will remember that our arp's buffer 6286 04:10:40,260 --> 04:10:42,359 code requires us to specify the target 6287 04:10:42,359 --> 04:10:44,880 IP address and the router's IP address 6288 04:10:44,880 --> 04:10:47,760 has two arguments to the command 6289 04:10:47,760 --> 04:10:50,279 so let's run the arbit hover right away 6290 04:10:50,279 --> 04:10:53,160 I will type python 3. 6291 04:10:53,160 --> 04:10:56,239 arp's buffer 6292 04:10:56,239 --> 04:10:59,100 192.168.1.1 and the IP address of my 6293 04:10:59,100 --> 04:11:03,540 Windows 10 machine is 192.168.1.2 6294 04:11:04,920 --> 04:11:08,100 run this and this will start working as 6295 04:11:08,100 --> 04:11:10,500 we can see it is not closing it is 6296 04:11:10,500 --> 04:11:13,439 sending two packets every two seconds 6297 04:11:13,439 --> 04:11:15,239 if you want to check whether it worked 6298 04:11:15,239 --> 04:11:18,000 we can simply just go to the CMD or the 6299 04:11:18,000 --> 04:11:20,520 command prompt in Windows and type ARP 6300 04:11:20,520 --> 04:11:23,699 Dash a and we will see that both of the 6301 04:11:23,699 --> 04:11:26,399 Cal Linux and router have the same Mac 6302 04:11:26,399 --> 04:11:28,620 address therefore our Arps proofing 6303 04:11:28,620 --> 04:11:29,760 worked 6304 04:11:29,760 --> 04:11:32,100 now let's see how this will help us to 6305 04:11:32,100 --> 04:11:33,899 actually sniff the password on Windows 6306 04:11:33,899 --> 04:11:34,979 10 machine 6307 04:11:34,979 --> 04:11:37,680 now if I go to my password slaver and I 6308 04:11:37,680 --> 04:11:40,199 simply just run it so python3 6309 04:11:40,199 --> 04:11:42,180 password sniffer 6310 04:11:42,180 --> 04:11:44,640 as we can see it seems to work correctly 6311 04:11:44,640 --> 04:11:48,060 all we are left to do right now is go on 6312 04:11:48,060 --> 04:11:50,340 Windows 10 to Google Chrome or any 6313 04:11:50,340 --> 04:11:52,920 search engine that you're using 6314 04:11:52,920 --> 04:11:55,560 wait for it to open up and once it opens 6315 04:11:55,560 --> 04:11:57,420 up let's first of all go to my router 6316 04:11:57,420 --> 04:11:58,920 right here 6317 04:11:58,920 --> 04:12:02,100 whoops it will not connect because you 6318 04:12:02,100 --> 04:12:04,680 remember we forgot one thing so let us 6319 04:12:04,680 --> 04:12:06,899 just close our apps buffer 6320 04:12:06,899 --> 04:12:09,660 for a second we actually have to forward 6321 04:12:09,660 --> 04:12:12,239 our packets first so let's do that with 6322 04:12:12,239 --> 04:12:14,580 the command echo1 6323 04:12:14,580 --> 04:12:16,920 two arrows to the right slash Brock 6324 04:12:16,920 --> 04:12:18,540 slash sys 6325 04:12:18,540 --> 04:12:21,540 slash net slash ipv4 6326 04:12:21,540 --> 04:12:25,739 and slash IP underscore forward once we 6327 04:12:25,739 --> 04:12:29,110 do that we can run our spofer once again 6328 04:12:29,110 --> 04:12:33,479 [Music] 6329 04:12:33,479 --> 04:12:35,939 okay so it is working let's go back to 6330 04:12:35,939 --> 04:12:38,279 our page and try to reload it here it is 6331 04:12:38,279 --> 04:12:41,580 and if we type some random username such 6332 04:12:41,580 --> 04:12:43,979 as for example admin and password to be 6333 04:12:43,979 --> 04:12:45,720 password 6334 04:12:45,720 --> 04:12:48,300 press on login and go back to our Cal 6335 04:12:48,300 --> 04:12:50,279 Linux machine we will get the full 6336 04:12:50,279 --> 04:12:52,439 packet printed out right here here is 6337 04:12:52,439 --> 04:12:54,420 the username and the password due to 6338 04:12:54,420 --> 04:12:56,520 security measures is actually set to be 6339 04:12:56,520 --> 04:12:58,680 encrypted and we can also see the actual 6340 04:12:58,680 --> 04:13:01,439 host or the website to which these two 6341 04:13:01,439 --> 04:13:03,840 Fields have been specified and in this 6342 04:13:03,840 --> 04:13:05,420 case it is 6343 04:13:05,420 --> 04:13:09,420 192.168.1.1 or our router now if we go 6344 04:13:09,420 --> 04:13:11,640 on to the different website which is 6345 04:13:11,640 --> 04:13:13,100 test 6346 04:13:13,100 --> 04:13:16,020 php.phoneweb.com and we go to the sign 6347 04:13:16,020 --> 04:13:18,840 up specify right here admin and then 6348 04:13:18,840 --> 04:13:20,760 password 6349 04:13:20,760 --> 04:13:23,520 click on login go back to our care Linux 6350 04:13:23,520 --> 04:13:26,160 machine we will also get that packet as 6351 04:13:26,160 --> 04:13:28,859 well okay so here it is username is 6352 04:13:28,859 --> 04:13:31,620 admin password is password in plain text 6353 04:13:31,620 --> 04:13:33,479 we can see it right here 6354 04:13:33,479 --> 04:13:36,239 and we can also see where are these 6355 04:13:36,239 --> 04:13:39,180 fields specified in our case they are 6356 04:13:39,180 --> 04:13:42,000 specified on this website right here 6357 04:13:42,000 --> 04:13:44,520 alright so our password safer works we 6358 04:13:44,520 --> 04:13:46,500 combined our two tools our password 6359 04:13:46,500 --> 04:13:48,779 sniffer and our arms buffer in order to 6360 04:13:48,779 --> 04:13:51,239 sniff the passwords from the HTTP 6361 04:13:51,239 --> 04:13:53,640 websites on the different machines on 6362 04:13:53,640 --> 04:13:56,340 our local network now if you want to do 6363 04:13:56,340 --> 04:13:58,680 this on multiple targets at once you can 6364 04:13:58,680 --> 04:14:00,779 either just upgrade our arf's buffer to 6365 04:14:00,779 --> 04:14:02,760 be able to spoof every machine on the 6366 04:14:02,760 --> 04:14:04,859 local area network or you can use a 6367 04:14:04,859 --> 04:14:07,260 different tool with combination with our 6368 04:14:07,260 --> 04:14:09,479 password sniffer so you can use a tool 6369 04:14:09,479 --> 04:14:12,600 called for example mitmf not really sure 6370 04:14:12,600 --> 04:14:15,120 if it is installed right here yeah you 6371 04:14:15,120 --> 04:14:18,060 can also use the mitm proxy but I would 6372 04:14:18,060 --> 04:14:20,520 advise you to go into the Firefox 6373 04:14:20,520 --> 04:14:22,620 if you want to use the real man in the 6374 04:14:22,620 --> 04:14:25,199 middle and ARP spoofing tool that comes 6375 04:14:25,199 --> 04:14:27,000 with bunch of different options that 6376 04:14:27,000 --> 04:14:28,800 will help you fully execute your attack 6377 04:14:28,800 --> 04:14:31,620 you simply just go and download a tool 6378 04:14:31,620 --> 04:14:34,680 called mitmf 6379 04:14:34,680 --> 04:14:36,120 you would simply just click on this 6380 04:14:36,120 --> 04:14:38,600 first link 6381 04:14:41,340 --> 04:14:44,100 go all the way down you would clone this 6382 04:14:44,100 --> 04:14:46,680 page with Git clone then you can go to 6383 04:14:46,680 --> 04:14:49,620 the installation instructions right here 6384 04:14:49,620 --> 04:14:51,840 and follow these instructions in these 6385 04:14:51,840 --> 04:14:54,180 commands in order to install mitmf 6386 04:14:54,180 --> 04:14:56,340 properly once you do that you can simply 6387 04:14:56,340 --> 04:14:58,020 just use the tool to perform ARP 6388 04:14:58,020 --> 04:15:00,600 spoofing and use our password sniffer in 6389 04:15:00,600 --> 04:15:02,699 order to sniff passwords on every 6390 04:15:02,699 --> 04:15:04,739 machine on local area network 6391 04:15:04,739 --> 04:15:07,140 okay so that would be about it for this 6392 04:15:07,140 --> 04:15:09,300 section we successfully saw how we can 6393 04:15:09,300 --> 04:15:11,399 combine these two tools and in the next 6394 04:15:11,399 --> 04:15:13,319 project we're also going to see another 6395 04:15:13,319 --> 04:15:15,300 tool that we will create that you can 6396 04:15:15,300 --> 04:15:17,220 either combine with our spoofer if you 6397 04:15:17,220 --> 04:15:19,560 like or you can simply just use it on 6398 04:15:19,560 --> 04:15:21,779 your own with another tool perhaps such 6399 04:15:21,779 --> 04:15:25,020 as mitmf or with the any other tool that 6400 04:15:25,020 --> 04:15:27,660 performs man in the middle attack as 6401 04:15:27,660 --> 04:15:30,120 well okay so thank you for watching this 6402 04:15:30,120 --> 04:15:32,160 section and I will see you in the next 6403 04:15:32,160 --> 04:15:35,460 project bye 448647