Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,790 --> 00:00:07,990 Previously we learned what AARP spoofing is and how to use it to intercept connections and our network 2 00:00:08,110 --> 00:00:11,770 using a tool called AARP spoof. 3 00:00:11,800 --> 00:00:19,360 I covered this tool because it is simple reliable and available for a number of operating systems. 4 00:00:19,360 --> 00:00:25,480 Therefore learning how to use this tool can be useful in so many scenarios. 5 00:00:25,480 --> 00:00:32,020 However and this lecture and and the next lectures we're going to be using a tool called better cap 6 00:00:33,240 --> 00:00:42,430 Buttercup can be used to do exactly what we did with AARP spoof so we can use it to run an AARP spoofing 7 00:00:42,430 --> 00:00:50,110 attack to intercept connections and it can be used to do so much more so we can use it to capture data 8 00:00:50,140 --> 00:00:57,280 and analyze it and see usernames and passwords we can use it to bypass hash TTP s and potentially bypass 9 00:00:57,340 --> 00:01:06,110 H S T S we can use it to do DNS spoofing inject code into loaded pages and so much more. 10 00:01:06,160 --> 00:01:12,190 For now though I'm gonna show you how to install the tool and give you a quick overview on how to use 11 00:01:12,190 --> 00:01:20,290 it and we'll go over all of that and the next lectures so I'm gonna go to my Kelly machine here and 12 00:01:20,290 --> 00:01:25,660 to run Buttercup all I have to do now is just type its name Buttercup. 13 00:01:25,850 --> 00:01:31,900 Now as usual if you want to get more information on this command and how to use it you can do dash dash 14 00:01:31,900 --> 00:01:32,830 help. 15 00:01:33,050 --> 00:01:39,400 And this will give you complete help menu but you don't really need to worry about this now because 16 00:01:39,580 --> 00:01:46,140 we will be using the tool a lot throughout the course and you will learn a lot as you use it. 17 00:01:46,240 --> 00:01:50,910 So I'm going to clear the screen again and to run the tool now. 18 00:01:50,960 --> 00:01:59,180 I'm going to type better cap the name of the tool followed by Dash a face to specify the interface that 19 00:01:59,180 --> 00:02:04,240 is connected to the network that I want to run the attacks against. 20 00:02:04,280 --> 00:02:12,360 And as you know to get my interface we can just do if config and I'm gonna be running this against my 21 00:02:12,360 --> 00:02:16,210 not network which is 88 0 is connected to. 22 00:02:16,290 --> 00:02:20,390 So I'm gonna set my interface to 88 0. 23 00:02:20,580 --> 00:02:28,150 I'm going to close this and I'm going to hit enter to run the tool and as you can see now we're inside 24 00:02:28,150 --> 00:02:29,050 the tool. 25 00:02:29,050 --> 00:02:37,490 We have a different prompt now in which we can use the commands of Buttercup now as you can see here. 26 00:02:37,520 --> 00:02:43,250 It's telling us that we can type help to get a list of all of the commands that we can use with better 27 00:02:43,250 --> 00:02:50,520 Cup and since we don't know how to use it I'm actually going to type help on perfect as you can see 28 00:02:50,580 --> 00:02:54,660 we get a full list of all of the commands that we can use. 29 00:02:54,720 --> 00:02:58,260 Again we're going to use it with you now as we go through the course. 30 00:02:58,380 --> 00:03:02,810 So he can have a quick look on them but don't worry too much about them. 31 00:03:03,000 --> 00:03:07,560 What's really important and you need to pay attention to right now is the modules. 32 00:03:08,670 --> 00:03:15,420 So these are all of the modules that we can use or all of the things that we can get better cab to do. 33 00:03:15,420 --> 00:03:21,300 And as you can see right now none of them is working except for the events stream which is basically 34 00:03:21,300 --> 00:03:26,880 the module that runs in the background to handle all the events. 35 00:03:26,910 --> 00:03:34,050 Now you can type help followed by the name of any module you want. 36 00:03:34,050 --> 00:03:40,210 And this will show you a help menu that shows you how to use this specific module. 37 00:03:40,380 --> 00:03:46,980 For example I want to show you in this lecture the net dot probe and the net dot recon modules. 38 00:03:47,640 --> 00:03:52,920 So since I don't know how to use them I've typed help and I'm going to follow it by the name of the 39 00:03:52,920 --> 00:04:00,870 module which is net dot pro I'm going to hit enter and as you can see you'll get a description of what 40 00:04:00,870 --> 00:04:02,850 this module does. 41 00:04:02,850 --> 00:04:10,530 So basically it keeps sending UDP packets to discover devices on the same network and we can do a net 42 00:04:10,620 --> 00:04:17,850 probe on to turn on the module and net that probe off to turn it off. 43 00:04:17,850 --> 00:04:22,560 You can also see all the options that you can modify for this module. 44 00:04:22,560 --> 00:04:27,420 And I'm going to talk about options and how to modify them in the next lecture. 45 00:04:27,420 --> 00:04:34,620 So for now I'm going to keep all these two the default option and I'm just going to do net dot probe 46 00:04:35,160 --> 00:04:38,440 on to turn it on. 47 00:04:38,570 --> 00:04:44,810 And as you can see this will automatically start discovering clients connected to the same network. 48 00:04:45,530 --> 00:04:52,200 So the 10 0 2 7 right here is actually my windows target machine. 49 00:04:52,310 --> 00:04:59,570 So if I go to the target Windows machine right here and do IP config you'll see its I.P. address is 50 00:04:59,570 --> 00:05:00,890 10 0 2 7. 51 00:05:01,760 --> 00:05:07,310 So this is just another way of discovering connected clients quickly using better cup. 52 00:05:07,560 --> 00:05:15,680 And what you didn't notice right now is when we started the net dot pro it automatically started the 53 00:05:15,680 --> 00:05:18,740 net dot recon to confirm this. 54 00:05:18,740 --> 00:05:25,310 So if we go up right here you can see the only module that was running is the events dot stream. 55 00:05:25,310 --> 00:05:34,170 And now if I do help you'll see I actually have two modules running the net dot probe which we just 56 00:05:34,170 --> 00:05:36,270 so and we turned on manually. 57 00:05:36,480 --> 00:05:43,380 And the net dot three con which got turned on automatically by better cap. 58 00:05:43,590 --> 00:05:50,700 The reason for this is because the net dot probe sends probe requests to all possible eyepiece. 59 00:05:50,880 --> 00:05:58,710 And then if we get a response the net the three con will be the one detecting this response by monitoring 60 00:05:58,710 --> 00:06:08,670 my AARP cache and then adding all of these IP is in a nice list so we can target them so now because 61 00:06:08,670 --> 00:06:16,500 the net the three corners is actually running we can do net the show to see all of the connected clients. 62 00:06:16,500 --> 00:06:22,710 And as you can see we get a nice list of all of the connected clients we can see their IP is we can 63 00:06:22,710 --> 00:06:29,820 see the corresponding mac addresses for these clients and it can also show you information right here 64 00:06:30,060 --> 00:06:32,200 about each one of these APIs. 65 00:06:32,610 --> 00:06:37,710 For example it's telling us that this IP right here is the IP for 88 0. 66 00:06:37,740 --> 00:06:44,690 So this is the IP of this computer it's also telling us that this IP right here is the gateway. 67 00:06:44,690 --> 00:06:53,090 This is the IP of the router and you can also see at the vendor in here it's attempting to discover 68 00:06:53,300 --> 00:06:57,640 the manufacturer of the hardware used in each of these clients. 69 00:06:57,650 --> 00:07:04,140 So as you can see for the Gateway it thinks that it uses a real tech chipset. 70 00:07:04,260 --> 00:07:08,820 Now you can also see here the standard 0 0 2 7 device. 71 00:07:08,880 --> 00:07:10,560 Like I said this is my target. 72 00:07:10,560 --> 00:07:14,780 Windows device right here. 73 00:07:15,060 --> 00:07:16,470 So that's it for this lecture. 74 00:07:16,470 --> 00:07:22,890 I just wanted to give you a quick overview on how to get help about a specific module how to run a specific 75 00:07:22,890 --> 00:07:26,330 module and analyze the results that it returns. 76 00:07:26,550 --> 00:07:32,850 And in the next lecture I'm going to show you how we can run and ERP spoofing attack using Buttercup 77 00:07:33,060 --> 00:07:40,350 to intercept the data and read usernames and passwords that flow through the network once we become 78 00:07:40,350 --> 00:07:41,390 the man in the middle. 79 00:07:41,400 --> 00:07:43,140 Once we intercept the connection. 9086