Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,440 --> 00:00:04,970 Next attack is that we can talk about this. 2 00:00:05,160 --> 00:00:09,820 It's a very famous exploit in most of the Android device. 3 00:00:10,350 --> 00:00:19,100 It's a the ability to call this thread stage fright and stage fright was found in 2015. 4 00:00:19,530 --> 00:00:26,560 In a lot of devices and we're going to see how to exploit this vulnerability and to gain access to the 5 00:00:26,560 --> 00:00:27,820 device as well. 6 00:00:28,290 --> 00:00:38,520 But the objective of this lecture and the other lectures it's not just to follow the steps or to execute 7 00:00:38,520 --> 00:00:41,970 some vulnerability and some exploit it. 8 00:00:42,210 --> 00:00:49,730 It's more into to know how to search for a weakness and then know how to get advantage and compromise 9 00:00:49,780 --> 00:00:51,820 device using this weakness. 10 00:00:51,840 --> 00:00:59,870 So we did some search we know that there is a vulnerability called Stage fright and then we the image 11 00:00:59,870 --> 00:01:05,170 or framework which is a meta Sprite to get access to the device. 12 00:01:05,190 --> 00:01:07,530 So let's see how to do this. 13 00:01:08,070 --> 00:01:17,980 I already have my device on the recall and in we'll go to 14 00:01:22,120 --> 00:01:24,850 we'll go to our Kelly Linux machine 15 00:01:28,690 --> 00:01:29,320 and 16 00:01:32,440 --> 00:01:45,660 we're going to open a terminal and open MSF concern so it opens a terminal and type m s f concern and 17 00:01:45,660 --> 00:01:47,150 wait until it's done. 18 00:01:47,220 --> 00:01:56,130 Now I believe by now you start becoming familiar with meter's plate split a free framework because you 19 00:01:56,130 --> 00:01:59,070 know that there is a free one and a paid one still. 20 00:01:59,120 --> 00:02:00,870 Now we don't need to pay anything. 21 00:02:01,080 --> 00:02:04,010 You can utilize the free it's an excellent tool. 22 00:02:04,470 --> 00:02:14,190 And we're going to search once it's START we're going to search for stage fright. 23 00:02:15,090 --> 00:02:23,430 And I have to say that stagefright allow you to do different kinds of attack including creating an MP 24 00:02:23,670 --> 00:02:31,660 five that if the user opens fire and you'll get access to his device. 25 00:02:31,890 --> 00:02:40,110 But we will not be using this part because this stage fright that allows you to create an MP for it's 26 00:02:40,110 --> 00:02:44,510 a very exhausting process you need to download the file and change your site code and so on. 27 00:02:44,640 --> 00:02:48,420 I'm going to show you how to use this exploit in a very easy way. 28 00:02:48,450 --> 00:02:50,310 So we already found one. 29 00:02:50,550 --> 00:02:58,850 So we're going to type Pew's and I'm going to put the pass for this one use exploit Android browser. 30 00:02:58,960 --> 00:03:17,010 This is the end of it copy and in the east then we're going to type show option to see what option is 31 00:03:17,010 --> 00:03:22,260 needed to execute this exploit. 32 00:03:22,260 --> 00:03:28,630 So show option and as you can see I just need to change one value which is the r s or. 33 00:03:28,860 --> 00:03:34,140 It should be a local IP from whereas the victim would be connected and you pass which is the access 34 00:03:34,170 --> 00:03:45,960 you are I-PASS what access you can have for this device some type set as are the host. 35 00:03:45,960 --> 00:03:53,660 And we're going to put our IP Zakarian next machine IP on 9:26 it upon 1 0 3. 36 00:03:54,000 --> 00:04:00,370 I'm going to keep the port the same way it is and then I'm going to type set. 37 00:04:01,420 --> 00:04:01,810 Sorry 38 00:04:08,220 --> 00:04:08,970 set 39 00:04:13,140 --> 00:04:16,040 you are on the bus. 40 00:04:22,150 --> 00:04:27,950 And you put this the road sign and that's it. 41 00:04:28,330 --> 00:04:29,950 And we type exploit 42 00:04:34,220 --> 00:04:37,830 going to start the handler to wait for the connection. 43 00:04:38,050 --> 00:04:42,080 And what you need to do you need to send the victims this IP. 44 00:04:42,130 --> 00:04:46,300 Now let's send it through an email and open it and see what will happen. 45 00:04:46,530 --> 00:04:48,530 So I'm going to copy that. 46 00:04:48,790 --> 00:04:57,350 And let me open the browser. 47 00:04:59,210 --> 00:05:06,670 We're going to see that you don't have to send it the same way it is right that you can change it using 48 00:05:06,730 --> 00:05:11,020 those Web sites that change this IP to a short in your brain. 49 00:05:11,260 --> 00:05:16,690 So you don't have to worry about you know how I'm going to send him the link because this requires some 50 00:05:16,690 --> 00:05:21,690 social engineering and some website and some tools so it shouldn't be an issue. 51 00:05:21,760 --> 00:05:24,320 Right now I want us to focus on that tech. 52 00:05:24,400 --> 00:05:28,190 And as I keep saying later on you're going to know how to use this set. 53 00:05:28,780 --> 00:05:36,030 But now we are proofing the concept so let me open my main and click on send. 54 00:05:38,710 --> 00:05:39,790 And 55 00:05:42,670 --> 00:05:43,960 let's see. 56 00:05:43,990 --> 00:05:47,400 Please check. 57 00:05:47,410 --> 00:05:50,380 You can do that by sending an S M S or 58 00:05:55,580 --> 00:06:04,670 an email and later during the course when you take some tools and some application that allows you to 59 00:06:06,800 --> 00:06:17,540 spoof Decimus and then go right to my e-mail here that this thing is that I'm trying I am often 60 00:06:28,710 --> 00:06:29,140 and 61 00:06:33,360 --> 00:06:40,420 now getting back to our mobile phone before opening this file or this link. 62 00:06:40,710 --> 00:06:48,320 We're going to check here is status of the. 63 00:06:48,360 --> 00:06:50,610 Nothing is working. 64 00:06:50,640 --> 00:06:51,570 So let me 65 00:06:54,280 --> 00:06:58,560 also go to 66 00:07:01,040 --> 00:07:04,480 here and let's 67 00:07:08,260 --> 00:07:12,190 open my e-mail and refresh 68 00:07:15,410 --> 00:07:17,490 and we can open the e-mail here. 69 00:07:20,210 --> 00:07:24,310 And assumes that I did click on the link. 70 00:07:24,950 --> 00:07:30,570 So let's see what will happen on our machine. 71 00:07:30,590 --> 00:07:40,050 As you can see the open emitter perturbation is actually more on that too is a victim machine. 72 00:07:40,070 --> 00:07:42,920 And if we type on Sishen 73 00:07:45,280 --> 00:07:49,750 minus I believe the stations 74 00:07:53,560 --> 00:07:54,200 really go. 75 00:07:54,300 --> 00:07:59,590 You have to station you can log to any one of source and you have full access on that device. 76 00:07:59,610 --> 00:08:01,470 This is how easy it is. 77 00:08:01,470 --> 00:08:07,470 The effort will be how to convince someone to click on the link and this is actually it's quite easy 78 00:08:07,920 --> 00:08:15,780 because the tools that exist right now will allow you to fake an email or fake an SS or fake immobile 79 00:08:15,780 --> 00:08:18,930 call so it's quite easy to do that. 80 00:08:18,960 --> 00:08:23,300 So most of the Android devices are affected with this vulnerability. 81 00:08:23,430 --> 00:08:30,150 Next election we're going to take some different framework and we're going to see how to compromise 82 00:08:30,150 --> 00:08:33,150 it using this force later on during this course. 83 00:08:33,150 --> 00:08:43,590 I'm going to show you some our how to tune this is zorse attack and how to use them remotely how to 84 00:08:43,590 --> 00:08:49,590 compromise systems that does not exist on the same network and zantac will still the same except we 85 00:08:49,590 --> 00:08:53,640 need to change some network settings specially inside the router. 86 00:08:53,730 --> 00:08:55,310 So we're going to see that later on. 8220